Move API services to apis namespace

author: Joe Banks <[email protected]> 2024-04-15 11:56:43 +0100
committer: Joe Banks <[email protected]> 2024-04-15 11:56:43 +0100
commit: cb2398e6dd68039ad66d3007ba01c85ebbc7d0bc (patch)
tree: 5a41cd9ec0cace728d314e82bb5b7f49bd0fc2d0 /kubernetes/namespaces/apis
parent: Move snekbox to new namespace (diff)
12 files changed, 199 insertions, 0 deletions
diff --git a/kubernetes/namespaces/apis/code-jam-management/README.md b/kubernetes/namespaces/apis/code-jam-management/README.md
new file mode 100644
index 0000000..b377130
--- /dev/null
+++ b/kubernetes/namespaces/apis/code-jam-management/README.md
@@ -0,0 +1,11 @@
+# Code Jam Management
+
+This contains the deployment for the internal [code jam management](https://github.com/python-discord/code-jam-management) service.
+
+### Required Secret
+In a secret named `code-jam-management-env`:
+
+| Environment  | Description                                                            |
+|--------------|------------------------------------------------------------------------|
+| API_TOKEN    | A random string to use as the auth token for making requests to CJMS   |
+| DATABASE_URL | `postgres://<user>:<password>@<host>:<port>/<name>`                    |
diff --git a/kubernetes/namespaces/apis/code-jam-management/deployment.yaml b/kubernetes/namespaces/apis/code-jam-management/deployment.yaml
new file mode 100644
index 0000000..bb7426f
--- /dev/null
+++ b/kubernetes/namespaces/apis/code-jam-management/deployment.yaml
@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: code-jam-management
+  namespace: apis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: code-jam-management
+  template:
+    metadata:
+      labels:
+        app: code-jam-management
+    spec:
+      securityContext:
+        fsGroup: 2000
+        runAsUser: 1000
+        runAsNonRoot: true
+      containers:
+        - name: codejam-management
+          image: ghcr.io/python-discord/code-jam-management:latest
+          imagePullPolicy: Always
+          volumeMounts:
+            - mountPath: /tmp
+              name: code-jam-mgmt-tmp
+            - mountPath: /.cache
+              name: code-jam-mgmt-venv
+          ports:
+            - containerPort: 8000
+          envFrom:
+            - secretRef:
+                name: code-jam-management-env
+          securityContext:
+            readOnlyRootFilesystem: true
+      volumes:
+      - name: code-jam-mgmt-tmp
+        emptyDir:
+          medium: Memory
+      - name: code-jam-mgmt-venv
+        emptyDir: {}
diff --git a/kubernetes/namespaces/apis/code-jam-management/secrets.yaml b/kubernetes/namespaces/apis/code-jam-management/secrets.yaml
new file mode 100644
index 0000000..cd68b2f
--- /dev/null
+++ b/kubernetes/namespaces/apis/code-jam-management/secrets.yaml
diff --git a/kubernetes/namespaces/apis/code-jam-management/service.yaml b/kubernetes/namespaces/apis/code-jam-management/service.yaml
new file mode 100644
index 0000000..8ac85a5
--- /dev/null
+++ b/kubernetes/namespaces/apis/code-jam-management/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: code-jam-management
+  namespace: apis
+spec:
+  selector:
+    app: code-jam-management
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000
diff --git a/kubernetes/namespaces/apis/patsy/README.md b/kubernetes/namespaces/apis/patsy/README.md
new file mode 100644
index 0000000..78e386a
--- /dev/null
+++ b/kubernetes/namespaces/apis/patsy/README.md
@@ -0,0 +1,17 @@
+# Patsy
+
+Patsy is the premiere project for data collection in the python-discord toolchain. It uses word-class technology in a system architected by our in-house engineers to facilitate the  automatic transfer, collection, and categorization of user data to develop user-centric solutions to real world problems. It is a marvel of engineering designed to push the limits of what we thought possible.
+
+The deployment for the [Patsy API](https://git.pydis.com/patsy), there is no ingress as Patsy is designed to only be accessible from within the cluster.
+
+This API is given help channel messages by the bot and stores them in postgres for after-the-fact processing.
+The hope with this project is that we can inspect what topics get asked about often in help channels, along with which ones go un-answered the most.
+
+## Secret
+
+It requires a `patsy-env` secret with the following
+
+| Key            | Description                                                  |
+| -------------- | ------------------------------------------------------------ |
+| `DATABASE_URL` | An asyncpg connection string to the postgres database        |
+| `STATE_SECRET` | A long random string, used to lock down endpoints with auth. |
diff --git a/kubernetes/namespaces/apis/patsy/deployment.yaml b/kubernetes/namespaces/apis/patsy/deployment.yaml
new file mode 100644
index 0000000..bb6f9a0
--- /dev/null
+++ b/kubernetes/namespaces/apis/patsy/deployment.yaml
@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: patsy
+  namespace: apis
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app: patsy
+  template:
+    metadata:
+      labels:
+        app: patsy
+    spec:
+      containers:
+        - name: patsy
+          image: ghcr.io/python-discord/patsy:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 80
+              name: http
+          envFrom:
+            - secretRef:
+                name: patsy-env
+          startupProbe:
+            httpGet:
+              path: /ping
+              port: http
+              httpHeaders:
+                - name: Host
+                  value: patsy.pythondiscord.com
+            failureThreshold: 3
+            periodSeconds: 1
+            initialDelaySeconds: 10
+          securityContext:
+            readOnlyRootFilesystem: true
+      securityContext:
+        fsGroup: 2000
+        runAsUser: 1000
+        runAsNonRoot: true
diff --git a/kubernetes/namespaces/apis/patsy/secrets.yaml b/kubernetes/namespaces/apis/patsy/secrets.yaml
new file mode 100644
index 0000000..30d2641
--- /dev/null
+++ b/kubernetes/namespaces/apis/patsy/secrets.yaml
diff --git a/kubernetes/namespaces/apis/patsy/service.yaml b/kubernetes/namespaces/apis/patsy/service.yaml
new file mode 100644
index 0000000..b3b2421
--- /dev/null
+++ b/kubernetes/namespaces/apis/patsy/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: patsy
+  namespace: apis
+spec:
+  selector:
+    app: patsy
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
diff --git a/kubernetes/namespaces/apis/quackstack/README.md b/kubernetes/namespaces/apis/quackstack/README.md
new file mode 100644
index 0000000..c8b8a92
--- /dev/null
+++ b/kubernetes/namespaces/apis/quackstack/README.md
@@ -0,0 +1,7 @@
+# QuackStack
+
+The deployment for the [QuackStack](https://github.com/python-discord/quackstack) project, hosted at https://quackstack.pythondiscord.com.
+
+This project doesn't need any configuration right now.
+
+To deploy this application run `kubectl apply -f .` from this directory. This will create a deployment, service and ingress.
diff --git a/kubernetes/namespaces/apis/quackstack/deployment.yaml b/kubernetes/namespaces/apis/quackstack/deployment.yaml
new file mode 100644
index 0000000..a3eb2f7
--- /dev/null
+++ b/kubernetes/namespaces/apis/quackstack/deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: quackstack
+  namespace: apis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: quackstack
+  template:
+    metadata:
+      labels:
+        app: quackstack
+    spec:
+      containers:
+        - name: quackstack
+          image: ghcr.io/python-discord/quackstack:main
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 80
diff --git a/kubernetes/namespaces/apis/quackstack/ingress.yaml b/kubernetes/namespaces/apis/quackstack/ingress.yaml
new file mode 100644
index 0000000..663f90c
--- /dev/null
+++ b/kubernetes/namespaces/apis/quackstack/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+    nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle"
+    nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
+  name: quackstack
+  namespace: apis
+spec:
+  tls:
+  - hosts:
+      - "*.pythondiscord.com"
+    secretName: pythondiscord.com-tls
+  rules:
+  - host: quackstack.pythondiscord.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: quackstack
+            port:
+              number: 80
diff --git a/kubernetes/namespaces/apis/quackstack/service.yaml b/kubernetes/namespaces/apis/quackstack/service.yaml
new file mode 100644
index 0000000..9af64fe
--- /dev/null
+++ b/kubernetes/namespaces/apis/quackstack/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: quackstack
+  namespace: apis
+spec:
+  selector:
+    app: quackstack
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
author	Joe Banks <[email protected]>	2024-04-15 11:56:43 +0100
committer	Joe Banks <[email protected]>	2024-04-15 11:56:43 +0100
commit	cb2398e6dd68039ad66d3007ba01c85ebbc7d0bc (patch)
tree	5a41cd9ec0cace728d314e82bb5b7f49bd0fc2d0 /kubernetes/namespaces/apis
parent	Move snekbox to new namespace (diff)