diff --git a/tandoor-system/recipe-importer.yaml b/tandoor-system/recipe-importer.yaml new file mode 100644 index 0000000..400ec74 --- /dev/null +++ b/tandoor-system/recipe-importer.yaml @@ -0,0 +1,158 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: recipe-importer + app.kubernetes.io/name: recipe-importer + name: recipe-importer + namespace: tandoor-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: recipe-importer + app.kubernetes.io/name: recipe-importer + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: recipe-importer + app.kubernetes.io/name: recipe-importer + spec: + containers: + - name: recipe-importer + image: gitea.dooplex.hu/admin/recipe-importer:latest + imagePullPolicy: Always + env: + - name: TZ + value: Europe/Budapest + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: recipe-importer-app + key: secret-key + - name: TANDOOR_INTERNAL_URL + value: http://tandoor.tandoor-system.svc.cluster.local:8080 + - name: TANDOOR_URL + value: https://tandoor.dooplex.hu + - name: TANDOOR_API_KEY + valueFrom: + secretKeyRef: + name: recipe-importer-app + key: tandoor-api-key + - name: MEALIE_URL + value: https://mealie.dooplex.hu + - name: MEALIE_API_KEY + valueFrom: + secretKeyRef: + name: recipe-importer-app + key: mealie-api-key + ports: + - containerPort: 8000 + name: http + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 15 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /health + port: http + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 50m + memory: 64Mi + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: recipe-importer-data +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: recipe-importer + app.kubernetes.io/name: recipe-importer + name: recipe-importer + namespace: tandoor-system +spec: + type: ClusterIP + ports: + - name: http + port: 8000 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: recipe-importer + app.kubernetes.io/name: recipe-importer +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: rimp.dooplex.hu + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { + return 403 "Access restricted to Hungary"; + } + labels: + app.kubernetes.io/instance: recipe-importer + app.kubernetes.io/name: recipe-importer + name: recipe-importer + namespace: tandoor-system +spec: + ingressClassName: nginx-internal + rules: + - host: rimp.dooplex.hu + http: + paths: + - backend: + service: + name: recipe-importer + port: + number: 8000 + path: / + pathType: Prefix + tls: + - hosts: + - rimp.dooplex.hu + secretName: recipe-importer-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/instance: recipe-importer + app.kubernetes.io/name: recipe-importer + name: recipe-importer-data + namespace: tandoor-system +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 128Mi + storageClassName: longhorn