chore(osx): Added OSX container

2026-02-02 11:39:46 +01:00
parent bbfc8bbb27
commit 797dc958d2
27 changed files with 210 additions and 419 deletions
--- a/clusters/artemis/apps/kaneo/app-project.yaml
+++ b/clusters/artemis/apps/kaneo/app-project.yaml
@@ -2,15 +2,15 @@
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
-  name: osx
+  name: kaneo
 spec:
-  description: osx container to proxy shortcuts
+  description: Project Management
  sourceRepos:
    - '*'
  sourceNamespaces:
    - '*'
  destinations:
-    - namespace: 'osx'
+    - namespace: 'kaneo'
      server: '*'
  clusterResourceWhitelist:
    - group: '*'
--- a/clusters/artemis/apps/kaneo/application.yaml
+++ b/clusters/artemis/apps/kaneo/application.yaml
@@ -1,20 +1,20 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: osx
-  namespace: osx
+  name: kaneo
+  namespace: kaneo
  labels:
    platform.dgse.cloud/cluster: artemis
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
-  project: osx
+  project: kaneo
  source:
    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
-    path: manifests/artemis/osx
+    path: manifests/artemis/kaneo
    targetRevision: main
  destination:
-    namespace: osx
+    namespace: kaneo
    name: in-cluster
  syncPolicy:
    syncOptions:
--- a/clusters/artemis/apps/kaneo/kustomization.yaml
+++ b/clusters/artemis/apps/kaneo/kustomization.yaml
--- a/clusters/artemis/apps/kustomization.yaml
+++ b/clusters/artemis/apps/kustomization.yaml
@@ -13,9 +13,7 @@ resources:
  - pocket-id
  - vaultwarden
  - mailu
-  # - ntfy
  - penpot
  - immich
  - digital-garden
-  # - nextcloud
-  # - osx
+  - kaneo
--- a/manifests/artemis/kaneo/api.yaml
+++ b/manifests/artemis/kaneo/api.yaml
@@ -0,0 +1,39 @@
+# api-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kaneo-api
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kaneo-api
+  template:
+    metadata:
+      labels:
+        app: kaneo-api
+    spec:
+      containers:
+        - name: api
+          image: ghcr.io/usekaneo/api:latest
+          ports:
+            - containerPort: 1337
+          envFrom:
+            - configMapRef:
+                name: kaneo-env
+          # If your API uses POSTGRES_HOST, point it to the postgres Service:
+          # env:
+          #   - name: POSTGRES_HOST
+          #     value: "postgres"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kaneo-api
+spec:
+  type: ClusterIP
+  selector:
+    app: kaneo-api
+  ports:
+    - port: 1337
+      targetPort: 1337
--- a/manifests/artemis/kaneo/configMap.yaml
+++ b/manifests/artemis/kaneo/configMap.yaml
@@ -0,0 +1,11 @@
+# postgres-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kaneo-env
+data:
+# Copy the contents of your .env file here as key: value pairs
+# Example:
+ POSTGRES_USER: "kaneo"
+ POSTGRES_PASSWORD: "appelsap"
+ POSTGRES_DB: "kaneo"
--- a/manifests/artemis/kaneo/db.yaml
+++ b/manifests/artemis/kaneo/db.yaml
@@ -0,0 +1,62 @@
+# postgres-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:16-alpine
+          ports:
+            - containerPort: 5432
+          envFrom:
+            - configMapRef:
+                name: kaneo-env
+          volumeMounts:
+            - name: postgres-data
+              mountPath: /var/lib/postgresql/data
+          readinessProbe:
+            exec:
+              command:
+                - sh
+                - -c
+                - pg_isready -U kaneo -d kaneo
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 5
+          livenessProbe:
+            exec:
+              command:
+                - sh
+                - -c
+                - pg_isready -U kaneo -d kaneo
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 5
+      volumes:
+        - name: postgres-data
+          persistentVolumeClaim:
+            claimName: postgres-data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+spec:
+  type: ClusterIP
+  selector:
+    app: postgres
+  ports:
+    - port: 5432
+      targetPort: 5432
--- a/manifests/artemis/kaneo/ingress.yaml
+++ b/manifests/artemis/kaneo/ingress.yaml
@@ -1,22 +1,23 @@
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
-  name: osx-ingress
+  name: kaneo-ingress
 spec:
  rules:
-    - host: osx.dgse.cloud
+    - host: projects.dgse.cloud
      http:
        paths:
          - backend:
              service:
-                name: macos
+                name: kaneo-web
                port:
-                  number: 8006
+                  number: 5173
            path: /
            pathType: Prefix
  tls:
    - hosts:
-        - osx.dgse.cloud
+        - projects.dgse.cloud
      secretName: letsencrypt
--- a/manifests/artemis/kaneo/kustomization.yaml
+++ b/manifests/artemis/kaneo/kustomization.yaml
@@ -2,12 +2,13 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 metadata:
-  name: kener
+  name: kaneo

 resources:
-  - secret.yaml
-  - db-cluster.yaml
-  - service.yaml
+  - configMap.yaml
  - pvc.yaml
-  - deployment.yaml
+  - api.yaml
+  - web.yaml
+  - db.yaml
+  - services.yaml
  - ingress.yaml
--- a/manifests/artemis/kaneo/pvc.yaml
+++ b/manifests/artemis/kaneo/pvc.yaml
@@ -0,0 +1,13 @@
+# postgres-pv-pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-data
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  # For managed clusters, often you don't need storageClassName and use default.
+  # storageClassName: standard
--- a/manifests/artemis/kaneo/services.yaml
+++ b/manifests/artemis/kaneo/services.yaml
@@ -0,0 +1,25 @@
+# api-service.yaml (unchanged from before)
+apiVersion: v1
+kind: Service
+metadata:
+  name: kaneo-api
+spec:
+  type: ClusterIP
+  selector:
+    app: kaneo-api
+  ports:
+    - port: 1337
+      targetPort: 1337
+---
+# web-service.yaml (unchanged from before)
+apiVersion: v1
+kind: Service
+metadata:
+  name: kaneo-web
+spec:
+  type: ClusterIP
+  selector:
+    app: kaneo-web
+  ports:
+    - port: 5173
+      targetPort: 5173
--- a/manifests/artemis/kaneo/web.yaml
+++ b/manifests/artemis/kaneo/web.yaml
@@ -0,0 +1,39 @@
+# web-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kaneo-web
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kaneo-web
+  template:
+    metadata:
+      labels:
+        app: kaneo-web
+    spec:
+      containers:
+        - name: web
+          image: ghcr.io/usekaneo/web:latest
+          ports:
+            - containerPort: 5173
+          envFrom:
+            - configMapRef:
+                name: kaneo-env
+          # If the web app needs the API URL, ensure env var points to the API Service:
+          # env:
+          #   - name: VITE_API_BASE_URL
+          #     value: "http://kaneo-api:1337"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kaneo-web
+spec:
+  type: ClusterIP
+  selector:
+    app: kaneo-web
+  ports:
+    - port: 5173
+      targetPort: 5173
--- a/manifests/artemis/kener/db-cluster.yaml
+++ b/manifests/artemis/kener/db-cluster.yaml
@@ -1,21 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: kener-postgres
-spec:
-  instances: 1
-  managed:
-    roles:
-      - name: kener
-        superuser: true
-        login: true
-  bootstrap:
-    initdb:
-      database: kener
-      owner: kener
-      secret:
-        name: kener-postgres-user
-
-  storage:
-    size: 4Gi
-    storageClass: local-path
--- a/manifests/artemis/kener/deployment.yaml
+++ b/manifests/artemis/kener/deployment.yaml
@@ -1,79 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kener
-spec:
-  selector:
-    matchLabels:
-      app: kener
-  template:
-    metadata:
-      labels:
-        app: kener
-    spec:
-      containers:
-        - name: kener
-          image: rajnandan1/kener:latest
-          ports:
-            - containerPort: 3000
-              name: http
-          volumeMounts:
-            - name: kener-uploads
-              mountPath: "/app/uploads"
-          env:
-            - name: ORIGIN
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: ORIGIN
-            - name: DATABASE_URL
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: DATABASE_URL
-            - name: KENER_SECRET_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: KENER_SECRET_KEY
-            - name: SMTP_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_HOST
-            - name: SMTP_PORT
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_PORT
-            - name: SMTP_USER
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_USER
-            - name: SMTP_PASS
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_PASS
-            - name: SMTP_SECURE
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_SECURE
-            - name: SMTP_FROM_EMAIL
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: SMTP_FROM_EMAIL
-            - name: TZ
-              valueFrom:
-                secretKeyRef:
-                  name: kener-secret
-                  key: TZ
-
-      volumes:
-        - name: kener-uploads
-          persistentVolumeClaim:
-            claimName: kener-pvc
--- a/manifests/artemis/kener/ingress.yaml
+++ b/manifests/artemis/kener/ingress.yaml
@@ -1,22 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt
-  name: kener-ingress
-spec:
-  rules:
-    - host: monitor.dgse.cloud
-      http:
-        paths:
-          - backend:
-              service:
-                name: kener
-                port:
-                  number: 3000
-            path: /
-            pathType: Prefix
-  tls:
-    - hosts:
-        - monitor.dgse.cloud
-      secretName: letsencrypt
--- a/manifests/artemis/kener/pvc.yaml
+++ b/manifests/artemis/kener/pvc.yaml
@@ -1,11 +0,0 @@
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: kener-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 20Gi
--- a/manifests/artemis/kener/secret.yaml
+++ b/manifests/artemis/kener/secret.yaml
@@ -1,74 +0,0 @@
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: kener-secret
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: platform
-    kind: ClusterSecretStore
-  target:
-    name: kener-secret
-  data:
-    - secretKey: ORIGIN
-      remoteRef:
-        key: kener
-        property: ORIGIN
-    - secretKey: DATABASE_URL
-      remoteRef:
-        key: kener
-        property: DATABASE_URL
-    - secretKey: KENER_SECRET_KEY
-      remoteRef:
-        key: kener
-        property: KENER_SECRET_KEY
-    - secretKey: SMTP_HOST
-      remoteRef:
-        key: kener
-        property: SMTP_HOST
-    - secretKey: SMTP_PORT
-      remoteRef:
-        key: kener
-        property: SMTP_PORT
-    - secretKey: SMTP_USER
-      remoteRef:
-        key: kener
-        property: SMTP_USER
-    - secretKey: SMTP_PASS
-      remoteRef:
-        key: kener
-        property: SMTP_PASS
-    - secretKey: SMTP_SECURE
-      remoteRef:
-        key: kener
-        property: SMTP_SECURE
-    - secretKey: SMTP_FROM_EMAIL
-      remoteRef:
-        key: kener
-        property: SMTP_FROM_EMAIL
-    - secretKey: TZ
-      remoteRef:
-        key: kener
-        property: TZ
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: kener-postgres-user
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    name: platform
-    kind: ClusterSecretStore
-  target:
-    name: kener-postgres-user
-  data:
-    - secretKey: username
-      remoteRef:
-        key: kener
-        property: postgres_username
-    - secretKey: password
-      remoteRef:
-        key: kener
-        property: postgres_password
--- a/manifests/artemis/kener/service.yaml
+++ b/manifests/artemis/kener/service.yaml
@@ -1,12 +0,0 @@
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: kener
-spec:
-  selector:
-    app: kener
-  ports:
-    - protocol: TCP
-      port: 3000
-      targetPort: 3000
--- a/manifests/artemis/ntfy/basicauth.yaml
+++ b/manifests/artemis/ntfy/basicauth.yaml
@@ -1,8 +0,0 @@
---
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: basic-auth
-spec:
-  basicAuth:
-    secret: basic-auth
--- a/manifests/artemis/ntfy/configmap.yaml
+++ b/manifests/artemis/ntfy/configmap.yaml
@@ -1,12 +0,0 @@
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: ntfy
-data:
-  server.yml: |
-    # Template: https://github.com/binwiederhier/ntfy/blob/main/server/server.yml
-    base-url: https://notifications.dgse.cloud
-    enable-login: true
-    enable-signup: false
-    upstream-base-url: "https://ntfy.sh"
--- a/manifests/artemis/ntfy/deployment.yaml
+++ b/manifests/artemis/ntfy/deployment.yaml
@@ -1,33 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: ntfy
-spec:
-  selector:
-    matchLabels:
-      app: ntfy
-  template:
-    metadata:
-      labels:
-        app: ntfy
-    spec:
-      containers:
-        - name: ntfy
-          image: binwiederhier/ntfy
-          args: ["serve"]
-          resources:
-            limits:
-              memory: "128Mi"
-              cpu: "500m"
-          ports:
-            - containerPort: 80
-              name: http
-          volumeMounts:
-            - name: config
-              mountPath: "/etc/ntfy"
-              readOnly: true
-      volumes:
-        - name: config
-          configMap:
-            name: ntfy
--- a/manifests/artemis/ntfy/ingress.yaml
+++ b/manifests/artemis/ntfy/ingress.yaml
@@ -1,18 +0,0 @@
---
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: ntfy-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`notifications.dgse.cloud`)
-      kind: Rule
-      middlewares:
-        - name: basic-auth
-      services:
-        - name: ntfy
-          port: 80
-  tls:
-    secretName: letsencrypt
--- a/manifests/artemis/ntfy/service.yaml
+++ b/manifests/artemis/ntfy/service.yaml
@@ -1,12 +0,0 @@
---
-# Basic service for port 80
-apiVersion: v1
-kind: Service
-metadata:
-  name: ntfy
-spec:
-  selector:
-    app: ntfy
-  ports:
-    - port: 80
-      targetPort: 80
--- a/manifests/artemis/osx/deployment.yaml
+++ b/manifests/artemis/osx/deployment.yaml
@@ -1,58 +0,0 @@
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: macos
-  labels:
-    name: macos
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: macos
-  template:
-    metadata:
-      labels:
-        app: macos
-    spec:
-      containers:
-        - name: macos
-          image: dockurr/macos
-          env:
-            - name: VERSION
-              value: "14"
-            - name: DISK_SIZE
-              value: "64G"
-            - name: KVM
-              value: "N"
-          ports:
-            - containerPort: 8006
-              name: http
-              protocol: TCP
-            - containerPort: 5900
-              name: vnc
-              protocol: TCP
-          securityContext:
-            capabilities:
-              add:
-                - NET_ADMIN
-            privileged: true
-          volumeMounts:
-            - mountPath: /storage
-              name: storage
-            - mountPath: /dev/kvm
-              name: dev-kvm
-            - mountPath: /dev/net/tun
-              name: dev-tun
-      terminationGracePeriodSeconds: 120
-      volumes:
-        - name: storage
-          persistentVolumeClaim:
-            claimName: macos-pvc
-        - hostPath:
-            path: /dev/kvm
-          name: dev-kvm
-        - hostPath:
-            path: /dev/net/tun
-            type: CharDevice
-          name: dev-tun
--- a/manifests/artemis/osx/kustomization.yaml
+++ b/manifests/artemis/osx/kustomization.yaml
@@ -1,8 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-  - service.yaml
-  - deployment.yaml
-  - pvc.yaml
--- a/manifests/artemis/osx/pvc.yaml
+++ b/manifests/artemis/osx/pvc.yaml
@@ -1,11 +0,0 @@
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: macos-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 64Gi
--- a/manifests/artemis/osx/service.yaml
+++ b/manifests/artemis/osx/service.yaml
@@ -1,19 +0,0 @@
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: macos
-spec:
-  internalTrafficPolicy: Cluster
-  ports:
-    - name: http
-      port: 8006
-      protocol: TCP
-      targetPort: 8006
-    - name: vnc
-      port: 5900
-      protocol: TCP
-      targetPort: 5900
-  selector:
-    app: macos
-  type: ClusterIP