From ba67befb2504337b59fedd4340af5ece8c7d165d Mon Sep 17 00:00:00 2001 From: prettysunflower Date: Fri, 30 May 2025 12:27:42 +0200 Subject: [PATCH] apps(privatebin): Added Privatebin to the deployment --- apps/privatebin/deployment.yaml | 79 ++++++++++++++++++++++++++++++ apps/privatebin/kustomization.yaml | 6 +++ apps/privatebin/namespace.yaml | 6 +++ apps/privatebin/pvc.yaml | 12 +++++ apps/privatebin/secrets.sops.yaml | 23 +++++++++ apps/privatebin/services.yaml | 14 ++++++ 6 files changed, 140 insertions(+) create mode 100644 apps/privatebin/deployment.yaml create mode 100644 apps/privatebin/kustomization.yaml create mode 100644 apps/privatebin/namespace.yaml create mode 100644 apps/privatebin/pvc.yaml create mode 100644 apps/privatebin/secrets.sops.yaml create mode 100644 apps/privatebin/services.yaml diff --git a/apps/privatebin/deployment.yaml b/apps/privatebin/deployment.yaml new file mode 100644 index 0000000..e990fb3 --- /dev/null +++ b/apps/privatebin/deployment.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: privatebin + namespace: privatebin + labels: + app.kubernetes.io/name: privatebin +spec: + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: privatebin + template: + metadata: + labels: + app.kubernetes.io/name: privatebin + spec: + volumes: + - name: privatebin-data + persistentVolumeClaim: + claimName: privatebin-data-pvc + containers: + - image: privatebin/nginx-fpm-alpine:latest + name: privatebin + imagePullPolicy: Always + ports: + - containerPort: 8080 + protocol: TCP + volumeMounts: + - name: privatebin-data + mountPath: "/srv/data" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + - name: anubis + image: ghcr.io/techarohq/anubis:latest + imagePullPolicy: Always + env: + - name: "BIND" + value: ":8081" + - name: "DIFFICULTY" + value: "4" + - name: ED25519_PRIVATE_KEY_HEX + valueFrom: + secretKeyRef: + name: anubis-key + key: ED25519_PRIVATE_KEY_HEX + - name: "METRICS_BIND" + value: ":9090" + - name: "SERVE_ROBOTS_TXT" + value: "true" + - name: "TARGET" + value: "http://localhost:8080" + - name: "OG_PASSTHROUGH" + value: "false" + resources: + limits: + cpu: 750m + memory: 256Mi + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault \ No newline at end of file diff --git a/apps/privatebin/kustomization.yaml b/apps/privatebin/kustomization.yaml new file mode 100644 index 0000000..aaba80a --- /dev/null +++ b/apps/privatebin/kustomization.yaml @@ -0,0 +1,6 @@ +resources: +- namespace.yaml +- pvc.yaml +- deployment.yaml +- services.yaml +- secrets.yaml \ No newline at end of file diff --git a/apps/privatebin/namespace.yaml b/apps/privatebin/namespace.yaml new file mode 100644 index 0000000..dee180d --- /dev/null +++ b/apps/privatebin/namespace.yaml @@ -0,0 +1,6 @@ +kind: Namespace +apiVersion: v1 +metadata: + name: privatebin + labels: + name: privatebin \ No newline at end of file diff --git a/apps/privatebin/pvc.yaml b/apps/privatebin/pvc.yaml new file mode 100644 index 0000000..64e720b --- /dev/null +++ b/apps/privatebin/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: privatebin-data-pvc + namespace: privatebin +spec: + accessModes: + - ReadWriteMany + storageClassName: longhorn + resources: + requests: + storage: 5Gi \ No newline at end of file diff --git a/apps/privatebin/secrets.sops.yaml b/apps/privatebin/secrets.sops.yaml new file mode 100644 index 0000000..1ff0b1f --- /dev/null +++ b/apps/privatebin/secrets.sops.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Secret +metadata: + name: anubis-key + namespace: privatebin +type: Opaque +data: + ED25519_PRIVATE_KEY_HEX: ENC[AES256_GCM,data:DBMXjeG7KguofrBF8wFRZoplFKhsxRGvWAXga5QJkhYn4HNF6WvFr8dkCww7Z6qpqdskKqBQqBiYq6OgTe5f55or9sWeO5XwKprjTUYYJ+/Yxvg1MBMlSg==,iv:MfK068uL94QNPlh62FNjBMK26M6Uig9yWvHRLpmEASE=,tag:0w4OMh/KcWsK5n4xnkLzaw==,type:str] +sops: + age: + - recipient: age1r0tjhg6uexyj0p7fp0ftv5h7r7e3ptzkk2797pznfvrvsm576u0s37yyaw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dGp5eTNoRWZRVENPaXVv + cUdJc2d4Sm82RklXb29vRHZQZmhRNHRxWGpRCllwNENBY015WUFqeWI2TGhhcXZ3 + Z0w4dXJZeEtQZkJRQzAveTZtS1RZdDQKLS0tIHlYeEZzMzNXTzdJaEd3S2s0RWh0 + L3lRQkxCNWRBbFdlMW1DS2RXUXJwTlkKW7jjQfIC2tZo9vj6QenOdOa54xCjMU5v + 3Be8lPn1H6js15fKTpCw+6+VaEBaAxO9Q1BnSlKx76YQc4V/1pRGhQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-30T10:26:13Z" + mac: ENC[AES256_GCM,data:mC8nlQZA7o6h+FDK5eB4XOXrYnygml0rYDDlg4oq0i0rNXlK0gQcTQxYU3ZJLyEJirsjKhdoyF/thP9ro1Jdbt2bNn5k7crc4o5Ar4/Rlu05xxq7reZKtX2RiUaGonlWNrNLbXWnPFv9TZ2A+qkdIlXYLMg5vNFPJS0E56b/SH0=,iv:1ERSVhVwzEj3Y+vPdbBEeHsjLi5IZ0pgWwh423cGB2g=,tag:l/2a74j+gbyIQIn2DIN09w==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.10.2 diff --git a/apps/privatebin/services.yaml b/apps/privatebin/services.yaml new file mode 100644 index 0000000..8d1da85 --- /dev/null +++ b/apps/privatebin/services.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: privatebin + namespace: privatebin +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: privatebin + ports: + - protocol: TCP + port: 80 + targetPort: 8081 + name: http \ No newline at end of file