diff --git a/compose/README.md b/compose/README.md deleted file mode 100644 index e69de29b..00000000 diff --git a/compose/prod/compose.yml b/compose/prod/compose.yml deleted file mode 100644 index 661b2685..00000000 --- a/compose/prod/compose.yml +++ /dev/null @@ -1,54 +0,0 @@ -# Run: docker compose up -d --build -version: "3.5" - -services: - db: - image: postgres - restart: always - ports: - - 5432:5432 - environment: - POSTGRES_USER: ${POSTGRES_USER} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} - POSTGRES_DB: ${POSTGRES_DB} - volumes: - - db-data:/var/lib/postgresql/data - - api: - build: ../../api - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock - environment: - DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}?schema=public" - JWT_SECRET: ${JWT_SECRET} - GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID} - KERNEL_NETWORK: "codepod" - PROXY_API_URL: "http://proxy:4011/graphql" - ZMQ_KERNEL_IMAGE: "lihebi/codepod-kernel-python:latest" - WS_RUNTIME_IMAGE: "lihebi/codepod-runtime:latest" - - ui: - build: ../../ui - environment: - GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID} - restart: always - - proxy: - build: ../../proxy - restart: always - - nginx: - image: nginx:alpine - ports: - - 80:80 - volumes: - - ./nginx.conf:/etc/nginx/conf.d/default.conf - -volumes: - db-data: - -networks: - default: - name: codepod - driver: bridge diff --git a/compose/prod/nginx.conf b/compose/prod/nginx.conf deleted file mode 100644 index 55e2e8cc..00000000 --- a/compose/prod/nginx.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - - listen 80; - listen [::]:80; - - server_name localhost; - - location / { - proxy_pass http://ui:80; - } - location /graphql { - proxy_pass http://api:4000; - } - location /runtime { - rewrite ^/runtime(.*)$ /$1 break; - proxy_pass http://proxy:4010; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -} - diff --git a/k8s/README.md b/k8s/README.md deleted file mode 100644 index 4b334a56..00000000 --- a/k8s/README.md +++ /dev/null @@ -1 +0,0 @@ -This is deprecated. The k8s setup is moved to a private repo https://github.com/codepod-io/codepod-k8s. diff --git a/k8s/cert-manager/certs/alpha.yaml b/k8s/cert-manager/certs/alpha.yaml deleted file mode 100644 index e557ca4f..00000000 --- a/k8s/cert-manager/certs/alpha.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: alpha-codepod-io -spec: - secretName: alpha-codepod-io-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "alpha.codepod.io" - dnsNames: - - "alpha.codepod.io" diff --git a/k8s/cert-manager/certs/production.yaml b/k8s/cert-manager/certs/production.yaml deleted file mode 100644 index e17c1a02..00000000 --- a/k8s/cert-manager/certs/production.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: app-codepod-io -spec: - secretName: app-codepod-io-tls - issuerRef: - name: letsencrypt-production - kind: ClusterIssuer - commonName: "app.codepod.io" - dnsNames: - - "app.codepod.io" diff --git a/k8s/cert-manager/certs/staging.yaml b/k8s/cert-manager/certs/staging.yaml deleted file mode 100644 index cf6bfd6a..00000000 --- a/k8s/cert-manager/certs/staging.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: app-codepod-io-staging -spec: - secretName: app-codepod-io-staging-tls - issuerRef: - name: letsencrypt-staging - kind: ClusterIssuer - commonName: "app.codepod.io" - dnsNames: - - "app.codepod.io" - \ No newline at end of file diff --git a/k8s/cert-manager/issuers/letsencrypt-production.yaml b/k8s/cert-manager/issuers/letsencrypt-production.yaml deleted file mode 100644 index 4f3fb8f8..00000000 --- a/k8s/cert-manager/issuers/letsencrypt-production.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-production -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: lihebi.com@gmail.com - privateKeySecretRef: - name: letsencrypt-production - solvers: - - dns01: - cloudflare: - email: lihebi.com@gmail.com - apiTokenSecretRef: - name: cloudflare-token-secret - key: cloudflare-token - selector: - dnsZones: - - "app.codepod.io" - - "alpha.codepod.io" \ No newline at end of file diff --git a/k8s/cert-manager/issuers/letsencrypt-staging.yaml b/k8s/cert-manager/issuers/letsencrypt-staging.yaml deleted file mode 100644 index 37ff1ac3..00000000 --- a/k8s/cert-manager/issuers/letsencrypt-staging.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging -spec: - acme: - server: https://acme-staging-v02.api.letsencrypt.org/directory - email: lihebi.com@gmail.com - privateKeySecretRef: - name: letsencrypt-staging - solvers: - - dns01: - cloudflare: - email: lihebi.com@gmail.com - apiTokenSecretRef: - name: cloudflare-token-secret - key: cloudflare-token - selector: - dnsZones: - - "app.codepod.io" - - "alpha.codepod.io" \ No newline at end of file diff --git a/k8s/cert-manager/secret-cloudflare.yaml b/k8s/cert-manager/secret-cloudflare.yaml deleted file mode 100644 index a5ff93ea..00000000 --- a/k8s/cert-manager/secret-cloudflare.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: cloudflare-token-secret - namespace: cert-manager -type: Opaque -stringData: - cloudflare-token: diff --git a/k8s/deployments/nginx-example.yml b/k8s/deployments/nginx-example.yml deleted file mode 100644 index f2971a4d..00000000 --- a/k8s/deployments/nginx-example.yml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx-deployment - labels: - app: nginx -spec: - replicas: 3 - selector: - matchLabels: - app: nginx - template: - metadata: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginx:1.14.2 - ports: - - containerPort: 80 - ---- -apiVersion: v1 -kind: Service -metadata: - name: nginx-service -spec: - selector: - app: nginx - ports: - - protocol: TCP - port: 80 - targetPort: 80 - -# ingress ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: minimal-ingress - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / -spec: - # ingressClassName: nginx-example - rules: - - host: nginx.10.43.1.191.sslip.io - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: nginx-service - port: - number: 80 diff --git a/k8s/helm-chart/.helmignore b/k8s/helm-chart/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/k8s/helm-chart/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/k8s/helm-chart/Chart.yaml b/k8s/helm-chart/Chart.yaml deleted file mode 100644 index 0d901b99..00000000 --- a/k8s/helm-chart/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: codepod -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "0.4.6" diff --git a/k8s/helm-chart/README.md b/k8s/helm-chart/README.md deleted file mode 100644 index 43ddab15..00000000 --- a/k8s/helm-chart/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Helm charts for CodePod - -## Prerequist - -### Create namespaces - -We need to create one more namespace manually: - -```bash -kubectl create ns codepod-staging -kubectl create ns codepod-staging-runtime -``` - -### (DEPRECATED) Apply the secrets - -Need the secrets: - -```yaml -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: mysecret -data: - POSTGRES_USER: - POSTGRES_PASSWORD: - POSTGRES_DB: - JWT_SECRET: -``` - -Note: the secrets must be base64 encoded with: - -```bash -echo -n your-password | base64 -``` - -Need the -n there, otherwise there will be a space when this secret is used in -env variables. Ref: [https://github.com/kubernetes/kubernetes/issues/28086](https://github.com/kubernetes/kubernetes/issues/28086) - -Need to manually apply these secrets: - -```bash -kubectl apply -f secrets.yaml -``` - -### (DEPRECATED) Install longhorn - -Longhorn is needed to dynamically allocate volumes for DB. - -### Get SSL certificate (required for prod) - -See `../cert-manager`. Basically: - -1. install cert-manager -2. save cloudflare API token to secrets (to cert-manager ns) -3. define issuers (clusterwise) -4. retrieve certs (into codepod-prod namespace) - -Ref: [https://docs.technotim.live/posts/kube-traefik-cert-manager-le/#cert-manager](https://docs.technotim.live/posts/kube-traefik-cert-manager-le/#cert-manager) - -End result: the app-codepod-io-tls certificate. - -## Install - -Install: - -```bash -helm install codepod-staging . --namespace codepod-staging --create-namespace --values=./values.staging.yaml -``` - -Upgrade: - -```bash -helm upgrade codepod-staging . --namespace codepod-staging --values=./values.staging.yaml -``` - -Optionally initialize the DB (run in one api pod): - -```bash -npx prisma migrate dev --name init -``` - -- TODO: automate this -- TODO: restore from backup - -Uninstall: - -```bash -helm uninstall codepod-staging -``` - -Prod: - -```bash -helm upgrade codepod-prod . --namespace codepod-prod --values=./values.prod.yaml -``` - -## Helper scripts - -Alpha: - -```bash -kubectl apply -f secrets.yaml -n codepod-alpha -helm install codepod-alpha . --namespace codepod-alpha --create-namespace --values=./values.alpha.yaml - -helm upgrade codepod-alpha . --namespace codepod-alpha --values=./values.alpha.yaml -``` - -Rollback: - -```bash -helm rollback -n codepod-alpha codepod-alpha -helm rollback -n codepod-alpha codepod-alpha 11 -helm ls -n codepod-alpha -``` - -To access prisma: - -```bash -kubectl port-forward prisma-deployment-5c9ccfc6b8-962vq 5555:5555 -n codepod-alpha -``` - -## Config maps and secrets - -```yaml -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: mysecret -data: - POSTGRES_PASSWORD: - JWT_SECRET: - -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myconfig - namespace: codepod-alpha -data: - POSTGRES_USER: - POSTGRES_HOST: - POSTGRES_DB: - POSTGRES_PORT: - GOOGLE_CLIENT_ID: -``` diff --git a/k8s/helm-chart/templates/deployment.yaml b/k8s/helm-chart/templates/deployment.yaml deleted file mode 100644 index e61e8c00..00000000 --- a/k8s/helm-chart/templates/deployment.yaml +++ /dev/null @@ -1,359 +0,0 @@ -# UI - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codepod-ui-deployment - labels: - app: codepod-ui -spec: - replicas: 3 - selector: - matchLabels: - app: codepod-ui - template: - metadata: - labels: - app: codepod-ui - spec: - containers: - - name: codepod-ui - image: lihebi/codepod-ui:{{ .Chart.AppVersion }} - env: - - name: GOOGLE_CLIENT_ID - valueFrom: - configMapKeyRef: - name: myconfig - key: GOOGLE_CLIENT_ID - ports: - - containerPort: 80 - resources: - limits: - memory: 512Mi - cpu: "1" - requests: - memory: 256Mi - cpu: "0.2" - ---- -apiVersion: v1 -kind: Service -metadata: - name: codepod-ui-service -spec: - selector: - app: codepod-ui - ports: - - protocol: TCP - port: 80 - targetPort: 80 - -# API ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codepod-api-deployment - labels: - app: codepod-api -spec: - replicas: 3 - selector: - matchLabels: - app: codepod-api - template: - metadata: - labels: - app: codepod-api - spec: - serviceAccountName: api-account - containers: - - name: codepod-api - image: lihebi/codepod-api:{{ .Chart.AppVersion }} - ports: - - containerPort: 4000 - env: - - name: POSTGRES_USER - valueFrom: - configMapKeyRef: - name: myconfig - key: POSTGRES_USER - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: mysecret - key: POSTGRES_PASSWORD - - name: POSTGRES_DB - valueFrom: - configMapKeyRef: - name: myconfig - key: POSTGRES_DB - - name: POSTGRES_HOST - valueFrom: - configMapKeyRef: - name: myconfig - key: POSTGRES_HOST - - name: POSTGRES_PORT - valueFrom: - configMapKeyRef: - name: myconfig - key: POSTGRES_PORT - - name: DATABASE_URL - value: "postgresql://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB)?sslmode=require" - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: mysecret - key: JWT_SECRET - - name: GOOGLE_CLIENT_ID - valueFrom: - configMapKeyRef: - name: myconfig - key: GOOGLE_CLIENT_ID - - name: PROXY_API_URL - value: "http://codepod-proxy-service:4011/graphql" - - name: ZMQ_KERNEL_IMAGE - value: lihebi/codepod-kernel-python:{{ .Chart.AppVersion }} - - name: WS_RUNTIME_IMAGE - value: lihebi/codepod-runtime:{{ .Chart.AppVersion }} - - name: RUNTIME_SPAWNER - value: k8s - - name: RUNTIME_NS - value: {{ .Release.Namespace }}-runtime - - name: KERNEL_TTL - # 1000 * 60 * 60 * 12: 12 hours - value: "43200000" - # 1000 * 60 * 3: 3 minutes - # value: "180000" - - name: LOOP_INTERVAL - # 1000 * 60 * 1: 1 minute - value: "60000" - # 1000 * 5: 5 seconds - # value: "5000" - resources: - limits: - memory: 512Mi - cpu: "1" - requests: - memory: 256Mi - cpu: "0.2" - ---- -apiVersion: v1 -kind: Service -metadata: - name: codepod-api-service -spec: - selector: - app: codepod-api - ports: - - protocol: TCP - port: 4000 - targetPort: 4000 - -# prisma ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: prisma-deployment - labels: - app: prisma -spec: - replicas: 1 - selector: - matchLabels: - app: prisma - template: - metadata: - labels: - app: prisma - spec: - serviceAccountName: api-account - containers: - - name: prisma - image: lihebi/codepod-api:{{ .Chart.AppVersion }} - command: ["npx", "prisma", "studio"] - ports: - - containerPort: 5555 - env: - - name: POSTGRES_USER - valueFrom: - configMapKeyRef: - name: myconfig - key: POSTGRES_USER - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: mysecret - key: POSTGRES_PASSWORD - - name: POSTGRES_DB - valueFrom: - configMapKeyRef: - name: myconfig - key: POSTGRES_DB - - name: POSTGRES_HOST - valueFrom: - configMapKeyRef: - name: myconfig - key: POSTGRES_HOST - - name: POSTGRES_PORT - valueFrom: - configMapKeyRef: - name: myconfig - key: POSTGRES_PORT - - name: DATABASE_URL - value: "postgresql://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB)?sslmode=require" - resources: - limits: - memory: 512Mi - cpu: "1" - requests: - memory: 256Mi - cpu: "0.2" - ---- -apiVersion: v1 -kind: Service -metadata: - name: prisma-service -spec: - selector: - app: prisma - ports: - - protocol: TCP - port: 80 - targetPort: 5555 - -# Proxy ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codepod-proxy-deployment - labels: - app: codepod-proxy -spec: - replicas: 1 - selector: - matchLabels: - app: codepod-proxy - template: - metadata: - labels: - app: codepod-proxy - spec: - containers: - - name: codepod-proxy - image: lihebi/codepod-proxy:{{ .Chart.AppVersion }} - ports: - - containerPort: 4010 - - containerPort: 4011 - resources: - limits: - memory: 512Mi - cpu: "1" - requests: - memory: 256Mi - cpu: "0.2" - ---- -apiVersion: v1 -kind: Service -metadata: - name: codepod-proxy-service -spec: - selector: - app: codepod-proxy - ports: - - name: proxy-port - protocol: TCP - port: 4010 - targetPort: 4010 - - name: api-port - protocol: TCP - port: 4011 - targetPort: 4011 - -# Socket ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: codepod-socket-deployment - labels: - app: codepod-socket -spec: - replicas: 1 - selector: - matchLabels: - app: codepod-socket - template: - metadata: - labels: - app: codepod-socket - spec: - containers: - - name: codepod-socket - image: node:18 - command: ["/bin/sh", "-c", "yarn add yjs y-websocket && HOST=0.0.0.0 PORT=4233 npx y-websocket"] - ports: - - containerPort: 4233 - resources: - limits: - memory: 512Mi - cpu: "1" - requests: - memory: 256Mi - cpu: "0.2" - ---- -apiVersion: v1 -kind: Service -metadata: - name: codepod-socket-service -spec: - selector: - app: codepod-socket - ports: - - protocol: TCP - port: 4233 - targetPort: 4233 - - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: example-runtime-deployment - labels: - app: example-runtime -spec: - replicas: 3 - selector: - matchLabels: - app: example-runtime - template: - metadata: - labels: - app: example-runtime - spec: - containers: - - name: example-runtime-kernel - image: lihebi/codepod-kernel-python:{{ .Chart.AppVersion }} - resources: - limits: - memory: 512Mi - cpu: "1" - requests: - memory: 256Mi - cpu: "0.2" - - name: example-runtime-ws - image: lihebi/codepod-runtime:{{ .Chart.AppVersion }} - resources: - limits: - memory: 512Mi - cpu: "1" - requests: - memory: 256Mi - cpu: "0.2" \ No newline at end of file diff --git a/k8s/helm-chart/templates/ingress.yaml b/k8s/helm-chart/templates/ingress.yaml deleted file mode 100644 index 01300c78..00000000 --- a/k8s/helm-chart/templates/ingress.yaml +++ /dev/null @@ -1,78 +0,0 @@ ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: stripprefix -spec: - stripPrefix: - prefixes: - - /runtime - - /prisma - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: codepod-ingress -spec: - {{- if .Values.tls.enabled }} - entryPoints: - - websecure - tls: - secretName: {{ .Values.tls.secretName }} - {{- end }} - routes: - - match: "Host(`{{ .Values.hostname }}`) && PathPrefix(`/`)" - kind: Rule - services: - - name: codepod-ui-service - port: 80 - - match: "Host(`{{ .Values.hostname }}`) && PathPrefix(`/graphql`)" - kind: Rule - services: - - name: codepod-api-service - port: 4000 - - match: "Host(`{{ .Values.hostname }}`) && PathPrefix(`/runtime`)" - kind: Rule - middlewares: - - name: stripprefix - services: - - name: codepod-proxy-service - port: 4010 - - match: "Host(`{{ .Values.hostname }}`) && PathPrefix(`/socket`)" - kind: Rule - middlewares: - - name: stripprefix - services: - - name: codepod-socket-service - port: 4233 - -{{- if .Values.tls.enabled }} ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: redirect-https -spec: - redirectScheme: - scheme: https - permanent: true - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: http-redirect-to-https -spec: - entryPoints: - - web - routes: - - match: "Host(`{{ .Values.hostname }}`)" - kind: Rule - # We need this services clause to make the route valid. - services: - - name: codepod-ui-service - port: 80 - middlewares: - - name: redirect-https -{{- end }} diff --git a/k8s/helm-chart/templates/rbac.yaml b/k8s/helm-chart/templates/rbac.yaml deleted file mode 100644 index 190cf87e..00000000 --- a/k8s/helm-chart/templates/rbac.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# service account for API -# This allow api-account to create/delete resources in codepod-runtime namespace. - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: api-account - -# Runtime spawner in a seperate namespace codepod-runtime -# Ref: https://stackoverflow.com/questions/53960516/can-i-connect-one-service-account-to-multiple-namespaces-in-kubernetes - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace }}-runtime - name: runtime-spawner -rules: - - apiGroups: [""] # "" indicates the core API group - resources: ["pods"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] - - apiGroups: ["apps"] # "" indicates the core API group - resources: ["deployments"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - ---- -apiVersion: rbac.authorization.k8s.io/v1 -# This role binding allows "jane" to read pods in the "default" namespace. -# You need to already have a Role named "pod-reader" in that namespace. -kind: RoleBinding -metadata: - name: spawn-runtimes - namespace: {{ .Release.Namespace }}-runtime -subjects: - # You can specify more than one "subject" - - kind: ServiceAccount - name: api-account # "name" is case sensitive - # apiGroup: rbac.authorization.k8s.io - # This should be optional if I'm already in this namespace. - # CAUTION: Well, this is not optional. - namespace: {{ .Release.Namespace }} -roleRef: - # "roleRef" specifies the binding to a Role / ClusterRole - kind: Role #this must be Role or ClusterRole - name: runtime-spawner # this must match the name of the Role or ClusterRole you wish to bind to - apiGroup: rbac.authorization.k8s.io diff --git a/k8s/helm-chart/values.alpha.yaml b/k8s/helm-chart/values.alpha.yaml deleted file mode 100644 index 33f8659b..00000000 --- a/k8s/helm-chart/values.alpha.yaml +++ /dev/null @@ -1,5 +0,0 @@ -hostname: "alpha.codepod.io" - -tls: - enabled: true - secretName: alpha-codepod-io-tls \ No newline at end of file diff --git a/k8s/helm-chart/values.prod.yaml b/k8s/helm-chart/values.prod.yaml deleted file mode 100644 index 9357a330..00000000 --- a/k8s/helm-chart/values.prod.yaml +++ /dev/null @@ -1,5 +0,0 @@ -hostname: "app.codepod.io" - -tls: - enabled: true - secretName: app-codepod-io-tls \ No newline at end of file diff --git a/k8s/helm-chart/values.staging.yaml b/k8s/helm-chart/values.staging.yaml deleted file mode 100644 index 658d423f..00000000 --- a/k8s/helm-chart/values.staging.yaml +++ /dev/null @@ -1,3 +0,0 @@ -hostname: "codepod.208.87.130.238.sslip.io" -tls: - enabled: false \ No newline at end of file diff --git a/k8s/helm-chart/values.yaml b/k8s/helm-chart/values.yaml deleted file mode 100644 index de634d27..00000000 --- a/k8s/helm-chart/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -hostname: "codepod.127.0.0.1.sslip.io" -tls: - enabled: false \ No newline at end of file diff --git a/k8s/main.tf b/k8s/main.tf deleted file mode 100644 index e178074b..00000000 --- a/k8s/main.tf +++ /dev/null @@ -1,106 +0,0 @@ -terraform { - required_providers { - proxmox = { - source = "telmate/proxmox" - version = "2.9.11" - } - } -} -provider "proxmox" { - pm_api_url = "https://10.43.1.108:8006/api2/json" # change this to match your own proxmox - pm_api_token_id = "YOUR_TOKEN_ID" # change this to match your own proxmox - pm_api_token_secret = "YOUR_TOKEN_SECRET" # change this to match your own proxmox - pm_tls_insecure = true -} - -resource "proxmox_vm_qemu" "k3s-server" { - count = 4 - name = "k3s-server-0${count.index}" - target_node = var.proxmox_host - # thanks to Brian on YouTube for the vmid tip - # http://www.youtube.com/channel/UCTbqi6o_0lwdekcp-D6xmWw - vmid = "18${count.index}" - clone = var.template_name - agent = 1 - os_type = "cloud-init" - cores = 2 - sockets = 1 - cpu = "kvm64" - memory = 4096 - scsihw = "virtio-scsi-pci" - bootdisk = "scsi0" - disk { - slot = 0 - size = "30G" - type = "scsi" - storage = "local-lvm" - #storage_type = "zfspool" - iothread = 1 - } - network { - model = "virtio" - bridge = "vmbr0" - } - - # network { - # model = "virtio" - # bridge = "vmbr17" - # } - lifecycle { - ignore_changes = [ - network, - ] - } - # server IP: 10.43.1.161 - ipconfig0 = "ip=10.43.1.18${count.index}/24,gw=10.43.1.1" - # ipconfig1 = "ip=10.17.0.4${count.index + 1}/24" - sshkeys = <