From ddd3f8b4745af8ec0704e99419afc53ff20a25aa Mon Sep 17 00:00:00 2001 From: e3mrah <81884938+emrahbaysal@users.noreply.github.com> Date: Wed, 6 May 2026 02:23:07 +0400 Subject: [PATCH] provision: deploy tenant e2e-wp-test (plan: m, apps: 1) --- .../tenants/e2e-wp-test/apps-sync.yaml | 21 +++++ .../e2e-wp-test/apps/app-wordpress.yaml | 62 +++++++++++++ .../tenants/e2e-wp-test/apps/db-mysql.yaml | 88 +++++++++++++++++++ .../e2e-wp-test/apps/kustomization.yaml | 7 ++ .../tenants/e2e-wp-test/apps/namespace.yaml | 4 + .../tenants/e2e-wp-test/ingress.yaml | 31 +++++++ .../tenants/e2e-wp-test/kustomization.yaml | 8 ++ .../tenants/e2e-wp-test/namespace.yaml | 7 ++ .../e2e-wp-test/provisioning-rbac.yaml | 58 ++++++++++++ .../tenants/e2e-wp-test/vcluster.yaml | 60 +++++++++++++ .../contabo-mkt/tenants/kustomization.yaml | 1 + 11 files changed, 347 insertions(+) create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/apps-sync.yaml create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/apps/app-wordpress.yaml create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/apps/db-mysql.yaml create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/apps/kustomization.yaml create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/apps/namespace.yaml create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/ingress.yaml create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/kustomization.yaml create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/namespace.yaml create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/provisioning-rbac.yaml create mode 100644 clusters/contabo-mkt/tenants/e2e-wp-test/vcluster.yaml diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/apps-sync.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/apps-sync.yaml new file mode 100644 index 00000000..67a7fb16 --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/apps-sync.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: tenant-e2e-wp-test-apps + namespace: flux-system +spec: + interval: 5m + retryInterval: 1m + timeout: 5m + prune: true + wait: true + targetNamespace: tenant-e2e-wp-test + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + path: ./clusters/contabo-mkt/tenants/e2e-wp-test/apps + kubeConfig: + secretRef: + name: tenant-e2e-wp-test-kubeconfig + key: config diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/apps/app-wordpress.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/apps/app-wordpress.yaml new file mode 100644 index 00000000..1461fdf0 --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/apps/app-wordpress.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress + namespace: apps + labels: + app: wordpress + openova.io/tenant: "e2e-wp-test" +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: wordpress + template: + metadata: + labels: + app: wordpress + openova.io/tenant: "e2e-wp-test" + spec: + containers: + - name: wordpress + image: wordpress:6-apache + ports: + - containerPort: 80 + env: + - name: WORDPRESS_DB_HOST + value: "mysql" + - name: WORDPRESS_DB_USER + value: "app" + - name: WORDPRESS_DB_PASSWORD + value: "6e06e7e16706661cc75e6ec935afc588" + - name: WORDPRESS_DB_NAME + value: "db_wordpress" + - name: MYSQL_HOST + value: "mysql" + - name: MYSQL_USER + value: "app" + - name: MYSQL_PASSWORD + value: "6e06e7e16706661cc75e6ec935afc588" + - name: MYSQL_DATABASE + value: "db_wordpress" + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: wordpress + namespace: apps +spec: + selector: + app: wordpress + ports: + - port: 80 + targetPort: 80 diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/apps/db-mysql.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/apps/db-mysql.yaml new file mode 100644 index 00000000..44e65b29 --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/apps/db-mysql.yaml @@ -0,0 +1,88 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mysql-credentials + namespace: apps +type: Opaque +stringData: + MYSQL_ROOT_PASSWORD: "6e06e7e16706661cc75e6ec935afc588" + MYSQL_USER: app + MYSQL_PASSWORD: "6e06e7e16706661cc75e6ec935afc588" + MYSQL_DATABASE: db_wordpress +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: mysql-initdb + namespace: apps +data: + init.sql: | + FLUSH PRIVILEGES; +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-data + namespace: apps +spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 2Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql + namespace: apps +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: mysql + template: + metadata: + labels: + app: mysql + spec: + containers: + - name: mysql + image: mariadb:11 + ports: + - containerPort: 3306 + envFrom: + - secretRef: + name: mysql-credentials + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 500m + memory: 256Mi + volumeMounts: + - name: mysqldata + mountPath: /var/lib/mysql + - name: initdb + mountPath: /docker-entrypoint-initdb.d + volumes: + - name: mysqldata + persistentVolumeClaim: + claimName: mysql-data + - name: initdb + configMap: + name: mysql-initdb +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql + namespace: apps +spec: + selector: + app: mysql + ports: + - port: 3306 + targetPort: 3306 diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/apps/kustomization.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/apps/kustomization.yaml new file mode 100644 index 00000000..6ff57cee --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/apps/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: apps +resources: + - app-wordpress.yaml + - db-mysql.yaml + - namespace.yaml diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/apps/namespace.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/apps/namespace.yaml new file mode 100644 index 00000000..f05026e3 --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/apps/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: apps diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/ingress.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/ingress.yaml new file mode 100644 index 00000000..ec48f907 --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: tenant-ingress + namespace: tenant-e2e-wp-test + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ingressClassName: traefik + rules: + - host: e2e-wp-test.omani.rest + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wordpress-x-tenant-e2e-wp-test-x-vcluster + port: + number: 80 + - path: /wordpress + pathType: Prefix + backend: + service: + name: wordpress-x-tenant-e2e-wp-test-x-vcluster + port: + number: 80 + tls: + - hosts: + - e2e-wp-test.omani.rest + secretName: tenant-e2e-wp-test-tls diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/kustomization.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/kustomization.yaml new file mode 100644 index 00000000..d6d7084c --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - apps-sync.yaml + - ingress.yaml + - namespace.yaml + - provisioning-rbac.yaml + - vcluster.yaml diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/namespace.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/namespace.yaml new file mode 100644 index 00000000..f26dc4b0 --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/namespace.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: tenant-e2e-wp-test + labels: + openova.io/tenant: "e2e-wp-test" + openova.io/managed-by: provisioning diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/provisioning-rbac.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/provisioning-rbac.yaml new file mode 100644 index 00000000..7c886631 --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/provisioning-rbac.yaml @@ -0,0 +1,58 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: provisioning-tenant + namespace: tenant-e2e-wp-test + labels: + openova.io/managed-by: provisioning +rules: + - apiGroups: ["helm.toolkit.fluxcd.io"] + resources: ["helmreleases"] + verbs: ["get", "list", "watch", "patch", "delete"] + - apiGroups: ["kustomize.toolkit.fluxcd.io"] + resources: ["kustomizations"] + verbs: ["get", "list", "watch", "patch", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + # delete needed so waitForVclusterDNSOrKick can bounce vcluster-0 when + # the syncer's initial DNS reconciliation doesn't publish the + # kube-dns-x-kube-system-x-vcluster service. Issues #103, #105. + resources: ["pods"] + verbs: ["get", "list", "watch", "delete"] + - apiGroups: [""] + # services verb needed for waitForVclusterDNSOrKick to read the synced + # kube-dns-x-kube-system-x-vcluster Service to know DNS is live. + # Without this, the DNS probe returns 403 → we think DNS isn't synced + # → we kick vcluster-0 unnecessarily → 150s wasted per tenant. + # Also used by pod-truth reconciler to verify tenant apps are healthy + # regardless of provision-record freshness. Issue #115. + resources: ["services"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get", "list", "watch"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests"] + # patch needed so stripCertificateFinalizers can drop + # finalizer.cert-manager.io/certificate-secret-binding at teardown; + # without it the tenant NS can't GC because cert-manager can't + # reconcile the delete inside a Terminating NS. Issue #86. + verbs: ["get", "list", "watch", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: provisioning-tenant + namespace: tenant-e2e-wp-test + labels: + openova.io/managed-by: provisioning +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: provisioning-tenant +subjects: + - kind: ServiceAccount + name: provisioning + namespace: sme diff --git a/clusters/contabo-mkt/tenants/e2e-wp-test/vcluster.yaml b/clusters/contabo-mkt/tenants/e2e-wp-test/vcluster.yaml new file mode 100644 index 00000000..bb95548e --- /dev/null +++ b/clusters/contabo-mkt/tenants/e2e-wp-test/vcluster.yaml @@ -0,0 +1,60 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: vcluster + namespace: tenant-e2e-wp-test +spec: + interval: 10m + chart: + spec: + chart: vcluster + version: "0.33.*" + sourceRef: + kind: HelmRepository + name: loft + namespace: vcluster-system + values: + controlPlane: + distro: + k8s: + enabled: true + backingStore: + database: + embedded: + enabled: true + statefulSet: + image: + registry: ghcr.io + repository: loft-sh/vcluster-oss + resources: + requests: + cpu: 100m + memory: 192Mi + limits: + cpu: 2000m + memory: 2Gi + persistence: + volumeClaim: + size: 5Gi + service: + enabled: true + spec: + type: ClusterIP + exportKubeConfig: + context: vcluster + server: https://vcluster.tenant-e2e-wp-test:443 + insecure: false + additionalSecrets: + - name: vc-vcluster + server: https://vcluster.tenant-e2e-wp-test:443 + insecure: false + context: vcluster + sync: + toHost: + services: + enabled: true + ingresses: + enabled: false + fromHost: + ingressClasses: + enabled: true diff --git a/clusters/contabo-mkt/tenants/kustomization.yaml b/clusters/contabo-mkt/tenants/kustomization.yaml index b3344f84..68ae2615 100644 --- a/clusters/contabo-mkt/tenants/kustomization.yaml +++ b/clusters/contabo-mkt/tenants/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - bbb - test12-2 + - e2e-wp-test