diff --git a/composer.lock b/composer.lock index b09ff8f..e9ff6a9 100644 --- a/composer.lock +++ b/composer.lock @@ -62,16 +62,16 @@ }, { "name": "aws/aws-sdk-php", - "version": "3.356.25", + "version": "3.356.29", "source": { "type": "git", "url": "https://github.com/aws/aws-sdk-php.git", - "reference": "d78bd3b221890aac679ec3b6cb5abcb01fd42699" + "reference": "3e413221956aa969f379ff6fa67a303ce76aad13" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/d78bd3b221890aac679ec3b6cb5abcb01fd42699", - "reference": "d78bd3b221890aac679ec3b6cb5abcb01fd42699", + "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/3e413221956aa969f379ff6fa67a303ce76aad13", + "reference": "3e413221956aa969f379ff6fa67a303ce76aad13", "shasum": "" }, "require": { @@ -153,9 +153,9 @@ "support": { "forum": "https://github.com/aws/aws-sdk-php/discussions", "issues": "https://github.com/aws/aws-sdk-php/issues", - "source": "https://github.com/aws/aws-sdk-php/tree/3.356.25" + "source": "https://github.com/aws/aws-sdk-php/tree/3.356.29" }, - "time": "2025-09-24T18:08:25+00:00" + "time": "2025-09-30T18:12:45+00:00" }, { "name": "composer/installers", @@ -1318,7 +1318,7 @@ }, { "name": "roots/wordpress", - "version": "6.8.2", + "version": "6.8.3", "source": { "type": "git", "url": "https://github.com/roots/wordpress.git", @@ -1349,7 +1349,7 @@ ], "support": { "issues": "https://github.com/roots/wordpress/issues", - "source": "https://github.com/roots/wordpress/tree/6.8.2" + "source": "https://github.com/roots/wordpress/tree/6.8.3" }, "funding": [ { @@ -1428,23 +1428,23 @@ }, { "name": "roots/wordpress-no-content", - "version": "6.8.2", + "version": "6.8.3", "source": { "type": "git", "url": "https://github.com/WordPress/WordPress.git", - "reference": "6.8.2" + "reference": "6.8.3" }, "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/release/wordpress-6.8.2-no-content.zip", - "reference": "6.8.2", - "shasum": "7d8dcb839f4754e331d93b86f9adc8c171d81e97" + "url": "https://downloads.wordpress.org/release/wordpress-6.8.3-no-content.zip", + "reference": "6.8.3", + "shasum": "2c34ba506afd8061d96cde50b2c92f109c10d2c8" }, "require": { "php": ">= 7.2.24" }, "provide": { - "wordpress/core-implementation": "6.8.2" + "wordpress/core-implementation": "6.8.3" }, "suggest": { "ext-curl": "Performs remote request operations.", @@ -1495,7 +1495,7 @@ "type": "other" } ], - "time": "2025-07-15T15:29:08+00:00" + "time": "2025-09-30T18:16:31+00:00" }, { "name": "roots/wp-config", @@ -1966,15 +1966,15 @@ }, { "name": "wpackagist-plugin/ad-inserter", - "version": "2.8.6", + "version": "2.8.7", "source": { "type": "svn", "url": "https://plugins.svn.wordpress.org/ad-inserter/", - "reference": "tags/2.8.6" + "reference": "tags/2.8.7" }, "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/plugin/ad-inserter.2.8.6.zip" + "url": "https://downloads.wordpress.org/plugin/ad-inserter.2.8.7.zip" }, "require": { "composer/installers": "^1.0 || ^2.0" @@ -2220,16 +2220,16 @@ "packages-dev": [ { "name": "heroku/heroku-buildpack-php", - "version": "v274", + "version": "v275", "source": { "type": "git", "url": "https://github.com/heroku/heroku-buildpack-php.git", - "reference": "0383c0a081ef588c2d562ad4649421a6df669252" + "reference": "a1f687c253f74f8d6db74a1410c43966e22cf946" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/heroku/heroku-buildpack-php/zipball/0383c0a081ef588c2d562ad4649421a6df669252", - "reference": "0383c0a081ef588c2d562ad4649421a6df669252", + "url": "https://api.github.com/repos/heroku/heroku-buildpack-php/zipball/a1f687c253f74f8d6db74a1410c43966e22cf946", + "reference": "a1f687c253f74f8d6db74a1410c43966e22cf946", "shasum": "" }, "bin": [ @@ -2259,9 +2259,9 @@ ], "support": { "issues": "https://github.com/heroku/heroku-buildpack-php/issues", - "source": "https://github.com/heroku/heroku-buildpack-php/tree/v274" + "source": "https://github.com/heroku/heroku-buildpack-php/tree/v275" }, - "time": "2025-09-19T21:18:10+00:00" + "time": "2025-09-30T23:28:36+00:00" }, { "name": "roave/security-advisories", diff --git a/k8s/build/0-default-lifecycle.yaml b/k8s/build/0-default-lifecycle.yaml new file mode 100644 index 0000000..360f666 --- /dev/null +++ b/k8s/build/0-default-lifecycle.yaml @@ -0,0 +1,6 @@ +apiVersion: kpack.io/v1alpha2 +kind: ClusterLifecycle +metadata: + name: default-lifecycle +spec: + image: buildpacksio/lifecycle diff --git a/k8s/build/0-kpack-service-account.yaml b/k8s/build/0-kpack-service-account.yaml new file mode 100644 index 0000000..6c4fb27 --- /dev/null +++ b/k8s/build/0-kpack-service-account.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kpack-service-account + namespace: kpack +secrets: +- name: kp-default-registry-creds +imagePullSecrets: +- name: kp-default-registry-creds diff --git a/k8s/build/1-default-clusterstores.yaml b/k8s/build/1-default-clusterstores.yaml new file mode 100644 index 0000000..f9006d1 --- /dev/null +++ b/k8s/build/1-default-clusterstores.yaml @@ -0,0 +1,10 @@ +apiVersion: kpack.io/v1alpha2 +kind: ClusterStore +metadata: + name: default +spec: + serviceAccountRef: + name: kpack-service-account + namespace: kpack + sources: + - image: ghcr.io/hvg-dev/test-builder@sha256:3c169742c4d278f9baa79003b1a998d9337cc2050c7845207d8012207c16a1a7 diff --git a/k8s/build/1-heroku-24-clusterstacks.yaml b/k8s/build/1-heroku-24-clusterstacks.yaml new file mode 100644 index 0000000..25dc118 --- /dev/null +++ b/k8s/build/1-heroku-24-clusterstacks.yaml @@ -0,0 +1,13 @@ +apiVersion: kpack.io/v1alpha2 +kind: ClusterStack +metadata: + name: heroku-24 +spec: + buildImage: + image: ghcr.io/hvg-dev/test-builder@sha256:6294ec780aeb492bbcef91884c21d9b5f1fc1f88f6096228ea2e3a640dadef09 + id: heroku-24 + runImage: + image: ghcr.io/hvg-dev/test-builder@sha256:9a80c7da247decbfb1350c1fb0aa6436d74bde59953751e6193835063ca38e84 + serviceAccountRef: + name: kpack-service-account + namespace: kpack diff --git a/k8s/build/3-builder-clusterbuilders.yaml b/k8s/build/3-builder-clusterbuilders.yaml new file mode 100644 index 0000000..a19866f --- /dev/null +++ b/k8s/build/3-builder-clusterbuilders.yaml @@ -0,0 +1,25 @@ +apiVersion: kpack.io/v1alpha2 +kind: ClusterBuilder +metadata: + name: builder +spec: + lifecycle: + kind: ClusterLifecycle + name: default-lifecycle + order: + - group: + - id: heroku/php + - id: heroku/procfile + - group: + - id: heroku/nodejs + - id: heroku/procfile + serviceAccountRef: + name: kpack-service-account + namespace: kpack + stack: + kind: ClusterStack + name: heroku-24 + store: + kind: ClusterStore + name: default + tag: ghcr.io/hvg-dev/test-builder diff --git a/k8s/build/4-hvg-dev-service-account.yaml b/k8s/build/4-hvg-dev-service-account.yaml new file mode 100644 index 0000000..4226b63 --- /dev/null +++ b/k8s/build/4-hvg-dev-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kpack-service-account + namespace: hvg-dev +secrets: +- name: kp-default-registry-creds +- name: git-ssh-auth-secret +imagePullSecrets: +- name: kp-default-registry-creds diff --git a/k8s/build/blog-dev-image.yaml b/k8s/build/blog-dev-image.yaml new file mode 100644 index 0000000..79c484f --- /dev/null +++ b/k8s/build/blog-dev-image.yaml @@ -0,0 +1,20 @@ +apiVersion: kpack.io/v1alpha2 +kind: Image +metadata: + name: blog-dev + namespace: hvg-dev +spec: + additionalTags: + - ghcr.io/hvg-dev/blog:sha-2bc32b8 + builder: + kind: ClusterBuilder + name: builder + failedBuildHistoryLimit: 10 + imageTaggingStrategy: BuildNumber + serviceAccountName: kpack-service-account + source: + git: + revision: 2bc32b8f256bd8931d690ab78b08a6e31cab7af0 + url: git@gitea-ssh.gitea.svc:hvg-dev/blog.git + successBuildHistoryLimit: 10 + tag: ghcr.io/hvg-dev/blog:dev diff --git a/k8s/build/blog-main-image.yaml b/k8s/build/blog-main-image.yaml new file mode 100644 index 0000000..e7b3a7e --- /dev/null +++ b/k8s/build/blog-main-image.yaml @@ -0,0 +1,20 @@ +apiVersion: kpack.io/v1alpha2 +kind: Image +metadata: + name: blog-main + namespace: hvg-dev +spec: + additionalTags: + - ghcr.io/hvg-dev/blog:sha-b0e1cfc + builder: + kind: ClusterBuilder + name: builder + failedBuildHistoryLimit: 10 + imageTaggingStrategy: BuildNumber + serviceAccountName: kpack-service-account + source: + git: + revision: b0e1cfca5205556c738e44b7eb040c5f87dac109 + url: git@gitea-ssh.gitea.svc:hvg-dev/blog.git + successBuildHistoryLimit: 10 + tag: ghcr.io/hvg-dev/blog:main diff --git a/k8s/hvgblog-vcluster.yaml b/k8s/hvgblog-vcluster.yaml new file mode 100644 index 0000000..eeecf85 --- /dev/null +++ b/k8s/hvgblog-vcluster.yaml @@ -0,0 +1,52 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + annotations: + helmcharts.cattle.io/managed-by: helm-controller + name: hvgblog-vcluster + namespace: kube-system +spec: + chart: vcluster + createNamespace: true + repo: https://charts.loft.sh + set: + integrations.metricsServer.enabled: "true" + sync.toHost.ingresses.enabled: "true" + sync.toHost.persistentVolumeClaims.enabled: "true" + targetNamespace: hvgblog + valuesContent: | + controlPlane: + distro: + k3s: + enabled: true + extraArgs: + - --tls-san=hvgblog-vcluster.hvg.hu + image: + tag: v1.32.1-k3s1 + ingress: + annotations: + cert-manager.io/cluster-issuer: cloudflare-cluster-issuer + ingress.kubernetes.io/force-ssl-redirect: "true" + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + nginx.ingress.kubernetes.io/ssl-redirect: "true" + enabled: true + host: hvgblog-vcluster.hvg.hu + pathType: ImplementationSpecific + spec: + tls: + - hosts: + - hvgblog-vcluster.hvg.hu + secretName: tls-vcluster + exportKubeConfig: + context: hvgblog-vcluster + integrations: + metricsServer: + enabled: true + sync: + toHost: + ingresses: + enabled: true + persistentVolumeClaims: + enabled: true + version: 0.26.0 diff --git a/k8s/manifests/app/Chart.yaml b/k8s/manifests/app/Chart.yaml new file mode 100644 index 0000000..343aa57 --- /dev/null +++ b/k8s/manifests/app/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v2 +name: hvgblog +version: 0.1.0 +type: application diff --git a/k8s/manifests/app/templates/0-github-container-registry.yaml b/k8s/manifests/app/templates/0-github-container-registry.yaml new file mode 100644 index 0000000..4641739 --- /dev/null +++ b/k8s/manifests/app/templates/0-github-container-registry.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + name: github-container-registry +spec: + encryptedData: + .dockerconfigjson: {{ .Values.imagePullSealedSecret | quote }} + template: + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + name: github-container-registry + type: kubernetes.io/dockerconfigjson diff --git a/k8s/manifests/app/templates/1-db-user.yaml b/k8s/manifests/app/templates/1-db-user.yaml new file mode 100644 index 0000000..85f4805 --- /dev/null +++ b/k8s/manifests/app/templates/1-db-user.yaml @@ -0,0 +1,31 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: "{{ .Release.Name }}-db-pass" + namespace: {{ .Release.Namespace }} + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" +spec: + encryptedData: + password: {{ .Values.db.sealedPassword | quote }} + template: + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" + name: "{{ .Release.Name }}-db-pass" + namespace: {{ .Release.Namespace }} +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + name: "{{ .Release.Name }}-db-user" +spec: + name: {{ .Values.db.username | quote }} + mariaDbRef: + name: mariadb + namespace: default + passwordSecretKeyRef: + name: "{{ .Release.Name }}-db-pass" + key: password + # This field is immutable and defaults to 10 + maxUserConnections: 0 diff --git a/k8s/manifests/app/templates/2-database.yaml b/k8s/manifests/app/templates/2-database.yaml new file mode 100644 index 0000000..07da437 --- /dev/null +++ b/k8s/manifests/app/templates/2-database.yaml @@ -0,0 +1,12 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + name: {{ .Values.db.name | quote }} + mariaDbRef: + name: mariadb + namespace: default + characterSet: utf8 + collate: utf8_general_ci diff --git a/k8s/manifests/app/templates/3-db-grant.yaml b/k8s/manifests/app/templates/3-db-grant.yaml new file mode 100644 index 0000000..7d69459 --- /dev/null +++ b/k8s/manifests/app/templates/3-db-grant.yaml @@ -0,0 +1,24 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + mariaDbRef: + name: mariadb + namespace: default + privileges: + - "SELECT" + - "INSERT" + - "UPDATE" + - "DELETE" + - "CREATE" + - "DROP" + - "INDEX" + - "ALTER" + - "LOCK TABLES" + - "EXECUTE" + database: {{ .Values.db.name | quote }} + table: "*" + username: {{ .Values.db.username | quote }} + grantOption: true diff --git a/k8s/manifests/app/templates/4-db-connection.yaml b/k8s/manifests/app/templates/4-db-connection.yaml new file mode 100644 index 0000000..9de6a8b --- /dev/null +++ b/k8s/manifests/app/templates/4-db-connection.yaml @@ -0,0 +1,26 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Connection +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + mariaDbRef: + name: mariadb + namespace: default + username: dev + passwordSecretKeyRef: + name: "{{ .Release.Name }}-db-pass" + key: password + database: dev + secretName: dev-db-connection + secretTemplate: + key: dsn + usernameKey: DB_USER + passwordKey: DB_PASSWORD + hostKey: DB_HOST + portKey: DB_PORT + databaseKey: DB_NAME + healthCheck: + interval: 60s + retryInterval: 30s + serviceName: mariadb diff --git a/k8s/manifests/app/templates/5-configmap-env.yaml b/k8s/manifests/app/templates/5-configmap-env.yaml new file mode 100644 index 0000000..fd5f8b9 --- /dev/null +++ b/k8s/manifests/app/templates/5-configmap-env.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +data: + WP_HOME: "https://{{ .Values.host }}" + WP_SITEURL: "https://{{ .Values.host }}/wp" +{{- range $key, $val := .Values.env }} + {{ $key }}: {{ $val | quote }} +{{- end }} diff --git a/k8s/manifests/app/templates/6-secret-env.yaml b/k8s/manifests/app/templates/6-secret-env.yaml new file mode 100644 index 0000000..04b3814 --- /dev/null +++ b/k8s/manifests/app/templates/6-secret-env.yaml @@ -0,0 +1,18 @@ +{{- if .Values.sealedSecrets }} +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" +spec: + encryptedData: + {{- range $key, $val := .Values.sealedSecrets }} + {{ $key }}: {{ $val | quote }} + {{- end }} + template: + metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/k8s/manifests/app/templates/7-wp-deployment.yaml b/k8s/manifests/app/templates/7-wp-deployment.yaml new file mode 100644 index 0000000..95d3607 --- /dev/null +++ b/k8s/manifests/app/templates/7-wp-deployment.yaml @@ -0,0 +1,83 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Release.Name }} +spec: + replicas: 1 +# revisionHistoryLimit: 3 + selector: + matchLabels: + app: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: github-container-registry + containers: + - name: {{ .Release.Name }} + image: {{ .Values.image }} + imagePullPolicy: Always + command: + - {{ .Values.command | default "web" | quote }} + resources: + requests: + memory: 128M + cpu: 100m + limits: + memory: 512M + ports: + - containerPort: 5000 + envFrom: + - configMapRef: + name: {{ .Release.Name }} + - secretRef: + name: {{ .Release.Name }} + - secretRef: + name: "{{ .Release.Name }}-db-connection" + livenessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + - name: Host + value: {{ .Values.host }} + - name: X-Forwarded-Proto + value: https + path: /wp/wp-cron.php?nocache + port: 5000 + initialDelaySeconds: 10 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 30 + readinessProbe: + failureThreshold: 3 + httpGet: + httpHeaders: + - name: Host + value: {{ .Values.host }} + - name: X-Forwarded-Proto + value: https + path: /?nocache + port: 5000 + initialDelaySeconds: 10 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 30 +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +spec: + selector: + app: {{ .Release.Name }} + ports: + - name: wp + protocol: TCP + port: 5000 + targetPort: 5000 diff --git a/k8s/manifests/app/values.yaml b/k8s/manifests/app/values.yaml new file mode 100644 index 0000000..0c6398a --- /dev/null +++ b/k8s/manifests/app/values.yaml @@ -0,0 +1,37 @@ + +image: ghcr.io/hvg-dev/blog:dev +imagePullSealedSecret: AgA56Wy8PD6cByq+xIFwOBl0OUPt0ricOB0tjaC+B/mpHhFnsKaGKt4EdUsfnDZccc3IdpoIFdhOo3rkAikxN+PjCFpb/bC0JZZiP8K3DAREizLAU1R0og0xWjOGZ+GHRdZMiuNFf3ADl5D65lrIr1e1wTrSuJ8SReOqo2rY9QGDwWC51iJwy0cmB3WVGDYjDUIz/vnx5p8BxzIEHsCIoSelBIQjJ0idZwe8JuaSxrQRUtk8/Cenj3mUVsXIVpNr4ExBMF4tBuYEAYuY1t98bp66l6dbbEfnLDpQXDusj7RITV0N2KQ++7h5fjlH9yC8nsXntZb4T6oVSZlJWUYDzqaqfBFckQ6S0L9XcgSOFHKeZa1MVEiKpjiU9uEn+hDCPbatg5exMUEAcvXl6LxnKW/Mn0dIykOv/LIQyxXeUFdGOoFj6pCvkj/Z2DFeHLq5/+rY0ZIvLnLtGYfxm2Du1ft3MldWUSq9i4BUuL0ddH5h4PRxC5SE7Yp/SGkU4qDqqSmh21GxVdezp4YK9Mg4gRrCcGPL+sViDYkDLvBXOpBVhhQbAQcZWkDHit58p3nh2byP0GpIL0etnFGVqx9n2W2BuckKbOeEaRGbdaeO8pT6f2IOA6ZyuT91RiqRYrzXYMA2hzmQBVYlKXjI3LAuEHOnccl7cA57j32U+yHsaCHpxQ0vbDpoZHwRj7O3De4BlEdFiMIBcgveXMK8V5t6Hie/KQZOXwt38UPj9axdGoMzPFe5KffWHNJrUYVyHkS9lfKgi4aHF/SIs034x39l7KPitk3+UqFtKUEuL0/P+EoxN9qre/HFGvF3uZRdllt6gruWYLVCrnLnHfKRKe9D9Mb5jVi+BbVfxuXBip/TFnc0x3JRGmGQQm2bICyYonPP3pQcDqqq/8dshKCGeVHmsN8mP+ERv/izbb2QU4loRg== +command: web + +host: dev.hvgblog.hu + +db: + name: dev + username: dev + sealedPassword: AgCjcJj1U6QOlCbQFVrT55D/6NECvZzwXZlQmVbeIW/b//SawiIIrlSnVHkQUYcC8VVswYJ854P1+3HANJriBHBs+fLklVsQytnjC6gktUgPcxuhBgACtOBWco3wyq3MNX5qU2IYevdCd7da31czaTNnLkowF8S7Oqyb4DKQAc1RE7geepJyHUxILGvFSsd3LiPkoI5y+J1IWcThFFU2ACZ247FYAprn/XqozgQcX28yO8U30ejW73TJrvxhKR4UvTlqNDSRh/XNBKre/zqCvKg8aKd+LgwCVegPQnGRMl3Jcw1CyRFDADYLg6YwQ9bRRpN518z3IQOonPL82EOAeXAYU6aTVQz2qwQZkDp7ww0MCknhypUSxfHTQ+FSauXxoweUICAzFP3LQuyoE+LUoUMKyC6tKh9Lsiiks+Y0gRp4Jpj0Rhm/f2wPQZwecN63Sd95pEmruYpsTfA4bqJo2omhdZHeQKLMfZQk4MGNBjGeXkif4NIk5RsOgQHM4Rf3tXOmxKoXRayl6J0ow36/jfxCMQAliiq7SGRcty6Mq7j2ou0MRi19b88fFUynLpxQUK7Ob7ziYmWDBPGwAGg9SLApJYidnpKO+351no58UBhAf+d4cyTI0PURvp9kZhkQNsCHuDFWh9CZ3B5RjJ7D/znkdZELvRWWGde7+qbRb924QfWmCpcmjxT6dOP0qQt4dUChVl/yBraBeWyL0EZtjXGDq/W+mf4AkAYN3fwpb98G + +env: + PORT: '5000' + BLOG_SLUG: dev + DB_PREFIX: wp_ + WP_ENV: production + DISABLE_WP_CRON: '1' + TZ: 'Europe/Budapest' + #GTM_CODE: + S3_UPLOADS_BUCKET: hvgblog/dev + S3_UPLOADS_BUCKET_URL: https://cdn.hvgblog.hu + S3_UPLOADS_ENDPOINT: https://ams3.digitaloceanspaces.com + S3_UPLOADS_HTTP_CACHE_CONTROL: '30 * 24 * 60 * 60' + S3_UPLOADS_REGION: eu-west-1 + +sealedSecretEnv: + AUTH_KEY: AgCvDJbrBT/ze5NXqfrs4ZCjHkDj6uM19QVVomPy3mLkcDqBoRznD0heGbiWBLu6/kOcV18sw1q7WMwU//6cuU5eZmeYnhZHbNDxGDPE8Nw/UUmoOR9wOc/XozXf4DBK1zLn9ne4xA4lMdlYeJ7WBWPFYyoc0htrbEiB+MAEt8DXvlRooDIZYtitZzBHWrhFLuIhAi2mIA2SQ9V8simzbUU3DM7Wb/DY4Qoa4jP/XTEgcxdtQPzOXFJTlZt5poMqs1/ckrTeo1/9SLrZZTWQPeZlsoISs18J8oeK33ugTNYz51mRoOai0Yhnc2bbN+4WGgtXi6FPjPgFcdjKjul5gdb81Z47RIO8wwsPjnFTSQ1LXtSJ/HiX9uOj1OHUYEH1rIqzaOmxDo23VYParhDsU2QLDIf1S8mJo/WTn4Hb6IAA5Veb7bbudesffgxgMm69qTQrdoPumLaXNX6TnRC5tGM+YaYbBGVsuDxSZUnagEkobgG8D60V58c6mWbZ+k+VZ+0aNGyaLHEAjZDCDxh9/6AkOoqLIaUXOgL7hQ3eX2YAFfBdwIICY82ylC1DqwTxGqpjRP45E2tMHEp8IQHLgvdEChLBXmqPVk0kJF+FJIzdOE+OkLtnAmCD0L3eq2SXRoceISxf0UNVWLwXMYCrvOM2kSrDHT/PhCqtGwaIDWuLXdddXZzECPk5hcLJb+JSYG1yRc6Qc8nezag7hh31pvfFI6PtR4LqlI8xmsHz0RognxQi/MEI6uSJ23/w+4RbjlBBKILoLqkgE+v1mhbAUuMr0Q== + AUTH_SALT: AgBX0tOuA235buf6x054X0SmTsyqkjeYuevgDdbWIWqi+AWd9slUnlS2bnBtjYGg4U+fTIbldo2bYuEAHK+TIVOXTxud7+PSYEO+JjtpetHchQBYh0rNjTs8K11uK5mqPBSPVkLJE08U2BNvXXubc7plLerNjW4D44ICvJly7P6CO2Rnrjueg34DB1TnGnD8PANIiUZVTrJOCC/QSodhaerqDvJBuq6qS0q+GEqU4C5kineHyzuQnuGq5lUN6l+Gk2R8vlwLaT36x4MJlxRa/UjQsvbQ6CYRNGnZW1knPsvON/sukpy7BVEVYAnCYnrzRX/8kEgyxMfSePcWOwsG1JkSb1PrcQXftro7xZQjKgdkqacOGnkVd8sKn1n0f0w2iAGhMt2fCn7sf5htnSC5lL0mdBosNv3p1VwrfXIwjDr5Fzs1CHTbb1hJ8282aAGfzLxmGXPucAbk7nSvbD4iVhXmZ91vbWJRKC+DD/9HBdQloEplSKYm3uyTb0qlJzPIUVTNLu9b+yTeBQIckuAYu03NX2WWSVkX1M80YMER0/eNbvec4ZCSUxKWLzjVm+k3ra8ToL5tYrEr65Be/WuK57tMvx25106OHvokc6S0wp5B+VyirLtwXqRSGFBWqQv62hxJQDOySNsi45QzueD/BYxG+tf3QX1+bdc50WlwUHK1UEZuSNb6JnGfvFU1fJEApAZWJaK2odItjaR2dVVDMuW1NsXj4qLpB/CaNYM/B8C4Elg7jyCrwTv/1TaY3IW3j/SVnRstgXTwNjRnM/WCUIJbWA== + LOGGED_IN_KEY: AgDU2Ss24Cuw1kthXp2DcKahfQT7apnRWtaoQymBEZMMRpGlvxWMTRRMKAx4N7E0AZdW41QLTpK0ciaI63B0PRD2B6fPVVpoz3ybNlJO/0caIw0yHWL8YSOD7rGw6TkxKrz8lggqRVZerS0tEFT8nLGoqgi+SCsfBhh3u5JQ8QM60WLeWaPvph/QFlSl290+UC2xIVEjk37zQdyXou3goeS3DMjdtze8FiwnmK/XVPsPf2cWZQw0wwAwgIJMVZWhkK2bPOKrMmsdqy4G6YrihcjjRTK/0lGKZ6sEVUsu7NTKgeHGogbu8feA8gpTEuRYP60iFNgwNrCYGmOKCXyw0vSLtxHPE7+cm2pU57GhJCTnOe1Ez9zJZmv0Zc4OEZBAaLbCXoNvoJPskeDBUe7+qcV8ugdtFCxCBtoUolos9UukhAtUWp6+uTv/vjjnCv/7kGGp2fNK8lS1D1ksk1mB0JsnjxKo5pnMHBVhJfk3IfbPLx3yvMaz86wCDKZacm5h9IwsPYEvVzkvWhiOydg3ZRVH7WUE8uJ1+Ojt2+6hlB2cMNNQ5P16fTOmt9vfl9Schlrgo+ku2tU/KPfMs4hHCvvecOskqy9MeTOF5mJllI2gqTlGR2uQ5Hgb/OgH8YOmmycpS+MqKNaTKafvwgN1i0xBaYD8y3hSYeBRTmaHu+Szm8CKEDL8PW4ebJX3a+khJMXkf3UkDjRXjSQhUoFMyRNsHLwAt5mC3asySQue6jOP/mKbZ4c7lH0gx8caDoWrlJFHsDhr79jw3F0gkr4mN+ueAQ== + LOGGED_IN_SALT: AgAVoBL1paq14YzaeB9lkvabzo5iDoVN23gvEQAs6CgZUIejtUa2AAkTmQIjVfkb2S7LOdfXIq1lIAPBqSmO5LqfWDh8kuxgz23mTDxYWvVqqbDpiwAgaydokprDm0WEpPdGTyvqsvEk0Gtxq6rqbFXObsfkLCv85FweyfHxh8Gwo+L/e2l1/NUFOkmT5e1j7bkKmTgBUyMEVuWMA6lFVCd3D6vGfOZqS5O5NfzhFnK9U4ZG+55+LlgbFZZltHixs/jpMBms30B/wkRxBzAAGMMCyqVLlqr3bB0HQsobA/PWHAJbGBuFHV1e9XE+7SUlKLTmcmTyxx2cfHiX2XK7Ne3VW3wEtN/4IVeCPpbwCnceXEzK4uhTHH2Hwihewm+xN5uB7SDBLLO3qSLLznapEhgHIj2tPV2i2ftAsIUjzjuPHyFhdFumzXW3QxqOofvruRYqxQAFN1LBvbys6wWLRPkRgEez0/UIiL3xaWnA+r51/cozozNZI+QDgeAACQQguX/Ag7jR+q83Xga1SeYV0HYT9AvRr+UvRQ0NcTG2ObD5JE5rUmFUeRFWIwRh+HqgekDYy359vFds54vHDn/xtOS6Cb6fyr0qX1WygsBtWUV6jf6T59zYg9L2/kr+s1iUTbbBRizJOrRMdr2gswoUWW+THhM+yc/mIL7BCoWoHPBVJ9m5uvqemfy8VOvFHOVxlBnzqIsc5eAvTh4Nqy6hIxISxG8s44RHTLfDfDxWXxI2QVq8NzY91TlBL68fzINf+Bc4vks3CJnssYdinTS9AjQQOg== + NONCE_KEY: AgAHwWgpFVXSLcEdHG5USGPhqueGXo163MdqCSSscxXjxw9JXKjDQ13jrsnD0JcZIWnSJnBdJ/H84HgHdaFU9g8CDzL3mXC4s66RM+c7Jw/0VCHM72+3zr5Nw+h6ycLzlE1UmB806nY88t8h4/HKujmu42qSzdFySxC5x6WbnaOqri+H+VHZ57dQfyyNFlp7fum2WnqU+EXoxvbEOMgJaxpwc8iwsmKGwy+aSzE7DTpkt/9fA+T8LiaakwtAwcvo8EnVxBesCe9ioDsA+ZjgI3xOr7OsUPb/NxaGt3VGmVk2d8dcKI6YOiyoLCFjAL1z56922OjScOO0CUo7qq0jPRuUJdouT5S3OpDm3NGCr/yjCz9Mh8anWPKxYX1ZEg2QmPiR//r+94V10A0NP6W9frpiBQhIWDqMprUK/0SpZGX88C4F1FPmOi2RSn6Tl7mwOHpZadLzBLpbY2DY/AyGQO6H0W+MJpXCT65vZJeTDcLMjCNGkVEI9vxvtVedTVkbZNbLS6+ros/HA/0qMI803exlNZEnMMwlHn1Hm4z6ngeBP4KJBUkLYLD3ienwijmiMtqmgkOhGbG2K6r+IdKHrssWeizNrx5TzLXKXzyCyk5I/9jVLhC2AM6tBqxW8TVs2WfKS4RVsNvS55qpjWbVpZb7ei10+RiPA6KaVW4ZmwtDuW8bzD2d1rMd6yJ1SiYQhzUOVjcCCYEz6VWN3R5IZ/3UjpeCWnkQ7Lja+Xm3Asvxg4m41cA3B1S/ckmj+qOr2WgjFu7GymWX8IF0hZXZo1oz2g== + NONCE_SALT: AgABajYW5+6c0BPjlcQLPd7v706wd+i8U1hp69+up8PalMtvugwR754mEU/ed7L15U9pTWAf6zGjmuMIZYiFpQVosQl/ggq2LeciT+xBUcrvCxZ/EBCdTl8ig/TgzucVNsR2Y0dCK5Tp7YBTuAIOa0dqyK+v1+LGrgb4PnVQvi18hApBiDX0Txnn5QkGhBaSr7LJuD76KfgY+AZ8Gv95b30pTY2AtYydDJXrtqoDCIXfPcnPf102Hq3na5OfJp2m2N4IUD771tDesb+faeDgk7K/mVcn+kmXB8rIawOQFnaowt5UwbfZ60ppgy1MzQZiiq2pXvMA8F42EnhNUe+C3fPyG7Kl6t7jRo+3mHhz0Dv+o0DO4Iir8r0dTw0MruLqun9YU8pLOv17+BciAxWeG8obJ9Hs5sv9ZPv7wdmlQIX/8fvsxgJgy0cqgH4lWNBD5Em9EyiVAUiRmA6tOosFrlifJMS8F1wfaiNEZ7DxjdSVMrEBtntBO2ndSdrdqNIfUED9ZfIvBxP2UHRS9h4KEyCvxcM8HgWt7htnpiSx/XpFZCJr4meGfaNB1Tv5f40bCFpKmsbK1GXNMKJwOJcV1I2FV6xpp6Ch7tgHlZ/Il7hbQ4JsKav7l93b/Dd2e8y/58Jk3DvBQzrPOWPpQrKxrIOeT8o+HC8PS7jdi5xKJ0g9dR10LkgmW0m/usTdwCLWca/9I7iLxiAF/zRoN+7+8ySxIxnBTaFWykYsIDs+5nsYH6TgXseq9PFnxxtKutMp7EPtnO7vzc4DNtkuouS8oqt+Aw== + SECURE_AUTH_KEY: AgBAPzBURABD4yzbUrMr4l4CRD18wu9+o6+wA9UJ6NQ8F+Hn3ddGG8HMpbq/eWwXw4q7SXv7BEU4VVoeuPjTle5ChQJfrdbThjermhjwcEDu8Cgr6jczj9bKEJ6Th3ezXR2jf+gwpvoPbrlk2s+mPJdWnJrAGxkV89KJWTxPuCz2PbZp2ZaxdAbXiGSL2X9KPO1XHYZjpgN1nd4+2BqGnA9B0ozyVChPctYHv1taPdvF0ifMsJDiNu4PpEcq9Ga/hrgmjYEVvxvrA5J+zOs/DaVm68VtJvyQEIw3A6jZNOVC5WFUk7UuCoBhuj9X/6ayZTVjqvtHMhi3BT2pxFT0n7OXAWd8g4MctyX93dBYcmkjqE4aZn1kHndOdvS1E41J+aMjslWgzdCLDqGqzVxgilMbxXxM+AXOeuAzSzo96WzTnIxnX851xdkJEIjBnCedaIXVkXfEWOewE2SOa/7F7JbQAlMwCrNN5/Co45tLNsfolpwy4WQmWJWcI4nZVTOM79kZM9kr6hAYqhHCG6/8MQ/2Vd8fYvTblJKoagEpKhqZK0J7HQpBaneOGhFV/Wn42v8g73HZc2BdxMrj53yq2eHzpe5AQSApn9nNBWhivAR7+jaDWmNYjcsmDzFf5p8MVPsiyT6JZxVjphkKI38/AfUt7WENcGjyXW6I0MwFYvEXgiPUUPQXtMvX6yDscpxGa/aVIin+7BKrZiu12du4jfyr7VyF+hyw90/YSrk/hfehjiTWk844GDMF9K7LSMLR+tWQ47yUyV5rNQ2FsGqGqdKE/Q== + SECURE_AUTH_SALT: AgAik1WFY55NqEhYj2zMMQWAbfdQjVRxbFrcz1POUUWthCwUV/A1I9iO2MI9HLfACgpkfZqsvC0WgDjt++Mpu1ZiQ58vYQZDfX/TF7qqonxxlg2HXCOxDi4VBiQ4CTBsSHW0BUzKLjxh/gryYvYmptAhMU7/6UI50q8P7+nkHSCBMV4WLvHRHBpn3OOS3leVN7rARICj+18amk6l0HRVc0+TErqAoxSzrjDVNbzRalsoeOw5OjQCJFhJO27rlAck2rswKu6G8xMM3rY4jzdM1a987jY6iLSxdxKmmIS5PhXnrR5sW9NkpvlzyGfgwv/aazPY7DGqQMr5eDbDqCHF3xkSXnb4DibNmAphN56TJ+E4jm0PWRMSCVy9WmDQS64pusvVXCkrlFHNB2ywfs16E5p8deg0RhWKBmeoJOryDRc+69Ccq0TyNweTYYFDZFfjVBDkfztlCxXqCwNNyPDZQn+0I1Gc77/rsUa6Riqt1rkjDFrLpuWYR+dAIWpR2oEKFHgun8p5/7xGSGLb9glpURc4SkR02D0MzCLlDtt+ugPcV+JwbeCvnmdMvuXtHEQEMuzP4moccG4dXGPkcQyXK1tzlIB/OIKmRjsGKm0+03K1L07RMiRpSTW21KfM+F+fVLlykOB4cGwRMWL+8rUqaPyXbH89rlPLk0o1GBhLCI4q5Yi7pVRb7zD8WzF+kmNjnXf3khM4AKZawESYdy1532JkrldhsUfFFfQE0YfDJI4dE9+nBrZ7Ul8HNf1ORQ860qCSoeRFVNen+EsDHxyaF6Lj + S3_UPLOADS_KEY: AgASNFNBXB4SlrioskAAXTkVjpmDTFUVI88/qx0w9LMaW6Xqd2W1LZkwNqNStCeN1XbLX8KBypJ2SDz6jUaXUDFl3K98j4VGcxm7o06kGz6MQFDKPTv3tiSaqS8dJeQBB0pMIWRkbAQUkgRxR7SE5R8bkuKWg3RgvPfX6Po/8+D+vT47xi6Vk04VkCoTw8xiBZu6ZtwENm/57saMK/1n0o9uvEm3NWY/lN7G146wIrpHKqzefWddUK5ddDuJJQdUbQnkHPHC9pUH+6a+86ywBp6ZFg5Tzc7jkq9QryRRUjlh6+/fUHZm9B0IEKgdpKaX+fFVFg+xy6fO8CuV/80aJD12v/9+b6Wd9G2U+LSm1KYBFWoWFEiuW/qoA+WH60PYw0/czOxh6FXZgfcqFFLG1mNpzE0/0MsXrZZzS1pFhG8VCGBmTrDGq6gBCsYZtdY456L7fo/REbAHzJ3B5RATlfCTqrr33nNHX6MZod46vE/123dgeZ/Uaui9pjM9/AQko1KGnIAfmiYMilA+CIupXNr1CgIPlB6Gd8iUdg4Lyko0ahkRfu27O9mx4ATLz4b7YD0jXa9TY+LnyucsySTnSbRkjHIL0JePPMYjGP0+M9q+h5IwttRf2xVMqNkBXngqBOsNoBBWyoe2BfVCedX3wh5B/o9gSQbARNPYR03ZI4XeMiG4MbIwAGvXOm+/Ef3h1RtDq4+q4GtG/oH8UQFzxigr3Qcdt+M= + S3_UPLOADS_SECRET: AgANZgOk9NWB7DGFPt0ovHX9ZjT4Sz4cqmx3/MveZORX6yuRaGPHapMnA3f0rgc90c3Z+2z9VlMgINsoJg11DLb/wTNnGcSIW/rmvIH7o+///qk94QbSvUp0kc6VgE7kEZhGU/nzsAd0Ak+8reEh17fNPH6yNf4TtkeICfi4onX64SxEcNmuIcpGTTBeJ300eKgKlTeTuGuN/+/cOn0VPj456nv6nlvag9eRfAcSy6Qo4t0gfvRTbML5zTXDGXArfCCWhMxtoos1KbD48WNlWU/t6d6bODNSaMMsjgIAgY3mkwrUGvuSQV5BAAU2eIgtvAFASXHVLThIt8gqaktappgCJQmLK2d922BYV/ifJMFjp6t0+dd4lsjSmDNQxKr2cjz9DLqdmcpJ3U/W+pKPefb5Na+iOOhzQXSsSTUV4J0pVjdXqnGILX+CSgs8aH+Ax1eLAciGIcajGV6C70GYhVIyMkvC9mmY+QboJBd5eidemIz73APP6yTuKFVO8zsn+CmQ+r65FhjNFzRYTcWpt8k000phtlJvRI9AJ0auhPpGe8rWEA5VcMwlfW0BFbfCT4lkEEirPXUvFhfRohu4Kl0CZkVvRHVhf0q9LU0MEPqjQDPf/xYLP7gVYTD5wYo5aZVCS4FXn3qY8ehucJCJT1X6XjZff2Ym2f4VHC21I3bjOOJrX7gPhAlITEoCcumzaOwWf7iBMQVBQkMo1uscsTZy3YG/OKi7B8Oy36QTMl1enSSX8U3XS/AoSdvSjQ== diff --git a/k8s/manifests/dev-application.yaml b/k8s/manifests/dev-application.yaml new file mode 100644 index 0000000..eefea94 --- /dev/null +++ b/k8s/manifests/dev-application.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: dev.hvgblog.hu + namespace: hvg-dev +spec: + project: default + source: + repoURL: 'ssh://git@ssh.github.com:443/hvg-dev/blog.git' + path: k8s/manifests/app + targetRevision: HEAD + helm: + releaseName: hvgblog-dev-wp + parameters: [] + valueFiles: [] + destination: + server: 'https://hvgblog-vcluster.hvg.hu' + namespace: dev + ignoreDifferences: [] + syncPolicy: + automated: + prune: true + selfHeal: false + syncOptions: + - CreateNamespace=true diff --git a/k8s/manifests/sys/0-namespace.yaml b/k8s/manifests/sys/0-namespace.yaml new file mode 100644 index 0000000..f20a0eb --- /dev/null +++ b/k8s/manifests/sys/0-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: site-system diff --git a/k8s/manifests/sys/default/mariadb.yaml b/k8s/manifests/sys/default/mariadb.yaml new file mode 100644 index 0000000..ec18cfe --- /dev/null +++ b/k8s/manifests/sys/default/mariadb.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mariadb-my-cnf + namespace: default +data: + config: | + [mariadb] + bind-address=* + default_storage_engine=InnoDB + binlog_format=row + innodb_autoinc_lock_mode=2 + wait_timeout=30 +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: mariadb + namespace: default +spec: + image: mariadb:11.8.2 + imagePullPolicy: IfNotPresent + myCnfConfigMapKeyRef: + key: config + name: mariadb-my-cnf + port: 3306 + replicas: 1 + resources: + limits: + cpu: 200m + memory: 1024M + requests: + cpu: 50m + memory: 128M + rootPasswordSecretKeyRef: + key: password + name: mariadb-root-pass + generate: true + storage: + size: 1Gi diff --git a/k8s/manifests/sys/mariadb-operator.yaml b/k8s/manifests/sys/mariadb-operator.yaml new file mode 100644 index 0000000..0845fe7 --- /dev/null +++ b/k8s/manifests/sys/mariadb-operator.yaml @@ -0,0 +1,22 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: mariadb-operator-crds + namespace: site-system +spec: + chart: mariadb-operator-crds + repo: https://mariadb-operator.github.io/mariadb-operator + version: 25.8.3 +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: mariadb-operator + namespace: site-system +spec: + chart: mariadb-operator + repo: https://mariadb-operator.github.io/mariadb-operator + targetNamespace: site-system + version: 25.8.3 + valuesContent: | + fullnameOverride: mariadb-operator diff --git a/k8s/manifests/sys/sealed-secrets.yaml b/k8s/manifests/sys/sealed-secrets.yaml new file mode 100644 index 0000000..cfce26a --- /dev/null +++ b/k8s/manifests/sys/sealed-secrets.yaml @@ -0,0 +1,12 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: sealed-secrets + namespace: site-system +spec: + repo: https://bitnami-labs.github.io/sealed-secrets + chart: sealed-secrets + targetNamespace: kube-system + version: 2.11.0 + valuesContent: | + fullnameOverride: sealed-secrets-controller