diff --git a/Makefile b/Makefile index f7f3b53..e7691f4 100644 --- a/Makefile +++ b/Makefile @@ -39,8 +39,8 @@ diff: $(environment) .PHONY: apply apply: $(environment) - $(KUBECTL) $(KUBECTLFLAGS) apply -l managed-by=kustomize-cluster -f $(ENVOUTDIR) - $(KUBECTL) $(KUBECTLFLAGS) apply -l managed-by=kustomize -f $(ENVOUTDIR) + $(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -l managed-by=kustomize-cluster -f $(ENVOUTDIR) + $(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -l managed-by=kustomize -f $(ENVOUTDIR) .PHONY: all dev prod all: dev prod diff --git a/kustomize/bases/drone/drone-runner-deployment.yaml b/kustomize/bases/drone/drone-runner-deployment.yaml index 273a461..4d119e9 100644 --- a/kustomize/bases/drone/drone-runner-deployment.yaml +++ b/kustomize/bases/drone/drone-runner-deployment.yaml @@ -38,10 +38,10 @@ spec: containerPort: 3000 resources: requests: - cpu: 2000m - memory: 2Gi + cpu: 1000m + memory: 1Gi limits: - cpu: 4000m + cpu: 2000m memory: 2Gi --- kind: Role diff --git a/kustomize/bases/drone/drone-server-deployment.yaml b/kustomize/bases/drone/drone-server-deployment.yaml index 10b6cd7..3a2684e 100644 --- a/kustomize/bases/drone/drone-server-deployment.yaml +++ b/kustomize/bases/drone/drone-server-deployment.yaml @@ -49,10 +49,10 @@ spec: resources: requests: cpu: 500m - memory: 500Mi + memory: 250Mi limits: - cpu: 1000m - memory: 1Gi + cpu: 500m + memory: 500Mi --- apiVersion: v1 kind: Service diff --git a/kustomize/bases/gitea/gitea-deployment.yaml b/kustomize/bases/gitea/gitea-deployment.yaml index a5ae2fa..38e6db3 100644 --- a/kustomize/bases/gitea/gitea-deployment.yaml +++ b/kustomize/bases/gitea/gitea-deployment.yaml @@ -44,10 +44,10 @@ spec: resources: requests: cpu: 500m - memory: 750Mi + memory: 500Mi limits: - cpu: 1000m - memory: 1Gi + cpu: 750m + memory: 750Mi volumeMounts: - name: gitea-pv mountPath: /data diff --git a/kustomize/bases/gitea/kustomization.yaml b/kustomize/bases/gitea/kustomization.yaml index 1bfcc49..44654b9 100644 --- a/kustomize/bases/gitea/kustomization.yaml +++ b/kustomize/bases/gitea/kustomization.yaml @@ -3,7 +3,7 @@ resources: - gitea-ingress.yaml # secretGenerator: - # - name: postgres-credentials-secret + # - name: postgres-credentials # type: Opaque # behavior: create # literals: diff --git a/kustomize/bases/grafana/grafana-deployment.yaml b/kustomize/bases/grafana/grafana-deployment.yaml index cfa39e6..5d8bc5c 100644 --- a/kustomize/bases/grafana/grafana-deployment.yaml +++ b/kustomize/bases/grafana/grafana-deployment.yaml @@ -29,22 +29,22 @@ spec: # - name: GF_DATABASE_HOST # valueFrom: # secretKeyRef: - # name: postgres-credentials-secret + # name: postgres-credentials # key: host # - name: GF_DATABASE_NAME # valueFrom: # secretKeyRef: - # name: postgres-credentials-secret + # name: postgres-credentials # key: database # - name: GF_DATABASE_USER # valueFrom: # secretKeyRef: - # name: postgres-credentials-secret + # name: postgres-credentials # key: username # - name: GF_DATABASE_PASSWORD # valueFrom: # secretKeyRef: - # name: postgres-credentials-secret + # name: postgres-credentials # key: password readinessProbe: failureThreshold: 3 @@ -70,10 +70,10 @@ spec: resources: requests: cpu: 250m - memory: 750Mi + memory: 500Mi limits: cpu: 500m - memory: 1Gi + memory: 750Mi volumeMounts: - name: grafana-datasources mountPath: /etc/grafana/provisioning/datasources diff --git a/kustomize/bases/grafana/kustomization.yaml b/kustomize/bases/grafana/kustomization.yaml index 0a0bf60..436162a 100644 --- a/kustomize/bases/grafana/kustomization.yaml +++ b/kustomize/bases/grafana/kustomization.yaml @@ -8,7 +8,7 @@ configMapGenerator: - datasources.yaml=provision/datasources.yaml # secretGenerator: -# - name: postgres-credentials-secret +# - name: postgres-credentials # type: Opaque # behavior: create # literals: diff --git a/kustomize/bases/nextcloud/kustomization.yaml b/kustomize/bases/nextcloud/kustomization.yaml index e9f3988..f3c744c 100644 --- a/kustomize/bases/nextcloud/kustomization.yaml +++ b/kustomize/bases/nextcloud/kustomization.yaml @@ -1,7 +1,8 @@ bases: - ../postgres + - ../redis resources: - nextcloud-deployment.yaml - - nextcloud-cronjob.yaml + # - nextcloud-cronjob.yaml - nextcloud-ingress.yaml diff --git a/kustomize/bases/nextcloud/nextcloud-deployment.yaml b/kustomize/bases/nextcloud/nextcloud-deployment.yaml index cc202fa..9eb7da8 100644 --- a/kustomize/bases/nextcloud/nextcloud-deployment.yaml +++ b/kustomize/bases/nextcloud/nextcloud-deployment.yaml @@ -16,6 +16,17 @@ spec: labels: app.kubernetes.io/name: nextcloud spec: + affinity: + nodeAffinity: + # prefer to not be on a server node (resource contention) + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: kubernetes.io/hostname + operator: NotIn + values: + - k3s-s0 containers: - name: nextcloud image: nextcloud @@ -26,22 +37,29 @@ spec: fieldPath: metadata.namespace - name: TRUSTED_PROXIES value: 10.0.0.0/8 + - name: REDIS_HOST + value: redis.$(NAMESPACE).svc.cluster.local + - name: REDIS_HOST_PASSWORD + valueFrom: + secretKeyRef: + name: redis-credentials + key: password - name: POSTGRES_HOST value: postgres.$(NAMESPACE).svc.cluster.local - name: POSTGRES_DB valueFrom: secretKeyRef: - name: postgres-credentials-secret + name: postgres-credentials key: database - name: POSTGRES_USER valueFrom: secretKeyRef: - name: postgres-credentials-secret + name: postgres-credentials key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: postgres-credentials-secret + name: postgres-credentials key: password ports: - name: http @@ -49,13 +67,26 @@ spec: resources: requests: cpu: 750m - memory: 750Mi + memory: 1Gi limits: cpu: 1000m memory: 1Gi volumeMounts: - name: nextcloud-pv mountPath: /var/www/html + # - name: nextcloud-cron + # image: nextcloud + # command: ['crond'] + # securityContext: + # runAsUser: 33 + # runAsGroup: 33 + # volumeMounts: + # - name: nextcloud-pv + # mountPath: /var/www/html + # resources: + # limits: + # cpu: 250m + # memory: 250Mi volumes: - name: nextcloud-pv persistentVolumeClaim: @@ -84,4 +115,4 @@ spec: ports: - name: http port: 80 - targetPort: http \ No newline at end of file + targetPort: http diff --git a/kustomize/bases/postgres/kustomization.yaml b/kustomize/bases/postgres/kustomization.yaml index e4d1189..32c42d1 100644 --- a/kustomize/bases/postgres/kustomization.yaml +++ b/kustomize/bases/postgres/kustomization.yaml @@ -2,7 +2,7 @@ resources: - postgres-statefulset.yaml secretGenerator: - - name: postgres-credentials-secret + - name: postgres-credentials type: Opaque behavior: create literals: diff --git a/kustomize/bases/postgres/postgres-statefulset.yaml b/kustomize/bases/postgres/postgres-statefulset.yaml index cb6c696..5a746a7 100644 --- a/kustomize/bases/postgres/postgres-statefulset.yaml +++ b/kustomize/bases/postgres/postgres-statefulset.yaml @@ -22,17 +22,17 @@ spec: - name: POSTGRES_DB valueFrom: secretKeyRef: - name: postgres-credentials-secret + name: postgres-credentials key: database - name: POSTGRES_USER valueFrom: secretKeyRef: - name: postgres-credentials-secret + name: postgres-credentials key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: postgres-credentials-secret + name: postgres-credentials key: password - name: PGDATA value: /data/pgdata @@ -41,11 +41,11 @@ spec: containerPort: 5432 resources: requests: - cpu: 500m - memory: 2Gi - limits: cpu: 1000m - memory: 3Gi + memory: 1Gi + limits: + cpu: 1500m + memory: 2Gi volumeMounts: - name: postgres-pvc mountPath: /data @@ -53,7 +53,8 @@ spec: - metadata: name: postgres-pvc spec: - accessModes: ["ReadWriteOnce"] + accessModes: + - ReadWriteOnce resources: requests: storage: 3Gi @@ -70,4 +71,4 @@ spec: ports: - name: postgres port: 5432 - targetPort: postgres \ No newline at end of file + targetPort: postgres diff --git a/kustomize/bases/prometheus/prometheus.yaml b/kustomize/bases/prometheus/prometheus.yaml index 97ac088..69b8380 100644 --- a/kustomize/bases/prometheus/prometheus.yaml +++ b/kustomize/bases/prometheus/prometheus.yaml @@ -12,8 +12,8 @@ spec: monitor: prometheus resources: requests: - cpu: 1000m - memory: 3Gi + cpu: 7500m + memory: 2Gi limits: - cpu: 2000m - memory: 3Gi \ No newline at end of file + cpu: 1000m + memory: 2Gi \ No newline at end of file diff --git a/kustomize/bases/redis/kustomization.yaml b/kustomize/bases/redis/kustomization.yaml new file mode 100644 index 0000000..1f0c79a --- /dev/null +++ b/kustomize/bases/redis/kustomization.yaml @@ -0,0 +1,9 @@ +resources: + - redis-deployment.yaml + +secretGenerator: + - name: redis-credentials + type: Opaque + behavior: create + literals: + - password=changeme diff --git a/kustomize/bases/redis/redis-deployment.yaml b/kustomize/bases/redis/redis-deployment.yaml new file mode 100644 index 0000000..2b4ef37 --- /dev/null +++ b/kustomize/bases/redis/redis-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + labels: + app.kubernetes.io/name: redis +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: redis + template: + metadata: + labels: + app.kubernetes.io/name: redis + spec: + containers: + - name: redis + image: redis + args: ["--requirepass", "$(REDIS_PASSWORD)"] + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-credentials + key: password + ports: + - name: redis + containerPort: 6379 + resources: + requests: + cpu: 500m + memory: 500Mi + limits: + cpu: 1000m + memory: 1Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + labels: + app.kubernetes.io/name: redis +spec: + selector: + app.kubernetes.io/name: redis + ports: + - name: redis + port: 6379 + targetPort: redis \ No newline at end of file diff --git a/kustomize/overlays/dev/kustomization.yaml b/kustomize/overlays/dev/kustomization.yaml index 5992f97..209277e 100644 --- a/kustomize/overlays/dev/kustomization.yaml +++ b/kustomize/overlays/dev/kustomization.yaml @@ -20,6 +20,8 @@ images: newtag: 22.1.0 - name: postgres newtag: 9.6.23 + - name: redis + newtag: 6.2.5 secretGenerator: - name: drone-secret @@ -36,7 +38,7 @@ secretGenerator: literals: - client_id=6c0c6878-baf1-4648-b0cf-69eeae69e692 - client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh - - name: postgres-credentials-secret + - name: postgres-credentials type: Opaque namespace: nextcloud behavior: replace diff --git a/kustomize/overlays/prod/kustomization.yaml b/kustomize/overlays/prod/kustomization.yaml index e54405d..0e9a8f1 100644 --- a/kustomize/overlays/prod/kustomization.yaml +++ b/kustomize/overlays/prod/kustomization.yaml @@ -20,6 +20,8 @@ images: newtag: 22.1.0 - name: postgres newtag: 9.6.23 + - name: redis + newtag: 6.2.5 secretGenerator: - name: drone-secret @@ -36,7 +38,7 @@ secretGenerator: literals: - client_id=${ssm:/k3s/prod/drone/gitea/client_id} - client_secret=${ssm:/k3s/prod/drone/gitea/client_secret} - - name: postgres-credentials-secret + - name: postgres-credentials type: Opaque namespace: nextcloud behavior: replace @@ -44,6 +46,12 @@ secretGenerator: - database=nextcloud - username=nextcloud - password=${ssm:/k3s/prod/nextcloud/postgres/password} + - name: redis-credentials + type: Opaque + namespace: nextcloud + behavior: replace + literals: + - password=${ssm:/k3s/prod/nextcloud/redis/password} # allow "kubectl apply -l managed-by=kustomize --prune ..." commonlabels: