diff options
| author |  Amrou Bellalouna <[email protected]> | 2024-05-15 22:34:41 +0200 |
|---|---|---|
| committer |  GitHub <[email protected]> | 2024-05-15 20:34:41 +0000 |
| commit | 220e367c013efd5e4b43e96cd84d29bd3cb3ef19 (patch) | |
| tree | 819260971eb5ad98ccf85c0d2e29104bb3e4e0c9 | |
| parent | Pleasure the style dictator (#291) (diff) | |
Deploy a pinnwand instance that used lovelace's pg database (#293)
* add a deployment config for pinnwand on lovelace
* add a dns entry for the new pastebin
* Add database URI for pinnwand to connect to psql on lovelace
---------
Co-authored-by: Chris Lovering <[email protected]>
| m--------- | ansible/roles/nftables | 0 | ||||
| -rw-r--r-- | dns/zones/pythondiscord.com.yaml | 8 | ||||
| -rw-r--r-- | kubernetes/namespaces/web/pinnwand-lovelace/README.md | 8 | ||||
| -rw-r--r-- | kubernetes/namespaces/web/pinnwand-lovelace/defaults-configmap.yaml | 35 | ||||
| -rw-r--r-- | kubernetes/namespaces/web/pinnwand-lovelace/deployment.yaml | 57 | ||||
| -rw-r--r-- | kubernetes/namespaces/web/pinnwand-lovelace/ingress.yaml | 30 | ||||
| -rw-r--r-- | kubernetes/namespaces/web/pinnwand-lovelace/secrets.yaml | bin | 0 -> 318 bytes | |||
| -rw-r--r-- | kubernetes/namespaces/web/pinnwand-lovelace/service.yaml | 12 |
8 files changed, 150 insertions, 0 deletions
diff --git a/ansible/roles/nftables b/ansible/roles/nftables deleted file mode 160000 -Subproject 015a7ed269e7122dbd714c23eb6cec8a52176f0 diff --git a/dns/zones/pythondiscord.com.yaml b/dns/zones/pythondiscord.com.yaml index 5422c09..0e2f56a 100644 --- a/dns/zones/pythondiscord.com.yaml +++ b/dns/zones/pythondiscord.com.yaml @@ -128,6 +128,14 @@ grafana: type: A value: 194.195.247.228 +lovelace-paste: + octodns: + cloudflare: + proxied: true + ttl: 300 + type: A + value: 194.195.247.228 + mailo._domainkey: octodns: cloudflare: diff --git a/kubernetes/namespaces/web/pinnwand-lovelace/README.md b/kubernetes/namespaces/web/pinnwand-lovelace/README.md new file mode 100644 index 0000000..945b357 --- /dev/null +++ b/kubernetes/namespaces/web/pinnwand-lovelace/README.md @@ -0,0 +1,8 @@ +# pinnwand +These manifests provision an instance of the pinnwand service used on https://paste.pythondiscord.com. + +A init-service is used to download the Python Discord banner logo and save it to a volume, as pinnwand expects it to be present within the image. + +## Secrets & config +This deployment expects an env var named `PINNWAND_DATABASE_URI` to exist in a secret called `pinnwand-postgres-connection`. +All other configuration can be found in `defaults-configmap.yaml`. diff --git a/kubernetes/namespaces/web/pinnwand-lovelace/defaults-configmap.yaml b/kubernetes/namespaces/web/pinnwand-lovelace/defaults-configmap.yaml new file mode 100644 index 0000000..8d9fbbd --- /dev/null +++ b/kubernetes/namespaces/web/pinnwand-lovelace/defaults-configmap.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: pinnwand-lovelace-config + namespace: web +data: + config.toml: | + # Maximum size in bytes of pastes + paste_size = 524288 + + default_selected_lexer = "python" + # List of lexers to pin to the top of the dropdown list + preferred_lexers = ["python", "autodetect", "pytb", "pycon", "text", "markdown", "restructuredtext", "sql"] + + page_list = ["about", "removal"] + footer = 'View <a href="//github.com/supakeen/pinnwand" target="_BLANK">source code</a>, <a href="/removal">removal</a> information, or read the <a href="/about">about</a> page.' + + paste_help = '''<p>Welcome to Python Discord's pastebin, powered by <a href="//github.com/supakeen/pinnwand" target="_BLANK">pinnwand</a>. It allows you to share code with others. If you write code in the text area below and press the paste button you will be given a link you can share with others so they can view your code as well.</p><p>People with the link can view your pasted code, only you can remove your paste and it expires automatically. Note that anyone could guess the URI to your paste so don't rely on it being private.</p>''' + expiries.30days = 2592000 + expiries.7days = 604800 + expiries.1day = 86400 + + ratelimit.read.capacity = 100 + ratelimit.read.consume = 1 + ratelimit.read.refill = 2 + + ratelimit.create.capacity = 10 # Default is 2 + ratelimit.create.consume = 1 # Default is 2 + ratelimit.create.refill = 10 # Default is 1 + + ratelimit.delete.capacity = 2 + ratelimit.delete.consume = 2 + ratelimit.delete.refill = 1 + + report_email = "[email protected]" diff --git a/kubernetes/namespaces/web/pinnwand-lovelace/deployment.yaml b/kubernetes/namespaces/web/pinnwand-lovelace/deployment.yaml new file mode 100644 index 0000000..23bb420 --- /dev/null +++ b/kubernetes/namespaces/web/pinnwand-lovelace/deployment.yaml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pinnwand-lovelace + namespace: web +spec: + replicas: 1 + selector: + matchLabels: + app: pinnwand-lovelace + template: + metadata: + labels: + app: pinnwand-lovelace + spec: + initContainers: + - name: init-service + image: busybox:latest + command: ["wget", "https://raw.githubusercontent.com/python-discord/branding/main/logos/badge/badge_512x172.png", "-O", "/tmp/logo.png"] + volumeMounts: + - name: pinnwand-lovelace-logo + mountPath: /tmp/ + containers: + - name: pinnwand-lovelace + image: ghcr.io/python-discord/pinnwand:latest-psql + command: ["venv/bin/python3", "-m", "pinnwand", "-vvvvvvvv", "--configuration-path", "/config/config.toml", "http"] + imagePullPolicy: Always + resources: + requests: + cpu: 5m + memory: 100Mi + limits: + cpu: 100m + memory: 200Mi + ports: + - containerPort: 8000 + envFrom: + - secretRef: + name: pinnwand-lovelace-postgres-connection + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - name: pinnwand-lovelace-config + mountPath: /config/ + - name: pinnwand-lovelace-logo + mountPath: /usr/app/pinnwand/static/logo.png + subPath: logo.png + volumes: + - name: pinnwand-lovelace-logo + emptyDir: {} + - name: pinnwand-lovelace-config + configMap: + name: pinnwand-lovelace-config + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/web/pinnwand-lovelace/ingress.yaml b/kubernetes/namespaces/web/pinnwand-lovelace/ingress.yaml new file mode 100644 index 0000000..bb608ea --- /dev/null +++ b/kubernetes/namespaces/web/pinnwand-lovelace/ingress.yaml @@ -0,0 +1,30 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + # block HEAD requests + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_method = HEAD) { + return 444; + } + name: pinnwand-lovelace + namespace: web +spec: + tls: + - hosts: + - "*.pythondiscord.com" + secretName: pythondiscord.com-tls + rules: + - host: lovelace-paste.pythondiscord.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pinnwand-lovelace + port: + number: 80 diff --git a/kubernetes/namespaces/web/pinnwand-lovelace/secrets.yaml b/kubernetes/namespaces/web/pinnwand-lovelace/secrets.yaml Binary files differnew file mode 100644 index 0000000..e443b7c --- /dev/null +++ b/kubernetes/namespaces/web/pinnwand-lovelace/secrets.yaml diff --git a/kubernetes/namespaces/web/pinnwand-lovelace/service.yaml b/kubernetes/namespaces/web/pinnwand-lovelace/service.yaml new file mode 100644 index 0000000..3c93cdb --- /dev/null +++ b/kubernetes/namespaces/web/pinnwand-lovelace/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: pinnwand-lovelace + namespace: web +spec: + selector: + app: pinnwand-lovelace + ports: + - protocol: TCP + port: 80 + targetPort: 8000 |