diff options
Diffstat (limited to 'kubernetes/namespaces/apis')
| -rw-r--r-- | kubernetes/namespaces/apis/code-jam-management/README.md | 11 | ||||
| -rw-r--r-- | kubernetes/namespaces/apis/code-jam-management/deployment.yaml | 41 | ||||
| -rw-r--r-- | kubernetes/namespaces/apis/code-jam-management/secrets.yaml | bin | 0 -> 362 bytes | |||
| -rw-r--r-- | kubernetes/namespaces/apis/code-jam-management/service.yaml | 12 | ||||
| -rw-r--r-- | kubernetes/namespaces/apis/patsy/README.md | 17 | ||||
| -rw-r--r-- | kubernetes/namespaces/apis/patsy/deployment.yaml | 41 | ||||
| -rw-r--r-- | kubernetes/namespaces/apis/patsy/secrets.yaml | bin | 0 -> 372 bytes | |||
| -rw-r--r-- | kubernetes/namespaces/apis/patsy/service.yaml | 12 | ||||
| -rw-r--r-- | kubernetes/namespaces/apis/quackstack/README.md | 7 | ||||
| -rw-r--r-- | kubernetes/namespaces/apis/quackstack/deployment.yaml | 21 | ||||
| -rw-r--r-- | kubernetes/namespaces/apis/quackstack/ingress.yaml | 25 | ||||
| -rw-r--r-- | kubernetes/namespaces/apis/quackstack/service.yaml | 12 |
12 files changed, 199 insertions, 0 deletions
diff --git a/kubernetes/namespaces/apis/code-jam-management/README.md b/kubernetes/namespaces/apis/code-jam-management/README.md new file mode 100644 index 0000000..b377130 --- /dev/null +++ b/kubernetes/namespaces/apis/code-jam-management/README.md @@ -0,0 +1,11 @@ +# Code Jam Management + +This contains the deployment for the internal [code jam management](https://github.com/python-discord/code-jam-management) service. + +### Required Secret +In a secret named `code-jam-management-env`: + +| Environment | Description | +|--------------|------------------------------------------------------------------------| +| API_TOKEN | A random string to use as the auth token for making requests to CJMS | +| DATABASE_URL | `postgres://<user>:<password>@<host>:<port>/<name>` | diff --git a/kubernetes/namespaces/apis/code-jam-management/deployment.yaml b/kubernetes/namespaces/apis/code-jam-management/deployment.yaml new file mode 100644 index 0000000..bb7426f --- /dev/null +++ b/kubernetes/namespaces/apis/code-jam-management/deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: code-jam-management + namespace: apis +spec: + replicas: 1 + selector: + matchLabels: + app: code-jam-management + template: + metadata: + labels: + app: code-jam-management + spec: + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true + containers: + - name: codejam-management + image: ghcr.io/python-discord/code-jam-management:latest + imagePullPolicy: Always + volumeMounts: + - mountPath: /tmp + name: code-jam-mgmt-tmp + - mountPath: /.cache + name: code-jam-mgmt-venv + ports: + - containerPort: 8000 + envFrom: + - secretRef: + name: code-jam-management-env + securityContext: + readOnlyRootFilesystem: true + volumes: + - name: code-jam-mgmt-tmp + emptyDir: + medium: Memory + - name: code-jam-mgmt-venv + emptyDir: {} diff --git a/kubernetes/namespaces/apis/code-jam-management/secrets.yaml b/kubernetes/namespaces/apis/code-jam-management/secrets.yaml Binary files differnew file mode 100644 index 0000000..cd68b2f --- /dev/null +++ b/kubernetes/namespaces/apis/code-jam-management/secrets.yaml diff --git a/kubernetes/namespaces/apis/code-jam-management/service.yaml b/kubernetes/namespaces/apis/code-jam-management/service.yaml new file mode 100644 index 0000000..8ac85a5 --- /dev/null +++ b/kubernetes/namespaces/apis/code-jam-management/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: code-jam-management + namespace: apis +spec: + selector: + app: code-jam-management + ports: + - protocol: TCP + port: 8000 + targetPort: 8000 diff --git a/kubernetes/namespaces/apis/patsy/README.md b/kubernetes/namespaces/apis/patsy/README.md new file mode 100644 index 0000000..78e386a --- /dev/null +++ b/kubernetes/namespaces/apis/patsy/README.md @@ -0,0 +1,17 @@ +# Patsy + +Patsy is the premiere project for data collection in the python-discord toolchain. It uses word-class technology in a system architected by our in-house engineers to facilitate the automatic transfer, collection, and categorization of user data to develop user-centric solutions to real world problems. It is a marvel of engineering designed to push the limits of what we thought possible. + +The deployment for the [Patsy API](https://git.pydis.com/patsy), there is no ingress as Patsy is designed to only be accessible from within the cluster. + +This API is given help channel messages by the bot and stores them in postgres for after-the-fact processing. +The hope with this project is that we can inspect what topics get asked about often in help channels, along with which ones go un-answered the most. + +## Secret + +It requires a `patsy-env` secret with the following + +| Key | Description | +| -------------- | ------------------------------------------------------------ | +| `DATABASE_URL` | An asyncpg connection string to the postgres database | +| `STATE_SECRET` | A long random string, used to lock down endpoints with auth. | diff --git a/kubernetes/namespaces/apis/patsy/deployment.yaml b/kubernetes/namespaces/apis/patsy/deployment.yaml new file mode 100644 index 0000000..bb6f9a0 --- /dev/null +++ b/kubernetes/namespaces/apis/patsy/deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: patsy + namespace: apis +spec: + replicas: 0 + selector: + matchLabels: + app: patsy + template: + metadata: + labels: + app: patsy + spec: + containers: + - name: patsy + image: ghcr.io/python-discord/patsy:latest + imagePullPolicy: Always + ports: + - containerPort: 80 + name: http + envFrom: + - secretRef: + name: patsy-env + startupProbe: + httpGet: + path: /ping + port: http + httpHeaders: + - name: Host + value: patsy.pythondiscord.com + failureThreshold: 3 + periodSeconds: 1 + initialDelaySeconds: 10 + securityContext: + readOnlyRootFilesystem: true + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/apis/patsy/secrets.yaml b/kubernetes/namespaces/apis/patsy/secrets.yaml Binary files differnew file mode 100644 index 0000000..30d2641 --- /dev/null +++ b/kubernetes/namespaces/apis/patsy/secrets.yaml diff --git a/kubernetes/namespaces/apis/patsy/service.yaml b/kubernetes/namespaces/apis/patsy/service.yaml new file mode 100644 index 0000000..b3b2421 --- /dev/null +++ b/kubernetes/namespaces/apis/patsy/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: patsy + namespace: apis +spec: + selector: + app: patsy + ports: + - protocol: TCP + port: 80 + targetPort: 80 diff --git a/kubernetes/namespaces/apis/quackstack/README.md b/kubernetes/namespaces/apis/quackstack/README.md new file mode 100644 index 0000000..c8b8a92 --- /dev/null +++ b/kubernetes/namespaces/apis/quackstack/README.md @@ -0,0 +1,7 @@ +# QuackStack + +The deployment for the [QuackStack](https://github.com/python-discord/quackstack) project, hosted at https://quackstack.pythondiscord.com. + +This project doesn't need any configuration right now. + +To deploy this application run `kubectl apply -f .` from this directory. This will create a deployment, service and ingress. diff --git a/kubernetes/namespaces/apis/quackstack/deployment.yaml b/kubernetes/namespaces/apis/quackstack/deployment.yaml new file mode 100644 index 0000000..a3eb2f7 --- /dev/null +++ b/kubernetes/namespaces/apis/quackstack/deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: quackstack + namespace: apis +spec: + replicas: 1 + selector: + matchLabels: + app: quackstack + template: + metadata: + labels: + app: quackstack + spec: + containers: + - name: quackstack + image: ghcr.io/python-discord/quackstack:main + imagePullPolicy: Always + ports: + - containerPort: 80 diff --git a/kubernetes/namespaces/apis/quackstack/ingress.yaml b/kubernetes/namespaces/apis/quackstack/ingress.yaml new file mode 100644 index 0000000..663f90c --- /dev/null +++ b/kubernetes/namespaces/apis/quackstack/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + name: quackstack + namespace: apis +spec: + tls: + - hosts: + - "*.pythondiscord.com" + secretName: pythondiscord.com-tls + rules: + - host: quackstack.pythondiscord.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: quackstack + port: + number: 80 diff --git a/kubernetes/namespaces/apis/quackstack/service.yaml b/kubernetes/namespaces/apis/quackstack/service.yaml new file mode 100644 index 0000000..9af64fe --- /dev/null +++ b/kubernetes/namespaces/apis/quackstack/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: quackstack + namespace: apis +spec: + selector: + app: quackstack + ports: + - protocol: TCP + port: 80 + targetPort: 80 |