feat: deploy abiotic

kubernetes/main/apps/games/abiotic/app/dnsendpoint.yaml

@@ -0,0 +1,14 @@
+---
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/externaldns.k8s.io/dnsendpoint_v1alpha1.json
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: abiotic
+spec:
+  endpoints:
+    - dnsName: "abiotic.${SECRET_DOMAIN}"
+      recordType: CNAME
+      targets: ["ipv4.${SECRET_DOMAIN}"]
+      providerSpecific:
+        - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+          value: 'false'

kubernetes/main/apps/games/abiotic/app/externalsecret.yaml

@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name abiotic-secret
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: *name
+    template:
+      engineVersion: v2
+      data:
+        ServerPassword: "{{ .SERVER_PASSWORD }}"
+  dataFrom:
+  - extract:
+      key: abiotic

kubernetes/main/apps/games/abiotic/app/helmrelease.yaml

@@ -0,0 +1,106 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app abiotic
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  dependsOn:
+  - name: rook-ceph-cluster
+    namespace: rook-ceph
+  - name: volsync
+    namespace: storage
+  values:
+    controllers:
+      abiotic:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/pleut/abiotic-factor-linux-docker
+              tag: latest #yuck
+            env:
+              ## Container Settings
+              TZ: ${TIMEZONE}
+              MaxServerPlayers: 6
+              Port: &port 7777
+              QueryPort: &queryport 27015
+              SteamServerName: Noods
+              UsePerfThreads: true
+              NoAsyncLoadingThread: true
+              WorldSaveName: Noods
+              AutoUpdate: true
+              # AdditionalArgs: -placeholder=true
+            envFrom:
+            - secretRef:
+                name: abiotic-secret
+            probes:
+              liveness: &disabled
+                enabled: false
+              readiness: *disabled
+              startup: *disabled
+            resources:
+              requests:
+                cpu: 500m
+              limits:
+                memory: 4Gi
+    # defaultPodOptions:
+    #   securityContext:
+    #     runAsNonRoot: true
+    #     runAsUser: 1000
+    #     runAsGroup: 100
+    #     fsGroup: 100
+    #     fsGroupChangePolicy: OnRootMismatch
+    #     seccompProfile: { type: RuntimeDefault }
+    service:
+      app:
+        controller: *app
+        type: LoadBalancer
+        annotations:
+          lbipam.cilium.io/ips: ${SVC_ABIOTIC_ADDR:=temp}
+        ports:
+          game:
+            protocol: UDP
+            port: *port
+          query:
+            protocol: UDP
+            port: *queryport
+    # ingress:
+    #   app:
+    #     enabled: false #nginx doesn't support non-https
+    #     className: external
+    #     annotations:
+    #       external-dns.alpha.kubernetes.io/target: ipv4.${SECRET_DOMAIN}
+    #     hosts:
+    #     - host: "{{ .Release.Name }}.${SECRET_DOMAIN}"
+    #       paths:
+    #       - path: /
+    #         service:
+    #           identifier: app
+    #           port: game
+    persistence:
+      config:
+        existingClaim: *app
+        globalMounts:
+        - path: /server/AbioticFactor/Saved
+      files:
+        existingClaim: abiotic-server-files
+        globalMounts:
+          - path: /server

kubernetes/main/apps/games/abiotic/app/kustomization.yaml

@@ -0,0 +1,9 @@
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./dnsendpoint.yaml
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
+  - ./pvc.yaml
+  - ../../../../../shared/templates/volsync

kubernetes/main/apps/games/abiotic/app/pvc.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: abiotic-server-files
+spec:
+  accessModes: ["ReadWriteOnce"]
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: ceph-block

kubernetes/main/apps/games/abiotic/ks.yaml

@@ -0,0 +1,25 @@
+# yaml-language-server: $schema=https://kube-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app abiotic
+  namespace: flux-system
+spec:
+  targetNamespace: games
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/main/apps/games/abiotic/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: false # no flux ks dependents
+  interval: 30m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 50Gi
+      VOLSYNC_UID: "1000"
+      VOLSYNC_GID: "100"

kubernetes/main/apps/games/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
+  - ./abiotic/ks.yaml
   # - ./core-keeper/ks.yaml
   - ./minecraft/ks.yaml
   # - ./palworld/ks.yaml

kubernetes/main/flux/settings/cluster-secrets.sops.yaml

@@ -15,6 +15,7 @@ stringData:
     SVC_PALWORLD_ADDR: ENC[AES256_GCM,data:sN51CLk0J5lueA==,iv:h/WiPB2ByiOjLLJwSegF0SXKklZazd81e0Qn//G8Wbk=,tag:Isi9IegNRCGbZ+nJfgC6Fw==,type:str]
     SVC_MINECRAFT_ADDR: ENC[AES256_GCM,data:f12BWnkvCdvjNg==,iv:gHfGEfHHQY9Rbu0uDls0sLdkje7UIQ4Mp+l5n33BJBA=,tag:NUo6kfMNYZQY9gRqZZN36g==,type:str]
     SVC_COREKEEPER_ADDR: ENC[AES256_GCM,data:fA4djsP75bTYlA==,iv:Kipkmlx+4AEkjmSjCdLKxSRRViAp0AP8SYgcyQImC0s=,tag:o7yurCyzgSHSnGmCHqZmAg==,type:str]
+    SVC_ABIOTIC_ADDR: ENC[AES256_GCM,data:vwvzpurDqzJaXw==,iv:/Ua885qZHEwwFvGBYsuVIknav8bJLkMriXH2ngtc18Y=,tag:XdmXKw5LSXAXmcxBTz7KYA==,type:str]
     #ENC[AES256_GCM,data:NYqIEJwguAGYzknS,iv:U0oZbqHMObZ+Wvx8ryQE8dlR0SG26wsfYV3F2F67H+w=,tag:oCJYngN4jrdWrQug82W9vQ==,type:comment]
     SECRET_NFS_DATA: ENC[AES256_GCM,data:85DKixrSI8rproq1PmI=,iv:kvg70gJHchxhVQsjGInXA8V1bx1XzWjmICMhfquYZTg=,tag:f3dPXLWTKx7ApYucQtIe1w==,type:str]
     SECRET_NFS_PAPERLESS: ENC[AES256_GCM,data:U5zrsgH3/TED4QVZSzP2,iv:E1RB4QWwMpLYSGRJLOtC89Uat/7K3Hf/4m8feU2dcGw=,tag:TrZbkBC+3I7OUIb2VWGuWw==,type:str]
@@ -37,8 +38,8 @@ sops:
             Mml3TDJwa2tWTUV3d0piVTFJSFhhOEEKr0FLybpRsnIlbT55No+/qolp2GVAB1yD
             yeGYjULaarqScUazhWSnuzDcRj4X0MX8UDV5lc4OsGba9ymVbywDbQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-05T04:42:19Z"
-    mac: ENC[AES256_GCM,data:q0aKP8FFTfgZEvQMcqOA3ZQfpwPVZxsK+KOFdL/n9he8L9R775DShLmZItWiZzrPN1tlBSkwxFZej2vEpVqIVZyz/CXX5wB0qxJ/pDbZaN4cPBgwF3327Jnxgn9MsLHqbo8KKuK2kkBpiQfuFFKi6a0twAcgzZYrM2L0HOUWfug=,iv:fOxqm/EToM8t0EY0tSvURZojt5RAK3CT5sApMXQrZAY=,tag:hkG/Oiqw0W8ib6M1lO/v+g==,type:str]
+    lastmodified: "2024-12-23T03:19:25Z"
+    mac: ENC[AES256_GCM,data:BXOtz3zQ0/0ZKwkX1IBPNbFubWD09gLpmTApBEg9yI1dcBIQLJhJ9aAv9uoHBkN2F/maCM88WwiHlkL2pTicIISoKY/dG2xAXGrRkq1oCbxVmbNuSSMoONYPN1FtW75bC3i3ye2e7Vd7fknYnt3BN8eUDMHdbh/GdfP1mcdFsGU=,iv:FgNw7gQ2kOCGqPcdGtsHpuQvkgkiD6VFZCxkwdbeEnI=,tag:v72PeumDZC1KlRIbDm4qEg==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
-    version: 3.9.1
+    version: 3.9.2