deploy pterodactyl

2024-11-29 08:19:22 -06:00 · 2024-11-29 08:19:22 -06:00 · 907b0b7746
commit 907b0b7746
parent b2bac535a7
6 changed files with 255 additions and 0 deletions
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@ -18,6 +18,7 @@ resources:
  - ./overseerr/ks.yaml
  - ./plex/ks.yaml
  - ./prowlarr/ks.yaml
+  - ./pterodactyl/ks.yaml
  - ./radarr/ks.yaml
  - ./recyclarr/ks.yaml
  - ./redlib/ks.yaml
--- a/kubernetes/apps/default/pterodactyl/app/externalsecret.yaml
+++ b/kubernetes/apps/default/pterodactyl/app/externalsecret.yaml
@ -0,0 +1,30 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pterodactyl
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: pterodactyl-secret
+    template:
+      engineVersion: v2
+      data:
+        APP_SERVICE_AUTHOR: "{{ .PTERODACTYL_APP_EMAIL }}"
+        APP_URL: "https://pt.hsn.dev"
+        DB_DATABASE: "pterodactyl"
+        DB_HOST: "mariadb.database.svc.cluster.local"
+        DB_PASSWORD: "{{ .PTERODACTYL_MARIADB_PANEL_PASSWORD }}"
+        DB_USERNAME: "pterodactyl"
+        REDIS_HOST: "dragonfly.database.svc.cluster.local"
+
+  dataFrom:
+    - extract:
+        key: pterodactyl
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "PTERODACTYL_$1"
--- a/kubernetes/apps/default/pterodactyl/app/helmrelease.yaml
+++ b/kubernetes/apps/default/pterodactyl/app/helmrelease.yaml
@ -0,0 +1,95 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app pterodactyl
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    controllers:
+      pterodactyl:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            image:
+              repository: ghcr.io/pterodactyl/panel
+              tag: v1.11.10@sha256:6c9d060396c0a2c273aa5573460ed51f9176016dac59608b414a3cb02b0cc30c
+            env:
+              CACHE_DRIVER: "redis"
+              SESSION_DRIVER: "redis"
+              QUEUE_DRIVER: "redis"
+              APP_ENV: "production"
+              APP_ENVIRONMENT_ONLY: "false"
+              APP_TIMEZONE: America/Chicago
+              TRUSTED_PROXIES: "*"
+              TZ: America/Chicago
+            envFrom:
+              - secretRef:
+                  name: pterodactyl-secret
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 10m
+              limits:
+                memory: 1Gi
+        pod:
+          securityContext:
+            runAsUser: 568
+            runAsGroup: 568
+            runAsNonRoot: true
+            fsGroup: 568
+            fsGroupChangePolicy: OnRootMismatch
+    service:
+      app:
+        controller: pterodactyl
+        ports:
+          http:
+            port: 80
+    ingress:
+      app:
+        enabled: true
+        className: external-nginx
+        annotations:
+          external-dns.alpha.kubernetes.io/target: external.hsn.dev
+          external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
+        hosts:
+          - host: &host "pt.hsn.dev"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        existingClaim: *app
+        globalMounts:
+          - path: /app/var
+          - path: /app/storage/logs
+          - path: /etc/nginx/http.d
+          - path: /etc/letsencrypt
+      tmp:
+        type: emptyDir
--- a/kubernetes/apps/default/pterodactyl/app/kustomization.yaml
+++ b/kubernetes/apps/default/pterodactyl/app/kustomization.yaml
@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
+  - ./mariadb.yaml
+  - ../../../../templates/gatus/external
+  - ../../../../templates/volsync
--- a/kubernetes/apps/default/pterodactyl/app/mariadb.yaml
+++ b/kubernetes/apps/default/pterodactyl/app/mariadb.yaml
@ -0,0 +1,89 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/database_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Database
+metadata:
+  name: pterodactyl
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  characterSet: utf8
+  collate: utf8_general_ci
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/user_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+  name: pterodactyl
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  passwordSecretKeyRef:
+    name: pterodactyl-secret
+    key: DB_PASSWORD
+  maxUserConnections: 20
+  host: "%"
+  cleanupPolicy: Delete
+
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/grant_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+  name: grant-pterodactyl
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  privileges:
+    - "SELECT"
+    - "INSERT"
+    - "UPDATE"
+  database: "pterodactyl"
+  table: "*"
+  username: pterodactyl
+  grantOption: true
+  host: "%"
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/backup_v1alpha1.json
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Backup
+metadata:
+  name: &name mariadb-pterodactyl-backup
+  namespace: database
+spec:
+  mariaDbRef:
+    name: mariadb
+    namespace: database
+  timeZone: "America/Chicago"
+  schedule:
+    cron: "0 * * * *"
+    suspend: false
+  stagingStorage:
+    persistentVolumeClaim:
+      storageClassName: openebs-hostpath
+      resources:
+        requests:
+          storage: 6Gi
+      accessModes:
+        - ReadWriteOnce
+  podSecurityContext:
+    runAsUser: 568
+    runAsGroup: 568
+    fsGroup: 568
+    fsGroupChangePolicy: OnRootMismatch
+  databases:
+    - pterodactyl
+  storage:
+    s3:
+      endpoint: s3.hsn.dev
+      bucket: mariadb
+      prefix: pterodactyl/
+      accessKeyIdSecretKeyRef:
+        name: mariadb-secret
+        key: AWS_ACCESS_KEY_ID
+      secretAccessKeySecretKeyRef:
+        name: mariadb-secret
+        key: AWS_SECRET_ACCESS_KEY
--- a/kubernetes/apps/default/pterodactyl/ks.yaml
+++ b/kubernetes/apps/default/pterodactyl/ks.yaml
@ -0,0 +1,30 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app pterodactyl
+  namespace: flux-system
+spec:
+  targetNamespace: default
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets
+    - name: dragonfly-cluster
+    - name: mariadb-cluster
+    - name: rook-ceph-cluster
+    - name: volsync
+  path: ./kubernetes/apps/default/pterodactyl/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: false
+  interval: 30m
+  timeout: 5m
+  postBuild:
+    substitute:
+      APP: *app
+      GATUS_SUBDOMAIN: "pt"