ppusher v2

2026-05-20 18:49:58 +02:00
parent fd0d3c0f6b
commit 708edd0fab
15 changed files with 179 additions and 153 deletions
--- a/infra/overlays/upc-dev/passwordpusher/resources/deployment.yaml
+++ b/infra/overlays/upc-dev/passwordpusher/resources/deployment.yaml
@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: passwordpusher
+  namespace: passwordpusher
+  labels:
+    app.kubernetes.io/name: passwordpusher
+    app.kubernetes.io/instance: passwordpusher
+    app.kubernetes.io/component: app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: passwordpusher
+      app.kubernetes.io/instance: passwordpusher
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: passwordpusher
+        app.kubernetes.io/instance: passwordpusher
+        app.kubernetes.io/component: app
+    spec:
+      containers:
+      - name: passwordpusher
+        image: docker.io/pglombardo/pwpush:release-1.51.0
+        ports:
+        - name: http
+          containerPort: 5100
+        env:
+        - name: PWP__HOST_DOMAIN
+          value: pwpush.forteapps.net
+        - name: PWP__HOST_PROTOCOL
+          value: https
+        - name: PWP__ENABLE_LOGINS
+          value: "true"
+        - name: PWP__ALLOW_ANONYMOUS
+          value: "false"
+        - name: PWP__SIGNUPS_ENABLED
+          value: "false"
+        - name: PWP__MAIL_RAISE_DELIVERY_ERRORS
+          value: "false"
+        - name: PWP__MAIL_SMTP_ADDRESS
+          value: smtp.office365.com
+        - name: PWP__MAIL_SMTP_PORT
+          value: "587"
+        - name: PWP__MAIL_SMTP_AUTHENTICATION
+          value: login
+        - name: PWP__MAIL_SMTP_STARTTLS
+          value: "true"
+        - name: PWP__MAIL_SMTP_DOMAIN
+          value: fortedigital.com
+        - name: PWP__MAIL_SENDER
+          value: noreply@fortedigital.com
+        envFrom:
+        - secretRef:
+            name: passwordpusher-db-creds
+        - secretRef:
+            name: passwordpusher-smtp-creds
+        livenessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 5
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
--- a/infra/overlays/upc-dev/passwordpusher/resources/ingress.yaml
+++ b/infra/overlays/upc-dev/passwordpusher/resources/ingress.yaml
@@ -0,0 +1,33 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: passwordpusher
+  namespace: passwordpusher
+  labels:
+    app.kubernetes.io/name: passwordpusher
+    app.kubernetes.io/instance: passwordpusher
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    gethomepage.dev/enabled: "true"
+    gethomepage.dev/name: "PasswordPusher"
+    gethomepage.dev/description: "Share passwords securely with expiring links"
+    gethomepage.dev/group: "Security"
+    gethomepage.dev/icon: "passwordpusher"
+    gethomepage.dev/href: "https://pwpush.forteapps.net"
+spec:
+  ingressClassName: traefik
+  tls:
+  - secretName: passwordpusher-tls
+    hosts:
+    - pwpush.forteapps.net
+  rules:
+  - host: pwpush.forteapps.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: passwordpusher
+            port:
+              name: http
--- a/infra/overlays/upc-dev/passwordpusher/resources/kustomization.yaml
+++ b/infra/overlays/upc-dev/passwordpusher/resources/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- postgresql.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+- passwordpusher-db-secret-sealed.yaml
+- passwordpusher-smtp-secret-sealed.yaml
--- a/infra/overlays/upc-dev/passwordpusher/resources/passwordpusher-db-secret-sealed.yaml
+++ b/infra/overlays/upc-dev/passwordpusher/resources/passwordpusher-db-secret-sealed.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: passwordpusher-db-creds
+  namespace: passwordpusher
+spec:
+  encryptedData:
+    DATABASE_URL: AgBzQyFkhTceQqpUN528xXnxf/P0veuO8I74wSOEuY2qThascssUhNnYmYXpIEwSpwYasEz1WksNQLR1IXBgrl/2FPUF4TOR/CvmF60zToXTp2mxCw4EBynXcsWDzQteTEL7DMmoGs4YdGqn/T2c8CQ873z1lgDEgZXDreZnL3bnQtbyyBvwK0xvhsPYsEhT490t0D0r0lfPmW1GoWkHRsPjGPJUZONrmULVW3unlqUGqO9t6A9XU5NasiEGwgfjToZo/bK4FpQOrGnI/N5PNp22zbZ6u+j9rKMkn6IFrbY3uTNdrDxu8I7OnrDD2DYMbDoFDj8W8Gt/VlLk1OK+gL4rf6U6SYKJMsJ1FyleuGHjY8aw1Xcgkwe7XwE/YjI7AEDCbH04HFb6MTHKcc/kNOoBpevhAWNtpXlTl10rRLsfEa3SVefN957R/bdTNshlNq1g0fXK5wSsDk1I4xWo8j17iHuVMXiRHcybapK849IWCxhUZBPE/OdN47LQ98AmNMolgpt7UGKkvb77MG1MS7QsaNfXkqnhZ0Gp2v6LL/UWhg72EdLozECA981XMdCRd5H36LYANtq5BeMgRw54uwfTw551SeP8+SCx/NBjaaHQCMHVHK9WhvjDD9iLWIRGNiPZxt4DP7oC3ERhB6L4aNir+pmS6xmdYAs85mYDbbNCfNjdRu6OyQPOwQI8Yr+LnF/NHpOuNOpIfsjcRwvkVrUD2qL4GnFk2a9jVw5EuTGdDA+Sw3a22SwiFj48GXsKJeanAqc7HrI+Cgsav99gdKB5IFH+AeN+4KX0
+    pgpassword: AgDB0+q0JPVtkiGkrJt2nQjdTYX1qELDwNiTbJ5lYrRdpnulC0jah3rpuZ+P3DjwTqL6ki+anG/bxTApMRnUSXE1yOL241yLtIAvmg3MuNl5lJnxzA+hlsdNYQ5O6tCCCAyMw4hwsinYF5elJF7jsdFt2YC5CIDodx3STjWksysEAkXihhsBlWcuGq6WAh5jwTjV8auUt2NgfN58OefVT2/sx680OAMuVCja71HkoFJaNKR+rVC0yTzMk80D2lx1fKD+awWYiUKB0/dfTUuIfmtq23ndhX6ZmUYJITiwom6xt86ta9uM5qD3DGExJK1qkl8O7EE6spDxNKRkk/DLsTtbpJ4a2a+QhM6YMbtGR9//4zvgCrncncWkoHhJ/rvt5oA8Vc2fDDn1OMYQLya0g/xJGxyxLIthAEC4rMgy24uPEHAKEzc2ScXyOUzB31vCOxQq6HEgWMAZgZr8oBOc1o7E6L6jsZR+l7aw7Zmi/B7K4OpfCMHyTDFPJxjL2FAfEyRls0/sLt3IkNttc6iFZPPg7NU/AoyHj4Ex6fbV1oEQAlFoNy6dDUxMPhwVaaHRce+aCOPn4Cv29IbVeaVaA74cJ2oi2HIu+nZEDdY1CkrYdXb2PAnZOYPTcGuUJU/kyIIT0XUAe7dUA+/02aE6vzpIyVQu2Lu2Vn1H5GOrIzaMZjtP0DVHNpmnG+6+V7ADayFOEKdjxBK5
+    pgusername: AgDIB/14c4lIs8OBYlE4/EbKyK931xyhCxFbAdupmuwDpNBED9ilCAaAf18PLd8lKfqI5950/TVIsV3sjJ/2Alcg+4niA29tQTVwpHiMOOr4XOXGyNkePpvVyrcmczOZGBdQ5+GJ8LOdN8jLD+ptB/JS7RxtTTDpZCjFiigcHLEibCMtRY4+0+m0FuQ63d7xcNs/P3Q2TZFBz+uXvv+Y19HNA2G9MojxgZzYPgq6MeWkcW046NY9IjeczyK7O3j0iHzCiciW2rtqzagpc7pp+0eyoi4ZS2F5Bc4JICvxEfdDWR8zIwSKScrXJ/N3q7SfIFDWDUO7Gl+9VxvD7MrRnKcRPeEwRmQTT/Ihey1QlGh+2C+/7pNNdSRfWQHt6p69XPX3gzYHimC9yyHgYyUAfbI2dV2ZxX4i1+79ab1MHe9ZbRH7xRX3B9ehXBXwAyvfUX/2bHAFfb05iaTVXgHLeEHlybKcufQKFx08k/qEkb0HK5VBT9nYUGm31rHZ16dMR4/lFNzfBUuxJuuID41jkZXApeGaWAHVi5g313VNJNjjx+quAATGrm0HOBwKZn4DHtrOJLmIw0e02rwe9ALqgIZCi6E24uha3OVCdSpWbzpyoU2npp+ZQ33GXtn2hSq2tf3voZo63iYBwKxxWc6udjUI4BmO+qktMgssjqoSkqDlDNKaiQn+jiboPPnGVTz+xOxO81IflIo=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: passwordpusher-db-creds
+      namespace: passwordpusher
--- a/infra/overlays/upc-dev/passwordpusher/resources/passwordpusher-smtp-secret-sealed.yaml
+++ b/infra/overlays/upc-dev/passwordpusher/resources/passwordpusher-smtp-secret-sealed.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: passwordpusher-smtp-creds
+  namespace: passwordpusher
+spec:
+  encryptedData:
+    PWP__MAIL_SMTP_PASSWORD: AgATJPqOStlRHlXtks4vLFszs/s3//oRDLR9vtzMY1leQv4Dj+kj4YeA0t/oOWVnl1dATW//tesBQ+CYaDrpKhVMzFXcE2NHchJ9X9iUqerR55zxByNmlI417AIEhnT/mcGzqBCfVZ83Vuq2j0FsDYFfwrjKeOIVZ0MYgFP2ewA4A6FpttFS2a9V5Af3b7GmIzGCcyxbppNPkzk83pisTnH+MlzrAC6qu7O/9QYWRIoqnccZOXqPzCSink96sQofXfdbzAf4ExSGwbsHI1/MUX0WO7QsNo8xyEG+q3TRQ3VXYyCOyrOZ9DgJ60/wHZQ+lhdeV1wNtYhXS/5Zx5NuQ9xo4qjFA395Ke6YQvwoN9tIka3InzoP5j7gi2hrn09jhghwnDIGvF1rsu9SX45GCefnHB+pbpbTWi7PoX2hZSYEpfZQGSRzfdvRM6roc1AFHZujNez4fnKJYWM3+0SzwgURvaKOU3hfOeW1qD7sHozuzeeXzIey7LyPx3j06jWxW+mNYErJr2IqG9Y7VXyzvCvammFa4S8/W2yi1d1x5Cy44GG0edf3jq6Q6UgzuKc0Sl0ReBRFYg+aiftREv9SGjKPnqWA9bh6ja+Wbc2lTkb8TmKFHuYitRujNynUIZVziScl6B7t81WkZtTuqchH9NqNdE++C3S4xBePlWZ/1sxFj2jKnfuLTsUVRd+N0zEOXgYl/GTMqtzQ2EqamnN10w==
+    PWP__MAIL_SMTP_USER_NAME: AgCd/qHbD0HqewPZsI2gjT9/l5iGb78Q0PCW9fCAt+GkcpvHBkp+eKAwFdglg+A4PJYgbUvb0wFzflnJluxbwdnNRY2kGzYhjCqFsE8TxrqZ+OvEpFy141rUtjYC8HMtT+l+l3JKoo/pkoJNilbFUEi/xK+/R5/hXqngHYvyrh+2T8xRrmlQaG845E3ESTc9ht7TkmQ/9fyrlAIisSNAvYqGnYfjzI2syswwYeRWDLL6/UL2DUaEmf0g6qheM570M8OADae+z/vQWZteC2a+tAdHTZ3w1G/diOkwC5dr95PFS2vW7jVbuE2CmNJ1a08EFJNKT3U+8d0RwGg765KA4RysQ5ygJOa/eBIaTC+QHnMxVMOih222drhphZUSkCPxkxl5NffLeuCubMfstBKRI77iORdIEG1Sqr03/ryAwIuCqXOcBuhDDGlEFG3x3dmW5kR3ADzwaXikNaU7VvRcHjeD9fDbVavqbJvBpevK84cJJ1JpM6nEl2iVXqp5eVR4W9FBgQy0M70sIENuSoxlPTUw1cfgpFuMApT1F53krbBRzOxxOjUqIrod81SYpB8POs5K9SeKVAwvp4MyN7pMDoYl5RMQw4s8+shKeLqZoKO/MfTyD1fpBmvMJiJLQudBi19AgnJj3/JVq2TCZ27/JBV3C1ua37JNdY3T2xwPreHGV5XlzxYPMDQe2WvzkGuJY66NwwIH5Iu46IubIzLfp/cxq/fstS3K8pDJXOOF
+  template:
+    metadata:
+      creationTimestamp: null
+      name: passwordpusher-smtp-creds
+      namespace: passwordpusher
--- a/infra/overlays/upc-dev/passwordpusher/resources/postgresql.yaml
+++ b/infra/overlays/upc-dev/passwordpusher/resources/postgresql.yaml
@@ -0,0 +1,98 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: passwordpusher-postgresql
+  namespace: passwordpusher
+  labels:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/instance: passwordpusher
+    app.kubernetes.io/component: database
+spec:
+  type: ClusterIP
+  ports:
+  - name: tcp-postgresql
+    port: 5432
+    targetPort: tcp-postgresql
+  selector:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/instance: passwordpusher
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: passwordpusher-postgresql
+  namespace: passwordpusher
+  labels:
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/instance: passwordpusher
+    app.kubernetes.io/component: database
+spec:
+  serviceName: passwordpusher-postgresql
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: postgresql
+      app.kubernetes.io/instance: passwordpusher
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: postgresql
+        app.kubernetes.io/instance: passwordpusher
+        app.kubernetes.io/component: database
+    spec:
+      containers:
+      - name: postgresql
+        image: postgres:16-alpine
+        ports:
+        - name: tcp-postgresql
+          containerPort: 5432
+        env:
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: passwordpusher-db-creds
+              key: pgusername
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: passwordpusher-db-creds
+              key: pgpassword
+        - name: POSTGRES_DB
+          value: passwordpusher
+        - name: PGDATA
+          value: /var/lib/postgresql/data/pgdata
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/postgresql/data
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - pg_isready -U "$POSTGRES_USER" -d passwordpusher
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - pg_isready -U "$POSTGRES_USER" -d passwordpusher
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        resources:
+          requests:
+            cpu: 100m
+            memory: 256Mi
+          limits:
+            cpu: 500m
+            memory: 512Mi
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes:
+      - ReadWriteOnce
+      resources:
+        requests:
+          storage: 2Gi
--- a/infra/overlays/upc-dev/passwordpusher/resources/service.yaml
+++ b/infra/overlays/upc-dev/passwordpusher/resources/service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: passwordpusher
+  namespace: passwordpusher
+  labels:
+    app.kubernetes.io/name: passwordpusher
+    app.kubernetes.io/instance: passwordpusher
+    app.kubernetes.io/component: app
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 5100
+    targetPort: http
+  selector:
+    app.kubernetes.io/name: passwordpusher
+    app.kubernetes.io/instance: passwordpusher