aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/namespaces/bots
diff options
context:
space:
mode:
authorGravatar Joe Banks <[email protected]>2024-04-14 23:12:48 +0100
committerGravatar Joe Banks <[email protected]>2024-04-14 23:12:48 +0100
commit85afb3b8ca98db360c863cc56af18c411c6489e2 (patch)
treec5adcf0fe35eeebc1eaaf0a20c44656ed36b018b /kubernetes/namespaces/bots
parentConfigure Ansible for user authentication (#213) (diff)
Move all bots to designated namespaces
Diffstat (limited to 'kubernetes/namespaces/bots')
-rw-r--r--kubernetes/namespaces/bots/black-knight/README.md16
-rw-r--r--kubernetes/namespaces/bots/black-knight/deployment.yaml39
-rw-r--r--kubernetes/namespaces/bots/black-knight/secrets.yamlbin0 -> 449 bytes
-rw-r--r--kubernetes/namespaces/bots/bot/README.md15
-rw-r--r--kubernetes/namespaces/bots/bot/configmap.yaml10
-rw-r--r--kubernetes/namespaces/bots/bot/deployment.yaml49
-rw-r--r--kubernetes/namespaces/bots/bot/secrets.yamlbin0 -> 489 bytes
-rw-r--r--kubernetes/namespaces/bots/king-arthur/README.md12
-rw-r--r--kubernetes/namespaces/bots/king-arthur/deployment.yaml36
-rw-r--r--kubernetes/namespaces/bots/king-arthur/secrets.yamlbin0 -> 566 bytes
-rw-r--r--kubernetes/namespaces/bots/king-arthur/service-account.yaml28
-rw-r--r--kubernetes/namespaces/bots/metricity/README.md13
-rw-r--r--kubernetes/namespaces/bots/metricity/secrets.yamlbin0 -> 365 bytes
-rw-r--r--kubernetes/namespaces/bots/sir-lancebot/README.md29
-rw-r--r--kubernetes/namespaces/bots/sir-lancebot/deployment.yaml47
-rw-r--r--kubernetes/namespaces/bots/sir-lancebot/secrets.yamlbin0 -> 962 bytes
-rw-r--r--kubernetes/namespaces/bots/sir-robin/README.md14
-rw-r--r--kubernetes/namespaces/bots/sir-robin/configmap.yaml9
-rw-r--r--kubernetes/namespaces/bots/sir-robin/deployment.yaml39
-rw-r--r--kubernetes/namespaces/bots/sir-robin/secrets.yamlbin0 -> 1828 bytes
20 files changed, 356 insertions, 0 deletions
diff --git a/kubernetes/namespaces/bots/black-knight/README.md b/kubernetes/namespaces/bots/black-knight/README.md
new file mode 100644
index 0000000..d1f8d89
--- /dev/null
+++ b/kubernetes/namespaces/bots/black-knight/README.md
@@ -0,0 +1,16 @@
+## Black Knight
+Deployment file for @Black-Knight, our courageous and ever present anti-raid bot.
+
+## Secrets
+This deployment expects a number of secrets/environment variables to exist in a secret called `black-knight-env`.
+
+| Environment | Description |
+|-----------------------|-------------------------------------------------------------------|
+| BOT_TOKEN | The Discord bot token for Black Knight to connect to Discord with |
+| DATABASE_URL | A full PostgreSQL connection string to the postgres db |
+| BOT_SENTRY_DSN | The DSN to connect send sentry reports to |
+
+Black knight also requires a redis password, which is pulled from the `redis-credentials` secret.
+```
+REDIS_PASSWORD - The password to redis
+```
diff --git a/kubernetes/namespaces/bots/black-knight/deployment.yaml b/kubernetes/namespaces/bots/black-knight/deployment.yaml
new file mode 100644
index 0000000..9d27e07
--- /dev/null
+++ b/kubernetes/namespaces/bots/black-knight/deployment.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: black-knight
+ namespace: bots
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: black-knight
+ template:
+ metadata:
+ labels:
+ app: black-knight
+ spec:
+ securityContext:
+ fsGroup: 2000
+ runAsUser: 1000
+ runAsNonRoot: true
+ containers:
+ - name: black-knight
+ image: ghcr.io/python-discord/black-knight:latest
+ imagePullPolicy: Always
+ resources:
+ requests:
+ cpu: 500m
+ memory: 300Mi
+ limits:
+ cpu: 750m
+ memory: 600Mi
+ envFrom:
+ - secretRef:
+ name: black-knight-env
+ - secretRef:
+ name: redis-credentials
+ securityContext:
+ readOnlyRootFilesystem: true
+ imagePullSecrets:
+ - name: ghcr-pull-secret
diff --git a/kubernetes/namespaces/bots/black-knight/secrets.yaml b/kubernetes/namespaces/bots/black-knight/secrets.yaml
new file mode 100644
index 0000000..6b8ef8f
--- /dev/null
+++ b/kubernetes/namespaces/bots/black-knight/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/bots/bot/README.md b/kubernetes/namespaces/bots/bot/README.md
new file mode 100644
index 0000000..565cf70
--- /dev/null
+++ b/kubernetes/namespaces/bots/bot/README.md
@@ -0,0 +1,15 @@
+## Bot
+
+Deployment file for @Python, our valiant community bot and workhorse.
+
+## Secrets
+This deployment expects a number of secrets and environment variables to exist in a secret called `bot-env`.
+
+| Environment | Description |
+|-------------------|-------------------------------------------------------------|
+| API_KEYS_GITHUB | An API key for Github's API. |
+| API_KEYS_SITE_API | The token to access our site's API. |
+| BOT_SENTRY_DSN | The sentry DSN to send sentry events to. |
+| BOT_TOKEN | The Discord bot token to run the bot on. |
+| METABASE_PASSWORD | Password for Metabase |
+| METABASE_USERNAME | Username for Metabase |
diff --git a/kubernetes/namespaces/bots/bot/configmap.yaml b/kubernetes/namespaces/bots/bot/configmap.yaml
new file mode 100644
index 0000000..8e04e35
--- /dev/null
+++ b/kubernetes/namespaces/bots/bot/configmap.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: bot-config-env
+ namespace: bots
+data:
+ BOT_TRACE_LOGGERS: bot.utils.scheduling.ModPingsOnOff,bot.exts.moderation.modpings,bot.exts.backend.sync._syncers
+ DEBUG: 'False'
+ DUCK_POND_EXTRA_CHANNEL_BLACKLIST: "[291284109232308226,463035241142026251,463035268514185226]" # The 3 off-topic channels
+ URLS_PASTE_URL: https://paste.pythondiscord.com
diff --git a/kubernetes/namespaces/bots/bot/deployment.yaml b/kubernetes/namespaces/bots/bot/deployment.yaml
new file mode 100644
index 0000000..033c2b9
--- /dev/null
+++ b/kubernetes/namespaces/bots/bot/deployment.yaml
@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: bot
+ namespace: bots
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: bot
+ template:
+ metadata:
+ labels:
+ app: bot
+ spec:
+ securityContext:
+ fsGroup: 2000
+ runAsUser: 1000
+ runAsNonRoot: true
+ containers:
+ - name: bot
+ image: ghcr.io/python-discord/bot:latest
+ imagePullPolicy: Always
+ resources:
+ requests:
+ cpu: 750m
+ memory: 600Mi
+ limits:
+ cpu: 1000m
+ memory: 1400Mi
+ envFrom:
+ - secretRef:
+ name: bot-env
+ - secretRef:
+ name: redis-credentials
+ - configMapRef:
+ name: bot-config-env
+ volumeMounts:
+ - mountPath: /bot/logs
+ name: logs-vol
+ - mountPath: /.cache/python-tldextract
+ name: tldextract-cache
+ securityContext:
+ readOnlyRootFilesystem: true
+ volumes:
+ - name: logs-vol
+ emptyDir: {}
+ - name: tldextract-cache
+ emptyDir: {}
diff --git a/kubernetes/namespaces/bots/bot/secrets.yaml b/kubernetes/namespaces/bots/bot/secrets.yaml
new file mode 100644
index 0000000..156c55a
--- /dev/null
+++ b/kubernetes/namespaces/bots/bot/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/bots/king-arthur/README.md b/kubernetes/namespaces/bots/king-arthur/README.md
new file mode 100644
index 0000000..704d45b
--- /dev/null
+++ b/kubernetes/namespaces/bots/king-arthur/README.md
@@ -0,0 +1,12 @@
+# King Arthur
+
+Deployment file for @King Arthur, our DevOps helper bot.
+
+## Secrets
+This deployment expects a number of secrets and environment variables to exist in a secret called `king-arthur-env`.
+
+| Environment | Description |
+| ---------------------------- | ------------------------------------------------------------------------- |
+| KING_ARTHUR_TOKEN | The token to authorize with Discord |
+| KING_ARTHUR_NOTION_API_TOKEN | The API token to the notion API |
+| KING_ARTHUR_CLOUDFLARE_TOKEN | A token for the Cloudflare API used for the Cloudflare commands in Arthur |
diff --git a/kubernetes/namespaces/bots/king-arthur/deployment.yaml b/kubernetes/namespaces/bots/king-arthur/deployment.yaml
new file mode 100644
index 0000000..b5250ba
--- /dev/null
+++ b/kubernetes/namespaces/bots/king-arthur/deployment.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: king-arthur
+ namespace: bots
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: king-arthur
+ template:
+ metadata:
+ labels:
+ app: king-arthur
+ spec:
+ serviceAccountName: king-arthur
+ containers:
+ - name: king-arthur
+ image: ghcr.io/python-discord/king-arthur:latest
+ imagePullPolicy: Always
+ resources:
+ requests:
+ cpu: 600m
+ memory: 500Mi
+ limits:
+ cpu: 800m
+ memory: 800Mi
+ envFrom:
+ - secretRef:
+ name: king-arthur-env
+ securityContext:
+ readOnlyRootFilesystem: true
+ securityContext:
+ fsGroup: 2000
+ runAsUser: 1000
+ runAsNonRoot: true
diff --git a/kubernetes/namespaces/bots/king-arthur/secrets.yaml b/kubernetes/namespaces/bots/king-arthur/secrets.yaml
new file mode 100644
index 0000000..dda3686
--- /dev/null
+++ b/kubernetes/namespaces/bots/king-arthur/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/bots/king-arthur/service-account.yaml b/kubernetes/namespaces/bots/king-arthur/service-account.yaml
new file mode 100644
index 0000000..c971205
--- /dev/null
+++ b/kubernetes/namespaces/bots/king-arthur/service-account.yaml
@@ -0,0 +1,28 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: king-arthur
+rules:
+- apiGroups: ["", "extensions", "apps", "batch", "rbac.authorization.k8s.io", "cert-manager.io"]
+ resources: ["*"]
+ verbs: ["*"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: king-arthur
+ namespace: bots
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: king-arthur
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: king-arthur
+subjects:
+ - kind: ServiceAccount
+ name: king-arthur
+ namespace: bots
diff --git a/kubernetes/namespaces/bots/metricity/README.md b/kubernetes/namespaces/bots/metricity/README.md
new file mode 100644
index 0000000..30c8b95
--- /dev/null
+++ b/kubernetes/namespaces/bots/metricity/README.md
@@ -0,0 +1,13 @@
+# Metricity
+
+This folder contains the secrets for the metricity service.
+
+The actual metricity deployment manifest can be found inside the metricity repository at [python-discord/metricity](https://github.com/python-discord/metricity).
+
+## Secrets
+A single secret of name `metricity-env` is used with the following values:
+
+| Environment | Description |
+|--------------|------------------------------------|
+| BOT_TOKEN | The Discord bot token to run under |
+| DATABASE_URI | Database URI to save the states to |
diff --git a/kubernetes/namespaces/bots/metricity/secrets.yaml b/kubernetes/namespaces/bots/metricity/secrets.yaml
new file mode 100644
index 0000000..a4a11b5
--- /dev/null
+++ b/kubernetes/namespaces/bots/metricity/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/bots/sir-lancebot/README.md b/kubernetes/namespaces/bots/sir-lancebot/README.md
new file mode 100644
index 0000000..293a955
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-lancebot/README.md
@@ -0,0 +1,29 @@
+## Sir Lancebot
+```
+Oh brave Sir Lancebot!
+
+Whereat he turned and stood with folded arms and numerous antennae,
+"Why frown upon a friend? Few live that have too many."
+A weary-waiting optical array, now calibrated to a sad wrath.
+Hereafter, thus t'was with him that we hath forged our path.
+```
+
+## Secrets
+This deployment expects a number of secrets and environment variables to exist in a secret called `sir-lancebot-env` shown below. The bot also relies on redis credentials being available in a secret named `redis-credentials`
+
+
+| Environment | Description |
+|---------------------------|------------------------------------------|
+| BOT_SENTRY_DSN | The DSN for the Sentry project. |
+| CLIENT_DEBUG | Should the bot start in DEBUG mode? |
+| CLIENT_TOKEN | The bot token to run the bot on. |
+| LATEX_API_URL | The URl tha the latex API is served from |
+| TOKENS_GIPHY | API key for Giphy. |
+| TOKENS_GITHUB | GitHub access token, for Hacktoberstats. |
+| TOKENS_IGDB_CLIENT_ID | Client ID IGDB - used to find games. |
+| TOKENS_IGDB_CLIENT_SECRET | Client secret IGDB - used to find games. |
+| TOKENS_NASA | API key for NASA. |
+| TOKENS_TMDB | Token for TMBD. Used for scarymovie.py. |
+| TOKENS_UNSPLASH | Token for unsplash. |
+| TOKENS_YOUTUBE | API key for YouTube. |
+| WOLFRAM_KEY | API key for Wolfram Alpha. |
diff --git a/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml b/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml
new file mode 100644
index 0000000..981107c
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: sir-lancebot
+ namespace: bots
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: sir-lancebot
+ template:
+ metadata:
+ labels:
+ app: sir-lancebot
+ spec:
+ containers:
+ - name: sir-lancebot
+ image: ghcr.io/python-discord/sir-lancebot:latest
+ imagePullPolicy: Always
+ resources:
+ requests:
+ cpu: 400m
+ memory: 200Mi
+ limits:
+ cpu: 500m
+ memory: 400Mi
+ envFrom:
+ - secretRef:
+ name: sir-lancebot-env
+ - secretRef:
+ name: redis-credentials
+ securityContext:
+ readOnlyRootFilesystem: true
+ volumeMounts:
+ - name: lancebot-data-vol
+ mountPath: /bot/bot/exts/fun/_latex_cache
+ - name: lancebot-logs-vol
+ mountPath: /bot/bot/log
+ volumes:
+ - name: lancebot-data-vol
+ emptyDir: {}
+ - name: lancebot-logs-vol
+ emptyDir: {}
+ securityContext:
+ fsGroup: 1000
+ runAsUser: 1000
+ runAsNonRoot: true
diff --git a/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml b/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml
new file mode 100644
index 0000000..9ba6a98
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml
Binary files differ
diff --git a/kubernetes/namespaces/bots/sir-robin/README.md b/kubernetes/namespaces/bots/sir-robin/README.md
new file mode 100644
index 0000000..0521359
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-robin/README.md
@@ -0,0 +1,14 @@
+## Sir-Robin
+Deployment file for @Sir-Robin, the not-quite-so-bot as Sir Lancebot, is our humble events bot.
+He is tasked with dealing with all the things that the event team can throw at it!
+
+## Secrets
+This deployment expects a number of secrets/environment variables to exist in a secret called `sir-robin-env`. The bot also relies on redis credentials being available in a secret named `redis-credentials`
+
+| Environment | Description |
+|---------------------------|------------------------------------------------|
+| AOC_RAW_LEADERBOARDS | A list of all AOC leaderboards to use |
+| AOC_STAFF_LEADERBOARD_ID | The staff AOC leaderboard. |
+| BOT_SENTRY_DSN | The sentry DSN to send warning & error logs to |
+| BOT_TOKEN | The bot token to run the bot on. |
+| CODE_JAM_API_KEY | The API key to the code jam management system |
diff --git a/kubernetes/namespaces/bots/sir-robin/configmap.yaml b/kubernetes/namespaces/bots/sir-robin/configmap.yaml
new file mode 100644
index 0000000..33b58a3
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-robin/configmap.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: sir-robin-config-env
+ namespace: bots
+data:
+ AOC_YEAR: '2023'
+ BOT_DEBUG: 'False'
+ CATEGORY_SUMMER_CODE_JAM: '1141401271635554334'
diff --git a/kubernetes/namespaces/bots/sir-robin/deployment.yaml b/kubernetes/namespaces/bots/sir-robin/deployment.yaml
new file mode 100644
index 0000000..1ffda36
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-robin/deployment.yaml
@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: sir-robin
+ namespace: bots
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: sir-robin
+ template:
+ metadata:
+ labels:
+ app: sir-robin
+ spec:
+ securityContext:
+ fsGroup: 2000
+ runAsUser: 1000
+ runAsNonRoot: true
+ containers:
+ - name: sir-robin
+ image: ghcr.io/python-discord/sir-robin:latest
+ imagePullPolicy: Always
+ resources:
+ requests:
+ cpu: 500m
+ memory: 300Mi
+ limits:
+ cpu: 750m
+ memory: 600Mi
+ envFrom:
+ - secretRef:
+ name: sir-robin-env
+ - secretRef:
+ name: redis-credentials
+ - configMapRef:
+ name: sir-robin-config-env
+ securityContext:
+ readOnlyRootFilesystem: true
diff --git a/kubernetes/namespaces/bots/sir-robin/secrets.yaml b/kubernetes/namespaces/bots/sir-robin/secrets.yaml
new file mode 100644
index 0000000..ade44c0
--- /dev/null
+++ b/kubernetes/namespaces/bots/sir-robin/secrets.yaml
Binary files differ