Merge branch 'master' into 'feat/rm-prod'

# Conflicts:
#   01_onsite/02_qa/trialytix/deployment.yaml
#   02_hetzner/01_prod/baseline/deployment.yaml

01_onsite/00_infra/mariadb/deployment.yaml

@@ -0,0 +1,89 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mariadb-deployment
+  namespace: infra-environment
+  labels:
+    app: mariadb-infra
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mariadb-infra
+  template:
+    metadata:
+      labels:
+        app: mariadb-infra
+    spec:
+      containers:
+        - name: mariadb
+          image: mariadb:10.7.1
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 3306
+          envFrom:
+            - configMapRef:
+                name: mariadb-config
+          volumeMounts:
+            - mountPath: /var/lib/mysql
+              name: mariadb-pv-infra
+              subPath: mariadb
+      volumes:
+        - name: mariadb-pv-infra
+          persistentVolumeClaim:
+            claimName: mariadb-pvc-infra
+---
+# Persistent Volume Claim description
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mariadb-pvc-infra
+  namespace: infra-environment
+  labels:
+    app: mariadb-infra
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+# ConfigMap description
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mariadb-config
+  namespace: infra-environment
+  labels:
+    app: mariadb-infra
+data:
+  MYSQL_ROOT_PASSWORD: Semapp123456!
+  MYSQL_DATABASE: mariadb
+  MYSQL_USER: mysqluser
+  MYSQL_PASSWORD: Semapp123456!
+---
+# mariadb StatefulSet Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb-infra
+  namespace: infra-environment
+spec:
+  selector:
+    app: mariadb-infra
+  type: LoadBalancer
+  ports:
+    - port: 3306
+      targetPort: 3306
+
+---

01_onsite/00_infra/passbolt/deployment.yaml

@@ -0,0 +1,93 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: passbolt-deployment
+  namespace: infra-environment
+  labels:
+    app: passbolt-infra
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: passbolt-infra
+  template:
+    metadata:
+      labels:
+        app: passbolt-infra
+    spec:
+      containers:
+        - name: passbolt
+          image: passbolt/passbolt:3.3.1
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 8080
+              name: passbolt-http
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: passbolt-config-infra
+---
+# passbolt ConfigMap
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: infra-environment
+  name: passbolt-config-infra
+  labels:
+    app: passbolt-infra
+data:
+  DATASOURCES_DEFAULT_HOST: mariadb-infra
+  DATASOURCES_DEFAULT_PASSWORD: passbolt 
+  DATASOURCES_DEFAULT_USERNAME: passbolt
+  DATASOURCES_DEFAULT_DATABASE: passbolt
+  APP_FULL_BASE_URL: http://passbolt.k3s.semapp.lan
+  ## Email config
+  EMAIL_DEFAULT_FROM: support@semantic-applications.de
+  EMAIL_TRANSPORT_DEFAULT_HOST: smtp.strato.de
+  EMAIL_TRANSPORT_DEFAULT_PORT: "587"
+  EMAIL_TRANSPORT_DEFAULT_USERNAME: support@semantic-applications.de
+  EMAIL_TRANSPORT_DEFAULT_PASSWORD: "uN1zPIqN9@br"
+  EMAIL_TRANSPORT_DEFAULT_TLS: "true"
+
+---
+# passbolt Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: passbolt
+  namespace: infra-environment
+spec:
+  selector:
+    app: passbolt-infra
+  ports:
+    - name: passbolt-http
+      port: 8080
+      targetPort: passbolt-http
+  type: NodePort
+---
+# Ingress description
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: passbolt-infra-ingress
+  namespace: infra-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: passbolt.k3s.semapp.lan
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: passbolt
+          servicePort: 8080

01_onsite/00_infra/phpmyadmin/deployment.yaml

@@ -0,0 +1,71 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phpmyadmin-deployment
+  namespace: infra-environment
+  labels:
+    app: phpmyadmin-infra
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phpmyadmin-infra
+  template:
+    metadata:
+      labels:
+        app: phpmyadmin-infra
+    spec:
+      containers:
+        - name: phpmyadmin
+          image: phpmyadmin/phpmyadmin
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 80
+              name: phpmyadmin-http
+              protocol: TCP
+          env:
+            - name: PMA_HOST
+              value: "mariadb-infra"
+---
+# phpmyadmin Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: phpmyadmin
+  namespace: infra-environment
+spec:
+  selector:
+    app: phpmyadmin-infra
+  ports:
+    - name: phpmyadmin-http
+      port: 80
+      targetPort: phpmyadmin-http
+  type: NodePort
+---
+
+# Ingress description
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: phpmyadmin-infra-ingress
+  namespace: infra-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: phpmyadmin.k3s.semapp.lan
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: phpmyadmin
+          servicePort: 80

01_onsite/00_infra/texservice/deployment.yaml

@@ -66,3 +66,11 @@ spec:
         backend:
           serviceName: texservice
           servicePort: 5010
+  rules:
+  - host: texservice.semapp.lan
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: texservice
+          servicePort: 5010

01_onsite/01_dev/passbolt/deployment.yaml

@@ -0,0 +1,85 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: passbolt-deployment
+  namespace: dev-environment
+  labels:
+    app: passbolt-dev
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: passbolt-dev
+  template:
+    metadata:
+      labels:
+        app: passbolt-dev
+    spec:
+      containers:
+        - name: passbolt
+          image: passbolt/passbolt:3.3.1
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 8080
+              name: passbolt-http
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: passbolt-dev-config-dev
+---
+# passbolt ConfigMap
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: dev-environment
+  name: passbolt-dev-config-dev
+  labels:
+    app: efc-dev
+data:
+  DATASOURCES_DEFAULT_HOST: mariadb-lb 
+  DATASOURCES_DEFAULT_PASSWORD: passbolt 
+  DATASOURCES_DEFAULT_USERNAME: passbolt
+  DATASOURCES_DEFAULT_DATABASE: passbolt
+  APP_FULL_BASE_URL: http://passbolt-dev.k3s.semapp.lan
+---
+# passbolt Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: passbolt
+  namespace: dev-environment
+spec:
+  selector:
+    app: passbolt-dev
+  ports:
+    - name: passbolt-http
+      port: 8080
+      targetPort: passbolt-http
+  type: NodePort
+---
+# Ingress description
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: passbolt-dev-ingress
+  namespace: dev-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: passbolt-dev.k3s.semapp.lan
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: passbolt
+          servicePort: 8080

01_onsite/01_dev/semapp-wagtail/deployment.yaml

@@ -0,0 +1,115 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: semapp-deployment
+  namespace: dev-environment
+  labels:
+    app: semapp-dev
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: semapp-dev
+  template:
+    metadata:
+      labels:
+        app: semapp-dev
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+      containers:
+        - name: semapp
+          image: packages.semapp.lan:5000/semapp-wagtail:V0.0.1
+          imagePullPolicy: Always
+          resources:
+            requests:
+              memory: "128Mi"
+              cpu: "100m"
+            limits:
+              memory: "256Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 8000
+              name: semapp-http
+              protocol: TCP
+          envFrom:
+          - configMapRef:
+              name: semapp-dev-config-dev
+          volumeMounts:
+            - mountPath: /app/media/
+              name: semapp-pv-dev
+      volumes:
+        - name: semapp-pv-dev
+          persistentVolumeClaim:
+            claimName: semapp-pvc-dev
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: dev-environment
+  name: semapp-dev-config-dev
+  labels:
+    app: semapp-dev
+data:
+  DJANGO_DB_ENGINE: "django.db.backends.postgresql_psycopg2"
+  DJANGO_DB_NAME: "semapp-wagtail"
+  DJANGO_DB_USER: "semapp-wagtail"
+  DJANGO_DB_PASSWORD: "semapp-wagtail"
+  DJANGO_DB_HOST: "postgres-lb"
+  DJANGO_DB_PORT: "5432"
+
+---
+# Persistent Volume Claim description
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: semapp-pvc-dev
+  namespace: dev-environment
+  labels:
+    app: semapp-dev
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+# semapp Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: semapp
+  namespace: dev-environment
+spec:
+  selector:
+    app: semapp-dev
+  ports:
+    - name: semapp-http
+      port: 8000
+      targetPort: semapp-http
+  type: NodePort
+---
+
+# Ingress description
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: semapp-dev-ingress
+  namespace: dev-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: semapp-dev.k3s.semapp.lan
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: semapp
+          servicePort: 8000

01_onsite/01_dev/shubbkoarnsru/deployment.yaml

@@ -24,7 +24,7 @@ spec:
         fsGroup: 1000
       containers:
         - name: schubbkoarnsru
-          image: packages.semapp.lan:5000/schubbkoarnsru:v0.0.10
+          image: packages.semapp.lan:5000/schubbkoarnsru:v1.0.0RC1
           imagePullPolicy: Always
           resources:
             requests:

01_onsite/02_qa/rm/deployment.yaml

@@ -106,7 +106,7 @@ data:
     auto_from = support@semantic-applications.de
 
     [tex]
-    host = texservice.k3s.semapp.lan
+    host = texservice.semapp.lan
     delete_after_render = False
 
     [media-storage]

01_onsite/02_qa/trialytix/deployment.yaml

@@ -18,7 +18,7 @@ spec:
       containers:
       # Backend container
       - name: trialytix-backend
-        image: packages.semapp.lan:5000/trialytix_backend:1.5.2-rc1
+        image: packages.semapp.lan:5000/trialytix_backend:develop
 
         resources:
           requests:
@@ -37,7 +37,7 @@ spec:
         imagePullPolicy: Always
       # Frontend container
       - name: trialytix-frontend
-        image: packages.semapp.lan:5000/trialytix_frontend:1.5.2-rc1
+        image: packages.semapp.lan:5000/trialytix_frontend:develop
 
         resources:
           requests:

02_hetzner/01_prod/baseline/deployment.yaml

@@ -45,7 +45,7 @@ spec:
             - name: KEYCLOAK_TOKEN_VALIDITY
               value: "600"
             - name: KEYCLOAK_URL
-              value: "http://keycloak.semapp.lan/auth/"
+              value: "http://keycloak.semprod.local/auth/"
           imagePullPolicy: Always
 
         - name: baseline-backend
@@ -106,9 +106,9 @@ data:
 
   THROTTLE_MAX_ATTEMPTS: "80" 
 
-  KEYCLOAK_URL: "http://keycloak.semapp.lan"
+  KEYCLOAK_URL: "http://keycloak.semprod.local"
   KEYCLOAK_PORT: "80"
-  KEYCLOAK_REALM: "baseline_prod"
+  KEYCLOAK_REALM: "baseline_production"
 
   REDIRECT_URL: "http://baseline.k8s.semprod.local/"
 

02_hetzner/01_prod/shubbkoarnsru/deployment.yaml

@@ -0,0 +1,122 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: skr-deployment
+  namespace: prod-environment
+  labels:
+    app: skr-prod
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: skr-prod
+  template:
+    metadata:
+      labels:
+        app: skr-prod
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+      containers:
+        - name: schubbkoarnsru
+          image: packages.semapp.lan:5000/schubbkoarnsru:v1.0.0RC1
+          imagePullPolicy: Always
+          resources:
+            requests:
+              memory: "128Mi"
+              cpu: "100m"
+            limits:
+              memory: "256Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 8000
+              name: skr-http
+              protocol: TCP
+          envFrom:
+          - configMapRef:
+              name: skr-prod-config-prod
+          volumeMounts:
+            - mountPath: /app/media/
+              name: skr-pv-prod
+      volumes:
+        - name: skr-pv-prod
+          persistentVolumeClaim:
+            claimName: skr-pvc-prod
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: prod-environment
+  name: skr-prod-config-prod
+  labels:
+    app: skr-prod
+data:
+  DJANGO_DB_ENGINE: "django.db.backends.postgresql_psycopg2"
+  DJANGO_DB_NAME: "schubbkoarnsruh"
+  DJANGO_DB_USER: "schubbkoarnsruh"
+  DJANGO_DB_PASSWORD: "rHeVZxhSBc6UPsnF"
+  DJANGO_DB_HOST: "psql.semprod.local"
+  DJANGO_DB_PORT: "5432"
+
+---
+# Persistent Volume Claim description
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: skr-pvc-prod
+  namespace: prod-environment
+  labels:
+    app: skr-prod
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+---
+# schubbkoarnsru Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: skr
+  namespace: prod-environment
+spec:
+  selector:
+    app: skr-prod
+  ports:
+    - name: skr-http
+      port: 8000
+      targetPort: skr-http
+  type: NodePort
+---
+
+# Ingress description
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: skr-prod-ingress
+  namespace: prod-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: schubbkoarnsru.k8s.semprod.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: skr
+          servicePort: 8000
+  - host: schubbkoarnsruh.semapp.de
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: skr
+          servicePort: 8000

02_hetzner/02_trialytix/trialytix-demo/deployment.yaml

@@ -0,0 +1,189 @@
+# Deployment description
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: trialytix-demo
+  namespace: trialytix-environment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: trialytix-demo
+  template:
+    metadata:
+      labels:
+        app: trialytix-demo
+    spec:
+      containers:
+      # Backend container
+      - name: trialytix-backend
+        image: packages.semapp.lan:5000/trialytix_backend:develop
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "4"
+        ports:
+          - containerPort: 5100
+            name: trialytix-back
+            protocol: TCP
+        envFrom:
+          - configMapRef:
+              name: trialytix-config-backend-prod
+        imagePullPolicy: Always
+      # Frontend container
+      - name: trialytix-frontend
+        image: packages.semapp.lan:5000/trialytix_frontend:develop
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "100m"
+          limits:
+            memory: "512Mi"
+            cpu: "4"
+        ports:
+          - containerPort: 8100
+            name: trialytix-front
+            protocol: TCP
+        volumeMounts:
+          - mountPath: /etc/nginx/conf.d
+            readOnly: true
+            name: nginx-trialytix-demo-conf
+        envFrom:
+          - configMapRef:
+              name: trialytix-config-backend-prod
+        imagePullPolicy: Always
+      volumes:
+        - name: nginx-trialytix-demo-conf
+          configMap:
+            name: nginx-trialytix-demo-conf
+
+# Env Configuration
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: trialytix-environment
+  name: trialytix-config-backend-prod
+  labels:
+    app: trialytix-demo
+data:
+  DJANGO_DB_ENGINE: 'django.db.backends.postgresql'
+  DJANGO_DB_NAME: 'trialytix-demo'
+  DJANGO_DB_USER: 'trialytix-demo'
+  DJANGO_DB_PASSWORD: 'CiF\9G{;/Y~y--}V,<'
+  DJANGO_DB_HOST: 'psql.semprod.local'
+  DJANGO_DB_PORT: '5432'
+  ALLOWED_HOSTS: '["*"]'
+  FRONTEND_URL: 'http://demo.trialytix.io'
+  API_URL: 'http://demo.trialytix.io'
+  FRONTEND_PORT: '8100'
+  BACKEND_PORT: '5100'
+
+# Nginx configuration
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: trialytix-environment
+  name: nginx-trialytix-demo-conf
+data:
+  default.conf: | 
+    upstream backend {
+      server backend-trialytix-demo:5100;
+    }
+
+    server {
+      listen 8100;
+
+      access_log /var/log/nginx/access.log;
+      charset utf-8;
+      client_max_body_size 1G;
+
+      location / {
+        root /srv/trialytix;
+        index index.html index.htm;
+        try_files $uri /index.html =404;
+      }
+
+      location ~ ^/api {
+        proxy_pass        http://backend;
+        proxy_redirect    off;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        proxy_read_timeout 300s;
+        proxy_send_timeout 300s;
+        send_timeout 300s;
+      }
+
+      error_page 404 =200 /index.html;
+
+      add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
+
+      expires off;
+      open_file_cache off;
+      sendfile off;
+    }
+
+# Trialytix service
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend-trialytix-demo
+  namespace: trialytix-environment
+spec:
+  selector:
+    app: trialytix-demo
+  ports:
+    - name: trialytix-back
+      port: 5100
+      targetPort: trialytix-back
+  type: NodePort
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend-trialytix-demo
+  namespace: trialytix-environment
+spec:
+  selector:
+    app: trialytix-demo
+  ports:
+    - name: trialytix-front
+      port: 8100
+      targetPort: trialytix-front
+  type: NodePort
+
+# Ingress description
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: trialytix-demo-ingress
+  namespace: trialytix-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: trialytix-demo.k8s.semprod.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: frontend-trialytix-demo
+          servicePort: 8100
+  - host: demo.trialytix.io
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: frontend-trialytix-demo
+          servicePort: 8100