feat(wings): deploy ARK SA Wings instance

Reviewed-on: #83

deployments/game-servers/namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: game-servers
+  labels:
+    app.kubernetes.io/name: game-servers
+    app.kubernetes.io/managed-by: orion

deployments/game-servers/wings-ark-sa/deployment.yaml

@@ -0,0 +1,121 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wings-ark-sa
+  namespace: game-servers
+  labels:
+    app: wings-ark-sa
+    game: ark-sa
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: wings-ark-sa
+  template:
+    metadata:
+      labels:
+        app: wings-ark-sa
+        game: ark-sa
+    spec:
+      nodeSelector:
+        kubernetes.io/arch: amd64
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: game
+                    operator: In
+                    values: [ark-sa]
+              topologyKey: "kubernetes.io/hostname"
+      volumes:
+        - name: wings-config
+          secret:
+            secretName: wings-ark-sa-config
+        - name: game-data
+          persistentVolumeClaim:
+            claimName: wings-ark-sa-data
+        - name: docker-socket
+          emptyDir: {}
+        - name: autostart-token
+          secret:
+            secretName: pelican-autostart-key
+      containers:
+        - name: dind
+          image: docker:dind
+          args:
+            - "--storage-driver=vfs"
+            - "--iptables=false"
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: docker-socket
+              mountPath: /var/run/docker.sock
+          env:
+            - name: DOCKER_TLS_CERTDIR
+              value: ""
+          resources:
+            requests:
+              cpu: "500m"
+              memory: "512Mi"
+            limits:
+              cpu: "1"
+              memory: "1Gi"
+        - name: wings
+          image: ghcr.io/pelican-dev/wings:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              export DOCKER_HOST=tcp://localhost:2375
+              exec wings
+          envFrom:
+            - secretRef:
+                name: wings-ark-sa-config
+          env:
+            - name: DOCKER_HOST
+              value: tcp://localhost:2375
+            - name: WATCHDOG_ENABLED
+              value: "true"
+          volumeMounts:
+            - name: wings-config
+              mountPath: /etc/pterodactyl
+              readOnly: true
+            - name: game-data
+              mountPath: /mnt/server
+            - name: docker-socket
+              mountPath: /var/run/docker.sock
+          resources:
+            requests:
+              cpu: "2"
+              memory: "4Gi"
+            limits:
+              cpu: "4"
+              memory: "8Gi"
+        - name: game-autostart
+          image: curlimages/curl:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              while true; do
+                sleep 60
+                curl -sf -X POST "https://pelican.khalisio.com/api/client/servers/3fd0b08d-7393-4d0f-b11c-bad5e1d1f771/power" \
+                  -H "Authorization: Bearer $(cat /etc/secrets/autostart/api_key)" \
+                  -H "Content-Type: application/json" \
+                  -d '{"signal":"start"}' > /dev/null 2>&1 || true
+              done
+          volumeMounts:
+            - name: autostart-token
+              mountPath: /etc/secrets/autostart
+              readOnly: true
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "64Mi"
+            limits:
+              cpu: "100m"
+              memory: "128Mi"
+      restartPolicy: Always

deployments/game-servers/wings-ark-sa/externalsecret.yaml

@@ -0,0 +1,26 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: wings-ark-sa-config
+  namespace: game-servers
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: wings-ark-sa-config
+    creationPolicy: Owner
+  data:
+    - secretKey: WINGS_UUID
+      remoteRef:
+        key: wings/ark-sa
+        property: uuid
+    - secretKey: WINGS_TOKEN
+      remoteRef:
+        key: wings/ark-sa
+        property: token
+    - secretKey: LOCALE
+      remoteRef:
+        key: wings/ark-sa
+        property: locale

deployments/game-servers/wings-ark-sa/ingress.yaml

@@ -0,0 +1,27 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: wings-ark-sa-api
+  namespace: game-servers
+spec:
+  entryPoints:
+    - websecure
+  tls:
+    secretName: wings-ark-sa-tls
+  routes:
+    - match: Host(`wings-ark-sa.khalisio.com`)
+      kind: Rule
+      services:
+        - name: wings-ark-sa-api
+          port: 8081
+          scheme: https
+          serversTransport: wings-ark-sa-st
+---
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: wings-ark-sa-st
+  namespace: game-servers
+spec:
+  serverTransport:
+    insecureSkipVerify: true

deployments/game-servers/wings-ark-sa/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wings-ark-sa-data
+  namespace: game-servers
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 150Gi

deployments/game-servers/wings-ark-sa/service-api.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wings-ark-sa-api
+  namespace: game-servers
+spec:
+  type: ClusterIP
+  ports:
+    - name: api
+      port: 8081
+      targetPort: 8081
+      protocol: TCP
+    - name: sftp
+      port: 2023
+      targetPort: 2023
+      protocol: TCP
+  selector:
+    app: wings-ark-sa

deployments/game-servers/wings-ark-sa/service-game.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wings-ark-sa-game
+  namespace: game-servers
+  annotations:
+    metallb.universe.tf/address-pool: default-lb-pool
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.4.4.200
+  ports:
+    - name: ark-game
+      port: 7777
+      protocol: UDP
+      targetPort: 7777
+    - name: ark-query
+      port: 27015
+      protocol: UDP
+      targetPort: 27015
+    - name: ark-tcp
+      port: 27016
+      protocol: TCP
+      targetPort: 27016
+  selector:
+    app: wings-ark-sa

deployments/media/media-pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: media-data
+  namespace: media
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 500Gi

deployments/media/readarr-pvc.yaml

@@ -1,25 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: readarr-config
-  namespace: media
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 2Gi
-  storageClassName: longhorn
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: readarr-books
-  namespace: media
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 2Gi
-  storageClassName: longhorn

deployments/media/readarr/deployment.yaml

@@ -1,56 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: readarr
-  namespace: media
-  labels:
-    app: readarr
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: readarr
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: readarr
-    spec:
-      containers:
-        - name: readarr
-          image: lscr.io/linuxserver/readarr:latest
-          ports:
-            - containerPort: 8787
-              name: http
-          env:
-            - name: PUID
-              value: "1000"
-            - name: PGID
-              value: "1000"
-            - name: TZ
-              value: Etc/UTC
-          volumeMounts:
-            - name: config
-              mountPath: /config
-            - name: media-data
-              mountPath: /media
-            - name: books
-              mountPath: /books
-          resources:
-            requests:
-              cpu: 100m
-              memory: 256Mi
-            limits:
-              cpu: 500m
-              memory: 512Mi
-      volumes:
-        - name: config
-          persistentVolumeClaim:
-            claimName: readarr-config
-        - name: media-data
-          persistentVolumeClaim:
-            claimName: media-data
-        - name: books
-          persistentVolumeClaim:
-            claimName: readarr-books

deployments/media/readarr/ingress.yaml

@@ -1,24 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: readarr
-  namespace: media
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-spec:
-  tls:
-    - hosts:
-        - readarr.khalisio.com
-      secretName: readarr-tls
-  rules:
-    - host: readarr.khalisio.com
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: readarr
-                port:
-                  name: http

deployments/media/readarr/service.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: readarr
-  namespace: media
-spec:
-  selector:
-    app: readarr
-  ports:
-    - name: http
-      protocol: TCP
-      port: 8787
-      targetPort: 8787
-  type: ClusterIP

deployments/pelican/namespace.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: pelican
+  labels:
+    app.kubernetes.io/name: pelican
+    app.kubernetes.io/managed-by: orion