feat(publick8s) install geoipdata chart (#5564)

* feat(publick8s) install geoipdata chart Signed-off-by: Damien Duportal <[email protected]> * fixup: make yamllint happy + forgot directives Signed-off-by: Damien Duportal <[email protected]> --------- Signed-off-by: Damien Duportal <[email protected]>
jenkins-infra · Aug 16, 2024 · d66bda5 · d66bda5
1 parent 1ff70e7
commit d66bda5
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 2 deletions.
diff --git a/clusters/publick8s.yaml b/clusters/publick8s.yaml
@@ -268,3 +268,11 @@ releases:
       - "../config/stats.jenkins.io.yaml"
     secrets:
       - "../secrets/config/stats.jenkins.io/secrets.yaml"
+  - name: geoipdata
+    namespace: geoip-data
+    chart: jenkins-infra/geoipupdates
+    version: 0.0.1
+    values:
+      - ../config/geoipdata.yaml
+    secrets:
+      - ../secrets/config/geoipdata/secrets.yaml
diff --git a/config/geoipdata.yaml b/config/geoipdata.yaml
@@ -0,0 +1,32 @@
+geoipupdate:
+  update_frequency: 72
+podSecurityContext:
+  runAsUser: 65534  # User 'nobody'
+  runAsGroup: 65534  # Group 'nogroup'
+  runAsNonRoot: true
+containerSecurityContext:
+  readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+
+resources:
+  limits:
+    cpu: 500m
+    memory: 128Mi
+  requests:
+    cpu: 50m
+    memory: 64Mi
+
+nodeSelector:
+  kubernetes.io/arch: arm64
+tolerations:
+  - key: "kubernetes.io/arch"
+    operator: "Equal"
+    value: "arm64"
+    effect: "NoSchedule"
+
+dataVolume:
+  persistentVolumeClaim:
+    claimName: geoip-data
diff --git a/config/public-nginx-ingress__common.yaml b/config/public-nginx-ingress__common.yaml
@@ -34,8 +34,8 @@ controller:
     hsts-include-subdomains: "true"
     # Strict-Transport-Security "max-age" directive recommended value is 2592000 (30 days).
     hsts-max-age: "2592000"
-    use-gzip: true # gzip types are the defaults: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#gzip-types
-    enable-brotli: true # see default settings in https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#enable-brotli
+    use-gzip: true  # gzip types are the defaults: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#gzip-types
+    enable-brotli: true  # see default settings in https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#enable-brotli
   replicaCount: 1
   ingressClassResource:
     enabled: true