diff --git a/main.tf b/main.tf index 7dfe0a73..63753446 100644 --- a/main.tf +++ b/main.tf @@ -126,6 +126,8 @@ variable "tiny_tuya_api_secret" { type = string } variable "tiny_tuya_service_secret" { type = string } variable "tiny_tuya_slack_url" { type = string } variable "haos_api_token" { type = string } +variable "clickhouse_password" { type = string } +variable "clickhouse_postgres_password" { type = string } provider "kubernetes" { @@ -517,6 +519,9 @@ module "kubernetes_cluster" { tiny_tuya_service_secret = var.tiny_tuya_service_secret tiny_tuya_slack_url = var.tiny_tuya_slack_url haos_api_token = var.haos_api_token + + clickhouse_password = var.clickhouse_password + clickhouse_postgres_password = var.clickhouse_postgres_password } diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 7337a564..1f859481 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -105,7 +105,8 @@ variable "tiny_tuya_api_secret" { type = string } variable "tiny_tuya_service_secret" { type = string } variable "tiny_tuya_slack_url" { type = string } variable "haos_api_token" { type = string } - +variable "clickhouse_password" { type = string } +variable "clickhouse_postgres_password" { type = string } variable "defcon_level" { @@ -734,3 +735,10 @@ module "ebook2audiobook" { source = "./ebook2audiobook" tls_secret_name = var.tls_secret_name } + +module "rybbit" { + source = "./rybbit" + tls_secret_name = var.tls_secret_name + clickhouse_password = var.clickhouse_password + postgres_password = var.clickhouse_postgres_password +} diff --git a/modules/kubernetes/rybbit/main.tf b/modules/kubernetes/rybbit/main.tf new file mode 100644 index 00000000..796a7771 --- /dev/null +++ b/modules/kubernetes/rybbit/main.tf @@ -0,0 +1,359 @@ +variable "tls_secret_name" {} +variable "clickhouse_password" { type = string } +variable "postgres_password" { type = string } + +resource "kubernetes_namespace" "rybbit" { + metadata { + name = "rybbit" + } +} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "rybbit" + tls_secret_name = var.tls_secret_name +} + +resource "random_string" "random" { + length = 32 + lower = true +} + +locals { + clickhouse_db = "clickhouse" +} + + +resource "kubernetes_deployment" "clickhouse" { + metadata { + name = "clickhouse" + namespace = "rybbit" + labels = { + app = "clickhouse" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "clickhouse" + } + } + template { + metadata { + labels = { + app = "clickhouse" + } + } + spec { + container { + name = "clickhouse" + image = "clickhouse/clickhouse-server:25.4.2" + env { + name = "CLICKHOUSE_DB" + value = local.clickhouse_db + } + # env { + # name = "CLICKHOUSE_USER" + # value = "clickhouse" + # } + env { + name = "CLICKHOUSE_PASSWORD" + value = var.clickhouse_password + } + port { + name = "clickhouse" + protocol = "TCP" + container_port = 8123 + } + volume_mount { + name = "data" + mount_path = "/var/lib/clickhouse" + } + } + volume { + name = "data" + nfs { + path = "/mnt/main/clickhouse" + server = "10.0.10.15" + } + } + } + } + } +} + +resource "kubernetes_service" "clickhouse" { + metadata { + name = "clickhouse" + namespace = "rybbit" + labels = { + "app" = "clickhouse" + } + } + + spec { + selector = { + app = "clickhouse" + } + port { + name = "http" + target_port = 8123 + port = 8123 + protocol = "TCP" + } + } +} + +resource "kubernetes_deployment" "rybbit" { + metadata { + name = "rybbit" + namespace = "rybbit" + labels = { + app = "rybbit" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "rybbit" + } + } + template { + metadata { + labels = { + app = "rybbit" + } + } + spec { + container { + image = "ghcr.io/rybbit-io/rybbit-backend:latest" + name = "rybbit" + + env { + name = "NODE_ENV" + value = "production" + } + env { + name = "CLICKHOUSE_HOST" + value = "http://clickhouse.rybbit.svc.cluster.local:8123" + } + env { + name = "CLICKHOUSE_DB" + value = local.clickhouse_db + } + env { + name = "CLICKHOUSE_USER" + value = "default" + } + env { + name = "CLICKHOUSE_PASSWORD" + value = var.clickhouse_password + } + env { + name = "POSTGRES_HOST" + value = "postgresql.dbaas.svc.cluster.local" + } + env { + name = "POSTGRES_PORT" + value = "5432" + } + env { + name = "POSTGRES_DB" + value = "rybbit" + } + env { + name = "POSTGRES_USER" + value = "rybbit" + } + env { + name = "POSTGRES_PASSWORD" + value = var.postgres_password + } + env { + name = "BASE_URL" + value = "https://rybbit.viktorbarzin.me" + } + env { + name = "DISABLE_SIGNUP" + value = true + } + env { + name = "BETTER_AUTH_SECRET" + value = random_string.random.result + } + env { + name = "AUTH_ENABLED" + value = true + } + port { + container_port = 3001 + } + } + } + } + } +} + +resource "kubernetes_service" "rybbit" { + metadata { + name = "rybbit" + namespace = "rybbit" + labels = { + "app" = "rybbit" + } + } + + spec { + selector = { + "app" = "rybbit" + } + port { + name = "http" + port = 80 + target_port = 3001 + } + } +} + +resource "kubernetes_deployment" "rybbit-client" { + metadata { + name = "rybbit-client" + namespace = "rybbit" + labels = { + app = "rybbit-client" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "rybbit-client" + } + } + template { + metadata { + labels = { + app = "rybbit-client" + } + } + spec { + container { + name = "rybbit-client" + image = "ghcr.io/rybbit-io/rybbit-client:latest" + env { + name = "NODE_ENV" + value = "production" + } + env { + name = "DISABLE_SIGNUP" + value = true + } + port { + name = "rybbit-client" + protocol = "TCP" + container_port = 3002 + } + } + } + } + } +} + +resource "kubernetes_service" "rybbit-client" { + metadata { + name = "rybbit-client" + namespace = "rybbit" + labels = { + "app" = "rybbit-client" + } + } + + spec { + selector = { + "app" = "rybbit-client" + } + port { + name = "http" + port = 80 + target_port = 3002 + } + } +} + + +resource "kubernetes_ingress_v1" "rybbit" { + metadata { + name = "rybbit" + namespace = "rybbit" + + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/use-regex" = "true" + # Optional: enable SSL redirect + #"nginx.ingress.kubernetes.io/force-ssl-redirect" = "true" + + "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF + limit_req_status 429; + limit_conn_status 429; + + # Rybbit Analytics + # Only modify HTML + sub_filter_types text/html; + sub_filter_once off; + + # Disable compression so sub_filter works + proxy_set_header Accept-Encoding ""; + + # Inject analytics before + sub_filter '' ' + + '; + EOF + } + } + + spec { + ingress_class_name = "nginx" + tls { + hosts = ["rybbit.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "rybbit.viktorbarzin.me" + + http { + # API backend + path { + path = "/api(/|$)(.*)" + backend { + service { + name = "rybbit" + port { + number = 80 + } + } + } + } + + # Frontend + path { + path = "/" + path_type = "Prefix" + + backend { + service { + name = "rybbit-client" + port { + number = 80 + } + } + } + } + } + } + } +} diff --git a/terraform.tfvars b/terraform.tfvars index 21489391..bbf85579 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ