feat: NpmCache | set up kinda sorta HA npm cache

devpy/manifest.yaml

@@ -18,7 +18,7 @@ metadata:
   name: devpi
   namespace: homelab
 spec:
-  replicas: 1
+  replicas: 3
   selector:
     matchLabels:
       app: devpi
@@ -27,6 +27,28 @@ spec:
       labels:
         app: devpi
     spec:
+      nodeSelector:
+        nodepool: worker
+
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: devpi
+
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app
+                    operator: In
+                    values:
+                      - devpi
+              topologyKey: "kubernetes.io/hostname"
+
       containers:
         - name: devpi
           image: jonasal/devpi-server:latest
@@ -70,6 +92,11 @@ metadata:
     cert-manager.io/cluster-issuer: "cloudflare-issuer"
     cert-manager.io/acme-challenge-type: "dns01"
     cert-manager.io/private-key-size: "4096"
+
+    # NGINX IP-based rate limiting
+    nginx.ingress.kubernetes.io/limit-rps: "10"
+    nginx.ingress.kubernetes.io/limit-burst-multiplier: "5"
+    nginx.ingress.kubernetes.io/limit-whitelist: "127.0.0.1"
 spec:
   ingressClassName: nginx-internal
   tls:

npmcache/manifest.yaml

@@ -0,0 +1,147 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: verdaccio
+  namespace: homelab
+data:
+  config.yaml: |
+    storage: /verdaccio/storage
+
+    auth:
+      htpasswd:
+        file: /dev/null
+        max_users: -1
+
+    uplinks:
+      npmjs:
+        url: https://registry.npmjs.org/
+
+    packages:
+      "@*/*":
+        access: $all
+        publish: never
+        proxy: npmjs
+
+      "**":
+        access: $all
+        publish: never
+        proxy: npmjs
+
+    logs:
+      - {type: stdout, format: pretty, level: http}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: verdaccio
+  namespace: homelab
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 128Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: verdaccio
+  namespace: homelab
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: verdaccio
+  template:
+    metadata:
+      labels:
+        app: verdaccio
+    spec:
+      nodeSelector:
+        nodepool: worker
+
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: verdaccio
+
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app
+                    operator: In
+                    values:
+                      - verdaccio
+              topologyKey: "kubernetes.io/hostname"
+
+      containers:
+        - name: verdaccio
+          image: verdaccio/verdaccio:latest
+          ports:
+            - containerPort: 4873
+          volumeMounts:
+            - name: storage
+              mountPath: /verdaccio/storage
+            - name: config
+              mountPath: /verdaccio/conf/config.yaml
+              subPath: config.yaml
+
+      volumes:
+        - name: storage
+          persistentVolumeClaim:
+            claimName: verdaccio
+        - name: config
+          configMap:
+            name: verdaccio
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: verdaccio
+  namespace: homelab
+spec:
+  selector:
+    app: verdaccio
+  ports:
+    - port: 4873
+      targetPort: 4873
+  type: ClusterIP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: verdaccio
+  namespace: homelab
+  annotations:
+    cert-manager.io/cluster-issuer: "cloudflare-issuer"
+    cert-manager.io/acme-challenge-type: "dns01"
+    cert-manager.io/private-key-size: "4096"
+
+    # NGINX IP-based rate limiting
+    nginx.ingress.kubernetes.io/limit-rps: "10"
+    nginx.ingress.kubernetes.io/limit-burst-multiplier: "5"
+    nginx.ingress.kubernetes.io/limit-whitelist: "127.0.0.1"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - npm.dogar.dev
+      secretName: verdaccio-tls
+  rules:
+    - host: npm.dogar.dev
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: verdaccio
+                port:
+                  number: 4873