diff options
Diffstat (limited to 'kubernetes/namespaces/default')
| -rw-r--r-- | kubernetes/namespaces/default/bitwarden/README.md | 14 | ||||
| -rw-r--r-- | kubernetes/namespaces/default/bitwarden/configmap.yaml | 23 | ||||
| -rw-r--r-- | kubernetes/namespaces/default/bitwarden/deployment.yaml | 34 | ||||
| -rw-r--r-- | kubernetes/namespaces/default/bitwarden/ingress.yaml | 24 | ||||
| -rw-r--r-- | kubernetes/namespaces/default/bitwarden/secrets.yaml | bin | 345 -> 0 bytes | |||
| -rw-r--r-- | kubernetes/namespaces/default/bitwarden/service.yaml | 9 | ||||
| -rw-r--r-- | kubernetes/namespaces/default/policy-bot/README.md | 24 | ||||
| -rw-r--r-- | kubernetes/namespaces/default/policy-bot/configmap.yaml | 49 | ||||
| -rw-r--r-- | kubernetes/namespaces/default/policy-bot/deployment.yaml | 43 | ||||
| -rw-r--r-- | kubernetes/namespaces/default/policy-bot/ingress.yaml | 24 | ||||
| -rw-r--r-- | kubernetes/namespaces/default/policy-bot/secrets.yaml | bin | 2254 -> 0 bytes | |||
| -rw-r--r-- | kubernetes/namespaces/default/policy-bot/service.yaml | 11 | 
12 files changed, 0 insertions, 255 deletions
| diff --git a/kubernetes/namespaces/default/bitwarden/README.md b/kubernetes/namespaces/default/bitwarden/README.md deleted file mode 100644 index 37f01eb..0000000 --- a/kubernetes/namespaces/default/bitwarden/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# BitWarden - -Our internal password manager, used by the admins to share passwords for our services. Hosted at https://bitwarden.pythondiscord.com - -To deploy this, first set up the secrets (see below) and then run `kubectl apply -f .` in this folder. - -## Secrets -This deployment expects a few secrets to exist in a secret called `bitwarden-secret-env`. - - -| Environment           | Description                               | -|-----------------------|-------------------------------------------| -| ADMIN_TOKEN           | 64-character token used for initial login | -| DATABASE_URL          | Database string: host://user:pass/db      | diff --git a/kubernetes/namespaces/default/bitwarden/configmap.yaml b/kubernetes/namespaces/default/bitwarden/configmap.yaml deleted file mode 100644 index c758f5d..0000000 --- a/kubernetes/namespaces/default/bitwarden/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: -  name: bitwarden-config-env -data: -  # Domain to access bitwarden by -  DOMAIN: "https://bitwarden.pythondiscord.com" - -  # Password hint must be sent to an email when this is false. -  # When it's true, it'll be shown right on the page. -  SHOW_PASSWORD_HINT: "false" - -  # Admins only, please! -  SIGNUPS_ALLOWED: "false" - -  # Used for LiveSync -  WEBSOCKET_ENABLED: "true" - -  # Max conns to the DB -  DATABASE_MAX_CONNS: "2" - -  # Force bitwarden to use postgres, rather than it's own volume -  I_REALLY_WANT_VOLATILE_STORAGE: "true" diff --git a/kubernetes/namespaces/default/bitwarden/deployment.yaml b/kubernetes/namespaces/default/bitwarden/deployment.yaml deleted file mode 100644 index 70a22ce..0000000 --- a/kubernetes/namespaces/default/bitwarden/deployment.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: -  name: bitwarden -spec: -  replicas: 1 -  selector: -    matchLabels: -      app: bitwarden -  template: -    metadata: -      labels: -        app: bitwarden -    spec: -      containers: -        - name: bitwarden -          image: vaultwarden/server:latest -          imagePullPolicy: Always -          resources: -            requests: -              cpu: 1m -              memory: 50Mi -            limits: -              cpu: 50m -              memory: 100Mi -          ports: -            - containerPort: 80 -          envFrom: -            - secretRef: -                name: bitwarden-secret-env -            - configMapRef: -                name: bitwarden-config-env -          securityContext: -            readOnlyRootFilesystem: true diff --git a/kubernetes/namespaces/default/bitwarden/ingress.yaml b/kubernetes/namespaces/default/bitwarden/ingress.yaml deleted file mode 100644 index d0371f6..0000000 --- a/kubernetes/namespaces/default/bitwarden/ingress.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: -  annotations: -    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" -    nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" -    nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" -  name: bitwarden -spec: -  tls: -  - hosts: -      - "*.pythondiscord.com" -    secretName: pythondiscord.com-tls -  rules: -  - host: bitwarden.pythondiscord.com -    http: -      paths: -      - path: / -        pathType: Prefix -        backend: -          service: -            name: bitwarden -            port: -              number: 80 diff --git a/kubernetes/namespaces/default/bitwarden/secrets.yaml b/kubernetes/namespaces/default/bitwarden/secrets.yamlBinary files differ deleted file mode 100644 index 34cfd7a..0000000 --- a/kubernetes/namespaces/default/bitwarden/secrets.yaml +++ /dev/null diff --git a/kubernetes/namespaces/default/bitwarden/service.yaml b/kubernetes/namespaces/default/bitwarden/service.yaml deleted file mode 100644 index 3df8cc2..0000000 --- a/kubernetes/namespaces/default/bitwarden/service.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -  name: bitwarden -spec: -  ports: -    - port: 80 -  selector: -    app: bitwarden diff --git a/kubernetes/namespaces/default/policy-bot/README.md b/kubernetes/namespaces/default/policy-bot/README.md deleted file mode 100644 index ed44a63..0000000 --- a/kubernetes/namespaces/default/policy-bot/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# Policy Bot -Policy Bot is our instance of [palantir/policy-bot](https://github.com/palantir/policy-bot) for managing review policy across our GitHub repositories. - -Actual review policy is stored inside our GitHub repositories in the `.github/review-policy.yml` file, so the configuration here is purely for interacting with GitHub and some lower level things. - -## GitHub Configuration - -Follow the instructions in the [repository](https://github.com/palantir/policy-bot#deployment) to provision a GitHub application. Our manifests are configured to run the policy bot at https://policy-bot.pythondiscord.com/. - -## Secrets - -This app requires a `policy-bot-defaults` secret with the following entries: - -| Environment                                      | Description                                                           | -|--------------------------------------------------|-----------------------------------------------------------------------| -| GITHUB_APP_PRIVATE_KEY                           | Contents of the PEM certificate downloadable from the GitHub App page | -| GITHUB_APP_WEBHOOK_SECRET                        | Webhook secret from GitHub App Page                                   | -| GITHUB_OAUTH_CLIENT_SECRET                       | OAuth 2 client secret from Github App page                            | -| POLICYBOT_OPTIONS_DO_NOT_LOAD_COMMIT_PUSHED_DATE | Set to True to not use deprecated commit_pushed_date from Github API  | -| POLICYBOT_SESSIONS_KEY                           | Random characters for signing user sessions                           | - -Run `kubectl apply -f .` inside this directory to apply the the configuration. - -Access the running application over [policy-bot.pythondiscord.com]([https://policy-bot.pythondiscord.com/])! diff --git a/kubernetes/namespaces/default/policy-bot/configmap.yaml b/kubernetes/namespaces/default/policy-bot/configmap.yaml deleted file mode 100644 index 6183948..0000000 --- a/kubernetes/namespaces/default/policy-bot/configmap.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: -  name: policy-bot-defaults -data: -  policy-bot.yml: | -    # Options for the http server -    server: -      # The listen address and port -      address: "0.0.0.0" -      port: 8080 -      # The public URL, used for URL generation when the server is behind a proxy -      public_url: https://policy-bot.pythondiscord.com/ - -    # Options for logging output -    logging: -      # If true, logs are printed in human-readable form. We recommend using -      # "false" to output JSON-formatted logs in production -      text: false -      # Set a minimum logging level threshold -      # Choose from: debug, info, warn, error -      level: debug - -    # Options for connecting to GitHub -    github: -      # The URL of the GitHub homepage. Can also be set by the GITHUB_WEB_URL -      # environment variable. -      web_url: "https://github.com" -      # The base URL for v3 (REST) API requests. Can also be set by the -      # GITHUB_V3_API_URL environment variable. -      v3_api_url: "https://api.github.com" -      # The base URL for v4 (GraphQL) API requests. Can also be set by the -      # GITHUB_V4_API_URL environment variable. -      v4_api_url: "https://api.github.com/graphql" -      app: -        # The integration ID of the GitHub app. Can also be set by the -        # GITHUB_APP_INTEGRATION_ID environment variable. -        integration_id: 91554 -      oauth: -        # The client ID of the OAuth app associated with the GitHub app. Can also -        # be set by the GITHUB_OAUTH_CLIENT_ID environment variable. -        client_id: "Iv1.5be42b7c960b1ab2" - -    # Options for application behavior -    options: -      # The path within repositories to find the policy.yml file -      policy_path: .github/review-policy.yml -      # The context prefix for status checks created by the bot -      status_check_context: "Review requirements" diff --git a/kubernetes/namespaces/default/policy-bot/deployment.yaml b/kubernetes/namespaces/default/policy-bot/deployment.yaml deleted file mode 100644 index 1b3f96b..0000000 --- a/kubernetes/namespaces/default/policy-bot/deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: -  name: policy-bot -spec: -  replicas: 1 -  selector: -    matchLabels: -      app: policy-bot -  template: -    metadata: -      labels: -        app: policy-bot -    spec: -      containers: -        - name: policy-bot -          image: palantirtechnologies/policy-bot:latest -          imagePullPolicy: Always -          resources: -            requests: -              cpu: 50m -              memory: 50Mi -            limits: -              cpu: 100m -              memory: 100Mi -          ports: -            - containerPort: 8080 -          volumeMounts: -            - mountPath: /secrets -              name: policy-bot-config -          securityContext: -            readOnlyRootFilesystem: true -          envFrom: -            - secretRef: -                name: policy-bot-secrets -      volumes: -        - name: policy-bot-config -          configMap: -            name: policy-bot-defaults -      securityContext: -        fsGroup: 2000 -        runAsUser: 1000 -        runAsNonRoot: true diff --git a/kubernetes/namespaces/default/policy-bot/ingress.yaml b/kubernetes/namespaces/default/policy-bot/ingress.yaml deleted file mode 100644 index 088dd01..0000000 --- a/kubernetes/namespaces/default/policy-bot/ingress.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: -  annotations: -    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" -    nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" -    nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" -  name: policy-bot -spec: -  tls: -  - hosts: -      - "*.pythondiscord.com" -    secretName: pythondiscord.com-tls -  rules: -  - host: policy-bot.pythondiscord.com -    http: -      paths: -      - path: / -        pathType: Prefix -        backend: -          service: -            name: policy-bot -            port: -              number: 80 diff --git a/kubernetes/namespaces/default/policy-bot/secrets.yaml b/kubernetes/namespaces/default/policy-bot/secrets.yamlBinary files differ deleted file mode 100644 index 9d91e70..0000000 --- a/kubernetes/namespaces/default/policy-bot/secrets.yaml +++ /dev/null diff --git a/kubernetes/namespaces/default/policy-bot/service.yaml b/kubernetes/namespaces/default/policy-bot/service.yaml deleted file mode 100644 index da0fb64..0000000 --- a/kubernetes/namespaces/default/policy-bot/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: -  name: policy-bot -spec: -  selector: -    app: policy-bot -  ports: -    - protocol: TCP -      port: 80 -      targetPort: 8080 | 
