feat: PipCache | add pip cache

2025-11-23 00:42:39 +05:00
parent d1260ecb8b
commit 2b49cc4ce1
3 changed files with 176 additions and 128 deletions
--- a/cache-infrastructure/pip/index.ts
+++ b/cache-infrastructure/pip/index.ts
@@ -0,0 +1,168 @@
+import { Construct } from "constructs";
+import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
+import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";
+import { ServiceV1 } from "@cdktf/provider-kubernetes/lib/service-v1";
+
+import {
+  LonghornPvc,
+  OnePasswordSecret,
+  PublicIngressRoute,
+} from "../../utils";
+
+type PipCacheOptions = {
+  provider: KubernetesProvider;
+  namespace: string;
+  name: string;
+  host: string;
+};
+
+export class PipCache extends Construct {
+  constructor(scope: Construct, id: string, opts: PipCacheOptions) {
+    super(scope, id);
+
+    const { provider, namespace, name, host } = opts;
+
+    new OnePasswordSecret(this, "devpi-secret", {
+      provider,
+      namespace,
+      name: "devpi",
+      itemPath: "vaults/Lab/items/devpi",
+    });
+
+    const pvc = new LonghornPvc(this, "pvc", {
+      provider,
+      namespace,
+      name,
+      size: "128Gi",
+      accessModes: ["ReadWriteMany"],
+    });
+
+    new DeploymentV1(this, "deployment", {
+      provider,
+      metadata: {
+        name,
+        namespace,
+      },
+      spec: {
+        replicas: "3",
+        selector: {
+          matchLabels: {
+            app: name,
+          },
+        },
+        template: {
+          metadata: {
+            labels: {
+              app: name,
+            },
+          },
+          spec: {
+            nodeSelector: {
+              nodepool: "worker",
+            },
+            topologySpreadConstraint: [
+              {
+                maxSkew: 1,
+                topologyKey: "kubernetes.io/hostname",
+                whenUnsatisfiable: "ScheduleAnyway",
+                labelSelector: [
+                  {
+                    matchLabels: {
+                      app: name,
+                    },
+                  },
+                ],
+              },
+            ],
+            affinity: {
+              podAntiAffinity: {
+                requiredDuringSchedulingIgnoredDuringExecution: [
+                  {
+                    topologyKey: "kubernetes.io/hostname",
+                    labelSelector: [
+                      {
+                        matchExpressions: [
+                          {
+                            key: "app",
+                            operator: "In",
+                            values: [name],
+                          },
+                        ],
+                      },
+                    ],
+                  },
+                ],
+              },
+            },
+            volume: [
+              {
+                name: "data",
+                persistentVolumeClaim: {
+                  claimName: pvc.name,
+                },
+              },
+            ],
+            container: [
+              {
+                name,
+                image: "jonasal/devpi-server:latest",
+                env: [
+                  {
+                    name: "DEVPI_PASSWORD",
+                    valueFrom: {
+                      secretKeyRef: {
+                        name: "devpi",
+                        key: "password",
+                      },
+                    },
+                  },
+                ],
+                port: [
+                  {
+                    name,
+                    containerPort: 3141,
+                  },
+                ],
+                volumeMount: [
+                  {
+                    name: "data",
+                    mountPath: "/devpi",
+                  },
+                ],
+              },
+            ],
+          },
+        },
+      },
+    });
+
+    new ServiceV1(this, "service", {
+      provider,
+      metadata: {
+        name,
+        namespace,
+      },
+      spec: {
+        selector: {
+          app: name,
+        },
+        port: [
+          {
+            port: 3141,
+            targetPort: name,
+          },
+        ],
+        type: "ClusterIP",
+      },
+    });
+
+    new PublicIngressRoute(this, "ingress", {
+      provider,
+      namespace,
+      name,
+      host,
+      serviceName: name,
+      servicePort: 3141,
+    });
+  }
+}
--- a/cache-infrastructure/pip/manifest.yaml
+++ b/cache-infrastructure/pip/manifest.yaml
@@ -1,128 +0,0 @@
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: devpi
-  namespace: homelab
-spec:
-  storageClassName: longhorn
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 128Gi
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: devpi
-  namespace: homelab
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: devpi
-  template:
-    metadata:
-      labels:
-        app: devpi
-    spec:
-      nodeSelector:
-        nodepool: worker
-
-      topologySpreadConstraints:
-        - maxSkew: 1
-          topologyKey: kubernetes.io/hostname
-          whenUnsatisfiable: ScheduleAnyway
-          labelSelector:
-            matchLabels:
-              app: devpi
-
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - devpi
-              topologyKey: "kubernetes.io/hostname"
-
-      containers:
-        - name: devpi
-          image: jonasal/devpi-server:latest
-          env:
-            - name: DEVPI_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: devpi-secret
-                  key: password
-          ports:
-            - containerPort: 3141
-          volumeMounts:
-            - name: data
-              mountPath: /devpi
-      volumes:
-        - name: data
-          persistentVolumeClaim:
-            claimName: devpi
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: devpi
-  namespace: homelab
-spec:
-  selector:
-    app: devpi
-  ports:
-    - port: 3141
-      targetPort: 3141
-      protocol: TCP
-  type: ClusterIP
---
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: devpi
-  namespace: homelab
-spec:
-  ipAllowList:
-    sourceRange:
-      - "127.0.0.1/32"
-      - "10.43.0.0/16"
-  rateLimit:
-    average: 10
-    burst: 50
---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: devpi
-  namespace: homelab
-  annotations:
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
-    cert-manager.io/cluster-issuer: "cloudflare-issuer"
-    cert-manager.io/acme-challenge-type: "dns01"
-    cert-manager.io/private-key-size: "4096"
-
-    # Traefik Middleware
-    traefik.io/router.middlewares: "devpi@kubernetescrd"
-spec:
-  ingressClassName: traefik
-  tls:
-    - hosts:
-        - pip.dogar.dev
-      secretName: devpi-tls
-  rules:
-    - host: pip.dogar.dev
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: devpi
-                port:
-                  number: 3141