jleechpe/k3s
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add comentario comments

Browse source
This commit is contained in:
JLP 2025-05-03 23:57:47 -04:00
parent 25e51f0940
commit ab2d804a27
No known key found for this signature in database
GPG key ID: 414E00D1FF7519DC
5 changed files with 281 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
namespaces/apps/comentario/extra/gatus-endpoints.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
homelab.kubernetes.io/k8s-sidecar: gatus
name: gatus-endpoints
data:
comentario-internal-gatus-endpoints.yaml: |
endpoints:
- name: Comentario
url: http://comentario-svc.monitoring.svc.cluster.local/
group: Internal/Monitoring
interval: 5m
alerts:
- type: ntfy
conditions:
- "[STATUS] == 200"
comentario-external-gatus-endpoints.yaml: |
endpoints:
- name: Comentario
url: https://comments.leechpepin.com/
group: External
interval: 5m
alerts:
- type: ntfy
conditions:
- "[STATUS] == 200"

151
namespaces/apps/comentario/kustomization.yaml Normal file
View file

@ -0,0 +1,151 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
transformers:
- |-
apiVersion: builtin
kind: NamespaceTransformer
metadata:
name: notImportantHere
namespace: apps
unsetOnly: true
namePrefix: comentario-
resources:
- ../../../kustomize/bases/deployment/
patches:
- path: patches/deployment.yaml
target:
kind: Deployment
name: app
- path: patches/secret.yaml
target:
kind: InfisicalSecret
name: secrets
- path: patches/pvc.yaml
target:
kind: PersistentVolumeClaim
name: pvc
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/appName: comentario
- pairs:
app.kubernetes.io/appNamespace: apps
- pairs:
app.kubernetes.io/routePrefix: comments
configMapGenerator:
- name: config
literals:
- HOST="0.0.0.0"
- PORT="80"
- SECRETS_FILE="/comentario-secrets/secrets.yaml"
- BASE_URL="https://comments.leechpepin.com"
- SUPERUSER="jonathan@leechpepin.com"
replacements:
# Service
- source:
kind: Deployment
name: app
fieldPath: metadata.labels.[app.kubernetes.io/appName]
targets:
- select:
kind: Service
fieldPaths:
- spec.ports.0.name
- spec.ports.0.targetPort
- source:
kind: Deployment
name: app
fieldPath: spec.template.spec.containers.0.ports.0.containerPort
targets:
- select:
kind: Service
fieldPaths:
- spec.ports.0.port
# Secrets
- source:
kind: Deployment
name: app
fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
targets:
- select:
kind: InfisicalSecret
fieldPaths:
- spec.managedSecretReference.secretNamespace
- select:
kind: InfisicalSecret
options:
delimiter: "/"
index: 1
fieldPaths:
- spec.authentication.universalAuth.secretsScope.secretsPath
- source:
kind: Deployment
name: app
fieldPath: metadata.labels.[app.kubernetes.io/appName]
targets:
- select:
kind: InfisicalSecret
options:
delimiter: "-"
index: 0
fieldPaths:
- spec.managedSecretReference.secretName
- select:
kind: InfisicalSecret
options:
delimiter: "/"
index: 2
fieldPaths:
- spec.authentication.universalAuth.secretsScope.secretsPath
# HTTP Route
- source:
kind: Service
name: svc
targets:
- select:
kind: HTTPRoute
options:
create: true
fieldPaths:
- spec.rules.0.backendRefs.0.name
- source:
kind: Deployment
name: app
fieldPath: metadata.labels.[app.kubernetes.io/appName]
targets:
- select:
kind: HTTPRoute
options:
create: true
delimiter: "."
index: 0
fieldPaths:
- spec.hostnames.0
- source:
kind: Deployment
name: app
fieldPath: spec.template.spec.containers.0.ports.0.containerPort
targets:
- select:
kind: HTTPRoute
fieldPaths:
- spec.rules.0.backendRefs.0.port
- source:
kind: Deployment
name: app
fieldPath: metadata.labels.[app.kubernetes.io/routePrefix]
targets:
- select:
kind: HTTPRoute
options:
create: true
delimiter: "."
index: 0
fieldPaths:
- spec.hostnames.0

52
namespaces/apps/comentario/patches/deployment.yaml Normal file
View file

@ -0,0 +1,52 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
spec:
template:
spec:
tolerations:
- key: "public"
operator: "Equal"
value: "true"
effect: "NoSchedule"
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: public
operator: In
values:
- "true"
containers:
- image: registry.gitlab.com/comentario/comentario:v3.13.1
imagePullPolicy: IfNotPresent
name: comentario
ports:
- containerPort: 80
name: comentario
protocol: TCP
envFrom:
- configMapRef:
name: comentario-config
resources:
limits:
cpu: 500m
memory: 200Mi
livenessProbe:
httpGet:
path: /
port: comentario
readinessProbe:
httpGet:
path: /
port: comentario
volumeMounts:
- name: secrets-volume
mountPath: /comentario-secrets
volumes:
- name: secrets-volume
secret:
secretName: comentario-secrets

5
namespaces/apps/comentario/patches/pvc.yaml Normal file
View file

@ -0,0 +1,5 @@
$patch: delete
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc

46
namespaces/apps/comentario/patches/secret.yaml Normal file
View file

@ -0,0 +1,46 @@
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: secrets
spec:
authentication:
universalAuth:
secretsScope:
recursive: true
managedSecretReference:
template:
data:
secrets.yaml: |
postgres:
host: postgres-svc.core.svc.cluster.local
port: 5432
database: comentario
username: comentario
password: "{{ .POSTGRES_PASSWORD.Value }}"
smtpServer:
host: blizzard.mxrouting.net
port: 465
username: comments@leechpepin.com
password: "{{ .SMTP_PASSWORD.Value }}"
idp:
github:
key: "{{ .GITHUB_CLIENT_ID.Value }}"
secret: "{{ .GITHUB_CLIENT_SECRET.Value }}"
gitlab:
key: "{{ .GITLAB_CLIENT_ID.Value }}"
secret: "{{ .GITLAB_CLIENT_SECRET.Value }}"
google:
key: "{{ .GOOGLE_CLIENT_ID.Value }}"
secret: "{{ .GOOGLE_CLIENT_SECRET.Value }}"
disable: true
extensions:
akismet:
disable: true
apiLayerSpamChecker:
key: "{{ .APILAYER_SPAMCHECKER_APIKEY.Value }}"
perspective:
apiKey: "{{ .PERSPECTIVE_APIKEY.Value }}"
xsrfSecret: "{{ .XSRF_SECRET.Value }}"