Merge pull request 'feat(pelican): deploy Pelican Panel with database and ingress' (#84) from orion/auto/feat-pelican-deploy-pelican-panel-with-d-1779147272995 into main

Reviewed-on: #84

deployments/pelican/deployment.yaml

@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pelican-panel
+  namespace: pelican
+  labels:
+    app.kubernetes.io/name: pelican
+    app.kubernetes.io/component: panel
+    app.kubernetes.io/managed-by: orion
+spec:
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: pelican
+      app.kubernetes.io/component: panel
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: pelican
+        app.kubernetes.io/component: panel
+    spec:
+      containers:
+        - name: panel
+          image: ghcr.io/pelican-dev/panel:latest
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          env:
+            - name: APP_ENV
+              value: production
+            - name: APP_NAME
+              value: "Pelican"
+            - name: APP_URL
+              value: "https://pelican.khalisio.com"
+            - name: DB_HOST
+              value: postgres.pelican.svc.cluster.local
+            - name: DB_PORT
+              value: "5432"
+            - name: DB_DATABASE
+              value: pelican
+            - name: DB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-db
+                  key: DB_USER
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-db
+                  key: DB_PASSWORD
+            - name: APP_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-app
+                  key: APP_KEY
+            - name: SESSION_SECURE
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-app
+                  key: SESSION_SECURE
+            - name: OAUTH_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-app
+                  key: OAUTH_CLIENT_SECRET
+            - name: OAUTH_CLIENT_ID
+              value: pelican-panel
+            - name: OAUTH_BASE_URI
+              value: "https://pelican.khalisio.com"
+            - name: OAUTH_AUTH_SERVER_URI
+              value: "https://auth.khalisio.com"
+            - name: OAUTH_CLIENT_PORTAL_URI
+              value: "https://auth.khalisio.com"
+            - name: OAUTH_CLIENT_ADMIN_URI
+              value: "https://auth.khalisio.com"
+            - name: CACHE_DRIVER
+              value: file
+            - name: SESSION_DRIVER
+              value: file
+          volumeMounts:
+            - name: data
+              mountPath: /var/www/app/storage
+            - name: logs
+              mountPath: /var/www/app/storage/logs
+            - name: uploads
+              mountPath: /var/www/app/public/uploads
+            - name: pufferpanel
+              mountPath: /var/www/app/storage/pufferpanel
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: pelican-data
+        - name: logs
+          persistentVolumeClaim:
+            claimName: pelican-logs
+        - name: uploads
+          persistentVolumeClaim:
+            claimName: pelican-data
+        - name: pufferpanel
+          persistentVolumeClaim:
+            claimName: pelican-data

deployments/pelican/externalsecret-app.yaml

@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pelican-panel-app
+  namespace: pelican
+spec:
+  refreshInterval: 1h
+  target:
+    name: pelican-panel-app
+    creationPolicy: Owner
+  data:
+    - secretKey: APP_KEY
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/app
+        property: APP_KEY
+    - secretKey: SESSION_SECURE
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/app
+        property: SESSION_SECURE
+    - secretKey: OAUTH_CLIENT_SECRET
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/app
+        property: OAUTH_CLIENT_SECRET

deployments/pelican/externalsecret-autostart.yaml

@@ -0,0 +1,15 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pelican-autostart-key
+  namespace: pelican
+spec:
+  refreshInterval: 1h
+  target:
+    name: pelican-autostart-key
+    creationPolicy: Owner
+  data:
+    - secretKey: api_key
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/autostart
+        property: api_key

deployments/pelican/externalsecret-db.yaml

@@ -0,0 +1,19 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pelican-panel-db
+  namespace: pelican
+spec:
+  refreshInterval: 1h
+  target:
+    name: pelican-panel-db
+    creationPolicy: Owner
+  data:
+    - secretKey: DB_PASSWORD
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/db
+        property: DB_PASSWORD
+    - secretKey: DB_USER
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/db
+        property: DB_USER

deployments/pelican/ingress.yaml

@@ -0,0 +1,19 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: pelican-panel
+  namespace: pelican
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  entryPoints:
+    - websecure
+  tls:
+    secretName: pelican-panel-tls
+  routes:
+    - match: Host(`pelican.khalisio.com`)
+      kind: Rule
+      services:
+        - name: pelican-panel
+          port: 80
+          scheme: http

deployments/pelican/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pelican-panel
+  namespace: pelican
+  labels:
+    app.kubernetes.io/name: pelican
+    app.kubernetes.io/component: panel
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: pelican
+    app.kubernetes.io/component: panel
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8080
+      protocol: TCP

deployments/pelican/storage.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pelican-data
+  namespace: pelican
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+  storageClassName: longhorn
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pelican-logs
+  namespace: pelican
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: longhorn