Merge branch 'feat/passbolt-prod' into 'master'

Feat/passbolt prod

See merge request devops/k8s-deployments!52

02_hetzner/00_infra/mariadb/deployment.yaml

@@ -0,0 +1,89 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mariadb-deployment
+  namespace: infra-environment
+  labels:
+    app: mariadb-infra
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mariadb-infra
+  template:
+    metadata:
+      labels:
+        app: mariadb-infra
+    spec:
+      containers:
+        - name: mariadb
+          image: mariadb:10.7.1
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 3306
+          envFrom:
+            - configMapRef:
+                name: mariadb-config
+          volumeMounts:
+            - mountPath: /var/lib/mysql
+              name: mariadb-pv-infra
+              subPath: mariadb
+      volumes:
+        - name: mariadb-pv-infra
+          persistentVolumeClaim:
+            claimName: mariadb-pvc-infra
+---
+# Persistent Volume Claim description
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mariadb-pvc-infra
+  namespace: infra-environment
+  labels:
+    app: mariadb-infra
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+# ConfigMap description
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mariadb-config
+  namespace: infra-environment
+  labels:
+    app: mariadb-infra
+data:
+  MYSQL_ROOT_PASSWORD: a+p($y=6Q]^)UVVHa-
+  MYSQL_DATABASE: mariadb
+  MYSQL_USER: mysqluser
+  MYSQL_PASSWORD: Vy4U]C?tZFR~\a^gQN
+---
+# mariadb StatefulSet Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb-infra
+  namespace: infra-environment
+spec:
+  selector:
+    app: mariadb-infra
+  type: LoadBalancer
+  ports:
+    - port: 3306
+      targetPort: 3306
+
+---

02_hetzner/00_infra/phpmyadmin/deployment.yaml

@@ -0,0 +1,74 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phpmyadmin-deployment
+  namespace: infra-environment
+  labels:
+    app: phpmyadmin-infra
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phpmyadmin-infra
+  template:
+    metadata:
+      labels:
+        app: phpmyadmin-infra
+    spec:
+      containers:
+        - name: phpmyadmin
+          image: phpmyadmin/phpmyadmin
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 80
+              name: phpmyadmin-http
+              protocol: TCP
+          env:
+            - name: PMA_HOST
+              value: "mariadb-infra"
+---
+# phpmyadmin Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: phpmyadmin
+  namespace: infra-environment
+spec:
+  selector:
+    app: phpmyadmin-infra
+  ports:
+    - name: phpmyadmin-http
+      port: 80
+      targetPort: phpmyadmin-http
+  type: NodePort
+---
+
+# Ingress description
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: phpmyadmin-infra-ingress
+  namespace: infra-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: phpmyadmin.k8s.semprod.local
+    http:
+      paths:
+      - backend:
+          service:
+            name: phpmyadmin
+            port:
+              number: 80
+        path: /
+        pathType: ImplementationSpecific

02_hetzner/01_prod/passbolt/deployment.yaml

@@ -0,0 +1,106 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: passbolt-deployment
+  namespace: prod-environment
+  labels:
+    app: passbolt-infra
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: passbolt-infra
+  template:
+    metadata:
+      labels:
+        app: passbolt-infra
+    spec:
+      containers:
+        - name: passbolt
+          image: passbolt/passbolt:3.5.0-ce
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 80
+              name: passbolt-http
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: passbolt-config-infra
+---
+# passbolt ConfigMap
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: prod-environment
+  name: passbolt-config-infra
+  labels:
+    app: passbolt-infra
+data:
+  DATASOURCES_DEFAULT_HOST: mariadb-infra.infra-environment
+  DATASOURCES_DEFAULT_PASSWORD: vQRn7hvuQAUMHWp72MTXst 
+  DATASOURCES_DEFAULT_USERNAME: passbolt-prod
+  DATASOURCES_DEFAULT_DATABASE: passbolt-prod
+  APP_FULL_BASE_URL: https://donotforget.semapp.de
+  ## Email config
+  EMAIL_DEFAULT_FROM: support@semantic-applications.de
+  EMAIL_TRANSPORT_DEFAULT_HOST: smtp.strato.de
+  EMAIL_TRANSPORT_DEFAULT_PORT: "587"
+  EMAIL_TRANSPORT_DEFAULT_USERNAME: support@semantic-applications.de
+  EMAIL_TRANSPORT_DEFAULT_PASSWORD: "uN1zPIqN9@br"
+  EMAIL_TRANSPORT_DEFAULT_TLS: "true"
+
+---
+# passbolt Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: passbolt
+  namespace: prod-environment
+spec:
+  selector:
+    app: passbolt-infra
+  ports:
+    - name: passbolt-http
+      port: 80
+      targetPort: passbolt-http
+  type: NodePort
+---
+# Ingress description
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: passbolt-infra-ingress
+  namespace: prod-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: passbolt.k8s.semprod.local
+    http:
+      paths:
+      - backend:
+          service:
+            name: passbolt
+            port:
+              number: 80
+        path: /
+        pathType: ImplementationSpecific
+  - host: donotforget.semapp.de
+    http:
+      paths:
+      - backend:
+          service:
+            name: passbolt
+            port:
+              number: 80
+        path: /
+        pathType: ImplementationSpecific