teraflops/mypastebin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clearance

Browse Source
This commit is contained in:
teraflops 2025-06-03 18:19:25 +02:00
parent 8c97b4f989
commit 5a6de0b2dd
Signed by: teraflops
GPG Key ID: 2B77D97AF6F8968C
14 changed files with 155 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
k8s/configmap.yaml
View File

@ -9,7 +9,7 @@ data:
SMTP_SERVER: "priet.us"
SMTP_USERNAME: "me@priet.us"
SMTP_PORT: "465"
SMTP_PASSWORD: "wasamasa123"
SMTP_PASSWORD: "xxxxxxxxxx"
JWT_EXP_DELTA_SECONDS: "86400"
VALID_USER: "admin"
VALID_PASS: "wasamasa123"

91
k8s/elasticsearch-deployment.yaml Normal file
View File

@ -0,0 +1,91 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elasticsearch-single
spec:
serviceName: "elasticsearch"
replicas: 1
selector:
matchLabels:
app: elasticsearch
template:
metadata:
labels:
app: elasticsearch
spec:
# Asegura permisos adecuados para lectura/escritura en volumen
securityContext:
fsGroup: 1000
containers:
- name: elasticsearch
image: docker.elastic.co/elasticsearch/elasticsearch:8.9.0
securityContext:
runAsUser: 1000
resources:
requests:
memory: "2Gi"
cpu: "1"
limits:
memory: "4Gi"
cpu: "2"
env:
# Configuración para un solo nodo
- name: discovery.type
value: "single-node"
# Desactiva la seguridad interna (si no la necesitas)
- name: xpack.security.enabled
value: "false"
# Ajusta la memoria de la JVM
- name: ES_JAVA_OPTS
value: "-Xms2g -Xmx2g"
volumeMounts:
- name: esdata
mountPath: /usr/share/elasticsearch/data
# 🔹 Liveness Probe: Evita reinicios prematuros
livenessProbe:
httpGet:
path: /_cluster/health
port: 9200
initialDelaySeconds: 120 # Tiempo extra para arranque
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
# 🔹 Readiness Probe: Asegura que el pod esté listo antes de recibir tráfico
readinessProbe:
httpGet:
path: /_cluster/health
port: 9200
initialDelaySeconds: 90
periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 6
volumeClaimTemplates:
- metadata:
name: esdata
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "longhorn" # Ajusta si necesitas otro StorageClass
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
name: elasticsearch
spec:
selector:
app: elasticsearch
ports:
- name: http
port: 9200
targetPort: 9200
- name: transport
port: 9300
targetPort: 9300

10
k8s/midleware-https.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-to-https
namespace: default
spec:
redirectScheme:
scheme: https
permanent: true

29
k8s/pastebin-deployment.yaml
View File

@ -4,7 +4,7 @@ metadata:
name: pastebin-app
namespace: default
spec:
replicas: 1
replicas: 2 # Ahora hay 2 instancias en HA
selector:
matchLabels:
app: pastebin
@ -13,6 +13,13 @@ spec:
labels:
app: pastebin
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: pastebin
topologyKey: "kubernetes.io/hostname" # Evita que se programen en el mismo nodo
initContainers:
- name: fix-permissions
image: busybox
@ -22,10 +29,16 @@ spec:
mountPath: /app/uploads
containers:
- name: pastebin-container
image: prietus/pastebin-app:1.65
image: prietus/pastebin-app:2.22
ports:
- containerPort: 5000
env:
- name: GUNICORN_WORKERS
value: "3" # Limita el número de workers
- name: POSTGRES_MAX_CONNECTIONS
value: "10" # Limita conexiones abiertas por pod
- name: ELASTICSEARCH_MAX_CONNECTIONS
value: "25"
- name: DB_ENGINE
value: "postgres"
- name: POSTGRES_HOST
@ -46,7 +59,9 @@ spec:
name: pastebin-secret
key: POSTGRES_PASSWORD
- name: DATABASE_URL
value: "postgresql://mypasteuser:$(POSTGRES_PASSWORD)@pastebin-postgres:5432/mypastedb?connect_timeout=10"
value: "postgresql://mypasteuser:$(POSTGRES_PASSWORD)@pgbouncer:6432/mypastedb"
- name: ELASTICSEARCH_HOST
value: "http://elasticsearch:9200"
- name: SMTP_USE_TLS
valueFrom:
configMapKeyRef:
@ -74,6 +89,11 @@ spec:
secretKeyRef:
name: pastebin-secret
key: SMTP_PASSWORD
- name: DEEPSEEK_API_KEY # Se agregó la API Key de DeepSeek desde un Secret
valueFrom:
secretKeyRef:
name: deepseek-api-key
key: DEEPSEEK_API_KEY
volumeMounts:
- name: uploads
mountPath: /app/uploads
@ -81,6 +101,7 @@ spec:
- name: uploads
persistentVolumeClaim:
claimName: uploads-pvc
---
apiVersion: v1
kind: Service
@ -93,5 +114,5 @@ spec:
targetPort: 5000
selector:
app: pastebin
type: ClusterIP
type: ClusterIP # Balancea tráfico entre los pods

2
k8s/pastebin-postgres-deployment.yaml
View File

@ -22,7 +22,7 @@ spec:
- name: POSTGRES_USER
value: "mypasteuser"
- name: POSTGRES_PASSWORD
value: "wasamasa123"
value: "xxxxxxxxxxxx"
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data

5
k8s/pastebin-uploads-pvc.yaml
View File

@ -5,8 +5,9 @@ metadata:
namespace: default
spec:
accessModes:
- ReadWriteOnce
- ReadWriteMany # Permite que múltiples pods accedan al mismo volumen
resources:
requests:
storage: 10Gi
storage: 30Gi
storageClassName: "longhorn" # O cualquier storage class RWX (Longhorn, Ceph, etc.)

24
k8s/pgbouncer.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: pgbouncer
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: pgbouncer
template:
metadata:
labels:
app: pgbouncer
spec:
containers:
- name: pgbouncer
image: edoburu/pgbouncer
env:
- name: DATABASE_URL
value: "postgresql://mypasteuser:$(POSTGRES_PASSWORD)@pastebin-postgres:5432/mypastedb"
ports:
- containerPort: 6432

11
k8s/sqlite/pastebin-configmap.yaml
View File

@ -1,11 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: pastebin-config
namespace: default
data:
JWT_EXP_DELTA_SECONDS: "360000"
SMTP_SERVER: "212.24.103.64"
SMTP_PORT: "465"
SMTP_USE_TLS: "false"
SMTP_USE_SSL: "true"

98
k8s/sqlite/pastebin-deployment.yaml
View File

@ -1,98 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: pastebin-app
spec:
replicas: 1
selector:
matchLabels:
app: pastebin
template:
metadata:
labels:
app: pastebin
spec:
# InitContainers para ajustar permisos de ambos volúmenes
initContainers:
- name: fix-permissions-database
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /app/database"]
volumeMounts:
- name: database
mountPath: /app/database
- name: fix-permissions-uploads
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /app/uploads"]
volumeMounts:
- name: uploads
mountPath: /app/uploads
# Contenedor principal
containers:
- name: pastebin-container
image: prietus/pastebin-app:1.4.1.1
ports:
- containerPort: 5000
securityContext:
runAsUser: 0
runAsGroup: 0
env:
# Variables de entorno para configuración SMTP
- name: SMTP_USE_TLS
valueFrom:
configMapKeyRef:
name: pastebin-config
key: SMTP_USE_TLS
- name: SMTP_USE_SSL
valueFrom:
configMapKeyRef:
name: pastebin-config
key: SMTP_USE_SSL
- name: SMTP_SERVER
valueFrom:
configMapKeyRef:
name: pastebin-config
key: SMTP_SERVER
- name: SMTP_PORT
valueFrom:
configMapKeyRef:
name: pastebin-config
key: SMTP_PORT
- name: SMTP_USERNAME
valueFrom:
secretKeyRef:
name: pastebin-secret
key: SMTP_USERNAME
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: pastebin-secret
key: SMTP_PASSWORD
# Variables adicionales
- name: VALID_USER
value: "admin"
- name: VALID_PASS
value: "password"
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: pastebin-secret
key: SECRET_KEY
- name: JWT_EXP_DELTA_SECONDS
valueFrom:
configMapKeyRef:
name: pastebin-config
key: JWT_EXP_DELTA_SECONDS
volumeMounts:
- name: database
mountPath: /app/database
- name: uploads
mountPath: /app/uploads
# Declaración de volúmenes
volumes:
- name: database
persistentVolumeClaim:
claimName: database-pvc
- name: uploads
persistentVolumeClaim:
claimName: uploads-pvc

25
k8s/sqlite/pastebin-ingress.yaml
View File

@ -1,25 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pastebin-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: letsencrypt-prod-dns
spec:
rules:
- host: paste.priet.us
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: pastebin-service # Nombre del Service asociado a tu aplicación
port:
number: 80
tls:
- hosts:
- paste.priet.us
secretName: pastebin-tls

10
k8s/sqlite/pastebin-secret.yaml
View File

@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: pastebin-secret
namespace: default
type: Opaque
data:
SECRET_KEY: d2FzYW1sdfsdfhc2ExMjM= # Este valor debe ser codificado en base64
SMTP_USERNAME: bWVAcHJsdfsdfpZXQudXM= # Base64 de tu username
SMTP_PASSWORD: d2FzYW1hc2sdfsdfExMjM=

13
k8s/sqlite/pastebin-service.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: pastebin-service
spec:
selector:
app: pastebin
ports:
- protocol: TCP
port: 80
targetPort: 5000
type: ClusterIP # Usa ClusterIP o NodePort según tus necesidades

12
k8s/sqlite/pv.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: uploads-pv
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
hostPath: # Cambia a un proveedor como AWS, GCP, etc.
path: "/mnt/data/uploads"

22
k8s/sqlite/pvc.yaml
View File

@ -1,22 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: uploads-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: database-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi