acmcarther/yesod-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
yesod-mirror/k8s/configs/environments/dev/main.jsonnet

718 lines
31 KiB
Jsonnet
Raw Permalink Normal View History

Project import generated by Copybara. GitOrigin-RevId: 6370f6ea785709295b6abcf9c60717cacf3ac432
2026-01-20 13:24:59 -08:00
local base = import "k8s/configs/base.libsonnet";
local secrets = import "k8s/configs/environments/dev/secrets.json";
local nginxIngress = import "k8s/configs/templates/core/network/nginx-ingress.libsonnet";
local postgres = import "k8s/configs/templates/core/storage/postgres.libsonnet";
local memcached = import "k8s/configs/templates/core/storage/memcached.libsonnet";
local n8n = import "k8s/configs/templates/core/workflow/n8n.libsonnet";
local codeServer = import "k8s/configs/templates/dev/ide/code-server.libsonnet";
local coder = import "k8s/configs/templates/dev/ide/coder.libsonnet";
local ollama = import "k8s/configs/templates/dev/ai/ollama.libsonnet";
local openWebUi = import "k8s/configs/templates/dev/ai/open-webui.libsonnet";
local openWebUiPipelines = import "k8s/configs/templates/dev/ai/open-webui-pipelines.libsonnet";
local tabbyml = import "k8s/configs/templates/dev/ai/tabbyml.libsonnet";
local openssh = import "k8s/configs/templates/dev/ops/openssh.libsonnet";
local forgejo = import "k8s/configs/templates/dev/ops/forgejo.libsonnet";
local forgejoRunner = import "k8s/configs/templates/dev/ops/forgejo-runner.libsonnet";
local harbor = import "k8s/configs/templates/dev/ops/harbor.libsonnet";
local binCache = import "k8s/configs/templates/dev/ops/bin-cache.libsonnet";
local browserless = import "k8s/configs/templates/dev/tools/browserless.libsonnet";
local hastebin = import "k8s/configs/templates/dev/tools/hastebin.libsonnet";
local hugo = import "k8s/configs/templates/dev/tools/hugo.libsonnet";
local whitebophir = import "k8s/configs/templates/dev/organization/whitebophir.libsonnet";
local vikunja = import "k8s/configs/templates/dev/organization/vikunja.libsonnet";
local lurker = import "k8s/configs/templates/personal/media/lurker.libsonnet";
local namespace = "dev";
local ctx = base.NewContext(base.helm);
{
namespace: {
apiVersion: "v1",
kind: "Namespace",
metadata: {
name: namespace,
},
},
bazelClientCert: {
apiVersion: 'cert-manager.io/v1',
kind: 'Certificate',
metadata: {
name: 'bazel-client-cert',
namespace: namespace,
},
spec: {
secretName: 'bazel-client-tls',
commonName: 'bazel-client-dev',
isCA: false,
usages: [
'client auth',
],
issuerRef: {
name: 'csbx-dev-grpc-ca-issuer',
kind: 'ClusterIssuer',
},
},
},
secrets: {
coderPostgres: postgres.Secret(postgres.SecretParams{
name: "coder-postgres",
namespace: "dev",
password: secrets.coder_psql_db_pwd,
}),
coderDbUrl: base.Secret("dev", "coder-db-url") {
type: "Opaque",
data+: {
"url": secrets.coder_db_url,
},
},
vikunjaSecret: base.Secret("dev", "vikunja-secret") {
type: "Opaque",
data+: {
"vikunja-db-pwd": secrets.vikunja_db_pwd,
"vikunja-jwt-secret": secrets.vikunja_jwt_secret,
},
},
forgejoRunnerSecret: base.Secret("dev", "forgejo-runner-secret") {
type: "Opaque",
data+: {
"runner-token": secrets.forgejo_runner_token,
},
},
harbor: harbor.Secret(harbor.SecretParams{
name: "harbor-secret",
namespace: "dev",
adminPassword: secrets.harbor_admin_pwd,
secretKey: secrets.harbor_secret_key,
registryPassword: secrets.harbor_registry_pwd,
registryHtpassword: secrets.harbor_registry_htpasswd,
databasePassword: secrets.harbor_db_pwd,
}),
forgejoApp: forgejo.Secret(forgejo.SecretParams{
name: "forgejo-app",
namespace: "dev",
psql_password: secrets.forgejo_psql_db_pwd,
}),
forgejoMemcached: memcached.Secret(memcached.SecretParams{
name: "forgejo-memcached",
namespace: "dev",
password: "",
}),
forgejoPostgres: postgres.Secret(postgres.SecretParams{
name: "forgejo-postgres",
namespace: "dev",
password: secrets.forgejo_psql_db_pwd,
}),
},
apps: {
binCache: {
pvc: base.RecoverableSimpleManyPvc(namespace, "bin-cache-data", "nfs-client", "50Gi", {
volumeName: "pvc-e37b19f1-9833-4b43-b43f-17781ce77dc8",
nfsPath: "/volume3/fs/dev-bin-cache-data-pvc-e37b19f1-9833-4b43-b43f-17781ce77dc8",
nfsServer: "apollo1.dominion.lan",
}),
configMap: binCache.ConfigMap(binCache.Params {
namespace: namespace,
name: "bin-cache-config",
dataClaimName: "bin-cache-data",
configClaimName: "bin-cache-config",
}),
app: binCache.App(binCache.Params {
namespace: namespace,
name: "bin-cache",
dataClaimName: "bin-cache-data",
configClaimName: "bin-cache-config",
}),
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "bin-cache",
hosts: [
"bin-cache.csbx.dev",
],
serviceName: "bin-cache-http",
servicePort: 80,
annotations: {
"nginx.ingress.kubernetes.io/proxy-buffer-size": "32k",
"nginx.ingress.kubernetes.io/proxy-buffers": "4 32k",
"nginx.ingress.kubernetes.io/proxy-busy-buffers-size": "64k",
},
}),
},
coder: {
postgresPvc: base.RecoverableSimpleManyPvc(namespace, "coder-postgres-data", "nfs-client", "50Gi", {
volumeName: "pvc-e1475b7d-e320-4ec4-bdd2-f4af9bae8d9d",
nfsPath: "/volume3/fs/dev-coder-postgres-data-pvc-e1475b7d-e320-4ec4-bdd2-f4af9bae8d9d",
nfsServer: "apollo1.dominion.lan",
}),
// 2024-10-09
// Having issues with db initializatoon
// 2025-01-19
// In the process of upgrading postgres, I think I've root caused the failure to create
// The data claim will need to be cleaned up and then recreated as postgres 17.
dbApp: postgres.App(postgres.Params {
namespace: namespace,
name: "coder-pg",
filePath: std.thisFile,
dataClaimName: "coder-postgres-data",
dbName: "coder",
dbUser: "postgres",
// Defined in "//kube/cfg/secrets/auth.jsonnet"
dbPwdSecret: "coder-postgres",
dbPwdSecretKey: "password",
}),
coder: coder.App(coder.Params {
namespace: namespace,
name: "coder",
context: ctx,
filePath: std.thisFile,
coderPgUrlSecret: "coder-db-url",
}),
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "coder-ui",
hosts: [
"coder.csbx.dev",
],
// TODO:
serviceName: "coder",
// Has it's own auth.
//annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
}),
toolsPvc: base.RecoverableSimpleManyPvc(namespace, "tools-pvc", "nfs-client", "10Gi", {
volumeName: "pvc-2c3aa050-1503-41a5-9389-4ac2bbce47a7",
nfsPath: "/volume3/fs/dev-tools-pvc-pvc-2c3aa050-1503-41a5-9389-4ac2bbce47a7",
nfsServer: "apollo1.dominion.lan",
}),
},
ollama: {
ollamaStoragePvc: base.RecoverableSimpleManyPvc(namespace, "ollama-storage", "nfs-bulk", "100Gi", {
volumeName: "pvc-4106e508-b04d-4d15-9b70-2a9c01d0d72c",
nfsPath: "/volume4/fs-bulk/dev-ollama-storage-pvc-4106e508-b04d-4d15-9b70-2a9c01d0d72c",
nfsServer: "apollo2.dominion.lan",
}),
ollamaFatStoragePvc: base.RecoverableSimpleManyPvc(namespace, "ollama-fat-storage", "nfs-bulk", "100Gi", {
volumeName: "pvc-34e9dec4-b2c2-4b32-85e8-a409b671087f",
nfsPath: "/volume4/fs-bulk/dev-ollama-fat-storage-pvc-34e9dec4-b2c2-4b32-85e8-a409b671087f",
nfsServer: "apollo2.dominion.lan",
}),
openWebUIStoragePvc: base.RecoverableSimpleManyPvc(namespace, "open-webui-storage", "nfs-client", "10Gi", {
volumeName: "pvc-6b420a30-2c60-486e-977d-baa8bcb17842",
nfsPath: "/volume3/fs/dev-open-webui-storage-pvc-6b420a30-2c60-486e-977d-baa8bcb17842",
nfsServer: "apollo1.dominion.lan",
}),
openWebUIPipelinesStoragePvc: base.RecoverableSimpleManyPvc(namespace, "open-webui-pipelines-storage", "nfs-client", "10Gi", {
volumeName: "pvc-4ebe8cab-1712-4292-8543-fd28e30409f7",
nfsPath: "/volume3/fs/dev-open-webui-pipelines-storage-pvc-4ebe8cab-1712-4292-8543-fd28e30409f7",
nfsServer: "apollo1.dominion.lan",
}),
/*
ollamaApp: ollama.App(ollama.Params {
namespace: namespace,
name: "ollama",
filePath: std.thisFile,
storageClaimName: "ollama-storage",
}),
*/
/*
ollamaFatApp: ollama.App(ollama.Params {
namespace: namespace,
name: "ollama-fat",
filePath: std.thisFile,
storageClaimName: "ollama-fat-storage",
gpuNodeSelectorName: "nvidia-fat"
}),
*/
// TODO:
// - Cron for ollama and ollama-fat to rsync ollama local to ollama remote
/*
openWebUIApp: openWebUi.App(openWebUi.Params {
namespace: namespace,
name: "ollama-open-ui",
filePath: std.thisFile,
ollamaHost: "http://ollama-ui." + namespace + ".svc.cluster.local:80",
storageClaimName: "open-webui-storage",
}),
openWebUIPipelinesApp: openWebUiPipelines.App(openWebUiPipelines.Params {
namespace: namespace,
name: "ollama-open-ui-pipelines",
filePath: std.thisFile,
storageClaimName: "open-webui-pipelines-storage",
}),
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "ollama-open-ui",
hosts: [
"llama.csbx.dev",
],
serviceName: "ollama-open-ui-ui",
// Has it's own auth.
//annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
}),
*/
},
tabbyml: {
storagePvc: base.RecoverableSimpleManyPvc(namespace, "tabbyml-storage", "nfs-client", "10Gi", {
volumeName: "pvc-c21eadff-2d8e-419e-bf2f-1fc6262b4dcd",
nfsPath: "/volume3/fs/dev-tabbyml-storage-pvc-c21eadff-2d8e-419e-bf2f-1fc6262b4dcd",
nfsServer: "apollo1.dominion.lan",
}),
// TODO: Not working -- not becoming available on the port.
/*
tabbyml: tabbyml.App(tabbyml.Params {
namespace: namespace,
name: "tabbyml",
filePath: std.thisFile,
storageClaimName: "tabbyml-storage",
}),
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "tabbyml-ui",
hosts: [
"tabbyml.csbx.dev",
],
serviceName: "tabbyml-ui",
}),
*/
},
lurker: {
dataPvc: base.RecoverableSimpleManyPvc(namespace, "lurker-data", "nfs-client", "100Gi", {
volumeName: "pvc-5f906263-252f-43cf-8298-7a61d58321b2",
nfsPath: "/volume3/fs/dev-lurker-data-pvc-5f906263-252f-43cf-8298-7a61d58321b2",
nfsServer: "apollo1.dominion.lan",
}),
app: lurker.App(lurker.Params {
namespace: namespace,
name: "lurker",
filePath: std.thisFile,
dataClaimName: "lurker-data",
}),
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "lurker",
hosts: [
"lurker.csbx.dev",
],
serviceName: "lurker-ui",
#annotations: nginxIngress.KubeOauthProxyAnnotations,
}),
},
/*
browserless: {
browserlessApp: browserless.App(browserless.Params {
namespace: namespace,
name: "browserless",
filePath: std.thisFile,
}),
browserlessIngress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "browserless",
hosts: [
"browserless.csbx.dev",
],
serviceName: "browserless-ui",
annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
}),
},
n8n: {
n8nPvc: base.RecoverableSimpleManyPvc(namespace, "n8n-data", "nfs-client", "10Gi", {
volumeName: "pvc-f9970c88-1b5f-4bbd-845a-3a1e685aa123",
nfsPath: "/volume3/fs/dev-n8n-data-pvc-f9970c88-1b5f-4bbd-845a-3a1e685aa123",
nfsServer: "apollo1.dominion.lan",
}),
n8nPostgresPvc: base.RecoverableSimpleManyPvc(namespace, "n8n-postgres-data", "nfs-client", "10Gi", {
volumeName: "pvc-4e48a218-d9e5-41b9-8e9f-8bb1a7d4def7",
nfsPath: "/volume3/fs/dev-n8n-postgres-data-pvc-4e48a218-d9e5-41b9-8e9f-8bb1a7d4def7",
nfsServer: "apollo1.dominion.lan",
}),
dbApp: postgres.App(postgres.Params {
namespace: namespace,
name: "n8n-pg",
filePath: std.thisFile,
// Defined in "//kube/cfg/secrets/dev.jsonnet"
dataClaimName: "n8n-postgres-data",
dbName: "n8n",
dbUser: "root",
// Defined in "//kube/cfg/secrets/dev.jsonnet"
dbPwdSecret: "n8n-secret",
dbPwdSecretKey: "n8n-db-pwd",
}),
app: n8n.App(n8n.Params {
namespace: namespace,
name: "n8n",
filePath: std.thisFile,
dataClaimName: "n8n-data",
ingressBaseUrl: "n8n.csbx.dev",
postgresHost: "n8n-pg.dev.svc.cluster.local",
dbPwdSecret: "n8n-secret",
dbPwdSecretKey: "n8n-db-pwd",
}),
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "n8n",
hosts: [
"n8n.csbx.dev",
],
serviceName: "n8n-ui",
//annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
}),
},
*/
codeServer: {
configPvc: base.RecoverableSimpleManyPvc(namespace, "code-server-config", "nfs-client", "100Gi", {
volumeName: "pvc-9f72afed-69ba-4009-ab6e-81cef350f886",
nfsPath: "/volume3/fs/dev-code-server-config-pvc-9f72afed-69ba-4009-ab6e-81cef350f886",
nfsServer: "apollo1.dominion.lan",
}),
app: codeServer.App(codeServer.Params {
namespace: namespace,
name: "code-server",
filePath: std.thisFile,
// Defined in "//kube/cfg/dominion/pvc.jsonnet"
configClaimName: "code-server-config",
}),
/*
hugoDocs: hugo.App(hugo.Params {
namespace: namespace,
name: "hugo-infra",
filePath: std.thisFile,
dataClaimName: "code-server-config",
mountSubPath: "workspace/infra2/dominion-notes/",
}),
*/
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "code-server",
hosts: [
"cs.cheapassbox.com",
],
serviceName: "code-server-ui",
annotations: nginxIngress.KubeOauthProxyAnnotations,
}),
ingress2: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "code-server-csbx",
hosts: [
"cs.csbx.dev",
],
serviceName: "code-server-ui",
annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
}),
/*
hugoIngress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "hugo-infra",
hosts: [
"infra-docs.csbx.dev",
],
serviceName: "hugo-infra-ui",
annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
})
*/
},
/*
vikunja: {
vikunjaPvc: base.RecoverableSimpleManyPvc(namespace, "vikunja-data", "nfs-client", "10Gi", {
volumeName: "pvc-87dd9045-276f-45b6-bda0-6a4c88289517",
nfsPath: "/volume3/fs/dev-vikunja-data-pvc-87dd9045-276f-45b6-bda0-6a4c88289517",
nfsServer: "apollo1.dominion.lan",
}),
vikunjaPostgresPvc: base.RecoverableSimpleManyPvc(namespace, "vikunja-postgres-data", "nfs-client", "10Gi", {
volumeName: "pvc-68d9b640-d4ea-447f-a6a3-bc3a1ea41c0a",
nfsPath: "/volume3/fs/dev-vikunja-postgres-data-pvc-68d9b640-d4ea-447f-a6a3-bc3a1ea41c0a",
nfsServer: "apollo1.dominion.lan",
}),
dbApp: postgres.App(postgres.Params {
namespace: namespace,
name: "vikunja-pg",
filePath: std.thisFile,
// Defined in "//kube/cfg/secrets/dev.jsonnet"
dataClaimName: "vikunja-postgres-data",
dbName: "vikunja",
dbUser: "vikunja",
// Defined in "//kube/cfg/secrets/dev.jsonnet"
dbPwdSecret: "vikunja-secret",
dbPwdSecretKey: "vikunja-db-pwd",
}),
vikunja: vikunja.App(vikunja.Params {
namespace: namespace,
name: "vikunja",
filePath: std.thisFile,
dataClaimName: "vikunja-data",
ingressBaseUrl: "https://vikunja.csbx.dev/",
postgresHost: "vikunja-pg.dev.svc.cluster.local",
secretName: "vikunja-secret",
},),
vikunja_ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "vikunja-csbx",
hosts: [
"vikunja.csbx.dev",
],
serviceName: "vikunja-ui",
annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
}),
},
*/
forgejo: {
postgres17Pvc: base.RecoverableSimpleManyPvc(namespace, "forgejo-postgres-17-data", "nfs-client", "50Gi", {
volumeName: "pvc-18f8a0b8-7aef-4d07-ab45-59b99377c7f2",
nfsPath: "/volume3/fs/dev-forgejo-postgres-17-data-pvc-18f8a0b8-7aef-4d07-ab45-59b99377c7f2",
nfsServer: "apollo1.dominion.lan",
}),
dataPvc: base.RecoverableSimpleManyPvc(namespace, "forgejo-data", "nfs-bulk", "200Gi", {
volumeName: "pvc-d92af937-297d-4bee-981f-1b7f9a8530a0",
nfsPath: "/volume4/fs-bulk/dev-forgejo-data-pvc-d92af937-297d-4bee-981f-1b7f9a8530a0",
nfsServer: "apollo2.dominion.lan",
}),
memcachedApp: memcached.App(memcached.Params {
namespace: namespace,
name: "forgejo-memcached",
filePath: std.thisFile,
secretName: "forgejo-memcached",
}),
db17App: postgres.App(postgres.Params {
namespace: namespace,
name: "forgejo-pg-17",
// TODO:
image: "docker.io/bitnami/postgresql:17.2.0",
filePath: std.thisFile,
dataClaimName: "forgejo-postgres-17-data",
dbName: "forgejo",
dbUser: "forgejo",
// Defined in "//kube/cfg/secrets/auth.jsonnet"
dbPwdSecret: "forgejo-postgres",
dbPwdSecretKey: "password",
}),
forgejoConfig: forgejo.ConfigMap(forgejo.ConfigMapParams {
namespace: namespace,
name: "forgejo-config",
ingressHost: "forgejo.csbx.dev",
memcacheService: "forgejo-memcached",
postgresDbService: "forgejo-pg-17",
}),
forgejoApp: forgejo.App(forgejo.Params {
namespace: namespace,
name: "forgejo",
filePath: std.thisFile,
ingressHost: "forgejo.csbx.dev",
memcacheService: "forgejo-memcached",
postgresService: "forgejo-pg-17",
postgresUser: "forgejo",
postgresDatabase: "forgejo",
postgresNamespace: namespace,
secretName: "forgejo-app",
secretDbPwdKey: "psql-password",
configClaimName: "forgejo-config",
dataClaimName: "forgejo-data",
}),
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "forgejo",
hosts: [
"forgejo.csbx.dev",
],
serviceName: "forgejo-ui",
annotations: {
"nginx.ingress.kubernetes.io/proxy-body-size": "4g"
},
}),
},
forgejoRunner: {
configMap: forgejoRunner.ConfigMap(forgejoRunner.ConfigMapParams {
name: "forgejo-runner-config",
namespace: namespace,
}),
pvc1: base.RecoverableSimpleManyPvc(namespace, "forgejo-runner-data", "nfs-client", "1Gi", {
volumeName: "pvc-479c2f6a-8d70-4597-9498-f945f2edd0f4",
nfsPath: "/volume3/fs/dev-forgejo-runner-data-pvc-479c2f6a-8d70-4597-9498-f945f2edd0f4",
nfsServer: "apollo1.dominion.lan",
}),
pvc2: base.RecoverableSimpleManyPvc(namespace, "forgejo-runner-2-data", "nfs-client", "1Gi", {
volumeName: "pvc-c38ebd42-ced7-4b48-91ca-2097ef581f4d",
nfsPath: "/volume3/fs/dev-forgejo-runner-2-data-pvc-c38ebd42-ced7-4b48-91ca-2097ef581f4d",
nfsServer: "apollo1.dominion.lan",
}),
runner1: forgejoRunner.App(forgejoRunner.Params {
name: "forgejo-runner",
namespace: namespace,
dataClaimName: "forgejo-runner-data",
configClaimName: "forgejo-runner-config",
runnerLabels: [
"docker-builder",
],
tokenSecretName: "forgejo-runner-secret",
tokenSecretKey: "runner-token",
}),
runner2: forgejoRunner.App(forgejoRunner.Params {
name: "forgejo-runner-2",
namespace: namespace,
dataClaimName: "forgejo-runner-2-data",
configClaimName: "forgejo-runner-config",
runnerLabels: [
"docker-builder",
],
tokenSecretName: "forgejo-runner-secret",
tokenSecretKey: "runner-token",
}),
},
/*
harbor: {
pvcs: {
registry: base.RecoverableSimpleManyPvc(namespace, "harbor-registry", "nfs-bulk", "200Gi", {
volumeName: "pvc-1111e99b-d549-47ff-849d-cdffcdeb481c",
nfsPath: "/volume4/fs-bulk/dev-harbor-registry-pvc-1111e99b-d549-47ff-849d-cdffcdeb481c",
nfsServer: "apollo2.dominion.lan",
}),
jobServiceJobLog: base.RecoverableSimpleManyPvc(namespace, "harbor-job-service-job-log", "nfs-client", "50Gi", {
volumeName: "pvc-cfb8393f-fec8-4b00-86e7-32232d94a442",
nfsPath: "/volume3/fs/dev-harbor-job-service-job-log-pvc-cfb8393f-fec8-4b00-86e7-32232d94a442",
nfsServer: "apollo1.dominion.lan",
}),
redis: base.RecoverableSimpleManyPvc(namespace, "harbor-redis", "nfs-client", "50Gi", {
volumeName: "pvc-3e2d7fd6-1eca-4066-b3e9-012da312ae4b",
nfsPath: "/volume3/fs/dev-harbor-redis-pvc-3e2d7fd6-1eca-4066-b3e9-012da312ae4b",
nfsServer: "apollo1.dominion.lan",
}),
trivy: base.RecoverableSimpleManyPvc(namespace, "harbor-trivy", "nfs-client", "50Gi", {
volumeName: "pvc-91dde8a2-c681-4539-af04-2ceef00322f8",
nfsPath: "/volume3/fs/dev-harbor-trivy-pvc-91dde8a2-c681-4539-af04-2ceef00322f8",
nfsServer: "apollo1.dominion.lan",
}),
postgres: base.RecoverableSimpleManyPvc(namespace, "harbor-db-data", "nfs-client", "50Gi", {
volumeName: "pvc-a76e6c48-f065-4359-9805-fe77a3443fd5",
nfsPath: "/volume3/fs/dev-harbor-db-data-pvc-a76e6c48-f065-4359-9805-fe77a3443fd5",
nfsServer: "apollo1.dominion.lan",
}),
},
database: postgres.App(postgres.Params {
namespace: namespace,
name: "harbor-pg",
filePath: std.thisFile,
dataClaimName: "harbor-db-data",
dbName: "harbor",
dbUser: "harbor",
// Defined in "//kube/cfg/secrets/auth.jsonnet"
dbPwdSecret: "harbor-secret",
dbPwdSecretKey: "password", // required by the harbor template...
}),
app: harbor.App(harbor.Params {
namespace: namespace,
context: ctx,
filePath: std.thisFile,
// Ingress
ingressHost: "hrbr.csbx.dev",
ingressClassName: "nginx",
ingressAnnotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
// Volume claims
registryExistingClaim: "harbor-registry",
jobServiceJobLogExistingClaim: "harbor-job-service-job-log",
redisExistingClaim: "harbor-redis",
trivyExistingClaim: "harbor-trivy",
// Credentials
existingSecretAdminPassword: "harbor-secret",
existingSecretSecretKey: "harbor-secret",
//coreSecretName: "harbor-secret",
registryCredentialsExistingSecret: "harbor-secret",
// Database
databaseHost: "harbor-pg.dev.svc.cluster.local",
databasePort: 5432,
databaseExistingSecret: "harbor-secret",
// TODO:
coreSecret: "example-16-chara",
jobserviceSecret: "example-16-chara",
registrySecret: "example-16-chara",
}),
},
*/
hastebin: {
pvc: base.RecoverableSimpleManyPvc(namespace, "hastebin-data", "nfs-client", "50Gi", {
volumeName: "pvc-67e8031c-97e3-11ea-8974-b8aeed7dc356",
nfsPath: "/volume3/fs/dev-hastebin-data-pvc-67e8031c-97e3-11ea-8974-b8aeed7dc356",
nfsServer: "apollo1.dominion.lan",
}),
app: hastebin.App(hastebin.Params {
namespace: namespace,
name: "hastebin",
filePath: std.thisFile,
// Defined in "//kube/cfg/dominion/pvc.jsonnet"
dataClaimName: "hastebin-data",
ingressHost: "hastebin.cheapassbox.com",
resources: {
requests: {
cpu: "30m",
memory: "128Mi",
},
limits: {
cpu: "60m",
memory: "256Mi",
},
},
}),
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "hastebin",
hosts: [
"hastebin.cheapassbox.com",
"hastebin.csbx.dev",
],
serviceName: "hastebin-ui",
}),
},
openssh: {
configPvc: base.RecoverableSimpleManyPvc(namespace, "openssh-config", "nfs-client", "1Gi", {
volumeName: "pvc-fc53f3fa-ed15-4ea7-9e7b-3c0c5cf0629c",
nfsPath: "/volume3/fs/dev-openssh-config-pvc-fc53f3fa-ed15-4ea7-9e7b-3c0c5cf0629c",
nfsServer: "apollo1.dominion.lan",
}),
app: openssh.App(openssh.Params {
namespace: namespace,
name: "openssh",
filePath: std.thisFile,
sshNodePort: 31500,
claimNames: ["code-server-config"],
username: "acmcarther",
configClaim: "openssh-config",
publicKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpnYmsUDSkhvy1imOLee/3qlySIRUn9kKkTGaet2wjNSQ4n8muFhjMtXI6+qWW0Vv6edY4MLEwegXGbaZA/7yAbSOpPmQ+Z4d0GE1Kns/1OoTt5XhXpr8OhgqPL3S/foqQlf5RXywlqzYJkJL0yk1jg2CguIYVMTE4aJwd0Mt2t25fwzEuDvSGJ41wVWrueKy6EELYXbQ5FMcN/bZLERNLGp4hTsdXdBtSX7vq0VC+qG+EmTTXOt5+DvWu6UkLq8Mb1540Mi3AK7+vsXUTPghIS7BLLrU8bb4QQ0z0IZjI39wXeSegoPRt6y2f0yrBR+S+vQ1qrGB1riYZ6f4ZUzQh acmcarther@gmail.com"
}),
},
whitebophir: {
whitebophirDataPvc: base.RecoverableSimpleManyPvc(namespace, "whitebophir-data", "nfs-client", "10Gi", {
volumeName: "pvc-672040d0-9303-4194-b79c-1e1b25c4345d",
nfsPath: "/volume3/fs/dev-whitebophir-data-pvc-672040d0-9303-4194-b79c-1e1b25c4345d",
nfsServer: "apollo1.dominion.lan",
}),
app: whitebophir.App(whitebophir.Params {
namespace: namespace,
name: "whitebophir",
filePath: std.thisFile,
storageClaimName: "whitebophir-data",
}),
ingress: nginxIngress.Ingress(nginxIngress.IngressParams {
namespace: namespace,
name: "whitebophir",
hosts: [
"whiteboard.csbx.dev",
],
serviceName: "whitebophir-ui",
annotations: nginxIngress.KubeCsbxOauthProxyAnnotations,
}),
},
},
}
Reference in a new issue Copy permalink