From 661f49409e69f5cfafbef4cd41411a72ebc5418d Mon Sep 17 00:00:00 2001 From: Chris Lovering Date: Sun, 13 Aug 2023 20:01:42 +0100 Subject: Copy all files from kubernetes repo into this one MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit is a like-for-like copy of the [kubernetes repo](https://github.com/python-discord/kubernetes) check that repo for comit history prioir to this commit. Co-authored-by: Amrou Bellalouna Co-authored-by: Bradley Reynolds Co-authored-by: Chris Co-authored-by: Chris Lovering Co-authored-by: ChrisJL Co-authored-by: Den4200 Co-authored-by: GDWR Co-authored-by: Hassan Abouelela Co-authored-by: Hassan Abouelela Co-authored-by: jchristgit Co-authored-by: Joe Banks <20439493+jb3@users.noreply.github.com> Co-authored-by: Joe Banks Co-authored-by: Joe Banks Co-authored-by: Johannes Christ Co-authored-by: Kieran Siek Co-authored-by: kosayoda Co-authored-by: ks129 <45097959+ks129@users.noreply.github.com> Co-authored-by: Leon Sand├©y Co-authored-by: Leon Sand├©y Co-authored-by: MarkKoz Co-authored-by: Matteo Bertucci Co-authored-by: Sebastiaan Zeeff <33516116+SebastiaanZ@users.noreply.github.com> Co-authored-by: Sebastiaan Zeeff Co-authored-by: vcokltfre --- kubernetes/namespaces/default/pinnwand/README.md | 8 +++ .../default/pinnwand/defaults-configmap.yaml | 34 +++++++++++++ .../namespaces/default/pinnwand/deployment.yaml | 56 +++++++++++++++++++++ .../namespaces/default/pinnwand/ingress.yaml | 24 +++++++++ .../namespaces/default/pinnwand/secrets.yaml | Bin 0 -> 316 bytes .../namespaces/default/pinnwand/service.yaml | 11 ++++ 6 files changed, 133 insertions(+) create mode 100644 kubernetes/namespaces/default/pinnwand/README.md create mode 100644 kubernetes/namespaces/default/pinnwand/defaults-configmap.yaml create mode 100644 kubernetes/namespaces/default/pinnwand/deployment.yaml create mode 100644 kubernetes/namespaces/default/pinnwand/ingress.yaml create mode 100644 kubernetes/namespaces/default/pinnwand/secrets.yaml create mode 100644 kubernetes/namespaces/default/pinnwand/service.yaml (limited to 'kubernetes/namespaces/default/pinnwand') diff --git a/kubernetes/namespaces/default/pinnwand/README.md b/kubernetes/namespaces/default/pinnwand/README.md new file mode 100644 index 0000000..945b357 --- /dev/null +++ b/kubernetes/namespaces/default/pinnwand/README.md @@ -0,0 +1,8 @@ +# pinnwand +These manifests provision an instance of the pinnwand service used on https://paste.pythondiscord.com. + +A init-service is used to download the Python Discord banner logo and save it to a volume, as pinnwand expects it to be present within the image. + +## Secrets & config +This deployment expects an env var named `PINNWAND_DATABASE_URI` to exist in a secret called `pinnwand-postgres-connection`. +All other configuration can be found in `defaults-configmap.yaml`. diff --git a/kubernetes/namespaces/default/pinnwand/defaults-configmap.yaml b/kubernetes/namespaces/default/pinnwand/defaults-configmap.yaml new file mode 100644 index 0000000..96fa074 --- /dev/null +++ b/kubernetes/namespaces/default/pinnwand/defaults-configmap.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: pinnwand-config +data: + config.toml: | + # Maximum size in bytes of pastes + paste_size = 524288 + + default_selected_lexer = "python" + # List of lexers to pin to the top of the dropdown list + preferred_lexers = ["python", "autodetect", "pytb", "pycon", "text", "markdown", "restructuredtext", "sql"] + + page_list = ["about", "removal"] + footer = 'View source code, removal information, or read the about page.' + + paste_help = '''

Welcome to Python Discord's pastebin, powered by pinnwand. It allows you to share code with others. If you write code in the text area below and press the paste button you will be given a link you can share with others so they can view your code as well.

People with the link can view your pasted code, only you can remove your paste and it expires automatically. Note that anyone could guess the URI to your paste so don't rely on it being private.

''' + expiries.30days = 2592000 + expiries.7days = 604800 + expiries.1day = 86400 + + ratelimit.read.capacity = 100 + ratelimit.read.consume = 1 + ratelimit.read.refill = 2 + + ratelimit.create.capacity = 10 # Default is 2 + ratelimit.create.consume = 1 # Default is 2 + ratelimit.create.refill = 10 # Default is 1 + + ratelimit.delete.capacity = 2 + ratelimit.delete.consume = 2 + ratelimit.delete.refill = 1 + + report_email = "paste-abuse@pythondiscord.com" diff --git a/kubernetes/namespaces/default/pinnwand/deployment.yaml b/kubernetes/namespaces/default/pinnwand/deployment.yaml new file mode 100644 index 0000000..2a6525a --- /dev/null +++ b/kubernetes/namespaces/default/pinnwand/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pinnwand +spec: + replicas: 1 + selector: + matchLabels: + app: pinnwand + template: + metadata: + labels: + app: pinnwand + spec: + initContainers: + - name: init-service + image: busybox:latest + command: ["wget", "https://raw.githubusercontent.com/python-discord/branding/main/logos/badge/badge_512x172.png", "-O", "/tmp/logo.png"] + volumeMounts: + - name: pinnwand-logo + mountPath: /tmp/ + containers: + - name: pinnwand + image: ghcr.io/supakeen/pinnwand:v1.5.0-psql + command: ["venv/bin/python3", "-m", "pinnwand", "-vvvvvvvv", "--configuration-path", "/config/config.toml", "http"] + imagePullPolicy: Always + resources: + requests: + cpu: 5m + memory: 70Mi + limits: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 8000 + envFrom: + - secretRef: + name: pinnwand-postgres-connection + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - name: pinnwand-config + mountPath: /config/ + - name: pinnwand-logo + mountPath: /usr/app/pinnwand/static/logo.png + subPath: logo.png + volumes: + - name: pinnwand-logo + emptyDir: {} + - name: pinnwand-config + configMap: + name: pinnwand-config + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/default/pinnwand/ingress.yaml b/kubernetes/namespaces/default/pinnwand/ingress.yaml new file mode 100644 index 0000000..17dcb83 --- /dev/null +++ b/kubernetes/namespaces/default/pinnwand/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + name: pinnwand +spec: + tls: + - hosts: + - "*.pythondiscord.com" + secretName: pythondiscord.com-tls + rules: + - host: paste.pythondiscord.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pinnwand + port: + number: 80 diff --git a/kubernetes/namespaces/default/pinnwand/secrets.yaml b/kubernetes/namespaces/default/pinnwand/secrets.yaml new file mode 100644 index 0000000..7fb586b Binary files /dev/null and b/kubernetes/namespaces/default/pinnwand/secrets.yaml differ diff --git a/kubernetes/namespaces/default/pinnwand/service.yaml b/kubernetes/namespaces/default/pinnwand/service.yaml new file mode 100644 index 0000000..be6bc4f --- /dev/null +++ b/kubernetes/namespaces/default/pinnwand/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: pinnwand +spec: + selector: + app: pinnwand + ports: + - protocol: TCP + port: 80 + targetPort: 8000 -- cgit v1.2.3