From 6b61bb00d2974ec0abcc48da73dce30b5b997d84 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:33:55 +0100 Subject: [PATCH 1/8] Prepare the Minecraft installation --- .sops.yaml | 5 ++ .woodpecker/cdh.yaml | 31 +++++++ .woodpecker/helmfile.yaml | 40 +++++++++ environments.yaml | 3 + helmfile.yaml | 28 ++++++ istio.yaml | 36 ++++++++ secrets.yaml | 28 ++++++ values.yaml | 180 ++++++++++++++++++++++++++++++++++++++ 8 files changed, 351 insertions(+) create mode 100644 .sops.yaml create mode 100644 .woodpecker/cdh.yaml create mode 100644 .woodpecker/helmfile.yaml create mode 100644 environments.yaml create mode 100644 helmfile.yaml create mode 100644 istio.yaml create mode 100644 secrets.yaml create mode 100644 values.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..ff76bd9 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,5 @@ +creation_rules: + - path_regex: secrets.yaml + key_groups: + - age: + - age1vy36vn6w3f07rxm40tsy0u4gvqtjqznrs69ue4fkgxd06n4jl3esq8l60v diff --git a/.woodpecker/cdh.yaml b/.woodpecker/cdh.yaml new file mode 100644 index 0000000..8347ef4 --- /dev/null +++ b/.woodpecker/cdh.yaml @@ -0,0 +1,31 @@ +# ---------------------------------------------- +# -- Check da helm pipeline +# ---------------------------------------------- +when: + - event: cron + cron: nightly +steps: + check badhouseplants: + image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable + secrets: + - sops_age_key + environment: + RUST_LOG: info + commands: + - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml -o + + notification: + image: deblan/woodpecker-email + settings: + dsn: + from_secret: smtp_dsn + from: + address: woody@badhouseplants.net + name: Woody Woodpecker + recipients: + - allanger@badhouseplants.net + subject: CDH result + target: main + attachment: result.html + when: + - status: [success, failure] diff --git a/.woodpecker/helmfile.yaml b/.woodpecker/helmfile.yaml new file mode 100644 index 0000000..9fe61a6 --- /dev/null +++ b/.woodpecker/helmfile.yaml @@ -0,0 +1,40 @@ +when: + event: push + +.k8s-limits: &k8s-limits + backend_options: + kubernetes: + resources: + requests: + memory: 1024Mi + cpu: 1000m + limits: + memory: 1512Mi + cpu: 1500m + +steps: + diff: + <<: *k8s-limits + image: ghcr.io/helmfile/helmfile:canary + secrets: [sops_age_key, kubeconfig_content] + when: + - branch: + exclude: + - main + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile diff --suppress-secrets + + apply: + <<: *k8s-limits + image: ghcr.io/helmfile/helmfile:canary + secrets: [sops_age_key, kubeconfig_content] + when: + - branch: + include: + - main + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile apply diff --git a/environments.yaml b/environments.yaml new file mode 100644 index 0000000..9d8cb3f --- /dev/null +++ b/environments.yaml @@ -0,0 +1,3 @@ +environments: + default: + kubeContext: badhouseplants diff --git a/helmfile.yaml b/helmfile.yaml new file mode 100644 index 0000000..0e5b702 --- /dev/null +++ b/helmfile.yaml @@ -0,0 +1,28 @@ +--- +bases: + - environments.yaml + +templates: + ext-istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + values: + - '{{ requiredEnv "PWD" }}/istio.yaml' + +repositories: + - name: minecraft-server + url: https://itzg.github.io/minecraft-server-charts/ + +releases: + - name: minecraft + chart: minecraft-server-charts/minecraft + namespace: minecraft-application + version: 4.15.0 + values: + - ./values.yaml + secrets: + - ./secrets.yaml + inherit: + - template: ext-istio-resource diff --git a/istio.yaml b/istio.yaml new file mode 100644 index 0000000..1c834bc --- /dev/null +++ b/istio.yaml @@ -0,0 +1,36 @@ +--- +istio: + templates: + - | + {{ range .Values.istio }} + --- + apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + name: {{ .name }} + spec: + gateways: + - "{{ .gateway }}" + hosts: + - {{ .hostname | quote }} + {{- if eq .kind "http" }} + http: + - match: + - uri: + prefix: / + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{- else if eq .kind "tcp" }} + tcp: + - match: + - port: {{ .port_match }} + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{ end }} + {{ end }} diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000..0df3977 --- /dev/null +++ b/secrets.yaml @@ -0,0 +1,28 @@ +minecraftServer: + rcon: + password: ENC[AES256_GCM,data:d7rEX5rOJNXikocvJBSoCnA1aTx2jKfV7A==,iv:P5wsHV2XAzL6Ny1TwgsMEp+IbFFY2cObdfV+q//X01c=,tag:x+FOgJ8OvGcs8C0cEicejQ==,type:str] +mcbackup: + resticEnvs: + RESTIC_PASSWORD: ENC[AES256_GCM,data:AOYlclTvz+DVlYAPxG1X+V/5KfQLTwzImbcxlU01,iv:KolGzA//wWOolocX3T5zxWJ0jfWkWg+PrGbME+D2iFU=,tag:uDuU+sdcvVyjwcxh/UEOrg==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:8IBX/nwoqyR/xhr3umY=,iv:4FIGY9dryZ+G48vevaAdZAbU8Dlj+mdEtnytTuiP9Aw=,tag:b8vwsOD+WhclZhO/nxMmug==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:Cvh5NCtE,iv:w9FeowyjjPqNzz6MwIUytVQbcRIdn0qcSm0tnjpZQiQ=,tag:z2bV6d6XLJWgOU6Nfd9sBQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vy36vn6w3f07rxm40tsy0u4gvqtjqznrs69ue4fkgxd06n4jl3esq8l60v + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZmxLUDNRTUoxS0tjWmRW + c1ZuZFRqZVBVbjQ3UlhDQnZhb3M4R3ZPVVRjCi9BQkFVT2l2c1MrQzI3MGo5YUQ2 + Ti9jbHZUeVlGYWsycllWT3EyR2U4cVEKLS0tIGJBZ2IvakpHYzkrMXBqWFlSK1Fs + bkZBbXlpNC9uVGEwNDZ3WllaT01kdTQKYac1Tjq7EwfSNq1I8dyxZGuJ8Zkk0qTJ + zI/n40s54Y6rv4u5qTkIvW6HLp1NRm5jofpmq53Ss/yvsgwyWMmMyA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-02-20T23:30:18Z" + mac: ENC[AES256_GCM,data:u3ngPkQ5ZJHLUbFzCg/mhG8k4V9w0N4UzxeV2gOENJAC1hQnv6ZzB9PSWvqRlgu6TiBCNg1RC8AecxX2p7/9L2HyeQpfxj3J/oY0tyXlWdUJ9uVMG9b7F0jdP5a2rRoQWJ1YhI4ThZDVaittNy/jINlfNrTwWfIehVAd+CdcOp4=,iv:YymBTrvWAGvtFYu60oZQw0L3kgv1cnUy0MIV0jsFs6s=,tag:ULfzTGZq+z49FC9up6qm1g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..e5df96a --- /dev/null +++ b/values.yaml @@ -0,0 +1,180 @@ +--- +# -------------------------------------------------- +# -- Extensions values +# -------------------------------------------------- +service-account: + enabled: true + resources: + - name: minecraft-exporter + label: + app: minecraft-minecraft-metrics + endpoints: + port: metrics +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minecraft-tcp + gateway: istio-system/badhouseplants-minecraft + kind: tcp + port_match: 25565 + hostname: "*" + service: minecraft-minecraft + port: 25565 +# -------------------------------------------------- +# -- Main values +# -------------------------------------------------- +image: + tag: java17-graalvm-ce + pullPolicy: Always + +resources: + requests: + memory: 3Gi + cpu: 256m + limits: + memory: 3Gi + +lifecycle: + postStart: + - bash + - -c + - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 + +readinessProbe: + command: + - mc-health + periodSeconds: 20 + failureThreshold: 50 + timeoutSeconds: 10 +livenessProbe: + timeoutSeconds: 10 + +minecraftServer: + overrideServerProperties: true + eula: "TRUE" + onlineMode: false + difficulty: hard + hardcore: true + version: 1.20.1 + maxWorldSize: 90000 + type: "PAPER" + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar + gameMode: survival + pvp: true + rcon: + enabled: true + withGeneratedPassword: false + port: 25575 + serviceType: ClusterIP + extraPorts: + - name: metrics + containerPort: 9225 + protocol: TCP + service: + enabled: true + embedded: false + labels: + exporter: minecraft + type: ClusterIP + port: 9925 + ingress: + enabled: false +persistence: + dataDir: + enabled: true + Size: 15Gi +mcbackup: + enabled: false + backupInterval: 2h + pauseIfNoPlayers: "false" + pruneBackupsDays: 2 + rconRetries: 5 + rconRetryInterval: 10s + excludes: "*.jar,cache,logs" + backupMethod: restic + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft + resticAdditionalTags: "mc_backups" + pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" + resources: + requests: + memory: 512Mi + cpu: 100m + persistence: + backupDir: + enabled: false +# --------------------------------------------- +# -- Install Plugins +# --------------------------------------------- +initContainers: + - name: 0-install-prometheus-exporter + image: alpine/curl + command: + - curl + - -L + - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" + - -o + - /data/plugins/prometheus-exporter.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-password-plugin + image: alpine/curl + command: + - curl + - -L + - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" + - -o + - /data/plugins/PasswordProtect.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-gravity-control-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar + - -o + - /data/plugins/GravityControl-1.3.0.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-fast-minecart-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar + - -o + - /data/plugins/FastMinecarts.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + - name: 1-add-plugins-to-minecraft + image: alpine/curl + command: + - sh + - -c + - cp -r /in /out/plugins + volumeMounts: + - name: plugins + mountPath: /in + readOnly: false + - name: datadir + mountPath: /out +extraVolumes: + - volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + volumes: + - name: plugins + emptyDir: + sizeLimit: 500Mi -- 2.45.2 From 554e109f8da8ddf4d76afc6c907a864bff8802e9 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:42:03 +0100 Subject: [PATCH 2/8] Trigger CI -- 2.45.2 From afdab9ebb6b2dacb0047dc602e2f750f6a2792f6 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:47:06 +0100 Subject: [PATCH 3/8] Remove limits from the pipeline --- .woodpecker/helmfile.yaml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.woodpecker/helmfile.yaml b/.woodpecker/helmfile.yaml index 9fe61a6..2f99845 100644 --- a/.woodpecker/helmfile.yaml +++ b/.woodpecker/helmfile.yaml @@ -1,20 +1,8 @@ when: event: push -.k8s-limits: &k8s-limits - backend_options: - kubernetes: - resources: - requests: - memory: 1024Mi - cpu: 1000m - limits: - memory: 1512Mi - cpu: 1500m - steps: diff: - <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: @@ -27,7 +15,6 @@ steps: - helmfile diff --suppress-secrets apply: - <<: *k8s-limits image: ghcr.io/helmfile/helmfile:canary secrets: [sops_age_key, kubeconfig_content] when: -- 2.45.2 From 4c1e269194fa8f150a747174dec0ac7f0d698ca8 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:48:31 +0100 Subject: [PATCH 4/8] Fix the repo name --- helmfile.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helmfile.yaml b/helmfile.yaml index 0e5b702..da7d982 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -12,12 +12,12 @@ templates: - '{{ requiredEnv "PWD" }}/istio.yaml' repositories: - - name: minecraft-server + - name: minecraft url: https://itzg.github.io/minecraft-server-charts/ releases: - name: minecraft - chart: minecraft-server-charts/minecraft + chart: minecraft/minecraft namespace: minecraft-application version: 4.15.0 values: -- 2.45.2 From ca64917b223a9439a3536f4b7a32d65685908211 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Wed, 21 Feb 2024 00:49:47 +0100 Subject: [PATCH 5/8] Add bedag repo --- helmfile.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/helmfile.yaml b/helmfile.yaml index da7d982..e6e3cee 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -12,6 +12,8 @@ templates: - '{{ requiredEnv "PWD" }}/istio.yaml' repositories: + - name: bedag + url: https://bedag.github.io/helm-charts/ - name: minecraft url: https://itzg.github.io/minecraft-server-charts/ -- 2.45.2 From 3f3ee7549be66317a2fd161a757fd50075fed25f Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Tue, 20 Feb 2024 23:50:49 +0000 Subject: [PATCH 6/8] Prepare the Minecraft installation (#1) Reviewed-on: https://git.badhouseplants.net/badhouseplants/minecraft-helmfile/pulls/1 --- .sops.yaml | 5 ++ .woodpecker/cdh.yaml | 31 +++++++ .woodpecker/helmfile.yaml | 27 ++++++ environments.yaml | 3 + helmfile.yaml | 30 +++++++ istio.yaml | 36 ++++++++ secrets.yaml | 28 ++++++ values.yaml | 180 ++++++++++++++++++++++++++++++++++++++ 8 files changed, 340 insertions(+) create mode 100644 .sops.yaml create mode 100644 .woodpecker/cdh.yaml create mode 100644 .woodpecker/helmfile.yaml create mode 100644 environments.yaml create mode 100644 helmfile.yaml create mode 100644 istio.yaml create mode 100644 secrets.yaml create mode 100644 values.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..ff76bd9 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,5 @@ +creation_rules: + - path_regex: secrets.yaml + key_groups: + - age: + - age1vy36vn6w3f07rxm40tsy0u4gvqtjqznrs69ue4fkgxd06n4jl3esq8l60v diff --git a/.woodpecker/cdh.yaml b/.woodpecker/cdh.yaml new file mode 100644 index 0000000..8347ef4 --- /dev/null +++ b/.woodpecker/cdh.yaml @@ -0,0 +1,31 @@ +# ---------------------------------------------- +# -- Check da helm pipeline +# ---------------------------------------------- +when: + - event: cron + cron: nightly +steps: + check badhouseplants: + image: ghcr.io/allanger/check-da-helm-helmfile-secrets:stable + secrets: + - sops_age_key + environment: + RUST_LOG: info + commands: + - cdh --kind helmfile -p $CI_WORKSPACE/helmfile.yaml -o + + notification: + image: deblan/woodpecker-email + settings: + dsn: + from_secret: smtp_dsn + from: + address: woody@badhouseplants.net + name: Woody Woodpecker + recipients: + - allanger@badhouseplants.net + subject: CDH result + target: main + attachment: result.html + when: + - status: [success, failure] diff --git a/.woodpecker/helmfile.yaml b/.woodpecker/helmfile.yaml new file mode 100644 index 0000000..2f99845 --- /dev/null +++ b/.woodpecker/helmfile.yaml @@ -0,0 +1,27 @@ +when: + event: push + +steps: + diff: + image: ghcr.io/helmfile/helmfile:canary + secrets: [sops_age_key, kubeconfig_content] + when: + - branch: + exclude: + - main + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile diff --suppress-secrets + + apply: + image: ghcr.io/helmfile/helmfile:canary + secrets: [sops_age_key, kubeconfig_content] + when: + - branch: + include: + - main + commands: + - mkdir $HOME/.kube + - echo "$KUBECONFIG_CONTENT" > $HOME/.kube/config && chmod 0600 $HOME/.kube/config + - helmfile apply diff --git a/environments.yaml b/environments.yaml new file mode 100644 index 0000000..9d8cb3f --- /dev/null +++ b/environments.yaml @@ -0,0 +1,3 @@ +environments: + default: + kubeContext: badhouseplants diff --git a/helmfile.yaml b/helmfile.yaml new file mode 100644 index 0000000..e6e3cee --- /dev/null +++ b/helmfile.yaml @@ -0,0 +1,30 @@ +--- +bases: + - environments.yaml + +templates: + ext-istio-resource: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: istio + values: + - '{{ requiredEnv "PWD" }}/istio.yaml' + +repositories: + - name: bedag + url: https://bedag.github.io/helm-charts/ + - name: minecraft + url: https://itzg.github.io/minecraft-server-charts/ + +releases: + - name: minecraft + chart: minecraft/minecraft + namespace: minecraft-application + version: 4.15.0 + values: + - ./values.yaml + secrets: + - ./secrets.yaml + inherit: + - template: ext-istio-resource diff --git a/istio.yaml b/istio.yaml new file mode 100644 index 0000000..1c834bc --- /dev/null +++ b/istio.yaml @@ -0,0 +1,36 @@ +--- +istio: + templates: + - | + {{ range .Values.istio }} + --- + apiVersion: networking.istio.io/v1beta1 + kind: VirtualService + metadata: + name: {{ .name }} + spec: + gateways: + - "{{ .gateway }}" + hosts: + - {{ .hostname | quote }} + {{- if eq .kind "http" }} + http: + - match: + - uri: + prefix: / + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{- else if eq .kind "tcp" }} + tcp: + - match: + - port: {{ .port_match }} + route: + - destination: + host: {{ .service }} + port: + number: {{ .port }} + {{ end }} + {{ end }} diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000..0df3977 --- /dev/null +++ b/secrets.yaml @@ -0,0 +1,28 @@ +minecraftServer: + rcon: + password: ENC[AES256_GCM,data:d7rEX5rOJNXikocvJBSoCnA1aTx2jKfV7A==,iv:P5wsHV2XAzL6Ny1TwgsMEp+IbFFY2cObdfV+q//X01c=,tag:x+FOgJ8OvGcs8C0cEicejQ==,type:str] +mcbackup: + resticEnvs: + RESTIC_PASSWORD: ENC[AES256_GCM,data:AOYlclTvz+DVlYAPxG1X+V/5KfQLTwzImbcxlU01,iv:KolGzA//wWOolocX3T5zxWJ0jfWkWg+PrGbME+D2iFU=,tag:uDuU+sdcvVyjwcxh/UEOrg==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:8IBX/nwoqyR/xhr3umY=,iv:4FIGY9dryZ+G48vevaAdZAbU8Dlj+mdEtnytTuiP9Aw=,tag:b8vwsOD+WhclZhO/nxMmug==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:Cvh5NCtE,iv:w9FeowyjjPqNzz6MwIUytVQbcRIdn0qcSm0tnjpZQiQ=,tag:z2bV6d6XLJWgOU6Nfd9sBQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1vy36vn6w3f07rxm40tsy0u4gvqtjqznrs69ue4fkgxd06n4jl3esq8l60v + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZmxLUDNRTUoxS0tjWmRW + c1ZuZFRqZVBVbjQ3UlhDQnZhb3M4R3ZPVVRjCi9BQkFVT2l2c1MrQzI3MGo5YUQ2 + Ti9jbHZUeVlGYWsycllWT3EyR2U4cVEKLS0tIGJBZ2IvakpHYzkrMXBqWFlSK1Fs + bkZBbXlpNC9uVGEwNDZ3WllaT01kdTQKYac1Tjq7EwfSNq1I8dyxZGuJ8Zkk0qTJ + zI/n40s54Y6rv4u5qTkIvW6HLp1NRm5jofpmq53Ss/yvsgwyWMmMyA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-02-20T23:30:18Z" + mac: ENC[AES256_GCM,data:u3ngPkQ5ZJHLUbFzCg/mhG8k4V9w0N4UzxeV2gOENJAC1hQnv6ZzB9PSWvqRlgu6TiBCNg1RC8AecxX2p7/9L2HyeQpfxj3J/oY0tyXlWdUJ9uVMG9b7F0jdP5a2rRoQWJ1YhI4ThZDVaittNy/jINlfNrTwWfIehVAd+CdcOp4=,iv:YymBTrvWAGvtFYu60oZQw0L3kgv1cnUy0MIV0jsFs6s=,tag:ULfzTGZq+z49FC9up6qm1g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..e5df96a --- /dev/null +++ b/values.yaml @@ -0,0 +1,180 @@ +--- +# -------------------------------------------------- +# -- Extensions values +# -------------------------------------------------- +service-account: + enabled: true + resources: + - name: minecraft-exporter + label: + app: minecraft-minecraft-metrics + endpoints: + port: metrics +# ------------------------------------------ +# -- Istio extenstion. Just because I'm +# -- not using ingress nginx +# ------------------------------------------ +istio: + enabled: true + istio: + - name: minecraft-tcp + gateway: istio-system/badhouseplants-minecraft + kind: tcp + port_match: 25565 + hostname: "*" + service: minecraft-minecraft + port: 25565 +# -------------------------------------------------- +# -- Main values +# -------------------------------------------------- +image: + tag: java17-graalvm-ce + pullPolicy: Always + +resources: + requests: + memory: 3Gi + cpu: 256m + limits: + memory: 3Gi + +lifecycle: + postStart: + - bash + - -c + - for i in {1..100}; do mc-health && break || sleep 20; done && mc-send-to-console setpassword 11223345 + +readinessProbe: + command: + - mc-health + periodSeconds: 20 + failureThreshold: 50 + timeoutSeconds: 10 +livenessProbe: + timeoutSeconds: 10 + +minecraftServer: + overrideServerProperties: true + eula: "TRUE" + onlineMode: false + difficulty: hard + hardcore: true + version: 1.20.1 + maxWorldSize: 90000 + type: "PAPER" + paperDownloadUrl: https://api.papermc.io/v2/projects/paper/versions/1.20.1/builds/170/downloads/paper-1.20.1-170.jar + gameMode: survival + pvp: true + rcon: + enabled: true + withGeneratedPassword: false + port: 25575 + serviceType: ClusterIP + extraPorts: + - name: metrics + containerPort: 9225 + protocol: TCP + service: + enabled: true + embedded: false + labels: + exporter: minecraft + type: ClusterIP + port: 9925 + ingress: + enabled: false +persistence: + dataDir: + enabled: true + Size: 15Gi +mcbackup: + enabled: false + backupInterval: 2h + pauseIfNoPlayers: "false" + pruneBackupsDays: 2 + rconRetries: 5 + rconRetryInterval: 10s + excludes: "*.jar,cache,logs" + backupMethod: restic + resticRepository: s3:https://s3.e.badhouseplants.net:443/restic/minecraft + resticAdditionalTags: "mc_backups" + pruneResticRetention: "--keep-last 12 --keep-daily 1 --keep-weekly 2 --keep-monthly 2 --keep-yearly 2" + resources: + requests: + memory: 512Mi + cpu: 100m + persistence: + backupDir: + enabled: false +# --------------------------------------------- +# -- Install Plugins +# --------------------------------------------- +initContainers: + - name: 0-install-prometheus-exporter + image: alpine/curl + command: + - curl + - -L + - "https://github.com/sladkoff/minecraft-prometheus-exporter/releases/download/v2.5.0/minecraft-prometheus-exporter-2.5.0.jar" + - -o + - /data/plugins/prometheus-exporter.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-password-plugin + image: alpine/curl + command: + - curl + - -L + - "https://github.com/timbru31/PasswordProtect/releases/download/PasswordProtect-3.1.0/PasswordProtect.jar" + - -o + - /data/plugins/PasswordProtect.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-gravity-control-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/e-im/GravityControl/releases/download/v1.3.0/GravityControl-1.3.0.jar + - -o + - /data/plugins/GravityControl-1.3.0.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + - name: 0-install-fast-minecart-plugin + image: alpine/curl + command: + - curl + - -L + - https://github.com/certainly1182/FastMinecarts/releases/download/v1.0.1/FastMinecarts.jar + - -o + - /data/plugins/FastMinecarts.jar + volumeMounts: + - name: plugins + mountPath: /data/plugins + - name: 1-add-plugins-to-minecraft + image: alpine/curl + command: + - sh + - -c + - cp -r /in /out/plugins + volumeMounts: + - name: plugins + mountPath: /in + readOnly: false + - name: datadir + mountPath: /out +extraVolumes: + - volumeMounts: + - name: plugins + mountPath: /data/plugins + readOnly: false + volumes: + - name: plugins + emptyDir: + sizeLimit: 500Mi -- 2.45.2 From 90735a49b6a06c3a9a075061ba147f478bf37c06 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 2 Jun 2024 15:44:16 +0200 Subject: [PATCH 7/8] Start using traefik --- helmfile.yaml | 9 +++++++++ tcp-route.yaml | 20 ++++++++++++++++++++ values.yaml | 9 ++++----- 3 files changed, 33 insertions(+), 5 deletions(-) create mode 100644 tcp-route.yaml diff --git a/helmfile.yaml b/helmfile.yaml index e6e3cee..60be0ca 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -11,6 +11,14 @@ templates: values: - '{{ requiredEnv "PWD" }}/istio.yaml' + ext-tcp-routes: + dependencies: + - chart: bedag/raw + version: 2.0.0 + alias: traefik + values: + - '{{ requiredEnv "PWD" }}/tcp-route.yaml' + repositories: - name: bedag url: https://bedag.github.io/helm-charts/ @@ -28,3 +36,4 @@ releases: - ./secrets.yaml inherit: - template: ext-istio-resource + - template: ext-tcp-routes diff --git a/tcp-route.yaml b/tcp-route.yaml new file mode 100644 index 0000000..5331ede --- /dev/null +++ b/tcp-route.yaml @@ -0,0 +1,20 @@ +--- +traefik: + templates: + - | + {{ range .Values.tcpRoutes }} + --- + apiVersion: traefik.io/v1alpha1 + kind: IngressRouteTCP + metadata: + name: {{ .name }} + spec: + entryPoints: + - {{ .entrypoint }} + routes: + - match: {{ .match }} + services: + - name: {{ .service }} + nativeLB: true + port: {{ .port }} + {{- end }} diff --git a/values.yaml b/values.yaml index e5df96a..d3e55fa 100644 --- a/values.yaml +++ b/values.yaml @@ -14,14 +14,13 @@ service-account: # -- Istio extenstion. Just because I'm # -- not using ingress nginx # ------------------------------------------ -istio: +traefik: enabled: true - istio: + tcpRoutes: - name: minecraft-tcp + entrypoint: minecraft gateway: istio-system/badhouseplants-minecraft - kind: tcp - port_match: 25565 - hostname: "*" + match: HostSNI(`*`) service: minecraft-minecraft port: 25565 # -------------------------------------------------- -- 2.45.2 From 85a8088610e80b7c945b205f614eaab3bfa979ae Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Sun, 2 Jun 2024 16:03:57 +0200 Subject: [PATCH 8/8] Update chart and image --- helmfile.yaml | 2 +- values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helmfile.yaml b/helmfile.yaml index 60be0ca..39758d4 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -29,7 +29,7 @@ releases: - name: minecraft chart: minecraft/minecraft namespace: minecraft-application - version: 4.15.0 + version: 4.19.0 values: - ./values.yaml secrets: diff --git a/values.yaml b/values.yaml index d3e55fa..864f7f4 100644 --- a/values.yaml +++ b/values.yaml @@ -27,7 +27,7 @@ traefik: # -- Main values # -------------------------------------------------- image: - tag: java17-graalvm-ce + tag: java17-graalvm pullPolicy: Always resources: -- 2.45.2