Added ttrss.

cluster/apps/kustomization.yaml

@@ -7,3 +7,4 @@ resources:
   - kube-system
   - networking
   - harbor
+  - ttrss

cluster/apps/ttrss/docker-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3IuZGhvc3RpbmcueHl6L2hvcnNkdWNvbW11biI6eyJ1c2VybmFtZSI6ImhvcnNkdWNvbW11biIsInBhc3N3b3JkIjoiekhLZGRERTkyaE1GSUc1a1lKVjU5UHFDN1JBVTFzTTgiLCJlbWFpbCI6ImR2ZF9sQGhvdG1haWwuY29tIiwiYXV0aCI6ImFHOXljMlIxWTI5dGJYVnVPbnBJUzJSa1JFVTVNbWhOUmtsSE5XdFpTbFkxT1ZCeFF6ZFNRVlV4YzAwNCJ9fX0=
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: docker-registry-ttrss
+type: kubernetes.io/dockerconfigjson

cluster/apps/ttrss/docker/Dockerfile

@@ -0,0 +1,15 @@
+# See https://github.com/Skyr/docker-ttrss
+# A lot of ttrss docker images integrate scripts that update ttrss when the container restarts.
+# I'd rather have an immutable image, as created by skyr0
+FROM skyr0/ttrss:26
+
+ENV ttrss_rev ceb8179ccc692430d52deb8e154e07a78569b412
+
+# I don't want to have the plugins and themes in a docker volume. Remove the link.
+RUN cd /var/www/ttrss && rm -rf themes.local plugins.local && \
+    mkdir -p themes.local plugins.local
+
+# Add some plugins
+RUN cd /var/www/ttrss/plugins.local && git clone https://github.com/feediron/ttrss_plugin-feediron.git feediron && \
+    git clone https://github.com/HenryQW/mercury_fulltext.git && \
+    git clone https://github.com/DigitalDJ/tinytinyrss-fever-plugin fever

cluster/apps/ttrss/docker/Makefile

@@ -0,0 +1,17 @@
+.PHONY: build
+
+all: build
+
+SECRET_DOMAIN = $(shell sops -d --extract '["stringData"]["SECRET_DOMAIN"]' ../../../base/cluster-secrets.sops.yaml)
+SECRET_DOCKER_USERNAME = $(shell sops -d --extract '["stringData"]["SECRET_DOCKER_USERNAME"]' ../../../base/cluster-secrets.sops.yaml)
+SECRET_DOCKER_PASSWORD = $(shell sops -d --extract '["stringData"]["SECRET_DOCKER_PASSWORD"]' ../../../base/cluster-secrets.sops.yaml)
+SECRET_DOCKER_EMAIL = $(shell sops -d --extract '["stringData"]["SECRET_DOCKER_EMAIL"]' ../../../base/cluster-secrets.sops.yaml)
+
+build:
+	ttrss_rev=ceb8179ccc692430d52deb8e154e07a78569b412 docker build -t harbor.$(SECRET_DOMAIN)/horsducommun/ttrss .
+
+push:
+	docker push harbor.$(SECRET_DOMAIN)/horsducommun/ttrss
+
+generate-registry-secret:
+	kubectl create secret docker-registry docker-registry-ttrss --docker-server=harbor.$(SECRET_DOMAIN)/horsducommun --docker-username=$(SECRET_DOCKER_USERNAME) --docker-password=$(SECRET_DOCKER_PASSWORD) --docker-email=$(SECRET_DOCKER_EMAIL) --dry-run=client -o yaml > ../docker-secret.yaml

cluster/apps/ttrss/docker/README.md

@@ -0,0 +1,51 @@
+# TTRSS
+
+### Backup and restore
+
+Migration was done using kubectl port-forward and pgadmin for ease of use.
+
+We can also use the following commands :
+
+To backup :
+
+```
+kubectl exec postgres-ttrss-postgresql-0 -- pg_dumpall -c -U postgres > /tmp/dump_$(date +"%Y-%m-%d_%H_%M_%S").sql
+```
+
+To restore :
+
+```
+cat /tmp/dump_xxx.gz | gzip -d | kubectl exec -i postgres-postgresql-0 -- psql -U postgres
+```
+
+## Mercury
+
+Mercury is a service that gets fulltext from articles.  
+The plugin needs a running mercury service to work.
+
+## Docker registry secret
+
+To generate the secret yaml :
+
+```
+make generate-registry-secret
+```
+
+It will use the secrets defined in the base/cluster-secrets.sops.yaml and create a
+docker-secret.yaml along the other resources.
+
+## TTRSS
+
+We build our own image :
+
+```
+make
+make push
+```
+
+### Plugins
+
+- Mercury, uses the Mercury instance we deploy, to be able to extract full text from articles
+- We added Fever API plugin to be able to use the Reeder app on iPad : https://github.com/DigitalDJ/tinytinyrss-fever-plugin  
+Enable it in the plugins, then a new section in the configuration appears to configure it.  
+The URL is then https://rss.horsducommun.be/plugins.local/fever/

cluster/apps/ttrss/docker/docker-compose.yaml

@@ -0,0 +1,37 @@
+version: '3'
+services:
+
+  postgres:
+    image: postgres:11.10-alpine
+    container_name: ttrss-postgres
+    ports:
+      - "5454:5432"
+    volumes:
+      - ./dbdata:/var/lib/postgresql/data:z
+    environment:
+      POSTGRES_USER: ttrss
+      POSTGRES_PASSWORD: admin
+      POSTGRES_DB: ttrss
+
+  ttrss:
+    build: .
+    container_name: ttrss
+    environment:
+      DB_TYPE: pgsql
+      DB_HOST: postgres
+      DB_PORT: 5432
+      DB_USER: ttrss
+      DB_PASS: admin
+      DB_NAME: ttrss
+      BASE_URL: http://127.0.0.1:8080
+    ports:
+      - 8080:8080
+
+  service.mercury: # set Mercury Parser API endpoint to `service.mercury:3000` on TTRSS plugin setting page
+    image: wangqiru/mercury-parser-api:latest
+    container_name: mercury
+    restart: always
+
+volumes:
+  db-data:
+

cluster/apps/ttrss/ingress.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ttrss
+  labels:
+    app: ttrss
+  annotations:
+    ingress.kubernetes.io/ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+    traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
+spec:
+  rules:
+    - host: rss.${SECRET_DOMAIN}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ttrss
+                port:
+                  number: 80
+  tls:
+    - hosts:
+      - rss.${SECRET_DOMAIN}
+      secretName: tls-rss-${SECRET_DOMAIN}

cluster/apps/ttrss/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - postgres-helm-release.yaml
+  - docker-secret.yaml
+  - mercury-deployment.yaml
+  - ttrss-deployment.yaml
+  - ingress.yaml
+namespace: ttrss

cluster/apps/ttrss/mercury-deployment.yaml

@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mercury
+  namespace: ttrss
+  labels:
+    app: mercury
+spec:
+  ports:
+  - port: 3000
+    targetPort: 3000
+  selector:
+    app: mercury
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mercury
+  labels:
+    app: mercury
+  namespace: ttrss
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mercury
+  template:
+    metadata:
+      labels:
+        app: mercury
+    spec:
+      containers:
+      - name: mercury
+        image: wangqiru/mercury-parser-api:latest
+        resources:
+          limits:
+            cpu: 500m
+            memory: 512Mi
+          requests:
+            cpu: 500m
+            memory: 512Mi

cluster/apps/ttrss/postgres-helm-release.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: postgres
+  namespace: ttrss
+spec:
+  interval: 5m
+  chart:
+    spec:
+      # renovate: registryUrl=https://charts.bitnami.com/bitnami
+      chart: postgresql
+      version: 10.16.2
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+      interval: 5m
+  values:
+    global:
+      storageClass: nfs-client
+    pgHbaConfiguration: |-
+      local all all trust
+      host all all localhost trust
+      host all all 10.42.0.0/16 trust
+      host all all 10.43.0.0/16 trust

cluster/apps/ttrss/ttrss-deployment.yaml

@@ -0,0 +1,61 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ttrss
+  namespace: ttrss
+  labels:
+    app: ttrss
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+  selector:
+    app: ttrss
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ttrss
+  labels:
+    app: ttrss
+  namespace: ttrss
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ttrss
+  template:
+    metadata:
+      labels:
+        app: ttrss
+    spec:
+      containers:
+      - name: ttrss
+        image: harbor.${SECRET_DOMAIN}/horsducommun/ttrss
+        imagePullPolicy: Always
+        resources:
+          limits:
+            cpu: 500m
+            memory: 512Mi
+          requests:
+            cpu: 500m
+            memory: 512Mi
+        env:
+          - name: BASE_URL
+            value: "https://rss.${SECRET_DOMAIN}"
+          - name: DB_TYPE
+            value: "pgsql"
+          - name: DB_HOST
+            value: "postgres-postgresql"
+          - name: DB_PORT
+            value: "5432"
+          - name: DB_NAME
+            value: "ttrss"
+          - name: DB_USER
+            value: "ttrss"
+          - name: DB_ENV_USER
+            value: "postgres"
+      imagePullSecrets:
+        - name: docker-registry-ttrss

cluster/core/namespaces/kustomization.yaml

@@ -7,4 +7,5 @@ resources:
   - networking.yaml
   - system-upgrade.yaml
   - nfs-provisioner.yaml
-  - harbor.yaml
+  - harbor.yaml
+  - ttrss.yaml

cluster/core/namespaces/ttrss.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ttrss