optimize nextcloud somewhat
This commit is contained in:
parent
fcdfc5131a
commit
54e83287c9
4
Makefile
4
Makefile
|
|
@ -39,8 +39,8 @@ diff: $(environment)
|
|||
|
||||
.PHONY: apply
|
||||
apply: $(environment)
|
||||
$(KUBECTL) $(KUBECTLFLAGS) apply -l managed-by=kustomize-cluster -f $(ENVOUTDIR)
|
||||
$(KUBECTL) $(KUBECTLFLAGS) apply -l managed-by=kustomize -f $(ENVOUTDIR)
|
||||
$(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -l managed-by=kustomize-cluster -f $(ENVOUTDIR)
|
||||
$(KUBECTL) $(KUBECTLFLAGS) apply $(KUBECTLAPPLYFLAGS) -l managed-by=kustomize -f $(ENVOUTDIR)
|
||||
|
||||
.PHONY: all dev prod
|
||||
all: dev prod
|
||||
|
|
|
|||
|
|
@ -38,10 +38,10 @@ spec:
|
|||
containerPort: 3000
|
||||
resources:
|
||||
requests:
|
||||
cpu: 2000m
|
||||
memory: 2Gi
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
limits:
|
||||
cpu: 4000m
|
||||
cpu: 2000m
|
||||
memory: 2Gi
|
||||
---
|
||||
kind: Role
|
||||
|
|
|
|||
|
|
@ -49,10 +49,10 @@ spec:
|
|||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 500Mi
|
||||
memory: 250Mi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
cpu: 500m
|
||||
memory: 500Mi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
|
|
|
|||
|
|
@ -44,10 +44,10 @@ spec:
|
|||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 750Mi
|
||||
memory: 500Mi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
cpu: 750m
|
||||
memory: 750Mi
|
||||
volumeMounts:
|
||||
- name: gitea-pv
|
||||
mountPath: /data
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ resources:
|
|||
- gitea-ingress.yaml
|
||||
|
||||
# secretGenerator:
|
||||
# - name: postgres-credentials-secret
|
||||
# - name: postgres-credentials
|
||||
# type: Opaque
|
||||
# behavior: create
|
||||
# literals:
|
||||
|
|
|
|||
|
|
@ -29,22 +29,22 @@ spec:
|
|||
# - name: GF_DATABASE_HOST
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: postgres-credentials-secret
|
||||
# name: postgres-credentials
|
||||
# key: host
|
||||
# - name: GF_DATABASE_NAME
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: postgres-credentials-secret
|
||||
# name: postgres-credentials
|
||||
# key: database
|
||||
# - name: GF_DATABASE_USER
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: postgres-credentials-secret
|
||||
# name: postgres-credentials
|
||||
# key: username
|
||||
# - name: GF_DATABASE_PASSWORD
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: postgres-credentials-secret
|
||||
# name: postgres-credentials
|
||||
# key: password
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
|
|
@ -70,10 +70,10 @@ spec:
|
|||
resources:
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 750Mi
|
||||
memory: 500Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 1Gi
|
||||
memory: 750Mi
|
||||
volumeMounts:
|
||||
- name: grafana-datasources
|
||||
mountPath: /etc/grafana/provisioning/datasources
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ configMapGenerator:
|
|||
- datasources.yaml=provision/datasources.yaml
|
||||
|
||||
# secretGenerator:
|
||||
# - name: postgres-credentials-secret
|
||||
# - name: postgres-credentials
|
||||
# type: Opaque
|
||||
# behavior: create
|
||||
# literals:
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
bases:
|
||||
- ../postgres
|
||||
- ../redis
|
||||
|
||||
resources:
|
||||
- nextcloud-deployment.yaml
|
||||
- nextcloud-cronjob.yaml
|
||||
# - nextcloud-cronjob.yaml
|
||||
- nextcloud-ingress.yaml
|
||||
|
|
|
|||
|
|
@ -16,6 +16,17 @@ spec:
|
|||
labels:
|
||||
app.kubernetes.io/name: nextcloud
|
||||
spec:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
# prefer to not be on a server node (resource contention)
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: kubernetes.io/hostname
|
||||
operator: NotIn
|
||||
values:
|
||||
- k3s-s0
|
||||
containers:
|
||||
- name: nextcloud
|
||||
image: nextcloud
|
||||
|
|
@ -26,22 +37,29 @@ spec:
|
|||
fieldPath: metadata.namespace
|
||||
- name: TRUSTED_PROXIES
|
||||
value: 10.0.0.0/8
|
||||
- name: REDIS_HOST
|
||||
value: redis.$(NAMESPACE).svc.cluster.local
|
||||
- name: REDIS_HOST_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: redis-credentials
|
||||
key: password
|
||||
- name: POSTGRES_HOST
|
||||
value: postgres.$(NAMESPACE).svc.cluster.local
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-credentials-secret
|
||||
name: postgres-credentials
|
||||
key: database
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-credentials-secret
|
||||
name: postgres-credentials
|
||||
key: username
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-credentials-secret
|
||||
name: postgres-credentials
|
||||
key: password
|
||||
ports:
|
||||
- name: http
|
||||
|
|
@ -49,13 +67,26 @@ spec:
|
|||
resources:
|
||||
requests:
|
||||
cpu: 750m
|
||||
memory: 750Mi
|
||||
memory: 1Gi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
volumeMounts:
|
||||
- name: nextcloud-pv
|
||||
mountPath: /var/www/html
|
||||
# - name: nextcloud-cron
|
||||
# image: nextcloud
|
||||
# command: ['crond']
|
||||
# securityContext:
|
||||
# runAsUser: 33
|
||||
# runAsGroup: 33
|
||||
# volumeMounts:
|
||||
# - name: nextcloud-pv
|
||||
# mountPath: /var/www/html
|
||||
# resources:
|
||||
# limits:
|
||||
# cpu: 250m
|
||||
# memory: 250Mi
|
||||
volumes:
|
||||
- name: nextcloud-pv
|
||||
persistentVolumeClaim:
|
||||
|
|
@ -84,4 +115,4 @@ spec:
|
|||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: http
|
||||
targetPort: http
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ resources:
|
|||
- postgres-statefulset.yaml
|
||||
|
||||
secretGenerator:
|
||||
- name: postgres-credentials-secret
|
||||
- name: postgres-credentials
|
||||
type: Opaque
|
||||
behavior: create
|
||||
literals:
|
||||
|
|
|
|||
|
|
@ -22,17 +22,17 @@ spec:
|
|||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-credentials-secret
|
||||
name: postgres-credentials
|
||||
key: database
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-credentials-secret
|
||||
name: postgres-credentials
|
||||
key: username
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-credentials-secret
|
||||
name: postgres-credentials
|
||||
key: password
|
||||
- name: PGDATA
|
||||
value: /data/pgdata
|
||||
|
|
@ -41,11 +41,11 @@ spec:
|
|||
containerPort: 5432
|
||||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 2Gi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 3Gi
|
||||
memory: 1Gi
|
||||
limits:
|
||||
cpu: 1500m
|
||||
memory: 2Gi
|
||||
volumeMounts:
|
||||
- name: postgres-pvc
|
||||
mountPath: /data
|
||||
|
|
@ -53,7 +53,8 @@ spec:
|
|||
- metadata:
|
||||
name: postgres-pvc
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 3Gi
|
||||
|
|
@ -70,4 +71,4 @@ spec:
|
|||
ports:
|
||||
- name: postgres
|
||||
port: 5432
|
||||
targetPort: postgres
|
||||
targetPort: postgres
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@ spec:
|
|||
monitor: prometheus
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1000m
|
||||
memory: 3Gi
|
||||
cpu: 7500m
|
||||
memory: 2Gi
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 3Gi
|
||||
cpu: 1000m
|
||||
memory: 2Gi
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
resources:
|
||||
- redis-deployment.yaml
|
||||
|
||||
secretGenerator:
|
||||
- name: redis-credentials
|
||||
type: Opaque
|
||||
behavior: create
|
||||
literals:
|
||||
- password=changeme
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: redis
|
||||
labels:
|
||||
app.kubernetes.io/name: redis
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: redis
|
||||
spec:
|
||||
containers:
|
||||
- name: redis
|
||||
image: redis
|
||||
args: ["--requirepass", "$(REDIS_PASSWORD)"]
|
||||
env:
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: redis-credentials
|
||||
key: password
|
||||
ports:
|
||||
- name: redis
|
||||
containerPort: 6379
|
||||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 500Mi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: redis
|
||||
labels:
|
||||
app.kubernetes.io/name: redis
|
||||
spec:
|
||||
selector:
|
||||
app.kubernetes.io/name: redis
|
||||
ports:
|
||||
- name: redis
|
||||
port: 6379
|
||||
targetPort: redis
|
||||
|
|
@ -20,6 +20,8 @@ images:
|
|||
newtag: 22.1.0
|
||||
- name: postgres
|
||||
newtag: 9.6.23
|
||||
- name: redis
|
||||
newtag: 6.2.5
|
||||
|
||||
secretGenerator:
|
||||
- name: drone-secret
|
||||
|
|
@ -36,7 +38,7 @@ secretGenerator:
|
|||
literals:
|
||||
- client_id=6c0c6878-baf1-4648-b0cf-69eeae69e692
|
||||
- client_secret=Q78VsgyfgTzKrvQEmokEMj84g7epKrlBpmDjcbhKXCIh
|
||||
- name: postgres-credentials-secret
|
||||
- name: postgres-credentials
|
||||
type: Opaque
|
||||
namespace: nextcloud
|
||||
behavior: replace
|
||||
|
|
|
|||
|
|
@ -20,6 +20,8 @@ images:
|
|||
newtag: 22.1.0
|
||||
- name: postgres
|
||||
newtag: 9.6.23
|
||||
- name: redis
|
||||
newtag: 6.2.5
|
||||
|
||||
secretGenerator:
|
||||
- name: drone-secret
|
||||
|
|
@ -36,7 +38,7 @@ secretGenerator:
|
|||
literals:
|
||||
- client_id=${ssm:/k3s/prod/drone/gitea/client_id}
|
||||
- client_secret=${ssm:/k3s/prod/drone/gitea/client_secret}
|
||||
- name: postgres-credentials-secret
|
||||
- name: postgres-credentials
|
||||
type: Opaque
|
||||
namespace: nextcloud
|
||||
behavior: replace
|
||||
|
|
@ -44,6 +46,12 @@ secretGenerator:
|
|||
- database=nextcloud
|
||||
- username=nextcloud
|
||||
- password=${ssm:/k3s/prod/nextcloud/postgres/password}
|
||||
- name: redis-credentials
|
||||
type: Opaque
|
||||
namespace: nextcloud
|
||||
behavior: replace
|
||||
literals:
|
||||
- password=${ssm:/k3s/prod/nextcloud/redis/password}
|
||||
|
||||
# allow "kubectl apply -l managed-by=kustomize --prune ..."
|
||||
commonlabels:
|
||||
|
|
|
|||
Loading…
Reference in New Issue