Compare commits
117 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f72ae81b06 | |||
| 349bffbc57 | |||
| cd354703a0 | |||
| afd7777bbd | |||
| 9c4bda4535 | |||
| 8b12a2f02d | |||
| 9b59850623 | |||
| 66f982eb7a | |||
| 6d66a83a39 | |||
| 3a888b764b | |||
| 029d2c15ee | |||
| c507c3ee86 | |||
| 8383a779fc | |||
| 6675bca20e | |||
| f4278410d9 | |||
| 753dc9ef8d | |||
| 2b43c83ad7 | |||
| ae0dfe160d | |||
| 837a4ecdbd | |||
| 13456c0b07 | |||
| bd00ac5b9f | |||
| 68c0ff7e37 | |||
| ddf5a5558a | |||
| d2456ce7ee | |||
| c85848097e | |||
| 31f830c04b | |||
| 29b2c17b3b | |||
| acf21244a9 | |||
| f1bd50e174 | |||
| 2f2b400d10 | |||
| 194c3f559e | |||
| 963f25d41d | |||
| 45bf4bf542 | |||
| 86cd875850 | |||
| 4e3d48fc5c | |||
| 4bed1fd613 | |||
| 3fe14d180f | |||
| 3b74e2c3f0 | |||
| 9a5e98ada1 | |||
| 1e2fc7e242 | |||
| a8a01b81b5 | |||
| 2271827ec5 | |||
| 8fa0489d22 | |||
| cdeb83b8f9 | |||
| 15536c90b5 | |||
| fcea575d0f | |||
| cdad1f42fd | |||
| eceac895aa | |||
| 497db760da | |||
| 5e8f30aeb3 | |||
| ec6aa4ceb8 | |||
| cba28bfe39 | |||
| 6ee1b6ba0f | |||
| 7f9ec9a3f4 | |||
| fd4192c5ec | |||
| ef57e18786 | |||
| bb48fe5719 | |||
| 1c0b9e05ae | |||
| 38588736e3 | |||
| 9c0d5c1fd4 | |||
| cdaa7b1038 | |||
| 8da13b3b5a | |||
| 704711a3de | |||
| 63a3923296 | |||
| 230fd51433 | |||
| 5b5e468a54 | |||
| 81cea46d0a | |||
| 17289137a5 | |||
| 6e2eb8f8e0 | |||
| 20def0ad16 | |||
| 711815d4c7 | |||
| 95e074b971 | |||
| fb851f4a1d | |||
| b6dc3d3f1a | |||
| e3c46cfd0d | |||
| 6bb357e3c6 | |||
| ae3ed61cf3 | |||
| df17979907 | |||
| 6de80970b1 | |||
| 7526631575 | |||
| 9dd8dd317c | |||
| 562249e9f4 | |||
| e32a4436af | |||
| a096804d20 | |||
| b9c260dd27 | |||
| e23046dac3 | |||
| 346fc3cad8 | |||
| 0aa0be2e3f | |||
| bb63392608 | |||
| 1f29929249 | |||
| e5b76a0fe0 | |||
| 89605a940a | |||
| 68e44b9eb0 | |||
|
9444c7f982 | ||
| cc95d66f8d | |||
| 6b84bdc675 | |||
| fa93567d2e | |||
| c990cdf317 | |||
| b951d8749a | |||
| 1b68aac966 | |||
| 539415eea5 | |||
| 7a648f4234 | |||
| 77e5ff381c | |||
| eb409d1f81 | |||
|
|
7c1e8c3fd1 | ||
|
|
c8ae32308b | ||
|
|
f04674503c | ||
|
|
037bba5c21 | ||
|
|
6d996b4d1f | ||
| 98c79f0bbd | |||
|
|
03e49b1efd | ||
| fdb4c13f23 | |||
|
|
3e2d96a8b9 | ||
| 174deb673e | |||
|
|
626c2b7e7c | ||
| a58a12d6c8 | |||
| 59a515f209 |
75
README.md
Normal file
75
README.md
Normal file
@ -0,0 +1,75 @@
|
||||
# ops-deployment
|
||||
|
||||
This repository contains declarative Kubernetes configurations (deployments, services, persistent volumes) for all application services. Changes are automatically synchronized to the cluster by Flux.
|
||||
|
||||
## Structure
|
||||
|
||||
Each service directory contains:
|
||||
- `deployment.yaml` - Pod specifications, container images, environment variables, volume mounts
|
||||
- `service.yaml` - Service exposure (ClusterIP, NodePort)
|
||||
- Additional resources as needed (PVCs, ConfigMaps, etc.)
|
||||
|
||||
## Workflow
|
||||
|
||||
1. **CI/CD Pipeline**: Build process generates new container image
|
||||
2. **Automatic Update**: Pipeline commits updated image tag to this repository
|
||||
3. **Flux Synchronization**: Flux detects changes and applies to cluster
|
||||
4. **Rolling Deployment**: Kubernetes performs rolling update
|
||||
|
||||
## Secrets Management
|
||||
|
||||
Secrets are managed directly in Kubernetes using `kubectl` or sealed-secrets:
|
||||
- Never committed to this repository
|
||||
- Mounted as volumes at `/etc/secrets` in containers
|
||||
- Referenced via `secretName` in deployment manifests
|
||||
|
||||
## Persistent Storage
|
||||
|
||||
Services requiring data persistence (MySQL, RabbitMQ) use PersistentVolumeClaims:
|
||||
- Storage classes define volume provisioning
|
||||
- Data survives pod restarts and redeployments
|
||||
- Backups handled separately
|
||||
|
||||
## Example Service
|
||||
|
||||
```yaml
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: backend-push-notifications
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
replicas: 1
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: backend-push-notifications
|
||||
image: ghcr.io/user/service:2
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
volumeMounts:
|
||||
- name: secrets
|
||||
mountPath: /etc/secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: secrets
|
||||
secret:
|
||||
secretName: backend-push-notifications
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: backend-push-notifications
|
||||
spec:
|
||||
selector:
|
||||
app: backend-push-notifications
|
||||
ports:
|
||||
- port: 9000
|
||||
targetPort: 9000
|
||||
nodePort: 30904
|
||||
type: NodePort
|
||||
```
|
||||
|
||||
## Monitoring
|
||||
|
||||
Services expose Prometheus metrics endpoints where applicable, on port 9000 and exposed via NodePort.
|
||||
@ -15,21 +15,41 @@ spec:
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: ghcr-secret
|
||||
initContainers:
|
||||
- name: copy-secrets
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
for f in /secrets/*; do
|
||||
cp "$f" /etc/secrets/
|
||||
chmod 666 "/etc/secrets/$(basename $f)"
|
||||
done
|
||||
volumeMounts:
|
||||
- name: backend-api-internal-secrets
|
||||
mountPath: /secrets
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
containers:
|
||||
- name: backend-api-internal
|
||||
image: ghcr.io/gansejunge/app-notifications-backend-api-internal:2
|
||||
image: ghcr.io/gansejunge/app-notifications-backend-api-internal:19
|
||||
ports:
|
||||
- containerPort: 8101
|
||||
env:
|
||||
- name: BACKEND_API_INTERNAL_RMQ_HOST
|
||||
value: "rabbitmq.app-notifications.svc.cluster.local"
|
||||
- name: BACKEND_API_INTERNAL_DB_HOST
|
||||
- name: DB_HOST
|
||||
value: "mysql.app-notifications.svc.cluster.local"
|
||||
- name: LOG_LEVEL
|
||||
value: "INFO"
|
||||
volumeMounts:
|
||||
- name: backend-api-internal-secrets
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: backend-api-internal-secrets
|
||||
secret:
|
||||
secretName: backend-api-internal
|
||||
- name: writable-secrets
|
||||
emptyDir: {}
|
||||
|
||||
|
||||
@ -15,19 +15,38 @@ spec:
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: ghcr-secret
|
||||
initContainers:
|
||||
- name: copy-secrets
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
for f in /secrets/*; do
|
||||
cp "$f" /etc/secrets/
|
||||
chmod 666 "/etc/secrets/$(basename $f)"
|
||||
done
|
||||
volumeMounts:
|
||||
- name: backend-api-secrets
|
||||
mountPath: /secrets
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
containers:
|
||||
- name: backend-api
|
||||
image: ghcr.io/gansejunge/app-notifications-backend-api:9
|
||||
image: ghcr.io/gansejunge/app-notifications-backend-api:30
|
||||
ports:
|
||||
- containerPort: 8100
|
||||
env:
|
||||
- name: BACKEND_API_DB_HOST
|
||||
- name: DB_HOST
|
||||
value: "mysql.app-notifications.svc.cluster.local"
|
||||
- name: LOG_LEVEL
|
||||
value: "INFO"
|
||||
volumeMounts:
|
||||
- name: backend-api-secrets
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: backend-api-secrets
|
||||
secret:
|
||||
secretName: backend-api
|
||||
- name: writable-secrets
|
||||
emptyDir: {}
|
||||
|
||||
55
backend-push-notifications/deployment.yaml
Normal file
55
backend-push-notifications/deployment.yaml
Normal file
@ -0,0 +1,55 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: backend-push-notifications
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: backend-push-notifications
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: backend-push-notifications
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: ghcr-secret
|
||||
initContainers:
|
||||
- name: copy-secrets
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
for f in /secrets/*; do
|
||||
cp "$f" /etc/secrets/
|
||||
chmod 666 "/etc/secrets/$(basename $f)"
|
||||
done
|
||||
volumeMounts:
|
||||
- name: backend-push-notifications-secrets
|
||||
mountPath: /secrets
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
containers:
|
||||
- name: backend-push-notifications
|
||||
image: ghcr.io/gansejunge/app-notifications-backend-push-notifications:12
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
name: metrics
|
||||
env:
|
||||
- name: BACKEND_PN_RMQ_HOST
|
||||
value: "rabbitmq.app-notifications.svc.cluster.local"
|
||||
- name: BACKEND_PN_DB_HOST
|
||||
value: "mysql.app-notifications.svc.cluster.local"
|
||||
- name: LOG_LEVEL
|
||||
value: "INFO"
|
||||
volumeMounts:
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
volumes:
|
||||
- name: backend-push-notifications-secrets
|
||||
secret:
|
||||
secretName: backend-push-notifications
|
||||
- name: writable-secrets
|
||||
emptyDir: {}
|
||||
15
backend-push-notifications/service.yaml
Normal file
15
backend-push-notifications/service.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: backend-push-notifications
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
selector:
|
||||
app: backend-push-notifications
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
nodePort: 30904
|
||||
name: prometheus-metrics
|
||||
type: NodePort
|
||||
37
elasticsearch/deployment.yaml
Normal file
37
elasticsearch/deployment.yaml
Normal file
@ -0,0 +1,37 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: elasticsearch
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: elasticsearch
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: elasticsearch
|
||||
spec:
|
||||
containers:
|
||||
- name: elasticsearch
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch:8.12.1
|
||||
ports:
|
||||
- containerPort: 9200
|
||||
name: http
|
||||
- containerPort: 9300
|
||||
name: transport
|
||||
env:
|
||||
- name: discovery.type
|
||||
value: single-node
|
||||
- name: xpack.security.enabled
|
||||
value: "true"
|
||||
- name: ES_JAVA_OPTS
|
||||
value: "-Xms1g -Xmx1g"
|
||||
volumeMounts:
|
||||
- name: elastic-data
|
||||
mountPath: /usr/share/elasticsearch/data
|
||||
volumes:
|
||||
- name: elastic-data
|
||||
persistentVolumeClaim:
|
||||
claimName: elasticsearch-data
|
||||
11
elasticsearch/pvc.yaml
Normal file
11
elasticsearch/pvc.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: elasticsearch-data
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
16
elasticsearch/service.yaml
Normal file
16
elasticsearch/service.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: elasticsearch
|
||||
namespace: app-notifications
|
||||
labels:
|
||||
app: elasticsearch
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: elasticsearch
|
||||
ports:
|
||||
- port: 9200
|
||||
name: http
|
||||
- port: 9300
|
||||
name: transport
|
||||
52
filebeat/configmap.yaml
Normal file
52
filebeat/configmap.yaml
Normal file
@ -0,0 +1,52 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: filebeat-config
|
||||
namespace: app-notifications
|
||||
data:
|
||||
filebeat.yml: |
|
||||
filebeat.autodiscover:
|
||||
providers:
|
||||
- type: kubernetes
|
||||
node: ${NODE_NAME}
|
||||
hints.enabled: false
|
||||
templates:
|
||||
- condition:
|
||||
equals:
|
||||
kubernetes.namespace: "app-notifications"
|
||||
config:
|
||||
- type: container
|
||||
paths:
|
||||
- /var/log/containers/*_app-notifications_*.log
|
||||
stream: stdout
|
||||
fingerprint.enabled: false
|
||||
|
||||
processors:
|
||||
- add_kubernetes_metadata:
|
||||
in_cluster: true
|
||||
- drop_event:
|
||||
when:
|
||||
not:
|
||||
or:
|
||||
- regexp:
|
||||
kubernetes.pod.name: "^backend-.*"
|
||||
- regexp:
|
||||
kubernetes.pod.name: "^service-.*"
|
||||
- regexp:
|
||||
kubernetes.pod.name: "^mysql-.*"
|
||||
- regexp:
|
||||
kubernetes.pod.name: "^rabbitmq-.*"
|
||||
|
||||
logging.level: info
|
||||
|
||||
queue.mem:
|
||||
events: 4096
|
||||
flush.min_events: 5
|
||||
flush.timeout: 5s
|
||||
|
||||
output.logstash:
|
||||
hosts: ["logstash.app-notifications.svc.cluster.local:5044"]
|
||||
bulk_max_size: 10
|
||||
worker: 1
|
||||
compression_level: 3
|
||||
timeout: 30
|
||||
48
filebeat/daemonset.yaml
Normal file
48
filebeat/daemonset.yaml
Normal file
@ -0,0 +1,48 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: filebeat
|
||||
namespace: app-notifications
|
||||
labels:
|
||||
app: filebeat
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: filebeat
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: filebeat
|
||||
spec:
|
||||
serviceAccountName: filebeat
|
||||
containers:
|
||||
- name: filebeat
|
||||
image: docker.elastic.co/beats/filebeat:8.12.1
|
||||
args: [
|
||||
"-c", "/usr/share/filebeat/filebeat.yml",
|
||||
"-e"
|
||||
]
|
||||
env:
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /usr/share/filebeat/filebeat.yml
|
||||
subPath: filebeat.yml
|
||||
- name: varlog
|
||||
mountPath: /var/log
|
||||
- name: dockersock
|
||||
mountPath: /var/lib/docker/containers
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: filebeat-config
|
||||
- name: varlog
|
||||
hostPath:
|
||||
path: /var/log
|
||||
- name: dockersock
|
||||
hostPath:
|
||||
path: /var/lib/docker/containers
|
||||
29
filebeat/rbac.yaml
Normal file
29
filebeat/rbac.yaml
Normal file
@ -0,0 +1,29 @@
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: filebeat
|
||||
namespace: app-notifications
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: filebeat
|
||||
namespace: app-notifications
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["pods", "namespaces"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: filebeat
|
||||
namespace: app-notifications
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: filebeat
|
||||
namespace: app-notifications
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: filebeat
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
47
kibana/deployment.yaml
Normal file
47
kibana/deployment.yaml
Normal file
@ -0,0 +1,47 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kibana
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kibana
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kibana
|
||||
spec:
|
||||
containers:
|
||||
- name: kibana
|
||||
image: docker.elastic.co/kibana/kibana:8.12.1
|
||||
ports:
|
||||
- containerPort: 5601
|
||||
env:
|
||||
- name: SERVER_PUBLICBASEURL
|
||||
value: "https://kibana.gansejunge.com"
|
||||
- name: ELASTICSEARCH_HOSTS
|
||||
value: "http://elasticsearch:9200"
|
||||
- name: ELASTICSEARCH_USERNAME
|
||||
value: "kibana_system"
|
||||
- name: ELASTICSEARCH_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kibana-credentials
|
||||
key: password
|
||||
- name: XPACK_SECURITY_ENCRYPTIONKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kibana-encryption-keys
|
||||
key: xpack_security_encryptionKey
|
||||
- name: XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kibana-encryption-keys
|
||||
key: xpack_encryptedSavedObjects_encryptionKey
|
||||
- name: XPACK_REPORTING_ENCRYPTIONKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kibana-encryption-keys
|
||||
key: xpack_reporting_encryptionKey
|
||||
14
kibana/service.yaml
Normal file
14
kibana/service.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: kibana
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
- port: 5601
|
||||
targetPort: 5601
|
||||
nodePort: 30102
|
||||
name: http
|
||||
selector:
|
||||
app: kibana
|
||||
28
logstash/configmap.yaml
Normal file
28
logstash/configmap.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: logstash-config
|
||||
namespace: app-notifications
|
||||
data:
|
||||
logstash.yml: |
|
||||
http.host: "0.0.0.0"
|
||||
xpack.monitoring.enabled: false
|
||||
|
||||
logstash.conf: |
|
||||
input {
|
||||
beats {
|
||||
port => 5044
|
||||
}
|
||||
}
|
||||
filter {
|
||||
if [level] == "DEBUG" { drop {} }
|
||||
}
|
||||
output {
|
||||
elasticsearch {
|
||||
hosts => ["http://elasticsearch:9200"]
|
||||
user => "elastic"
|
||||
password => "${ELASTIC_PASSWORD}"
|
||||
ssl_verification_mode => none
|
||||
index => "app-notifications-%{+YYYY.MM.dd}"
|
||||
}
|
||||
}
|
||||
37
logstash/deployment.yaml
Normal file
37
logstash/deployment.yaml
Normal file
@ -0,0 +1,37 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: logstash
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: logstash
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: logstash
|
||||
spec:
|
||||
containers:
|
||||
- name: logstash
|
||||
image: docker.elastic.co/logstash/logstash:8.12.1
|
||||
env:
|
||||
- name: ELASTIC_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: elastic-credentials
|
||||
key: ELASTIC_PASSWORD
|
||||
ports:
|
||||
- containerPort: 5044
|
||||
volumeMounts:
|
||||
- name: logstash-config
|
||||
mountPath: /usr/share/logstash/config/logstash.yml
|
||||
subPath: logstash.yml
|
||||
- name: logstash-config
|
||||
mountPath: /usr/share/logstash/pipeline/logstash.conf
|
||||
subPath: logstash.conf
|
||||
volumes:
|
||||
- name: logstash-config
|
||||
configMap:
|
||||
name: logstash-config
|
||||
12
logstash/service.yaml
Normal file
12
logstash/service.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: logstash
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
selector:
|
||||
app: logstash
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5044
|
||||
targetPort: 5044
|
||||
23
service-docker-repository-query/cron-check-pihole.yaml
Normal file
23
service-docker-repository-query/cron-check-pihole.yaml
Normal file
@ -0,0 +1,23 @@
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: check-pihole-updates
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
schedule: "0 7 * * *"
|
||||
successfulJobsHistoryLimit: 1
|
||||
failedJobsHistoryLimit: 1
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: curl
|
||||
image: curlimages/curl:latest
|
||||
command: ["curl"]
|
||||
args:
|
||||
- -s
|
||||
- -X
|
||||
- GET
|
||||
- http://service-docker-repository-query-internal:5000/pihole
|
||||
restartPolicy: OnFailure
|
||||
23
service-docker-repository-query/cron-check-suwayomi.yaml
Normal file
23
service-docker-repository-query/cron-check-suwayomi.yaml
Normal file
@ -0,0 +1,23 @@
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: check-suwayomi-updates
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
schedule: "0 8 * * *"
|
||||
successfulJobsHistoryLimit: 1
|
||||
failedJobsHistoryLimit: 1
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: curl
|
||||
image: curlimages/curl:latest
|
||||
command: ["curl"]
|
||||
args:
|
||||
- -s
|
||||
- -X
|
||||
- GET
|
||||
- http://service-docker-repository-query-internal:5000/suwayomi
|
||||
restartPolicy: OnFailure
|
||||
@ -15,24 +15,41 @@ spec:
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: ghcr-secret
|
||||
initContainers:
|
||||
- name: copy-secrets
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
for f in /secrets/*; do
|
||||
cp "$f" /etc/secrets/
|
||||
chmod 666 "/etc/secrets/$(basename $f)"
|
||||
done
|
||||
volumeMounts:
|
||||
- name: service-docker-repository-query-secrets
|
||||
mountPath: /secrets
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
containers:
|
||||
- name: service-docker-repository-query
|
||||
image: ghcr.io/gansejunge/app-notifications-service-docker-repository-query:3
|
||||
image: ghcr.io/gansejunge/app-notifications-service-docker-repository-query:19
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
name: fastapi
|
||||
- containerPort: 9000
|
||||
name: metrics
|
||||
env:
|
||||
- name: SERVICE_DRQ_DB_HOST
|
||||
- name: DB_HOST
|
||||
value: "mysql.app-notifications.svc.cluster.local"
|
||||
- name: BACKEND_API_URL
|
||||
value: "http://backend-api-internal.app-notifications.svc.cluster.local:8101/internal/receive-notifications"
|
||||
volumeMounts:
|
||||
- name: service-docker-repository-query-secrets
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: service-docker-repository-query-secrets
|
||||
secret:
|
||||
secretName: service-docker-repository-query
|
||||
- name: writable-secrets
|
||||
emptyDir: {}
|
||||
|
||||
@ -0,0 +1,23 @@
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: check-new-royalroad-chapters
|
||||
namespace: app-notifications
|
||||
spec:
|
||||
schedule: "5-59/10 * * * *"
|
||||
successfulJobsHistoryLimit: 1
|
||||
failedJobsHistoryLimit: 1
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: curl
|
||||
image: curlimages/curl:latest
|
||||
command: ["curl"]
|
||||
args:
|
||||
- -s
|
||||
- -X
|
||||
- GET
|
||||
- http://service-royalroad-chapters-internal:5000/royalroad
|
||||
restartPolicy: OnFailure
|
||||
@ -15,24 +15,41 @@ spec:
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: ghcr-secret
|
||||
initContainers:
|
||||
- name: copy-secrets
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
for f in /secrets/*; do
|
||||
cp "$f" /etc/secrets/
|
||||
chmod 666 "/etc/secrets/$(basename $f)"
|
||||
done
|
||||
volumeMounts:
|
||||
- name: service-royalroad-chapters-secrets
|
||||
mountPath: /secrets
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
containers:
|
||||
- name: service-royalroad-chapters
|
||||
image: ghcr.io/gansejunge/app-notifications-service-royalroad-chapters:4
|
||||
image: ghcr.io/gansejunge/app-notifications-service-royalroad-chapters:27
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
name: fastapi
|
||||
- containerPort: 9000
|
||||
name: metrics
|
||||
env:
|
||||
- name: SERVICE_RR_DB_HOST
|
||||
- name: DB_HOST
|
||||
value: "mysql.app-notifications.svc.cluster.local"
|
||||
- name: BACKEND_API_URL
|
||||
value: "http://backend-api-internal.app-notifications.svc.cluster.local:8101/internal/receive-notifications"
|
||||
volumeMounts:
|
||||
- name: service-royalroad-chapters-secrets
|
||||
- name: writable-secrets
|
||||
mountPath: /etc/secrets
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: service-royalroad-chapters-secrets
|
||||
secret:
|
||||
secretName: service-royalroad-chapters
|
||||
- name: writable-secrets
|
||||
emptyDir: {}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user