RedXen/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add seedbox data serving endpoints

Browse Source
This commit is contained in:
Alex D. 2025-04-04 09:04:50 +00:00
parent 0a3b05c558
commit b5612dcead
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
9 changed files with 236 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
redxen/seedbox/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rsync/
- nginx/
- persistentvolume.yml
- persistentvolumeclaim.yml

74
redxen/seedbox/nginx/deployment.yml Normal file
View File

@ -0,0 +1,74 @@
# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/deployment-apps-v1.json
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: redxen
labels:
app: seedbox-nginx
name: seedbox-nginx-dp
spec:
replicas: 1
selector:
matchLabels:
app: seedbox-nginx
template:
metadata:
namespace: redxen
labels:
app: seedbox-nginx
spec:
hostUsers: false
securityContext:
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
initContainers:
- name: volume-permissions
image: busybox
command: ["chown", "-c", "10000:10000", "/run/nginx"]
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop: ["SETPCAP", "MKNOD", "AUDIT_WRITE", "NET_RAW", "DAC_OVERRIDE", "FOWNER", "FSETID", "KILL", "SETGID", "SETUID", "NET_BIND_SERVICE", "SYS_CHROOT", "SETFCAP"]
runAsUser: 0
runAsNonRoot: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
volumeMounts:
- name: tmpfs-run
mountPath: /run/nginx
containers:
- name: seedbox-nginx
image: redxen.eu/daemons/nginx/seedbox:latest
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop: ["ALL"]
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
volumeMounts:
- name: seedbox-data
mountPath: /var/data
readOnly: true
- name: tmpfs-run
mountPath: /run/nginx
ports:
- containerPort: 80
livenessProbe:
httpGet:
port: 80
httpHeaders:
- name: "Host"
value: "sd.redxen.eu"
path: /
volumes:
- name: seedbox-data
persistentVolumeClaim:
claimName: seedbox-data-pvc
readOnly: true
- name: tmpfs-run
emptyDir:
medium: Memory
sizeLimit: 2Mi

5
redxen/seedbox/nginx/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yml
- service.yml

16
redxen/seedbox/nginx/service.yml Normal file
View File

@ -0,0 +1,16 @@
# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/service-v1.json
kind: Service
apiVersion: v1
metadata:
namespace: redxen
labels:
app: seedbox-nginx
name: seedbox-nginx-sv
spec:
selector:
app: seedbox-nginx
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP

28
redxen/seedbox/persistentvolume.yml Normal file
View File

@ -0,0 +1,28 @@
# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/persistentvolume-v1.json
kind: PersistentVolume
apiVersion: v1
metadata:
namespace: redxen
name: seedbox-data-pv
spec:
storageClassName: local-storage
claimRef:
namespace: redxen
name: seedbox-data-pvc
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
#persistentVolumeReclaimPolicy: Retain
hostPath:
path: /var/lib/seedbox
type: DirectoryOrCreate
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- bournemouth.united-kingdom

15
redxen/seedbox/persistentvolumeclaim.yml Normal file
View File

@ -0,0 +1,15 @@
# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/persistentvolumeclaim-v1.json
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
namespace: redxen
name: seedbox-data-pvc
spec:
volumeName: seedbox-data-pv
storageClassName: local-storage
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

70
redxen/seedbox/rsync/deployment.yml Normal file
View File

@ -0,0 +1,70 @@
# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/deployment-apps-v1.json
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: redxen
labels:
app: seedbox-rsync
name: seedbox-rsync-dp
spec:
selector:
matchLabels:
app: seedbox-rsync
replicas: 1
template:
metadata:
namespace: redxen
labels:
app: seedbox-rsync
spec:
hostUsers: false
securityContext:
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
initContainers:
- name: volume-permissions
image: busybox
command: ["chown", "-c", "10000:10000", "/var/run"]
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop: ["SETPCAP", "MKNOD", "AUDIT_WRITE", "NET_RAW", "DAC_OVERRIDE", "FOWNER", "FSETID", "KILL", "SETGID", "SETUID", "NET_BIND_SERVICE", "SYS_CHROOT", "SETFCAP"]
runAsUser: 0
runAsNonRoot: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
volumeMounts:
- name: tmpfs-run
mountPath: /var/run
containers:
- name: seedbox-rsync
image: redxen.eu/daemons/rsync/seedbox:latest
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop: ["ALL"]
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
volumeMounts:
- name: seedbox-data
mountPath: /var/data
readOnly: true
- name: tmpfs-run
mountPath: /var/run
ports:
- containerPort: 8874
livenessProbe:
tcpSocket:
port: 8874
volumes:
- name: seedbox-data
persistentVolumeClaim:
claimName: seedbox-data-pvc
readOnly: true
- name: tmpfs-run
emptyDir:
medium: Memory
sizeLimit: 2Mi

5
redxen/seedbox/rsync/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yml
- service.yml

16
redxen/seedbox/rsync/service.yml Normal file
View File

@ -0,0 +1,16 @@
# yaml-language-server: $schema=https://kubernetesjsonschema.dev/master/service-v1.json
kind: Service
apiVersion: v1
metadata:
namespace: redxen
labels:
app: seedbox-rsync
name: seedbox-rsync-sv
spec:
selector:
app: seedbox-rsync
type: ClusterIP
ports:
- name: rsync
port: 8874
protocol: TCP