From 1627125f5a08579dba9a8d558cc76298ada70cb8 Mon Sep 17 00:00:00 2001
From: Moritz Graf <github@moritzgraf.de>
Date: Sun, 15 Nov 2020 16:23:11 +0100
Subject: [PATCH] Adding velero scheduled backup and dropbo sync

---
 k8s/README.md                             |  56 ++++------
 k8s/longhorn-system/longhorn-ingress.yaml |  28 -----
 k8s/longhorn-system/longhorn.secret.yaml  | Bin 545 -> 0 bytes
 k8s/longhorn-system/longhorn.yaml         |  18 ----
 k8s/mailu/backup.secret.yml               |  90 ++++++++--------
 k8s/mailu/mailu.secret.yml                |   1 -
 k8s/velero/dropbox_sync.yml               |  29 +++++
 k8s/velero/rclone.secret                  | Bin 0 -> 427 bytes
 k8s/velero/velero.secret.yaml             | Bin 1014 -> 1290 bytes
 k8s/web/moritzgrafde.yaml                 | 126 +++++++++++-----------
 10 files changed, 159 insertions(+), 189 deletions(-)
 delete mode 100644 k8s/longhorn-system/longhorn-ingress.yaml
 delete mode 100644 k8s/longhorn-system/longhorn.secret.yaml
 delete mode 100644 k8s/longhorn-system/longhorn.yaml
 create mode 100644 k8s/velero/dropbox_sync.yml
 create mode 100644 k8s/velero/rclone.secret

diff --git a/k8s/README.md b/k8s/README.md
index cef4ed7..c8ad24d 100644
--- a/k8s/README.md
+++ b/k8s/README.md
@@ -24,31 +24,7 @@ kubectl patch deployment $DEPLOYMENT -n $NAMESPACE -p "{\"spec\": {\"template\":
 
 # Deployment
 
-## namespaces
-
-DEPRECATED. Namespaces shall be created for the specific service.
-
-```sh
-namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development tt-rss backup monitoring nextcloud mailu"
-for i in $( echo $NAMESPACES ) ; do
-  k create ns $i
-done
-```
-
-## helm repositories
-
-
-DEPRECATED. Helm repo will be listed for the individual apps.
-
-```sh
-helm repo add stable https://kubernetes-charts.storage.googleapis.com
-helm repo add bitnami https://charts.bitnami.com/bitnami
-helm repo add k8s-land https://charts.k8s.land
-helm repo add mailu https://mailu.github.io/helm-charts/
-helm repo update
-```
-
-## [ingress-controller](https://github.com/helm/charts/tree/master/stable/nginx-ingress)
+## [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx)
 
 Apply with helm:
 
@@ -66,7 +42,7 @@ Apply with helm. [See chart.](https://github.com/jetstack/cert-manager):
 helm repo add jetstack https://charts.jetstack.io
 helm repo update
 helm upgrade --install --create-namespace cert-manager jetstack/cert-manager -n cert-manager -f cert-manager/cert-manager.yaml
-# this is required:
+# apply the two issuer classes
 kubectl apply -f cert-manager/staging-issuer.yaml
 kubectl apply -f cert-manager/production-issuer.yaml
 ```
@@ -83,7 +59,7 @@ $ kubectl delete -f kuard
 
 Update with the follwoing command. Chart can be found [here](https://github.com/openebs/charts/tree/master/charts/openebs).
 
-Pitfal:
+Pitfall:
 * On fresh installation: activate *ndmOperator*, so that CRDs are correctly installed. It may be deactivated afterwards.
 
 ```sh
@@ -114,20 +90,26 @@ Backup tool. See chart [README](https://github.com/vmware-tanzu/helm-charts/blob
 helm repo add vmware-tanzu https://vmware-tanzu.github.io/helm-charts
 helm repo update
 helm upgrade --install --create-namespace --namespace velero -f ./velero/velero.secret.yaml velero vmware-tanzu/velero
+kubectl create secret generic rclone-config --from-file=./velero/rclone.secret
+kubectl apply -f velero/dropbox_sync.yml
 # #
 helm delete velero -n velero
 kubectl delete ns velero
 ```
 
-A backup may be created using:
+A manual backup may be created executing the following command. **Note: Keep backuped namespaces in sync with config from helm chart!!!**
 
 ```sh
 DATE=$( date +%Y%m%d )
-velero backup create $DATE --default-volumes-to-restic --include-namespaces datalab,development,nextcloud,tt-rss,zebrium --wait
+velero backup create $DATE --include-namespaces datalab,development,nextcloud,tt-rss,zebrium,mailu --wait
 ```
 
+
+
 ## Add private docker registry
 
+**TODO: chart no longer exists. Check how to replace this someday.**
+
 ```sh
 # create secret base64 encoded and put it in htpasswd helm chart
 USER='moritz'
@@ -143,7 +125,7 @@ helm upgrade --install --create-namespace docker-registry stable/docker-registry
 Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line):
 
 ```sh
-namespaces="datalab"
+namespaces="datalab web"
 for i in $( echo $namespaces ) ; do
   kubectl create secret docker-registry registry-haumdaucher-de \
     -n $i \
@@ -203,7 +185,7 @@ EOF
 
 ## metrics-server
 
-Getting resources (was already done):
+Getting resources (already done):
 
 ```sh
 cd kube-system
@@ -214,10 +196,16 @@ curl -L -o metrics-server.yml https://github.com/kubernetes-sigs/metrics-server/
 #           - --kubelet-insecure-tls
 ```
 
+Implement metrics-server:
+
 ```sh
 kubectl apply -n kube-system -f kube-system/metrics-server.yml
 ```
 
+# Persistent stuff
+
+From here everything should be covered by the backup. Implenting those objects should already be performed by the velero backup.
+
 ## rstudio
 
 Currently only for one user:
@@ -316,7 +304,7 @@ helm upgrade --install nextcloud-phpmyadmin bitnami/phpmyadmin -n nextcloud -f n
 
 ### backup & restore
 
-#TODO
+#TODO with Velero
 
 ## Jupyter
 
@@ -357,7 +345,7 @@ ssh moritzgraf.de "sudo su - docker -c 'cd /home/docker/mailu && docker-compose
 cd ../terraform && terraform apply
 # helm apply
 cd ../k8s
-helm upgrade --install mailu mailu/mailu -n mailu -f mailu/mailu.secret.yml
+helm upgrade --create-namespace --install mailu mailu/mailu -n mailu -f mailu/mailu.secret.yml
 # apply mailu and scale all to 0
 kc mailu
 k scale --replicas=0 --all=true deploy
@@ -411,5 +399,7 @@ k delete -f dbench
 ## Web
 
 ```sh
+kubectl create ns web
+kubectl apply -n web ./re
 kubectl apply -f web/
 ```
diff --git a/k8s/longhorn-system/longhorn-ingress.yaml b/k8s/longhorn-system/longhorn-ingress.yaml
deleted file mode 100644
index 53d4183..0000000
--- a/k8s/longhorn-system/longhorn-ingress.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-# # ### status: works, but is not secure
-
-
-# apiVersion: extensions/v1beta1
-# kind: Ingress
-# metadata:
-#   name: longhorn-frontend
-#   namespace: longhorn-system
-#   annotations:
-#     kubernetes.io/ingress.class: "nginx"    
-#     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-#     cert-manager.io/cluster-issuer: "letsencrypt-prod"
-#     nginx.ingress.kubernetes.io/auth-type: basic
-#     nginx.ingress.kubernetes.io/auth-secret: htpasswd
-#     nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - ok"
-# spec:
-#   tls:
-#    - hosts:
-#      - "longhorn.haumdaucher.de"
-#      secretName: longhorn-haumdaucher-de
-#   rules:
-#   - host: longhorn.haumdaucher.de
-#     http:
-#       paths:
-#       - path: /
-#         backend:
-#           serviceName: longhorn-frontend
-#           servicePort: 80
\ No newline at end of file
diff --git a/k8s/longhorn-system/longhorn.secret.yaml b/k8s/longhorn-system/longhorn.secret.yaml
deleted file mode 100644
index 5e6f059818bf24e197af4efed6b8dbe441f37dd5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 545
zcmV++0^a=qM@dveQdv+`02EBj19?SMvUPYZH^$FQi{POjXUM_oG;lLRzQ2E~;?^NJ
zC=p<tcCi#AQVbiFU^~p4`bmEm2Lr$P{AM$gM1R>q@@2JS>49<g6lfS8@=t*w4$#qn
zRa$n((#nQm?8u_nWj<$krl{$jY9u8+li**xAvVF5pRa{2v|jU>hF_}ew`+^s%UYOU
zwGd^fdzk^tJqM4G(w9MZl~E8Z5$S<Ifn4;<@@xWM6XtW-liE4!(m!GGP;|Ri;>Vrk
zC#Q@dAhl88s(aPnnN|LO!8~U(6V0vc*hKkYJ55539|}Is%gU?0<FE2yTHWa2KqOr%
zuSC~|EDU35WeDsJGYE!MRKjGvZcVWm6t`oc35eQO8Jai!-B6Zbr04;}tmY%xj36R(
zi`xOaFmjQk)Rf{!Ck@n#nVvfdk9KdnHVGZlH<B46Nk;D>3|ekl+_^7Ja#T6ok`z~5
zR-{qR6)Fd$ubh;uokDefW|f`NQ?Gu-;6`LOhAXX?O|VL7pHsL!E}8Frm_vp+LG|uw
zY<q!dki<Te%^<<YUGW8Blg3L>>ftr{H4M$DCn72L`){mZUQ=amGu%k9{tDp4V8e-<
z$}4UBQl+pzwdnP>=`H$HmR$G=d*<ayHmk4;dLc*dc)*U9zQ0f*s^@vX9DSJ329=}b
jDYRUypZl0F&x}TznW*dofVct>vNvu;o?Qc?{5>xaHxvur

diff --git a/k8s/longhorn-system/longhorn.yaml b/k8s/longhorn-system/longhorn.yaml
deleted file mode 100644
index 97aa899..0000000
--- a/k8s/longhorn-system/longhorn.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# # status: implemented
-
-# apiVersion: helm.fluxcd.io/v1
-# kind: HelmRelease
-# metadata:
-#   name: helm-longhorn
-#   namespace: flux
-# spec:
-#   releaseName: longhorn
-#   targetNamespace: longhorn-system
-#   chart:
-#     git: https://github.com/longhorn/longhorn.git
-#     path: "chart/"
-#     ref: "v0.8.0"
-#   values:
-#     # defaultSettings:
-#     #   backupTarget:
-#     #   backupTargetCredentialSecret:
\ No newline at end of file
diff --git a/k8s/mailu/backup.secret.yml b/k8s/mailu/backup.secret.yml
index 2c39128..529f7ac 100644
--- a/k8s/mailu/backup.secret.yml
+++ b/k8s/mailu/backup.secret.yml
@@ -1,45 +1,45 @@
-kind: ConfigMap
-metadata:
-  creationTimestamp: null
-  name: rclone-dropbox-config
-  namespace: mailu
-apiVersion: v1
-data:
-  rclone.conf: |
-    [dropbox]
-    type = dropbox
-    token = {"access_token":"17hvEArIh3cAAAAAAAGTXUfwkGdz8EC_rDcEseLmSRltQoUz_AVceuUewx0sGMQ1","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
----
-apiVersion: batch/v1beta1
-kind: CronJob
-metadata:
-  name: backup-mailu
-  namespace: mailu
-spec:
-  schedule: "30 4 * * *"
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          containers:
-          - name: backup-mailu
-            image: iptizer/swiss
-            volumeMounts:
-            - name: rclone-dropbox-config
-              mountPath: /rclone.conf
-              subPath: "rclone.conf"
-            - mountPath: /data/
-              name: data
-            command:
-              - "/bin/bash"
-              - "-c"
-            args: 
-              - "cd / && tar zcvf - /data/ | /usr/bin/rclone --config /rclone.conf -v rcat dropbox:server_backup/$( /bin/expr $( date +%m ) % 3 )_$( /bin/expr $( date +%j ) % 3 )_mailu.tar.gz"
-          volumes:
-          - name: rclone-dropbox-config
-            configMap:
-              name: rclone-dropbox-config
-          - name: data
-            persistentVolumeClaim:
-              claimName: mailu-storage
-          restartPolicy: Never
+# kind: ConfigMap
+# metadata:
+#   creationTimestamp: null
+#   name: rclone-dropbox-config
+#   namespace: mailu
+# apiVersion: v1
+# data:
+#   rclone.conf: |
+#     [dropbox]
+#     type = dropbox
+#     token = {"access_token":"17hvEArIh3cAAAAAAAGTXUfwkGdz8EC_rDcEseLmSRltQoUz_AVceuUewx0sGMQ1","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
+# ---
+# apiVersion: batch/v1beta1
+# kind: CronJob
+# metadata:
+#   name: backup-mailu
+#   namespace: mailu
+# spec:
+#   schedule: "30 4 * * *"
+#   jobTemplate:
+#     spec:
+#       template:
+#         spec:
+#           containers:
+#           - name: backup-mailu
+#             image: iptizer/swiss
+#             volumeMounts:
+#             - name: rclone-dropbox-config
+#               mountPath: /rclone.conf
+#               subPath: "rclone.conf"
+#             - mountPath: /data/
+#               name: data
+#             command:
+#               - "/bin/bash"
+#               - "-c"
+#             args: 
+#               - "cd / && tar zcvf - /data/ | /usr/bin/rclone --config /rclone.conf -v rcat dropbox:server_backup/$( /bin/expr $( date +%m ) % 3 )_$( /bin/expr $( date +%j ) % 3 )_mailu.tar.gz"
+#           volumes:
+#           - name: rclone-dropbox-config
+#             configMap:
+#               name: rclone-dropbox-config
+#           - name: data
+#             persistentVolumeClaim:
+#               claimName: mailu-storage
+#           restartPolicy: Never
diff --git a/k8s/mailu/mailu.secret.yml b/k8s/mailu/mailu.secret.yml
index 4fb074f..c2f05ef 100644
--- a/k8s/mailu/mailu.secret.yml
+++ b/k8s/mailu/mailu.secret.yml
@@ -1,7 +1,6 @@
 mailuVersion: master
 hostnames: 
     - mail.moritzgraf.de
-    - moritzgraf.de
 domain: moritzgraf.de 
 secretKey: fa5faeD9aegietaesahbiequ5Pe9au
 subnet: 10.233.0.0/16
diff --git a/k8s/velero/dropbox_sync.yml b/k8s/velero/dropbox_sync.yml
new file mode 100644
index 0000000..54e231d
--- /dev/null
+++ b/k8s/velero/dropbox_sync.yml
@@ -0,0 +1,29 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: dropbox-sync
+  namespace: velero
+spec:
+  schedule: "0 5 * * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: default
+          containers:
+          - name: dopybox-sync
+            image: iptizer/swiss
+            volumeMounts:
+            - name: rclone-config
+              mountPath: /rclone.secret
+              subPath: "rclone.secret"
+            command:
+              - "/bin/bash"
+              - "-c"
+            args: 
+              - "/usr/bin/rclone --config /rclone.secret -v copy minio:backup/ dropbox:server_backup/velero/"
+          volumes:
+          - name: rclone-config
+            secret:
+              secretName: rclone-config
+          restartPolicy: Never
\ No newline at end of file
diff --git a/k8s/velero/rclone.secret b/k8s/velero/rclone.secret
new file mode 100644
index 0000000000000000000000000000000000000000..c0dad08db551d2d214696b80c2b3d6a4cc6aac5e
GIT binary patch
literal 427
zcmV;c0aX3~M@dveQdv+`0HU_|(2^BMoptV%%Xc>x2nDcAg49cR;ZPTrB(~R203dgw
z<KtY5CFyy_dn(}CZ1<N#OzSvfeHauAeb<unfrsKwY-h4cM<}1`7tem=ouA#5)?hE~
zC$rfEO%J2!L+UG?jOXGt)jlj=Ta`#fr}-{Dw&qRyM?37Vr(NU%Cryk#Un$Bt>bBS{
zzsU1we5(1;d#*X67}j4TAlDCyCL<$sskJQTjq%Rq-)^d0#z&wT&LTH1mZqu0Tq3vR
z4$nCgIQS=D<_3phfdM{=01CokIhS`9^4-_Hah^XTq}YUVi%a74#!mgP_UWaH>Vo>t
zrB>*wo`%M#3F>hAzI23uA4;0;{j5gGc9~^!+G=7S#J`s^3@<Wd8M@=8H}Z!LlT}xc
zB#n%3pRNcmToOS#QoY=Gqf8C8_fflfdk)c#UX2h&I_fc)ngYb!+jNN|Y=H5Np6OVG
z1mAH_e~rC{=#0(Mn>!g7AHPOG`gD4R>+6xA1>E<9s9^f-vZqF61YD}6@u+I-Oo$Er
V3VMEMo+iZ~(14-hx7KxGg)k<D*){+G

literal 0
HcmV?d00001

diff --git a/k8s/velero/velero.secret.yaml b/k8s/velero/velero.secret.yaml
index 8f5692e136cb4d3a0eb4ec68433b0c8ca89befb6..1e6ee6ec0ac4d04054c7dbbe5e2a1df7ebcc5d0c 100644
GIT binary patch
literal 1290
zcmV+l1@-y>M@dveQdv+`0F%RX_6C)0tO}BIm;r;Ad@xSTS$#s{>06kdOeDv;Bm+KR
zjwHB$Kux<9JJxsuV&A^&oCK;ViDeVe*=f}jE)dcDnlPno`r(rpbN(R2zPc<Q@#+-#
zEqR=LtwMpX3^A0{u`<!=8<|9zZPGyda76$Q${B}7y^mCpS*hogo44G-shGzLK{D{T
z%yQ$;m+wTn@|}wz&9mtHImIQs{yojLw74sSnqS`-<D0C77|;LDjQ>3x=<4qF(nSAI
zfm=jA93A<e;$!8x@%xIWW%$C-M^!9xHfsxI>#Ty~sxkB!^;Ri%;;8!DU$vxoB}{E7
zOmU;zmxi@}Igs$e@&dZN+`5R(1UELT;8)Pl(NHiX{_0;}0u8=jWc#{|QuqFH;>*cE
zGc?y_+XU32qyzCpeYRQU3G>ucyrqhXp}SNzU>W|pY2nc<zp0idf)Cg#!5Jw0IP|E?
zVNz;&N$L$g1~Pjhn^^a|#50M&H@0%&G;J=9fM0Ts<YeEVHXd#6IU%5kVG}dcko*fD
z5;3FiopC>K#1Y5?4331p2rhkUr-G#(KjW}`s|EURk^_Cb3-lg==kaqS^&fwAldzmO
z=_)%7JOhu3&OFLy8SU?m9ZR0svk59;N4<qrExP>@eU(_WX?aW13-yiu3Ta!z*)a^$
zY#-LfMWb*C4Cbejv7LZI{!<8AuvvDrNQA3-cnH$I)tTxD7}NJ_^{e#<ilWimQJsj3
z&bd=+kZBh<w7vQWNgH}n%iuwL0a#mUScHxa!xE{cK_xwbL9RcyR$3oUHPHYIwx8gG
zCt;Cj&Ej8hjZ5GKRC-A9yT&g#O(umdlQm^20u6pqAzmQP1-0!Sw%KUb(@xh23o}&!
z$Eb6<D)6H_xx@>ofh#ZzEv6mNl*e9b)!=!uJxi*VDgH}5K93es-j+)*Vdt?`-#$wq
zl+sMCU)Ig8+L`QD=TUP_^QS2xT>b!Qxk2pJeU{V6-AA)_M6St7FMk<_=IYzTOg}QD
zG`rt!8;TxG<A_9UZeC40e5srh2P_g~VWr8wHa<bTOvx^M-)EPk<Zk=u)anZ(c;CA_
z%;D5ZYh7M*7G!k}?(4pgy;sIKubJLC(JkHt4V4cy62O~CNexXMe^DCYhE71k_mAq0
zx}J@V4(ASOHJ4E;sTKb;#AZY2_l019{~$*Zn`oYUGiLw$y}y3rRTIzkhaGe*5}evK
zYj9o%TQ}OE+pL3`TTaj%LsM0(c%h?8DB}YYfqP5JzpzN$GAS?pmM4p_fbFhRU3e!@
zrC3<CfH2g&;lj&NP#3mH5E+$USsZO;Op#lK{GvJ074Q-cV+y<RqD$<;lX6=1nF6bG
zh&H!t&))?_3)G+<%9jo&>MS3(v=)Ht)3Z&3Qgaq?ZOPDlrZ>;X&~+sw6JFvRI<g#I
z;QGr7>}N_YGReL8THg5uTKi;`lGLcWw_oa++JgN>--QqUlHGCF?F{t`^x)Yd?<5$)
zeIkuURWyADuukF<zo8msM18>QL|ixKUtf+Mkj9S~CFXVKY0I4uW&MSu(>z;%N%d^d
zAsa}9Yg6}U9d1V8KX&65xxlz7;+xh=B{!Gxc@Ee^6oT(eT6-DDB@^|%+ruH3_i$1Q
zpqbjri^NE(1QzXKSIjW>dfmdzb1`sEa5AcpE&^-r$2dCy);GpRksP@7`>}0pV;|3h
AQ~&?~

literal 1014
zcmV<S0}1>9M@dveQdv+`0Ph<HJ2!wOFBM=wnstTMaHTb^V<rTl#2rA=d^!TDbJV|q
z$M>z0znYWo>(A+rX!}%QW+R3kF^2UmH}c5ZvF)ybMhbz;BXm6XFVpD+Zdlv7h=0vg
z5>ukCtk+al6xtzldDeW^-IqBB!>QL-J==EAmh$|T`mDM85+)xFc^Sp$X)cUO-1Jc*
zkS;ol>_!oK!`UznyeQu<Ii#6>MJ<yyt$JRv4$3qDqnW#*I+n2jIin_{-kE&Wa_gDq
z#)+J6GXHx-a2b3%65eK-!j&<|B8n&5TOM$OI+SnGsk9}<ZeuF|@+R9GS6QQXqfBA~
z&-Jr)?ug}Zz#ElDx6xOuf5Ggm2kUDHHoO!}2lcsqWZ=fd;_kv3V+f^4VYkD|@CcAk
z*sQn#V6x&bbwpp(o?>0R_%$te1G8)(Vi4)8b%-6<NLQ{snpvuqW!^|ne@%PjJ;A__
zh0q~Y>NUfOGR!V;npABv5^a}(;zkiOxn;qs-HP{;nkC_)Jb%|YVXc4WAs%eRmy@C`
z63%kUmngE$R*;ucJf-Q}rERt|@jXFt2flr;2mRRftER&Jxmmi!4UxW#{3`88oAv;T
z#jF{Y{%kN=hWScJKO|z+-;&v`GaTBN+6AWE3oMCKs&w(V?Zzhx3<z)#I4nU;ay@Nb
zH8L{dgFr|g(j#~NBX-@CC93fhbqFbaNRbZblf){pf?EOx4i2dwQP4`SiLun7l|vDQ
zTR?oar~1&f&+@=}09x2R>-dKUW8MkwgkL3DNVJcG*5ZLhW5o_|3HVupdU7xVkQ-3Q
zaB92Aw+V&Nz126P`(!`F38zP931_5$Yj}Xx3;)mF-s59=8={dUXOr_+qz{ofb}B}U
zd3`Q0He(0o;w$7Zn>Oi(-tmM^x}G*A#`)S|oZ-iZLf~Rdd@kvVu$HB(Jn)8ED~Sj#
zTJuh#b)N!wG!*IKIjctK%ve13ltm9-N!^v_N1#yryn)NtjRbEAOwnU2eA@~-zVOwO
zy%jmlo=rRMJKLlTN`1})N0YM8-qU`28~88?iF`D0=-B&Q#_7v@M{qd8=H3SU<YRrR
zbW)$cvJ~NjAFIsz@Pf&rG=rsY=5mY5$6_cOj^BAhL{m}g04stbQC`F$`k2KNDo=1K
z1r&7TR1eZ0p-V!!p%#xxO7@OU0?k#>!?B5?CV^3Oo*2Z`G)`!9$8xE+iSC_=2~#K!
zmrGXqOK?To&3_9d>|H9yj)6;!yEjBgg*(5|+81F@deR3Cm)hEOzVl@D?+0pK3;_w?
k11J>pfjvNy3C0uLF&)&@FA$KI33?IyXau{WP5DDgxuv%A^8f$<

diff --git a/k8s/web/moritzgrafde.yaml b/k8s/web/moritzgrafde.yaml
index 08bb443..a02d55c 100644
--- a/k8s/web/moritzgrafde.yaml
+++ b/k8s/web/moritzgrafde.yaml
@@ -1,67 +1,65 @@
 #### Migrate at last
 
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: moritzgrafde
+  labels:
+    app: moritzgrafde
+  namespace: web
+spec:
+  selector:
+    matchLabels:
+      app: moritzgrafde
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: moritzgrafde
+    spec:
+      imagePullSecrets:
+      - name: "registry-haumdaucher-de"
+      containers:
+      - image: registry.haumdaucher.de/moritzgrafde:latest
+        imagePullPolicy: Always
+        name: moritzgrafde
+        ports:
+        - containerPort: 80
 
-
-# ---
-# apiVersion: apps/v1
-# kind: Deployment
-# metadata:
-#   name: moritzgrafde
-#   labels:
-#     app: moritzgrafde
-#   namespace: web
-# spec:
-#   selector:
-#     matchLabels:
-#       app: moritzgrafde
-#   replicas: 1
-#   template:
-#     metadata:
-#       labels:
-#         app: moritzgrafde
-#     spec:
-#       imagePullSecrets:
-#       - name: "hub-moritzgraf-de"
-#       containers:
-#       - image: hub.moritzgraf.de:5000/moritzgrafde:latest
-#         imagePullPolicy: Always
-#         name: moritzgrafde
-#         ports:
-#         - containerPort: 80
-
-# ---
-# apiVersion: v1
-# kind: Service
-# metadata:
-#   name: moritzgrafde
-#   namespace: web
-# spec:
-#   ports:
-#   - port: 80
-#     targetPort: 80
-#     protocol: TCP
-#   selector:
-#     app: moritzgrafde
-# ---
-# apiVersion: extensions/v1beta1
-# kind: Ingress
-# metadata:
-#   name: moritzgrafde
-#   namespace: web
-#   annotations:
-#     kubernetes.io/ingress.class: "nginx"    
-#     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-#     cert-manager.io/cluster-issuer: "letsencrypt-prod"
-# spec:
-#   tls:
-#    - hosts:
-#      - "moritzgraf.de"
-#      secretName: corona-moritzgraf-de
-#   rules:
-#   - host: moritzgraf.de
-#     http:
-#       paths:
-#       - path: /
-#         backend:
-#           serviceName: moritzgrafde
-#           servicePort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: moritzgrafde
+  namespace: web
+spec:
+  ports:
+  - port: 80
+    targetPort: 80
+    protocol: TCP
+  selector:
+    app: moritzgrafde
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: moritzgrafde
+  namespace: web
+  annotations:
+    kubernetes.io/ingress.class: "nginx"    
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  tls:
+   - hosts:
+     - "moritzgraf.de"
+     secretName: moritzgraf-de
+  rules:
+  - host: moritzgraf.de
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: moritzgrafde
+          servicePort: 80