diff --git a/_/Namespace/codeforphilly-rewrite-sandbox.yaml b/_/Namespace/codeforphilly-rewrite-sandbox.yaml new file mode 100644 index 0000000..c9b7bc8 --- /dev/null +++ b/_/Namespace/codeforphilly-rewrite-sandbox.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: codeforphilly-rewrite-sandbox diff --git a/codeforphilly-rewrite-sandbox/ConfigMap/codeforphilly-env.yaml b/codeforphilly-rewrite-sandbox/ConfigMap/codeforphilly-env.yaml new file mode 100644 index 0000000..8f6062c --- /dev/null +++ b/codeforphilly-rewrite-sandbox/ConfigMap/codeforphilly-env.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +data: + CFP_DATA_BRANCH: fixture + CFP_DATA_REPO_PATH: /app/data + CFP_PRIVATE_STORAGE_PATH: /app/private-storage + CFP_WEB_DIST_PATH: /app/apps/web/dist + GIT_AUTHOR_EMAIL: api@codeforphilly.org + GIT_AUTHOR_NAME: CodeForPhilly API + GIT_SSH_COMMAND: >- + ssh -i /etc/cfp-data-deploy-key/id_ed25519 -o IdentitiesOnly=yes -o + StrictHostKeyChecking=accept-new -o UserKnownHostsFile=/dev/null + NODE_ENV: production + PORT: '3001' + STORAGE_BACKEND: filesystem +kind: ConfigMap +metadata: + name: codeforphilly-env + namespace: codeforphilly-rewrite-sandbox diff --git a/codeforphilly-rewrite-sandbox/Deployment/codeforphilly.yaml b/codeforphilly-rewrite-sandbox/Deployment/codeforphilly.yaml new file mode 100644 index 0000000..759bca9 --- /dev/null +++ b/codeforphilly-rewrite-sandbox/Deployment/codeforphilly.yaml @@ -0,0 +1,83 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: codeforphilly + namespace: codeforphilly-rewrite-sandbox +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: codeforphilly + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: codeforphilly + spec: + containers: + - env: + - name: HOST + value: 0.0.0.0 + envFrom: + - configMapRef: + name: codeforphilly-env + - secretRef: + name: codeforphilly-secrets + image: ghcr.io/codeforphilly/codeforphilly-ng:sandbox + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /api/health + port: http + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 5 + name: codeforphilly + ports: + - containerPort: 3001 + name: http + readinessProbe: + failureThreshold: 30 + httpGet: + path: /api/health/ready + port: http + initialDelaySeconds: 10 + periodSeconds: 5 + resources: + limits: + cpu: 1000m + memory: 768Mi + requests: + cpu: 100m + memory: 384Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /app/data + name: data + - mountPath: /app/private-storage + name: private + - mountPath: /etc/cfp-data-deploy-key + name: deploy-key + readOnly: true + securityContext: + fsGroup: 1000 + serviceAccountName: codeforphilly + volumes: + - name: data + persistentVolumeClaim: + claimName: codeforphilly-data + - name: private + persistentVolumeClaim: + claimName: codeforphilly-private + - name: deploy-key + secret: + defaultMode: 256 + secretName: codeforphilly-data-deploy-key diff --git a/codeforphilly-rewrite-sandbox/Gateway/codeforphilly.yaml b/codeforphilly-rewrite-sandbox/Gateway/codeforphilly.yaml index 65f6f93..b537c7c 100644 --- a/codeforphilly-rewrite-sandbox/Gateway/codeforphilly.yaml +++ b/codeforphilly-rewrite-sandbox/Gateway/codeforphilly.yaml @@ -11,7 +11,7 @@ spec: - allowedRoutes: namespaces: from: Same - hostname: codeforphilly-rewrite.codeforphilly.sandbox.k8s.phl.io + hostname: next-v2.codeforphilly.org name: https port: 443 protocol: HTTPS diff --git a/codeforphilly-rewrite-sandbox/HTTPRoute/codeforphilly.yaml b/codeforphilly-rewrite-sandbox/HTTPRoute/codeforphilly.yaml index d6b6dd9..0a0a44b 100644 --- a/codeforphilly-rewrite-sandbox/HTTPRoute/codeforphilly.yaml +++ b/codeforphilly-rewrite-sandbox/HTTPRoute/codeforphilly.yaml @@ -5,10 +5,14 @@ metadata: namespace: codeforphilly-rewrite-sandbox spec: hostnames: - - codeforphilly-rewrite.codeforphilly.sandbox.k8s.phl.io + - next-v2.codeforphilly.org parentRefs: - name: codeforphilly rules: - backendRefs: - name: codeforphilly port: 80 + matches: + - path: + type: PathPrefix + value: / diff --git a/codeforphilly-rewrite-sandbox/PersistentVolumeClaim/codeforphilly-data.yaml b/codeforphilly-rewrite-sandbox/PersistentVolumeClaim/codeforphilly-data.yaml new file mode 100644 index 0000000..32b3c08 --- /dev/null +++ b/codeforphilly-rewrite-sandbox/PersistentVolumeClaim/codeforphilly-data.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: codeforphilly-data + namespace: codeforphilly-rewrite-sandbox +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: linode-block-storage-retain diff --git a/codeforphilly-rewrite-sandbox/PersistentVolumeClaim/codeforphilly-private.yaml b/codeforphilly-rewrite-sandbox/PersistentVolumeClaim/codeforphilly-private.yaml new file mode 100644 index 0000000..400cb6c --- /dev/null +++ b/codeforphilly-rewrite-sandbox/PersistentVolumeClaim/codeforphilly-private.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: codeforphilly-private + namespace: codeforphilly-rewrite-sandbox +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: linode-block-storage-retain diff --git a/codeforphilly-rewrite-sandbox/SealedSecret/codeforphilly-data-deploy-key.yaml b/codeforphilly-rewrite-sandbox/SealedSecret/codeforphilly-data-deploy-key.yaml new file mode 100644 index 0000000..bfef7ec --- /dev/null +++ b/codeforphilly-rewrite-sandbox/SealedSecret/codeforphilly-data-deploy-key.yaml @@ -0,0 +1,13 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: codeforphilly-data-deploy-key + namespace: codeforphilly-rewrite-sandbox +spec: + encryptedData: + id_ed25519: >- + AgAfJZfYzNyySAAyeqVVS297WB/+sXIz9rU8OXzryC0Vp2AgS+al9ZzOqgB/GrNDub10Tdt2d/IuSLE8FKUXz0OiIv19WwJfsINZUJjbRX04C6TXnyRa5wRcOv/hP9Va/Hz2SxpfDtWxey2O6IBCH2b0+5pajC8YsXxw8VHvZY+bJJMuNv6piphgxIo67kcrGsx3pN7naUUObutRkm3aThsmZ5TWxd7fHuiVWi7+E3ek7JLqAmOXdA8JFv14CLtEKDgx524wLavJ1vzEBAxdhd5PBWgp0CY2FKmlSbxzYmp/wFUEc2hBvWQJWO1SjfIt/CgdjSanVR7/wQARCvQ7EBV3DYVi8TkoGthtz3yD9O58Et6q6V88m/lhB+hCjrevSnwk3EqbygZh8nkWM8UDhXzShvurowakWb1YWTKBvGn7HMiaC3coBcakPf1dgJkzr3BAijZL/2cvWOiSZQx9VX///vYmxyr72jSabIW2nArnz1K9q88mL0RjNPB/0vdjTt4MLKC+2UwQ4jtfB7NLp6UPELZe68MH6Xr3YiufEoZJ3wFpSK1X4deIz4pRJwCkX4BrCyDg2S+TgEZnI8O9HkwOkd8PxlkpB7WUTeR8wrR3RouBHilXh3iUGt949rjC6t8ww9qsvfTzrtSMCX87rdD4B9ewxgetIzMLzJWJTyllQNz8srVFCu5FFjaYZTgUbPxKWQ+RePchnWGPxgTjduwSODjPdKimfLZwIacT+XfcBe+0jMW2IarXNC9lLPrpT+iV/9UO7CufyWaduHAkWVHJUJmgf5a8ljcAEuaj+nfkLqCU2jLIAtnUDGHQIk7sKiuJn/e1xkK8PRL2m2OAZU7jUmgWlB/KwMNhoqipkP9+O7AIFHYaxfK+ATyoGAmHjF9ko94sJclaXwz/uPsKyFNUSUH1cxsPfco0LmEPatJHccDXO/yQmXjJaFEOekYQufHp8ThudYv5i1COpHEa8y0A21jL28Pt8vDEHNxJVFNOS+Og85ESvda/CmYefXUlRdLaESITQOukEdS4H/aHkFaympO4GAcZl0Qjzn+EWznbH9GmQipaL0PRUUhEmiiciuDgiNGveFfuNx05096adW8YAxVjNlwookDshzjxW+6OYIBboy1+FWFE+YQlugQusRmm1svXtBlL/Rrh4eM3hyBiuSobtPJ9s9wYyHlIT3D06bLkJdRWCfg7ZwDrqEdTWRmkhJldhNEfop5GAxoyhNX5X3IvxbTiWS1QLY+QP57a2ZtdnBgOsnrVko7kSaWPY1U= + template: + metadata: + name: codeforphilly-data-deploy-key + namespace: codeforphilly-rewrite-sandbox diff --git a/codeforphilly-rewrite-sandbox/SealedSecret/codeforphilly-secrets.yaml b/codeforphilly-rewrite-sandbox/SealedSecret/codeforphilly-secrets.yaml new file mode 100644 index 0000000..94d5326 --- /dev/null +++ b/codeforphilly-rewrite-sandbox/SealedSecret/codeforphilly-secrets.yaml @@ -0,0 +1,19 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: codeforphilly-secrets + namespace: codeforphilly-rewrite-sandbox +spec: + encryptedData: + CFP_DATA_REMOTE: >- + AgAj4UY/M3uFDp4jJLykFSzihy+C2uSQXHQuuyaOAd7ew14gpw6Vogu5oYMgM1y1yBv1sbJObbnh7ddexYqRfgFKJrgiwc60MoVzwbwt5JHQh1aJJIZ4xizvitbyT1h7GkLzLZbvLdJxAFH876wXn9zw0UAco62qsxkIQgoRGBN/Gq7SQDT6+HHv1Uc3LeDiqdnne49LIP/M32DSu8IQ0CffyA+pdAdTwCaRoMBh63rdhoLM4Ildvlt6jSWHP0dJFmYRP9gtKCKgLUycz7fXhU0xxYaAOc7T2Z0rVf6DkkZDaqwgKEFk52300kuz1xW3BufrZ2jCfcXs4AAwwUuWj17MNICq0dei7MDRurmGpgJJDdfaCvTD4+wggm/VUBvXWQIuhE9/PtIumx/brVCJQ05YmeyFSrL4D+COSmhlXS3vmngpy3lHB+2qEbwM8ZHnwB/Ff1XP4HVSPUdXejWU4vdFY6VQ/4hjCLDAgjQLGRTGBmaFX1aJqygjK1JzRnGts0aCniPTL/qF1s5OcHJeIAvkN0WleceEi5u7CnvEdAcSAfkYu0QiwnoXNeIhFzPekEJyP6c6KY9oaw+kEirWgvCwis5QUiGOIO4kFcGXfDVzCRu1GM4T7WV969n8nJSGcSQQSmVa4uPCAlZld8etvbR4xa8dSXaeZ6Nb6L3FIVqc05Zy0U9cnKnfSGKWvHEANtBA7ItPq9GUlE6DCTb9guwlUGWHpG7tk1iuTnUD5b0P5r7zALF7rAufCKHEPpNWn7Mfg/k= + CFP_JWT_SIGNING_KEY: >- + AgClhcixIR+sgvwpmHiqkB3MOL9CTCgjRT7d7AcWkYe7tjXCdvj42x5RiTbHRJh7h8koWwvm/M9txEhCnkV8iT8O6vLAq1ZPBvSk+L+uh6dZDW92u8L0/WIpVxLF9CjLmD7YbLpt2LA7ntne3pbZM6XgH6Xs9yYVEdLhEZ4/vOgzwJF1o3rj6puVsx5pWdUFgl1AXsjUdwUEK7fYSyQIXOLeLY3TVquTRATC/BEXaJHTSqHJjGaDemr1+ZqdbysFCADtOOhjOUxbItfGsm0sIUFEFkPOf+rGrTt0Mqp8CAoJEgkwEITHjA8qXKsJN/zZmDDh5xutCw36k5KtABUMPcn+QT6EjK+N9EutM08Ul+DZL+KfHg5z9/B/3lL68xU/J7H2TbB93icSDgbvV/NEjiyZ7JnaZqt+fPDpl0Gs/QMAdjNxtqYCYp9gFj5MsM0s5qkx4mnrgSHyOACb2H96wqVI7LvIZqhjnpNqY5V8Qvhb7rjLedEsmLDfPSRJYrg7s/cpmdxaCyuBf/zqUSSCvjKo7L66lZ0t3lG+dtVy3fgRoabeOGB6hOY5Jj1GAK8avC4PZ0vLuYTTPIweOJOIakSL37Rxit4UgvuuoiB6oEqnsDD/9YBeZAJNjf3XNDDud7dScWhI1zRJ9N7qbHeAcSkWOO/CK+cFWXVB31ErBCrDIuiwiMnna5VurC96+xASRxGdeDh83I3f3uTM5OQCH0efUAHhw5ld3IAu/2wpfQK3ac2XziYn7L2QIyHOsULkAf0oRoJjodOX3V2Kmp3khY8w + GITHUB_OAUTH_CLIENT_ID: >- + AgBZj/mQl8EKMl6Cey9OWK090/IecVx6YlonWqh7v63QOVwyFzj6ksObLC2Fw0H9OHaFtL3qGF1qGn35MyYI3uhGB1miLLYivGVA7jNHN8Wy4es/tDnZRHcsP4LI7NQMTsf1dz4tknLinpmZqPuMwwqcUCRrSasagmYLHREXZNvGm1ONSSniuoqmnQobj2v7/YNHhn7qK/kVqflOGb0n9Ai4bHvrgGuxXTHCvl/3N8Mb4p3/aWAJuxpFgc6n21MS7Hjn5mcMb/RwJ7TOn7F/BJnQ4Ii2nzZ5d6U0F37lnMBdN6/Bowp+MNynTttJ+SBUZkjidJ+9s/KXLUXJ8IQp+NR9Ycbbc0+osnHIAhZzBF7+4du0f0S7Te310vll6b4xd0oRoXSQ9FZcqlS5ysOCdgH98q9OWw5TJWF8KfwNq+j62YifICSz5u5FfUnbzTgxe7RctIkhW0elgHTJx07WJx2I53PrxbbrICnCqDSMQbWU5wcqyCXxmFXOBSMZG0Gycjg2rAWaPgot7Q7F752I8oOewB28uACYjHlULR/2BKrCf90+RZOFI4AhUctvTTMn4qR89QrDE5EIdJi5x/x7pcMiM6doWrL1MJdnQ/VEUa+AsJEDVWA0G1a4y/OIRI7rKyYZdpUSabmzQTBxk0CBMa07dX3N5IaX0+YDt2NosW+xtsjQugifYPze/AnKIFjdB5cHVQzdVWHIls4WKR9bOahstrScrQ== + GITHUB_OAUTH_CLIENT_SECRET: >- + AgA5TBdNd4A6g04YyvGd+ZkpdTrQFeODGLY3MSA+M8STT6ejTBtlVmj0m4ooggPtOYXaUAYAytlANT51yRE7GGbAX5/SiHO04N4MJ2Qpw4Izb1j5OvqZSNRD/78D8Q2KUg+cp/AyqwGctG0v2UYg/qBw536+4q53EMSQzcS2HZADqw5sZNyuqBwA+vUfXFHXqU+ZZw+Dqa5E+2tdCLu6lZdsmM0oWM/iAbKfszT9aNRYJ8I2W6NPyUHLFmoRcDtxYKs1Wqk29Dhfuk7ZsanFrkN0C48a2F1167qhBJMf0dIZ7ZeenFpSoPv5XODOnB89G+ziA7pQVcccegZpA4/rhgoPV8jfFecuY8U+FqDQaAOxwVEXvFZ1kwbsYHO0Ggo1rPivJcCh1oYWufCWFvwLCzIQpZ+KV1wAzjrkcnNeM8kFSwnp3ptbI9ZzgxEbn5zcDC+mRP6O07urKta+4qW+TGepaUuDWN/Ocsz1UP6vEQMtr6fChAxkJFjfJo8O1270VlDLBa0vwF3rmtsUpsfR+OMk/kU7rjrTuJWLcXDiKWoZKprPivWqCcGGLh/7MVsDOYGo9Pc4f4fhrlv14cxIZLc9PhPhgY9MEkZhnqg3RCikRuB9otL6EkPrXx5+qiTl5JsP1Xau9mM77hE2eMY2lyWeokRvCWS7jkBR4q0gL5iuonHMck5ccsiFwBGHP7VFUQeo92p1FZdbX1g5gph7b942uRyuthZTKdfwD/qSBseg4r/06nLlK+Jh + template: + metadata: + name: codeforphilly-secrets + namespace: codeforphilly-rewrite-sandbox diff --git a/codeforphilly-rewrite-sandbox/Service/codeforphilly.yaml b/codeforphilly-rewrite-sandbox/Service/codeforphilly.yaml new file mode 100644 index 0000000..3deb2b7 --- /dev/null +++ b/codeforphilly-rewrite-sandbox/Service/codeforphilly.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: codeforphilly + namespace: codeforphilly-rewrite-sandbox +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3001 + selector: + app.kubernetes.io/name: codeforphilly + type: ClusterIP diff --git a/codeforphilly-rewrite-sandbox/ServiceAccount/codeforphilly.yaml b/codeforphilly-rewrite-sandbox/ServiceAccount/codeforphilly.yaml new file mode 100644 index 0000000..76345dd --- /dev/null +++ b/codeforphilly-rewrite-sandbox/ServiceAccount/codeforphilly.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: codeforphilly + namespace: codeforphilly-rewrite-sandbox