diff --git a/cluster/swarm-converted/00-namespace.yaml b/cluster/swarm-converted/00-namespace.yaml new file mode 100644 index 0000000..886bb7b --- /dev/null +++ b/cluster/swarm-converted/00-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: swarm-converted diff --git a/cluster/swarm-converted/01-config.yaml b/cluster/swarm-converted/01-config.yaml new file mode 100644 index 0000000..2fab580 --- /dev/null +++ b/cluster/swarm-converted/01-config.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: swarm-converted-config + namespace: swarm-converted +data: + DOMAIN: REPLACE_DOMAIN + DATABASE__HOSTNAME: postgres-db + DATABASE__PORT: "5432" + DATABASE__DB: app + SECURITY__BACKEND_CORS_ORIGINS: https://REPLACE_DOMAIN + SECURITY__ALLOWED_HOSTS: api.REPLACE_DOMAIN,REPLACE_DOMAIN + POSTGRES_DB: app + TZ: Asia/Singapore + LANG: en_US.utf8 + PGDATA: /var/lib/postgresql/data + OSRM_ALGORITHM: mld + OSRM_THREADS: "2" + OSRM_PORT: "5000" + OSRM_PROFILE: /opt/car.lua + OSRM_MAP_NAME: singapore + OSRM_GEOFABRIK_PATH: /data + OSRM_NOTIFY_FILEPATH: /data/osrm_notify.txt + STREAMLIT_FIN_SERVER_PORT: "8501" + STREAMLIT_BAI_SERVER_PORT: "8502" + BAI_LOCATION: "" + ADMINER_DESIGN: pepa-linha-dark + NODE_ENV: production + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: swarm-converted-secret + namespace: swarm-converted +type: Opaque +stringData: + POSTGRES_USER: change-me + POSTGRES_PASSWORD: change-me + SECURITY__JWT_SECRET_KEY: change-me + MINIO_ROOT_USER: minioadmin + MINIO_ROOT_PASSWORD: minioadmin + GROQ_API_KEY: change-me + PGADMIN_DEFAULT_EMAIL: admin@example.com + PGADMIN_DEFAULT_PASSWORD: change-me + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: traefik-basic-auth + namespace: swarm-converted +type: Opaque +stringData: + users: user:$apr1$replace$replacehashedvalue diff --git a/cluster/swarm-converted/02-traefik.yaml b/cluster/swarm-converted/02-traefik.yaml new file mode 100644 index 0000000..bee2707 --- /dev/null +++ b/cluster/swarm-converted/02-traefik.yaml @@ -0,0 +1,60 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: admin-auth + namespace: swarm-converted +spec: + basicAuth: + secret: traefik-basic-auth + +--- + +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: rate-limit + namespace: swarm-converted +spec: + rateLimit: + average: 384 + burst: 128 + period: 10s + +--- + +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: no-www + namespace: swarm-converted +spec: + redirectRegex: + regex: ^https://www\.(.*)$ + replacement: https://$1 + permanent: true + +--- + +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: redirect-resume + namespace: swarm-converted +spec: + redirectRegex: + regex: ^https://resume\.REPLACE_DOMAIN/(.*) + replacement: https://info.REPLACE_DOMAIN/resume/$1 + permanent: true + +--- + +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: redirect-blog + namespace: swarm-converted +spec: + redirectRegex: + regex: ^https://blog\.REPLACE_DOMAIN/(.*) + replacement: https://furyhawk.github.io/124c41/$1 + permanent: true diff --git a/cluster/swarm-converted/03-storage.yaml b/cluster/swarm-converted/03-storage.yaml new file mode 100644 index 0000000..c9bcebe --- /dev/null +++ b/cluster/swarm-converted/03-storage.yaml @@ -0,0 +1,123 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-data + namespace: swarm-converted +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgres-data + namespace: swarm-converted +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: adminer-data + namespace: swarm-converted +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jellyfin-config + namespace: swarm-converted +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jellyfin-cache + namespace: swarm-converted +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: jellyfin-media + namespace: swarm-converted +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: privatebin-data + namespace: swarm-converted +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: bai-cache + namespace: swarm-converted +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: site-content + namespace: swarm-converted +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/cluster/swarm-converted/10-services-stack.yaml b/cluster/swarm-converted/10-services-stack.yaml new file mode 100644 index 0000000..817e8e6 --- /dev/null +++ b/cluster/swarm-converted/10-services-stack.yaml @@ -0,0 +1,532 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: api-server + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: api-server + template: + metadata: + labels: + app: api-server + spec: + containers: + - name: api-server + image: furyhawk/listen:v0.1.17 + ports: + - containerPort: 8000 + name: http + env: + - name: DATABASE__HOSTNAME + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DATABASE__HOSTNAME + - name: DATABASE__USERNAME + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: POSTGRES_USER + - name: DATABASE__PASSWORD + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: POSTGRES_PASSWORD + - name: DATABASE__PORT + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DATABASE__PORT + - name: DATABASE__DB + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DATABASE__DB + - name: SECURITY__JWT_SECRET_KEY + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: SECURITY__JWT_SECRET_KEY + - name: SECURITY__BACKEND_CORS_ORIGINS + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: SECURITY__BACKEND_CORS_ORIGINS + - name: SECURITY__ALLOWED_HOSTS + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: SECURITY__ALLOWED_HOSTS + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DOMAIN + +--- + +apiVersion: v1 +kind: Service +metadata: + name: api-server + namespace: swarm-converted +spec: + selector: + app: api-server + ports: + - name: http + port: 8000 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: api-server + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`api.REPLACE_DOMAIN`) + services: + - name: api-server + port: 8000 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dozzle + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: dozzle + template: + metadata: + labels: + app: dozzle + spec: + containers: + - name: dozzle + image: amir20/dozzle:latest + ports: + - containerPort: 8080 + name: http + env: + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DOMAIN + volumeMounts: + - name: docker-sock + mountPath: /var/run/docker.sock + readOnly: true + volumes: + - name: docker-sock + hostPath: + path: /var/run/docker.sock + type: Socket + +--- + +apiVersion: v1 +kind: Service +metadata: + name: dozzle + namespace: swarm-converted +spec: + selector: + app: dozzle + ports: + - name: http + port: 8080 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: dozzle + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`log.REPLACE_DOMAIN`) + middlewares: + - name: admin-auth + services: + - name: dozzle + port: 8080 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio-common + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: minio-common + template: + metadata: + labels: + app: minio-common + spec: + containers: + - name: minio-common + image: minio/minio:latest + args: + - server + - /data + - --address + - :9000 + - --console-address + - :9001 + ports: + - containerPort: 9000 + name: api + - containerPort: 9001 + name: console + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: MINIO_ROOT_USER + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: MINIO_ROOT_PASSWORD + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DOMAIN + volumeMounts: + - name: minio-data + mountPath: /data + volumes: + - name: minio-data + persistentVolumeClaim: + claimName: minio-data + +--- + +apiVersion: v1 +kind: Service +metadata: + name: minio-common + namespace: swarm-converted +spec: + selector: + app: minio-common + ports: + - name: api + port: 9000 + targetPort: api + - name: console + port: 9001 + targetPort: console + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: minio-console + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`drive.REPLACE_DOMAIN`) || Host(`storage.REPLACE_DOMAIN`) + services: + - name: minio-common + port: 9001 + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: minio-api + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`minio.REPLACE_DOMAIN`) || Host(`s3.REPLACE_DOMAIN`) + services: + - name: minio-common + port: 9000 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: osrm-backend + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: osrm-backend + template: + metadata: + labels: + app: osrm-backend + spec: + containers: + - name: osrm-backend + image: furyhawk/osrm-backend:latest + ports: + - containerPort: 5000 + name: http + env: + - name: OSRM_ALGORITHM + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: OSRM_ALGORITHM + - name: OSRM_THREADS + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: OSRM_THREADS + - name: OSRM_PORT + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: OSRM_PORT + - name: OSRM_PROFILE + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: OSRM_PROFILE + - name: OSRM_MAP_NAME + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: OSRM_MAP_NAME + - name: OSRM_GEOFABRIK_PATH + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: OSRM_GEOFABRIK_PATH + - name: OSRM_NOTIFY_FILEPATH + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: OSRM_NOTIFY_FILEPATH + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DOMAIN + +--- + +apiVersion: v1 +kind: Service +metadata: + name: osrm-backend + namespace: swarm-converted +spec: + selector: + app: osrm-backend + ports: + - name: http + port: 5000 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: osrm-backend + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`osrm.REPLACE_DOMAIN`) + middlewares: + - name: rate-limit + services: + - name: osrm-backend + port: 5000 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres-db + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: postgres-db + template: + metadata: + labels: + app: postgres-db + spec: + containers: + - name: postgres-db + image: postgres:16 + command: + - postgres + - -c + - log_connections=on + ports: + - containerPort: 5432 + name: postgres + env: + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: POSTGRES_DB + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: POSTGRES_USER + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: POSTGRES_PASSWORD + - name: PGDATA + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: PGDATA + - name: LANG + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: LANG + - name: TZ + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: TZ + volumeMounts: + - name: postgres-data + mountPath: /var/lib/postgresql/data + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: postgres-data + +--- + +apiVersion: v1 +kind: Service +metadata: + name: postgres-db + namespace: swarm-converted +spec: + selector: + app: postgres-db + ports: + - name: postgres + port: 5432 + targetPort: postgres + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRouteTCP +metadata: + name: postgres-db + namespace: swarm-converted +spec: + entryPoints: + - postgres + routes: + - match: HostSNI(`*`) + services: + - name: postgres-db + port: 5432 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: whoami + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: whoami + template: + metadata: + labels: + app: whoami + spec: + containers: + - name: whoami + image: traefik/whoami + ports: + - containerPort: 80 + name: http + +--- + +apiVersion: v1 +kind: Service +metadata: + name: whoami + namespace: swarm-converted +spec: + selector: + app: whoami + ports: + - name: http + port: 80 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: whoami + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`whoami.REPLACE_DOMAIN`) + services: + - name: whoami + port: 80 diff --git a/cluster/swarm-converted/11-apps-stack.yaml b/cluster/swarm-converted/11-apps-stack.yaml new file mode 100644 index 0000000..e068603 --- /dev/null +++ b/cluster/swarm-converted/11-apps-stack.yaml @@ -0,0 +1,683 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: adminer + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: adminer + template: + metadata: + labels: + app: adminer + spec: + containers: + - name: adminer + image: adminer + ports: + - containerPort: 8080 + name: http + env: + - name: PGADMIN_DEFAULT_EMAIL + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: PGADMIN_DEFAULT_EMAIL + - name: PGADMIN_DEFAULT_PASSWORD + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: PGADMIN_DEFAULT_PASSWORD + - name: PATH + value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + - name: PYTHONPATH + value: /pgadmin4 + - name: TZ + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: TZ + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DOMAIN + - name: ADMINER_DESIGN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: ADMINER_DESIGN + volumeMounts: + - name: adminer-data + mountPath: /var/lib/pgadmin + volumes: + - name: adminer-data + persistentVolumeClaim: + claimName: adminer-data + +--- + +apiVersion: v1 +kind: Service +metadata: + name: adminer + namespace: swarm-converted +spec: + selector: + app: adminer + ports: + - name: http + port: 8080 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: adminer + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`adminer.REPLACE_DOMAIN`) || Host(`dbadmin.REPLACE_DOMAIN`) + services: + - name: adminer + port: 8080 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cheatsheets-app + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: cheatsheets-app + template: + metadata: + labels: + app: cheatsheets-app + spec: + containers: + - name: cheatsheets-app + image: furyhawk/cheatsheets:latest + ports: + - containerPort: 80 + name: http + +--- + +apiVersion: v1 +kind: Service +metadata: + name: cheatsheets-app + namespace: swarm-converted +spec: + selector: + app: cheatsheets-app + ports: + - name: http + port: 80 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: cheatsheets-app + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`cheat.REPLACE_DOMAIN`) + services: + - name: cheatsheets-app + port: 80 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: heynote-app + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: heynote-app + template: + metadata: + labels: + app: heynote-app + spec: + containers: + - name: heynote-app + image: furyhawk/heynote:latest + ports: + - containerPort: 5173 + name: http + env: + - name: NODE_ENV + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: NODE_ENV + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DOMAIN + +--- + +apiVersion: v1 +kind: Service +metadata: + name: heynote-app + namespace: swarm-converted +spec: + selector: + app: heynote-app + ports: + - name: http + port: 5173 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: heynote-app + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`note.REPLACE_DOMAIN`) || Host(`note0.REPLACE_DOMAIN`) || Host(`n.REPLACE_DOMAIN`) || Host(`pad.REPLACE_DOMAIN`) + services: + - name: heynote-app + port: 5173 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jellyfin + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: jellyfin + template: + metadata: + labels: + app: jellyfin + spec: + containers: + - name: jellyfin + image: jellyfin/jellyfin + ports: + - containerPort: 8096 + name: http + env: + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DOMAIN + - name: JELLYFIN_PublishedServerUrl + value: https://media.REPLACE_DOMAIN + volumeMounts: + - name: jellyfin-config + mountPath: /config + - name: jellyfin-cache + mountPath: /cache + - name: jellyfin-media + mountPath: /media + volumes: + - name: jellyfin-config + persistentVolumeClaim: + claimName: jellyfin-config + - name: jellyfin-cache + persistentVolumeClaim: + claimName: jellyfin-cache + - name: jellyfin-media + persistentVolumeClaim: + claimName: jellyfin-media + +--- + +apiVersion: v1 +kind: Service +metadata: + name: jellyfin + namespace: swarm-converted +spec: + selector: + app: jellyfin + ports: + - name: http + port: 8096 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: jellyfin + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`media.REPLACE_DOMAIN`) + services: + - name: jellyfin + port: 8096 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: meshtastic-web + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: meshtastic-web + template: + metadata: + labels: + app: meshtastic-web + spec: + containers: + - name: meshtastic-web + image: ghcr.io/meshtastic/web + ports: + - containerPort: 8080 + name: http + - containerPort: 8443 + name: https-alt + +--- + +apiVersion: v1 +kind: Service +metadata: + name: meshtastic-web + namespace: swarm-converted +spec: + selector: + app: meshtastic-web + ports: + - name: http + port: 8080 + targetPort: http + - name: https-alt + port: 8443 + targetPort: https-alt + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: meshtastic-web + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`mesh.REPLACE_DOMAIN`) + services: + - name: meshtastic-web + port: 8080 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: privatebin + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: privatebin + template: + metadata: + labels: + app: privatebin + spec: + containers: + - name: privatebin + image: privatebin/nginx-fpm-alpine:latest + ports: + - containerPort: 8080 + name: http + volumeMounts: + - name: privatebin-data + mountPath: /srv/data + volumes: + - name: privatebin-data + persistentVolumeClaim: + claimName: privatebin-data + +--- + +apiVersion: v1 +kind: Service +metadata: + name: privatebin + namespace: swarm-converted +spec: + selector: + app: privatebin + ports: + - name: http + port: 8080 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: privatebin + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`bin.REPLACE_DOMAIN`) || Host(`paste.REPLACE_DOMAIN`) + services: + - name: privatebin + port: 8080 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: streamlit-bai + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: streamlit-bai + template: + metadata: + labels: + app: streamlit-bai + spec: + containers: + - name: streamlit-bai + image: furyhawk/beyondallinfo:latest + command: + - sh + - -c + args: + - streamlit run --server.port=$STREAMLIT_BAI_SERVER_PORT --server.address=0.0.0.0 --server.baseUrlPath=$BAI_LOCATION src/app.py + ports: + - containerPort: 8502 + name: http + env: + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DOMAIN + - name: STREAMLIT_BAI_SERVER_PORT + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: STREAMLIT_BAI_SERVER_PORT + - name: BAI_LOCATION + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: BAI_LOCATION + - name: GROQ_API_KEY + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: GROQ_API_KEY + volumeMounts: + - name: bai-cache + mountPath: /app/cache + volumes: + - name: bai-cache + persistentVolumeClaim: + claimName: bai-cache + +--- + +apiVersion: v1 +kind: Service +metadata: + name: streamlit-bai + namespace: swarm-converted +spec: + selector: + app: streamlit-bai + ports: + - name: http + port: 8502 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: streamlit-bai + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`bai.REPLACE_DOMAIN`) + services: + - name: streamlit-bai + port: 8502 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: streamlit-fin + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: streamlit-fin + template: + metadata: + labels: + app: streamlit-fin + spec: + containers: + - name: streamlit-fin + image: furyhawk/llama3toolsfin:main + ports: + - containerPort: 8501 + name: http + env: + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: DOMAIN + - name: STREAMLIT_FIN_SERVER_PORT + valueFrom: + configMapKeyRef: + name: swarm-converted-config + key: STREAMLIT_FIN_SERVER_PORT + - name: GROQ_API_KEY + valueFrom: + secretKeyRef: + name: swarm-converted-secret + key: GROQ_API_KEY + +--- + +apiVersion: v1 +kind: Service +metadata: + name: streamlit-fin + namespace: swarm-converted +spec: + selector: + app: streamlit-fin + ports: + - name: http + port: 8501 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: streamlit-fin + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`fin.REPLACE_DOMAIN`) + services: + - name: streamlit-fin + port: 8501 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: site-server + namespace: swarm-converted +spec: + replicas: 1 + selector: + matchLabels: + app: site-server + template: + metadata: + labels: + app: site-server + spec: + containers: + - name: site-server + image: nginx:alpine + ports: + - containerPort: 80 + name: http + volumeMounts: + - name: site-content + mountPath: /usr/share/nginx/html + readOnly: true + volumes: + - name: site-content + persistentVolumeClaim: + claimName: site-content + +--- + +apiVersion: v1 +kind: Service +metadata: + name: site-server + namespace: swarm-converted +spec: + selector: + app: site-server + ports: + - name: http + port: 80 + targetPort: http + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: site-server + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`REPLACE_DOMAIN`) || Host(`www.REPLACE_DOMAIN`) || Host(`info.REPLACE_DOMAIN`) || Host(`124c41.REPLACE_DOMAIN`) + middlewares: + - name: no-www + services: + - name: site-server + port: 80 + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: resume-redirect + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`resume.REPLACE_DOMAIN`) + middlewares: + - name: redirect-resume + services: + - name: site-server + port: 80 + +--- + +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: blog-redirect + namespace: swarm-converted +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`blog.REPLACE_DOMAIN`) + middlewares: + - name: redirect-blog + services: + - name: site-server + port: 80 diff --git a/cluster/swarm-converted/README.md b/cluster/swarm-converted/README.md new file mode 100644 index 0000000..8bb333f --- /dev/null +++ b/cluster/swarm-converted/README.md @@ -0,0 +1,43 @@ +# Swarm To Kubernetes Conversion + +This directory contains a first-pass Kubernetes conversion of the main Swarm application stacks from: + +- `swarm/core.yml` +- `swarm/services.yml` +- `swarm/apps.yml` + +Scope and assumptions: + +- The conversion targets the core public-facing services, not every file under `swarm/`. +- Swarm-only constructs such as overlay networks, placement constraints, and `deploy.labels` were mapped into Kubernetes `Service`, `Deployment`, `PersistentVolumeClaim`, `IngressRoute`, and `Middleware` resources. +- Resource names use Kubernetes-safe hyphenated names where Swarm used underscores. +- Public routes keep Traefik semantics through Traefik CRDs, so the cluster must already have Traefik and its CRDs installed. +- `LOCALDOMAIN` routes were intentionally omitted. +- Persistent host paths from Swarm were converted to PVCs so the manifests are more portable. +- The Traefik Swarm deployment itself was not copied directly; this directory assumes a Kubernetes Traefik controller already exists. + +Before applying: + +1. Replace every `REPLACE_DOMAIN` placeholder. +2. Review `01-config.yaml` and set real secrets. +3. Review PVC sizing and storage classes in `03-storage.yaml`. +4. Confirm Traefik entry points `websecure` and `postgres` exist in the cluster. + +Suggested apply order: + +```bash +kubectl apply -f cluster/swarm-converted/00-namespace.yaml +kubectl apply -f cluster/swarm-converted/01-config.yaml +kubectl apply -f cluster/swarm-converted/02-traefik.yaml +kubectl apply -f cluster/swarm-converted/03-storage.yaml +kubectl apply -f cluster/swarm-converted/10-services-stack.yaml +kubectl apply -f cluster/swarm-converted/11-apps-stack.yaml +``` + +Useful checks: + +```bash +kubectl get all -n swarm-converted +kubectl get ingressroute,ingressroutetcp,middleware -n swarm-converted +kubectl describe pod -n swarm-converted +```