285 lines
No EOL
5.8 KiB
YAML
285 lines
No EOL
5.8 KiB
YAML
# ======================================================
|
|
# TANDOOR RECIPES - PRODUCTION (PINNED TO MIST)
|
|
# ======================================================
|
|
|
|
# -------------------------
|
|
# POSTGRES PV
|
|
# -------------------------
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: tandoor-postgres-pv
|
|
spec:
|
|
capacity:
|
|
storage: 2Gi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: tandoor-local-storage
|
|
persistentVolumeReclaimPolicy: Retain
|
|
local:
|
|
path: /home/kimjunte/k8s_storage/tandoor/postgres
|
|
nodeAffinity:
|
|
required:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/hostname
|
|
operator: In
|
|
values:
|
|
- mist
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: tandoor-postgres-pvc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: tandoor-local-storage
|
|
resources:
|
|
requests:
|
|
storage: 2Gi
|
|
|
|
# -------------------------
|
|
# MEDIA PV
|
|
# -------------------------
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: tandoor-media-pv
|
|
spec:
|
|
capacity:
|
|
storage: 5Gi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: tandoor-local-storage
|
|
persistentVolumeReclaimPolicy: Retain
|
|
local:
|
|
path: /home/kimjunte/k8s_storage/tandoor/media
|
|
nodeAffinity:
|
|
required:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/hostname
|
|
operator: In
|
|
values:
|
|
- mist
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: tandoor-media-pvc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: tandoor-local-storage
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|
|
|
|
# -------------------------
|
|
# POSTGRES
|
|
# -------------------------
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: tandoor-postgres
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: tandoor-postgres
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: tandoor-postgres
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: mist
|
|
containers:
|
|
- name: postgres
|
|
image: postgres:15-alpine
|
|
env:
|
|
- name: POSTGRES_USER
|
|
value: tandoor
|
|
- name: POSTGRES_PASSWORD
|
|
value: tandoorpassword
|
|
- name: POSTGRES_DB
|
|
value: tandoor
|
|
- name: SITE_URL
|
|
value: https://mealcraft.com
|
|
- name: ALLOWED_HOSTS
|
|
value: mealcraft.com
|
|
- name: CSRF_TRUSTED_ORIGINS
|
|
value: https://mealcraft.com
|
|
- name: NGINX_PROXY
|
|
value: "1"
|
|
- name: DEBUG
|
|
value: "1"
|
|
- name: SECURE_PROXY_SSL_HEADER
|
|
value: HTTP_X_FORWARDED_PROTO,https
|
|
volumeMounts:
|
|
- mountPath: /var/lib/postgresql/data
|
|
name: postgres-storage
|
|
volumes:
|
|
- name: postgres-storage
|
|
persistentVolumeClaim:
|
|
claimName: tandoor-postgres-pvc
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: tandoor-postgres
|
|
spec:
|
|
selector:
|
|
app: tandoor-postgres
|
|
ports:
|
|
- port: 5432
|
|
|
|
# -------------------------
|
|
# REDIS
|
|
# -------------------------
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: tandoor-redis
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: tandoor-redis
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: tandoor-redis
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: mist
|
|
containers:
|
|
- name: redis
|
|
image: redis:7-alpine
|
|
ports:
|
|
- containerPort: 6379
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: tandoor-redis
|
|
spec:
|
|
selector:
|
|
app: tandoor-redis
|
|
ports:
|
|
- port: 6379
|
|
|
|
# -------------------------
|
|
# TANDOOR APP
|
|
# -------------------------
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: tandoor
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: tandoor
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: tandoor
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: mist
|
|
|
|
enableServiceLinks: false # 🔥 CRITICAL FIX
|
|
|
|
containers:
|
|
- name: tandoor
|
|
image: vabene1111/recipes:1.5.24
|
|
|
|
env:
|
|
- name: SECRET_KEY
|
|
value: replace-with-long-random-string
|
|
|
|
- name: DB_ENGINE
|
|
value: django.db.backends.postgresql
|
|
- name: GUNICORN_MEDIA
|
|
value: "1"
|
|
- name: POSTGRES_HOST
|
|
value: tandoor-postgres
|
|
- name: POSTGRES_PORT
|
|
value: "5432"
|
|
- name: POSTGRES_DB
|
|
value: tandoor
|
|
- name: POSTGRES_USER
|
|
value: tandoor
|
|
- name: POSTGRES_PASSWORD
|
|
value: tandoorpassword
|
|
|
|
- name: REDIS_URL
|
|
value: redis://tandoor-redis:6379/0
|
|
|
|
- name: ALLOWED_HOSTS
|
|
value: mealcraft.com
|
|
|
|
- name: CSRF_TRUSTED_ORIGINS
|
|
value: https://mealcraft.com
|
|
|
|
- name: NGINX_PROXY
|
|
value: "1"
|
|
|
|
- name: DEBUG
|
|
value: "0"
|
|
|
|
ports:
|
|
- containerPort: 8080
|
|
|
|
volumeMounts:
|
|
- name: media-storage
|
|
mountPath: /opt/recipes/mediafiles
|
|
|
|
volumes:
|
|
- name: media-storage
|
|
persistentVolumeClaim:
|
|
claimName: tandoor-media-pvc
|
|
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: tandoor
|
|
spec:
|
|
selector:
|
|
app: tandoor
|
|
ports:
|
|
- port: 80
|
|
targetPort: 8080
|
|
|
|
# -------------------------
|
|
# TRAEFIK INGRESS
|
|
# -------------------------
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: tandoor-ingress
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`mealcraft.com`)
|
|
kind: Rule
|
|
services:
|
|
- name: tandoor
|
|
port: 80
|
|
passHostHeader: true
|
|
tls:
|
|
certResolver: myresolver |