underpost 2.8.1 → 2.8.7

package/manifests/calico-custom-resources.yaml

@@ -0,0 +1,25 @@
+# This section includes base Calico installation configuration.
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+      - blockSize: 26
+        cidr: 192.168.0.0/16
+        encapsulation: VXLANCrossSubnet
+        natOutgoing: Enabled
+        nodeSelector: all()
+
+---
+# This section configures the Calico API server.
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
+apiVersion: operator.tigera.io/v1
+kind: APIServer
+metadata:
+  name: default
+spec: {}

package/manifests/deployment/adminer/deployment.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: adminer
+  labels:
+    app: adminer
+    group: db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: adminer
+  template:
+    metadata:
+      labels:
+        app: adminer
+        group: db
+    spec:
+      containers:
+        - name: adminer
+          image: adminer:4.7.6-standalone
+          ports:
+            - containerPort: 8080
+          env:
+            - name: ADMINER_DESIGN
+              value: pepa-linha
+            - name: ADMINER_DEFAULT_SERVER
+              value: postgres
+          resources:
+            limits:
+              memory: '256Mi'
+              cpu: '500m'

package/manifests/deployment/adminer/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# kubectl apply -k manifests/deployment/adminer/.
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - deployment.yaml
+  - service.yaml

package/manifests/deployment/adminer/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: adminer
+  labels:
+    group: db
+spec:
+  type: ClusterIP
+  selector:
+    app: adminer
+  ports:
+    - port: 8080
+      targetPort: 8080

package/manifests/deployment/fastapi/backend-deployment.yml

@@ -0,0 +1,120 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fastapi-backend
+  labels:
+    app: fastapi-backend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: fastapi-backend
+  template:
+    metadata:
+      labels:
+        app: fastapi-backend
+    spec:
+      containers:
+        - name: fastapi-backend-container
+          image: localhost/fastapi-backend:latest
+          imagePullPolicy: IfNotPresent
+
+          ports:
+            - containerPort: 8000
+              name: http-api
+
+          env:
+            - name: POSTGRES_SERVER
+              value: postgres-service
+            - name: POSTGRES_PORT
+              value: '5432'
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-postgres-credentials
+                  key: POSTGRES_DB
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-postgres-credentials
+                  key: POSTGRES_USER
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-postgres-credentials
+                  key: POSTGRES_PASSWORD
+
+            - name: PROJECT_NAME
+              value: 'Full Stack FastAPI Project'
+            - name: STACK_NAME
+              value: 'full-stack-fastapi-project'
+
+            - name: BACKEND_CORS_ORIGINS
+              value: 'http://localhost,http://localhost:5173,https://localhost,https://localhost:5173'
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-backend-config-secret
+                  key: SECRET_KEY
+            - name: FIRST_SUPERUSER
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-backend-config-secret
+                  key: FIRST_SUPERUSER
+            - name: FIRST_SUPERUSER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: fastapi-backend-config-secret
+                  key: FIRST_SUPERUSER_PASSWORD
+            - name: USERS_OPEN_REGISTRATION
+              value: 'True'
+
+            # - name: SMTP_HOST
+            #   valueFrom:
+            #     secretKeyRef:
+            #       name: fastapi-backend-config-secret
+            #       key: SMTP_HOST
+            # - name: SMTP_USER
+            #   valueFrom:
+            #     secretKeyRef:
+            #       name: fastapi-backend-config-secret
+            #       key: SMTP_USER
+            # - name: SMTP_PASSWORD
+            #   valueFrom:
+            #     secretKeyRef:
+            #       name: fastapi-backend-config-secret
+            #       key: SMTP_PASSWORD
+            - name: EMAILS_FROM_EMAIL
+              value: 'info@example.com'
+            - name: SMTP_TLS
+              value: 'True'
+            - name: SMTP_SSL
+              value: 'False'
+            - name: SMTP_PORT
+              value: '587'
+
+          livenessProbe:
+            httpGet:
+              path: /docs
+              port: 8000
+            initialDelaySeconds: 30
+            periodSeconds: 20
+            timeoutSeconds: 10
+            failureThreshold: 3
+
+          readinessProbe:
+            httpGet:
+              path: /docs
+              port: 8000
+            initialDelaySeconds: 30
+            periodSeconds: 20
+            timeoutSeconds: 10
+            failureThreshold: 3
+
+          resources:
+            requests:
+              cpu: 200m
+              memory: 256Mi
+            limits:
+              cpu: 1000m
+              memory: 1Gi

package/manifests/deployment/fastapi/backend-service.yml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: fastapi-backend-service
+  labels:
+    app: fastapi-backend
+spec:
+  selector:
+    app: fastapi-backend
+  ports:
+    - name: 'tcp-8000'
+      protocol: TCP
+      port: 8000
+      targetPort: 8000
+    - name: 'udp-8000'
+      protocol: UDP
+      port: 8000
+      targetPort: 8000
+  type: ClusterIP

package/manifests/deployment/fastapi/frontend-deployment.yml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: react-frontend
+  labels:
+    app: react-frontend
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: react-frontend
+  template:
+    metadata:
+      labels:
+        app: react-frontend
+    spec:
+      containers:
+        - name: react-frontend-container
+          image: localhost/fastapi-frontend:latest
+          imagePullPolicy: IfNotPresent
+
+          ports:
+            - containerPort: 80
+              name: http-web
+
+          env:
+            - name: VITE_FASTAPI_URL
+              value: '/api'
+
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 80
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 3
+            failureThreshold: 3
+
+          readinessProbe:
+            httpGet:
+              path: /
+              port: 80
+            initialDelaySeconds: 3
+            periodSeconds: 5
+            timeoutSeconds: 3
+            failureThreshold: 3
+
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 500m
+              memory: 512Mi

package/manifests/deployment/fastapi/frontend-service.yml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: react-frontend-service
+  labels:
+    app: react-frontend
+spec:
+  selector:
+    app: react-frontend
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+      name: http-web
+  type: ClusterIP

package/manifests/deployment/kafka/deployment.yaml

@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: kafka
+  namespace: kafka
+  labels:
+    app: kafka-app
+spec:
+  serviceName: kafka-svc
+  replicas: 3
+  selector:
+    matchLabels:
+      app: kafka-app
+  template:
+    metadata:
+      labels:
+        app: kafka-app
+    spec:
+      containers:
+        - name: kafka-container
+          image: doughgle/kafka-kraft
+          ports:
+            - containerPort: 9092
+            - containerPort: 9093
+          env:
+            - name: REPLICAS
+              value: '3'
+            - name: SERVICE
+              value: kafka-svc
+            - name: NAMESPACE
+              value: kafka
+            - name: SHARE_DIR
+              value: /mnt/kafka
+            - name: CLUSTER_ID
+              value: bXktY2x1c3Rlci0xMjM0NQ==
+            - name: DEFAULT_REPLICATION_FACTOR
+              value: '3'
+            - name: DEFAULT_MIN_INSYNC_REPLICAS
+              value: '2'
+          volumeMounts:
+            - name: data
+              mountPath: /mnt/kafka
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes:
+          - 'ReadWriteOnce'
+        resources:
+          requests:
+            storage: '1Gi'
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kafka-svc
+  namespace: kafka
+  labels:
+    app: kafka-app
+spec:
+  type: NodePort
+  ports:
+    - name: '9092'
+      port: 9092
+      protocol: TCP
+      targetPort: 9092
+      nodePort: 30092
+  selector:
+    app: kafka-app

package/manifests/deployment/mongo-express/deployment.yaml

@@ -0,0 +1,60 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mongo-express
+  labels:
+    app: mongo-express
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mongo-express
+  template:
+    metadata:
+      labels:
+        app: mongo-express
+    spec:
+      containers:
+        - name: mongo-express
+          image: mongo-express
+          ports:
+            - containerPort: 8081
+          env:
+            - name: ME_CONFIG_MONGODB_ADMINUSERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: mongodb-secret
+                  key: username
+            - name: ME_CONFIG_MONGODB_ADMINPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mongodb-secret
+                  key: password
+            - name: ME_CONFIG_BASICAUTH_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: mongodb-secret
+                  key: username
+            - name: ME_CONFIG_BASICAUTH_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mongodb-secret
+                  key: password
+            - name: ME_CONFIG_MONGODB_SERVER
+              value: 'mongodb-0.mongodb-service'
+            - name: ME_CONFIG_MONGODB_ENABLE_ADMIN
+              value: 'true'
+            - name: ME_CONFIG_MONGODB_PORT
+              value: '27017'
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongo-express-service
+spec:
+  selector:
+    app: mongo-express
+  ports:
+    - protocol: TCP
+      port: 8081
+      targetPort: 8081

package/manifests/deployment/phpmyadmin/deployment.yaml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: phpmyadmin-deployment
+  labels:
+    app: phpmyadmin
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: phpmyadmin
+  template:
+    metadata:
+      labels:
+        app: phpmyadmin
+    spec:
+      containers:
+        - name: phpmyadmin
+          image: phpmyadmin/phpmyadmin
+          ports:
+            - containerPort: 80
+          env:
+            - name: PMA_HOST
+              value: 'mariadb'
+            - name: PMA_PORT
+              value: '3306'
+            - name: PMA_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-secret
+                  key: username
+            - name: PMA_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mariadb-secret
+                  key: password
+            - name: UPLOAD_LIMIT
+              value: '300M'
+            - name: PMA_ARBITRARY
+              value: '1'
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: phpmyadmin-service
+spec:
+  type: NodePort
+  selector:
+    app: phpmyadmin
+  ports:
+    - protocol: TCP
+      nodePort: 31008
+      port: 80
+      targetPort: 80

package/manifests/kind-config-dev.yaml

@@ -0,0 +1,12 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+  - role: worker
+    # extraPortMappings:
+    # - containerPort: 80
+    #   hostPort: 80
+    #   listenAddress: '0.0.0.0'
+    # - containerPort: 443
+    #   hostPort: 443
+    #   listenAddress: '0.0.0.0'

package/manifests/kind-config.yaml

@@ -0,0 +1,12 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+  - role: control-plane
+  - role: worker
+    extraPortMappings:
+      - containerPort: 80
+        hostPort: 80
+        listenAddress: '0.0.0.0'
+      - containerPort: 443
+        hostPort: 443
+        listenAddress: '0.0.0.0'

package/manifests/kubeadm-calico-config.yaml

@@ -0,0 +1,119 @@
+# This consolidated YAML file contains configurations for:
+# 1. Calico Installation (Installation and APIServer resources)
+# 2. A permissive Egress NetworkPolicy for the 'default' namespace
+#
+# These are standard Kubernetes resources that can be applied directly using 'kubectl apply'.
+# The kubeadm-specific ClusterConfiguration and InitConfiguration have been removed
+# as they are only processed by the 'kubeadm init' command, not 'kubectl apply'.
+
+# --- Calico Installation: Base configuration for Calico ---
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
+apiVersion: operator.tigera.io/v1
+kind: Installation
+metadata:
+  name: default
+spec:
+  # Configures Calico networking.
+  calicoNetwork:
+    # Note: The ipPools section cannot be modified post-install.
+    ipPools:
+      - blockSize: 26
+        cidr: 192.168.0.0/16
+        encapsulation: VXLANCrossSubnet
+        natOutgoing: Enabled
+        nodeSelector: all()
+
+---
+# This section configures the Calico API server.
+# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
+apiVersion: operator.tigera.io/v1
+kind: APIServer
+metadata:
+  name: default
+spec: {}
+
+---
+# This consolidated NetworkPolicy file ensures that all pods in the specified namespaces
+# have unrestricted egress (outbound) access.
+# This is useful for troubleshooting or for environments where strict egress control
+# is not immediately required for these system/default namespaces.
+
+---
+# Policy for the 'default' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-default-namespace
+  namespace: default # This policy applies to the 'default' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-system' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-system-namespace
+  namespace: kube-system # This policy applies to the 'kube-system' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-node-lease' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-node-lease-namespace
+  namespace: kube-node-lease # This policy applies to the 'kube-node-lease' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'kube-public' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-kube-public-namespace
+  namespace: kube-public # This policy applies to the 'kube-public' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
+
+---
+# Policy for the 'tigera-operator' namespace
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-all-egress-tigera-operator-namespace
+  namespace: tigera-operator # This policy applies to the 'tigera-operator' namespace
+spec:
+  podSelector: {} # Selects all pods in this namespace
+  policyTypes:
+    - Egress
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address

package/manifests/letsencrypt-prod.yaml

@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  namespace: cert-manager
+spec:
+  acme:
+    email: development@underpost.net
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    server: https://acme-v02.api.letsencrypt.org/directory
+    solvers:
+      - http01:
+          ingress:
+            class: contour

package/manifests/mariadb/config.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mariadb-config
+data:
+  my.cnf: | # bind-address=0.0.0.0
+    [mysqld]
+    default_storage_engine=InnoDB
+    innodb_file_per_table=1
+    max_connections=1000

package/manifests/mariadb/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+# kubectl apply -k mariadb/.
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - pv.yaml
+  - pvc.yaml
+  - statefulset.yaml
+  - service.yaml

package/manifests/mariadb/pv.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mariadb-pv
+spec:
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: /data/mariadb

package/manifests/mariadb/pvc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mariadb-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

package/manifests/mariadb/secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mariadb-secret
+type: Opaque
+data:
+  password:
+  username: