Drive/k8s-manifests
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

testing just using an emptyDir for rendered config

Browse source
This commit is contained in:
Rikard Danielsson 2025-02-04 16:19:31 +01:00
parent e0f94b308e
commit 311cadd280
Signed by untrusted user: richir
GPG key ID: 584D2AA2FA669135
21 changed files with 248 additions and 189 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
applications/richir-test/application.yaml Normal file
View file

@ -0,0 +1,35 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: richir-test
namespace: argocd
labels:
name: richir-test
spec:
project: default
sources:
- repoURL: 'https://platform.sunet.se/Drive/k8s-manifests'
targetRevision: HEAD
path: customers/overlays/richir/test/
destination:
server: https://kubernetes.default.svc
namespace: richir
syncPolicy:
automated:
prune: false
selfHeal: true
allowEmpty: false
syncOptions: # maybe needs FIXME
- Validate=true # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ).
- CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster.
- PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan.
- PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation
- RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration
- ApplyOutOfSyncOnly=true # Only sync out-of-sync resources, rather than applying every object in the application
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 2

45
applicationsets/applicationset.yaml Normal file
View file

@ -0,0 +1,45 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: customer-applications
namespace: argocd
spec:
goTemplate: true
goTemplateOptions: ["missingkey=error"]
generators:
- git:
repoURL: 'https://platform.sunet.se/Drive/k8s-manifests'
revision: HEAD
directories:
- path: 'customers/overlays/*'
template:
metadata:
name: '{{index .path.segments 2}}-{{index .path.segments 3}}'
spec:
project: default
source:
repoURL: 'https://platform.sunet.se/Drive/k8s-manifests'
targetRevision: HEAD
path: 'customers/overlays/{{index .path.segments 2}}'
destination:
server: https://kubernetes.default.svc
namespace: '{{index .path.segments 2}}'
syncPolicy:
automated:
prune: false
selfHeal: true
allowEmpty: false
syncOptions: # maybe needs FIXME
- Validate=true # disables resource validation (equivalent to 'kubectl apply --validate=false') ( true by default ).
- CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster.
- PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan.
- PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation
- RespectIgnoreDifferences=true # When syncing changes, respect fields ignored by the ignoreDifferences configuration
- ApplyOutOfSyncOnly=true # Only sync out-of-sync resources, rather than applying every object in the application
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 3m
revisionHistoryLimit: 2

19
customers/base/apache-configmap.yml
View file

@ -10,9 +10,12 @@ data:
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Log format config
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
PassEnv HOSTNAME
Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure"
# Header config
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 37.156.195.14
@ -21,10 +24,8 @@ data:
RemoteIPInternalProxy 37.156.195.92
#ErrorDocument 404 /404.html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined env=forwarded
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded
<Directory /var/www/html/>
LimitRequestBody 0
Require all granted
@ -40,9 +41,12 @@ data:
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Log format config
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xforwardedfor
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
PassEnv HOSTNAME
Header append Set-Cookie "SERVERID=%{HOSTNAME}e;Path=/;SameSite=Lax;HttpOnly;Secure"
# Header config
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 37.156.195.14
@ -51,7 +55,8 @@ data:
RemoteIPInternalProxy 37.156.195.92
#ErrorDocument 404 /404.html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined env=forwarded
CustomLog ${APACHE_LOG_DIR}/access.log xforwardedfor env=forwarded
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!forwarded
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

26
customers/base/env-configmap.yml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-env
data:
GSS_MASTER_URL: 'https://drive.test.sunet.se'
LOOKUP_SERVER: 'https://lookup.drive.test.sunet.se'
MAIL_DOMAIN: 'drive.test.sunet.se'
MAIL_FROM_ADDRESS: 'noreply'
MAIL_SMTPHOST: 'smtp.sunet.se'
MAIL_SMTPNAME: 'noreply@drive.test.sunet.se'
MYSQL_DATABASE: 'nextcloud_customer'
MYSQL_HOST: 'proxysqlcluster.proxysql'
MYSQL_PORT: '6033'
MYSQL_USER: 'nextcloud_customer'
NEXTCLOUD_ADMIN_USER: 'admin'
NEXTCLOUD_TRUSTED_DOMAINS: 'customer.drive.test.sunet.se'
NEXTCLOUD_VERSION_STRING: '30.0.5.2'
OBJECTSTORE_S3_AUTOCREATE: 'true'
OBJECTSTORE_S3_BUCKET: 'primary-customer-drive-test.sunet.se'
OBJECTSTORE_S3_HOST: 's3.sto4.safedc.net'
OBJECTSTORE_S3_REGION: 'us-east-1'
OBJECTSTORE_S3_SSL: 'true'
OBJECTSTORE_S3_USEPATH_STYLE: 'true'
REDIS_HOST: 'redis'
SITE_NAME: 'customer.drive.test.sunet.se'

6
customers/base/kustomization.yaml
View file

@ -3,6 +3,7 @@ resources:
- apache-php-configmap.yml
- apcu-configmap.yml
- cli-php-configmap.yml
- env-configmap.yml
- nextcloud-cert-issuer.yml
- nextcloud-configmap.yml
- nextcloud-deployment.yml
@ -12,3 +13,8 @@ resources:
- redis-service.yml
- s3-service.yml
- script-configmap.yml
images:
- name: nextcloud-custom-image
newName: docker.sunet.se/drive/nextcloud-custom
newTag: 30.0.5.2-2

3
customers/base/nextcloud-configmap.yml
View file

@ -45,6 +45,7 @@ data:
'gss.master.url' => '{{GSS_MASTER_URL}}',
'gss.mode' => 'slave',
'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping',
'htaccess.RewriteBase' => '/',
'installed' => true,
'instanceid' => '{{NEXTCLOUD_INSTANCEID}}',
'integrity.check.disabled' => true,
@ -85,7 +86,7 @@ data:
'use_ssl' => true,
),
),
'overwrite.cli.url' => 'https://{{SITE_NAME}}',
'overwrite.cli.url' => 'https://{{SITE_NAME}}/',
'overwritehost' => '{{SITE_NAME}}',
'overwriteprotocol' => 'https',
'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}',

129
customers/base/nextcloud-deployment.yml
View file

@ -11,16 +11,6 @@ spec:
app: customer-node
updateStrategy:
type: RollingUpdate
volumeClaimTemplates:
- metadata:
name: nextcloud-data
spec:
storageClassName: csi-sc-cinderplugin
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
template:
metadata:
labels:
@ -28,9 +18,25 @@ spec:
kano: micke
spec:
restartPolicy: Always
initContainers:
- image: docker.sunet.se/sunet/docker-jinja:latest
name: init-config
volumeMounts:
- name: nextcloud-config
mountPath: /tmp/config.php.template
subPath: config.php
- name: nextcloud-data
mountPath: /var/www/html/config
subPath: config
envFrom:
- configMapRef:
name: nextcloud-env
- secretRef:
name: nextcloud-secrets
command: ["/bin/bash", "-c", "/usr/bin/j2 -f env -o /var/www/html/config/config.php /tmp/config.php.template"]
containers:
- name: customer
image: docker.sunet.se/drive/nextcloud-custom:30.0.5.2-2
image: nextcloud-custom-image
volumeMounts:
- name: nextcloud-data
mountPath: /var/www/html/config/
@ -76,105 +82,6 @@ spec:
postStart:
exec:
command: ["/bin/bash", "-c", "/usr/local/bin/nc-upgrade"]
initContainers:
- image: docker.sunet.se/sunet/docker-jinja:latest
name: init-config
volumeMounts:
- name: nextcloud-config
mountPath: /tmp/config.php.template
subPath: config.php
- name: nextcloud-data
mountPath: /var/www/html/config
subPath: config
env:
- name: GSS_MASTER_URL
value: "https://drive.test.sunet.se"
- name: GSS_JWT_KEY
valueFrom:
secretKeyRef:
name: gss-secret
key: "jwt_key"
- name: LOOKUP_SERVER
value: "https://lookup.drive.test.sunet.se"
- name: MAIL_DOMAIN
value: "drive.test.sunet.se"
- name: MAIL_FROM_ADDRESS
value: "noreply"
- name: MAIL_SMTPHOST
value: "smtp.sunet.se"
- name: MAIL_SMTPNAME
value: "noreply@drive.test.sunet.se"
- name: MAIL_SMTPPASSWORD
valueFrom:
secretKeyRef:
name: mail-secret
key: "smtp_password"
- name: MYSQL_DATABASE
value: "nextcloud_customer"
- name: MYSQL_USER
value: "nextcloud_customer"
- name: MYSQL_HOST
value: "proxysqlcluster.proxysql"
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: db-secret
key: "db_password"
- name: MYSQL_PORT
value: "6033"
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "customer.drive.test.sunet.se"
- name: NEXTCLOUD_ADMIN_USER
value: admin
- name: NEXTCLOUD_VERSION_STRING
value: "30.0.5.2"
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nc-secret
key: "nc_admin_password"
- name: NEXTCLOUD_PASSWORDSALT
valueFrom:
secretKeyRef:
name: nc-secret
key: "nc_passwordsalt"
- name: NEXTCLOUD_INSTANCEID
valueFrom:
secretKeyRef:
name: nc-secret
key: "nc_instanceid"
- name: NEXTCLOUD_SECRET
valueFrom:
secretKeyRef:
name: nc-secret
key: "nc_secret"
- name: OBJECTSTORE_S3_REGION
value: "us-east-1"
- name: OBJECTSTORE_S3_HOST
value: "s3.sto4.safedc.net"
- name: OBJECTSTORE_S3_BUCKET
value: "primary-customer-drive-test.sunet.se"
- name: OBJECTSTORE_S3_KEY
valueFrom:
secretKeyRef:
name: s3-secret
key: "s3_key"
- name: OBJECTSTORE_S3_SECRET
valueFrom:
secretKeyRef:
name: s3-secret
key: "s3_secret"
- name: OBJECTSTORE_S3_USEPATH_STYLE
value: "true"
- name: OBJECTSTORE_S3_AUTOCREATE
value: "true"
- name: OBJECTSTORE_S3_SSL
value: "true"
- name: REDIS_HOST
value: "redis"
- name: SITE_NAME
value: "customer.drive.test.sunet.se"
command: ["/bin/bash", "-c", "/usr/bin/j2 -f env -o /var/www/html/config/config.php /tmp/config.php.template"]
volumes:
- name: script-config
configMap:
@ -213,3 +120,5 @@ spec:
items:
- key: "config.php"
path: "config.php"
- name: nextcloud-data
emptyDir: {}

10
customers/base/nextcloud-ingress.yml
View file

@ -6,6 +6,11 @@ metadata:
annotations:
cert-manager.io/issuer: "letsencrypt"
acme.cert-manager.io/http01-edit-in-place: "true"
nginx.ingress.kubernetes.io/affinity-mode: "persistent"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
nginx.ingress.kubernetes.io/session-cookie-name: "sticky"
spec:
ingressClassName: nginx
defaultBackend:
@ -15,16 +20,15 @@ spec:
number: 8443
tls:
- hosts:
- customer.drive.test.sunet.se
- customer.drive.test.sunet.se
secretName: tls-secret
rules:
- host: customer.drive.test.sunet.se
http:
paths:
- path: /
pathType: Prefix
backend:
backend:
service:
name: customer-node
port:

1
customers/base/script-configmap.yml
View file

@ -8,6 +8,7 @@ data:
sed "s/config_is_read_only\(.\) => true,/config_is_read_only\1 => false,/" /var/www/html/config/config.php > /var/www/html/config/config.php.tmp
mv /var/www/html/config/config.php.tmp /var/www/html/config/config.php
php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ upgrade
php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:update:htaccess
php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:repair
php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ maintenance:mode --off
php -d apc.enable_cli=1 -d memory_limit=-1 /var/www/html/occ db:add-missing-primary-keys

11
customers/overlays/nordunet/test/env-configmap.yml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-env
data:
MYSQL_DATABASE: 'nextcloud_nordunet'
MYSQL_USER: 'nextcloud_nordunet'
NEXTCLOUD_TRUSTED_DOMAINS: 'nordunet.drive.test.sunet.se'
OBJECTSTORE_S3_BUCKET: 'primary-nordunet-drive-test.sunet.se'
REDIS_HOST: 'nordunet-redis'
SITE_NAME: 'nordunet.drive.test.sunet.se'

8
customers/overlays/nordunet/test/kustomization.yaml
View file

@ -1,7 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base
- ../../../base
patches:
- path: nextcloud-deployment.yml
- path: nextcloud-ingress.yml
- path: env-configmap.yml
- path: nextcloud-deployment.yml
- path: nextcloud-ingress.yml
namePrefix: 'nordunet-'

27
customers/overlays/nordunet/test/nextcloud-deployment.yml
View file

@ -6,30 +6,3 @@ metadata:
app: customer-node
spec:
replicas: 1
template:
metadata:
labels:
app: customer-node
spec:
initContainers:
- image: docker.sunet.se/sunet/docker-jinja:latest
name: init-config
env:
- name: MYSQL_DATABASE
value: "nextcloud_nordunet"
- name: MYSQL_USER
value: "nextcloud_nordunet"
- name: GSS_MASTER_URL
value: "https://drive.test.sunet.se"
- name: LOOKUP_SERVER
value: "https://lookup.drive.test.sunet.se"
- name: MAIL_DOMAIN
value: "drive.test.sunet.se"
- name: MAIL_SMTPNAME
value: "noreply@drive.test.sunet.se"
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "nordunet.drive.test.sunet.se"
- name: OBJECTSTORE_S3_BUCKET
value: "primary-nordunet-drive-test.sunet.se"
- name: SITE_NAME
value: "nordunet.drive.test.sunet.se"

4
customers/overlays/nordunet/test/nextcloud-ingress.yml
View file

@ -10,7 +10,7 @@ spec:
ingressClassName: nginx
tls:
- hosts:
- nordunet.drive.test.sunet.se
- nordunet.drive.test.sunet.se
secretName: tls-secret
ingressClassName: nginx
rules:
@ -19,7 +19,7 @@ spec:
paths:
- path: /
pathType: Prefix
backend:
backend:
service:
name: customer-node
port:

11
customers/overlays/richir/test/env-configmap.yml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-env
data:
MYSQL_DATABASE: 'nextcloud_richir'
MYSQL_USER: 'nextcloud_richir'
NEXTCLOUD_TRUSTED_DOMAINS: 'richir.drive.test.sunet.se'
OBJECTSTORE_S3_BUCKET: 'primary-richir-drive-test.sunet.se'
REDIS_HOST: 'richir-redis'
SITE_NAME: 'richir.drive.test.sunet.se'

9
customers/overlays/richir/test/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base
patches:
- path: env-configmap.yml
- path: nextcloud-deployment.yml
- path: nextcloud-ingress.yml
namePrefix: 'richir-'

8
customers/overlays/richir/test/nextcloud-deployment.yml Normal file
View file

@ -0,0 +1,8 @@
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: customer-node
labels:
app: customer-node
spec:
replicas: 2

26
customers/overlays/richir/test/nextcloud-ingress.yml Normal file
View file

@ -0,0 +1,26 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: customer-ingress
annotations:
cert-manager.io/issuer: "letsencrypt"
acme.cert-manager.io/http01-edit-in-place: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- richir.drive.test.sunet.se
secretName: tls-secret
ingressClassName: nginx
rules:
- host: richir.drive.test.sunet.se
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: customer-node
port:
number: 80

11
customers/overlays/vinnova/test/env-configmap.yml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nextcloud-env
data:
MYSQL_DATABASE: 'nextcloud_vinnova'
MYSQL_USER: 'nextcloud_vinnova'
NEXTCLOUD_TRUSTED_DOMAINS: 'vinnova.drive.test.sunet.se'
OBJECTSTORE_S3_BUCKET: 'primary-vinnova-test.sunet.se'
REDIS_HOST: 'vinnova-redis'
SITE_NAME: 'vinnova.drive.test.sunet.se'

14
customers/overlays/vinnova/test/kustomization.yaml
View file

@ -1,7 +1,9 @@
apiVersion: 'kustomize.config.k8s.io/v1beta1'
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../../base
patchesStrategicMerge:
- nextcloud-deployment.yml
- nextcloud-ingress.yml
resources:
- ../../../base
patches:
- path: env-configmap.yml
- path: nextcloud-deployment.yml
- path: nextcloud-ingress.yml
namePrefix: 'vinnova-'

28
customers/overlays/vinnova/test/nextcloud-deployment.yml
View file

@ -5,30 +5,4 @@ metadata:
labels:
app: customer-node
spec:
template:
metadata:
labels:
app: customer-node
spec:
initContainers:
- image: docker.sunet.se/sunet/docker-jinja:latest
name: init-config
env:
- name: MYSQL_DATABASE
value: "nextcloud_vinnova"
- name: MYSQL_USER
value: "nextcloud_vinnova"
- name: GSS_MASTER_URL
value: "https://drive.test.sunet.se"
- name: LOOKUP_SERVER
value: "https://lookup.drive.test.sunet.se"
- name: MAIL_DOMAIN
value: "drive.test.sunet.se"
- name: MAIL_SMTPNAME
value: "noreply@drive.test.sunet.se"
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "vinnova.drive.test.sunet.se"
- name: OBJECTSTORE_S3_BUCKET
value: "primary-vinnova-test.sunet.se"
- name: SITE_NAME
value: "vinnova.drive.test.sunet.se"
replicas: 1

6
customers/overlays/vinnova/test/nextcloud-ingress.yml
View file

@ -10,16 +10,16 @@ spec:
ingressClassName: nginx
tls:
- hosts:
- vinnova.drive.test.sunet.se
- vinnova.drive.test.sunet.se
secretName: tls-secret
ingressClassName: nginx
ingressClassName: nginx
rules:
- host: vinnova.drive.test.sunet.se
http:
paths:
- path: /
pathType: Prefix
backend:
backend:
service:
name: customer-node
port: