# Referenced and documented by https://wiki.k-space.ee/en/hosting/doors --- apiVersion: apps/v1 kind: Deployment metadata: name: doorboy-proxy annotations: keel.sh/policy: force keel.sh/trigger: poll spec: revisionHistoryLimit: 0 replicas: 3 selector: matchLabels: &selectorLabels app.kubernetes.io/name: doorboy-proxy template: metadata: labels: *selectorLabels spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - doorboy-proxy topologyKey: kubernetes.io/hostname weight: 100 containers: - name: doorboy-proxy image: harbor.k-space.ee/k-space/doorboy-proxy:latest envFrom: - secretRef: name: doorboy-api env: - name: MONGO_URI valueFrom: secretKeyRef: name: mongo-application-readwrite key: connectionString.standard securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 ports: - containerPort: 5000 name: "http" resources: requests: memory: "200Mi" cpu: "100m" limits: memory: "500Mi" cpu: "1" --- apiVersion: v1 kind: Service metadata: name: doorboy-proxy spec: selector: app.kubernetes.io/name: doorboy-proxy ports: - protocol: TCP name: http port: 5000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: doorboy-proxy annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - host: doorboy-proxy.k-space.ee http: paths: - pathType: Prefix path: "/" backend: service: name: doorboy-proxy port: name: http tls: - hosts: - "*.k-space.ee" --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: doorboy-proxy spec: selector: matchLabels: app.kubernetes.io/name: doorboy-proxy podMetricsEndpoints: - port: http --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kdoorpi spec: selector: matchLabels: &selectorLabels app.kubernetes.io/name: kdoorpi template: metadata: labels: *selectorLabels spec: containers: - name: kdoorpi image: harbor.k-space.ee/k-space/kdoorpi:latest env: - name: KDOORPI_API_ALLOWED value: https://doorboy-proxy.k-space.ee/allowed - name: KDOORPI_API_LONGPOLL value: https://doorboy-proxy.k-space.ee/longpoll - name: KDOORPI_API_SWIPE value: http://172.21.99.98/swipe - name: KDOORPI_DOOR valueFrom: fieldRef: fieldPath: spec.nodeName - name: KDOORPI_API_KEY valueFrom: secretKeyRef: name: doorboy-api key: DOORBOY_SECRET - name: KDOORPI_UID_SALT valueFrom: secretKeyRef: name: doorboy-uid-hash-salt key: KDOORPI_UID_SALT resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi nodeSelector: dedicated: door tolerations: - key: dedicated operator: Equal value: door effect: NoSchedule - key: arch operator: Equal value: arm64 effect: NoSchedule