mirror of
https://github.com/TecharoHQ/anubis.git
synced 2025-08-03 01:38:14 -04:00
e3826df3ab
* feat(internal): add Thoth client and simple ASN checker Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): cached ip to asn checker Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: go mod tidy Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(thoth): minor testing fixups, ensure ASNChecker is Checker Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): make ASNChecker instances Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): add GeoIP checker Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): store a thoth client in a context Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: refactor Checker type to its own package Signed-off-by: Xe Iaso <me@xeiaso.net> * test(thoth): add thoth mocking package, ignore context deadline exceeded errors Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thoth): pre-cache private ranges Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(lib/policy/config): enable thoth ASNs and GeoIP checker parsing Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(thoth): refactor to move checker creation to the checker files Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(policy): enable thoth checks Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(thothmock): test helper function for loading a mock thoth instance Signed-off-by: Xe Iaso <me@xeiaso.net> * feat: wire up Thoth, make thoth checks part of the default config Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(thoth): mend staticcheck errors Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(admin): add Thoth docs Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(policy): update Thoth links in error messages Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(docs/manifest): enable Thoth Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: add THOTH_INSECURE for contacting Thoth over plain TCP in extreme circumstances Signed-off-by: Xe Iaso <me@xeiaso.net> * test(thoth): use mock thoth when credentials aren't detected in the environment Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(cmd/anubis): better warnings for half-configured Thoth setups Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(botpolicies): link to Thoth geoip docs Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
74 lines
1.9 KiB
YAML
74 lines
1.9 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: anubis-docs
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: anubis-docs
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: anubis-docs
|
|
spec:
|
|
volumes:
|
|
- name: anubis
|
|
configMap:
|
|
name: anubis-cfg
|
|
containers:
|
|
- name: anubis-docs
|
|
image: ghcr.io/techarohq/anubis/docs:main
|
|
imagePullPolicy: Always
|
|
resources:
|
|
limits:
|
|
memory: "128Mi"
|
|
cpu: "500m"
|
|
requests:
|
|
cpu: 250m
|
|
memory: 128Mi
|
|
ports:
|
|
- containerPort: 80
|
|
- name: anubis
|
|
image: ghcr.io/techarohq/anubis:main
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: "BIND"
|
|
value: ":8081"
|
|
- name: "DIFFICULTY"
|
|
value: "4"
|
|
- name: "METRICS_BIND"
|
|
value: ":9090"
|
|
- name: "OG_PASSTHROUGH"
|
|
value: "true"
|
|
- name: "POLICY_FNAME"
|
|
value: "/xe/cfg/anubis/botPolicies.yaml"
|
|
- name: "SERVE_ROBOTS_TXT"
|
|
value: "false"
|
|
- name: "TARGET"
|
|
value: "http://localhost:80"
|
|
# - name: "SLOG_LEVEL"
|
|
# value: "debug"
|
|
volumeMounts:
|
|
- name: anubis
|
|
mountPath: /xe/cfg/anubis
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 250m
|
|
memory: 128Mi
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
envFrom:
|
|
- secretRef:
|
|
name: anubis-docs-thoth
|