From 66bb6f23c6a1cc7a38268fa57307e0b7a4a13da4 Mon Sep 17 00:00:00 2001 From: prettysunflower Date: Sat, 31 May 2025 13:07:56 +0200 Subject: [PATCH] apps(teable): Added teable to deployment --- apps/teable/config.yaml | 13 ++++ apps/teable/deployment.yaml | 125 +++++++++++++++++++++++++++++++++ apps/teable/kustomization.yaml | 7 ++ apps/teable/namespace.yaml | 6 ++ apps/teable/pvc.yaml | 12 ++++ apps/teable/secrets.sops.yaml | 56 +++++++++++++++ apps/teable/services.yaml | 29 ++++++++ 7 files changed, 248 insertions(+) create mode 100644 apps/teable/config.yaml create mode 100644 apps/teable/deployment.yaml create mode 100644 apps/teable/kustomization.yaml create mode 100644 apps/teable/namespace.yaml create mode 100644 apps/teable/pvc.yaml create mode 100644 apps/teable/secrets.sops.yaml create mode 100644 apps/teable/services.yaml diff --git a/apps/teable/config.yaml b/apps/teable/config.yaml new file mode 100644 index 0000000..4e1f765 --- /dev/null +++ b/apps/teable/config.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: teable-config + namespace: teable +data: + PUBLIC_ORIGIN: "https://data.remilia.ch" + + BACKEND_CACHE_PROVIDER: "redis" + + NEXT_ENV_IMAGES_ALL_REMOTE: "true" + PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING: "1" + NODE_TLS_REJECT_UNAUTHORIZED: '0' \ No newline at end of file diff --git a/apps/teable/deployment.yaml b/apps/teable/deployment.yaml new file mode 100644 index 0000000..a734a6e --- /dev/null +++ b/apps/teable/deployment.yaml @@ -0,0 +1,125 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: valkey + namespace: teable + labels: + app.kubernetes.io/name: valkey +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: valkey + template: + metadata: + labels: + app.kubernetes.io/name: valkey + spec: + volumes: + - name: valkey-data + persistentVolumeClaim: + claimName: valkey-data-pvc + containers: + - image: valkey/valkey:alpine + name: valkey + envFrom: + - secretRef: + name: valkey-secrets + command: ["valkey-server"] + ports: + - containerPort: 6379 + protocol: TCP + volumeMounts: + - name: valkey-data + mountPath: "/data" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: teable + namespace: teable + labels: + app.kubernetes.io/name: teable +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: teable + template: + metadata: + labels: + app.kubernetes.io/name: teable + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: location + operator: In + values: + - fsn + initContainers: + - name: db-migrate + image: ghcr.io/teableio/teable:latest + args: + - migrate-only + envFrom: + - configMapRef: + name: teable-config + - secretRef: + name: teable-secrets + resources: + requests: + cpu: 100m + memory: 102Mi + limits: + cpu: 1000m + memory: 1024Mi + containers: + - name: teable + image: ghcr.io/teableio/teable:latest + args: + - skip-migrate + ports: + - containerPort: 3000 + envFrom: + - configMapRef: + name: teable-config + - secretRef: + name: teable-secrets + resources: + requests: + cpu: 200m + memory: 400Mi + limits: + cpu: 2000m + memory: 4096Mi + startupProbe: + httpGet: + path: /health + port: 3000 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + livenessProbe: + httpGet: + path: /health + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + httpGet: + path: /health + port: 3000 + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 diff --git a/apps/teable/kustomization.yaml b/apps/teable/kustomization.yaml new file mode 100644 index 0000000..20bd5e2 --- /dev/null +++ b/apps/teable/kustomization.yaml @@ -0,0 +1,7 @@ +resources: + - config.yaml + - deployment.yaml + - pvc.yaml + - namespace.yaml + - services.yaml + - secrets.yaml \ No newline at end of file diff --git a/apps/teable/namespace.yaml b/apps/teable/namespace.yaml new file mode 100644 index 0000000..e79f824 --- /dev/null +++ b/apps/teable/namespace.yaml @@ -0,0 +1,6 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: teable + labels: + name: teable \ No newline at end of file diff --git a/apps/teable/pvc.yaml b/apps/teable/pvc.yaml new file mode 100644 index 0000000..8b4cbb2 --- /dev/null +++ b/apps/teable/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: valkey-data-pvc + namespace: teable +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 2Gi \ No newline at end of file diff --git a/apps/teable/secrets.sops.yaml b/apps/teable/secrets.sops.yaml new file mode 100644 index 0000000..73c9f61 --- /dev/null +++ b/apps/teable/secrets.sops.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Secret +metadata: + name: teable-secrets + namespace: teable +type: Opaque +stringData: + PRISMA_DATABASE_URL: ENC[AES256_GCM,data:s1Ssyft6PkzZugnCWtoSwY9dnN60MayuDJHwyQ2aYJxM45+OVshNkSPmAi8frdc1ODARZRKGHjfPphZgMZJOK/g7kLU=,iv:chgNrlMPDaO0KawkZ5r6YEUQWECLK7vkCLVfFJHW5fE=,tag:FaM5LHJ02v3vm944VSWlog==,type:str] + SECRET_KEY: ENC[AES256_GCM,data:hT8U2NQI0cfP9Fefj+04qAhNTfcGZA==,iv:mradupAaWNVzpTOUNqCOnHbCDH3Rkj1ZH+3FdKxBu0E=,tag:2G6ybcLmnLGKeV0eZnqC1w==,type:str] + BACKEND_STORAGE_PROVIDER: ENC[AES256_GCM,data:H/c=,iv:Jb5DybrH5axBf0/c2AqAUCOknrsfA1Cl1IG8BnXNFFE=,tag:guYZmc9Z6eIaNicmv72m6w==,type:str] + BACKEND_STORAGE_S3_REGION: ENC[AES256_GCM,data:GcW4gg==,iv:AsMxEh0z0h2HyX4fzwKycmRunnyFZMGPiIB74P+r8Sg=,tag:ZZSdfbrB3TZfd0aFToTzDQ==,type:str] + BACKEND_STORAGE_S3_ENDPOINT: ENC[AES256_GCM,data:kAEgep2//ORJPPWbc2XGx8JYu3rxag==,iv:m2XeLbv6fCrV0l2RaMofoOAYkOPZ6UXdQV+kyC+Sed4=,tag:2j8muLhDiz4lW6J8Hp7irA==,type:str] + BACKEND_STORAGE_S3_ACCESS_KEY: ENC[AES256_GCM,data:wPqpnOiH9taRupplpz+Ys8zaxakqbvT6VUiO0UqqXpJv7xhF0yC9qAmWFuRC3p1ELSMm4Izx,iv:F2wHiTGVvFkNd7vxkKrvHW85Q6hPuRAeRKUDrF5omsQ=,tag:hMVp68WaVB85wQrm3e0u0w==,type:str] + BACKEND_STORAGE_S3_SECRET_KEY: ENC[AES256_GCM,data:reca+7N9jNnELYjxLSaKezf6fZV40TeUzgL2GaoFOTiIovgVtgHocO5raBywU0K1IXh6XvNBiXaznbD1Phsu1WcGokwisgyloMLT,iv:MJTTq0E4OZ50zbngNxOBT8FCzH+u7eTWSkMmzL40QM8=,tag:L9Bd4VD/LtItRLxIsGwuLQ==,type:str] + BACKEND_STORAGE_PUBLIC_BUCKET: ENC[AES256_GCM,data:LevmTMk1pJiHK+10dv05GbgWKbmxzjwAkK2OQkg=,iv:vOgB0cI5VkpB2sXWRnL3ckAAYDLRmF8xeUWfJToxNg4=,tag:KfYqt3ihklMoy/vKboeQxA==,type:str] + BACKEND_STORAGE_PRIVATE_BUCKET: ENC[AES256_GCM,data:Zx+VkxGzUb4kMNlutqyETSgPuLMWc0mfGxEsy4Ut,iv:WrTSzmuiNFKmMVnnXaGwhPMyuyY4Unm0aldZXsHYQVw=,tag:GMk2aCbAanrp5VpadYgf0A==,type:str] + BACKEND_CACHE_REDIS_URI: ENC[AES256_GCM,data:SvQQ922E2Wkmluz3ZtBmuPT/pdvSGqvC54/yTlg4noO9zffMbhWHA1RSZ2PQw46BX1ERt5ge1XlcaTGVE789uSOSS1p8L5PCklNMn9Av/CYCJcFtWgBMgJ1O,iv:7HVQ0bWRkunopGqG9UCfe7baEtIooHUtFPrcR/ta1Mg=,tag:ss8QkmM8aSHa18x28cxepg==,type:str] +sops: + age: + - recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzczNWSDY3N3dvdWIzQXR4 + ZnFlTnBxMmJlODhTZXA5c0Z0b0FOMGNuNmh3CjVyUndFR3pSYlpiR1VMMGZWNEI0 + SXFJTTlkcmU5U2IreXdHd1Z4YzNYbnMKLS0tIC93VUt3YnhRVEZhN2h6dVdFcndO + V0ppYzBaMkVLbERVT1Z0NlM3czZHd1kK4i8E7E38+azAd9TMh/ewVWyokfQYOWBk + n+1s4Xfx+VkWGkLjn54N7/Xf5nXaNI828XENCyT08ym/YLthcZtu3A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-31T11:07:36Z" + mac: ENC[AES256_GCM,data:8qfOsgTMC+cAybsncCqOh77VVaUTvGM3S1ybPug6YUJUEylKy4BRTBSPOLj+rywdG2znf6xxvgjK4L8i+LqCiw4XovvkERQYRocg7Hz+Qms8dUE3z3OwjmvdV4PJf4jtETgnOh9v3XBtaiOEZb84qAwdG4xDewH3rhWDCWClqR0=,iv:jWirmxatoEW9LyvtE8ghW4A3rEckR662qoAds+yLYLw=,tag:acV9YK+9y+JI5KX6+Q5ivw==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 +--- +apiVersion: v1 +kind: Secret +metadata: + name: valkey-secrets + namespace: teable +type: Opaque +stringData: + VALKEY_EXTRA_FLAGS: ENC[AES256_GCM,data:bb5twuIlk7vZEOJKeYOUSvr+1CyrRCS0IaCbUn6MVUtp5dPymiJn/q06U+mqbwsU,iv:cMVvCNrZmlTQZxImxqXEwikMUkTYtrliU3wTjZzKOh4=,tag:EiS0g1vxGPLHcGOEK2Tx9w==,type:str] +sops: + age: + - recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzczNWSDY3N3dvdWIzQXR4 + ZnFlTnBxMmJlODhTZXA5c0Z0b0FOMGNuNmh3CjVyUndFR3pSYlpiR1VMMGZWNEI0 + SXFJTTlkcmU5U2IreXdHd1Z4YzNYbnMKLS0tIC93VUt3YnhRVEZhN2h6dVdFcndO + V0ppYzBaMkVLbERVT1Z0NlM3czZHd1kK4i8E7E38+azAd9TMh/ewVWyokfQYOWBk + n+1s4Xfx+VkWGkLjn54N7/Xf5nXaNI828XENCyT08ym/YLthcZtu3A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-31T11:07:36Z" + mac: ENC[AES256_GCM,data:8qfOsgTMC+cAybsncCqOh77VVaUTvGM3S1ybPug6YUJUEylKy4BRTBSPOLj+rywdG2znf6xxvgjK4L8i+LqCiw4XovvkERQYRocg7Hz+Qms8dUE3z3OwjmvdV4PJf4jtETgnOh9v3XBtaiOEZb84qAwdG4xDewH3rhWDCWClqR0=,iv:jWirmxatoEW9LyvtE8ghW4A3rEckR662qoAds+yLYLw=,tag:acV9YK+9y+JI5KX6+Q5ivw==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/teable/services.yaml b/apps/teable/services.yaml new file mode 100644 index 0000000..c687cf7 --- /dev/null +++ b/apps/teable/services.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: valkey + namespace: teable +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: valkey + ports: + - protocol: TCP + port: 6379 + targetPort: 6379 + name: valkey +--- +apiVersion: v1 +kind: Service +metadata: + name: teable + namespace: teable +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: teable + ports: + - protocol: TCP + port: 80 + targetPort: 3000 + name: http \ No newline at end of file