From 85afb3b8ca98db360c863cc56af18c411c6489e2 Mon Sep 17 00:00:00 2001 From: Joe Banks Date: Sun, 14 Apr 2024 23:12:48 +0100 Subject: Move all bots to designated namespaces --- kubernetes/namespaces/bots/black-knight/README.md | 16 +++++++ .../namespaces/bots/black-knight/deployment.yaml | 39 ++++++++++++++++ .../namespaces/bots/black-knight/secrets.yaml | Bin 0 -> 449 bytes kubernetes/namespaces/bots/bot/README.md | 15 ++++++ kubernetes/namespaces/bots/bot/configmap.yaml | 10 ++++ kubernetes/namespaces/bots/bot/deployment.yaml | 49 ++++++++++++++++++++ kubernetes/namespaces/bots/bot/secrets.yaml | Bin 0 -> 489 bytes kubernetes/namespaces/bots/king-arthur/README.md | 12 +++++ .../namespaces/bots/king-arthur/deployment.yaml | 36 +++++++++++++++ .../namespaces/bots/king-arthur/secrets.yaml | Bin 0 -> 566 bytes .../bots/king-arthur/service-account.yaml | 28 +++++++++++ kubernetes/namespaces/bots/metricity/README.md | 13 ++++++ kubernetes/namespaces/bots/metricity/secrets.yaml | Bin 0 -> 365 bytes kubernetes/namespaces/bots/sir-lancebot/README.md | 29 ++++++++++++ .../namespaces/bots/sir-lancebot/deployment.yaml | 47 +++++++++++++++++++ .../namespaces/bots/sir-lancebot/secrets.yaml | Bin 0 -> 962 bytes kubernetes/namespaces/bots/sir-robin/README.md | 14 ++++++ .../namespaces/bots/sir-robin/configmap.yaml | 9 ++++ .../namespaces/bots/sir-robin/deployment.yaml | 39 ++++++++++++++++ kubernetes/namespaces/bots/sir-robin/secrets.yaml | Bin 0 -> 1828 bytes .../namespaces/default/black-knight/README.md | 16 ------- .../default/black-knight/deployment.yaml | 38 --------------- .../namespaces/default/black-knight/secrets.yaml | Bin 452 -> 0 bytes kubernetes/namespaces/default/bot/README.md | 15 ------ kubernetes/namespaces/default/bot/configmap.yaml | 9 ---- kubernetes/namespaces/default/bot/deployment.yaml | 48 ------------------- kubernetes/namespaces/default/bot/secrets.yaml | Bin 492 -> 0 bytes .../namespaces/default/king-arthur/README.md | 12 ----- .../namespaces/default/king-arthur/deployment.yaml | 35 -------------- .../namespaces/default/king-arthur/secrets.yaml | Bin 569 -> 0 bytes .../default/king-arthur/service-account.yaml | 27 ----------- kubernetes/namespaces/default/metricity/README.md | 13 ------ .../namespaces/default/metricity/secrets.yaml | Bin 368 -> 0 bytes kubernetes/namespaces/default/modmail/README.md | 12 ----- .../namespaces/default/modmail/bot/README.md | 7 --- .../namespaces/default/modmail/bot/deployment.yaml | 50 -------------------- .../namespaces/default/modmail/configmap.yaml | 12 ----- kubernetes/namespaces/default/modmail/secrets.yaml | Bin 299 -> 0 bytes .../namespaces/default/modmail/web/README.md | 2 - .../namespaces/default/modmail/web/deployment.yaml | 38 --------------- .../namespaces/default/modmail/web/ingress.yaml | 24 ---------- .../namespaces/default/modmail/web/service.yaml | 11 ----- kubernetes/namespaces/default/redis/secrets.yaml | Bin 267 -> 567 bytes .../namespaces/default/sir-lancebot/README.md | 29 ------------ .../default/sir-lancebot/deployment.yaml | 46 ------------------- .../namespaces/default/sir-lancebot/secrets.yaml | Bin 965 -> 0 bytes kubernetes/namespaces/default/sir-robin/README.md | 14 ------ .../namespaces/default/sir-robin/configmap.yaml | 8 ---- .../namespaces/default/sir-robin/deployment.yaml | 38 --------------- .../namespaces/default/sir-robin/secrets.yaml | Bin 1831 -> 0 bytes kubernetes/namespaces/modmail/README.md | 12 +++++ kubernetes/namespaces/modmail/bot/README.md | 7 +++ kubernetes/namespaces/modmail/bot/deployment.yaml | 51 +++++++++++++++++++++ kubernetes/namespaces/modmail/configmap.yaml | 13 ++++++ kubernetes/namespaces/modmail/secrets.yaml | Bin 0 -> 299 bytes kubernetes/namespaces/modmail/web/README.md | 2 + kubernetes/namespaces/modmail/web/deployment.yaml | 39 ++++++++++++++++ kubernetes/namespaces/modmail/web/ingress.yaml | 25 ++++++++++ kubernetes/namespaces/modmail/web/service.yaml | 12 +++++ 59 files changed, 517 insertions(+), 504 deletions(-) create mode 100644 kubernetes/namespaces/bots/black-knight/README.md create mode 100644 kubernetes/namespaces/bots/black-knight/deployment.yaml create mode 100644 kubernetes/namespaces/bots/black-knight/secrets.yaml create mode 100644 kubernetes/namespaces/bots/bot/README.md create mode 100644 kubernetes/namespaces/bots/bot/configmap.yaml create mode 100644 kubernetes/namespaces/bots/bot/deployment.yaml create mode 100644 kubernetes/namespaces/bots/bot/secrets.yaml create mode 100644 kubernetes/namespaces/bots/king-arthur/README.md create mode 100644 kubernetes/namespaces/bots/king-arthur/deployment.yaml create mode 100644 kubernetes/namespaces/bots/king-arthur/secrets.yaml create mode 100644 kubernetes/namespaces/bots/king-arthur/service-account.yaml create mode 100644 kubernetes/namespaces/bots/metricity/README.md create mode 100644 kubernetes/namespaces/bots/metricity/secrets.yaml create mode 100644 kubernetes/namespaces/bots/sir-lancebot/README.md create mode 100644 kubernetes/namespaces/bots/sir-lancebot/deployment.yaml create mode 100644 kubernetes/namespaces/bots/sir-lancebot/secrets.yaml create mode 100644 kubernetes/namespaces/bots/sir-robin/README.md create mode 100644 kubernetes/namespaces/bots/sir-robin/configmap.yaml create mode 100644 kubernetes/namespaces/bots/sir-robin/deployment.yaml create mode 100644 kubernetes/namespaces/bots/sir-robin/secrets.yaml delete mode 100644 kubernetes/namespaces/default/black-knight/README.md delete mode 100644 kubernetes/namespaces/default/black-knight/deployment.yaml delete mode 100644 kubernetes/namespaces/default/black-knight/secrets.yaml delete mode 100644 kubernetes/namespaces/default/bot/README.md delete mode 100644 kubernetes/namespaces/default/bot/configmap.yaml delete mode 100644 kubernetes/namespaces/default/bot/deployment.yaml delete mode 100644 kubernetes/namespaces/default/bot/secrets.yaml delete mode 100644 kubernetes/namespaces/default/king-arthur/README.md delete mode 100644 kubernetes/namespaces/default/king-arthur/deployment.yaml delete mode 100644 kubernetes/namespaces/default/king-arthur/secrets.yaml delete mode 100644 kubernetes/namespaces/default/king-arthur/service-account.yaml delete mode 100644 kubernetes/namespaces/default/metricity/README.md delete mode 100644 kubernetes/namespaces/default/metricity/secrets.yaml delete mode 100644 kubernetes/namespaces/default/modmail/README.md delete mode 100644 kubernetes/namespaces/default/modmail/bot/README.md delete mode 100644 kubernetes/namespaces/default/modmail/bot/deployment.yaml delete mode 100644 kubernetes/namespaces/default/modmail/configmap.yaml delete mode 100644 kubernetes/namespaces/default/modmail/secrets.yaml delete mode 100644 kubernetes/namespaces/default/modmail/web/README.md delete mode 100644 kubernetes/namespaces/default/modmail/web/deployment.yaml delete mode 100644 kubernetes/namespaces/default/modmail/web/ingress.yaml delete mode 100644 kubernetes/namespaces/default/modmail/web/service.yaml delete mode 100644 kubernetes/namespaces/default/sir-lancebot/README.md delete mode 100644 kubernetes/namespaces/default/sir-lancebot/deployment.yaml delete mode 100644 kubernetes/namespaces/default/sir-lancebot/secrets.yaml delete mode 100644 kubernetes/namespaces/default/sir-robin/README.md delete mode 100644 kubernetes/namespaces/default/sir-robin/configmap.yaml delete mode 100644 kubernetes/namespaces/default/sir-robin/deployment.yaml delete mode 100644 kubernetes/namespaces/default/sir-robin/secrets.yaml create mode 100644 kubernetes/namespaces/modmail/README.md create mode 100644 kubernetes/namespaces/modmail/bot/README.md create mode 100644 kubernetes/namespaces/modmail/bot/deployment.yaml create mode 100644 kubernetes/namespaces/modmail/configmap.yaml create mode 100644 kubernetes/namespaces/modmail/secrets.yaml create mode 100644 kubernetes/namespaces/modmail/web/README.md create mode 100644 kubernetes/namespaces/modmail/web/deployment.yaml create mode 100644 kubernetes/namespaces/modmail/web/ingress.yaml create mode 100644 kubernetes/namespaces/modmail/web/service.yaml (limited to 'kubernetes/namespaces') diff --git a/kubernetes/namespaces/bots/black-knight/README.md b/kubernetes/namespaces/bots/black-knight/README.md new file mode 100644 index 0000000..d1f8d89 --- /dev/null +++ b/kubernetes/namespaces/bots/black-knight/README.md @@ -0,0 +1,16 @@ +## Black Knight +Deployment file for @Black-Knight, our courageous and ever present anti-raid bot. + +## Secrets +This deployment expects a number of secrets/environment variables to exist in a secret called `black-knight-env`. + +| Environment | Description | +|-----------------------|-------------------------------------------------------------------| +| BOT_TOKEN | The Discord bot token for Black Knight to connect to Discord with | +| DATABASE_URL | A full PostgreSQL connection string to the postgres db | +| BOT_SENTRY_DSN | The DSN to connect send sentry reports to | + +Black knight also requires a redis password, which is pulled from the `redis-credentials` secret. +``` +REDIS_PASSWORD - The password to redis +``` diff --git a/kubernetes/namespaces/bots/black-knight/deployment.yaml b/kubernetes/namespaces/bots/black-knight/deployment.yaml new file mode 100644 index 0000000..9d27e07 --- /dev/null +++ b/kubernetes/namespaces/bots/black-knight/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: black-knight + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: black-knight + template: + metadata: + labels: + app: black-knight + spec: + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true + containers: + - name: black-knight + image: ghcr.io/python-discord/black-knight:latest + imagePullPolicy: Always + resources: + requests: + cpu: 500m + memory: 300Mi + limits: + cpu: 750m + memory: 600Mi + envFrom: + - secretRef: + name: black-knight-env + - secretRef: + name: redis-credentials + securityContext: + readOnlyRootFilesystem: true + imagePullSecrets: + - name: ghcr-pull-secret diff --git a/kubernetes/namespaces/bots/black-knight/secrets.yaml b/kubernetes/namespaces/bots/black-knight/secrets.yaml new file mode 100644 index 0000000..6b8ef8f Binary files /dev/null and b/kubernetes/namespaces/bots/black-knight/secrets.yaml differ diff --git a/kubernetes/namespaces/bots/bot/README.md b/kubernetes/namespaces/bots/bot/README.md new file mode 100644 index 0000000..565cf70 --- /dev/null +++ b/kubernetes/namespaces/bots/bot/README.md @@ -0,0 +1,15 @@ +## Bot + +Deployment file for @Python, our valiant community bot and workhorse. + +## Secrets +This deployment expects a number of secrets and environment variables to exist in a secret called `bot-env`. + +| Environment | Description | +|-------------------|-------------------------------------------------------------| +| API_KEYS_GITHUB | An API key for Github's API. | +| API_KEYS_SITE_API | The token to access our site's API. | +| BOT_SENTRY_DSN | The sentry DSN to send sentry events to. | +| BOT_TOKEN | The Discord bot token to run the bot on. | +| METABASE_PASSWORD | Password for Metabase | +| METABASE_USERNAME | Username for Metabase | diff --git a/kubernetes/namespaces/bots/bot/configmap.yaml b/kubernetes/namespaces/bots/bot/configmap.yaml new file mode 100644 index 0000000..8e04e35 --- /dev/null +++ b/kubernetes/namespaces/bots/bot/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: bot-config-env + namespace: bots +data: + BOT_TRACE_LOGGERS: bot.utils.scheduling.ModPingsOnOff,bot.exts.moderation.modpings,bot.exts.backend.sync._syncers + DEBUG: 'False' + DUCK_POND_EXTRA_CHANNEL_BLACKLIST: "[291284109232308226,463035241142026251,463035268514185226]" # The 3 off-topic channels + URLS_PASTE_URL: https://paste.pythondiscord.com diff --git a/kubernetes/namespaces/bots/bot/deployment.yaml b/kubernetes/namespaces/bots/bot/deployment.yaml new file mode 100644 index 0000000..033c2b9 --- /dev/null +++ b/kubernetes/namespaces/bots/bot/deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bot + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: bot + template: + metadata: + labels: + app: bot + spec: + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true + containers: + - name: bot + image: ghcr.io/python-discord/bot:latest + imagePullPolicy: Always + resources: + requests: + cpu: 750m + memory: 600Mi + limits: + cpu: 1000m + memory: 1400Mi + envFrom: + - secretRef: + name: bot-env + - secretRef: + name: redis-credentials + - configMapRef: + name: bot-config-env + volumeMounts: + - mountPath: /bot/logs + name: logs-vol + - mountPath: /.cache/python-tldextract + name: tldextract-cache + securityContext: + readOnlyRootFilesystem: true + volumes: + - name: logs-vol + emptyDir: {} + - name: tldextract-cache + emptyDir: {} diff --git a/kubernetes/namespaces/bots/bot/secrets.yaml b/kubernetes/namespaces/bots/bot/secrets.yaml new file mode 100644 index 0000000..156c55a Binary files /dev/null and b/kubernetes/namespaces/bots/bot/secrets.yaml differ diff --git a/kubernetes/namespaces/bots/king-arthur/README.md b/kubernetes/namespaces/bots/king-arthur/README.md new file mode 100644 index 0000000..704d45b --- /dev/null +++ b/kubernetes/namespaces/bots/king-arthur/README.md @@ -0,0 +1,12 @@ +# King Arthur + +Deployment file for @King Arthur, our DevOps helper bot. + +## Secrets +This deployment expects a number of secrets and environment variables to exist in a secret called `king-arthur-env`. + +| Environment | Description | +| ---------------------------- | ------------------------------------------------------------------------- | +| KING_ARTHUR_TOKEN | The token to authorize with Discord | +| KING_ARTHUR_NOTION_API_TOKEN | The API token to the notion API | +| KING_ARTHUR_CLOUDFLARE_TOKEN | A token for the Cloudflare API used for the Cloudflare commands in Arthur | diff --git a/kubernetes/namespaces/bots/king-arthur/deployment.yaml b/kubernetes/namespaces/bots/king-arthur/deployment.yaml new file mode 100644 index 0000000..b5250ba --- /dev/null +++ b/kubernetes/namespaces/bots/king-arthur/deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: king-arthur + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: king-arthur + template: + metadata: + labels: + app: king-arthur + spec: + serviceAccountName: king-arthur + containers: + - name: king-arthur + image: ghcr.io/python-discord/king-arthur:latest + imagePullPolicy: Always + resources: + requests: + cpu: 600m + memory: 500Mi + limits: + cpu: 800m + memory: 800Mi + envFrom: + - secretRef: + name: king-arthur-env + securityContext: + readOnlyRootFilesystem: true + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/bots/king-arthur/secrets.yaml b/kubernetes/namespaces/bots/king-arthur/secrets.yaml new file mode 100644 index 0000000..dda3686 Binary files /dev/null and b/kubernetes/namespaces/bots/king-arthur/secrets.yaml differ diff --git a/kubernetes/namespaces/bots/king-arthur/service-account.yaml b/kubernetes/namespaces/bots/king-arthur/service-account.yaml new file mode 100644 index 0000000..c971205 --- /dev/null +++ b/kubernetes/namespaces/bots/king-arthur/service-account.yaml @@ -0,0 +1,28 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: king-arthur +rules: +- apiGroups: ["", "extensions", "apps", "batch", "rbac.authorization.k8s.io", "cert-manager.io"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: king-arthur + namespace: bots +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: king-arthur +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: king-arthur +subjects: + - kind: ServiceAccount + name: king-arthur + namespace: bots diff --git a/kubernetes/namespaces/bots/metricity/README.md b/kubernetes/namespaces/bots/metricity/README.md new file mode 100644 index 0000000..30c8b95 --- /dev/null +++ b/kubernetes/namespaces/bots/metricity/README.md @@ -0,0 +1,13 @@ +# Metricity + +This folder contains the secrets for the metricity service. + +The actual metricity deployment manifest can be found inside the metricity repository at [python-discord/metricity](https://github.com/python-discord/metricity). + +## Secrets +A single secret of name `metricity-env` is used with the following values: + +| Environment | Description | +|--------------|------------------------------------| +| BOT_TOKEN | The Discord bot token to run under | +| DATABASE_URI | Database URI to save the states to | diff --git a/kubernetes/namespaces/bots/metricity/secrets.yaml b/kubernetes/namespaces/bots/metricity/secrets.yaml new file mode 100644 index 0000000..a4a11b5 Binary files /dev/null and b/kubernetes/namespaces/bots/metricity/secrets.yaml differ diff --git a/kubernetes/namespaces/bots/sir-lancebot/README.md b/kubernetes/namespaces/bots/sir-lancebot/README.md new file mode 100644 index 0000000..293a955 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-lancebot/README.md @@ -0,0 +1,29 @@ +## Sir Lancebot +``` +Oh brave Sir Lancebot! + +Whereat he turned and stood with folded arms and numerous antennae, +"Why frown upon a friend? Few live that have too many." +A weary-waiting optical array, now calibrated to a sad wrath. +Hereafter, thus t'was with him that we hath forged our path. +``` + +## Secrets +This deployment expects a number of secrets and environment variables to exist in a secret called `sir-lancebot-env` shown below. The bot also relies on redis credentials being available in a secret named `redis-credentials` + + +| Environment | Description | +|---------------------------|------------------------------------------| +| BOT_SENTRY_DSN | The DSN for the Sentry project. | +| CLIENT_DEBUG | Should the bot start in DEBUG mode? | +| CLIENT_TOKEN | The bot token to run the bot on. | +| LATEX_API_URL | The URl tha the latex API is served from | +| TOKENS_GIPHY | API key for Giphy. | +| TOKENS_GITHUB | GitHub access token, for Hacktoberstats. | +| TOKENS_IGDB_CLIENT_ID | Client ID IGDB - used to find games. | +| TOKENS_IGDB_CLIENT_SECRET | Client secret IGDB - used to find games. | +| TOKENS_NASA | API key for NASA. | +| TOKENS_TMDB | Token for TMBD. Used for scarymovie.py. | +| TOKENS_UNSPLASH | Token for unsplash. | +| TOKENS_YOUTUBE | API key for YouTube. | +| WOLFRAM_KEY | API key for Wolfram Alpha. | diff --git a/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml b/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml new file mode 100644 index 0000000..981107c --- /dev/null +++ b/kubernetes/namespaces/bots/sir-lancebot/deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sir-lancebot + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: sir-lancebot + template: + metadata: + labels: + app: sir-lancebot + spec: + containers: + - name: sir-lancebot + image: ghcr.io/python-discord/sir-lancebot:latest + imagePullPolicy: Always + resources: + requests: + cpu: 400m + memory: 200Mi + limits: + cpu: 500m + memory: 400Mi + envFrom: + - secretRef: + name: sir-lancebot-env + - secretRef: + name: redis-credentials + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - name: lancebot-data-vol + mountPath: /bot/bot/exts/fun/_latex_cache + - name: lancebot-logs-vol + mountPath: /bot/bot/log + volumes: + - name: lancebot-data-vol + emptyDir: {} + - name: lancebot-logs-vol + emptyDir: {} + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml b/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml new file mode 100644 index 0000000..9ba6a98 Binary files /dev/null and b/kubernetes/namespaces/bots/sir-lancebot/secrets.yaml differ diff --git a/kubernetes/namespaces/bots/sir-robin/README.md b/kubernetes/namespaces/bots/sir-robin/README.md new file mode 100644 index 0000000..0521359 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-robin/README.md @@ -0,0 +1,14 @@ +## Sir-Robin +Deployment file for @Sir-Robin, the not-quite-so-bot as Sir Lancebot, is our humble events bot. +He is tasked with dealing with all the things that the event team can throw at it! + +## Secrets +This deployment expects a number of secrets/environment variables to exist in a secret called `sir-robin-env`. The bot also relies on redis credentials being available in a secret named `redis-credentials` + +| Environment | Description | +|---------------------------|------------------------------------------------| +| AOC_RAW_LEADERBOARDS | A list of all AOC leaderboards to use | +| AOC_STAFF_LEADERBOARD_ID | The staff AOC leaderboard. | +| BOT_SENTRY_DSN | The sentry DSN to send warning & error logs to | +| BOT_TOKEN | The bot token to run the bot on. | +| CODE_JAM_API_KEY | The API key to the code jam management system | diff --git a/kubernetes/namespaces/bots/sir-robin/configmap.yaml b/kubernetes/namespaces/bots/sir-robin/configmap.yaml new file mode 100644 index 0000000..33b58a3 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-robin/configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: sir-robin-config-env + namespace: bots +data: + AOC_YEAR: '2023' + BOT_DEBUG: 'False' + CATEGORY_SUMMER_CODE_JAM: '1141401271635554334' diff --git a/kubernetes/namespaces/bots/sir-robin/deployment.yaml b/kubernetes/namespaces/bots/sir-robin/deployment.yaml new file mode 100644 index 0000000..1ffda36 --- /dev/null +++ b/kubernetes/namespaces/bots/sir-robin/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sir-robin + namespace: bots +spec: + replicas: 1 + selector: + matchLabels: + app: sir-robin + template: + metadata: + labels: + app: sir-robin + spec: + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true + containers: + - name: sir-robin + image: ghcr.io/python-discord/sir-robin:latest + imagePullPolicy: Always + resources: + requests: + cpu: 500m + memory: 300Mi + limits: + cpu: 750m + memory: 600Mi + envFrom: + - secretRef: + name: sir-robin-env + - secretRef: + name: redis-credentials + - configMapRef: + name: sir-robin-config-env + securityContext: + readOnlyRootFilesystem: true diff --git a/kubernetes/namespaces/bots/sir-robin/secrets.yaml b/kubernetes/namespaces/bots/sir-robin/secrets.yaml new file mode 100644 index 0000000..ade44c0 Binary files /dev/null and b/kubernetes/namespaces/bots/sir-robin/secrets.yaml differ diff --git a/kubernetes/namespaces/default/black-knight/README.md b/kubernetes/namespaces/default/black-knight/README.md deleted file mode 100644 index d1f8d89..0000000 --- a/kubernetes/namespaces/default/black-knight/README.md +++ /dev/null @@ -1,16 +0,0 @@ -## Black Knight -Deployment file for @Black-Knight, our courageous and ever present anti-raid bot. - -## Secrets -This deployment expects a number of secrets/environment variables to exist in a secret called `black-knight-env`. - -| Environment | Description | -|-----------------------|-------------------------------------------------------------------| -| BOT_TOKEN | The Discord bot token for Black Knight to connect to Discord with | -| DATABASE_URL | A full PostgreSQL connection string to the postgres db | -| BOT_SENTRY_DSN | The DSN to connect send sentry reports to | - -Black knight also requires a redis password, which is pulled from the `redis-credentials` secret. -``` -REDIS_PASSWORD - The password to redis -``` diff --git a/kubernetes/namespaces/default/black-knight/deployment.yaml b/kubernetes/namespaces/default/black-knight/deployment.yaml deleted file mode 100644 index e10e32c..0000000 --- a/kubernetes/namespaces/default/black-knight/deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: black-knight -spec: - replicas: 1 - selector: - matchLabels: - app: black-knight - template: - metadata: - labels: - app: black-knight - spec: - securityContext: - fsGroup: 2000 - runAsUser: 1000 - runAsNonRoot: true - containers: - - name: black-knight - image: ghcr.io/python-discord/black-knight:latest - imagePullPolicy: Always - resources: - requests: - cpu: 500m - memory: 300Mi - limits: - cpu: 750m - memory: 600Mi - envFrom: - - secretRef: - name: black-knight-env - - secretRef: - name: redis-credentials - securityContext: - readOnlyRootFilesystem: true - imagePullSecrets: - - name: ghcr-pull-secret diff --git a/kubernetes/namespaces/default/black-knight/secrets.yaml b/kubernetes/namespaces/default/black-knight/secrets.yaml deleted file mode 100644 index 40909c9..0000000 Binary files a/kubernetes/namespaces/default/black-knight/secrets.yaml and /dev/null differ diff --git a/kubernetes/namespaces/default/bot/README.md b/kubernetes/namespaces/default/bot/README.md deleted file mode 100644 index 565cf70..0000000 --- a/kubernetes/namespaces/default/bot/README.md +++ /dev/null @@ -1,15 +0,0 @@ -## Bot - -Deployment file for @Python, our valiant community bot and workhorse. - -## Secrets -This deployment expects a number of secrets and environment variables to exist in a secret called `bot-env`. - -| Environment | Description | -|-------------------|-------------------------------------------------------------| -| API_KEYS_GITHUB | An API key for Github's API. | -| API_KEYS_SITE_API | The token to access our site's API. | -| BOT_SENTRY_DSN | The sentry DSN to send sentry events to. | -| BOT_TOKEN | The Discord bot token to run the bot on. | -| METABASE_PASSWORD | Password for Metabase | -| METABASE_USERNAME | Username for Metabase | diff --git a/kubernetes/namespaces/default/bot/configmap.yaml b/kubernetes/namespaces/default/bot/configmap.yaml deleted file mode 100644 index f6bf02e..0000000 --- a/kubernetes/namespaces/default/bot/configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: bot-config-env -data: - BOT_TRACE_LOGGERS: bot.utils.scheduling.ModPingsOnOff,bot.exts.moderation.modpings,bot.exts.backend.sync._syncers - DEBUG: 'False' - DUCK_POND_EXTRA_CHANNEL_BLACKLIST: "[291284109232308226,463035241142026251,463035268514185226]" # The 3 off-topic channels - URLS_PASTE_URL: https://paste.pythondiscord.com diff --git a/kubernetes/namespaces/default/bot/deployment.yaml b/kubernetes/namespaces/default/bot/deployment.yaml deleted file mode 100644 index 8f274f7..0000000 --- a/kubernetes/namespaces/default/bot/deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: bot -spec: - replicas: 1 - selector: - matchLabels: - app: bot - template: - metadata: - labels: - app: bot - spec: - securityContext: - fsGroup: 2000 - runAsUser: 1000 - runAsNonRoot: true - containers: - - name: bot - image: ghcr.io/python-discord/bot:latest - imagePullPolicy: Always - resources: - requests: - cpu: 750m - memory: 600Mi - limits: - cpu: 1000m - memory: 1400Mi - envFrom: - - secretRef: - name: bot-env - - secretRef: - name: redis-credentials - - configMapRef: - name: bot-config-env - volumeMounts: - - mountPath: /bot/logs - name: logs-vol - - mountPath: /.cache/python-tldextract - name: tldextract-cache - securityContext: - readOnlyRootFilesystem: true - volumes: - - name: logs-vol - emptyDir: {} - - name: tldextract-cache - emptyDir: {} diff --git a/kubernetes/namespaces/default/bot/secrets.yaml b/kubernetes/namespaces/default/bot/secrets.yaml deleted file mode 100644 index 339d44a..0000000 Binary files a/kubernetes/namespaces/default/bot/secrets.yaml and /dev/null differ diff --git a/kubernetes/namespaces/default/king-arthur/README.md b/kubernetes/namespaces/default/king-arthur/README.md deleted file mode 100644 index 704d45b..0000000 --- a/kubernetes/namespaces/default/king-arthur/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# King Arthur - -Deployment file for @King Arthur, our DevOps helper bot. - -## Secrets -This deployment expects a number of secrets and environment variables to exist in a secret called `king-arthur-env`. - -| Environment | Description | -| ---------------------------- | ------------------------------------------------------------------------- | -| KING_ARTHUR_TOKEN | The token to authorize with Discord | -| KING_ARTHUR_NOTION_API_TOKEN | The API token to the notion API | -| KING_ARTHUR_CLOUDFLARE_TOKEN | A token for the Cloudflare API used for the Cloudflare commands in Arthur | diff --git a/kubernetes/namespaces/default/king-arthur/deployment.yaml b/kubernetes/namespaces/default/king-arthur/deployment.yaml deleted file mode 100644 index c8da1c0..0000000 --- a/kubernetes/namespaces/default/king-arthur/deployment.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: king-arthur -spec: - replicas: 1 - selector: - matchLabels: - app: king-arthur - template: - metadata: - labels: - app: king-arthur - spec: - serviceAccountName: king-arthur - containers: - - name: king-arthur - image: ghcr.io/python-discord/king-arthur:latest - imagePullPolicy: Always - resources: - requests: - cpu: 600m - memory: 500Mi - limits: - cpu: 800m - memory: 800Mi - envFrom: - - secretRef: - name: king-arthur-env - securityContext: - readOnlyRootFilesystem: true - securityContext: - fsGroup: 2000 - runAsUser: 1000 - runAsNonRoot: true diff --git a/kubernetes/namespaces/default/king-arthur/secrets.yaml b/kubernetes/namespaces/default/king-arthur/secrets.yaml deleted file mode 100644 index dc52d2e..0000000 Binary files a/kubernetes/namespaces/default/king-arthur/secrets.yaml and /dev/null differ diff --git a/kubernetes/namespaces/default/king-arthur/service-account.yaml b/kubernetes/namespaces/default/king-arthur/service-account.yaml deleted file mode 100644 index a63a88e..0000000 --- a/kubernetes/namespaces/default/king-arthur/service-account.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: king-arthur -rules: -- apiGroups: ["", "extensions", "apps", "batch", "rbac.authorization.k8s.io", "cert-manager.io"] - resources: ["*"] - verbs: ["*"] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: king-arthur ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: king-arthur -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: king-arthur -subjects: - - kind: ServiceAccount - name: king-arthur - namespace: default diff --git a/kubernetes/namespaces/default/metricity/README.md b/kubernetes/namespaces/default/metricity/README.md deleted file mode 100644 index 30c8b95..0000000 --- a/kubernetes/namespaces/default/metricity/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Metricity - -This folder contains the secrets for the metricity service. - -The actual metricity deployment manifest can be found inside the metricity repository at [python-discord/metricity](https://github.com/python-discord/metricity). - -## Secrets -A single secret of name `metricity-env` is used with the following values: - -| Environment | Description | -|--------------|------------------------------------| -| BOT_TOKEN | The Discord bot token to run under | -| DATABASE_URI | Database URI to save the states to | diff --git a/kubernetes/namespaces/default/metricity/secrets.yaml b/kubernetes/namespaces/default/metricity/secrets.yaml deleted file mode 100644 index 0a217bf..0000000 Binary files a/kubernetes/namespaces/default/metricity/secrets.yaml and /dev/null differ diff --git a/kubernetes/namespaces/default/modmail/README.md b/kubernetes/namespaces/default/modmail/README.md deleted file mode 100644 index b78857b..0000000 --- a/kubernetes/namespaces/default/modmail/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# Modmail - -This folder contains the manifests for our Modmail service. - -## Secrets - -The services require one shared secret called `modmail` containing the following: - -| Key | Value | Description | -| ------------------------| ---------------------------------|--------------------------------------------------------------| -| `CONNECTION_URI` | MongoDB connection URI | Used for storing data | -| `TOKEN` | Discord Token | Used to connect to Discord | diff --git a/kubernetes/namespaces/default/modmail/bot/README.md b/kubernetes/namespaces/default/modmail/bot/README.md deleted file mode 100644 index ac29ac2..0000000 --- a/kubernetes/namespaces/default/modmail/bot/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Modmail bot -These manifests will provision the resources for an instance of our Modmail bot. - -To deploy this bot simply run: -``` -kubectl apply -f deployment.yaml -``` diff --git a/kubernetes/namespaces/default/modmail/bot/deployment.yaml b/kubernetes/namespaces/default/modmail/bot/deployment.yaml deleted file mode 100644 index b54fd2a..0000000 --- a/kubernetes/namespaces/default/modmail/bot/deployment.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: modmail-bot -spec: - replicas: 1 - selector: - matchLabels: - app: modmail-bot - template: - metadata: - labels: - app: modmail-bot - spec: - containers: - - name: modmail-bot - image: ghcr.io/python-discord/modmail:latest - resources: - requests: - cpu: 75m - memory: 500Mi - limits: - cpu: 125m - memory: 750Mi - imagePullPolicy: "Always" - volumeMounts: - - mountPath: /modmailbot/plugins - name: plugins-vol - - mountPath: /modmailbot/temp - name: temp-vol - env: - - name: TMPDIR - value: /modmailbot/temp - envFrom: - - secretRef: - name: modmail - - configMapRef: - name: modmail-config-env - securityContext: - readOnlyRootFilesystem: true - volumes: - - name: plugins-vol - emptyDir: {} - - name: temp-vol - emptyDir: - medium: Memory - securityContext: - fsGroup: 2000 - runAsUser: 1000 - runAsNonRoot: true diff --git a/kubernetes/namespaces/default/modmail/configmap.yaml b/kubernetes/namespaces/default/modmail/configmap.yaml deleted file mode 100644 index 30e417a..0000000 --- a/kubernetes/namespaces/default/modmail/configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: modmail-config-env -data: - DATABASE_TYPE: 'mongodb' # The type of database to use, only supports mongodb right now - DATA_COLLECTION: 'false' # Disable bot metadata collection by modmail devs - DISABLE_AUTOUPDATES: 'yes' - GUILD_ID: '267624335836053506' - LOG_URL: https://modmail.pythondiscord.com/ - OWNERS: 165023948638126080,95872159741644800,336843820513755157 - REGISTRY_PLUGINS_ONLY: 'false' # Allow the usage of plugins outside of the official registry diff --git a/kubernetes/namespaces/default/modmail/secrets.yaml b/kubernetes/namespaces/default/modmail/secrets.yaml deleted file mode 100644 index 5fda68c..0000000 Binary files a/kubernetes/namespaces/default/modmail/secrets.yaml and /dev/null differ diff --git a/kubernetes/namespaces/default/modmail/web/README.md b/kubernetes/namespaces/default/modmail/web/README.md deleted file mode 100644 index 7b7e19e..0000000 --- a/kubernetes/namespaces/default/modmail/web/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# Modmail web -These manifests provision an instance of the web logviewer for our Modmail system. diff --git a/kubernetes/namespaces/default/modmail/web/deployment.yaml b/kubernetes/namespaces/default/modmail/web/deployment.yaml deleted file mode 100644 index 74ae535..0000000 --- a/kubernetes/namespaces/default/modmail/web/deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: modmail-web -spec: - replicas: 1 - selector: - matchLabels: - app: modmail-web - template: - metadata: - labels: - app: modmail-web - spec: - containers: - - name: modmail-web - image: ghcr.io/python-discord/logviewer:latest - imagePullPolicy: Always - resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 100m - memory: 150Mi - ports: - - containerPort: 8000 - envFrom: - - secretRef: - name: modmail - - configMapRef: - name: modmail-config-env - securityContext: - readOnlyRootFilesystem: true - securityContext: - fsGroup: 2000 - runAsUser: 1000 - runAsNonRoot: true diff --git a/kubernetes/namespaces/default/modmail/web/ingress.yaml b/kubernetes/namespaces/default/modmail/web/ingress.yaml deleted file mode 100644 index a5990cf..0000000 --- a/kubernetes/namespaces/default/modmail/web/ingress.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" - nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" - nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" - name: modmail-web -spec: - tls: - - hosts: - - "*.pythondiscord.com" - secretName: pythondiscord.com-tls - rules: - - host: modmail.pythondiscord.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: modmail-web - port: - number: 80 diff --git a/kubernetes/namespaces/default/modmail/web/service.yaml b/kubernetes/namespaces/default/modmail/web/service.yaml deleted file mode 100644 index 384e638..0000000 --- a/kubernetes/namespaces/default/modmail/web/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: modmail-web -spec: - selector: - app: modmail-web - ports: - - protocol: TCP - port: 80 - targetPort: 8000 diff --git a/kubernetes/namespaces/default/redis/secrets.yaml b/kubernetes/namespaces/default/redis/secrets.yaml index 29e4c15..8e29358 100644 Binary files a/kubernetes/namespaces/default/redis/secrets.yaml and b/kubernetes/namespaces/default/redis/secrets.yaml differ diff --git a/kubernetes/namespaces/default/sir-lancebot/README.md b/kubernetes/namespaces/default/sir-lancebot/README.md deleted file mode 100644 index 293a955..0000000 --- a/kubernetes/namespaces/default/sir-lancebot/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## Sir Lancebot -``` -Oh brave Sir Lancebot! - -Whereat he turned and stood with folded arms and numerous antennae, -"Why frown upon a friend? Few live that have too many." -A weary-waiting optical array, now calibrated to a sad wrath. -Hereafter, thus t'was with him that we hath forged our path. -``` - -## Secrets -This deployment expects a number of secrets and environment variables to exist in a secret called `sir-lancebot-env` shown below. The bot also relies on redis credentials being available in a secret named `redis-credentials` - - -| Environment | Description | -|---------------------------|------------------------------------------| -| BOT_SENTRY_DSN | The DSN for the Sentry project. | -| CLIENT_DEBUG | Should the bot start in DEBUG mode? | -| CLIENT_TOKEN | The bot token to run the bot on. | -| LATEX_API_URL | The URl tha the latex API is served from | -| TOKENS_GIPHY | API key for Giphy. | -| TOKENS_GITHUB | GitHub access token, for Hacktoberstats. | -| TOKENS_IGDB_CLIENT_ID | Client ID IGDB - used to find games. | -| TOKENS_IGDB_CLIENT_SECRET | Client secret IGDB - used to find games. | -| TOKENS_NASA | API key for NASA. | -| TOKENS_TMDB | Token for TMBD. Used for scarymovie.py. | -| TOKENS_UNSPLASH | Token for unsplash. | -| TOKENS_YOUTUBE | API key for YouTube. | -| WOLFRAM_KEY | API key for Wolfram Alpha. | diff --git a/kubernetes/namespaces/default/sir-lancebot/deployment.yaml b/kubernetes/namespaces/default/sir-lancebot/deployment.yaml deleted file mode 100644 index fdba4a6..0000000 --- a/kubernetes/namespaces/default/sir-lancebot/deployment.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: sir-lancebot -spec: - replicas: 1 - selector: - matchLabels: - app: sir-lancebot - template: - metadata: - labels: - app: sir-lancebot - spec: - containers: - - name: sir-lancebot - image: ghcr.io/python-discord/sir-lancebot:latest - imagePullPolicy: Always - resources: - requests: - cpu: 400m - memory: 200Mi - limits: - cpu: 500m - memory: 400Mi - envFrom: - - secretRef: - name: sir-lancebot-env - - secretRef: - name: redis-credentials - securityContext: - readOnlyRootFilesystem: true - volumeMounts: - - name: lancebot-data-vol - mountPath: /bot/bot/exts/fun/_latex_cache - - name: lancebot-logs-vol - mountPath: /bot/bot/log - volumes: - - name: lancebot-data-vol - emptyDir: {} - - name: lancebot-logs-vol - emptyDir: {} - securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsNonRoot: true diff --git a/kubernetes/namespaces/default/sir-lancebot/secrets.yaml b/kubernetes/namespaces/default/sir-lancebot/secrets.yaml deleted file mode 100644 index f6b0591..0000000 Binary files a/kubernetes/namespaces/default/sir-lancebot/secrets.yaml and /dev/null differ diff --git a/kubernetes/namespaces/default/sir-robin/README.md b/kubernetes/namespaces/default/sir-robin/README.md deleted file mode 100644 index 0521359..0000000 --- a/kubernetes/namespaces/default/sir-robin/README.md +++ /dev/null @@ -1,14 +0,0 @@ -## Sir-Robin -Deployment file for @Sir-Robin, the not-quite-so-bot as Sir Lancebot, is our humble events bot. -He is tasked with dealing with all the things that the event team can throw at it! - -## Secrets -This deployment expects a number of secrets/environment variables to exist in a secret called `sir-robin-env`. The bot also relies on redis credentials being available in a secret named `redis-credentials` - -| Environment | Description | -|---------------------------|------------------------------------------------| -| AOC_RAW_LEADERBOARDS | A list of all AOC leaderboards to use | -| AOC_STAFF_LEADERBOARD_ID | The staff AOC leaderboard. | -| BOT_SENTRY_DSN | The sentry DSN to send warning & error logs to | -| BOT_TOKEN | The bot token to run the bot on. | -| CODE_JAM_API_KEY | The API key to the code jam management system | diff --git a/kubernetes/namespaces/default/sir-robin/configmap.yaml b/kubernetes/namespaces/default/sir-robin/configmap.yaml deleted file mode 100644 index ec13a93..0000000 --- a/kubernetes/namespaces/default/sir-robin/configmap.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: sir-robin-config-env -data: - AOC_YEAR: '2023' - BOT_DEBUG: 'False' - CATEGORY_SUMMER_CODE_JAM: '1141401271635554334' diff --git a/kubernetes/namespaces/default/sir-robin/deployment.yaml b/kubernetes/namespaces/default/sir-robin/deployment.yaml deleted file mode 100644 index 9fbf0a1..0000000 --- a/kubernetes/namespaces/default/sir-robin/deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: sir-robin -spec: - replicas: 1 - selector: - matchLabels: - app: sir-robin - template: - metadata: - labels: - app: sir-robin - spec: - securityContext: - fsGroup: 2000 - runAsUser: 1000 - runAsNonRoot: true - containers: - - name: sir-robin - image: ghcr.io/python-discord/sir-robin:latest - imagePullPolicy: Always - resources: - requests: - cpu: 500m - memory: 300Mi - limits: - cpu: 750m - memory: 600Mi - envFrom: - - secretRef: - name: sir-robin-env - - secretRef: - name: redis-credentials - - configMapRef: - name: sir-robin-config-env - securityContext: - readOnlyRootFilesystem: true diff --git a/kubernetes/namespaces/default/sir-robin/secrets.yaml b/kubernetes/namespaces/default/sir-robin/secrets.yaml deleted file mode 100644 index 158ff5d..0000000 Binary files a/kubernetes/namespaces/default/sir-robin/secrets.yaml and /dev/null differ diff --git a/kubernetes/namespaces/modmail/README.md b/kubernetes/namespaces/modmail/README.md new file mode 100644 index 0000000..b78857b --- /dev/null +++ b/kubernetes/namespaces/modmail/README.md @@ -0,0 +1,12 @@ +# Modmail + +This folder contains the manifests for our Modmail service. + +## Secrets + +The services require one shared secret called `modmail` containing the following: + +| Key | Value | Description | +| ------------------------| ---------------------------------|--------------------------------------------------------------| +| `CONNECTION_URI` | MongoDB connection URI | Used for storing data | +| `TOKEN` | Discord Token | Used to connect to Discord | diff --git a/kubernetes/namespaces/modmail/bot/README.md b/kubernetes/namespaces/modmail/bot/README.md new file mode 100644 index 0000000..ac29ac2 --- /dev/null +++ b/kubernetes/namespaces/modmail/bot/README.md @@ -0,0 +1,7 @@ +# Modmail bot +These manifests will provision the resources for an instance of our Modmail bot. + +To deploy this bot simply run: +``` +kubectl apply -f deployment.yaml +``` diff --git a/kubernetes/namespaces/modmail/bot/deployment.yaml b/kubernetes/namespaces/modmail/bot/deployment.yaml new file mode 100644 index 0000000..6084927 --- /dev/null +++ b/kubernetes/namespaces/modmail/bot/deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: modmail-bot + namespace: modmail +spec: + replicas: 1 + selector: + matchLabels: + app: modmail-bot + template: + metadata: + labels: + app: modmail-bot + spec: + containers: + - name: modmail-bot + image: ghcr.io/python-discord/modmail:latest + resources: + requests: + cpu: 75m + memory: 500Mi + limits: + cpu: 125m + memory: 750Mi + imagePullPolicy: "Always" + volumeMounts: + - mountPath: /modmailbot/plugins + name: plugins-vol + - mountPath: /modmailbot/temp + name: temp-vol + env: + - name: TMPDIR + value: /modmailbot/temp + envFrom: + - secretRef: + name: modmail + - configMapRef: + name: modmail-config-env + securityContext: + readOnlyRootFilesystem: true + volumes: + - name: plugins-vol + emptyDir: {} + - name: temp-vol + emptyDir: + medium: Memory + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/modmail/configmap.yaml b/kubernetes/namespaces/modmail/configmap.yaml new file mode 100644 index 0000000..9117464 --- /dev/null +++ b/kubernetes/namespaces/modmail/configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: modmail-config-env + namespace: modmail +data: + DATABASE_TYPE: 'mongodb' # The type of database to use, only supports mongodb right now + DATA_COLLECTION: 'false' # Disable bot metadata collection by modmail devs + DISABLE_AUTOUPDATES: 'yes' + GUILD_ID: '267624335836053506' + LOG_URL: https://modmail.pythondiscord.com/ + OWNERS: 165023948638126080,95872159741644800,336843820513755157 + REGISTRY_PLUGINS_ONLY: 'false' # Allow the usage of plugins outside of the official registry diff --git a/kubernetes/namespaces/modmail/secrets.yaml b/kubernetes/namespaces/modmail/secrets.yaml new file mode 100644 index 0000000..c376565 Binary files /dev/null and b/kubernetes/namespaces/modmail/secrets.yaml differ diff --git a/kubernetes/namespaces/modmail/web/README.md b/kubernetes/namespaces/modmail/web/README.md new file mode 100644 index 0000000..7b7e19e --- /dev/null +++ b/kubernetes/namespaces/modmail/web/README.md @@ -0,0 +1,2 @@ +# Modmail web +These manifests provision an instance of the web logviewer for our Modmail system. diff --git a/kubernetes/namespaces/modmail/web/deployment.yaml b/kubernetes/namespaces/modmail/web/deployment.yaml new file mode 100644 index 0000000..877e945 --- /dev/null +++ b/kubernetes/namespaces/modmail/web/deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: modmail-web + namespace: modmail +spec: + replicas: 1 + selector: + matchLabels: + app: modmail-web + template: + metadata: + labels: + app: modmail-web + spec: + containers: + - name: modmail-web + image: ghcr.io/python-discord/logviewer:latest + imagePullPolicy: Always + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 150Mi + ports: + - containerPort: 8000 + envFrom: + - secretRef: + name: modmail + - configMapRef: + name: modmail-config-env + securityContext: + readOnlyRootFilesystem: true + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/modmail/web/ingress.yaml b/kubernetes/namespaces/modmail/web/ingress.yaml new file mode 100644 index 0000000..b610b09 --- /dev/null +++ b/kubernetes/namespaces/modmail/web/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + name: modmail-web + namespace: modmail +spec: + tls: + - hosts: + - "*.pythondiscord.com" + secretName: pythondiscord.com-tls + rules: + - host: modmail.pythondiscord.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: modmail-web + port: + number: 80 diff --git a/kubernetes/namespaces/modmail/web/service.yaml b/kubernetes/namespaces/modmail/web/service.yaml new file mode 100644 index 0000000..2ea2e7d --- /dev/null +++ b/kubernetes/namespaces/modmail/web/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: modmail-web + namespace: modmail +spec: + selector: + app: modmail-web + ports: + - protocol: TCP + port: 80 + targetPort: 8000 -- cgit v1.2.3