break up shlink into components, add cron job, add TLS cert for ingress

k8s/shlink/cron.yaml

@@ -0,0 +1,54 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: shlink
+spec:
+  schedule: "0 0 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: shlink-cron
+          containers:
+          - name: kubectl
+            image: bitnami/kubectl:latest
+            args:
+              - -n
+              - shlink
+              - exec
+              - shlink-0
+              - --
+              - bin/cli
+              - short-url:delete-expired
+              - -n
+          restartPolicy: OnFailure
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: shlink-cron
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: shlink-exec
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get"]
+
+  - apiGroups: [""]
+    resources: ["pods/exec"]
+    verbs: ["create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: shlink-exec
+subjects:
+- kind: ServiceAccount
+  name: shlink-cron
+roleRef:
+  kind: Role
+  name: shlink-exec
+  apiGroup: rbac.authorization.k8s.io

k8s/shlink/ingress.yaml

@@ -0,0 +1,43 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: shlink
+  annotations:
+     cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  tls:
+    - hosts: [s.janky.bot, dl.janky.bot]
+      secretName: s.janky.bot
+  rules:
+    - host: s.janky.bot
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name:  shlink
+                port:
+                  name: web
+    - host: dl.janky.bot
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name:  shlink
+                port:
+                  name: web
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: shlink
+  namespace: shlink
+spec:
+  ports:
+  - name: web
+    port: 8080
+  selector:
+    app: shlink

k8s/shlink/kustomization.yaml

@@ -4,3 +4,5 @@ namespace: shlink
 resources:
   - namespace.yaml
   - shlink.yaml
+  - ingress.yaml
+  - cron.yaml

k8s/shlink/shlink.yaml

@@ -1,43 +1,3 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: shlink
-  namespace: shlink
-spec:
-  rules:
-    - host: s.janky.bot
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name:  shlink
-                port:
-                  name: web
-    - host: dl.janky.bot
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name:  shlink
-                port:
-                  name: web
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: shlink
-  namespace: shlink
-spec:
-  ports:
-  - name: web
-    port: 8080
-  selector:
-    app: shlink
----
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@@ -61,9 +21,15 @@ spec:
         ports:
           - name: web
             containerPort: 8080
-        envFrom:
-          - configMapRef:
-              name: shlink
+        env:
+          - name: DEFAULT_DOMAIN
+            value: s.janky.bot
+          - name: IS_HTTPS_ENABLED
+            value: "true"
+          - name: DISABLE_TRACKING
+            value: "true"
+          - name: RR_NUM_WORKERS
+            value: "2"
         volumeMounts:
           - name: storage
             mountPath: /etc/shlink/data
@@ -75,14 +41,3 @@ spec:
       resources:
         requests:
           storage: 1Gi
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: shlink
-  namespace: shlink
-data:
-  DEFAULT_DOMAIN: s.janky.bot
-  IS_HTTPS_ENABLED: "true"
-  DISABLE_TRACKING: "true"
-  RR_NUM_WORKERS: "2"