badjware
/
home-stack-kustomize
1
0
Fork 0
Code Releases Activity

optimize nextcloud somewhat

This commit is contained in:
Massaki Archambault 2021-08-27 23:54:21 -04:00
parent fcdfc5131a
commit 54e83287c9
16 changed files with 143 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -39,8 +39,8 @@ diff: $(environment)
.PHONY: apply .PHONY: apply
apply: $(environment) apply: $(environment)
$(KUBECTL) $(KUBECTLFLAGS) apply -l managed-by=kustomize-cluster -f $(ENVOUTDIR) $(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -l managed-by=kustomize-cluster -f $(ENVOUTDIR)
$(KUBECTL) $(KUBECTLFLAGS) apply -l managed-by=kustomize -f $(ENVOUTDIR) $(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -l managed-by=kustomize -f $(ENVOUTDIR)
.PHONY: all dev prod .PHONY: all dev prod
all: dev prod all: dev prod

6
kustomize/bases/drone/drone-runner-deployment.yaml
View File

@ -38,10 +38,10 @@ spec:
containerPort: 3000 containerPort: 3000
resources: resources:
requests: requests:
cpu: 2000m cpu: 1000m
memory: 2Gi memory: 1Gi
limits: limits:
cpu: 4000m cpu: 2000m
memory: 2Gi memory: 2Gi
--- ---
kind: Role kind: Role

6
kustomize/bases/drone/drone-server-deployment.yaml
View File

@ -49,10 +49,10 @@ spec:
resources: resources:
requests: requests:
cpu: 500m cpu: 500m
memory: 500Mi memory: 250Mi
limits: limits:
cpu: 1000m cpu: 500m
memory: 1Gi memory: 500Mi
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service

6
kustomize/bases/gitea/gitea-deployment.yaml
View File

@ -44,10 +44,10 @@ spec:
resources: resources:
requests: requests:
cpu: 500m cpu: 500m
memory: 750Mi memory: 500Mi
limits: limits:
cpu: 1000m cpu: 750m
memory: 1Gi memory: 750Mi
volumeMounts: volumeMounts:
- name: gitea-pv - name: gitea-pv
mountPath: /data mountPath: /data

2
kustomize/bases/gitea/kustomization.yaml
View File

@ -3,7 +3,7 @@ resources:
- gitea-ingress.yaml - gitea-ingress.yaml
# secretGenerator: # secretGenerator:
# - name: postgres-credentials-secret # - name: postgres-credentials
# type: Opaque # type: Opaque
# behavior: create # behavior: create
# literals: # literals:

12
kustomize/bases/grafana/grafana-deployment.yaml
View File

@ -29,22 +29,22 @@ spec:
# - name: GF_DATABASE_HOST # - name: GF_DATABASE_HOST
# valueFrom: # valueFrom:
# secretKeyRef: # secretKeyRef:
# name: postgres-credentials-secret # name: postgres-credentials
# key: host # key: host
# - name: GF_DATABASE_NAME # - name: GF_DATABASE_NAME
# valueFrom: # valueFrom:
# secretKeyRef: # secretKeyRef:
# name: postgres-credentials-secret # name: postgres-credentials
# key: database # key: database
# - name: GF_DATABASE_USER # - name: GF_DATABASE_USER
# valueFrom: # valueFrom:
# secretKeyRef: # secretKeyRef:
# name: postgres-credentials-secret # name: postgres-credentials
# key: username # key: username
# - name: GF_DATABASE_PASSWORD # - name: GF_DATABASE_PASSWORD
# valueFrom: # valueFrom:
# secretKeyRef: # secretKeyRef:
# name: postgres-credentials-secret # name: postgres-credentials
# key: password # key: password
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@ -70,10 +70,10 @@ spec:
resources: resources:
requests: requests:
cpu: 250m cpu: 250m
memory: 750Mi memory: 500Mi
limits: limits:
cpu: 500m cpu: 500m
memory: 1Gi memory: 750Mi
volumeMounts: volumeMounts:
- name: grafana-datasources - name: grafana-datasources
mountPath: /etc/grafana/provisioning/datasources mountPath: /etc/grafana/provisioning/datasources

2
kustomize/bases/grafana/kustomization.yaml
View File

@ -8,7 +8,7 @@ configMapGenerator:
- datasources.yaml=provision/datasources.yaml - datasources.yaml=provision/datasources.yaml
# secretGenerator: # secretGenerator:
# - name: postgres-credentials-secret # - name: postgres-credentials
# type: Opaque # type: Opaque
# behavior: create # behavior: create
# literals: # literals:

3
kustomize/bases/nextcloud/kustomization.yaml
View File

@ -1,7 +1,8 @@
bases: bases:
- ../postgres - ../postgres
- ../redis
resources: resources:
- nextcloud-deployment.yaml - nextcloud-deployment.yaml
- nextcloud-cronjob.yaml # - nextcloud-cronjob.yaml
- nextcloud-ingress.yaml - nextcloud-ingress.yaml

39
kustomize/bases/nextcloud/nextcloud-deployment.yaml
View File

@ -16,6 +16,17 @@ spec:
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
spec: spec:
affinity:
nodeAffinity:
# prefer to not be on a server node (resource contention)
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/hostname
operator: NotIn
values:
- k3s-s0
containers: containers:
- name: nextcloud - name: nextcloud
image: nextcloud image: nextcloud
@ -26,22 +37,29 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: TRUSTED_PROXIES - name: TRUSTED_PROXIES
value: 10.0.0.0/8 value: 10.0.0.0/8
- name: REDIS_HOST
value: redis.$(NAMESPACE).svc.cluster.local
- name: REDIS_HOST_PASSWORD
valueFrom:
secretKeyRef:
name: redis-credentials
key: password
- name: POSTGRES_HOST - name: POSTGRES_HOST
value: postgres.$(NAMESPACE).svc.cluster.local value: postgres.$(NAMESPACE).svc.cluster.local
- name: POSTGRES_DB - name: POSTGRES_DB
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-credentials-secret name: postgres-credentials
key: database key: database
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-credentials-secret name: postgres-credentials
key: username key: username
- name: POSTGRES_PASSWORD - name: POSTGRES_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-credentials-secret name: postgres-credentials
key: password key: password
ports: ports:
- name: http - name: http
@ -49,13 +67,26 @@ spec:
resources: resources:
requests: requests:
cpu: 750m cpu: 750m
memory: 750Mi memory: 1Gi
limits: limits:
cpu: 1000m cpu: 1000m
memory: 1Gi memory: 1Gi
volumeMounts: volumeMounts:
- name: nextcloud-pv - name: nextcloud-pv
mountPath: /var/www/html mountPath: /var/www/html
# - name: nextcloud-cron
# image: nextcloud
# command: ['crond']
# securityContext:
# runAsUser: 33
# runAsGroup: 33
# volumeMounts:
# - name: nextcloud-pv
# mountPath: /var/www/html
# resources:
# limits:
# cpu: 250m
# memory: 250Mi
volumes: volumes:
- name: nextcloud-pv - name: nextcloud-pv
persistentVolumeClaim: persistentVolumeClaim:

2
kustomize/bases/postgres/kustomization.yaml
View File

@ -2,7 +2,7 @@ resources:
- postgres-statefulset.yaml - postgres-statefulset.yaml
secretGenerator: secretGenerator:
- name: postgres-credentials-secret - name: postgres-credentials
type: Opaque type: Opaque
behavior: create behavior: create
literals: literals:

17
kustomize/bases/postgres/postgres-statefulset.yaml
View File

@ -22,17 +22,17 @@ spec:
- name: POSTGRES_DB - name: POSTGRES_DB
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-credentials-secret name: postgres-credentials
key: database key: database
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-credentials-secret name: postgres-credentials
key: username key: username
- name: POSTGRES_PASSWORD - name: POSTGRES_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: postgres-credentials-secret name: postgres-credentials
key: password key: password
- name: PGDATA - name: PGDATA
value: /data/pgdata value: /data/pgdata
@ -41,11 +41,11 @@ spec:
containerPort: 5432 containerPort: 5432
resources: resources:
requests: requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 1000m cpu: 1000m
memory: 3Gi memory: 1Gi
limits:
cpu: 1500m
memory: 2Gi
volumeMounts: volumeMounts:
- name: postgres-pvc - name: postgres-pvc
mountPath: /data mountPath: /data
@ -53,7 +53,8 @@ spec:
- metadata: - metadata:
name: postgres-pvc name: postgres-pvc
spec: spec:
accessModes: ["ReadWriteOnce"] accessModes:
- ReadWriteOnce
resources: resources:
requests: requests:
storage: 3Gi storage: 3Gi

8
kustomize/bases/prometheus/prometheus.yaml
View File

@ -12,8 +12,8 @@ spec:
monitor: prometheus monitor: prometheus
resources: resources:
requests: requests:
cpu: 1000m cpu: 7500m
memory: 3Gi memory: 2Gi
limits: limits:
cpu: 2000m cpu: 1000m
memory: 3Gi memory: 2Gi

9
kustomize/bases/redis/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
resources:
- redis-deployment.yaml
secretGenerator:
- name: redis-credentials
type: Opaque
behavior: create
literals:
- password=changeme

50
kustomize/bases/redis/redis-deployment.yaml Normal file
View File

@ -0,0 +1,50 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
labels:
app.kubernetes.io/name: redis
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: redis
template:
metadata:
labels:
app.kubernetes.io/name: redis
spec:
containers:
- name: redis
image: redis
args: ["--requirepass", "$(REDIS_PASSWORD)"]
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-credentials
key: password
ports:
- name: redis
containerPort: 6379
resources:
requests:
cpu: 500m
memory: 500Mi
limits:
cpu: 1000m
memory: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: redis
labels:
app.kubernetes.io/name: redis
spec:
selector:
app.kubernetes.io/name: redis
ports:
- name: redis
port: 6379
targetPort: redis

4
kustomize/overlays/dev/kustomization.yaml
View File

@ -20,6 +20,8 @@ images:
newtag: 22.1.0 newtag: 22.1.0
- name: postgres - name: postgres
newtag: 9.6.23 newtag: 9.6.23
- name: redis
newtag: 6.2.5
secretGenerator: secretGenerator:
- name: drone-secret - name: drone-secret
@ -36,7 +38,7 @@ secretGenerator:
literals: literals:
- client_id=6c0c6878-baf1-4648-b0cf-69eeae69e692 - client_id=6c0c6878-baf1-4648-b0cf-69eeae69e692
- client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh - client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh
- name: postgres-credentials-secret - name: postgres-credentials
type: Opaque type: Opaque
namespace: nextcloud namespace: nextcloud
behavior: replace behavior: replace

10
kustomize/overlays/prod/kustomization.yaml
View File

@ -20,6 +20,8 @@ images:
newtag: 22.1.0 newtag: 22.1.0
- name: postgres - name: postgres
newtag: 9.6.23 newtag: 9.6.23
- name: redis
newtag: 6.2.5
secretGenerator: secretGenerator:
- name: drone-secret - name: drone-secret
@ -36,7 +38,7 @@ secretGenerator:
literals: literals:
- client_id=${ssm:/k3s/prod/drone/gitea/client_id} - client_id=${ssm:/k3s/prod/drone/gitea/client_id}
- client_secret=${ssm:/k3s/prod/drone/gitea/client_secret} - client_secret=${ssm:/k3s/prod/drone/gitea/client_secret}
- name: postgres-credentials-secret - name: postgres-credentials
type: Opaque type: Opaque
namespace: nextcloud namespace: nextcloud
behavior: replace behavior: replace
@ -44,6 +46,12 @@ secretGenerator:
- database=nextcloud - database=nextcloud
- username=nextcloud - username=nextcloud
- password=${ssm:/k3s/prod/nextcloud/postgres/password} - password=${ssm:/k3s/prod/nextcloud/postgres/password}
- name: redis-credentials
type: Opaque
namespace: nextcloud
behavior: replace
literals:
- password=${ssm:/k3s/prod/nextcloud/redis/password}
# allow "kubectl apply -l managed-by=kustomize --prune ..." # allow "kubectl apply -l managed-by=kustomize --prune ..."
commonlabels: commonlabels: