Move all bots to designated namespaces

20 files changed, 356 insertions, 0 deletions

diff --git a/kubernetes/namespaces/bots/black-knight/README.md b/kubernetes/namespaces/bots/black-knight/README.md
new file mode 100644
index 0000000..d1f8d89
--- /dev/null
+++ b/kubernetes/namespaces/bots/black-knight/README.md
@@ -0,0 +1,16 @@
+## Black Knight
+Deployment file for @Black-Knight, our courageous and ever present anti-raid bot.
+
+## Secrets
+This deployment expects a number of secrets/environment variables to exist in a secret called `black-knight-env`.
+
+| Environment           | Description                                                       |
+|-----------------------|-------------------------------------------------------------------|
+| BOT_TOKEN             | The Discord bot token for Black Knight to connect to Discord with |
+| DATABASE_URL          | A full PostgreSQL connection string to the postgres db            |
+| BOT_SENTRY_DSN        | The DSN to connect send sentry reports to                         |
+
+Black knight also requires a redis password, which is pulled from the `redis-credentials` secret.
+```
+REDIS_PASSWORD - The password to redis
+```
diff --git a/kubernetes/namespaces/bots/black-knight/deployment.yaml b/kubernetes/namespaces/bots/black-knight/deployment.yaml
new file mode 100644
index 0000000..9d27e07
--- /dev/null
+++ b/kubernetes/namespaces/bots/black-knight/deployment.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: black-knight
+  namespace: bots
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: black-knight
+  template:
+    metadata:
+      labels:
+        app: black-knight
+    spec:
+      securityContext:
+        fsGroup: 2000
+        runAsUser: 1000
+        runAsNonRoot: true
+      containers:
+      - name: black-knight
+        image: ghcr.io/python-discord/black-knight:latest
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 500m
+            memory: 300Mi
+          limits:
+            cpu: 750m
+            memory: 600Mi
+        envFrom:
+        - secretRef:
+            name: black-knight-env
+        - secretRef:
+            name: redis-credentials
+        securityContext:
+          readOnlyRootFilesystem: true
+      imagePullSecrets:
+        - name: ghcr-pull-secret
diff --git a/kubernetes/namespaces/bots/black-knight/secrets.yaml b/kubernetes/namespaces/bots/black-knight/secrets.yaml
new file mode 100644
index 0000000..6b8ef8f
--- /dev/null
+++ b/kubernetes/namespaces/bots/black-knight/secrets.yaml
diff --git a/kubernetes/namespaces/bots/bot/README.md b/kubernetes/namespaces/bots/bot/README.md
new file mode 100644
index 0000000..565cf70
--- /dev/null
+++ b/kubernetes/namespaces/bots/bot/README.md
@@ -0,0 +1,15 @@
+## Bot
+
+Deployment file for @Python, our valiant community bot and workhorse.
+
+## Secrets
+This deployment expects a number of secrets and environment variables to exist in a secret called `bot-env`.
+
+| Environment       | Description                                                 |
+|-------------------|-------------------------------------------------------------|
+| API_KEYS_GITHUB   | An API key for Github's API.                                |
+| API_KEYS_SITE_API | The token to access our site's API.                         |
+| BOT_SENTRY_DSN    | The sentry DSN to send sentry events to.                    |
+| BOT_TOKEN         | The Discord bot token to run the bot on.                    |
+| METABASE_PASSWORD | Password for Metabase                                       |
+| METABASE_USERNAME | Username for Metabase                                       |
diff --git a/kubernetes/namespaces/bots/bot/configmap.yaml b/kubernetes/namespaces/bots/bot/configmap.yaml
new file mode 100644
index 0000000..8e04e35
--- /dev/null
+++ b/kubernetes/namespaces/bots/bot/configmap.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bot-config-env
+  namespace: bots
+data:
+  BOT_TRACE_LOGGERS: bot.utils.scheduling.ModPingsOnOff,bot.exts.moderation.modpings,bot.exts.backend.sync._syncers
+  DEBUG: 'False'
+  DUCK_POND_EXTRA_CHANNEL_BLACKLIST: "[291284109232308226,463035241142026251,463035268514185226]"  # The 3 off-topic channels
+  URLS_PASTE_URL: https://paste.pythondiscord.com
diff --git a/kubernetes/namespaces/bots/bot/deployment.yaml b/kubernetes/namespaces/bots/bot/deployment.yaml
new file mode 100644
index 0000000..033c2b9
--- /dev/null
+++ b/kubernetes/namespaces/bots/bot/deployment.yaml
@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bot
+  namespace: bots
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bot
+  template:
+    metadata:
+      labels:
+        app: bot
+    spec:
+      securityContext:
+        fsGroup: 2000
+        runAsUser: 1000
+        runAsNonRoot: true
+      containers:
+      - name: bot
+        image: ghcr.io/python-discord/bot:latest
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 750m
+            memory: 600Mi
+          limits:
+            cpu: 1000m
+            memory: 1400Mi
+        envFrom:
+        - secretRef:
+            name: bot-env
+        - secretRef:
+            name: redis-credentials
+        - configMapRef:
+            name: bot-config-env
+        volumeMounts:
+        - mountPath: /bot/logs
+          name: logs-vol
+        - mountPath: /.cache/python-tldextract
+          name: tldextract-cache
+        securityContext:
+          readOnlyRootFilesystem: true
+      volumes:
+      - name: logs-vol
+        emptyDir: {}
+      - name: tldextract-cache
+        emptyDir: {}
diff --git a/kubernetes/namespaces/bots/bot/secrets.yaml b/kubernetes/namespaces/bots/bot/secrets.yaml
new file mode 100644
index 0000000..156c55a
--- /dev/null
+++ b/kubernetes/namespaces/bots/bot/secrets.yaml
diff --git a/kubernetes/namespaces/bots/king-arthur/README.md b/kubernetes/namespaces/bots/king-arthur/README.md
new file mode 100644
index 0000000..704d45b
--- /dev/null
+++ b/kubernetes/namespaces/bots/king-arthur/README.md
@@ -0,0 +1,12 @@
+# King Arthur
+
+Deployment file for @King Arthur, our DevOps helper bot.
+
+## Secrets
+This deployment expects a number of secrets and environment variables to exist in a secret called `king-arthur-env`.
+
+| Environment                  | Description                                                               |
+| ---------------------------- | ------------------------------------------------------------------------- |
+| KING_ARTHUR_TOKEN            | The token to authorize with Discord                                       |
+| KING_ARTHUR_NOTION_API_TOKEN | The API token to the notion API                                           |
+| KING_ARTHUR_CLOUDFLARE_TOKEN | A token for the Cloudflare API used for the Cloudflare commands in Arthur |
diff --git a/kubernetes/namespaces/bots/king-arthur/deployment.yaml b/kubernetes/namespaces/bots/king-arthur/deployment.yaml
new file mode 100644
index 0000000..b5250ba
--- /dev/null
+++ b/kubernetes/namespaces/bots/king-arthur/deployment.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: king-arthur
+  namespace: bots
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: king-arthur
+  template:
+    metadata:
+      labels:
+        app: king-arthur
+    spec:
+      serviceAccountName: king-arthur
+      containers:
+      - name: king-arthur
+        image: ghcr.io/python-discord/king-arthur:latest
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 600m
+            memory: 500Mi
+          limits:
+            cpu: 800m
+            memory: 800Mi
+        envFrom:
+        - secretRef:
+            name: king-arthur-env
+        securityContext:
+          readOnlyRootFilesystem: true
+      securityContext:
+        fsGroup: 2000
+        runAsUser: 1000
+        runAsNonRoot: true
diff --git a/kubernetes/namespaces/bots/king-arthur/secrets.yaml b/kubernetes/namespaces/bots/king-arthur/secrets.yaml
new file mode 100644
index 0000000..dda3686
--- /dev/null
+++ b/kubernetes/namespaces/bots/king-arthur/secrets.yaml
diff --git a/kubernetes/namespaces/bots/king-arthur/service-account.yaml b/kubernetes/namespaces/bots/king-arthur/service-account.yaml
new file mode 100644
index 0000000..c971205
--- /dev/null
+++ b/kubernetes/namespaces/bots/king-arthur/service-account.yaml
@@ -0,0 +1,28 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: king-arthur
+rules:
+- apiGroups: ["", "extensions", "apps", "batch", "rbac.authorization.k8s.io", "cert-manager.io"]
+  resources: ["*"]
+  verbs: ["*"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: king-arthur
+  namespace: bots
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: king-arthur
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: king-arthur
+subjects:
+  - kind: ServiceAccount
+    name: king-arthur
+    namespace: bots
diff --git a/kubernetes/namespaces/bots/metricity/README.md b/kubernetes/namespaces/bots/metricity/README.md
new file mode 100644
index 0000000..30c8b95
--- /dev/null
+++ b/kubernetes/namespaces/bots/metricity/README.md
@@ -0,0 +1,13 @@
+# Metricity
+
+This folder contains the secrets for the metricity service.
+
+The actual metricity deployment manifest can be found inside the metricity repository at [python-discord/metricity](https://github.com/python-discord/metricity).
+
+## Secrets
+A single secret of name `metricity-env` is used with the following values:
+
+| Environment  | Description                        |
+|--------------|------------------------------------|
+| BOT_TOKEN    | The Discord bot token to run under |
+| DATABASE_URI | Database URI to save the states to |
diff --git a/kubernetes/namespaces/bots/metricity/secrets.yaml b/kubernetes/namespaces/bots/metricity/secrets.yaml
new file mode 100644
index 0000000..a4a11b5
--- /dev/null
+++ b/kubernetes/namespaces/bots/metricity/secrets.yaml
diff --git a/kubernetes/namespaces/bots/sir-lancebot/README.md b/kubernetes/namespaces/bots/sir-lancebot/README.md
new file mode 100644
index 0000000..293a955
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-lancebot/README.md
@@ -0,0 +1,29 @@
+## Sir Lancebot
+```
+Oh brave Sir Lancebot!
+
+Whereat he turned and stood with folded arms and numerous antennae,
+"Why frown upon a friend? Few live that have too many."
+A weary-waiting optical array, now calibrated to a sad wrath.
+Hereafter, thus t'was with him that we hath forged our path.
+```
+
+## Secrets
+This deployment expects a number of secrets and environment variables to exist in a secret called `sir-lancebot-env` shown below. The bot also relies on redis credentials being available in a secret named `redis-credentials`
+
+
+| Environment               | Description                              |
+|---------------------------|------------------------------------------|
+| BOT_SENTRY_DSN            | The DSN for the Sentry project.          |
+| CLIENT_DEBUG              | Should the bot start in DEBUG mode?      |
+| CLIENT_TOKEN              | The bot token to run the bot on.         |
+| LATEX_API_URL             | The URl tha the latex API is served from |
+| TOKENS_GIPHY              | API key for Giphy.                       |
+| TOKENS_GITHUB             | GitHub access token, for Hacktoberstats. |
+| TOKENS_IGDB_CLIENT_ID     | Client ID IGDB - used to find games.     |
+| TOKENS_IGDB_CLIENT_SECRET | Client secret IGDB - used to find games. |
+| TOKENS_NASA               | API key for NASA.                        |
+| TOKENS_TMDB               | Token for TMBD. Used for scarymovie.py.  |
+| TOKENS_UNSPLASH           | Token for unsplash.                      |
+| TOKENS_YOUTUBE            | API key for YouTube.                     |
+| WOLFRAM_KEY               | API key for Wolfram Alpha.               |
diff --git a/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml b/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml
new file mode 100644
index 0000000..981107c
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sir-lancebot
+  namespace: bots
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sir-lancebot
+  template:
+    metadata:
+      labels:
+        app: sir-lancebot
+    spec:
+      containers:
+      - name: sir-lancebot
+        image: ghcr.io/python-discord/sir-lancebot:latest
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 400m
+            memory: 200Mi
+          limits:
+            cpu: 500m
+            memory: 400Mi
+        envFrom:
+        - secretRef:
+            name: sir-lancebot-env
+        - secretRef:
+            name: redis-credentials
+        securityContext:
+          readOnlyRootFilesystem: true
+        volumeMounts:
+            - name: lancebot-data-vol
+              mountPath: /bot/bot/exts/fun/_latex_cache
+            - name: lancebot-logs-vol
+              mountPath: /bot/bot/log
+      volumes:
+      - name: lancebot-data-vol
+        emptyDir: {}
+      - name: lancebot-logs-vol
+        emptyDir: {}
+      securityContext:
+        fsGroup: 1000
+        runAsUser: 1000
+        runAsNonRoot: true
diff --git a/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml b/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml
new file mode 100644
index 0000000..9ba6a98
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml
diff --git a/kubernetes/namespaces/bots/sir-robin/README.md b/kubernetes/namespaces/bots/sir-robin/README.md
new file mode 100644
index 0000000..0521359
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-robin/README.md
@@ -0,0 +1,14 @@
+## Sir-Robin
+Deployment file for @Sir-Robin, the not-quite-so-bot as Sir Lancebot, is our humble events bot.
+He is tasked with dealing with all the things that the event team can throw at it!
+
+## Secrets
+This deployment expects a number of secrets/environment variables to exist in a secret called `sir-robin-env`. The bot also relies on redis credentials being available in a secret named `redis-credentials`
+
+| Environment               | Description                                    |
+|---------------------------|------------------------------------------------|
+| AOC_RAW_LEADERBOARDS      | A list of all AOC leaderboards to use          |
+| AOC_STAFF_LEADERBOARD_ID  | The staff AOC leaderboard.                     |
+| BOT_SENTRY_DSN            | The sentry DSN to send warning & error logs to |
+| BOT_TOKEN                 | The bot token to run the bot on.               |
+| CODE_JAM_API_KEY          | The API key to the code jam management system  |
diff --git a/kubernetes/namespaces/bots/sir-robin/configmap.yaml b/kubernetes/namespaces/bots/sir-robin/configmap.yaml
new file mode 100644
index 0000000..33b58a3
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-robin/configmap.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sir-robin-config-env
+  namespace: bots
+data:
+  AOC_YEAR: '2023'
+  BOT_DEBUG: 'False'
+  CATEGORY_SUMMER_CODE_JAM: '1141401271635554334'
diff --git a/kubernetes/namespaces/bots/sir-robin/deployment.yaml b/kubernetes/namespaces/bots/sir-robin/deployment.yaml
new file mode 100644
index 0000000..1ffda36
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-robin/deployment.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sir-robin
+  namespace: bots
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sir-robin
+  template:
+    metadata:
+      labels:
+        app: sir-robin
+    spec:
+      securityContext:
+        fsGroup: 2000
+        runAsUser: 1000
+        runAsNonRoot: true
+      containers:
+      - name: sir-robin
+        image: ghcr.io/python-discord/sir-robin:latest
+        imagePullPolicy: Always
+        resources:
+          requests:
+            cpu: 500m
+            memory: 300Mi
+          limits:
+            cpu: 750m
+            memory: 600Mi
+        envFrom:
+        - secretRef:
+            name: sir-robin-env
+        - secretRef:
+            name: redis-credentials
+        - configMapRef:
+            name: sir-robin-config-env
+        securityContext:
+          readOnlyRootFilesystem: true
diff --git a/kubernetes/namespaces/bots/sir-robin/secrets.yaml b/kubernetes/namespaces/bots/sir-robin/secrets.yaml
new file mode 100644
index 0000000..ade44c0
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-robin/secrets.yaml