From dba9f6caf144907ce826fff07452821ba6e005b8 Mon Sep 17 00:00:00 2001 From: William P Date: Fri, 7 Mar 2025 20:19:23 -0500 Subject: [PATCH] attic: add --- attic/cert-dubyatp-xyz.yaml | 10 ++++++++++ attic/deployment.yaml | 30 ++++++++++++++++++++++++++++++ attic/ingress.yaml | 24 ++++++++++++++++++++++++ attic/pvc.yaml | 12 ++++++++++++ attic/secret.yaml | 17 +++++++++++++++++ attic/service.yaml | 11 +++++++++++ 6 files changed, 104 insertions(+) create mode 100644 attic/cert-dubyatp-xyz.yaml create mode 100644 attic/deployment.yaml create mode 100644 attic/ingress.yaml create mode 100644 attic/pvc.yaml create mode 100644 attic/secret.yaml create mode 100644 attic/service.yaml diff --git a/attic/cert-dubyatp-xyz.yaml b/attic/cert-dubyatp-xyz.yaml new file mode 100644 index 0000000..5bf57b8 --- /dev/null +++ b/attic/cert-dubyatp-xyz.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cert-dubyatp-xyz + annotations: + replicator.v1.mittwald.de/replicate-from: "cert-manager/cert-dubyatp-xyz" + replicator.v1.mittwald.de/replicated-keys: "tls.crt,tls.key" +data: + tls.crt: "" + tls.key: "" \ No newline at end of file diff --git a/attic/deployment.yaml b/attic/deployment.yaml new file mode 100644 index 0000000..38d3dfe --- /dev/null +++ b/attic/deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: attic +spec: + selector: + matchLabels: + app: attic + template: + metadata: + labels: + app: attic + spec: + containers: + - name: attic + image: ghcr.io/zhaofengli/attic:ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e + envFrom: + - secretRef: + name: attic-secret + volumeMounts: + - name: attic-pvc + mountPath: /var/empty + resources: + limits: + memory: "256Mi" + cpu: "500m" + volumes: + - name: attic-pvc + persistentVolumeClaim: + claimName: attic-pvc \ No newline at end of file diff --git a/attic/ingress.yaml b/attic/ingress.yaml new file mode 100644 index 0000000..b209b39 --- /dev/null +++ b/attic/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: attic + labels: + name: attic + annotations: + traefik.ingress.kubernetes.io/router.middlewares: cloudflarewarp@file +spec: + rules: + - host: nix-cache.dubyatp.xyz + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: attic-svc + port: + number: 8080 + tls: + - hosts: + - nix-cache.dubyatp.xyz + secretName: cert-dubyatp-xyz \ No newline at end of file diff --git a/attic/pvc.yaml b/attic/pvc.yaml new file mode 100644 index 0000000..e0cef5c --- /dev/null +++ b/attic/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: attic-pvc +spec: + storageClassName: weyma-shared + resources: + requests: + storage: 20Gi + volumeMode: Filesystem + accessModes: + - ReadWriteMany diff --git a/attic/secret.yaml b/attic/secret.yaml new file mode 100644 index 0000000..2364167 --- /dev/null +++ b/attic/secret.yaml @@ -0,0 +1,17 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: attic-secret +spec: + refreshInterval: 1h + secretStoreRef: + name: weyma-vault + kind: ClusterSecretStore + target: + name: attic-secret + creationPolicy: Owner + data: + - secretKey: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64 + remoteRef: + key: attic + property: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64 \ No newline at end of file diff --git a/attic/service.yaml b/attic/service.yaml new file mode 100644 index 0000000..936945e --- /dev/null +++ b/attic/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: attic-svc +spec: + type: ClusterIP + selector: + app: attic + ports: + - port: 8080 + targetPort: 8080