diff --git a/values/argo/manifests/sys-project.yaml b/values/argo/manifests/sys-project.yaml index 2ddc66cb..02e25bfe 100644 --- a/values/argo/manifests/sys-project.yaml +++ b/values/argo/manifests/sys-project.yaml @@ -72,6 +72,8 @@ spec: server: https://kubernetes.default.svc - namespace: headscale server: https://kubernetes.default.svc + - namespace: drupal + server: https://kubernetes.default.svc - namespace: otel server: https://kubernetes.default.svc - namespace: opentelemetry diff --git a/values/drupal/env-hel1.yaml.gotmpl b/values/drupal/env-hel1.yaml.gotmpl new file mode 100644 index 00000000..b2612b7f --- /dev/null +++ b/values/drupal/env-hel1.yaml.gotmpl @@ -0,0 +1,2 @@ +drupal: + enabled: true diff --git a/values/drupal/env.yaml.gotmpl b/values/drupal/env.yaml.gotmpl new file mode 100644 index 00000000..53943a14 --- /dev/null +++ b/values/drupal/env.yaml.gotmpl @@ -0,0 +1,3 @@ +drupal: + enabled: false + autosync: false diff --git a/values/drupal/manifests/allow-external-services.yaml b/values/drupal/manifests/allow-external-services.yaml new file mode 100644 index 00000000..3fce8a2b --- /dev/null +++ b/values/drupal/manifests/allow-external-services.yaml @@ -0,0 +1,15 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-external-services + namespace: drupal +spec: + egress: + - toFQDNs: + - matchPattern: 'cache.nixos.org' + - matchPattern: 'nix-community.cachix.org' + endpointSelector: + matchLabels: + app: drupal +{{- end}} diff --git a/values/drupal/manifests/cluster.yaml b/values/drupal/manifests/cluster.yaml new file mode 100644 index 00000000..e0e4aa43 --- /dev/null +++ b/values/drupal/manifests/cluster.yaml @@ -0,0 +1,11 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: drupal-db +spec: + instances: 1 + primaryUpdateStrategy: unsupervised + storage: + size: 2Gi + monitoring: + enablePodMonitor: true diff --git a/values/drupal/manifests/drupal.yaml b/values/drupal/manifests/drupal.yaml new file mode 100644 index 00000000..c3156c35 --- /dev/null +++ b/values/drupal/manifests/drupal.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: drupal + namespace: argocd +spec: + destination: + namespace: drupal + server: 'https://kubernetes.default.svc' + sources: + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: HEAD + path: values/drupal/manifests + project: sys + syncPolicy: + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true + automated: + prune: true + # selfHeal: false diff --git a/values/drupal/manifests/raw.yaml b/values/drupal/manifests/raw.yaml new file mode 100644 index 00000000..2c585848 --- /dev/null +++ b/values/drupal/manifests/raw.yaml @@ -0,0 +1,111 @@ +apiVersion: v1 +kind: Service +metadata: + name: drupal + labels: + app: drupal +spec: + ports: + - port: 80 + name: http + targetPort: http + selector: + app: drupal +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: drupal + labels: + app: drupal +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: drupal + labels: + app: drupal +spec: + selector: + matchLabels: + app: drupal + strategy: + type: Recreate + template: + metadata: + labels: + app: drupal + spec: + initContainers: + - name: init-sites-volume + image: drupal + command: ["/bin/bash", "-c"] + args: + [ + "cp -r /var/www/html/sites/ /data/; chown www-data:www-data /data/ -R", + ] + volumeMounts: + - mountPath: /data + name: drupal + containers: + - image: drupal:11.1.9-php8.4-fpm-alpine3.22 + name: drupal + ports: + - containerPort: 80 + name: http + protocol: TCP + volumeMounts: + - mountPath: /var/www/html/modules + name: drupal + subPath: modules + - mountPath: /var/www/html/profiles + name: drupal + subPath: profiles + - mountPath: /var/www/html/sites + name: drupal + subPath: sites + - mountPath: /var/www/html/themes + name: drupal + subPath: themes + volumes: + - name: drupal + persistentVolumeClaim: + claimName: drupal +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + labels: + app.kubernetes.io/component: drupal + name: drupal + namespace: drupal +spec: + ingressClassName: nginx + rules: + - host: drupal.beta.oceanbox.io + http: + paths: + - backend: + service: + name: drupal + port: + name: http + path: / + pathType: Prefix + tls: + - hosts: + - drupal.srv.oceanbox.io + secretName: drupal.srv.oceanbox.io-tls diff --git a/values/drupal/values/drupal.yaml.gotmpl b/values/drupal/values/drupal.yaml.gotmpl new file mode 100644 index 00000000..29d8c902 --- /dev/null +++ b/values/drupal/values/drupal.yaml.gotmpl @@ -0,0 +1,35 @@ +# Default values for Example Single Node. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +drupal: + persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + ## Drupal data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + annotations: {} + accessMode: ReadWriteOnce + size: 2Gi + +varnish: + enabled: false + +redis: + enabled: false + +mysql: + enabled: false + +proxysql: + enabled: false