From 4328a426952d0e05e4e534d6fc6b600a65c2c8da Mon Sep 17 00:00:00 2001 From: Sebastian Mark Date: Sat, 29 Jul 2023 15:37:44 +0200 Subject: [PATCH] Genesis --- README.md | 8 +++ manifests/ara-server+cronjob.yml | 105 +++++++++++++++++++++++++++++++ manifests/c19d.yml | 23 +++++++ 3 files changed, 136 insertions(+) create mode 100644 README.md create mode 100644 manifests/ara-server+cronjob.yml create mode 100644 manifests/c19d.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..30c5f2f --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# Cluster Deployments + +* [ara-server](https://ara.recordsansible.org/) +* [c19d](https://gitlab.com/smsvc/c19d/) + +## Installation + +see [argocd-init.yaml in k8s/baseline](https://git.smsvc.net/k8s/baseline/src/branch/main/argocd-init.yml) diff --git a/manifests/ara-server+cronjob.yml b/manifests/ara-server+cronjob.yml new file mode 100644 index 0000000..26b2b0e --- /dev/null +++ b/manifests/ara-server+cronjob.yml @@ -0,0 +1,105 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ara-server + namespace: argocd +spec: + project: default + source: + repoURL: https://lib42.github.io/charts + targetRevision: "0.3.*" + chart: ara + helm: + values: | + ingress: + enabled: true + hosts: + - ara.k8s.smsvc.net + persistentVolumes: + enabled: true + size: 128Mi + storageClassName: local-path + destination: + server: 'https://kubernetes.default.svc' + namespace: ara + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 5m + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cronjob-serviceaccount + namespace: ara +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ingress-patch-role + namespace: ara +rules: + - apiGroups: ["", "extensions", "networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ingress-patch-rolebinding + namespace: ara +subjects: + - kind: ServiceAccount + name: cronjob-serviceaccount + namespace: ara +roleRef: + kind: Role + name: ingress-patch-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: update-ingress-whitelist + namespace: ara +spec: + schedule: '@hourly' + concurrencyPolicy: Forbid + jobTemplate: + spec: + template: + spec: + serviceAccountName: cronjob-serviceaccount + restartPolicy: Never + containers: + - name: update-ingress-whitelist + image: portainer/kubectl-shell + command: + - /bin/bash + - -c + - | + date + DOMAIN=smark.ddns.net + while true; do + IP=$(nslookup $DOMAIN | grep -A1 $DOMAIN | awk 'END {print $NF}') + [[ -n "$IP" ]] && break + sleep 10 + done + set -x + kubectl -n ara patch ingress ara-ara-server-ingress --type='json' --patch='[ + { + "op": "replace", + "path": "/metadata/annotations/nginx.ingress.kubernetes.io~1whitelist-source-range", + "value":"'$IP'" + } + ]' diff --git a/manifests/c19d.yml b/manifests/c19d.yml new file mode 100644 index 0000000..3641c33 --- /dev/null +++ b/manifests/c19d.yml @@ -0,0 +1,23 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: c19d + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://gitlab.com/smsvc/c19d/covid19data-infrastructure.git + targetRevision: HEAD + path: k8s-manifests + destination: + server: https://kubernetes.default.svc + namespace: c19d + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true