chore(bootstrap): Added uptime-kuma and pocket-id to argocd

clusters/artemis/apps/kustomization.yaml

@@ -9,3 +9,5 @@ resources:
   - gitea
   - cnpg
   - external-secrets
+  - uptime-kuma
+  - pocket-id

clusters/artemis/apps/pocket-id/app-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: pocket-id
+spec:
+  description: Authentication and Authorization
+  sourceRepos:
+    - '*'
+  sourceNamespaces:
+    - '*'
+  destinations:
+    - namespace: 'pocket-id'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

clusters/artemis/apps/pocket-id/application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: pocket-id
+  namespace: pocket-id
+  labels:
+    platform.dgse.cloud/cluster: artemis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: pocket-id
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: manifests/artemis/pocket-id
+    targetRevision: HEAD
+  destination:
+    namespace: pocket-id
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artemis/apps/pocket-id/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app-project.yaml
+  - application.yaml

clusters/artemis/apps/uptime-kuma/app-project.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: uptime-kuma
+spec:
+  description: Monitoring for platform
+  sourceRepos:
+    - '*'
+  sourceNamespaces:
+    - '*'
+  destinations:
+    - namespace: 'uptime-kuma'
+      server: '*'
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'

clusters/artemis/apps/uptime-kuma/application.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: uptime-kuma
+  namespace: uptime-kuma
+  labels:
+    platform.dgse.cloud/cluster: artemis
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: uptime-kuma
+  source:
+    repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
+    path: manifests/artemis/uptime-kuma
+    targetRevision: HEAD
+  destination:
+    namespace: uptime-kuma
+    name: in-cluster
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true

clusters/artemis/apps/uptime-kuma/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - app-project.yaml
+  - application.yaml

manifests/artemis/pocket-id/deployment.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pocket-id
+spec:
+  selector:
+    matchLabels:
+      app: pocket-id
+  template:
+    metadata:
+      labels:
+        app: pocket-id
+    spec:
+      nodeSelector:
+        node-role.kubernetes.io/worker: worker
+      containers:
+        - name: pocket-id
+          image: ghcr.io/pocket-id/pocket-id:v1
+          ports:
+            - containerPort: 1411
+          env:
+            - name: APP_URL
+              value: "https://auth.dgse.cloud"
+            - name: TRUST_PROXY
+              value: "true"
+            - name: MAXMIND_LICENSE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: pocket-id-secrets
+                  key: maxmind-license-key
+          volumeMounts:
+            - mountPath: /app/data
+              name: pocket-id-data
+      volumes:
+        - name: pocket-id-data
+          persistentVolumeClaim:
+            claimName: pocket-id-data

manifests/artemis/pocket-id/ingress.yaml

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+  name: pocket-id-ingress
+spec:
+  rules:
+  - host: auth.dgse.cloud
+    http:
+      paths:
+      - backend:
+          service:
+            name: pocket-id
+            port:
+              number: 1411
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - auth.dgse.cloud
+    secretName: letsencrypt

manifests/artemis/pocket-id/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+resources:
+  - vault-secrets.yaml
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+  - pvc.yaml

manifests/artemis/pocket-id/pvc.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pocket-id-data
+  labels:
+    app: pocket-id
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

manifests/artemis/pocket-id/service.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pocket-id
+  labels:
+    app: pocket-id
+spec:
+  clusterIP: None
+  selector:
+    app: pocket-id
+  ports:
+    - name: websecure
+      port: 1411
+      targetPort: 1411

manifests/artemis/pocket-id/vault-secrets.yaml

@@ -0,0 +1,16 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: pocket-id
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: platform
+    kind: ClusterSecretStore
+  target:
+    name: pocket-id-secrets
+  data:
+    - secretKey: maxmind-license-key
+      remoteRef:
+        key: pocket-id/env
+        property: maxmind-license-key

manifests/artemis/uptime-kuma/cert.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: uptime-kuma-cert
+spec:
+  secretName: letsencrypt
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+    - uptime.dgse.cloud
+

manifests/artemis/uptime-kuma/deployment.yaml

@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: uptime-kuma
+  namespace: uptime-kuma
+spec:
+  selector:
+    matchLabels:
+      app: uptime-kuma
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+  template:
+    metadata:
+      labels:
+        app: uptime-kuma
+    spec:
+      containers:
+      - name: uptime-kuma
+        image: louislam/uptime-kuma:1.23.16
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 3001
+          name: web-ui
+        resources:
+          limits:
+            cpu: 200m
+            memory: 512Mi
+          requests:
+            cpu: 50m
+            memory: 128Mi
+        livenessProbe:
+          tcpSocket:
+            port: web-ui
+          initialDelaySeconds: 60
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            scheme: HTTP
+            path: /
+            port: web-ui
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        volumeMounts:
+        - name: data
+          mountPath: /app/data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: uptime-kuma-pvc

manifests/artemis/uptime-kuma/ingressRoute.yaml

@@ -0,0 +1,17 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: uptime-kuma
+  namespace: uptime-kuma
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`uptime.dgse.cloud`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: uptime-kuma
+          port: 3001
+
+  tls:
+    secretName: letsencrypt

manifests/artemis/uptime-kuma/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - pvc.yaml
+  - service.yaml
+  - deployment.yaml
+  - ingressRoute.yaml
+  - cert.yaml

manifests/artemis/uptime-kuma/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: uptime-kuma-pvc
+  namespace: uptime-kuma
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 512Mi

manifests/artemis/uptime-kuma/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: uptime-kuma
+  name: uptime-kuma
+spec:
+  selector:
+    app: uptime-kuma
+  ports:
+    - protocol: TCP
+      port: 3001
+      targetPort: 3001