feat: import mealie

hugginsio · Nov 27, 2024 · a0e662a · a0e662a
1 parent 80145f4
commit a0e662a
Show file tree

Hide file tree

Showing 7 changed files with 230 additions and 0 deletions.
diff --git a/kubernetes/hyperlab/namespaces/default/kustomization.yaml b/kubernetes/hyperlab/namespaces/default/kustomization.yaml
@@ -6,3 +6,4 @@ resources:
   ###
   - "./homepage/ks.yaml"
   - "./actual-budget/ks.yaml"
+  - "./mealie/ks.yaml"
diff --git a/kubernetes/hyperlab/namespaces/default/mealie/app/helmrelease.yaml b/kubernetes/hyperlab/namespaces/default/mealie/app/helmrelease.yaml
@@ -0,0 +1,110 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.4.0/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &name mealie
+  namespace: default
+spec:
+  interval: 10m
+  releaseName: *name
+  chart:
+    spec:
+      chart: app-template
+      version: 3.4.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: &retries 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: *retries
+  dependsOn:
+    - name: longhorn
+      namespace: "longhorn-system"
+  values:
+    defaultPodOptions:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: OnRootMismatch
+        runAsGroup: 65534
+        runAsNonRoot: true
+        runAsUser: 65534
+    controllers:
+      mealie:
+        enabled: true
+        type: deployment
+        replicas: 1
+        strategy: Recreate
+        containers:
+          app:
+            image:
+              repository: "ghcr.io/mealie-recipes/mealie"
+              tag: "v2.2.0"
+            resources:
+              requests:
+                cpu: 200m
+                memory: 512Mi
+              limits:
+                memory: 512Mi
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+              readOnlyRootFilesystem: true
+            env:
+              ALLOW_SIGNUP: "false"
+              BASE_URL: "https://{{ .Release.Name }}.${DOMAIN_PRIVATE}"
+              DB_ENGINE: postgres
+              OIDC_ADMIN_GROUP: "mealie-admins"
+              OIDC_AUTH_ENABLED: "true"
+              OIDC_AUTO_REDIRECT: "true"
+              OIDC_CLIENT_ID: "ov4JuGCDj04FLVtxlt8supn58NXBLCaOGxqZGdUd"
+              OIDC_CONFIGURATION_URL: "https://id.${DOMAIN_PRIVATE}/application/o/mealie/.well-known/openid-configuration"
+              OIDC_PROVIDER_NAME: "Huggins Cloud"
+              OIDC_REMEMBER_ME: true
+              OIDC_USER_GROUP: "mealie-users"
+              PGID: 65534
+              PUID: 65534
+              TZ: "America/Chicago"
+            envFrom:
+              - secretRef:
+                  name: mealie-postgres
+              - secretRef:
+                  name: mealie-misc
+    service:
+      app:
+        controller: mealie
+        ports:
+          http:
+            port: 9000
+    ingress:
+      app:
+        annotations:
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/description: "Recipe management for the modern household."
+          gethomepage.dev/group: Applications
+          gethomepage.dev/icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/mealie.svg"
+          gethomepage.dev/name: "Mealie"
+          gethomepage.dev/pod-selector: ""
+        hosts:
+          - host: &host "{{ .Release.Name }}.${DOMAIN_PRIVATE}"
+            paths:
+              - path: "/"
+                pathType: Prefix
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      data:
+        existingClaim: "mealie-data"
+        globalMounts:
+          - path: "/app/data"
diff --git a/kubernetes/hyperlab/namespaces/default/mealie/app/kustomization.yaml b/kubernetes/hyperlab/namespaces/default/mealie/app/kustomization.yaml
@@ -0,0 +1,6 @@
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - "./helmrelease.yaml"
diff --git a/kubernetes/hyperlab/namespaces/default/mealie/ks.yaml b/kubernetes/hyperlab/namespaces/default/mealie/ks.yaml
@@ -0,0 +1,43 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mealie-resources
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/hyperlab/namespaces/default/mealie/resources
+  prune: true
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  interval: 10m
+  retryInterval: 1m
+  timeout: 5m
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app mealie
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/hyperlab/namespaces/default/mealie/app
+  prune: true
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  interval: 10m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/kubernetes/hyperlab/namespaces/default/mealie/resources/externalsecret.yaml b/kubernetes/hyperlab/namespaces/default/mealie/resources/externalsecret.yaml
@@ -0,0 +1,49 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name mealie-postgres
+  namespace: default
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: database-secrets
+  target:
+    name: *name
+  data:
+    - secretKey: POSTGRES_SERVER
+      remoteRef:
+        key: &ppa postgres-pguser-mealie
+        property: host
+    - secretKey: POSTGRES_DB
+      remoteRef:
+        key: *ppa
+        property: dbname
+    - secretKey: POSTGRES_USER
+      remoteRef:
+        key: *ppa
+        property: user
+    - secretKey: POSTGRES_PORT
+      remoteRef:
+        key: *ppa
+        property: port
+    - secretKey: POSTGRES_PASSWORD
+      remoteRef:
+        key: *ppa
+        property: password
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name mealie-misc
+  namespace: default
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: &source bitwarden-secrets
+  target:
+    name: *name
+  data:
+    - secretKey: OIDC_CLIENT_SECRET
+      remoteRef:
+        key: *source
+        property: f625cc42-8350-44d8-ac30-b23500336eed
diff --git a/kubernetes/hyperlab/namespaces/default/mealie/resources/kustomization.yaml b/kubernetes/hyperlab/namespaces/default/mealie/resources/kustomization.yaml
@@ -0,0 +1,7 @@
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - "./externalsecret.yaml"
+  - "./pvc.yaml"
diff --git a/kubernetes/hyperlab/namespaces/default/mealie/resources/pvc.yaml b/kubernetes/hyperlab/namespaces/default/mealie/resources/pvc.yaml
@@ -0,0 +1,14 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/refs/heads/master/master/persistentvolumeclaim.json
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mealie-data
+  namespace: default
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi