forked from k-space/kube
201 lines
5.3 KiB
YAML
201 lines
5.3 KiB
YAML
|
apiVersion: apps/v1
|
||
|
kind: Deployment
|
||
|
metadata:
|
||
|
name: inventory
|
||
|
namespace: hackerspace
|
||
|
spec:
|
||
|
replicas: 1
|
||
|
revisionHistoryLimit: 0
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app.kubernetes.io/name: inventory
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
app.kubernetes.io/name: inventory
|
||
|
spec:
|
||
|
containers:
|
||
|
- image: harbor.k-space.ee/k-space/inventory-app:latest
|
||
|
imagePullPolicy: Always
|
||
|
env:
|
||
|
- name: ENVIRONMENT_TYPE
|
||
|
value: PROD
|
||
|
- name: PYTHONUNBUFFERED
|
||
|
value: "1"
|
||
|
- name: MEMBERS_HOST
|
||
|
value: https://members.k-space.ee
|
||
|
- name: INVENTORY_ASSETS_BASE_URL
|
||
|
value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/
|
||
|
- name: OIDC_USERS_NAMESPACE
|
||
|
value: oidc-gateway
|
||
|
- name: MONGO_URI
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: connectionString.standard
|
||
|
name: inventory-mongodb-application-readwrite
|
||
|
- name: SECRET_KEY
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: SECRET_KEY
|
||
|
name: inventory-secrets
|
||
|
- name: INVENTORY_API_KEY
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: INVENTORY_API_KEY
|
||
|
name: inventory-api-key
|
||
|
- name: SLACK_DOORLOG_CALLBACK
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: SLACK_DOORLOG_CALLBACK
|
||
|
name: slack-secrets
|
||
|
- name: SLACK_VERIFICATION_TOKEN
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
key: SLACK_VERIFICATION_TOKEN
|
||
|
name: slack-secrets
|
||
|
envFrom:
|
||
|
- secretRef:
|
||
|
name: miniobucket-inventory-owner-secrets
|
||
|
- secretRef:
|
||
|
name: oidc-client-inventory-app-owner-secrets
|
||
|
name: inventory
|
||
|
ports:
|
||
|
- containerPort: 5000
|
||
|
name: http
|
||
|
protocol: TCP
|
||
|
resources:
|
||
|
limits:
|
||
|
cpu: "1"
|
||
|
memory: 500Mi
|
||
|
requests:
|
||
|
cpu: 100m
|
||
|
memory: 200Mi
|
||
|
securityContext:
|
||
|
readOnlyRootFilesystem: true
|
||
|
runAsNonRoot: true
|
||
|
runAsUser: 1000
|
||
|
terminationMessagePath: /dev/termination-log
|
||
|
terminationMessagePolicy: File
|
||
|
volumeMounts:
|
||
|
- mountPath: /tmp
|
||
|
name: tmp
|
||
|
dnsPolicy: ClusterFirst
|
||
|
restartPolicy: Always
|
||
|
schedulerName: default-scheduler
|
||
|
serviceAccount: inventory
|
||
|
serviceAccountName: inventory
|
||
|
terminationGracePeriodSeconds: 30
|
||
|
volumes:
|
||
|
- name: tmp
|
||
|
---
|
||
|
apiVersion: codemowers.cloud/v1beta1
|
||
|
kind: SecretClaim
|
||
|
metadata:
|
||
|
name: inventory-mongodb-readwrite-password
|
||
|
spec:
|
||
|
size: 32
|
||
|
mapping:
|
||
|
- key: password
|
||
|
value: "%(plaintext)s"
|
||
|
---
|
||
|
apiVersion: mongodbcommunity.mongodb.com/v1
|
||
|
kind: MongoDBCommunity
|
||
|
metadata:
|
||
|
name: inventory-mongodb
|
||
|
spec:
|
||
|
agent:
|
||
|
logLevel: ERROR
|
||
|
maxLogFileDurationHours: 1
|
||
|
additionalMongodConfig:
|
||
|
systemLog:
|
||
|
quiet: true
|
||
|
members: 3
|
||
|
type: ReplicaSet
|
||
|
version: "6.0.3"
|
||
|
security:
|
||
|
authentication:
|
||
|
modes: ["SCRAM"]
|
||
|
users:
|
||
|
- name: readwrite
|
||
|
db: application
|
||
|
passwordSecretRef:
|
||
|
name: inventory-mongodb-readwrite-password
|
||
|
roles:
|
||
|
- name: readWrite
|
||
|
db: application
|
||
|
scramCredentialsSecretName: inventory-mongodb-readwrite
|
||
|
statefulSet:
|
||
|
spec:
|
||
|
logLevel: WARN
|
||
|
template:
|
||
|
spec:
|
||
|
containers:
|
||
|
- name: mongod
|
||
|
resources:
|
||
|
requests:
|
||
|
cpu: 100m
|
||
|
memory: 1Gi
|
||
|
limits:
|
||
|
cpu: 4000m
|
||
|
memory: 1Gi
|
||
|
volumeMounts:
|
||
|
- name: journal-volume
|
||
|
mountPath: /data/journal
|
||
|
- name: mongodb-agent
|
||
|
resources:
|
||
|
requests:
|
||
|
cpu: 1m
|
||
|
memory: 100Mi
|
||
|
limits: {}
|
||
|
affinity:
|
||
|
podAntiAffinity:
|
||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||
|
- labelSelector:
|
||
|
matchExpressions:
|
||
|
- key: app
|
||
|
operator: In
|
||
|
values:
|
||
|
- inventory-mongodb-svc
|
||
|
topologyKey: kubernetes.io/hostname
|
||
|
nodeSelector:
|
||
|
dedicated: monitoring
|
||
|
tolerations:
|
||
|
- key: dedicated
|
||
|
operator: Equal
|
||
|
value: monitoring
|
||
|
effect: NoSchedule
|
||
|
volumeClaimTemplates:
|
||
|
- metadata:
|
||
|
name: logs-volume
|
||
|
labels:
|
||
|
usecase: logs
|
||
|
spec:
|
||
|
storageClassName: mongo
|
||
|
accessModes:
|
||
|
- ReadWriteOnce
|
||
|
resources:
|
||
|
requests:
|
||
|
storage: 100Mi
|
||
|
- metadata:
|
||
|
name: journal-volume
|
||
|
labels:
|
||
|
usecase: journal
|
||
|
spec:
|
||
|
storageClassName: mongo
|
||
|
accessModes:
|
||
|
- ReadWriteOnce
|
||
|
resources:
|
||
|
requests:
|
||
|
storage: 512Mi
|
||
|
- metadata:
|
||
|
name: data-volume
|
||
|
labels:
|
||
|
usecase: data
|
||
|
spec:
|
||
|
storageClassName: mongo
|
||
|
accessModes:
|
||
|
- ReadWriteOnce
|
||
|
resources:
|
||
|
requests:
|
||
|
storage: 10Gi
|