From ed90e1e7cc64e0aed85b0dead507fc4f45f49d37 Mon Sep 17 00:00:00 2001 From: Finn Date: Thu, 18 Jul 2024 00:42:20 -0700 Subject: [PATCH] break up shlink into components, add cron job, add TLS cert for ingress --- k8s/shlink/cron.yaml | 54 ++++++++++++++++++++++++++++++ k8s/shlink/ingress.yaml | 43 ++++++++++++++++++++++++ k8s/shlink/kustomization.yaml | 6 ++-- k8s/shlink/shlink.yaml | 63 +++++------------------------------ 4 files changed, 110 insertions(+), 56 deletions(-) create mode 100644 k8s/shlink/cron.yaml create mode 100644 k8s/shlink/ingress.yaml diff --git a/k8s/shlink/cron.yaml b/k8s/shlink/cron.yaml new file mode 100644 index 0000000..1049f1b --- /dev/null +++ b/k8s/shlink/cron.yaml @@ -0,0 +1,54 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: shlink +spec: + schedule: "0 0 * * *" + jobTemplate: + spec: + template: + spec: + serviceAccountName: shlink-cron + containers: + - name: kubectl + image: bitnami/kubectl:latest + args: + - -n + - shlink + - exec + - shlink-0 + - -- + - bin/cli + - short-url:delete-expired + - -n + restartPolicy: OnFailure +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: shlink-cron +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: shlink-exec +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: shlink-exec +subjects: +- kind: ServiceAccount + name: shlink-cron +roleRef: + kind: Role + name: shlink-exec + apiGroup: rbac.authorization.k8s.io diff --git a/k8s/shlink/ingress.yaml b/k8s/shlink/ingress.yaml new file mode 100644 index 0000000..13b5159 --- /dev/null +++ b/k8s/shlink/ingress.yaml @@ -0,0 +1,43 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: shlink + annotations: + cert-manager.io/cluster-issuer: letsencrypt +spec: + tls: + - hosts: [s.janky.bot, dl.janky.bot] + secretName: s.janky.bot + rules: + - host: s.janky.bot + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: shlink + port: + name: web + - host: dl.janky.bot + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: shlink + port: + name: web +--- +apiVersion: v1 +kind: Service +metadata: + name: shlink + namespace: shlink +spec: + ports: + - name: web + port: 8080 + selector: + app: shlink diff --git a/k8s/shlink/kustomization.yaml b/k8s/shlink/kustomization.yaml index d0563ce..a41a7a3 100644 --- a/k8s/shlink/kustomization.yaml +++ b/k8s/shlink/kustomization.yaml @@ -2,5 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: shlink resources: - - namespace.yaml - - shlink.yaml + - namespace.yaml + - shlink.yaml + - ingress.yaml + - cron.yaml diff --git a/k8s/shlink/shlink.yaml b/k8s/shlink/shlink.yaml index 9eb839b..69c1ad2 100644 --- a/k8s/shlink/shlink.yaml +++ b/k8s/shlink/shlink.yaml @@ -1,43 +1,3 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: shlink - namespace: shlink -spec: - rules: - - host: s.janky.bot - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: shlink - port: - name: web - - host: dl.janky.bot - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: shlink - port: - name: web ---- -apiVersion: v1 -kind: Service -metadata: - name: shlink - namespace: shlink -spec: - ports: - - name: web - port: 8080 - selector: - app: shlink ---- apiVersion: apps/v1 kind: StatefulSet metadata: @@ -61,9 +21,15 @@ spec: ports: - name: web containerPort: 8080 - envFrom: - - configMapRef: - name: shlink + env: + - name: DEFAULT_DOMAIN + value: s.janky.bot + - name: IS_HTTPS_ENABLED + value: "true" + - name: DISABLE_TRACKING + value: "true" + - name: RR_NUM_WORKERS + value: "2" volumeMounts: - name: storage mountPath: /etc/shlink/data @@ -75,14 +41,3 @@ spec: resources: requests: storage: 1Gi ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: shlink - namespace: shlink -data: - DEFAULT_DOMAIN: s.janky.bot - IS_HTTPS_ENABLED: "true" - DISABLE_TRACKING: "true" - RR_NUM_WORKERS: "2"