prettysunflower/infra
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

apps(kakigoori): Added kakigoori to deployment

Browse Source
This commit is contained in:
prettysunflower
2025-05-31 13:20:03 +02:00
parent 66bb6f23c6
commit 0145f645d4
6 changed files with 153 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/kakigoori/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
local_settings.py

90
apps/kakigoori/deployment.yaml Normal file
View File

@@ -0,0 +1,90 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kakigoori
labels:
app.kubernetes.io/name: kakigoori
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: kakigoori
template:
metadata:
labels:
app.kubernetes.io/name: kakigoori
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: location
operator: In
values:
- fsn
containers:
- name: kakigoori
image: "git.remilia.ch/remilia/kakigoori:main"
imagePullPolicy: Always
ports:
- containerPort: 8001
volumeMounts:
- name: config
mountPath: /kakigoori/kakigoori/local_settings.py
subPath: local_settings.py
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
- name: anubis
image: ghcr.io/techarohq/anubis:latest
imagePullPolicy: Always
env:
- name: "BIND"
value: ":8080"
- name: "DIFFICULTY"
value: "4"
- name: ED25519_PRIVATE_KEY_HEX
valueFrom:
secretKeyRef:
name: anubis-kakigoori-key
key: ED25519_PRIVATE_KEY_HEX
- name: "METRICS_BIND"
value: ":9090"
- name: "SERVE_ROBOTS_TXT"
value: "true"
- name: "TARGET"
value: "http://localhost:8001"
- name: "OG_PASSTHROUGH"
value: "true"
- name: "OG_EXPIRY_TIME"
value: "24h"
resources:
limits:
cpu: 750m
memory: 256Mi
requests:
cpu: 250m
memory: 256Mi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
volumes:
- name: config
configMap:
name: kakigoori-config

8
apps/kakigoori/kustomization.yaml Normal file
View File

@@ -0,0 +1,8 @@
resources:
- deployment.yaml
- services.yaml
- secrets.yaml
configMapGenerator:
- name: kakigoori-config
files:
- local_settings.py

15
apps/kakigoori/local_settings.sops.py Normal file
View File

@@ -0,0 +1,15 @@
{
"data": "ENC[AES256_GCM,data:pESnbjbgxGjxVV4Q9oRZxsWXP1eJILBO1jGLp/IRIOw82hWAleen6nECSVuFl4Q7klsChEYrTki2hhNt7+2KQVymUWkfJScPwbRdoP8hlB72fDSxyca7FDrfXg458UcBMozJlrw5XwReTSV3f5OUcUXb2sC9ptUHCvE2U+U4yjHa2TdlvEbuCpY9NOYyl+k1lERzLLj/WhtyjRWk56HSUb4XSr3i3m2SJre6ikywnL7ErzdZ51E34jD23ED7BsAs8UdN7jGk7fyUD4+0P8goBXHqhliaPwoounS3P5MdgL5j5MoIFCih+6LeWBezthVZ6XSqYvVIZI2dtbYh7qzb43k12s2cgxYfRd7VhYSwM0QI3oInsXpr5YTocLBozzXGw1zTeguRR49lPNMPuRx5Yj/3nTnL/qFOPSABIvA9C2L1XohZBELZkuO3kB613vQbPDq48darb075WF9XO7cUN9d3B33X6zoxPRBf5JBGJV6WCx1fWZI+/j5AHPuDm8tXeN1aBcctCEJMjxNO4PVWOkyqEKtpnpPNhMwNriWV0rZkvtPNeDVKvbUCNSJVxCnHViKtIIOtqQX8QrWvGayiQTsr394FB/F+J1wty5Zsvk/WuYN62c5ICPiKWJR4Mb58MrybX1UlxZcnHuJBz7W+yTa6kF5L9GaAuicCORVoDCTGq/QyAUsm1FrUuKjs3CVkXmhtZOMF42kyAlnNKTnBb505hN2NE4iE0xek134K3FW12t37deavyNak96rsn6OVCgsASYiLQo+ygDyWjHfk5rKCc9FoZ+x8TPpEDKx1+N2KRMljq8ECfOCvJPZ+93pUg/ExmrmVtW16tR78AJ0sGFOvyClwwntzhk6KJH5FeaqIbA+lSYbBCLkQvXM7WBnlgaZpvIaO6B7ru7wiGjbojWqyzE/2TEPvXP85,iv:ys2DmK1Y/hGm/t8QRI9DiMpoaP6nwPXXWGTX8yiIYow=,tag:i5zn5dn9F8BorSc+1Zm3Wg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaGxKaDVkckwyYktyTzBG\nNVNyUFozblhlaWUra1U2cTRxYm1TOEpyZ0Z3ClRENDA4WXl4QVpQQ3V0RGIrdkVM\nYVFpRWs1WERHK1ZZenVsZU0xZGJQTHcKLS0tIDlVN2c3N21qemd1S3hDaHlDaDU2\nZU1WTTJZUUhaRUkyQW9WL05KNkNwRW8KS3lwtuo1sUo0iwwjV8fQILOsuRv5Onkc\niSc7wDNyvsL+mqkM0DqfgqeSvi6JHDUXxMU6b2OPg4M6YQ0Y/rsTJA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-05-31T11:09:17Z",
"mac": "ENC[AES256_GCM,data:MbEPM+n/vYATVnstjTsiGmmArSsSiYNXPAPNv9AmNQdxQDgtJSkBSA9TfVBtBL4x9Bymv9v0d+7N+Skn38ZPfQN5cVxncw1d05J03l6+COznyBNVDaA5u6iHrAf6olbfxdhN5/eoT8IZtn+hfSM+ZXM2MDP/u7/VD9j4G2pNTPA=,iv:qdDIp8vHvawnWIhJcJcGYvfHtZknljqfdufi8IlDFr8=,tag:6Kmg1jhv4VE1LLO9lBqzqw==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

22
apps/kakigoori/secrets.sops.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v1
kind: Secret
metadata:
name: anubis-kakigoori-key
type: Opaque
data:
ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:hLiIseiRyHxRyeqOr/l25I02LIY9UylK2O136X6904c7ZVpYIvqahI8Y94BNkDTSWQCUohEq2gAM3/NUb2OMosRX7/KJFOed3oqruvUz6imaSFTDXu9Jlg==,iv:R2hIPEttqS0k3lawoF1D51AExSodFt5HTs8h6dTr6h0=,tag:NOOZVbGD11jPtDEQ/GhCDw==,type:str]
sops:
age:
- recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUOEtoSE14clR0ZnBiTmxT
Nlc1VDFPWXZBamxySGZVYUxVeklKb0RVdnlnCk9seGNYa1NOSzlENzV5LzQzeGVh
UUd2UllMNUNkbWRyVEhHWmVHd3lyVzQKLS0tIERTdWRZRERBUmNuWm4vRHR4RjBG
RCtXMks0aFlPMHUzQXFuQ2tNb3U5OHMKwBGwir6zmtEuLbk/QJHLshHmby65aeK+
4IcT9Ez+OytpTx2iRgCPI5eFFIAirejzpc9TLviHdsPzrq/bN/v6Rw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-31T11:19:27Z"
mac: ENC[AES256_GCM,data:pGhHDJqdWQdDePmFqNFJsGb8xQnSIshlC+d2A6tVmPL2GZITFNHs7fjAODSpy91tev4p29N4RaKbukKqz0sXZADqj8edpQ01xrzLxeFsphYiC3wJcpGtlXWNjNxvHC8L1pzKjLS47/V+JcDJxzrZMvP4ZmmwSYXORMErgtARAZI=,iv:W9Kd77VPEDnbRbs4F7PQCj97NwhmIER0FiaRDEoo48I=,tag:R5iHYlsy+pP/GJBw4pci0g==,type:str]
encrypted_regex: ^(data|stringData)$
version: 3.10.2

17
apps/kakigoori/services.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: kakigoori
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: kakigoori
ports:
- protocol: TCP
port: 8001
targetPort: 8001
name: kakigoori
- protocol: TCP
port: 80
targetPort: 8080
name: anubis