add stirling-pdf

Signed-off-by: gwg313 <gwg313@pm.me>

apps/harbor/templates/route.yaml

@@ -36,3 +36,21 @@ spec:
           name: harbor-portal
           port: 80
           weight: 1
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: ReferenceGrant
+metadata:
+  name: allow-ingress-to-harbor
+  namespace: harbor
+spec:
+  from:
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      namespace: cilium-ingress
+  to:
+    - group: ""
+      kind: Service
+      name: harbor-core
+    - group: ""
+      kind: Service
+      name: harbor-portal

apps/stirling-pdf/deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: stirling-pdf
+  namespace: stirling-pdf
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: stirling-pdf
+  template:
+    metadata:
+      labels:
+        app: stirling-pdf
+    spec:
+      securityContext:
+        fsGroup: 1000
+      containers:
+        - name: stirling-pdf
+          image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:2.11.0-fat
+          resources:
+            requests:
+              cpu: 250m
+              memory: 512Mi
+            limits:
+              cpu: 1000m
+              memory: 2Gi
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: stirling-data
+              mountPath: /usr/share/tessdata
+              subPath: training-data
+            - name: stirling-data
+              mountPath: /configs
+              subPath: configs
+            - name: stirling-data
+              mountPath: /customFiles
+              subPath: custom-files
+            - name: stirling-data
+              mountPath: /logs
+              subPath: logs
+            - name: stirling-data
+              mountPath: /pipeline
+              subPath: pipeline
+      volumes:
+        - name: stirling-data
+          persistentVolumeClaim:
+            claimName: stirling-data

apps/stirling-pdf/network-policy.yaml

@@ -0,0 +1,19 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-ingress
+  namespace: stirling-pdf
+spec:
+  endpointSelector:
+    matchLabels:
+      app: stirling-pdf
+
+  ingress:
+    - fromEntities:
+        - ingress
+      toPorts:
+        - ports:
+            - port: "80"
+              protocol: TCP
+            - port: "8080"
+              protocol: TCP

apps/stirling-pdf/pvc.yaml

@@ -1,12 +1,12 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: stirling-logs
+  name: stirling-data
   namespace: stirling-pdf
 spec:
+  storageClassName: nfs-retain
   accessModes:
-    - ReadWriteMany
+    - ReadWriteOnce
   resources:
     requests:
-      storage: 512Mi
+      storage: 5Gi
-  storageClassName: nfs-client

apps/stirling-pdf/route.yaml

@@ -0,0 +1,41 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: stirling-pdf
+  namespace: stirling-pdf
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: shared-edge-gateway
+      namespace: cilium-ingress
+  hostnames:
+    - pdftools.gwg313.xyz
+    - pdftools.local.gwg313.xyz
+    - pdftools.zerotier.gwg313.xyz
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - group: ""
+          kind: Service
+          name: stirling-pdf
+          port: 80
+          weight: 1
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: ReferenceGrant
+metadata:
+  name: allow-gateway-to-stirling
+  namespace: stirling-pdf
+spec:
+  from:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      namespace: cilium-ingress
+  to:
+    - group: ""
+      kind: Service
+      name: stirling-pdf

focalboard/certificate.yaml

@@ -1,14 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: focalboard-cert
-  namespace: istio-system
-spec:
-  secretName: focalboard-cert
-  issuerRef:
-    name: letsencrypt-dns
-    kind: ClusterIssuer
-  dnsNames:
-    - pm.local.gwg313.xyz
-    - pm.gwg313.xyz
-    - pm.zerotier.gwg313.xyz

focalboard/configmap.yaml

@@ -1,27 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: focalboard-config
-  namespace: focalboard
-data:
-  config.json: |
-    {
-      "serverRoot": "https://pm.gwg313.xyz",
-      "port": 8000,
-
-      "dbtype": "sqlite3",
-      "dbconfig": "/opt/focalboard/data/focalboard.db",
-
-      "useSSL": false,
-      "webpath": "./pack",
-      "filespath": "/data/files",
-
-      "telemetry": false,
-      "prometheusaddress": ":9092",
-
-      "session_expire_time": 2592000,
-      "session_refresh_time": 18000,
-
-      "localOnly": false,
-      "enableLocalMode": false
-    }

focalboard/deployment.yaml

@@ -1,37 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: focalboard
-  namespace: focalboard
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: focalboard
-  template:
-    metadata:
-      labels:
-        app: focalboard
-    spec:
-      enableServiceLinks: false
-      containers:
-        - name: focalboard
-          image: mattermost/focalboard:latest
-          ports:
-            - containerPort: 8000
-          volumeMounts:
-            - name: data
-              mountPath: /data
-            - name: config
-              mountPath: /opt/focalboard/config.json
-              subPath: config.json
-          env:
-            - name: FB_PORT
-              value: "8000"
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: focalboard-data
-        - name: config
-          configMap:
-            name: focalboard-config

focalboard/gateway.yaml

@@ -1,20 +0,0 @@
-apiVersion: networking.istio.io/v1beta1
-kind: Gateway
-metadata:
-  name: focalboard-gateway
-  namespace: focalboard
-spec:
-  selector:
-    istio: gateway
-  servers:
-    - port:
-        number: 443
-        name: https
-        protocol: HTTPS
-      tls:
-        mode: SIMPLE
-        credentialName: focalboard-cert
-      hosts:
-        - pm.local.gwg313.xyz
-        - pm.gwg313.xyz
-        - pm.zerotier.gwg313.xyz

focalboard/iscsi-secret-sealed.yaml

@@ -1,19 +0,0 @@
----
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: focalboard-iscsi-auth
-  namespace: focalboard
-spec:
-  encryptedData:
-    discovery.sendtargets.auth.password: AgCQ43B6UutDThhw5gfI74RhhNAcBJkzeoeKMsnzYmMo8Mjz8XV7mNKFR6iWmyJ6FAI55Wt0pNTZi2KFtDCkGXB2isAarmtPdYUajWT6Naum3YFd3fKvNmx/Hk/wfkVqQnSwbw+pehu9uks2fiF/6n6S048JQW83LbCzs3Icb5b8Z761ivQXEwwpFJvRr1fUb0bBZnFxc0YU3d48zJyhX90ljyGql6Y/mXs1m62x3yZrTxojjhz359kDk7xpkYPUKLCW708fBITlhiwH2DwaztANCy+T9bRKBl8YnseAUpSa6ipP7xUyTw4kTSMS8UUTHfnd6OklUbPaAAYYLf8evOajArhZzfwsLIC+8vmhonf9MPZQTcdF8YJl23x4E/+k4xVL3Wh01QDnpTLwbLUyGM5hgQezmXIhYq9QNDSYHyJZC6jpeLJJuD4aHctkP2yZ22B6STybSAyPh7fuB4Br1qycMitjOSMTgiGi3+T2U8tOQ0bWZvQIyD6GqqMJPMZM/3wwt/AEVkmWNFkCkYcXtxacOTfzoUZGf1L0bF4rEQKTFXQxbVq+TGzfPiMLJ3jdj8ZpO79kafUINXr+gXwd4itKqGaV39lCg6drqiVMY5YVaE2V4kGZXRivgGe0+CpsdpsaHGsYYY/x3ONEw3IYm7HvHCVF8gdOqykxDSbrGMoyO2JJs1oyrOQ8USwFWOku5XUmFwjniXYWOgBghA2Q8g==
-    discovery.sendtargets.auth.username: AgAZsdwSsp/KNr4CpqXKD53tJLLMCAB+j8Ml9YRCnTG/6oKFs+4zthCBC5H8z7WOPyCi31bEuRwM+gTAVYz5cGdJlO2s+0mhnvXI+NoZSU0IoWqczkGq90Ss/2auQZq4edKnhZQh9guM/nGv79zyNzocIdQ4J/JJXXadVWJbkvhym3OdK/jh5sYIkkKKUbKVv3rJLRSw7pyQT+uJWw/+pgxcV4dVuczvfsodA6OWbAMIdouqsfpzKrfmzo5StKUQiNQxjyWhXuBoHXODtzf/ZI9+DJnKce5LueoiM/NrEfkL8tWcU0ty7FXbCynOYg+NM2RRXyaSzY4tSpRkU3Zkp3cy37gISA+n0o8vUokGpPCew2A2vFWpqktjR69RJJXO0lA7fvpM8auysHuHiJxDrUkGlo+aQoHODXrDVeQ/yeigoFBdgSXCrwHu+lTbw+Uu6WmdwWEPr/TQVDABLwzWxIwy8zkHD5MvugsM4jjwPxKzpC+ReEXbEZZly4lwlqliDQtVmdWxQ6fJF5+smLkMLlrbbmLSkuv+bODn2Jb+k5QtwVz//ZdOQBLaMuzKvjIng1fv8aPJR0kzA/0DIUmAOicCLDBOZZI7cXt75FHyQbxLQU1A7vn/dbn5mdwRw1P+Ha36QR4SpSPe5L83TxFgEMvkmnTAYURrnG6OKCfWjNiNWHaa5CFxnhDdaiZ6dj501M9ERteyI0irp1ah
-    node.session.auth.password: AgCQv/EkgJF/dSaEgoqNmKqV59wEHw0X+fNShJ4Wn6tBPbzGFggt4LcuvTIlhqCspsFL0HZB/sDoo32tGIcXpPKUt7iQZFpTVI20TaeI2f9vRoPHmZVwC4Y/qnoi2QvcnayzGT9fMy2LsditN6q7KwRYeU4Kl5AVXj57OjhDxau53/uEXkrXIgipdXjSHg/DoH0s08o4RKgsDS64YmbdZzVoJJ90U7TvcWi94ypg02y0w/vicpVUoEBQ2PKBTvP088zkCZSAwyfNtwyrLV4gBTyMdpHuYjuS1yFIlV4E77abfro2NP4iXnqiJnsXUfZ3gbMg+xzTmFcen8U8aYa3M+XXI/75lX0ET46pKevB5xNVnxBp+azGsBddSbzzpHOVlxqJYRa4EIQVfkXMCQKeWGnbutG0SLMv2PFtp9oGOkgij4I+Fhs5WAJ5luV/No4Z6ONyodc68Precp8yMoESA4noqaXC4py0sOAdnbliIFf+hTCJK/3Z6ecajKJ2wDd1xFlVr+x2kfdwmYQzROos+zNNrVy13pyDZgUnNqIP0yyQCnBrGJlhozNmMe/CkFZaTxPx3fBG24odfLfgNqub07cqiy0yUAF4IVVsCJtH9YzHKVklRG8b3OiHd3w4E/jOkwMsnXOFWbzHRMdiwwtxV8/M7BtWRA+VhYzp/DsV/gyZ6MthXtdkdW+vzIY3ZIVyinceknv9tYfRdOjpYS9ldQ==
-    node.session.auth.username: AgCYg4H4MoGfIoIkTfdAyMe7i2hF9IqiY9cHt07uv8finHnykgwo4s8jAnLdGRI1R+sQfs2IeLGcdNLUg/YsOXI4nvY18Bb7qAo+KrMmmSb1ZIKKHN/pP08rCVRJsqOKNd6lIDpfk921fpdn83i6Otp2lHabBU/z4a96LDU2cC2WGyIbK5IP/gS1EYHWK8ya12lbdPKglGG0NA+bbKpW2kRC4omJTZ6v1+GpJT524lZCGazsw0y+Hpa9UuswCEGsvhw4wDoxAxr+Dg25Fv9iL/UJCisx7lv+0/1t1KLBHFEJpJyvOA9BdIiUOWFzoN0wzcmGa0k0vCdZwHjFqmVRvQjUDl2iSpa97AAxIma+nZ0ToVDp2FJHShBnnNTKoQNf7P5mlAEfG7ffx+JCH7drLqDQvE1SUQBvT3NKm5kTZdpnzKIUX8FEiXGFBj1VmVc/ceRukgZ6qAm7yJl91nxdp30/16fnjGtjNn3TJgB+jCNnR28P26tzhIiEjYnHvY5vncG7Dxc5AJkrwI1kyLenbgvI9/m0IpSm49dXu0iaZF78KTn5M5RLxqhfx+58o+crL763yBkT7zkEpSGT7X2ud4B64NUE7PQLgiXtMe5Q6Rr5KI1KFGeBur5F71cey7oYCLqQaMAhstxE7iGSVCNBKOzLle94TkiGGe/HKGaRRyzxM1uGvw/jJwdWGOFXJ2JEN5Y6eWHNH1INPGt8
-  template:
-    metadata:
-      creationTimestamp: null
-      name: focalboard-iscsi-auth
-      namespace: focalboard
-    type: kubernetes.io/iscsi-chap

focalboard/namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: focalboard

focalboard/service.yaml

@@ -1,11 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: focalboard
-  namespace: focalboard
-spec:
-  selector:
-    app: focalboard
-  ports:
-    - port: 80
-      targetPort: 8000

focalboard/storage.yaml

@@ -1,36 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: focalboard-pv
-spec:
-  capacity:
-    storage: 10Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  iscsi:
-    targetPortal: truenas.local.gwg313.xyz:3260
-    iqn: iqn.2005-10.org.freenas.ctl:focalboard
-    lun: 0
-    fsType: ext4
-    chapAuthDiscovery: true
-    chapAuthSession: true
-    secretRef:
-      name: focalboard-iscsi-auth
-  claimRef:
-    namespace: focalboard
-    name: focalboard-data
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: focalboard-data
-  namespace: focalboard
-spec:
-  storageClassName: manual
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 10Gi
-  volumeName: focalboard-pv

focalboard/virtualservice.yaml

@@ -1,21 +0,0 @@
-apiVersion: networking.istio.io/v1beta1
-kind: VirtualService
-metadata:
-  name: focalboard
-  namespace: focalboard
-spec:
-  hosts:
-    - pm.local.gwg313.xyz
-    - pm.gwg313.xyz
-    - pm.zerotier.gwg313.xyz
-  gateways:
-    - focalboard-gateway
-  http:
-    - match:
-        - uri:
-            prefix: /
-      route:
-        - destination:
-            host: focalboard
-            port:
-              number: 80

management/platform-apps/kustomization.yaml

@@ -17,3 +17,4 @@ resources:
   - tekton.yaml
   - navidrome.yaml
   - bytestash.yaml
+  - stirling-pdf.yaml

management/platform-apps/stirling-pdf.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: stirling-pdf
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "15"
+spec:
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: stirling-pdf
+  source:
+    repoURL: https://github.com/gwg313/homelab-gitops.git
+    path: apps/stirling-pdf
+    targetRevision: main
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
+      - SkipDryRunOnMissingResource=true

stirling-pdf/certificate.yaml

@@ -1,12 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: stirling-pdf-cert
-  namespace: istio-system
-spec:
-  secretName: stirling-pdf-cert
-  issuerRef:
-    name: letsencrypt-dns
-    kind: ClusterIssuer
-  dnsNames:
-    - pdftools.gwg313.xyz

stirling-pdf/custom-files-pvc.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: stirling-custom-files
-  namespace: stirling-pdf
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 512Mi
-  storageClassName: nfs-client

stirling-pdf/deployment.yaml

@@ -1,52 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: stirling-pdf
-  namespace: stirling-pdf
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: stirling-pdf
-  template:
-    metadata:
-      labels:
-        app: stirling-pdf
-    spec:
-      containers:
-        - name: stirling-pdf
-          image: docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest
-          ports:
-            - containerPort: 8080
-          env:
-            - name: DISABLE_ADDITIONAL_FEATURES
-              value: "false"
-            - name: LANGS
-              value: "en_US"
-          volumeMounts:
-            - name: training-data
-              mountPath: /usr/share/tessdata
-            - name: extra-configs
-              mountPath: /configs
-            - name: custom-files
-              mountPath: /customFiles
-            - name: logs
-              mountPath: /logs
-            - name: pipeline
-              mountPath: /pipeline
-      volumes:
-        - name: training-data
-          persistentVolumeClaim:
-            claimName: stirling-training-data
-        - name: extra-configs
-          persistentVolumeClaim:
-            claimName: stirling-extra-configs
-        - name: custom-files
-          persistentVolumeClaim:
-            claimName: stirling-custom-files
-        - name: logs
-          persistentVolumeClaim:
-            claimName: stirling-logs
-        - name: pipeline
-          persistentVolumeClaim:
-            claimName: stirling-pipeline

stirling-pdf/extra-configs-pvc.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: stirling-extra-configs
-  namespace: stirling-pdf
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 512Mi
-  storageClassName: nfs-client

stirling-pdf/gateway.yaml

@@ -1,18 +0,0 @@
-apiVersion: networking.istio.io/v1beta1
-kind: Gateway
-metadata:
-  name: stirling-pdf-gateway
-  namespace: stirling-pdf
-spec:
-  selector:
-    istio: gateway
-  servers:
-    - port:
-        number: 443
-        name: https
-        protocol: HTTPS
-      tls:
-        mode: SIMPLE
-        credentialName: stirling-pdf-cert
-      hosts:
-        - pdftools.gwg313.xyz

stirling-pdf/pipeline-pvc.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: stirling-pipeline
-  namespace: stirling-pdf
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 512Mi
-  storageClassName: nfs-client

stirling-pdf/training-data-pvc.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: stirling-training-data
-  namespace: stirling-pdf
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: nfs-client

stirling-pdf/virtualservice.yaml

@@ -1,19 +0,0 @@
-apiVersion: networking.istio.io/v1beta1
-kind: VirtualService
-metadata:
-  name: stirling-pdf
-  namespace: stirling-pdf
-spec:
-  hosts:
-    - pdftools.gwg313.xyz
-  gateways:
-    - stirling-pdf-gateway
-  http:
-    - match:
-        - uri:
-            prefix: /
-      route:
-        - destination:
-            host: stirling-pdf
-            port:
-              number: 80