forked from k-space/kube
149 lines
3.7 KiB
YAML
149 lines
3.7 KiB
YAML
---
|
|
apiVersion: codemowers.cloud/v1beta1
|
|
kind: SecretClaim
|
|
metadata:
|
|
name: wildflock
|
|
spec:
|
|
size: 32
|
|
mapping:
|
|
- key: SESSION_SECRET
|
|
value: "%(plaintext)s"
|
|
---
|
|
apiVersion: codemowers.cloud/v1beta1
|
|
kind: OIDCClient
|
|
metadata:
|
|
name: wildflock
|
|
spec:
|
|
allowedGroups:
|
|
- k-space:floor
|
|
- k-space:friends
|
|
displayName: Wildduck disposable alias generator
|
|
uri: "https://wildflock.k-space.ee/auth-oidc"
|
|
redirectUris:
|
|
- "https://wildflock.k-space.ee/auth-oidc/callback"
|
|
grantTypes:
|
|
- "authorization_code"
|
|
- "refresh_token"
|
|
responseTypes:
|
|
- "code"
|
|
availableScopes:
|
|
- "openid"
|
|
- "profile"
|
|
- "offline_access"
|
|
tokenEndpointAuthMethod: "client_secret_basic"
|
|
pkce: true
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: wildflock
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
|
spec:
|
|
rules:
|
|
- host: wildflock.k-space.ee
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: wildflock
|
|
port:
|
|
number: 3030
|
|
tls:
|
|
- hosts:
|
|
- "*.k-space.ee"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: wildflock
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: wildflock
|
|
ports:
|
|
- protocol: TCP
|
|
port: 3030
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: wildflock
|
|
labels:
|
|
app: wildflock
|
|
spec:
|
|
revisionHistoryLimit: 0
|
|
selector:
|
|
matchLabels:
|
|
app: wildflock
|
|
replicas: 2
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: wildflock
|
|
spec:
|
|
containers:
|
|
- name: wildflock
|
|
image: harbor.k-space.ee/k-space/wildflock:latest
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 200Mi
|
|
requests:
|
|
cpu: 1m
|
|
memory: 100Mi
|
|
ports:
|
|
- containerPort: 3030
|
|
env:
|
|
- name: REDIS_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: session-storage
|
|
key: REDIS_WILDFLOCK_URI
|
|
- name: CLIENT_URL
|
|
value: https://wildflock.k-space.ee
|
|
- name: WILDDUCK_DOMAIN
|
|
value: k6.ee
|
|
- name: NODE_ENV
|
|
value: prod
|
|
- name: WILDDUCK_URL
|
|
value: http://wildduck-api:8080
|
|
- name: WILDDUCK_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: wildduck
|
|
key: WILDDUCK_API_TOKEN
|
|
- name: SESSION_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: wildflock
|
|
key: SESSION_SECRET
|
|
- name: OIDC_GATEWAY_URI
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: OIDC_IDP_URI
|
|
name: oidc-client-wildflock-owner-secrets
|
|
- name: OIDC_GATEWAY_AUTH_URI
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: OIDC_IDP_AUTH_URI
|
|
name: oidc-client-wildflock-owner-secrets
|
|
- name: OIDC_GATEWAY_TOKEN_URI
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: OIDC_IDP_TOKEN_URI
|
|
name: oidc-client-wildflock-owner-secrets
|
|
- name: OIDC_GATEWAY_USERINFO_URI
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: OIDC_IDP_USERINFO_URI
|
|
name: oidc-client-wildflock-owner-secrets
|
|
envFrom:
|
|
- secretRef:
|
|
name: oidc-client-wildflock-owner-secrets
|