From dc672b8a2c3ecd289fb42f5559a19b8010e0678c Mon Sep 17 00:00:00 2001 From: Thom Breugelmans Date: Wed, 27 Nov 2024 14:49:16 +0100 Subject: [PATCH] feature(aoch): added kubernetes configuration for the advent of code leaderboard (AoCH) --- apps/_clusters/release/kustomization.yaml | 1 + apps/aoch/deploy.yaml | 62 +++++++++++++++++++++++ apps/aoch/healthcheck.yaml | 19 +++++++ apps/aoch/httproute.yaml | 16 ++++++ apps/aoch/image.yaml | 23 +++++++++ apps/aoch/kustomization.yaml | 8 +++ apps/aoch/service.yaml | 17 +++++++ secrets/aoch.yaml | 27 ++++++++++ secrets/templates/aoch.tpl.yaml | 7 +++ 9 files changed, 180 insertions(+) create mode 100644 apps/aoch/deploy.yaml create mode 100644 apps/aoch/healthcheck.yaml create mode 100644 apps/aoch/httproute.yaml create mode 100644 apps/aoch/image.yaml create mode 100644 apps/aoch/kustomization.yaml create mode 100644 apps/aoch/service.yaml create mode 100644 secrets/aoch.yaml create mode 100644 secrets/templates/aoch.tpl.yaml diff --git a/apps/_clusters/release/kustomization.yaml b/apps/_clusters/release/kustomization.yaml index c304f1f..52389ce 100644 --- a/apps/_clusters/release/kustomization.yaml +++ b/apps/_clusters/release/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../annugame + - ../../aoch - ../../archive # - ../../areafiftylan # - ../../areafiftylan-legacy diff --git a/apps/aoch/deploy.yaml b/apps/aoch/deploy.yaml new file mode 100644 index 0000000..6d48684 --- /dev/null +++ b/apps/aoch/deploy.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aoch + namespace: default + labels: + app: aoch +spec: + replicas: 1 + selector: + matchLabels: + app: aoch + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + name: aoch + labels: + app: aoch + spec: + containers: + - name: aoch + image: ghcr.io/wisvch/aoch:20241127-fab2798 # {"$imagepolicy": "flux-system:adventofcode"} + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 5 + env: + - name: session + value: null + valueFrom: + secretKeyRef: + name: aoch + key: session + - name: leaderboard_id + value: 954860 + resources: + limits: + memory: 512Mi + requests: + cpu: 50m + memory: 150Mi diff --git a/apps/aoch/healthcheck.yaml b/apps/aoch/healthcheck.yaml new file mode 100644 index 0000000..a55531c --- /dev/null +++ b/apps/aoch/healthcheck.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: networking.gke.io/v1 +kind: HealthCheckPolicy +metadata: + namespace: default + name: aoch +spec: + default: + config: + type: HTTP + httpHealthCheck: + port: 8080 + requestPath: / + logConfig: + enabled: true + targetRef: + group: "" + kind: Service + name: aoch diff --git a/apps/aoch/httproute.yaml b/apps/aoch/httproute.yaml new file mode 100644 index 0000000..52adebe --- /dev/null +++ b/apps/aoch/httproute.yaml @@ -0,0 +1,16 @@ +apiVersion: gateway.networking.k8s.io/v1beta1 +kind: HTTPRoute +metadata: + name: aoch + namespace: default +spec: + parentRefs: + - kind: Gateway + namespace: gateway-infra + name: gateway + hostnames: + - aoch.wisv.ch + rules: + - backendRefs: + - name: aoch + port: 80 diff --git a/apps/aoch/image.yaml b/apps/aoch/image.yaml new file mode 100644 index 0000000..560b9e7 --- /dev/null +++ b/apps/aoch/image.yaml @@ -0,0 +1,23 @@ +apiVersion: image.toolkit.fluxcd.io/v1beta1 +kind: ImageRepository +metadata: + name: aoch + namespace: flux-system +spec: + image: ghcr.io/wisvch/aoch + interval: 15m0s +--- +apiVersion: image.toolkit.fluxcd.io/v1beta1 +kind: ImagePolicy +metadata: + name: aoch + namespace: flux-system +spec: + imageRepositoryRef: + name: aoch + filterTags: + pattern: "^(?P.*)-[a-fA-F0-9]+" + extract: "$ts" + policy: + numerical: + order: asc diff --git a/apps/aoch/kustomization.yaml b/apps/aoch/kustomization.yaml new file mode 100644 index 0000000..2778a58 --- /dev/null +++ b/apps/aoch/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - image.yaml + - deploy.yaml + - httproute.yaml + - service.yaml + - healthcheck.yaml diff --git a/apps/aoch/service.yaml b/apps/aoch/service.yaml new file mode 100644 index 0000000..b9f332a --- /dev/null +++ b/apps/aoch/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: aoch + name: aoch + namespace: default +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: aoch + sessionAffinity: None + type: ClusterIP diff --git a/secrets/aoch.yaml b/secrets/aoch.yaml new file mode 100644 index 0000000..56e9db0 --- /dev/null +++ b/secrets/aoch.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aoch + namespace: default +stringData: + session: ENC[AES256_GCM,data:EW49KqkGZhVpqq5zvoqw3PZSTxsE6RbifI+2AZZq3O8TtuZOpXw/1x4slKf6SnN/Q4L74TbqtDvlWWYomB8Yu5mFseg/NM2timuD+zCq7s0q4PvLB1/ABvcAgb6kL5h+AvUi9zJABh7MLliY/x66CnFXjMGF5TxwC+Twnua+sXs=,iv:L6cGTJoLaOxImDQ1WFPmuCs8OMvUbfuY1WXZX7O97vo=,tag:kBQ+hMkdv3XrPm2LofszhQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ug2fepnvaqsfpn7t5gjjh2l0j8074jwh9h50pnjcjxn08v8pp3xq7ymxn2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbFQ4T3QyVldkNjVJZ2ZQ + SkhIQ0poTlM5UFVkeFBuUVUySzFPSUdZYXg4Cjc4RUV6MEpWbW1jSmd4L2NhS21E + WjlZcys1aUNEU2sxVVZwMnRRaTFwL0EKLS0tIE5DbWxKWE9Rc0I4T3RSbnB1elJk + MUZiRndoN1VxYjlFcVc4NkRNdUh2L2MKCfqqfLOfh+vB1gapixFzz4/ZxidTwn8F + C25Z7UDWcIJvoAM/g7RAy8uL0iUgTsQMw4inEwokaolkkOzicy1PiQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-27T13:42:09Z" + mac: ENC[AES256_GCM,data:0LAWFAlYyVd3lQQtI80+VGQNymwPIO2urliic8hLSsvYl9ZCvIPUgPSGVQXSjXfVl41oxhU4XeasR9iGW3DwJ2/W3Bn7UTh3ek+sG7U6O4dmymuL44cK9F508cxF1IvK2If96jKz2ht7ttXQ11CYf82msOdL/KVp1hafRF3aTS0=,iv:FFE7JNDWF54MxWHKaWM+g3G95KpgPa05LOKunUWEMi8=,tag:0mlRoM2QX6zr+ajDjbyWxg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/secrets/templates/aoch.tpl.yaml b/secrets/templates/aoch.tpl.yaml new file mode 100644 index 0000000..0dbc37a --- /dev/null +++ b/secrets/templates/aoch.tpl.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aoch + namespace: default +stringData: + session: ""