Add Traefik and various service configurations for Docker Swarm

- Created `local_core.yml` for Traefik service configuration with multiple entry points and middleware settings.
- Added `services-all.yml` to define multiple services including API server, PostgreSQL, MinIO, Neo4j, and others with Traefik routing.
- Implemented Kubernetes deployment files for API server, Dozzle, MinIO, OSRM backend, PostgreSQL, SearxNG, and Whoami services.
- Configured persistent volume claims for MinIO, PostgreSQL, and SearxNG.
- Set up Traefik routing rules for all services to enable HTTPS and middleware for security.

keytong/api-server-deployment.yaml

@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f services.yml
+    kompose.version: 1.34.0 (HEAD)
+  labels:
+    io.kompose.service: api-server
+    traefik.constraint-label: traefik-public
+    traefik.swarm.network: traefik-public
+    traefik.enable: "true"
+    traefik.http.routers.api_server.entrypoints: https
+    traefik.http.routers.api_server.rule: Host(`api.`)
+    traefik.http.routers.api_server.service: api_server_service
+    traefik.http.routers.api_server.tls.certresolver: le
+    traefik.http.services.api_server_service.loadbalancer.server.port: "8000"
+  name: api-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: api-server
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -f services.yml
+        kompose.version: 1.34.0 (HEAD)
+      labels:
+        io.kompose.service: api-server
+    spec:
+      containers:
+        - env:
+            - name: DATABASE__DB
+            - name: DATABASE__HOSTNAME
+            - name: DATABASE__PASSWORD
+            - name: DATABASE__PORT
+            - name: DATABASE__USERNAME
+            - name: DOMAIN
+            - name: SECURITY__ALLOWED_HOSTS
+            - name: SECURITY__BACKEND_CORS_ORIGINS
+            - name: SECURITY__JWT_SECRET_KEY
+          image: furyhawk/listen:v0.1.15
+          name: api-server
+      restartPolicy: Always

keytong/dozzle-deployment.yaml

@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f services.yml
+    kompose.version: 1.34.0 (HEAD)
+  labels:
+    io.kompose.service: dozzle
+    traefik.constraint-label: traefik-public
+    traefik.swarm.network: traefik-public
+    traefik.enable: "true"
+    traefik.http.routers.dozzle.entrypoints: https
+    traefik.http.routers.dozzle.middlewares: admin-auth
+    traefik.http.routers.dozzle.rule: Host(`log.`)
+    traefik.http.routers.dozzle.service: dozzle_service
+    traefik.http.routers.dozzle.tls.certresolver: le
+    traefik.http.services.dozzle_service.loadbalancer.server.port: "8080"
+  name: dozzle
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: dozzle
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -f services.yml
+        kompose.version: 1.34.0 (HEAD)
+      labels:
+        io.kompose.service: dozzle
+    spec:
+      containers:
+        - env:
+            - name: DOMAIN
+          image: amir20/dozzle:latest
+          name: dozzle
+      restartPolicy: Always

keytong/minio-common-claim0-persistentvolumeclaim.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: minio-common-claim0
+  name: minio-common-claim0
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi

keytong/minio-common-deployment.yaml

@@ -0,0 +1,79 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f services.yml
+    kompose.version: 1.34.0 (HEAD)
+  labels:
+    io.kompose.service: minio-common
+    traefik.constraint-label: traefik-public
+    traefik.swarm.network: traefik-public
+    traefik.enable: "true"
+    traefik.http.routers.minio-api-router.entrypoints: https
+    traefik.http.routers.minio-api-router.rule: Host(`minio.`) || Host(`s3.`)
+    traefik.http.routers.minio-api-router.service: minio_api_service
+    traefik.http.routers.minio-api-router.tls.certresolver: le
+    traefik.http.routers.minio-router.entrypoints: https
+    traefik.http.routers.minio-router.rule: Host(`drive.`) || Host(`storage.`)
+    traefik.http.routers.minio-router.service: minio_common_service
+    traefik.http.routers.minio-router.tls.certresolver: le
+    traefik.http.services.minio_api_service.loadbalancer.server.port: "9000"
+    traefik.http.services.minio_common_service.loadbalancer.server.port: "9001"
+  name: minio-common
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: minio-common
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -f services.yml
+        kompose.version: 1.34.0 (HEAD)
+      labels:
+        io.kompose.service: minio-common
+    spec:
+      containers:
+        - args:
+            - server
+            - /data
+            - --address
+            - :9000
+            - --console-address
+            - :9001
+          env:
+            - name: DOMAIN
+            - name: MINIO_OPTS
+              value: --console-address :9001
+            - name: MINIO_ROOT_PASSWORD
+              value: minioadmin
+            - name: MINIO_ROOT_USER
+              value: minioadmin
+            - name: MINIO_SERVER_URL
+              value: https://minio.
+          image: minio/minio:latest
+          livenessProbe:
+            exec:
+              command:
+                - mc
+                - ready
+                - local
+            failureThreshold: 5
+            periodSeconds: 60
+            timeoutSeconds: 5
+          name: minio-common
+          ports:
+            - containerPort: 9000
+              protocol: TCP
+            - containerPort: 9001
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /data
+              name: minio-common-claim0
+      restartPolicy: Always
+      volumes:
+        - name: minio-common-claim0
+          persistentVolumeClaim:
+            claimName: minio-common-claim0

keytong/minio-common-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f services.yml
+    kompose.version: 1.34.0 (HEAD)
+  labels:
+    io.kompose.service: minio-common
+  name: minio-common
+spec:
+  ports:
+    - name: "9000"
+      port: 9000
+      targetPort: 9000
+    - name: "9001"
+      port: 9001
+      targetPort: 9001
+  selector:
+    io.kompose.service: minio-common

keytong/osrm-backend-deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f services.yml
+    kompose.version: 1.34.0 (HEAD)
+  labels:
+    io.kompose.service: osrm-backend
+    traefik.constraint-label: traefik-public
+    traefik.swarm.network: traefik-public
+    traefik.enable: "true"
+    traefik.http.routers.osrm-backend.entrypoints: https
+    traefik.http.routers.osrm-backend.middlewares: rate-limit
+    traefik.http.routers.osrm-backend.rule: Host(`osrm.`)
+    traefik.http.routers.osrm-backend.service: osrm_backend_service
+    traefik.http.routers.osrm-backend.tls.certresolver: le
+    traefik.http.services.osrm_backend_service.loadbalancer.server.port: "5000"
+  name: osrm-backend
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: osrm-backend
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -f services.yml
+        kompose.version: 1.34.0 (HEAD)
+      labels:
+        io.kompose.service: osrm-backend
+    spec:
+      containers:
+        - env:
+            - name: DOMAIN
+            - name: OSRM_ALGORITHM
+              value: mld
+            - name: OSRM_GEOFABRIK_PATH
+            - name: OSRM_MAP_NAME
+            - name: OSRM_NOTIFY_FILEPATH
+              value: /data/osrm_notify.txt
+            - name: OSRM_PORT
+              value: "5000"
+            - name: OSRM_PROFILE
+              value: /opt/car.lua
+            - name: OSRM_THREADS
+              value: "2"
+          image: furyhawk/osrm-backend:latest
+          name: osrm-backend
+      restartPolicy: Always

keytong/postgres-data-persistentvolumeclaim.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: postgres-data
+  name: postgres-data
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi

keytong/postgres-db-deployment.yaml

@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f services.yml
+    kompose.version: 1.34.0 (HEAD)
+  labels:
+    io.kompose.service: postgres-db
+    traefik.constraint-label: traefik-public
+    traefik.swarm.network: traefik-public
+    traefik.enable: "true"
+    traefik.tcp.routers.postgres.entrypoints: postgres-socket
+    traefik.tcp.routers.postgres.rule: HostSNI(`*`)
+    traefik.tcp.routers.postgres.service: postgres_service
+    traefik.tcp.services.postgres_service.loadbalancer.server.port: "5432"
+  name: postgres-db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: postgres-db
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -f services.yml
+        kompose.version: 1.34.0 (HEAD)
+      labels:
+        io.kompose.service: postgres-db
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: postgres.postgres_data
+                    operator: In
+                    values:
+                      - "true"
+      containers:
+        - args:
+            - postgres
+            - -c
+            - log_connections=on
+          env:
+            - name: LANG
+              value: en_US.utf8
+            - name: PGDATA
+              value: /var/lib/postgresql/data
+            - name: POSTGRES_DB
+            - name: POSTGRES_PASSWORD
+            - name: POSTGRES_USER
+            - name: TZ
+              value: Asia/Singapore
+          image: postgres
+          livenessProbe:
+            exec:
+              command:
+                - pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}
+            failureThreshold: 10
+            periodSeconds: 30
+            timeoutSeconds: 10
+          name: postgres-db
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: postgres-data
+      restartPolicy: Always
+      volumes:
+        - name: postgres-data
+          persistentVolumeClaim:
+            claimName: postgres-data

keytong/redis-valkey-deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f searxng.yml
+    kompose.version: 1.34.0 (HEAD)
+  labels:
+    io.kompose.service: redis-valkey
+  name: redis-valkey
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: redis-valkey
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -f searxng.yml
+        kompose.version: 1.34.0 (HEAD)
+      labels:
+        io.kompose.service: redis-valkey
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: searxng.redis
+                    operator: In
+                    values:
+                      - "true"
+      containers:
+        - args:
+            - valkey-server
+            - --save
+            - "30"
+            - "1"
+            - --loglevel
+            - warning
+          image: docker.io/valkey/valkey:7-alpine
+          name: redis-valkey
+          securityContext:
+            capabilities:
+              add:
+                - SETGID
+                - SETUID
+                - DAC_OVERRIDE
+              drop:
+                - ALL
+          volumeMounts:
+            - mountPath: /data
+              name: valkey-data2
+      restartPolicy: Always
+      volumes:
+        - name: valkey-data2
+          persistentVolumeClaim:
+            claimName: valkey-data2

keytong/searxng-claim0-persistentvolumeclaim.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: searxng-claim0
+  name: searxng-claim0
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi

keytong/searxng-deployment.yaml

@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f searxng.yml
+    kompose.version: 1.34.0 (HEAD)
+  labels:
+    io.kompose.service: searxng
+    traefik.constraint-label: traefik-public
+    traefik.swarm.network: traefik-public
+    traefik.enable: "true"
+    traefik.http.routers.searxng-rtr.entrypoints: https
+    traefik.http.routers.searxng-rtr.middlewares: xbot
+    traefik.http.routers.searxng-rtr.rule: Host(`search.`)
+    traefik.http.routers.searxng-rtr.service: searxng-svc
+    traefik.http.routers.searxng-rtr.tls.certresolver: le
+    traefik.http.services.searxng-svc.loadbalancer.server.port: "8080"
+  name: searxng
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: searxng
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -f searxng.yml
+        kompose.version: 1.34.0 (HEAD)
+      labels:
+        io.kompose.service: searxng
+    spec:
+      containers:
+        - env:
+            - name: LIMITER
+              value: "true"
+            - name: SEARXNG_BASE_URL
+              value: https://search./
+            - name: SEARXNG_LIMITER
+              value: "true"
+            - name: SEARXNG_REDIS_URL
+              value: redis://redis_valkey:6379/0
+            - name: SEARXNG_SECRET
+              value: ultrasecretkey
+          image: docker.io/searxng/searxng:latest
+          name: searxng
+          volumeMounts:
+            - mountPath: /etc/searxng
+              name: searxng-claim0
+      restartPolicy: Always
+      volumes:
+        - name: searxng-claim0
+          persistentVolumeClaim:
+            claimName: searxng-claim0

keytong/valkey-data2-persistentvolumeclaim.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: valkey-data2
+  name: valkey-data2
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi

keytong/whoami-deployment.yaml

@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -f services.yml
+    kompose.version: 1.34.0 (HEAD)
+  labels:
+    io.kompose.service: whoami
+    traefik.constraint-label: traefik-public
+    traefik.swarm.network: traefik-public
+    traefik.enable: "true"
+    traefik.http.routers.whoami-rtr.entrypoints: https
+    traefik.http.routers.whoami-rtr.rule: Host(`whoami.`)
+    traefik.http.routers.whoami-rtr.service: whoami-svc
+    traefik.http.routers.whoami-rtr.tls.certresolver: le
+    traefik.http.services.whoami-svc.loadbalancer.server.port: "80"
+  name: whoami
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: whoami
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -f services.yml
+        kompose.version: 1.34.0 (HEAD)
+      labels:
+        io.kompose.service: whoami
+    spec:
+      containers:
+        - image: traefik/whoami
+          name: whoami
+      restartPolicy: Always