diff --git a/kubernetes/main/apps/communications/kustomization.yaml b/kubernetes/main/apps/communications/kustomization.yaml index cb71f9b..b3fb76c 100644 --- a/kubernetes/main/apps/communications/kustomization.yaml +++ b/kubernetes/main/apps/communications/kustomization.yaml @@ -5,4 +5,4 @@ kind: Kustomization resources: - ./namespace.yaml #- ./apprise/ks.yaml - #- ./thelounge/ks.yaml + - ./thelounge/ks.yaml diff --git a/kubernetes/main/apps/communications/thelounge/app/helmrelease.yaml b/kubernetes/main/apps/communications/thelounge/app/helmrelease.yaml index a23a14a..87770b7 100644 --- a/kubernetes/main/apps/communications/thelounge/app/helmrelease.yaml +++ b/kubernetes/main/apps/communications/thelounge/app/helmrelease.yaml @@ -70,4 +70,9 @@ spec: port: 9000 persistence: config: - existingClaim: *app + storageClass: cluster-nvme + accessMode: ReadWriteOnce + size: 256Mi + retain: true + globalMounts: + - path: /config diff --git a/kubernetes/main/apps/data-science/kustomization.yaml b/kubernetes/main/apps/data-science/kustomization.yaml new file mode 100644 index 0000000..0ad54c9 --- /dev/null +++ b/kubernetes/main/apps/data-science/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + #- ./superset/ks.yaml diff --git a/kubernetes/main/apps/data-science/namespace.yaml b/kubernetes/main/apps/data-science/namespace.yaml new file mode 100644 index 0000000..b743196 --- /dev/null +++ b/kubernetes/main/apps/data-science/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: data-science + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/main/apps/data-science/superset/app/helmrelease.yaml b/kubernetes/main/apps/data-science/superset/app/helmrelease.yaml new file mode 100644 index 0000000..5bcdc7c --- /dev/null +++ b/kubernetes/main/apps/data-science/superset/app/helmrelease.yaml @@ -0,0 +1,51 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: &app superset +spec: + interval: 30m + chart: + spec: + chart: *app + version: 0.12.6 + sourceRef: + kind: HelmRepository + name: *app + namespace: flux-system + values: + deploymentAnnotations: + reloader.stakater.com/auto: "true" + + ingress: + enabled: true + ingressClassName: traefik + annotations: + gethomepage.dev/enabled: "true" + gethomepage.dev/name: Apache Superset + gethomepage.dev/group: Services + gethomepage.dev/icon: superset + hosts: + - &host "superset.${SECRET_INTERNAL_DOMAIN}" + tls: + - secretName: superset-tls + hosts: + - *host + + postgresql: + enabled: false + + redis: + enabled: false + + envFromSecret: superset-secret + supersetNode: + connections: + redis_host: dragonfly.database.svc.cluster.local + redis_port: "6379" + db_host: postgres-1-rw.database.svc.cluster.local + db_port: "5432" + db_user: superset + db_pass: "${SECRET_POSTGRES_PASSWORD}" + db_name: superset diff --git a/kubernetes/main/apps/data-science/superset/app/kustomization.yaml b/kubernetes/main/apps/data-science/superset/app/kustomization.yaml new file mode 100644 index 0000000..95bf474 --- /dev/null +++ b/kubernetes/main/apps/data-science/superset/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/main/apps/data-science/superset/app/secret.sops.yaml b/kubernetes/main/apps/data-science/superset/app/secret.sops.yaml new file mode 100644 index 0000000..46ae367 --- /dev/null +++ b/kubernetes/main/apps/data-science/superset/app/secret.sops.yaml @@ -0,0 +1,33 @@ +# yamllint disable +kind: Secret +apiVersion: v1 +type: Opaque +metadata: + name: superset-secret +stringData: + SUPERSET_SECRET: ENC[AES256_GCM,data:8axejEwSNutDAzYKqtd9UCsTQr5LTSJLQXp9CcUJFqZX3gyoUijgnxANBc1Nn4YhSA==,iv:88TZthTQKmA3tuvO7YUtYhFQhleGRpDzkUjXnDsbpl4=,tag:eLoU7Hs9pbpqPTg4u4nbLg==,type:str] + SECRET_POSTGRES_PASSWORD: ENC[AES256_GCM,data:3xpCaXrdZTUs0Wua2m1YlLdwjSVE2A37kQ0+F5PfQlY=,iv:omYdjQDE0GwoDT/KHkw/1bCe1D4JKNtVEiFlUVePrgI=,tag:02wodg1BfUCMk2SR9png0g==,type:str] + DB_HOST: ENC[AES256_GCM,data:6qB9lsUcbOPlGyTZODEGb2CSUjxdZFIvtn/uAGtkSgR9BWUkpZz1ig==,iv:yFK6z6WayTc/MFEyM+us/eWoLokyQy99gEDlUZWq1NA=,tag:w4x60YQ5yvbPreIqYXMfZg==,type:str] + DB_PORT: ENC[AES256_GCM,data:1z95Zg==,iv:wIh0MLtojnya25D4EdMp2NBF8pPRVgKA1E2pCwMTJM0=,tag:kxqx1nYyBbNiveGtg4jaLw==,type:int] + REDIS_HOST: ENC[AES256_GCM,data:/LdjkUT4C/TzJV9nTzga5QfnNDqcJAME5tTSD7BO4sn56fe9,iv:6l2vJAuv99uwmm6R90phIZbWY+nXRfCPAwrx1XFesjE=,tag:+K4rMoLgfcsRlfuF761Brg==,type:str] + REDIS_PORT: ENC[AES256_GCM,data:zR7Nig==,iv:B3GyoJZqRAGYZ99RPTXC4LJzwwRlLdNlbXJoOMz6G/8=,tag:uiWlBN1kK+RDZueAaVK9tg==,type:int] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPNDJROVpsQmlTaktvbjJY + bzZYZXowMzJqdmZZbzRHR2VTSXJtZG1MTlZnCjQ0MVdnSXgzZEVPUm1TNEdsb1RV + NTBhWjlYK0dDQVExRHBPcmw5OEdKK2cKLS0tIGR4Q3RhZ1M5SU9kODZydHpUL0Ri + akU2b2tOZjFHQjA3SFJweHU4eU9iNjAKUZ1x/7GNPNqk3Fp6dOReQ9E/Wnq0R6Pw + oxekWYUJNTtW/i9DWkURx0t/OJLi5gjJtU/f12Uil+NtigNlrFuWJg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-13T19:37:03Z" + mac: ENC[AES256_GCM,data:imOAqIagwTagQnH6+WJQNrpupP7bGlFjW7/EOwD3YLE3J3V3PvagsiI3S2LPskteeXNtmWUVrEZO9nG642DeAUR25hPuPQmp6Abs1a7IvQSM5zWOoVleZz2jQfRH2MRfx/9949Qt70L1QtCJ+DvQsILKJYhmhCIczxuS7PTh8qg=,iv:jFWyFNe51guwtP6PAIyckwSrTG5j8VP16e0yiwAjdm4=,tag:VC64CcbqQn4/QY+wuVIb3g==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.3 diff --git a/kubernetes/main/apps/data-science/superset/ks.yaml b/kubernetes/main/apps/data-science/superset/ks.yaml new file mode 100644 index 0000000..9337b11 --- /dev/null +++ b/kubernetes/main/apps/data-science/superset/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app superset + namespace: flux-system +spec: + targetNamespace: data-science + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/main/apps/data-science/superset/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/main/flux/repositories/helm/kustomization.yaml b/kubernetes/main/flux/repositories/helm/kustomization.yaml index 011bbe7..c916bac 100644 --- a/kubernetes/main/flux/repositories/helm/kustomization.yaml +++ b/kubernetes/main/flux/repositories/helm/kustomization.yaml @@ -24,6 +24,7 @@ resources: - ./postfinance.yaml - ./prometheus-community.yaml - ./rook-ceph.yaml + - ./superset.yaml - ./spegel.yaml - ./stakater.yaml - ./teleport.yaml diff --git a/kubernetes/main/flux/repositories/helm/superset.yaml b/kubernetes/main/flux/repositories/helm/superset.yaml new file mode 100644 index 0000000..e9ebbb3 --- /dev/null +++ b/kubernetes/main/flux/repositories/helm/superset.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/helmrepository_v1.json +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: superset + namespace: flux-system +spec: + interval: 1h + url: https://apache.github.io/superset