diff options
Diffstat (limited to 'kubernetes/namespaces/bots')
20 files changed, 356 insertions, 0 deletions
diff --git a/kubernetes/namespaces/bots/black-knight/README.md b/kubernetes/namespaces/bots/black-knight/README.md new file mode 100644 index 0000000..d1f8d89 --- /dev/null +++ b/kubernetes/namespaces/bots/black-knight/README.md @@ -0,0 +1,16 @@ +## Black Knight +Deployment file for @Black-Knight, our courageous and ever present anti-raid bot. + +## Secrets +This deployment expects a number of secrets/environment variables to exist in a secret called `black-knight-env`. + +| Environment | Description | +|-----------------------|-------------------------------------------------------------------| +| BOT_TOKEN | The Discord bot token for Black Knight to connect to Discord with | +| DATABASE_URL | A full PostgreSQL connection string to the postgres db | +| BOT_SENTRY_DSN | The DSN to connect send sentry reports to | + +Black knight also requires a redis password, which is pulled from the `redis-credentials` secret. +``` +REDIS_PASSWORD - The password to redis +``` diff --git a/kubernetes/namespaces/bots/black-knight/deployment.yaml b/kubernetes/namespaces/bots/black-knight/deployment.yaml new file mode 100644 index 0000000..9d27e07 --- /dev/null +++ b/kubernetes/namespaces/bots/black-knight/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: black-knight + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: black-knight + template: + metadata: + labels: + app: black-knight + spec: + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true + containers: + - name: black-knight + image: ghcr.io/python-discord/black-knight:latest + imagePullPolicy: Always + resources: + requests: + cpu: 500m + memory: 300Mi + limits: + cpu: 750m + memory: 600Mi + envFrom: + - secretRef: + name: black-knight-env + - secretRef: + name: redis-credentials + securityContext: + readOnlyRootFilesystem: true + imagePullSecrets: + - name: ghcr-pull-secret diff --git a/kubernetes/namespaces/bots/black-knight/secrets.yaml b/kubernetes/namespaces/bots/black-knight/secrets.yaml Binary files differnew file mode 100644 index 0000000..6b8ef8f --- /dev/null +++ b/kubernetes/namespaces/bots/black-knight/secrets.yaml diff --git a/kubernetes/namespaces/bots/bot/README.md b/kubernetes/namespaces/bots/bot/README.md new file mode 100644 index 0000000..565cf70 --- /dev/null +++ b/kubernetes/namespaces/bots/bot/README.md @@ -0,0 +1,15 @@ +## Bot + +Deployment file for @Python, our valiant community bot and workhorse. + +## Secrets +This deployment expects a number of secrets and environment variables to exist in a secret called `bot-env`. + +| Environment | Description | +|-------------------|-------------------------------------------------------------| +| API_KEYS_GITHUB | An API key for Github's API. | +| API_KEYS_SITE_API | The token to access our site's API. | +| BOT_SENTRY_DSN | The sentry DSN to send sentry events to. | +| BOT_TOKEN | The Discord bot token to run the bot on. | +| METABASE_PASSWORD | Password for Metabase | +| METABASE_USERNAME | Username for Metabase | diff --git a/kubernetes/namespaces/bots/bot/configmap.yaml b/kubernetes/namespaces/bots/bot/configmap.yaml new file mode 100644 index 0000000..8e04e35 --- /dev/null +++ b/kubernetes/namespaces/bots/bot/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: bot-config-env + namespace: bots +data: + BOT_TRACE_LOGGERS: bot.utils.scheduling.ModPingsOnOff,bot.exts.moderation.modpings,bot.exts.backend.sync._syncers + DEBUG: 'False' + DUCK_POND_EXTRA_CHANNEL_BLACKLIST: "[291284109232308226,463035241142026251,463035268514185226]" # The 3 off-topic channels + URLS_PASTE_URL: https://paste.pythondiscord.com diff --git a/kubernetes/namespaces/bots/bot/deployment.yaml b/kubernetes/namespaces/bots/bot/deployment.yaml new file mode 100644 index 0000000..033c2b9 --- /dev/null +++ b/kubernetes/namespaces/bots/bot/deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bot + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: bot + template: + metadata: + labels: + app: bot + spec: + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true + containers: + - name: bot + image: ghcr.io/python-discord/bot:latest + imagePullPolicy: Always + resources: + requests: + cpu: 750m + memory: 600Mi + limits: + cpu: 1000m + memory: 1400Mi + envFrom: + - secretRef: + name: bot-env + - secretRef: + name: redis-credentials + - configMapRef: + name: bot-config-env + volumeMounts: + - mountPath: /bot/logs + name: logs-vol + - mountPath: /.cache/python-tldextract + name: tldextract-cache + securityContext: + readOnlyRootFilesystem: true + volumes: + - name: logs-vol + emptyDir: {} + - name: tldextract-cache + emptyDir: {} diff --git a/kubernetes/namespaces/bots/bot/secrets.yaml b/kubernetes/namespaces/bots/bot/secrets.yaml Binary files differnew file mode 100644 index 0000000..156c55a --- /dev/null +++ b/kubernetes/namespaces/bots/bot/secrets.yaml diff --git a/kubernetes/namespaces/bots/king-arthur/README.md b/kubernetes/namespaces/bots/king-arthur/README.md new file mode 100644 index 0000000..704d45b --- /dev/null +++ b/kubernetes/namespaces/bots/king-arthur/README.md @@ -0,0 +1,12 @@ +# King Arthur + +Deployment file for @King Arthur, our DevOps helper bot. + +## Secrets +This deployment expects a number of secrets and environment variables to exist in a secret called `king-arthur-env`. + +| Environment | Description | +| ---------------------------- | ------------------------------------------------------------------------- | +| KING_ARTHUR_TOKEN | The token to authorize with Discord | +| KING_ARTHUR_NOTION_API_TOKEN | The API token to the notion API | +| KING_ARTHUR_CLOUDFLARE_TOKEN | A token for the Cloudflare API used for the Cloudflare commands in Arthur | diff --git a/kubernetes/namespaces/bots/king-arthur/deployment.yaml b/kubernetes/namespaces/bots/king-arthur/deployment.yaml new file mode 100644 index 0000000..b5250ba --- /dev/null +++ b/kubernetes/namespaces/bots/king-arthur/deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: king-arthur + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: king-arthur + template: + metadata: + labels: + app: king-arthur + spec: + serviceAccountName: king-arthur + containers: + - name: king-arthur + image: ghcr.io/python-discord/king-arthur:latest + imagePullPolicy: Always + resources: + requests: + cpu: 600m + memory: 500Mi + limits: + cpu: 800m + memory: 800Mi + envFrom: + - secretRef: + name: king-arthur-env + securityContext: + readOnlyRootFilesystem: true + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/bots/king-arthur/secrets.yaml b/kubernetes/namespaces/bots/king-arthur/secrets.yaml Binary files differnew file mode 100644 index 0000000..dda3686 --- /dev/null +++ b/kubernetes/namespaces/bots/king-arthur/secrets.yaml diff --git a/kubernetes/namespaces/bots/king-arthur/service-account.yaml b/kubernetes/namespaces/bots/king-arthur/service-account.yaml new file mode 100644 index 0000000..c971205 --- /dev/null +++ b/kubernetes/namespaces/bots/king-arthur/service-account.yaml @@ -0,0 +1,28 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: king-arthur +rules: +- apiGroups: ["", "extensions", "apps", "batch", "rbac.authorization.k8s.io", "cert-manager.io"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: king-arthur + namespace: bots +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: king-arthur +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: king-arthur +subjects: + - kind: ServiceAccount + name: king-arthur + namespace: bots diff --git a/kubernetes/namespaces/bots/metricity/README.md b/kubernetes/namespaces/bots/metricity/README.md new file mode 100644 index 0000000..30c8b95 --- /dev/null +++ b/kubernetes/namespaces/bots/metricity/README.md @@ -0,0 +1,13 @@ +# Metricity + +This folder contains the secrets for the metricity service. + +The actual metricity deployment manifest can be found inside the metricity repository at [python-discord/metricity](https://github.com/python-discord/metricity). + +## Secrets +A single secret of name `metricity-env` is used with the following values: + +| Environment | Description | +|--------------|------------------------------------| +| BOT_TOKEN | The Discord bot token to run under | +| DATABASE_URI | Database URI to save the states to | diff --git a/kubernetes/namespaces/bots/metricity/secrets.yaml b/kubernetes/namespaces/bots/metricity/secrets.yaml Binary files differnew file mode 100644 index 0000000..a4a11b5 --- /dev/null +++ b/kubernetes/namespaces/bots/metricity/secrets.yaml diff --git a/kubernetes/namespaces/bots/sir-lancebot/README.md b/kubernetes/namespaces/bots/sir-lancebot/README.md new file mode 100644 index 0000000..293a955 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-lancebot/README.md @@ -0,0 +1,29 @@ +## Sir Lancebot +``` +Oh brave Sir Lancebot! + +Whereat he turned and stood with folded arms and numerous antennae, +"Why frown upon a friend? Few live that have too many." +A weary-waiting optical array, now calibrated to a sad wrath. +Hereafter, thus t'was with him that we hath forged our path. +``` + +## Secrets +This deployment expects a number of secrets and environment variables to exist in a secret called `sir-lancebot-env` shown below. The bot also relies on redis credentials being available in a secret named `redis-credentials` + + +| Environment | Description | +|---------------------------|------------------------------------------| +| BOT_SENTRY_DSN | The DSN for the Sentry project. | +| CLIENT_DEBUG | Should the bot start in DEBUG mode? | +| CLIENT_TOKEN | The bot token to run the bot on. | +| LATEX_API_URL | The URl tha the latex API is served from | +| TOKENS_GIPHY | API key for Giphy. | +| TOKENS_GITHUB | GitHub access token, for Hacktoberstats. | +| TOKENS_IGDB_CLIENT_ID | Client ID IGDB - used to find games. | +| TOKENS_IGDB_CLIENT_SECRET | Client secret IGDB - used to find games. | +| TOKENS_NASA | API key for NASA. | +| TOKENS_TMDB | Token for TMBD. Used for scarymovie.py. | +| TOKENS_UNSPLASH | Token for unsplash. | +| TOKENS_YOUTUBE | API key for YouTube. | +| WOLFRAM_KEY | API key for Wolfram Alpha. | diff --git a/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml b/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml new file mode 100644 index 0000000..981107c --- /dev/null +++ b/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sir-lancebot + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: sir-lancebot + template: + metadata: + labels: + app: sir-lancebot + spec: + containers: + - name: sir-lancebot + image: ghcr.io/python-discord/sir-lancebot:latest + imagePullPolicy: Always + resources: + requests: + cpu: 400m + memory: 200Mi + limits: + cpu: 500m + memory: 400Mi + envFrom: + - secretRef: + name: sir-lancebot-env + - secretRef: + name: redis-credentials + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - name: lancebot-data-vol + mountPath: /bot/bot/exts/fun/_latex_cache + - name: lancebot-logs-vol + mountPath: /bot/bot/log + volumes: + - name: lancebot-data-vol + emptyDir: {} + - name: lancebot-logs-vol + emptyDir: {} + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml b/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml Binary files differnew file mode 100644 index 0000000..9ba6a98 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml diff --git a/kubernetes/namespaces/bots/sir-robin/README.md b/kubernetes/namespaces/bots/sir-robin/README.md new file mode 100644 index 0000000..0521359 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-robin/README.md @@ -0,0 +1,14 @@ +## Sir-Robin +Deployment file for @Sir-Robin, the not-quite-so-bot as Sir Lancebot, is our humble events bot. +He is tasked with dealing with all the things that the event team can throw at it! + +## Secrets +This deployment expects a number of secrets/environment variables to exist in a secret called `sir-robin-env`. The bot also relies on redis credentials being available in a secret named `redis-credentials` + +| Environment | Description | +|---------------------------|------------------------------------------------| +| AOC_RAW_LEADERBOARDS | A list of all AOC leaderboards to use | +| AOC_STAFF_LEADERBOARD_ID | The staff AOC leaderboard. | +| BOT_SENTRY_DSN | The sentry DSN to send warning & error logs to | +| BOT_TOKEN | The bot token to run the bot on. | +| CODE_JAM_API_KEY | The API key to the code jam management system | diff --git a/kubernetes/namespaces/bots/sir-robin/configmap.yaml b/kubernetes/namespaces/bots/sir-robin/configmap.yaml new file mode 100644 index 0000000..33b58a3 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-robin/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: sir-robin-config-env + namespace: bots +data: + AOC_YEAR: '2023' + BOT_DEBUG: 'False' + CATEGORY_SUMMER_CODE_JAM: '1141401271635554334' diff --git a/kubernetes/namespaces/bots/sir-robin/deployment.yaml b/kubernetes/namespaces/bots/sir-robin/deployment.yaml new file mode 100644 index 0000000..1ffda36 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-robin/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sir-robin + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: sir-robin + template: + metadata: + labels: + app: sir-robin + spec: + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true + containers: + - name: sir-robin + image: ghcr.io/python-discord/sir-robin:latest + imagePullPolicy: Always + resources: + requests: + cpu: 500m + memory: 300Mi + limits: + cpu: 750m + memory: 600Mi + envFrom: + - secretRef: + name: sir-robin-env + - secretRef: + name: redis-credentials + - configMapRef: + name: sir-robin-config-env + securityContext: + readOnlyRootFilesystem: true diff --git a/kubernetes/namespaces/bots/sir-robin/secrets.yaml b/kubernetes/namespaces/bots/sir-robin/secrets.yaml Binary files differnew file mode 100644 index 0000000..ade44c0 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-robin/secrets.yaml |