-
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Deploy a pinnwand instance that used lovelace's pg database (#293)
* add a deployment config for pinnwand on lovelace * add a dns entry for the new pastebin * Add database URI for pinnwand to connect to psql on lovelace --------- Co-authored-by: Chris Lovering <[email protected]>
- Loading branch information
1 parent
b3a642d
commit 220e367
Showing
8 changed files
with
150 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # pinnwand | ||
| These manifests provision an instance of the pinnwand service used on https://paste.pythondiscord.com. | ||
|
|
||
| A init-service is used to download the Python Discord banner logo and save it to a volume, as pinnwand expects it to be present within the image. | ||
|
|
||
| ## Secrets & config | ||
| This deployment expects an env var named `PINNWAND_DATABASE_URI` to exist in a secret called `pinnwand-postgres-connection`. | ||
| All other configuration can be found in `defaults-configmap.yaml`. |
35 changes: 35 additions & 0 deletions
35
kubernetes/namespaces/web/pinnwand-lovelace/defaults-configmap.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: pinnwand-lovelace-config | ||
| namespace: web | ||
| data: | ||
| config.toml: | | ||
| # Maximum size in bytes of pastes | ||
| paste_size = 524288 | ||
| default_selected_lexer = "python" | ||
| # List of lexers to pin to the top of the dropdown list | ||
| preferred_lexers = ["python", "autodetect", "pytb", "pycon", "text", "markdown", "restructuredtext", "sql"] | ||
| page_list = ["about", "removal"] | ||
| footer = 'View <a href="//github.com/supakeen/pinnwand" target="_BLANK">source code</a>, <a href="/removal">removal</a> information, or read the <a href="/about">about</a> page.' | ||
| paste_help = '''<p>Welcome to Python Discord's pastebin, powered by <a href="//github.com/supakeen/pinnwand" target="_BLANK">pinnwand</a>. It allows you to share code with others. If you write code in the text area below and press the paste button you will be given a link you can share with others so they can view your code as well.</p><p>People with the link can view your pasted code, only you can remove your paste and it expires automatically. Note that anyone could guess the URI to your paste so don't rely on it being private.</p>''' | ||
| expiries.30days = 2592000 | ||
| expiries.7days = 604800 | ||
| expiries.1day = 86400 | ||
| ratelimit.read.capacity = 100 | ||
| ratelimit.read.consume = 1 | ||
| ratelimit.read.refill = 2 | ||
| ratelimit.create.capacity = 10 # Default is 2 | ||
| ratelimit.create.consume = 1 # Default is 2 | ||
| ratelimit.create.refill = 10 # Default is 1 | ||
| ratelimit.delete.capacity = 2 | ||
| ratelimit.delete.consume = 2 | ||
| ratelimit.delete.refill = 1 | ||
| report_email = "[email protected]" |
57 changes: 57 additions & 0 deletions
57
kubernetes/namespaces/web/pinnwand-lovelace/deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: pinnwand-lovelace | ||
| namespace: web | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: pinnwand-lovelace | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: pinnwand-lovelace | ||
| spec: | ||
| initContainers: | ||
| - name: init-service | ||
| image: busybox:latest | ||
| command: ["wget", "https://raw.githubusercontent.com/python-discord/branding/main/logos/badge/badge_512x172.png", "-O", "/tmp/logo.png"] | ||
| volumeMounts: | ||
| - name: pinnwand-lovelace-logo | ||
| mountPath: /tmp/ | ||
| containers: | ||
| - name: pinnwand-lovelace | ||
| image: ghcr.io/python-discord/pinnwand:latest-psql | ||
| command: ["venv/bin/python3", "-m", "pinnwand", "-vvvvvvvv", "--configuration-path", "/config/config.toml", "http"] | ||
| imagePullPolicy: Always | ||
| resources: | ||
| requests: | ||
| cpu: 5m | ||
| memory: 100Mi | ||
| limits: | ||
| cpu: 100m | ||
| memory: 200Mi | ||
| ports: | ||
| - containerPort: 8000 | ||
| envFrom: | ||
| - secretRef: | ||
| name: pinnwand-lovelace-postgres-connection | ||
| securityContext: | ||
| readOnlyRootFilesystem: true | ||
| volumeMounts: | ||
| - name: pinnwand-lovelace-config | ||
| mountPath: /config/ | ||
| - name: pinnwand-lovelace-logo | ||
| mountPath: /usr/app/pinnwand/static/logo.png | ||
| subPath: logo.png | ||
| volumes: | ||
| - name: pinnwand-lovelace-logo | ||
| emptyDir: {} | ||
| - name: pinnwand-lovelace-config | ||
| configMap: | ||
| name: pinnwand-lovelace-config | ||
| securityContext: | ||
| fsGroup: 2000 | ||
| runAsUser: 1000 | ||
| runAsNonRoot: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| apiVersion: networking.k8s.io/v1 | ||
| kind: Ingress | ||
| metadata: | ||
| annotations: | ||
| nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" | ||
| nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" | ||
| nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" | ||
| # block HEAD requests | ||
| nginx.ingress.kubernetes.io/configuration-snippet: | | ||
| if ($request_method = HEAD) { | ||
| return 444; | ||
| } | ||
| name: pinnwand-lovelace | ||
| namespace: web | ||
| spec: | ||
| tls: | ||
| - hosts: | ||
| - "*.pythondiscord.com" | ||
| secretName: pythondiscord.com-tls | ||
| rules: | ||
| - host: lovelace-paste.pythondiscord.com | ||
| http: | ||
| paths: | ||
| - path: / | ||
| pathType: Prefix | ||
| backend: | ||
| service: | ||
| name: pinnwand-lovelace | ||
| port: | ||
| number: 80 |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: pinnwand-lovelace | ||
| namespace: web | ||
| spec: | ||
| selector: | ||
| app: pinnwand-lovelace | ||
| ports: | ||
| - protocol: TCP | ||
| port: 80 | ||
| targetPort: 8000 |