bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
titan-iac/services/maintenance/ariadne-deployment.yaml

216 lines
8.0 KiB
YAML
Raw Blame History

# services/maintenance/ariadne-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ariadne
namespace: maintenance
spec:
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app: ariadne
template:
metadata:
labels:
app: ariadne
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
prometheus.io/path: "/metrics"
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "maintenance"
vault.hashicorp.com/agent-inject-secret-ariadne-env.sh: "kv/data/atlas/portal/atlas-portal-db"
vault.hashicorp.com/agent-inject-template-ariadne-env.sh: |
{{ with secret "kv/data/atlas/portal/atlas-portal-db" }}
export PORTAL_DATABASE_URL="{{ .Data.data.PORTAL_DATABASE_URL }}"
{{ end }}
{{ with secret "kv/data/atlas/portal/bstein-dev-home-keycloak-admin" }}
export KEYCLOAK_ADMIN_CLIENT_SECRET="{{ .Data.data.client_secret }}"
{{ end }}
{{ with secret "kv/data/atlas/mailu/mailu-db-secret" }}
export MAILU_DB_NAME="{{ .Data.data.database }}"
export MAILU_DB_USER="{{ .Data.data.username }}"
export MAILU_DB_PASSWORD="{{ .Data.data.password }}"
{{ end }}
{{ with secret "kv/data/atlas/mailu/mailu-initial-account-secret" }}
export SMTP_HOST="mailu-front.mailu-mailserver.svc.cluster.local"
export SMTP_PORT="587"
export SMTP_STARTTLS="true"
export SMTP_USE_TLS="false"
export SMTP_USERNAME="no-reply-portal@bstein.dev"
export SMTP_PASSWORD="{{ .Data.data.password }}"
export SMTP_FROM="no-reply-portal@bstein.dev"
{{ end }}
spec:
serviceAccountName: ariadne
nodeSelector:
kubernetes.io/arch: arm64
node-role.kubernetes.io/worker: "true"
containers:
- name: ariadne
image: registry.bstein.dev/bstein/ariadne:0.1.0-0
imagePullPolicy: Always
command: ["/bin/sh", "-c"]
args:
- >-
. /vault/secrets/ariadne-env.sh
&& exec uvicorn ariadne.app:app --host 0.0.0.0 --port 8080
ports:
- name: http
containerPort: 8080
env:
- name: KEYCLOAK_URL
value: https://sso.bstein.dev
- name: KEYCLOAK_REALM
value: atlas
- name: KEYCLOAK_CLIENT_ID
value: bstein-dev-home
- name: KEYCLOAK_ISSUER
value: https://sso.bstein.dev/realms/atlas
- name: KEYCLOAK_JWKS_URL
value: http://keycloak.sso.svc.cluster.local/realms/atlas/protocol/openid-connect/certs
- name: KEYCLOAK_ADMIN_URL
value: http://keycloak.sso.svc.cluster.local
- name: KEYCLOAK_ADMIN_REALM
value: atlas
- name: KEYCLOAK_ADMIN_CLIENT_ID
value: bstein-dev-home-admin
- name: PORTAL_PUBLIC_BASE_URL
value: https://bstein.dev
- name: ARIADNE_LOG_LEVEL
value: INFO
- name: PORTAL_ADMIN_USERS
value: bstein
- name: PORTAL_ADMIN_GROUPS
value: admin
- name: ACCOUNT_ALLOWED_GROUPS
value: dev,admin
- name: ALLOWED_FLAG_GROUPS
value: demo,test
- name: DEFAULT_USER_GROUPS
value: dev
- name: MAILU_DOMAIN
value: bstein.dev
- name: MAILU_SYNC_URL
value: http://mailu-sync-listener.mailu-mailserver.svc.cluster.local:8080/events
- name: MAILU_MAILBOX_WAIT_TIMEOUT_SEC
value: "180"
- name: MAILU_DB_HOST
value: postgres-service.postgres.svc.cluster.local
- name: MAILU_DB_PORT
value: "5432"
- name: NEXTCLOUD_NAMESPACE
value: nextcloud
- name: NEXTCLOUD_MAIL_SYNC_CRONJOB
value: nextcloud-mail-sync
- name: NEXTCLOUD_MAIL_SYNC_WAIT_TIMEOUT_SEC
value: "90"
- name: NEXTCLOUD_MAIL_SYNC_JOB_TTL_SEC
value: "3600"
- name: WGER_NAMESPACE
value: health
- name: WGER_USER_SYNC_CRONJOB
value: wger-user-sync
- name: WGER_ADMIN_CRONJOB
value: wger-admin-ensure
- name: WGER_USER_SYNC_WAIT_TIMEOUT_SEC
value: "90"
- name: FIREFLY_NAMESPACE
value: finance
- name: FIREFLY_USER_SYNC_CRONJOB
value: firefly-user-sync
- name: FIREFLY_USER_SYNC_WAIT_TIMEOUT_SEC
value: "90"
- name: VAULT_NAMESPACE
value: vault
- name: VAULT_K8S_AUTH_CRONJOB
value: vault-k8s-auth-config
- name: VAULT_OIDC_CRONJOB
value: vault-oidc-config
- name: VAULT_JOB_WAIT_TIMEOUT_SEC
value: "120"
- name: COMMS_NAMESPACE
value: comms
- name: COMMS_GUEST_NAME_CRONJOB
value: guest-name-randomizer
- name: COMMS_PIN_INVITE_CRONJOB
value: pin-othrys-invite
- name: COMMS_RESET_ROOM_CRONJOB
value: othrys-room-reset
- name: COMMS_SEED_ROOM_CRONJOB
value: seed-othrys-room
- name: COMMS_JOB_WAIT_TIMEOUT_SEC
value: "60"
- name: VAULTWARDEN_NAMESPACE
value: vaultwarden
- name: VAULTWARDEN_POD_LABEL
value: app=vaultwarden
- name: VAULTWARDEN_POD_PORT
value: "80"
- name: VAULTWARDEN_SERVICE_HOST
value: vaultwarden-service.vaultwarden.svc.cluster.local
- name: VAULTWARDEN_ADMIN_SECRET_NAME
value: vaultwarden-admin
- name: VAULTWARDEN_ADMIN_SECRET_KEY
value: ADMIN_TOKEN
- name: VAULTWARDEN_ADMIN_SESSION_TTL_SEC
value: "900"
- name: VAULTWARDEN_ADMIN_RATE_LIMIT_BACKOFF_SEC
value: "600"
- name: VAULTWARDEN_RETRY_COOLDOWN_SEC
value: "1800"
- name: VAULTWARDEN_FAILURE_BAILOUT
value: "2"
- name: ARIADNE_PROVISION_POLL_INTERVAL_SEC
value: "5"
- name: ARIADNE_PROVISION_RETRY_COOLDOWN_SEC
value: "30"
- name: ARIADNE_SCHEDULE_TICK_SEC
value: "5"
- name: ARIADNE_SCHEDULE_MAILU_SYNC
value: "30 4 * * *"
- name: ARIADNE_SCHEDULE_NEXTCLOUD_SYNC
value: "0 5 * * *"
- name: ARIADNE_SCHEDULE_VAULTWARDEN_SYNC
value: "*/15 * * * *"
- name: ARIADNE_SCHEDULE_WGER_ADMIN
value: "15 3 * * *"
- name: ARIADNE_SCHEDULE_VAULT_K8S_AUTH
value: "*/15 * * * *"
- name: ARIADNE_SCHEDULE_VAULT_OIDC
value: "*/15 * * * *"
- name: ARIADNE_SCHEDULE_COMMS_GUEST_NAME
value: "*/1 * * * *"
- name: ARIADNE_SCHEDULE_COMMS_PIN_INVITE
value: "*/30 * * * *"
- name: ARIADNE_SCHEDULE_COMMS_RESET_ROOM
value: "0 0 1 1 *"
- name: ARIADNE_SCHEDULE_COMMS_SEED_ROOM
value: "*/10 * * * *"
- name: WELCOME_EMAIL_ENABLED
value: "true"
- name: K8S_API_TIMEOUT_SEC
value: "5"
- name: METRICS_PATH
value: "/metrics"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 10
Reference in New Issue View Git Blame Copy Permalink