From f898e53f600a7eeb7bf0bb016473211c778f934d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=98eho=C5=99?= Date: Sun, 12 May 2024 23:22:12 +0200 Subject: [PATCH] feat: add sandbox --- .../sandbox/code-server/app/helmrelease.yaml | 96 +++++++++++++++++++ .../code-server/app/kustomization.yaml | 6 ++ .../main/apps/sandbox/code-server/ks.yaml | 33 +++++++ .../main/apps/sandbox/kustomization.yaml | 6 ++ kubernetes/main/apps/sandbox/namespace.yaml | 9 ++ 5 files changed, 150 insertions(+) create mode 100644 kubernetes/main/apps/sandbox/code-server/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/sandbox/code-server/app/kustomization.yaml create mode 100644 kubernetes/main/apps/sandbox/code-server/ks.yaml create mode 100644 kubernetes/main/apps/sandbox/kustomization.yaml create mode 100644 kubernetes/main/apps/sandbox/namespace.yaml diff --git a/kubernetes/main/apps/sandbox/code-server/app/helmrelease.yaml b/kubernetes/main/apps/sandbox/code-server/app/helmrelease.yaml new file mode 100644 index 00000000..246a9943 --- /dev/null +++ b/kubernetes/main/apps/sandbox/code-server/app/helmrelease.yaml @@ -0,0 +1,96 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: &app sandbox-code-server +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.1.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + controllers: + code-server: + type: deployment + pod: + annotations: + k8s.v1.cni.cncf.io/networks: | + [{ + "name":"multus-iot", + "namespace": "kube-system", + "ips": ["192.168.101.253/24"] + }] + securityContext: + runAsUser: ${APP_UID:-568} + runAsGroup: ${APP_GID:-568} + fsGroup: ${APP_GID:-568} + containers: + app: + image: + repository: docker.io/codercom/code-server + tag: 4.89.0 + args: [ + "--auth", "none", + "--user-data-dir", "/sandbox/.vscode", + "--extensions-dir", "/sandbox/.vscode", + "--port", "80", + "/sandbox" + ] + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - >- + apt update; + apt install --yes dnsutils; + apt install --yes iproute2; + apt install --yes inetutils-ping; + apt install --yes inetutils-telnet; + apt install --yes inetutils-traceroute; + apt install --yes net-tools; + resources: + requests: + cpu: 10m + limits: + memory: 512Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: FallbackToLogsOnError + service: + app: + controller: code-server + ports: + http: + port: 80 + ingress: + app: + className: internal + hosts: + - host: &host "sandbox.${SECRET_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + persistence: + sandbox: + existingClaim: *app + tmp: + type: emptyDir diff --git a/kubernetes/main/apps/sandbox/code-server/app/kustomization.yaml b/kubernetes/main/apps/sandbox/code-server/app/kustomization.yaml new file mode 100644 index 00000000..077527c8 --- /dev/null +++ b/kubernetes/main/apps/sandbox/code-server/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml + - ../../../../templates/volsync diff --git a/kubernetes/main/apps/sandbox/code-server/ks.yaml b/kubernetes/main/apps/sandbox/code-server/ks.yaml new file mode 100644 index 00000000..4e1d791d --- /dev/null +++ b/kubernetes/main/apps/sandbox/code-server/ks.yaml @@ -0,0 +1,33 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app sandbox-code-server + namespace: flux-system +spec: + targetNamespace: sandbox + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: multus + - name: volsync + path: ./kubernetes/main/apps/sandbox/code-server/app + prune: true + sourceRef: + kind: GitRepository + name: home-ops + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m + # Expand the variables in the templates included in app/kustomization.yaml + postBuild: + substitute: + APP: *app + APP_UID: "0" + APP_GID: "0" + VOLSYNC_ACCESSMODES: ReadWriteOnce + VOLSYNC_CAPACITY: 1Gi + diff --git a/kubernetes/main/apps/sandbox/kustomization.yaml b/kubernetes/main/apps/sandbox/kustomization.yaml new file mode 100644 index 00000000..2168c55c --- /dev/null +++ b/kubernetes/main/apps/sandbox/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + - ./code-server/ks.yaml diff --git a/kubernetes/main/apps/sandbox/namespace.yaml b/kubernetes/main/apps/sandbox/namespace.yaml new file mode 100644 index 00000000..119a4bfa --- /dev/null +++ b/kubernetes/main/apps/sandbox/namespace.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: sandbox + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + annotations: + volsync.backube/privileged-movers: "true"