From 35b9d46c344140fe29059ba592566988d57c2c1a Mon Sep 17 00:00:00 2001
From: Finn <finn@finn.io>
Date: Wed, 7 Aug 2024 18:51:51 -0700
Subject: [PATCH] Add snipe-it

---
 k8s/snipeit/database.yaml      | 73 ++++++++++++++++++++++++++++++++++
 k8s/snipeit/ingress.yaml       | 34 ++++++++++++++++
 k8s/snipeit/kustomization.yaml | 30 ++++++++++++++
 k8s/snipeit/namespace.yaml     |  4 ++
 k8s/snipeit/statefulset.yaml   | 47 ++++++++++++++++++++++
 5 files changed, 188 insertions(+)
 create mode 100644 k8s/snipeit/database.yaml
 create mode 100644 k8s/snipeit/ingress.yaml
 create mode 100644 k8s/snipeit/kustomization.yaml
 create mode 100644 k8s/snipeit/namespace.yaml
 create mode 100644 k8s/snipeit/statefulset.yaml

diff --git a/k8s/snipeit/database.yaml b/k8s/snipeit/database.yaml
new file mode 100644
index 0000000..3bd0859
--- /dev/null
+++ b/k8s/snipeit/database.yaml
@@ -0,0 +1,73 @@
+# Headless service for stable DNS entries of StatefulSet members.
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+spec:
+  ports:
+  - name: mysql
+    port: 3306
+  clusterIP: None
+  selector:
+    app: mysql
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mysql
+spec:
+  selector:
+    matchLabels:
+      app: mysql
+  serviceName: mysql
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mysql
+    spec:
+      containers:
+      - name: mysql
+        image: mysql:8
+        envFrom:
+          - secretRef:
+              name: mysql
+        env:
+        - name: MYSQL_ALLOW_EMPTY_PASSWORD
+          value: "1"
+        - name: MYSQL_USER
+          value: snipe
+        - name: MYSQL_DATABASE
+          value: snipe
+        ports:
+        - name: mysql
+          containerPort: 3306
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/mysql
+          subPath: mysql
+        resources:
+          requests:
+            cpu: 500m
+            memory: 500Mi
+        livenessProbe:
+          exec:
+            command: ["mysqladmin", "ping"]
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+        readinessProbe:
+          exec:
+            # Check we can execute queries over TCP (skip-networking is off).
+            command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"]
+          initialDelaySeconds: 5
+          periodSeconds: 2
+          timeoutSeconds: 1
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 10Gi
diff --git a/k8s/snipeit/ingress.yaml b/k8s/snipeit/ingress.yaml
new file mode 100644
index 0000000..c693ef7
--- /dev/null
+++ b/k8s/snipeit/ingress.yaml
@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: snipe
+spec:
+  selector:
+    app: snipe
+  ports:
+  - port: 80
+    targetPort: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: snipe
+  labels:
+    name: snipe
+  annotations:
+     cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  tls:
+    - hosts: [snipe.herzfeld.casa]
+      secretName: snipe.herzfeld.casa
+  rules:
+  - host: snipe.herzfeld.casa
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: snipe
+            port:
+              number: 80
diff --git a/k8s/snipeit/kustomization.yaml b/k8s/snipeit/kustomization.yaml
new file mode 100644
index 0000000..4c63bac
--- /dev/null
+++ b/k8s/snipeit/kustomization.yaml
@@ -0,0 +1,30 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: snipeit
+resources:
+  - namespace.yaml
+  - database.yaml
+  - statefulset.yaml
+  - ingress.yaml
+  - secrets.yaml
+configMapGenerator:
+  - name: snipe-config
+    literals:
+      - MYSQL_DATABASE=snipe
+      - MYSQL_USER=snipe
+      - DB_CONNECTION=mysql
+      - DB_HOST=mysql
+      - APP_URL=https://snipe.herzfeld.casa
+      - APP_TIMEZONE=US/Pacific
+      - APP_LOCALE=en-US
+      - MAIL_MAILER=smtp
+      - MAIL_HOST=mx1.janky.email
+      - MAIL_PORT=587
+      - MAIL_ENV_FROM_ADDR=snipe@herzfeld.casa
+      - MAIL_ENV_FROM_NAME=Herzfeld Stuff Management
+      - MAIL_ENV_ENCRYPTION=tls
+      - MAIL_USERNAME=snipe@herzfeld.casa
+      - MAIL_TLS_VERIFY_PEER=true
+      - ENABLE_HSTS=true
+      - APP_TRUSTED_PROXIES=10.42.0.0/24
+      - SECURE_COOKIES=true
diff --git a/k8s/snipeit/namespace.yaml b/k8s/snipeit/namespace.yaml
new file mode 100644
index 0000000..f360bbb
--- /dev/null
+++ b/k8s/snipeit/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: snipeit
diff --git a/k8s/snipeit/statefulset.yaml b/k8s/snipeit/statefulset.yaml
new file mode 100644
index 0000000..d4cf0d6
--- /dev/null
+++ b/k8s/snipeit/statefulset.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: snipe
+spec:
+  selector:
+    matchLabels:
+      app: snipe
+  serviceName: snipe
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: snipe
+    spec:
+      securityContext:
+        fsGroup: 33
+        fsGroupChangePolicy: "OnRootMismatch"
+      containers:
+      - name: snipe
+        image: snipe/snipe-it:latest
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: storage
+          mountPath: /var/lib/snipeit
+        - name: logs
+          mountPath: /var/www/html/storage/logs
+        envFrom:
+          - configMapRef:
+              name: snipe-config
+          - secretRef:
+              name: mysql
+          - secretRef:
+              name: snipe
+      volumes:
+        - name: logs
+          emptyDir: {}
+  volumeClaimTemplates:
+  - metadata:
+      name: storage
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 5Gi