From 3f0a9e989d0bcf2ca15cd89854adc6f2a8935eab Mon Sep 17 00:00:00 2001 From: Jess Date: Sat, 11 Jan 2025 12:40:01 +1300 Subject: [PATCH] k8s: init attic api instances --- k8s/attic/attic.yaml | 18 ++++++++++ k8s/attic/namespace.yaml | 4 +++ k8s/attic/resources/config.yaml | 22 +++++++++++++ k8s/attic/resources/deployment.yaml | 51 +++++++++++++++++++++++++++++ k8s/attic/resources/ingress.yaml | 24 ++++++++++++++ k8s/attic/resources/service.yaml | 13 ++++++++ nixos/ari/argocd/app.nix | 1 - nixos/ari/kubernetes.nix | 1 + nixos/ari/system.nix | 22 +++++++++++++ 9 files changed, 155 insertions(+), 1 deletion(-) create mode 100644 k8s/attic/attic.yaml create mode 100644 k8s/attic/namespace.yaml create mode 100644 k8s/attic/resources/config.yaml create mode 100644 k8s/attic/resources/deployment.yaml create mode 100644 k8s/attic/resources/ingress.yaml create mode 100644 k8s/attic/resources/service.yaml diff --git a/k8s/attic/attic.yaml b/k8s/attic/attic.yaml new file mode 100644 index 0000000..d63acda --- /dev/null +++ b/k8s/attic/attic.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: attic + namespace: apps +spec: + project: apps + source: + repoURL: "https://github.com/ttrssreal/jix" + path: "k8s/attic/resources" + destination: + server: "https://kubernetes.default.svc" + namespace: attic + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false diff --git a/k8s/attic/namespace.yaml b/k8s/attic/namespace.yaml new file mode 100644 index 0000000..5369f0b --- /dev/null +++ b/k8s/attic/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: attic diff --git a/k8s/attic/resources/config.yaml b/k8s/attic/resources/config.yaml new file mode 100644 index 0000000..89c98db --- /dev/null +++ b/k8s/attic/resources/config.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: attic-config +data: + atticd.yaml: | + listen = "[::]:8080" + + [chunking] + avg-size = 65536 + max-size = 262144 + min-size = 16384 + nar-size-threshold = 65536 + + [database] + url = "postgresql://attic@ari/attic" + + [storage] + bucket = "nix-cache-b5eea907c395" + endpoint = "https://nix-cache-b5eea907c395.s3.us-west-002.backblazeb2.com" + region = "us-west-002" + type = "s3" diff --git a/k8s/attic/resources/deployment.yaml b/k8s/attic/resources/deployment.yaml new file mode 100644 index 0000000..da873f4 --- /dev/null +++ b/k8s/attic/resources/deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: attic-api + namespace: attic +spec: + replicas: 2 + selector: + matchLabels: + app: attic-api + template: + metadata: + labels: + app: attic-api + spec: + containers: + - name: attic-api + image: ghcr.io/zhaofengli/attic:b8c5ab4518f776624fee261385abb98348cd26cf + args: ["--mode", "api-server", "-f", "/etc/attic/atticd.yaml"] + env: + - name: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64 + valueFrom: + secretKeyRef: + # FIXME: part of declarative secret management + name: attic-creds + key: token + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + # FIXME: part of declarative secret management + name: attic-creds + key: key-id + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + # FIXME: part of declarative secret management + name: attic-creds + key: secret-key + volumeMounts: + - name: config + mountPath: "/etc/attic" + readOnly: true + ports: + - containerPort: 8080 + volumes: + - name: config + configMap: + name: attic-config + items: + - key: "atticd.yaml" + path: "atticd.yaml" diff --git a/k8s/attic/resources/ingress.yaml b/k8s/attic/resources/ingress.yaml new file mode 100644 index 0000000..f9c0678 --- /dev/null +++ b/k8s/attic/resources/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: attic-api + namespace: attic + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production +spec: + ingressClassName: nginx + rules: + - host: cache.jessie.cafe + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: attic-api + port: + name: http + tls: + - hosts: + - cache.jessie.cafe + secretName: attic-api-cert diff --git a/k8s/attic/resources/service.yaml b/k8s/attic/resources/service.yaml new file mode 100644 index 0000000..4ff960c --- /dev/null +++ b/k8s/attic/resources/service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: attic-api + namespace: attic +spec: + selector: + app: attic-api + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 8080 diff --git a/nixos/ari/argocd/app.nix b/nixos/ari/argocd/app.nix index d412211..3418f34 100644 --- a/nixos/ari/argocd/app.nix +++ b/nixos/ari/argocd/app.nix @@ -111,7 +111,6 @@ in inherit (config.jix.argocd) targetRevision; repoURL = "https://github.com/ttrssreal/jix"; inherit path; - directory.recurse = true; }) config.jix.argocd.sources; destination = { diff --git a/nixos/ari/kubernetes.nix b/nixos/ari/kubernetes.nix index 746198e..b2d45e9 100644 --- a/nixos/ari/kubernetes.nix +++ b/nixos/ari/kubernetes.nix @@ -14,6 +14,7 @@ targetRevision = "e175c71b696752df431c2b313bd406731e7e149f"; sources = [ + "k8s/attic" "k8s/argocd-server" "k8s/cert-manager" "k8s/github-runners" diff --git a/nixos/ari/system.nix b/nixos/ari/system.nix index cadcb47..808c62b 100644 --- a/nixos/ari/system.nix +++ b/nixos/ari/system.nix @@ -20,6 +20,8 @@ endpoint = "https://nix-cache-b5eea907c395.s3.us-west-002.backblazeb2.com"; }; + database.url = "postgresql://attic@ari/attic"; + # Data chunking # # Warning: If you change any of the values here, it will be @@ -44,6 +46,26 @@ }; }; }; + + postgresql = { + enable = true; + enableTCPIP = true; + + authentication = '' + host all all all trust + ''; + + ensureDatabases = [ + "attic" + ]; + + ensureUsers = [ + { + name = "attic"; + ensureDBOwnership = true; + } + ]; + }; }; boot.loader.grub = {