#0000 - Add Kubernetes manifests for PrivateBin deployment

Introduced Kubernetes YAML configurations for deploying PrivateBin. This includes namespace, PVC, deployment, service, ingress, and a utility pod for data restoration. Updated README with instructions and added an MIT license file.
2024-12-28 23:34:57 +01:00 · 2024-12-28 23:34:57 +01:00 · d162d7651d
commit d162d7651d
parent de9f58f050
8 changed files with 242 additions and 1 deletions
--- a/00-namespace.yaml
+++ b/00-namespace.yaml
@ -0,0 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: privatebin
--- a/01-pvc.yaml
+++ b/01-pvc.yaml
@ -0,0 +1,11 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  namespace: privatebin
  name: privatebin-data
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
--- a/02-deployments.yaml
+++ b/02-deployments.yaml
@ -0,0 +1,36 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  namespace: privatebin
  name: app
 spec:
  replicas: 1
  selector:
    matchLabels:
      name: app
  template:
    metadata:
      labels:
        name: app
        instance: app-prod
        component: frontend
        part-of: privateBin
        managed-by: k8s-yaml
    spec:
      containers:
        - name: app
          image: ghcr.io/privatebin/nginx-fpm-alpine:stable
          ports:
            - containerPort: 8080
          readinessProbe:
            tcpSocket:
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 10
          volumeMounts:
            - mountPath: /srv/data
              name: privatebin-data
      volumes:
        - name: privatebin-data
          persistentVolumeClaim:
            claimName: privatebin-data
--- a/03-service.yaml
+++ b/03-service.yaml
@ -0,0 +1,12 @@
 apiVersion: v1
 kind: Service
 metadata:
  namespace: privatebin
  name: app
 spec:
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP
  selector:
    name: app
--- a/04-ingress.yaml
+++ b/04-ingress.yaml
@ -0,0 +1,25 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  namespace: privatebin
  name: privatebin-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    external-dns.alpha.kubernetes.io/hostname: bin.van-hemmen.com
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
 spec:
  rules:
    - host: bin.van-hemmen.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: app
                port:
                  number: 80
  tls:
    - hosts:
        - bin.van-hemmen.com
      secretName: bin-web-tls
--- a/99-restore-pod.yaml
+++ b/99-restore-pod.yaml
@ -0,0 +1,17 @@
 #apiVersion: v1
 #kind: Pod
 #metadata:
 #  namespace: privatebin
 #  name: data-transfer-pod
 #spec:
 #  containers:
 #    - name: transfer
 #      image: busybox
 #      command: ["sleep", "3600"]
 #      volumeMounts:
 #        - mountPath: /srv/data
 #          name: longhorn-volume
 #  volumes:
 #    - name: longhorn-volume
 #      persistentVolumeClaim:
 #        claimName: privatebin-data
--- a/21
+++ b/21
@ -0,0 +1,21 @@
 MIT License
 Copyright (c) 2024 Guillaume 'B.B.' Van Hemmen
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/README.md
+++ b/README.md
@ -1,2 +1,117 @@
-# privateBin
+# K8s PrivateBin Deployment
 This repository contains Kubernetes manifests for deploying **PrivateBin**, an
 open-source minimalist, encrypted pastebin, into a Kubernetes cluster. The
 deployment is configured with Persistent Volumes, namespaces, services, and
 ingress for external access.
 ## Project Structure
 The project consists of the following Kubernetes YAML manifests:
 - **00-namespace.yaml**: Specifies the namespace for isolating the PrivateBin
  deployment.
 - **01-pvc.yaml**: Configures the Persistent Volume Claim (PVC) to store
  PrivateBin data persistently.
 - **02-deployments.yaml**: Contains the deployment configuration for the
  PrivateBin pod(s).
 - **03-service.yaml**: Defines the service for exposing the deployment
  internally within the cluster.
 - **04-ingress.yaml**: Configures the ingress resource for routing external
  traffic to the PrivateBin service.
 ## Prerequisites
 Before deploying this project, ensure the following are already set up:
 1. A Kubernetes cluster (e.g., Minikube, AKS, GKE, EKS, etc.).
 2. `kubectl` CLI configured to interact with your cluster.
 3. An ingress controller installed in your cluster (e.g., NGINX/Traefik).
 ## Deployment Instructions
 Follow the steps below to deploy PrivateBin:
 ### 1. Clone the Repository
 ```bash
 git clone https://git.van-hemmen.com/GuillaumeHemmen-k8s/privateBin.git
 cd privateBin
 ```
 ### 2. Apply Kubernetes Manifests
 Run the following commands to apply the manifests sequentially:
 ```bash
 # Step 1: Create the namespace
 kubectl apply -f 00-namespace.yaml
 # Step 2: Apply Persistent Volume Claim
 kubectl apply -f 01-pvc.yaml
 # Step 3: Deploy PrivateBin
 kubectl apply -f 02-deployments.yaml
 # Step 4: Apply Service configuration
 kubectl apply -f 03-service.yaml
 # Step 5: Configure Ingress
 kubectl apply -f 04-ingress.yaml
 ```
 ### 3. Verify the Deployment
 - Check if all pods are running:
  ```bash
  kubectl get pods -n privatebin
  ```
 - Check the ingress details:
  ```bash
  kubectl get ingress -n privatebin
  ```
 ### 4. Access PrivateBin
 - Access your PrivateBin instance using the URL configured in the
  `04-ingress.yaml` file. Ensure the DNS or host settings are properly
  configured to route traffic appropriately.
 ## Customization
 ### Modify Namespace
 If needed, update the namespace in each `.yaml` file to match your cluster's
 organization.
 ### Update Ingress Configuration
 Set your desired domain or hostname in `04-ingress.yaml` under the `host` field.
 ### Persistent Volume Storage Class
 Update the `storageClassName` in `01-pvc.yaml` if necessary to match your
 cluster's storage configuration.
 ## Cleanup
 To remove the deployment, run:
 ```bash
 kubectl delete -f 04-ingress.yaml
 kubectl delete -f 03-service.yaml
 kubectl delete -f 02-deployments.yaml
 kubectl delete -f 01-pvc.yaml
 kubectl delete -f 00-namespace.yaml
 ```
 ## Notes
 - Ensure ingress is properly configured, as it is dependent on your cluster's
  ingress controller setup.
 - Persistent storage is configured to ensure your data is kept even if the pod
  restarts.
 ## License
 This project is licensed under the [MIT License](LICENSE).