From 907b0b7746d61e400ee08b1fce2b2cbcaac61996 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Fri, 29 Nov 2024 08:19:22 -0600 Subject: [PATCH] deploy pterodactyl --- kubernetes/apps/default/kustomization.yaml | 1 + .../pterodactyl/app/externalsecret.yaml | 30 ++++++ .../default/pterodactyl/app/helmrelease.yaml | 95 +++++++++++++++++++ .../pterodactyl/app/kustomization.yaml | 10 ++ .../apps/default/pterodactyl/app/mariadb.yaml | 89 +++++++++++++++++ kubernetes/apps/default/pterodactyl/ks.yaml | 30 ++++++ 6 files changed, 255 insertions(+) create mode 100644 kubernetes/apps/default/pterodactyl/app/externalsecret.yaml create mode 100644 kubernetes/apps/default/pterodactyl/app/helmrelease.yaml create mode 100644 kubernetes/apps/default/pterodactyl/app/kustomization.yaml create mode 100644 kubernetes/apps/default/pterodactyl/app/mariadb.yaml create mode 100644 kubernetes/apps/default/pterodactyl/ks.yaml diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml index b755fa08..e614ca1f 100644 --- a/kubernetes/apps/default/kustomization.yaml +++ b/kubernetes/apps/default/kustomization.yaml @@ -18,6 +18,7 @@ resources: - ./overseerr/ks.yaml - ./plex/ks.yaml - ./prowlarr/ks.yaml + - ./pterodactyl/ks.yaml - ./radarr/ks.yaml - ./recyclarr/ks.yaml - ./redlib/ks.yaml diff --git a/kubernetes/apps/default/pterodactyl/app/externalsecret.yaml b/kubernetes/apps/default/pterodactyl/app/externalsecret.yaml new file mode 100644 index 00000000..6f23e7dd --- /dev/null +++ b/kubernetes/apps/default/pterodactyl/app/externalsecret.yaml @@ -0,0 +1,30 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: pterodactyl +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: pterodactyl-secret + template: + engineVersion: v2 + data: + APP_SERVICE_AUTHOR: "{{ .PTERODACTYL_APP_EMAIL }}" + APP_URL: "https://pt.hsn.dev" + DB_DATABASE: "pterodactyl" + DB_HOST: "mariadb.database.svc.cluster.local" + DB_PASSWORD: "{{ .PTERODACTYL_MARIADB_PANEL_PASSWORD }}" + DB_USERNAME: "pterodactyl" + REDIS_HOST: "dragonfly.database.svc.cluster.local" + + dataFrom: + - extract: + key: pterodactyl + rewrite: + - regexp: + source: "(.*)" + target: "PTERODACTYL_$1" diff --git a/kubernetes/apps/default/pterodactyl/app/helmrelease.yaml b/kubernetes/apps/default/pterodactyl/app/helmrelease.yaml new file mode 100644 index 00000000..66642779 --- /dev/null +++ b/kubernetes/apps/default/pterodactyl/app/helmrelease.yaml @@ -0,0 +1,95 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app pterodactyl +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + strategy: rollback + values: + controllers: + pterodactyl: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/pterodactyl/panel + tag: v1.11.10@sha256:6c9d060396c0a2c273aa5573460ed51f9176016dac59608b414a3cb02b0cc30c + env: + CACHE_DRIVER: "redis" + SESSION_DRIVER: "redis" + QUEUE_DRIVER: "redis" + APP_ENV: "production" + APP_ENVIRONMENT_ONLY: "false" + APP_TIMEZONE: America/Chicago + TRUSTED_PROXIES: "*" + TZ: America/Chicago + envFrom: + - secretRef: + name: pterodactyl-secret + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 1Gi + pod: + securityContext: + runAsUser: 568 + runAsGroup: 568 + runAsNonRoot: true + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + service: + app: + controller: pterodactyl + ports: + http: + port: 80 + ingress: + app: + enabled: true + className: external-nginx + annotations: + external-dns.alpha.kubernetes.io/target: external.hsn.dev + external-dns.alpha.kubernetes.io/cloudflare-proxied: "true" + hosts: + - host: &host "pt.hsn.dev" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + persistence: + config: + existingClaim: *app + globalMounts: + - path: /app/var + - path: /app/storage/logs + - path: /etc/nginx/http.d + - path: /etc/letsencrypt + tmp: + type: emptyDir diff --git a/kubernetes/apps/default/pterodactyl/app/kustomization.yaml b/kubernetes/apps/default/pterodactyl/app/kustomization.yaml new file mode 100644 index 00000000..5ab46350 --- /dev/null +++ b/kubernetes/apps/default/pterodactyl/app/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml + - ./mariadb.yaml + - ../../../../templates/gatus/external + - ../../../../templates/volsync diff --git a/kubernetes/apps/default/pterodactyl/app/mariadb.yaml b/kubernetes/apps/default/pterodactyl/app/mariadb.yaml new file mode 100644 index 00000000..ab211e7f --- /dev/null +++ b/kubernetes/apps/default/pterodactyl/app/mariadb.yaml @@ -0,0 +1,89 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/database_v1alpha1.json +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: pterodactyl +spec: + mariaDbRef: + name: mariadb + namespace: database + characterSet: utf8 + collate: utf8_general_ci +--- +# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/user_v1alpha1.json +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + name: pterodactyl +spec: + mariaDbRef: + name: mariadb + namespace: database + passwordSecretKeyRef: + name: pterodactyl-secret + key: DB_PASSWORD + maxUserConnections: 20 + host: "%" + cleanupPolicy: Delete + +--- +# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/grant_v1alpha1.json +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: grant-pterodactyl +spec: + mariaDbRef: + name: mariadb + namespace: database + privileges: + - "SELECT" + - "INSERT" + - "UPDATE" + database: "pterodactyl" + table: "*" + username: pterodactyl + grantOption: true + host: "%" +--- +# yaml-language-server: $schema=https://ks.hsn.dev/k8s.mariadb.com/backup_v1alpha1.json +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Backup +metadata: + name: &name mariadb-pterodactyl-backup + namespace: database +spec: + mariaDbRef: + name: mariadb + namespace: database + timeZone: "America/Chicago" + schedule: + cron: "0 * * * *" + suspend: false + stagingStorage: + persistentVolumeClaim: + storageClassName: openebs-hostpath + resources: + requests: + storage: 6Gi + accessModes: + - ReadWriteOnce + podSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + databases: + - pterodactyl + storage: + s3: + endpoint: s3.hsn.dev + bucket: mariadb + prefix: pterodactyl/ + accessKeyIdSecretKeyRef: + name: mariadb-secret + key: AWS_ACCESS_KEY_ID + secretAccessKeySecretKeyRef: + name: mariadb-secret + key: AWS_SECRET_ACCESS_KEY diff --git a/kubernetes/apps/default/pterodactyl/ks.yaml b/kubernetes/apps/default/pterodactyl/ks.yaml new file mode 100644 index 00000000..18876834 --- /dev/null +++ b/kubernetes/apps/default/pterodactyl/ks.yaml @@ -0,0 +1,30 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app pterodactyl + namespace: flux-system +spec: + targetNamespace: default + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets + - name: dragonfly-cluster + - name: mariadb-cluster + - name: rook-ceph-cluster + - name: volsync + path: ./kubernetes/apps/default/pterodactyl/app + prune: true + sourceRef: + kind: GitRepository + name: theshire + wait: false + interval: 30m + timeout: 5m + postBuild: + substitute: + APP: *app + GATUS_SUBDOMAIN: "pt"