From 775746cd79b39630b92bd0cfa2126493fea97592 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sat, 13 Dec 2025 06:08:17 +0800 Subject: [PATCH] Feat: add vita --- flux-applications/vita.yaml | 18 +++++++++ vita/.sops.yaml | 4 ++ vita/deploy.backend.yaml | 78 +++++++++++++++++++++++++++++++++++++ vita/deploy.dcbot.yaml | 49 +++++++++++++++++++++++ vita/deploy.frontend.yaml | 22 +++++++++++ vita/ingress.yaml | 32 +++++++++++++++ vita/kustomization.yaml | 16 ++++++++ vita/namespace.yaml | 5 +++ vita/secret.backend.yaml | 41 +++++++++++++++++++ vita/secret.dcbot.yaml | 34 ++++++++++++++++ vita/svc.backend.yaml | 15 +++++++ vita/svc.frontend.yaml | 15 +++++++ 12 files changed, 329 insertions(+) create mode 100644 flux-applications/vita.yaml create mode 100644 vita/.sops.yaml create mode 100644 vita/deploy.backend.yaml create mode 100644 vita/deploy.dcbot.yaml create mode 100644 vita/deploy.frontend.yaml create mode 100644 vita/ingress.yaml create mode 100644 vita/kustomization.yaml create mode 100644 vita/namespace.yaml create mode 100644 vita/secret.backend.yaml create mode 100644 vita/secret.dcbot.yaml create mode 100644 vita/svc.backend.yaml create mode 100644 vita/svc.frontend.yaml diff --git a/flux-applications/vita.yaml b/flux-applications/vita.yaml new file mode 100644 index 0000000..279993b --- /dev/null +++ b/flux-applications/vita.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: vita + namespace: flux-system +spec: + interval: 10m0s + path: ./vita/ + prune: true + force: false + sourceRef: + kind: GitRepository + name: applications + decryption: + provider: sops + secretRef: + name: sops-gpg diff --git a/vita/.sops.yaml b/vita/.sops.yaml new file mode 100644 index 0000000..2fc872c --- /dev/null +++ b/vita/.sops.yaml @@ -0,0 +1,4 @@ +creation_rules: + - path_regex: '.*.yaml' + encrypted_regex: '^(data|stringData)$' + pgp: A638A6B54530D54E868F9D3238736C662F799E0D diff --git a/vita/deploy.backend.yaml b/vita/deploy.backend.yaml new file mode 100644 index 0000000..2a6529f --- /dev/null +++ b/vita/deploy.backend.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vita-backend + labels: + app: vita-backend +spec: + replicas: 1 + selector: + matchLabels: + app: vita-backend + template: + metadata: + labels: + app: vita-backend + spec: + containers: + - name: backend + image: gitea.konchin.com/go2025/backend:main + env: + - name: EXTERNAL_URL + valueFrom: + configMapKeyRef: + name: vita-backend-config + key: EXTERNAL_URL + - name: PRESHARED_KEY + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: PRESHARED_KEY + - name: ACCESS_TOKEN_SECRET + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: ACCESS_TOKEN_SECRET + - name: REFRESH_TOKEN_SECRET + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: REFRESH_TOKEN_SECRET + - name: PG_CONNECTION_STRING + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: PG_CONNECTION_STRING + - name: MINIO_HOST + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: MINIO_HOST + - name: MINIO_BUCKET + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: MINIO_BUCKET + - name: MINIO_ACCESSKEY + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: MINIO_ACCESSKEY + - name: MINIO_SECRETKEY + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: MINIO_SECRETKEY + - name: MINIO_USESSL + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: MINIO_USESSL + - name: UPTRACE_DSN + valueFrom: + secretKeyRef: + name: vita-backend-secret + key: UPTRACE_DSN + imagePullSecrets: + - name: regcred diff --git a/vita/deploy.dcbot.yaml b/vita/deploy.dcbot.yaml new file mode 100644 index 0000000..10a567c --- /dev/null +++ b/vita/deploy.dcbot.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vita-dcbot + labels: + app: vita-dcbot +spec: + replicas: 0 + selector: + matchLabels: + app: vita-dcbot + template: + metadata: + labels: + app: vita-dcbot + spec: + containers: + - name: dcbot + image: gitea.konchin.com/go2025/backend:main + args: ["dcbot"] + env: + - name: PRESHARED_KEY + valueFrom: + secretKeyRef: + name: vita-dcbot-secret + key: PRESHARED_KEY + - name: DISCORD_BOT_TOKEN + valueFrom: + secretKeyRef: + name: vita-dcbot-secret + key: DISCORD_BOT_TOKEN + - name: API_ENDPOINT + valueFrom: + configMapKeyRef: + name: vita-dcbot-config + key: API_ENDPOINT + - name: EXTERNAL_URL + valueFrom: + configMapKeyRef: + name: vita-dcbot-config + key: EXTERNAL_URL + - name: UPTRACE_DSN + valueFrom: + secretKeyRef: + name: vita-dcbot-secret + key: UPTRACE_DSN + imagePullSecrets: + - name: regcred diff --git a/vita/deploy.frontend.yaml b/vita/deploy.frontend.yaml new file mode 100644 index 0000000..4893836 --- /dev/null +++ b/vita/deploy.frontend.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vita-frontend + labels: + app: vita-frontend +spec: + replicas: 1 + selector: + matchLabels: + app: vita-frontend + template: + metadata: + labels: + app: vita-frontend + spec: + containers: + - name: frontend + image: gitea.konchin.com/go2025/frontend:main + imagePullSecrets: + - name: regcred diff --git a/vita/ingress.yaml b/vita/ingress.yaml new file mode 100644 index 0000000..dcde526 --- /dev/null +++ b/vita/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vita-ing +spec: + ingressClassName: traefik-prod + rules: + - host: "go2025.konchin.com" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: frontend + port: + number: 80 + - path: /api + pathType: Prefix + backend: + service: + name: backend + port: + number: 8080 + - path: /img + pathType: Prefix + backend: + service: + name: backend + port: + number: 8080 diff --git a/vita/kustomization.yaml b/vita/kustomization.yaml new file mode 100644 index 0000000..d804142 --- /dev/null +++ b/vita/kustomization.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: vita +generatorOptions: + disableNameSuffixHash: true +resources: + - namespace.yaml + - deploy.backend.yaml + - deploy.dcbot.yaml + - deploy.frontend.yaml + - svc.backend.yaml + - svc.frontend.yaml + - secret.backend.yaml + - secret.dcbot.yaml + - ingress.yaml diff --git a/vita/namespace.yaml b/vita/namespace.yaml new file mode 100644 index 0000000..6520834 --- /dev/null +++ b/vita/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: vita diff --git a/vita/secret.backend.yaml b/vita/secret.backend.yaml new file mode 100644 index 0000000..e24a053 --- /dev/null +++ b/vita/secret.backend.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vita-backend-secret +data: + ACCESS_TOKEN_SECRET: ENC[AES256_GCM,data:AzbuPVOw0m9tSRSXz4XMjLS44lVWw2fUJ2C8lJy/4F/nYIupxUhA/E/V/jo=,iv:t7ZjphPvciUokGzGoLJNBIntkrbHqIz2mVOFOLdvo5M=,tag:DlMB8J2Gnj6ecoaL4l86bQ==,type:str] + MINIO_ACCESSKEY: ENC[AES256_GCM,data:edouSYxiYx8=,iv:EMjrSpho9/zLcdBQXKKDRBdsQgnhbt6aiLTR1mXqHDk=,tag:6jHg6l3P0xej4TJaOJwCAw==,type:str] + MINIO_BUCKET: ENC[AES256_GCM,data:U15ZwRY/X4E=,iv:kliQ9Pi8Q8gdLRN9ErJtCOQDyFWzhcj7kUpq/ow1Nzw=,tag:OfgxDRPBPY5Nj9qOI2BSyg==,type:str] + MINIO_HOST: ENC[AES256_GCM,data:shDzkYcwTpoY4JANjeJSgg==,iv:KITDxKAI3jou3ThlMqgEf5VSf6/L4nb2FVxYHQdpvP4=,tag:SXW2oVG0Co/DTUAy1afknQ==,type:str] + MINIO_SECRETKEY: ENC[AES256_GCM,data:G7BvBrNDNPoiaTM8YnbnXQ==,iv:rrjumyerkK8lyKuIlkh5MIwiFhf42BN30CeV5L4cLsU=,tag:WdZDBNqizJrErjc+cryimQ==,type:str] + MINIO_USESSL: ENC[AES256_GCM,data:3su0xKmAs6c=,iv:tmRBYpx7GTmZvnqJ4yaN+R6uYa3l0E/Wpw4RCu45eRw=,tag:rdAakCwXYwnKCXSJbjrqcQ==,type:str] + PG_CONNECTION_STRING: ENC[AES256_GCM,data:arA7VJa0RA+C4wiQi3HkCqyOJCS50RG9226cFc8pgLMeihWO1hPyb8cVXPHHUbWGdxLZSTEgPa/KD//jnIzCrSgO+cmcQ5AxSl289UsAGN9ltohN,iv:xxGL3NUil1kSvedpaQa5aQAQ8x11rYsGmDofNv+xcHE=,tag:buk6KASKEf0QSjm0f8amWw==,type:str] + PRESHARED_KEY: ENC[AES256_GCM,data:LeV4tOohVKoY1zshqpB6hvPkeK5JyD8BrbXhtK/rsYheGOM9Z3AGiispLls=,iv:w2BQG0ziTju6VjpWKoVp2xkpikKuAfeZF7Kn8Fq+TSc=,tag:NSVWuRogU0uaaNGvU7buVg==,type:str] + REFRESH_TOKEN_SECRET: ENC[AES256_GCM,data:O2FbIOMYlXMZ6IfW0kbkrL/zzAmj49Sue+NnxdlDYqmRb6u/Qo9rMlRyIWA=,iv:BbFgPC7OSPEDPZFadkUOioXeFWQ7Gj1RniM3gnTTcpA=,tag:4SPYqY62f41uhYzoTbgSnA==,type:str] + UPTRACE_DSN: ENC[AES256_GCM,data:v8KjY6GN5BcR8WneDrtXIkx24iZ0OHwY9lqm6NtehwYvn+Ns3GtoFnyEWcO25+vKIu4Bwg==,iv:Llz5ThtgKRTykSijvS36Lmb8objW8RBIB6i/8++zC8g=,tag:q3MfPne1w8Pa/A+RFBrpLw==,type:str] +sops: + lastmodified: "2025-12-12T21:59:00Z" + mac: ENC[AES256_GCM,data:7+hsQ6aqHjnB4ibAyyC3ayzyNYLZSudHXMq+t5wsbx+hBd3LFVWEzeTU7ZjLhFM7gct+JIYTrAsIIt2nS8XbuuGSJQYLnX7wodQXYE5pycBl6k6MA9jrCcWXzTG73FIeUB6gk20P0QvbiIfVdhW7I5ZUIZwWtDz4q6WSxQESAs8=,iv:wI9S1gF6WXzCNxj9zRF/ZXMtcVrYrKA7OiWQRKfk5bA=,tag:kblVlbpMlTEuioAppiyzsA==,type:str] + pgp: + - created_at: "2025-12-12T21:59:00Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA+nT7MSlwYOAAQ//e7yyIiW2wIWLrblsXGXRXXt9BcuDpKkngHioce8Q/RZw + Kbp0IgN+cLBWuoySIUCaotzKC/IvqxcZsxTj+EifSSygpYVAr7zmbzUKercWdqM8 + M1kzO0o0JiYeDIYCkgheXuNM3WSa8O2lmbpEs/44Do6pTDlqJHnSIs8Iwm0q7a8Z + 0GmHRhHhQgVzXeO2LHjUOipD69H5jEUndPQBXxd5vftBoRqhYVMeLRsmL1PZ8/K/ + YE3ST0opS1yFGxCm4FZTj8B+2F7aHXQi4wbsev4FAN7RlsQGCjWF2gPGZm20aEcl + tccVolOmPFABcdNvgX9S3n11Gj2drb++6v1bscWiTrUDqUIQVAeEtKQzOWtxezqt + rEc8zFJ96vEOrVC6vrPgLc/4/n5O+8+5/LfqlIvOuWxp0QVVM0U8bMivXOD3oC6N + 8c91agFFNLXh6dWzIRrVcnsdW09sdLtXYtiPLRwvY8+yBplDHRYla1c1ps9cIP5Y + omYgQs++qNIzmoPsR5LEF+3do4RY97umR7yHBgBgQODmFERuAxOKNIpiY4JldLjf + wjy/bE28WfjBAJs0NA/yxxcA11IxRPLWRHwgCnJ6KemtwA5X8V06nXpjZE25n19C + IiBg3Xh1xsM6T6VHQL6Cmpj9iMDA4r2ew4Rlml7v6/dUxa+T7zSkmasN3Z2l2sfS + XgGtvlRlPlF7GZqyM/1/Qv9hLvvzZUu6LA4jiT+FVBL6nZa29sSIboX0oB5Jphv8 + lejwbL5wdG7fsWB2tz5OlGqJ0G+6+uypKY8LknZFyeVnhlnBj+3EoAxKYAu0MH4= + =0Uby + -----END PGP MESSAGE----- + fp: A638A6B54530D54E868F9D3238736C662F799E0D + encrypted_regex: ^(data|stringData)$ + version: 3.11.0 diff --git a/vita/secret.dcbot.yaml b/vita/secret.dcbot.yaml new file mode 100644 index 0000000..c61f959 --- /dev/null +++ b/vita/secret.dcbot.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vita-dcbot-secret +data: + DISCORD_BOT_TOKEN: ENC[AES256_GCM,data:CdUSDQ4hasVJjRBuzdbaTa+/+vtVI/6N9xcRCv3cRiJ1Kpmpbm0A0G+IakMZgwGgRjJo7HStlNIG60J8UH3KowWdbJ6EtdVDWvLnk5RbeaN7aaJ+qyg9AqLgjd4hdGHQ,iv:nyI2BCOjdw5pJqqOOmnZ2XQUh6YiyzW/PjkhJI7yOfo=,tag:iwJR5OJ2L73YldjE1ZdJ9g==,type:str] + PRESHARED_KEY: ENC[AES256_GCM,data:BhSl2XJtMePP9JcyyYD5rzjRMrcCyTizwcnBBbUwZV1zPSk+xSx1DJru7wc=,iv:1Q2rDQA2iz20fNWqH5RhmGEit8zdgTvxFaNJBtvlcME=,tag:R9g4rDOKATp6XR9Y1rNALQ==,type:str] + UPTRACE_DSN: ENC[AES256_GCM,data:xxcp4Wg9II2+JjIggJoHy8IqbaJHUXB7M2d3SLreCz5tk6QaUnKLJTP50uApACYHyewePA==,iv:yjg75Us6e7hC1P8b0CyNy3QSXHEf4cO/ewoXKyf8jBg=,tag:OKbiDTlUwUEFQuBP3QXpQQ==,type:str] +sops: + lastmodified: "2025-12-12T21:29:43Z" + mac: ENC[AES256_GCM,data:pNpvE5qE11kE4egHc1M4227GjoQJn4gYPqQ60IUOSDDe4ZRjWkJomdmlyTdZSPudCLmF7vm0IJVk9RDtYd44SsuxiK0OXmtrAFeUi99qV0LMqj23hUrTDwZ0BPn62mXDtR0o4BcL/dXbWdwVRCN5zn1RxfxOQ+DqXmHxxfj6BMo=,iv:wq7+3CzCAWSA7P7YbvNb9HMDjF0SWc95XlHL6IfuO7g=,tag:esmiKuNuAU4Rj/zZS5wGgQ==,type:str] + pgp: + - created_at: "2025-12-12T21:29:43Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA+nT7MSlwYOAAQ/7BY8sLcBdS2QXJ2KrrXpTH7cpU6PIiVZ3JfZGKRt2y8aA + SNusppniCFST0cTTisx1ti266hRxIpOUUB6qv0956w6yCl57V7/icfxvSKsaHjnK + SYoWpDUifavztmwEGKmmhZg0WYlaDpohx3UTDwsN1KwFc3a7/Sd6aQZOEtm/ZH7w + 0DBfxQF8i+T1P90X+bVUwKiAC3AZo9/0F9P4uWFVJZ3nBP8dYLyJicR0ulvW/nZi + 3ksrboBzS1kDWadn+yZGuzn3jbb/6W0XDCuw+gsD1bF1b/S+3WJZ+4pVJ6kMezpO + jmUahhaaPSbxuwf+0/D/oaIPyKJLHYlVsETab65/Jd9dzdFjk/+H3ZpuvQiCZBTD + KzoW7qqDRckQkAgho1bpc5l77m9w1kA48ewknYbfsg//mJGv/N7NayWQ05FV/ZmP + LKdu4YuCYg1UEngZv7z9sp0BAxYkEQ7G36ZK32CXt1PsHKSsoU7aK3JWrEShDL1d + S8GvIPybRORPsCWt3IcUZpZZmMJWUCU+5st+9lfUa0kPfPrQTCTD5XNQaoHF6/Aj + oDFoNu/MLzPMefODZDHOTfA1zbIWXD+TFEJTVHi83CJX8DrqheZGEJ3GbdDlM+VL + Yy583/C6JZy0SFwuLltnJZUGSQZKAOKYbpEpmgy/9MCqbnWS0ASOyVT4z2/124/S + XgEfgLAVDfCMstoWOHHbxA6AveUsa4+1qbG9JRRHEHHalKI8bJoWXQjI2+FG6ttn + +Qz2CbZtUCfXeLHtr+b5OGoP+YB6W+jvEtbU+nbCgv3Tg5AXHWQNhkFyEhCx4oY= + =TlgG + -----END PGP MESSAGE----- + fp: A638A6B54530D54E868F9D3238736C662F799E0D + encrypted_regex: ^(data|stringData)$ + version: 3.11.0 diff --git a/vita/svc.backend.yaml b/vita/svc.backend.yaml new file mode 100644 index 0000000..6c1189b --- /dev/null +++ b/vita/svc.backend.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: vita-backend + labels: + app: vita-backend +spec: + type: ClusterIP + selector: + app: vita-backend + ports: + - name: http + port: 8080 + targetPort: 8080 diff --git a/vita/svc.frontend.yaml b/vita/svc.frontend.yaml new file mode 100644 index 0000000..9ced9d9 --- /dev/null +++ b/vita/svc.frontend.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: vita-frontend + labels: + app: vita-frontend +spec: + type: ClusterIP + selector: + app: vita-frontend + ports: + - name: http + port: 80 + targetPort: 80