From ab2d804a27da3fdae151e6fa5e1eb143348215d0 Mon Sep 17 00:00:00 2001
From: Jonathan Leech-Pepin <jonathan@leechpepin.com>
Date: Sat, 3 May 2025 23:57:47 -0400
Subject: [PATCH] Add comentario comments
---
.../comentario/extra/gatus-endpoints.yaml | 27 ++++
namespaces/apps/comentario/kustomization.yaml | 151 ++++++++++++++++++
.../apps/comentario/patches/deployment.yaml | 52 ++++++
namespaces/apps/comentario/patches/pvc.yaml | 5 +
.../apps/comentario/patches/secret.yaml | 46 ++++++
5 files changed, 281 insertions(+)
create mode 100644 namespaces/apps/comentario/extra/gatus-endpoints.yaml
create mode 100644 namespaces/apps/comentario/kustomization.yaml
create mode 100644 namespaces/apps/comentario/patches/deployment.yaml
create mode 100644 namespaces/apps/comentario/patches/pvc.yaml
create mode 100644 namespaces/apps/comentario/patches/secret.yaml
diff --git a/namespaces/apps/comentario/extra/gatus-endpoints.yaml b/namespaces/apps/comentario/extra/gatus-endpoints.yaml
new file mode 100644
index 0000000..f47a99c
--- /dev/null
+++ b/namespaces/apps/comentario/extra/gatus-endpoints.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ homelab.kubernetes.io/k8s-sidecar: gatus
+ name: gatus-endpoints
+data:
+ comentario-internal-gatus-endpoints.yaml: |
+ endpoints:
+ - name: Comentario
+ url: http://comentario-svc.monitoring.svc.cluster.local/
+ group: Internal/Monitoring
+ interval: 5m
+ alerts:
+ - type: ntfy
+ conditions:
+ - "[STATUS] == 200"
+ comentario-external-gatus-endpoints.yaml: |
+ endpoints:
+ - name: Comentario
+ url: https://comments.leechpepin.com/
+ group: External
+ interval: 5m
+ alerts:
+ - type: ntfy
+ conditions:
+ - "[STATUS] == 200"
diff --git a/namespaces/apps/comentario/kustomization.yaml b/namespaces/apps/comentario/kustomization.yaml
new file mode 100644
index 0000000..3338c49
--- /dev/null
+++ b/namespaces/apps/comentario/kustomization.yaml
@@ -0,0 +1,151 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+ - |-
+ apiVersion: builtin
+ kind: NamespaceTransformer
+ metadata:
+ name: notImportantHere
+ namespace: apps
+ unsetOnly: true
+
+namePrefix: comentario-
+resources:
+ - ../../../kustomize/bases/deployment/
+
+patches:
+ - path: patches/deployment.yaml
+ target:
+ kind: Deployment
+ name: app
+ - path: patches/secret.yaml
+ target:
+ kind: InfisicalSecret
+ name: secrets
+ - path: patches/pvc.yaml
+ target:
+ kind: PersistentVolumeClaim
+ name: pvc
+
+labels:
+ - includeSelectors: true
+ pairs:
+ app.kubernetes.io/appName: comentario
+ - pairs:
+ app.kubernetes.io/appNamespace: apps
+ - pairs:
+ app.kubernetes.io/routePrefix: comments
+
+configMapGenerator:
+ - name: config
+ literals:
+ - HOST="0.0.0.0"
+ - PORT="80"
+ - SECRETS_FILE="/comentario-secrets/secrets.yaml"
+ - BASE_URL="https://comments.leechpepin.com"
+ - SUPERUSER="jonathan@leechpepin.com"
+
+replacements:
+ # Service
+ - source:
+ kind: Deployment
+ name: app
+ fieldPath: metadata.labels.[app.kubernetes.io/appName]
+ targets:
+ - select:
+ kind: Service
+ fieldPaths:
+ - spec.ports.0.name
+ - spec.ports.0.targetPort
+ - source:
+ kind: Deployment
+ name: app
+ fieldPath: spec.template.spec.containers.0.ports.0.containerPort
+ targets:
+ - select:
+ kind: Service
+ fieldPaths:
+ - spec.ports.0.port
+ # Secrets
+ - source:
+ kind: Deployment
+ name: app
+ fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
+ targets:
+ - select:
+ kind: InfisicalSecret
+ fieldPaths:
+ - spec.managedSecretReference.secretNamespace
+ - select:
+ kind: InfisicalSecret
+ options:
+ delimiter: "/"
+ index: 1
+ fieldPaths:
+ - spec.authentication.universalAuth.secretsScope.secretsPath
+ - source:
+ kind: Deployment
+ name: app
+ fieldPath: metadata.labels.[app.kubernetes.io/appName]
+ targets:
+ - select:
+ kind: InfisicalSecret
+ options:
+ delimiter: "-"
+ index: 0
+ fieldPaths:
+ - spec.managedSecretReference.secretName
+ - select:
+ kind: InfisicalSecret
+ options:
+ delimiter: "/"
+ index: 2
+ fieldPaths:
+ - spec.authentication.universalAuth.secretsScope.secretsPath
+ # HTTP Route
+ - source:
+ kind: Service
+ name: svc
+ targets:
+ - select:
+ kind: HTTPRoute
+ options:
+ create: true
+ fieldPaths:
+ - spec.rules.0.backendRefs.0.name
+ - source:
+ kind: Deployment
+ name: app
+ fieldPath: metadata.labels.[app.kubernetes.io/appName]
+ targets:
+ - select:
+ kind: HTTPRoute
+ options:
+ create: true
+ delimiter: "."
+ index: 0
+ fieldPaths:
+ - spec.hostnames.0
+ - source:
+ kind: Deployment
+ name: app
+ fieldPath: spec.template.spec.containers.0.ports.0.containerPort
+ targets:
+ - select:
+ kind: HTTPRoute
+ fieldPaths:
+ - spec.rules.0.backendRefs.0.port
+ - source:
+ kind: Deployment
+ name: app
+ fieldPath: metadata.labels.[app.kubernetes.io/routePrefix]
+ targets:
+ - select:
+ kind: HTTPRoute
+ options:
+ create: true
+ delimiter: "."
+ index: 0
+ fieldPaths:
+ - spec.hostnames.0
diff --git a/namespaces/apps/comentario/patches/deployment.yaml b/namespaces/apps/comentario/patches/deployment.yaml
new file mode 100644
index 0000000..1959e7c
--- /dev/null
+++ b/namespaces/apps/comentario/patches/deployment.yaml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: app
+spec:
+ template:
+ spec:
+ tolerations:
+ - key: "public"
+ operator: "Equal"
+ value: "true"
+ effect: "NoSchedule"
+ affinity:
+ nodeAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ preference:
+ matchExpressions:
+ - key: public
+ operator: In
+ values:
+ - "true"
+ containers:
+ - image: registry.gitlab.com/comentario/comentario:v3.13.1
+ imagePullPolicy: IfNotPresent
+ name: comentario
+ ports:
+ - containerPort: 80
+ name: comentario
+ protocol: TCP
+ envFrom:
+ - configMapRef:
+ name: comentario-config
+ resources:
+ limits:
+ cpu: 500m
+ memory: 200Mi
+ livenessProbe:
+ httpGet:
+ path: /
+ port: comentario
+ readinessProbe:
+ httpGet:
+ path: /
+ port: comentario
+ volumeMounts:
+ - name: secrets-volume
+ mountPath: /comentario-secrets
+ volumes:
+ - name: secrets-volume
+ secret:
+ secretName: comentario-secrets
diff --git a/namespaces/apps/comentario/patches/pvc.yaml b/namespaces/apps/comentario/patches/pvc.yaml
new file mode 100644
index 0000000..54ecf59
--- /dev/null
+++ b/namespaces/apps/comentario/patches/pvc.yaml
@@ -0,0 +1,5 @@
+$patch: delete
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: pvc
diff --git a/namespaces/apps/comentario/patches/secret.yaml b/namespaces/apps/comentario/patches/secret.yaml
new file mode 100644
index 0000000..55dc700
--- /dev/null
+++ b/namespaces/apps/comentario/patches/secret.yaml
@@ -0,0 +1,46 @@
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
+metadata:
+ name: secrets
+spec:
+ authentication:
+ universalAuth:
+ secretsScope:
+ recursive: true
+ managedSecretReference:
+ template:
+ data:
+ secrets.yaml: |
+ postgres:
+ host: postgres-svc.core.svc.cluster.local
+ port: 5432
+ database: comentario
+ username: comentario
+ password: "{{ .POSTGRES_PASSWORD.Value }}"
+ smtpServer:
+ host: blizzard.mxrouting.net
+ port: 465
+ username: comments@leechpepin.com
+ password: "{{ .SMTP_PASSWORD.Value }}"
+
+ idp:
+ github:
+ key: "{{ .GITHUB_CLIENT_ID.Value }}"
+ secret: "{{ .GITHUB_CLIENT_SECRET.Value }}"
+ gitlab:
+ key: "{{ .GITLAB_CLIENT_ID.Value }}"
+ secret: "{{ .GITLAB_CLIENT_SECRET.Value }}"
+ google:
+ key: "{{ .GOOGLE_CLIENT_ID.Value }}"
+ secret: "{{ .GOOGLE_CLIENT_SECRET.Value }}"
+ disable: true
+
+ extensions:
+ akismet:
+ disable: true
+ apiLayerSpamChecker:
+ key: "{{ .APILAYER_SPAMCHECKER_APIKEY.Value }}"
+ perspective:
+ apiKey: "{{ .PERSPECTIVE_APIKEY.Value }}"
+
+ xsrfSecret: "{{ .XSRF_SECRET.Value }}"