diff --git a/k8s/README.md b/k8s/README.md index 8233d6d8a..cbe43ae1b 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -68,5 +68,4 @@ Kubernetes クラスタに適用される Manifest 群です。 - \*-oauth2-proxy: 各サービスに OIDC 認証を提供するプロキシ - machine-status-api: 物理マシンや VM の起動を管理する API - proxmox-webui, proxmox-backup-webui: Proxmox WebUI へのリバースプロキシ -- sweets-rebellion: KMC のゲーム、スイーツリベリオンの WebGL Build - wakatime-to-slack-profile: WakaTime のデータを Slack の Status に反映する diff --git a/k8s/apps/sweets-rebellion-oauth2-proxy/externalsecret.yaml b/k8s/apps/sweets-rebellion-oauth2-proxy/externalsecret.yaml deleted file mode 100644 index bf2afe788..000000000 --- a/k8s/apps/sweets-rebellion-oauth2-proxy/externalsecret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: sweets-rebellion-oauth2-proxy -spec: - secretStoreRef: - name: vault-secretstore - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: sweets-rebellion-oauth2-proxy - data: - - secretKey: client-id - remoteRef: - key: sweets-rebellion-oauth2-proxy - property: client-id - - secretKey: client-secret - remoteRef: - key: sweets-rebellion-oauth2-proxy - property: client-secret - - secretKey: cookie-secret - remoteRef: - key: sweets-rebellion-oauth2-proxy - property: cookie-secret - - secretKey: redis-password - remoteRef: - key: redis - property: password diff --git a/k8s/apps/sweets-rebellion-oauth2-proxy/helm.yaml b/k8s/apps/sweets-rebellion-oauth2-proxy/helm.yaml deleted file mode 100644 index e6566800f..000000000 --- a/k8s/apps/sweets-rebellion-oauth2-proxy/helm.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: sweets-rebellion-oauth2-proxy -spec: - url: https://oauth2-proxy.github.io/manifests ---- -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: sweets-rebellion-oauth2-proxy -spec: - chart: - spec: - chart: oauth2-proxy - version: 7.7.9 - values: - config: - existingSecret: sweets-rebellion-oauth2-proxy - configFile: |- - email_domains = [ "*" ] - upstreams = [ "http://sweets-rebellion.sweets-rebellion.svc.cluster.local/" ] - pass_access_token = true - user_id_claim = "sub" - oidc_groups_claim="my:zitadel:grants" - allowed_groups = ["237477822715658605:sweets-rebellion"] - - extraArgs: - provider: oidc - redirect-url: https://sweets-rebellion.walnuts.dev/oauth2/callback - oidc-issuer-url: https://auth.walnuts.dev - skip-provider-button: true - - ingress: - enabled: true - className: nginx - path: / - # Only used if API capabilities (networking.k8s.io/v1) allow it - pathType: Prefix - # Used to create an Ingress record. - hosts: - - "sweets-rebellion.walnuts.dev" - - # Configure the session storage type, between cookie and redis - sessionStorage: - # Can be one of the supported session storage cookie|redis - type: redis - redis: - # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`) - existingSecret: "sweets-rebellion-oauth2-proxy" - # Key of the Kubernetes secret data containing the redis password value - passwordKey: "redis-password" - # Can be one of standalone|cluster|sentinel - clientType: "sentinel" - sentinel: - existingSecret: "sweets-rebellion-oauth2-proxy" - passwordKey: "redis-password" - # Redis sentinel master name - masterName: "mymaster" - # List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) - connectionUrls: "redis://redis.databases.svc.cluster.local:6379,redis://redis.databases.svc.cluster.local:26379" - - # Enables and configure the automatic deployment of the redis subchart - redis: - # provision an instance of the redis sub-chart - enabled: false - # Redis specific helm chart settings, please see: - # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters - # redisPort: 6379 - #cluster: - #enabled: false - #slaveCount: 1 - image: - tag: 7.0.9-debian-11-r6 - replica: - replicaCount: 1 - - metrics: - enabled: true diff --git a/k8s/apps/sweets-rebellion-oauth2-proxy/kustomization.yaml b/k8s/apps/sweets-rebellion-oauth2-proxy/kustomization.yaml deleted file mode 100644 index e8fe8512e..000000000 --- a/k8s/apps/sweets-rebellion-oauth2-proxy/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sweets-rebellion -resources: -- externalsecret.yaml -- helm.yaml -components: -- ../../components/helm diff --git a/k8s/apps/sweets-rebellion/configmap.yaml b/k8s/apps/sweets-rebellion/configmap.yaml deleted file mode 100644 index f2c91b57d..000000000 --- a/k8s/apps/sweets-rebellion/configmap.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf -data: - default.conf: | - server { - listen 80; - listen [::]:80; - server_name localhost; - - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - location ~ .+\.(data|symbols\.json)\.br$ { - root /usr/share/nginx/html; - # Because this file is already pre-compressed on disk, disable the on-demand compression on it. - # Otherwise nginx would attempt double compression. - gzip off; - add_header Content-Encoding br; - default_type application/octet-stream; - } - - # On-disk Brotli-precompressed JavaScript code files: - location ~ .+\.js\.br$ { - root /usr/share/nginx/html; - gzip off; # Do not attempt dynamic gzip compression on an already compressed file - add_header Content-Encoding br; - default_type application/javascript; - } - - # On-disk Brotli-precompressed WebAssembly files: - location ~ .+\.wasm\.br$ { - root /usr/share/nginx/html; - gzip off; # Do not attempt dynamic gzip compression on an already compressed file - add_header Content-Encoding br; - # Enable streaming WebAssembly compilation by specifying the correct MIME type for - # Wasm files. - default_type application/wasm; - } - - # On-disk gzip-precompressed data files should be served with compression enabled: - location ~ .+\.(data|symbols\.json)\.gz$ { - root /usr/share/nginx/html; - gzip off; # Do not attempt dynamic gzip compression on an already compressed file - add_header Content-Encoding gzip; - default_type application/gzip; - } - - # On-disk gzip-precompressed JavaScript code files: - location ~ .+\.js\.gz$ { - root /usr/share/nginx/html; - gzip off; # Do not attempt dynamic gzip compression on an already compressed file - add_header Content-Encoding gzip; # The correct MIME type here would be application/octet-stream, but due to Safari bug https://bugs.webkit.org/show_bug.cgi?id=247421, it's preferable to use MIME Type application/gzip instead. - default_type application/javascript; - } - - # On-disk gzip-precompressed WebAssembly files: - location ~ .+\.wasm\.gz$ { - root /usr/share/nginx/html; - gzip off; # Do not attempt dynamic gzip compression on an already compressed file - add_header Content-Encoding gzip; - # Enable streaming WebAssembly compilation by specifying the correct MIME type for - # Wasm files. - default_type application/wasm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} - } diff --git a/k8s/apps/sweets-rebellion/deployment.yaml b/k8s/apps/sweets-rebellion/deployment.yaml deleted file mode 100644 index 28bcd382e..000000000 --- a/k8s/apps/sweets-rebellion/deployment.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: sweets-rebellion -spec: - selector: - matchLabels: - app: sweets-rebellion - strategy: - type: Recreate - template: - metadata: - labels: - app: sweets-rebellion - spec: - containers: - - image: ghcr.io/kmc-jp/stgproject2022:abc6abe92f09ce9eb6f30f20422fa4c70ecb8292-30 # {"$imagepolicy": "sweets-rebellion:sweets-rebellion"} - imagePullPolicy: IfNotPresent - name: sweets-rebellion - ports: - - containerPort: 80 - name: http - volumeMounts: - - mountPath: /etc/nginx/conf.d - readOnly: true - name: nginx-conf - - mountPath: /var/log/nginx - name: log - resources: - limits: {} - requests: - memory: 10Mi - imagePullSecrets: - - name: ghcr-login-secret - volumes: - - name: nginx-conf - configMap: - name: nginx-conf - items: - - key: default.conf - path: default.conf - - name: log - emptyDir: {} - priorityClassName: low diff --git a/k8s/apps/sweets-rebellion/externalsecret.yaml b/k8s/apps/sweets-rebellion/externalsecret.yaml deleted file mode 100644 index 8932888f7..000000000 --- a/k8s/apps/sweets-rebellion/externalsecret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: ghcr-login-secret -spec: - secretStoreRef: - name: vault-secretstore - kind: ClusterSecretStore - refreshInterval: 1m - target: - name: ghcr-login-secret - data: - - secretKey: .dockerconfigjson - remoteRef: - key: github - property: .dockerconfigjson diff --git a/k8s/apps/sweets-rebellion/image-policy.yaml b/k8s/apps/sweets-rebellion/image-policy.yaml deleted file mode 100644 index 55b4b37a9..000000000 --- a/k8s/apps/sweets-rebellion/image-policy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageUpdateAutomation -metadata: - name: sweets-rebellion -spec: - git: - checkout: - ref: - branch: main - commit: - author: - email: fluxcdbot@users.noreply.github.com - name: fluxcdbot - messageTemplate: "{{range .Updated.Images}}{{println .}}{{end}}" - push: - branch: fluxcd/sweets-rebellion - interval: 1m0s - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - update: - path: ./k8s/apps/sweets-rebellion - strategy: Setters ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImageRepository -metadata: - name: sweets-rebellion -spec: - image: ghcr.io/kmc-jp/stgproject2022 - interval: 2m0s - secretRef: - name: ghcr-login-secret ---- -apiVersion: image.toolkit.fluxcd.io/v1beta2 -kind: ImagePolicy -metadata: - name: sweets-rebellion -spec: - imageRepositoryRef: - name: sweets-rebellion - filterTags: - ## use "pattern: '[a-f0-9]+-(?P[0-9]+)'" if you copied the workflow example using github.run_number - pattern: "[a-f0-9]+-(?P[0-9]+)" - extract: "$ts" - policy: - numerical: - order: asc diff --git a/k8s/apps/sweets-rebellion/kustomization.yaml b/k8s/apps/sweets-rebellion/kustomization.yaml deleted file mode 100644 index 76e7aa2cc..000000000 --- a/k8s/apps/sweets-rebellion/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: sweets-rebellion -resources: -- deployment.yaml -- service.yaml -- configmap.yaml -- externalsecret.yaml -- image-policy.yaml diff --git a/k8s/apps/sweets-rebellion/service.yaml b/k8s/apps/sweets-rebellion/service.yaml deleted file mode 100644 index e788c9356..000000000 --- a/k8s/apps/sweets-rebellion/service.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: sweets-rebellion -spec: - ports: - - port: 80 - selector: - app: sweets-rebellion - type: ClusterIP diff --git a/k8s/init/readme.md b/k8s/init/readme.md index 50cadcd91..01f616576 100644 --- a/k8s/init/readme.md +++ b/k8s/init/readme.md @@ -382,7 +382,7 @@ kubectl apply -f - -n kube-system ## labels ```bash -kubectl label nodes cheese walnuts.dev/ondemand=true +kubectl label nodes peach walnuts.dev/ondemand=true ``` ## Vault diff --git a/k8s/namespaces/namespaces.yaml b/k8s/namespaces/namespaces.yaml index 2c17d4b4f..a2b4ed678 100644 --- a/k8s/namespaces/namespaces.yaml +++ b/k8s/namespaces/namespaces.yaml @@ -40,11 +40,6 @@ metadata: --- apiVersion: v1 kind: Namespace -metadata: - name: sweets-rebellion ---- -apiVersion: v1 -kind: Namespace metadata: name: databases ---