feat: adds privatebint to the cluster #1402
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports MegaLinter is graciously provided by |
removes unused code
--- kubernetes/apps Kustomization: flux-system/cluster-apps Namespace: flux-system/security
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Namespace: flux-system/security
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ kustomize.toolkit.fluxcd.io/prune: disabled
+ name: security
+
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/pastebin
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/pastebin
@@ -0,0 +1,36 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: pastebin
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: pastebin
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ dependsOn:
+ - name: longhorn
+ interval: 30m
+ path: ./kubernetes/apps/security/pastebin/app
+ postBuild:
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ - kind: Secret
+ name: cluster-secrets
+ prune: true
+ retryInterval: 1m
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: security
+ timeout: 5m
+ wait: true
+
--- kubernetes/apps/security/pastebin/app Kustomization: flux-system/pastebin HelmRelease: security/pastebin
+++ kubernetes/apps/security/pastebin/app Kustomization: flux-system/pastebin HelmRelease: security/pastebin
@@ -0,0 +1,101 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: pastebin
+ kustomize.toolkit.fluxcd.io/name: pastebin
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: pastebin
+ namespace: security
+spec:
+ chart:
+ spec:
+ chart: app-template
+ sourceRef:
+ kind: HelmRepository
+ name: bjw-s-charts
+ namespace: flux-system
+ version: 3.4.0
+ install:
+ remediation:
+ retries: 3
+ interval: 30m
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ values:
+ controllers:
+ pastebin:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ containers:
+ app:
+ envFrom:
+ - secretRef:
+ name: pastebin-secret
+ image:
+ repository: docker.io/privatebin/nginx-fpm-alpine
+ tag: 1.7.4@sha256:4cc5f26f5b558b734cb084ada4fdacd75bd9f5e4574f3f3df54165b3623d6b86
+ probes:
+ liveness:
+ enabled: true
+ readiness:
+ enabled: true
+ resources:
+ limits:
+ memory: 100Mi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ replicas: 1
+ statefulset:
+ podManagementPolicy: Parallel
+ volumeClaimTemplates:
+ - accessMode: ReadWriteOnce
+ globalMounts:
+ - path: /srv/data
+ name: data
+ size: 200Mi
+ storageClass: longhorn-media
+ strategy: RollingUpdate
+ type: statefulset
+ defaultPodOptions:
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ ingress:
+ app:
+ annotations:
+ gatus.io/enabled: 'true'
+ hajimari.io/icon: simple-icons:pastebin
+ className: external
+ hosts:
+ - host: pastebin...PLACEHOLDER..
+ paths:
+ - path: /
+ service:
+ identifier: app
+ port: http
+ tls:
+ - hosts:
+ - pastebin...PLACEHOLDER..
+ service:
+ app:
+ controller: pastebin
+ ports:
+ http:
+ port: 8080
+ |
--- HelmRelease: security/pastebin Service: security/pastebin
+++ HelmRelease: security/pastebin Service: security/pastebin
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: pastebin
+ labels:
+ app.kubernetes.io/instance: pastebin
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: pastebin
+ app.kubernetes.io/service: pastebin
+spec:
+ type: ClusterIP
+ ports:
+ - port: 8080
+ targetPort: 8080
+ protocol: TCP
+ name: http
+ selector:
+ app.kubernetes.io/component: pastebin
+ app.kubernetes.io/instance: pastebin
+ app.kubernetes.io/name: pastebin
+
--- HelmRelease: security/pastebin StatefulSet: security/pastebin
+++ HelmRelease: security/pastebin StatefulSet: security/pastebin
@@ -0,0 +1,91 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: pastebin
+ labels:
+ app.kubernetes.io/component: pastebin
+ app.kubernetes.io/instance: pastebin
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: pastebin
+ annotations:
+ reloader.stakater.com/auto: 'true'
+spec:
+ revisionHistoryLimit: 3
+ replicas: 1
+ podManagementPolicy: Parallel
+ updateStrategy:
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: pastebin
+ app.kubernetes.io/name: pastebin
+ app.kubernetes.io/instance: pastebin
+ serviceName: pastebin
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: pastebin
+ app.kubernetes.io/instance: pastebin
+ app.kubernetes.io/name: pastebin
+ spec:
+ enableServiceLinks: false
+ serviceAccountName: default
+ automountServiceAccountToken: true
+ securityContext:
+ fsGroup: 1000
+ runAsGroup: 1000
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ dnsPolicy: ClusterFirst
+ containers:
+ - envFrom:
+ - secretRef:
+ name: pastebin-secret
+ image: docker.io/privatebin/nginx-fpm-alpine:1.7.4@sha256:4cc5f26f5b558b734cb084ada4fdacd75bd9f5e4574f3f3df54165b3623d6b86
+ livenessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ tcpSocket:
+ port: 8080
+ timeoutSeconds: 1
+ name: app
+ readinessProbe:
+ failureThreshold: 3
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ tcpSocket:
+ port: 8080
+ timeoutSeconds: 1
+ resources:
+ limits:
+ memory: 100Mi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - mountPath: /srv/data
+ name: data
+ volumeClaimTemplates:
+ - metadata:
+ name: data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 200Mi
+ storageClassName: longhorn-media
+
--- HelmRelease: security/pastebin Ingress: security/pastebin
+++ HelmRelease: security/pastebin Ingress: security/pastebin
@@ -0,0 +1,29 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: pastebin
+ labels:
+ app.kubernetes.io/instance: pastebin
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: pastebin
+ annotations:
+ gatus.io/enabled: 'true'
+ hajimari.io/icon: simple-icons:pastebin
+spec:
+ ingressClassName: external
+ tls:
+ - hosts:
+ - pastebin...PLACEHOLDER..
+ rules:
+ - host: pastebin...PLACEHOLDER..
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: pastebin
+ port:
+ number: 8080
+ |
This commit refactors the helmrelease.yaml file for the pastebin app. It updates the name from "microbin" to "pastebin" and adds an interval of 30 minutes. The chart version is also updated to 3.4.0. Additionally, it includes changes to the install and upgrade sections, adding remediation options and cleanup on fail. The values section is modified to use the "pastebin" controller and secret. Update ks.yaml for pastebin app This commit updates the ks.yaml file for the pastebin app. It adds a dependency on "longhorn" and removes the commented-out dependencies on "cluster-apps-external-secrets-stores". The path is set to "./kubernetes/apps/security/pastebin/app" and pruning is enabled.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the change
Since microbin has been archived I decided to give a try privatebin.
Benefits or applicable issues
selfhosted pastebin with secrets