From be0b06d19c70b41ad4ffd0b891f5b0ae96b91823 Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Fri, 24 May 2024 17:59:30 -0400 Subject: [PATCH] feat: add mealie, add execPostgres go-task --- Taskfile.yaml | 7 +- cluster/apps/default/kustomization.yaml | 1 + .../apps/default/mealie/env-secret.sops.yaml | 71 +++++++++++++++ cluster/apps/default/mealie/helm-release.yaml | 89 +++++++++++++++++++ .../apps/default/mealie/kustomization.yaml | 5 ++ cluster/secrets/cluster-settings.yaml | 3 +- 6 files changed, 174 insertions(+), 2 deletions(-) create mode 100644 cluster/apps/default/mealie/env-secret.sops.yaml create mode 100644 cluster/apps/default/mealie/helm-release.yaml create mode 100644 cluster/apps/default/mealie/kustomization.yaml diff --git a/Taskfile.yaml b/Taskfile.yaml index 5550014..1fd5a55 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -6,4 +6,9 @@ vars: CLUSTER_DIR: "{{.ROOT_DIR}}/cluster" includes: - flux: .taskfiles/Flux/Taskfile.yaml \ No newline at end of file + flux: .taskfiles/Flux/Taskfile.yaml + +tasks: + execPostgres: + desc: Exec into the postgres pod as the postgres user + cmd: kubectl -n database exec -it postgresql-0 -- psql -d postgres -U postgres \ No newline at end of file diff --git a/cluster/apps/default/kustomization.yaml b/cluster/apps/default/kustomization.yaml index 1baa876..036956b 100644 --- a/cluster/apps/default/kustomization.yaml +++ b/cluster/apps/default/kustomization.yaml @@ -6,5 +6,6 @@ resources: #- ./gitea #- ./dendron - ./trilium +- ./mealie #- ./whoami #- ./msrewards \ No newline at end of file diff --git a/cluster/apps/default/mealie/env-secret.sops.yaml b/cluster/apps/default/mealie/env-secret.sops.yaml new file mode 100644 index 0000000..0cad6a0 --- /dev/null +++ b/cluster/apps/default/mealie/env-secret.sops.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mealie-env + namespace: default +stringData: + POSTGRES_PASSWORD: ENC[AES256_GCM,data:6SsTUHnrE+Kabmq8MIr+8NM5j8qGa4+6h2ajMhXyoSw=,iv:+yHSWqcPkp7sasfMvPJc0egKxI96ntNmRfjzeDWXWJg=,tag:mXtYwWhwASx0/s0Zu9/4cQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-05-24T21:58:23Z" + mac: ENC[AES256_GCM,data:akLXgyEWtiTLPCaeYhyxKE1IxJED6HL7eCW0qFZht0VamMGG+ebKsx8tD6vevb5VnYnOxbncBzW8/Or4nekwCZIXLA2aCsFa265E814yLCoFglPAaCmX1A1YOa6TNwVOAcpfCgO2QiOMI8+/P+xVJdSP6eMCCiNpBsTNA//CZQA=,iv:dobLzZMg5Tua3apU27ujRbfWxK6cMe+d3RmB5RepYuM=,tag:51YTlfsZSNs7VBYbTM7NWg==,type:str] + pgp: + - created_at: "2024-05-24T21:58:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAyqlIeyoxYovARAAmsgHmD0qb6M8jYXz8x1SsFHucxyWRsMVNPG57l/EDF8x + I9dw2Hbu0LOf+4btrrNXW0KR0FP/sE8UziqHhMmnxpvI6J4ijLZWIS04GLskhPCP + wPI61ur+OAR7GvwMMOL/+XMPQdZ2vRwARR51TdLKnfAew0ynF2JO5eYOhK9Qfdik + P4nkqGUCVGFj5iVtZ4HAwMcjHxV1cMrElTm2E9QNVwWQ+i4N4lvYu4D6Gjgnds1m + z2xbochEwBtmTe4ZEHQUzZlg96MNr091pcOL9xTKkdjRq9kpvsEq8G/LaT2sdntA + Af4hcrVL2dszNCFXwqDu99ilI4EYQvX9hckg2LW0wZAfzt2E61ciy8nyljKuhs0L + J61mH5TT/6TnvcsN6f78pPTrx4ylyivvoA+vrprIdotWFdHIpjtcRPzWagbKm8t4 + 30Ee3v+PwiciZYoO8fpHv8H/JYhWuEi+48erFbIzefioCOlOZb3tPCNdeJtALdMr + pCKCEtkWRJWzd8YYSvrYbmoAe9Sin3X/KnGPkITkpSbvMdK5IgaGTf5QtwbBqROV + HHn/ggGLPwdvUrhNjWjt33tdGgwgMeyO1bh6uQWwnHWFQ7V9AC4nxFIjyda56mtY + mwiXTe/7VtGyk+9Ltj66pNtD62WWO2xjwxcjgSohLO90s4Y//j6DPz51z3zKWp+F + AgwDXjg0p2IN1X8BEADTV07SxwRN8EzSx7YflSCogZBEZaH+h/U9Urp4aV64g0X9 + 6nIRtkiQXlcIXMxmMNRaabOQReiMFspM4gsr0boq6P/l0sCz+Z4wE7uASqh9fkt7 + vN8ninoSLjtG5Ttt3ezRS6uItol6vFi/l0GEDfzqB0JtzXfwUGPhjmDCBgRRK8c0 + BpmMTYemusFnYH21LkjRXpz+PjzvzNaEtinxk1ZIAfVyCZsIZwBqilMCAlSaX9Ne + FJIQH8mgk5PyXvuAeBJ7EmqDtEbrJ/uAQ2QhR8gKDe/1t4p3aghAoDRC9qLHct/e + ti7a61Ytm9VFBOQ02yJfz55Zv+/QnFKAcidLWc0NokXlBhT3m9Z2JzM/RhhScReR + 3qI2JW3PWYgZf5egfMCcFUdWLDNlr1yxFVNAIv3tIvDu2HunMx6tTc5pU/ByMQCE + IbbWDSPn5TL6c+YznE2DztFONyM/03oZnIC4bsckS6X8DPLJHM5i0LRfbg1uTFW9 + ceUMAEMM+Da2hQBnT6saIlW+VFZY7Gak7v+Iv318YJo85POs9LBcVzDPIf8NZ7qC + c6RJ+YOL6dkvrupMOuxYFkAoyZbQ7OvgxgTB9rFj6a3fnTFfJaCotkOkI3E0f3gn + 0t/oJBZkCXzMgMRknv3o11DU06bkIbpam74mr2zvQKidRBE6Ms4Qjcb/naER7tRm + AQkCEK+bjwRWoyZwxsX+1+6Kip332A/9+bO4cM6J1EuVYSnbXbN344kKbJey6CCp + nf3PdJxhfibou4KbdllK02gomox5nyOD0ktL0CFAg2QHomeJ4FohMBU8O885v/WU + vcJ020xD + =OKQG + -----END PGP MESSAGE----- + fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD + - created_at: "2024-05-24T21:58:23Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAy5t8IMoPu4VAQ//SWXcuv6gAI50NYTpP1Qy1mrOXplMzKo+bFbhjUN110FG + tv3V8c5BFqmtBZOh81GHchrwtLL04FkJ8TYkClqkmRcGw4fiQWwvzAh+Ne2Hb6EW + bmV5EG4ipE0ALcfH4E7G8JLX3kN/EoW6Q61UWBPI1y6U+t5ywBzYq+KA8f217aMp + 4y/PKAVFHfq/41LkKxDUP5P52+kW1xlq3gGcgcfAXrXQ/17GCfFSZ1hdoodGpAvA + 5tN/m3oKmNWeXWX8jamruFB1o8Dsp52TtgaXhDdyhdeSd2x8nTCSwypSw4lMPexS + 90K45amgzCENBmEJgu/S38q3I/lqh5nvK2Qzr7kLAAzDg33DILmU01Xg5nRJzg4B + T0tn0pwcgvUKf/RLpxuWuPawXF19l15EWYkjTqgDtajH1Si+9/EBdxQpUpr2nIBa + VTE/4V3brJeoRVgxgoSAes5Z4ou6XokyRobdwxvVhfA4E30pZofng50+o49ok7NN + bLlC+BmknpQOgp0q3mybUs3DFSI+7+ptbTUg8v9mU7onCHnykxVcrzW8hAYzIpTs + CroRwR3w0S2p99R3rJ22F7WkTRKoAMEvxNoeXJs28SugEQLDFHlgBeY0a+a4r/GK + ELv8HwyG6MpFiW2kCb1IzdO+I4v9KrtFn5zWpzxDyYxacCnG6xD9blsBHy+MqR3U + ZgEJAhBAE2WUjAExcVUh8t+Pg93SueopD7VzMcTauFzRDIfSfLmTr3v/7e384ZYX + J36xJHFaITDLg1Er+K1d8DA7dtl0Dr+9LuO9ADALWtWbodLtyw1UcmWCS3gJ/GYp + FyuaEkah5g== + =3Knf + -----END PGP MESSAGE----- + fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/cluster/apps/default/mealie/helm-release.yaml b/cluster/apps/default/mealie/helm-release.yaml new file mode 100644 index 0000000..89d6e1b --- /dev/null +++ b/cluster/apps/default/mealie/helm-release.yaml @@ -0,0 +1,89 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: mealie + namespace: default +spec: + interval: 5m + chart: + spec: + chart: app-template + version: 3.1.0 + sourceRef: + kind: HelmRepository + name: bjws-charts + namespace: flux-system + + values: + controllers: + main: +# pod: +# securityContext: +# runAsNonRoot: true +# runAsUser: 10000 +# runAsGroup: 10000 +# fsGroup: 10000 +# fsGroupChangePolicy: OnRootMismatch + + containers: + main: + image: + repository: ghcr.io/mealie-recipes/mealie + tag: v1.7.0 + + env: + ALLOW_SIGNUP: true + PUID: 10000 + PGID: 10000 + TZ: ${SERVER_TIMEZONE} + MAX_WORKERS: 1 + WEB_CONCURRENCY: 1 + BASE_URL: &host meals.${SECRET_NEW_DOMAIN} + + # database + DB_ENGINE: postgres + POSTGRES_USER: mealie + # specified in mealie-env + # POSTGRES_PASSWORD + POSTGRES_SERVER: postgresql.database + POSTGRES_PORT: 5432 + POSTGRES_DB: mealie + + envFrom: + - secretRef: + name: mealie-env + + resources: + limits: + memory: 1Gi + + service: + app: + controller: main + + ports: + http: + port: 9000 + + ingress: + main: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd + + hosts: + - host: *host + paths: + - path: / + service: + identifier: app + port: http + + persistence: + data: + type: hostPath + hostPath: /mnt/MainPool/Kubernetes/Mealie + globalMounts: + - path: /app/data diff --git a/cluster/apps/default/mealie/kustomization.yaml b/cluster/apps/default/mealie/kustomization.yaml new file mode 100644 index 0000000..8eb891c --- /dev/null +++ b/cluster/apps/default/mealie/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./env-secret.sops.yaml +- ./helm-release.yaml \ No newline at end of file diff --git a/cluster/secrets/cluster-settings.yaml b/cluster/secrets/cluster-settings.yaml index 933518d..e6c5294 100644 --- a/cluster/secrets/cluster-settings.yaml +++ b/cluster/secrets/cluster-settings.yaml @@ -6,4 +6,5 @@ metadata: namespace: flux-system data: # MetalLB - METALLB_LB_RANGE: 192.168.87.10-192.168.87.28 \ No newline at end of file + METALLB_LB_RANGE: 192.168.87.10-192.168.87.28 + SERVER_TIMEZONE: America/New_York \ No newline at end of file