admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fix/immich-postgres-rollback
homelab-manifests/tandoor-system/tandoor.yaml
T
Renovate Bot 35710fe5ea
renovate/stability-days Updates have met minimum release age requirement
Details
Update vabene1111/recipes Docker tag to v2.6
2026-06-06 07:52:16 +00:00

283 lines
8.9 KiB
YAML
Raw Permalink Blame History

---
apiVersion: v1
kind: Namespace
metadata:
name: tandoor-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: tandoor
app.kubernetes.io/name: tandoor
app.kubernetes.io/version: "2.5"
name: tandoor
namespace: tandoor-system
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: tandoor
app.kubernetes.io/name: tandoor
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: tandoor
app.kubernetes.io/name: tandoor
app.kubernetes.io/version: "2.5"
spec:
initContainers:
- name: create-superuser
image: vabene1111/recipes:2.6
workingDir: /opt/recipes
command:
- /bin/sh
- -c
- |
. /opt/recipes/venv/bin/activate
echo "Waiting for database..."
while ! python -c "import socket; socket.create_connection(('postgresql-rw.database-system.svc.cluster.local', 5432), timeout=5)" 2>/dev/null; do
sleep 2
done
echo "Database is ready. Running migrations..."
python manage.py migrate --noinput
echo "Collecting static files..."
python manage.py collectstatic --noinput
echo "Creating superuser if not exists..."
python manage.py shell -c "
from django.contrib.auth import get_user_model
User = get_user_model()
import os
username = os.environ.get('DJANGO_SUPERUSER_USERNAME', 'admin')
if not User.objects.filter(username=username).exists():
User.objects.create_superuser(
username=username,
email=os.environ.get('DJANGO_SUPERUSER_EMAIL', ''),
password=os.environ.get('DJANGO_SUPERUSER_PASSWORD', 'admin')
)
print(f'Superuser {username} created successfully')
else:
print(f'Superuser {username} already exists')
"
volumeMounts:
- name: staticfiles
mountPath: /opt/recipes/staticfiles
env:
- name: DB_ENGINE
value: django.db.backends.postgresql
# Database - using shared PostgreSQL in database-system namespace
- name: POSTGRES_HOST
value: postgresql-rw.database-system.svc.cluster.local
- name: POSTGRES_PORT
value: "5432"
- name: POSTGRES_DB
value: tandoor
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: tandoor-db
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: tandoor-db
key: password
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: tandoor-app
key: secret-key
- name: DJANGO_SUPERUSER_USERNAME
valueFrom:
secretKeyRef:
name: tandoor-admin
key: username
- name: DJANGO_SUPERUSER_PASSWORD
valueFrom:
secretKeyRef:
name: tandoor-admin
key: password
- name: DJANGO_SUPERUSER_EMAIL
valueFrom:
secretKeyRef:
name: tandoor-admin
key: email
containers:
- name: tandoor
image: vabene1111/recipes:2.6
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Europe/Budapest
- name: DEBUG
value: "0"
- name: ALLOWED_HOSTS
value: "*"
- name: CSRF_TRUSTED_ORIGINS
value: "https://tandoor.dooplex.hu,https://tandoor.home"
- name: SECURE_PROXY_SSL_HEADER
value: "HTTP_X_FORWARDED_PROTO,https"
- name: DB_ENGINE
value: django.db.backends.postgresql
# Database - using shared PostgreSQL in database-system namespace
- name: POSTGRES_HOST
value: postgresql-rw.database-system.svc.cluster.local
- name: POSTGRES_PORT
value: "5432"
- name: POSTGRES_DB
value: tandoor
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: tandoor-db
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: tandoor-db
key: password
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: tandoor-app
key: secret-key
- name: GUNICORN_MEDIA
value: "1"
- name: ENABLE_SIGNUP
value: "0"
- name: ENABLE_METRICS
value: "1"
- name: TANDOOR_PORT
value: "8080"
- name: SOCIAL_PROVIDERS
value: "allauth.socialaccount.providers.openid_connect"
- name: SOCIALACCOUNT_PROVIDERS
value: '{"openid_connect":{"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"y7Mv9stcPZYAGz5QQyzFO9KBFjXHG6OWhLNWPMHL","secret":"tSbRKbfnUigzibKaJpAAwJoF8JLXazssydS6WLoAGCD3hGqZ3ceK5SUvSAEcncQCImZaMmsepO3zwfgIO3huA4GRCHS5NzLGm0L2Ifz60PGKW0htr54u12pWOUBJc6dG","settings":{"server_url":"https://authentik.dooplex.hu/application/o/tandoor/.well-known/openid-configuration"}}]}}'
ports:
- containerPort: 8080
name: http
protocol: TCP
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 5
readinessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- name: staticfiles
mountPath: /opt/recipes/staticfiles
- name: mediafiles
mountPath: /opt/recipes/mediafiles
volumes:
- name: staticfiles
persistentVolumeClaim:
claimName: tandoor-staticfiles
- name: mediafiles
hostPath:
path: /mnt/4_hdd/data/tandoor/mediafiles
type: DirectoryOrCreate
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: tandoor
app.kubernetes.io/name: tandoor
app.kubernetes.io/version: "2.5"
name: tandoor
namespace: tandoor-system
spec:
type: ClusterIP
ports:
- name: http
port: 8080
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/instance: tandoor
app.kubernetes.io/name: tandoor
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: tandoor.dooplex.hu,tandoor.home
nginx.ingress.kubernetes.io/proxy-body-size: 128m
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
set $geo_allowed 0;
if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
if ($geo_allowed = 0) {
return 403 "Access restricted to Hungary";
}
labels:
app.kubernetes.io/instance: tandoor
app.kubernetes.io/name: tandoor
name: tandoor
namespace: tandoor-system
spec:
ingressClassName: nginx-internal
rules:
- host: tandoor.dooplex.hu
http:
paths:
- backend:
service:
name: tandoor
port:
number: 8080
path: /
pathType: Prefix
- host: tandoor.home
http:
paths:
- backend:
service:
name: tandoor
port:
number: 8080
path: /
pathType: Prefix
tls:
- hosts:
- tandoor.dooplex.hu
secretName: tandoor-tls
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/instance: tandoor
app.kubernetes.io/name: tandoor
name: tandoor-staticfiles
namespace: tandoor-system
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: longhorn
Reference in New Issue View Git Blame Copy Permalink