From fbc8d537491af35c172059366403e78e7c1b6eb3 Mon Sep 17 00:00:00 2001 From: nzbr Date: Sat, 11 May 2024 19:57:55 +0200 Subject: [PATCH] outline: install grist --- kubernetes/outline/deployment.jsonnet | 2 +- kubernetes/outline/grist/grist-secret.jsonnet | 30 +++++ kubernetes/outline/grist/statefulset.jsonnet | 110 ++++++++++++++++++ kubernetes/outline/grist/values.libsonnet | 16 +++ kubernetes/outline/valkey/values.yaml | 4 + 5 files changed, 161 insertions(+), 1 deletion(-) create mode 100644 kubernetes/outline/grist/grist-secret.jsonnet create mode 100644 kubernetes/outline/grist/statefulset.jsonnet create mode 100644 kubernetes/outline/grist/values.libsonnet diff --git a/kubernetes/outline/deployment.jsonnet b/kubernetes/outline/deployment.jsonnet index dd2ef49..860a0ff 100644 --- a/kubernetes/outline/deployment.jsonnet +++ b/kubernetes/outline/deployment.jsonnet @@ -1,7 +1,7 @@ local values = import 'values.libsonnet'; local envFrom = [ - { secretRef: { name: "outline-env" } }, + { secretRef: { name: values.name + "-env" } }, ]; local env = std.objectValuesAll(std.mapWithKey( diff --git a/kubernetes/outline/grist/grist-secret.jsonnet b/kubernetes/outline/grist/grist-secret.jsonnet new file mode 100644 index 0000000..73e0150 --- /dev/null +++ b/kubernetes/outline/grist/grist-secret.jsonnet @@ -0,0 +1,30 @@ +local values = import 'values.libsonnet'; + +{ + "kind": "SealedSecret", + "apiVersion": "bitnami.com/v1alpha1", + "metadata": { + "name": values.name + "-env", + "namespace": values.namespace, + "creationTimestamp": null, + }, + "spec": { + "template": { + "metadata": { + "name": values.name + "-env", + "namespace": values.namespace, + "creationTimestamp": null, + }, + "type": "Opaque" + }, + "encryptedData": { + "GRIST_DOCS_MINIO_ACCESS_KEY": "AgAqajd35JS04b+QO2TJCyZdy0SiAAfZDWZHuJQ1liTlbYiHXMPV+JOgLnc7ISsqfLhmVXSmP53egIUyHkKsGNZDmz5pJT2rHN/g53hxlIB5I8KmhV3Hadxzv/3zmRwhW5c5PmfT/tssaoPhK8StAahiZi7VQsx78iehJnZhhKAP38SAWuy2IjAXl5glC2vNhUS9N5puXaxPCOB7YLNz5P8Cb6DeqnTEb62sG7Atx2FqczZ2FVoY7OYBqpM/jdP5NMU91a4vxz2HM9KdhNC8B5YxSZ67gWSOy4LWZqgaFA9AbaXq/k1zfkKwrgde7CdVg8TIlSmdd9BrkCWbTiNDuaDjmT0KNVDfuvn4bRa662DjBRJtmpKDpHJOgZgIDA4rGN4NHnw0J8ZxmS9HvhnqJvTMF/3W7WDGQFrs7vkwNBS9MasmdyiWIkTxPOqaXWf8zAgIC1FT8qrx9yDATtXRd3L6shNUCxgDYJjvpR3P517AvtP86wFP3OcWi5zKjq+VkHX1ElI3duAd+mRyqanryJjuDov+7x+LOPXW6vKvLUkgFvr+y+eE9gQA2pFWhFUjBoRpIAqRzEkL1aMKl+D8hnOsgGhkduUhtTvaftXTW3KeHvk5DHY50b4/gMnX8HRBbRdu6w3IPQgUdvvCgS6KZ063JKBW1hvejP4iSSJplxtELPIxIhzEwf9nYfvomg2zkp9DubWjE5ONQUF415j35u/6CllCWw==", + "GRIST_DOCS_MINIO_BUCKET": "AgBPCMFXVHBnsi+pjoF/0ocaXZweVh9kjl8M6nG4wxM1NHblBRi5dgR4aWj7GdPuROhv66ilFwyqIRCaHlAKdV4XufS+o4xOo0Voo6y+ekTJ/76VYHEz/WV9WjmOhrrUG/9VL2kQS+08+wrfSkeIbvG1FOvwI8ciNUIA6ftjKlmPTkX6HUfe9GKW0qA7/cGqQXWM231QeA5A2BmuJkE2f86jvO6+C7zZxxpzmjq1NgmUy/4Mv8q8mOFH9Sn+T3KnXrB6PnexSHG3oCGJ6yWqZQ59om+22uJGmVlCJxhTMtnt7sMSwB/ausPDJvWnSA79F0Mdjg13pzew42Ffgk4lmGC1SsDR39FifyYdG7CNU7ZWEErKTnhbph2UzTlJxMzO3z32gJneG80xCQDXB9WGrW1rjdorPuP3gaxJE+b8/AFLn54SjIFprkX2drEQ6zC5e1SlqNaTNK8+eTmYZ6xk6lTYee9MeEARfetx6wg7+VJnr8RxjRPzzxGlRLnIwl0fCAfUOz4nZS7W65yNKkHXvGvan5FY6ZIJ7F3YL3oys0z7fjTh6DO5jTgNuKgvcKBMovltb4dclk/3B01opIWZl4zi9mtfu7VBIqG2U/B62Ae5pap+cTM1MiSt2iWY6BdLjeNX59rI9r9ubQnt4A+cjO8nC65eIAaUfyRdNisHKsXKlMga7qyTAmYY5BbNzVHUNLSd8fZ2K3MoNIhn", + "GRIST_DOCS_MINIO_ENDPOINT": "AgAXtTDSfCwZCRwzP3Jw1F4jOhHLD+lqHmB4ZjEORtSjEdRAsANBfgDVosdT5aeBLyICL5e/0FA3r+m2xQTysWUgOm0ZxP3BZb/J6nTgFlDxFw6Bd+XLO/7iTjXZyHyaxXS82UzmKAPe2wtY8084OWVsDBRUqpVCHd88bLq0CzLgVE/yy/dVYUBTeVwlA64prYZHVc1SAQ1V3+KyDp+mFiEZKhuVHQSpUT42A38QYbxo2j2S69B55527LkWKHnCyeFYnHfE/nUbo/AgPXI3YJj1K116pnUpFWIyjWWMI9RREnxgf86F+tJ7bmWFrbOfWbwkH969YELla24b/PfG+OEaNMJcLqeu1byNrCG0H/8sdzqyDhEe3JEA9EZY/HD/EIajSWxhDx6unYqlqK2//yi2+rsrb6ROaDMAOg7kHX5BS/xi6EiSOBF6CXsNS966cBRDvXDkyc9gNrV11HDvb8GfXdtoOVypvzElIPRRMFPxMFMU5n1/qd324dBUrB5DR7Za3ZGhYjjFrfNj/4L4RZlJvRWNK9tVlJZ1Ru7rLE+zX/bexK8hnxwdE/VC6a3uYYP3q9hU4N9R+W+YcWt9kbUkK7pS8sCVDsocQh7eHYD557fiS+x6R7RQ/nNHwmsly7+0Gznz4Ydp2qlB1kLzl4SKuQmfaPgzUMDYnLrNN433dqSRqaU1TC+dBIxNikEhkqklAaDOTTIJ+uKfHIUw+HLsKwaEK7cn5uRUGJcimFA==", + "GRIST_DOCS_MINIO_PORT": "AgAgWMf3JWywVNGbRrs+c5Gn+hRsInXC7+g+dx6AhYlrFIuKi5uZtVmMWxjm2g0GXY7bRlrJDwCQrG1p9cUz0Hsgqo66Dh/Dc2vvZL3Q6bWlIdOc9iUdmqqzAACFYf1KKqnxiM5UoVrk8Diyj8GoRyzQoBlu+8fPbbli23Klhf1sxkR/1ZP7hLbnwM8d445XrcVv4oSjnM6ri5XrMldzhJuoLVlEhXs8/Ppg/ImlOP+E4N4mTq8Atv2NLu6FQwTdCX8sNcCM+6lgNDMcFfjpgk2orWTnjzwXlDAvVh5W9oagk+YOPkl+vtj0ZvTYULA34yJeeJ/8HgrebP7S4P5TIQ0/iYlmlvbVMLz+G9/4bisovfL56QBX5teiuI3ivy3AbBDMO3xRG7LmHhSHYWiJQC8K1DiwlU2D2kaxLGjy0VKR35Mj5kHZ2zNJgM20Vy2f8GqlnBBdviJgAhx+pwOaS8G+WQTkMDnN6nTA+QLde3aVa6GsNTjpBp7kMPx78IT9kRfWl0Anhc/sNHD71dg/8EEXpmNDBPoY1zF++m1ioOSGLgIWRuOOY3BPdC/dQ5/A44igpBMO0/fDULLRJ7ONxw7QUltKwycqiRTzBUe829FoxgN3cXndhMKNdBUdUYRpQdnJfNxsti1BSW7EGkbcKSMChyLOjU6AwMrYYLKo222t84nTcWrF0veQ+3EDXxGg0uFfJGE=", + "GRIST_DOCS_MINIO_SECRET_KEY": "AgDTj9mXqUCX+xk3swIgM1I7o/VdDtQZnLOmtReGgyehatDaM3lSd9956rXukeCg9Ke5B+mhb2jvJzNp7kXtDxRk93SIhNs9x06frvxrIaBKaWvpDjzJlsWmyvLI6sUSmyF6Y23i9xDv8Ws6tydGdp3IuMwbAAlnH2BV3H8OXtjB6vU+2jKNHjU7x/rZEiJ1+cANN2vE50Cm9qU0NBvIreap+MaJiJZPIXzuApC8E7MTluTdfY/k6S8XwTh/NnI8cumj1Cd6rCOKo1CT1iKS5wQVkHXl9MDjNPLr7Jo5hvXYE+J81ug2CeDXQCb7EdlVvGEN623c1EnCxFF8cKEFH1K7dFMMi66f/hk6WAdiGOjHThGsFH7S+9JGHxiFomixnOwEyZ2EEDQyL4ASgs43rd772vShs3b1Oao/QuxIx+boi2Su4OlsxcPPo8Jachns+e0/sUdLEn/Zr13Vfwwu+Vdy8P8JU6lM7i4elzSP51RwCXJLomcwq3LTC48vCcxkEbS7VHv9ysXWFIG7xL02/mX59JmnaMDsr8fpPmg2rjMiB5yP/VtoalxbVUr4JFuksQU75RD2N9Ez5yhMt2CzsU/roOmJsHlEeVzwVNzVsrhCtLumofRINgSSTeLvvY4AD5N7kmt728h8cNsLZXtlV0ZVvsCW1t6aMekPEzY8KsCAf2jdTUu1Zela1P9sMmcTsiDylCfZFez7f/mDlc6vRkZ+/R4QG/bqNeaHdC9k0M8YK6Obqsg+eqNb", + "GRIST_DOCS_MINIO_USE_SSL": "AgBGrUDo2UasjHsehJz5y6BQk641EpjVXHbZSJYmO3yxzMMnEEzbQGLVeQ3sxduGDUxnElQdXq1o6622+9/ZBHMgt+5pM/XXi7MC6a64udkdClIES0cE8fhI0I7D/mAImRj4SNGb1zbzhRdjV6QmoOGmN/HGjLtB70nukDujrKnEfoLxi9Oy6jbExVJ8V54UoE84NaTyAbalRDb7f098II+waJnbOEt5Nk/1LbBRYXGowU/MYHvq5FvKPS8dfNy7Wh7vYpmcV/5Vzo3pmS89YXpM5gn0WiQVgjZ4WpqAXpJ5Y86gSakRXhKAeqenXQlvd2U+Fbg1KXnDkWoM55FSK7WTQRWBCj028k3n4Ed3NXVFo/5kpPkDhwzfQ/J3vVmDe36oz1yMWGmingT6F/PmNysCQKcS23loHxekoYSMsamCGnFUXIzdcbm39Y4cgvfGvdL7j4Kmv6Hr+Px2oEcX8sUHpnVkVk6kzlFXJmgJSPp0G8Fke3L9hqoy/P0FC3iZyMP3gqbet8WuUx/OkuMii2k7J6mM5XC9YfFcoJysHkfyH8m+ka+JV1dj/kNrkJinr6WJQRI1PbgkvfS1tgvqDDMpd0027zoK3/z0wkq5f3LC5wEFl63X0Mhnu4mpP/uHL0x4CJvBvn0gtObj7dH/9fw4wkryTKNbiNBAv92PVplsH6xpPyudbVnHFp0K9X54OilO", + "GRIST_SESSION_SECRET": "AgCVk7PYy7Juvh9SMs2/3bM7RmQ/BKNuma5s+5pfhn9tWuyARU5jphbRSkXI1FF6gZzcZ2zvOD2cMOwvXFs3ttP24NX3VJNl8epxWb56FM36eI345iLs9HBzs4MTkNC2AQwM8di7WinN3xV323qFWGNJ3QS5caE/VhLfpzXAfwBJ2H6xe1Cu8hZzJepPfXUIAfvGEHrZk6+fU+Vx2PxQMrXxjJw0vO+QjfhsqpysNlsOVEzXHJZI+slkHbOsmmQaFqCT5+MZhqzgRpOotkWeF9USihPAsspwm+oQxeAmZNkceI13uFjWH6E9kFoHbq+cG2WciuVm5GE1jc1romXFfVexpdCgzt0Yluo6Jiwv9t0LUL4ADI9pUGasWAZJanPLFsDqOFSxB2PPsIL8mD4pchy/2GhF9661Yko1n8N/JfaGciBVny3oQgmtg1CpZjnqYS7QWPMYAtlFJhrtijaeRFjfVBrqlwioFlmU869eQdHo9NjaeMEp74ILeDg8eap20zBwadx8j3ywNgk/mSet8kwnZxCc7I8pK0/eWVQxLaxxpdmQb6f+YSorqwFr4+XKcudAxzlk3nM3E+niUI+URXSf521kyBa0LP0umAL01zBorxNbpPP5siWv1mroo5K3iXrccN8qL995aIdKzCQ9B/kFxzY8d9NBsx37CyzVcK0XjJaNfnIoqYuIEV+MB+Y5uASPRPNxrEfAUClx67DEMXlut70xO/cyFx9EvnPeolBLbL7vHOW0x+nAedF/i4lIiLpXDp/jFnf6YRUmexkblJQg" + } + } +} diff --git a/kubernetes/outline/grist/statefulset.jsonnet b/kubernetes/outline/grist/statefulset.jsonnet new file mode 100644 index 0000000..04ea415 --- /dev/null +++ b/kubernetes/outline/grist/statefulset.jsonnet @@ -0,0 +1,110 @@ +local values = import 'values.libsonnet'; + +local envFrom = [ + { secretRef: { name: values.name + "-env" } }, +]; + +local env = std.objectValuesAll(std.mapWithKey( + function(key, value) { name: key, value: value }, + { + GRIST_SANDBOX_FLAVOR: "gvisor", + APP_HOME_URL: values.url, + GRIST_SINGLE_ORG: "nzbr.de", + GRIST_FORCE_LOGIN: "true", + }, +)) + [ + { + name: "REDIS_URL", + valueFrom: { + secretKeyRef: { + name: "outline-env", + key: "REDIS_URL", + }, + }, + } +]; + +{ + apiVersion: "apps/v1", + kind: "StatefulSet", + metadata: { + name: values.name, + namespace: values.namespace, + }, + spec: { + selector: { + matchLabels: values.labels, + }, + serviceName: values.name, + replicas: 1, + template: { + metadata: { + labels: values.labels, + }, + spec: { + affinity: { + podAffinity: { + preferredDuringSchedulingIgnoredDuringExecution: [ + { + weight: 100, + podAffinityTerm: { + labelSelector: { + matchExpressions: [ + { + key: "app.kubernetes.io/name", + operator: "In", + values: ["valkey"], + }, + ], + }, + topologyKey: "kubernetes.io/hostname", + }, + }, + ], + }, + }, + containers: [ + { + name: "grist", + image: values.image, + imagePullPolicy: "IfNotPresent", + envFrom: envFrom, + env: env, + ports: [ + { + name: "http", + containerPort: 8484, + }, + ], + volumeMounts: [ + { + name: "persist", + mountPath: "/persist", + }, + ], + securityContext: { + capabilities: { + add: ["SYS_PTRACE"], + }, + }, + }, + ], + }, + }, + volumeClaimTemplates: [ + { + metadata: { + name: "persist", + }, + spec: { + accessModes: ["ReadWriteOnce"], + resources: { + requests: { + storage: values.volumeSize, + }, + }, + }, + }, + ], + }, +} diff --git a/kubernetes/outline/grist/values.libsonnet b/kubernetes/outline/grist/values.libsonnet new file mode 100644 index 0000000..0ad8e8e --- /dev/null +++ b/kubernetes/outline/grist/values.libsonnet @@ -0,0 +1,16 @@ +local base = import "../values.libsonnet"; + +local name = "grist"; +local host = "grist.nzbr.de"; + +{ + name: name, + namespace: base.namespace, + labels: { + "app.kubernetes.io/name": name, + }, + host: host, + url: "https://"+host, + image: "gristlabs/grist:1.1.13", + volumeSize: "4Gi", +} diff --git a/kubernetes/outline/valkey/values.yaml b/kubernetes/outline/valkey/values.yaml index e4880bc..5abc455 100644 --- a/kubernetes/outline/valkey/values.yaml +++ b/kubernetes/outline/valkey/values.yaml @@ -21,4 +21,8 @@ valkey: operator: 'In' values: - 'outline' + - key: 'app.kubernetes.io/name' + operator: 'In' + values: + - 'grist' topologyKey: 'kubernetes.io/hostname'