rasmus
f817fde37e
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Follow-up to d554fae7cd
121 lines
3.0 KiB
YAML
121 lines
3.0 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: inventory-app
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: inventory-app
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: inventory-app
|
|
spec:
|
|
enableServiceLinks: false
|
|
imagePullSecrets:
|
|
- name: regcred
|
|
serviceAccountName: oidc-gateway
|
|
containers:
|
|
- name: inventory-app
|
|
image: inventory-app
|
|
env:
|
|
- name: OIDC_USERS_NAMESPACE
|
|
value: "default"
|
|
- name: SLACK_DOORLOG_CALLBACK
|
|
value: "changeme"
|
|
- name: SLACK_VERIFICATION_TOKEN
|
|
value: "changeme"
|
|
- name: INVENTORY_API_KEY
|
|
value: "sptWL6XFxl4b8"
|
|
- name: PYTHONUNBUFFERED
|
|
value: "1"
|
|
- name: RECAPTCHA_PUBLIC_KEY
|
|
value: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
|
|
- name: RECAPTCHA_PRIVATE_KEY
|
|
value: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
|
|
- name: INVENTORY_ASSETS_BASE_URL
|
|
value: "https://minio.codemowers.eu:9000"
|
|
- name: MONGO_URI
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: mongodb-application-readwrite
|
|
key: connectionString.standard
|
|
- name: AWS_ENDPOINT_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: miniobucket-inventory-app-owner-secrets
|
|
key: MINIO_URI
|
|
- name: SECRET_KEY
|
|
value: "bad_secret"
|
|
- name: ENVIRONMENT_TYPE
|
|
value: "DEV"
|
|
- name: MY_POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
envFrom:
|
|
- secretRef:
|
|
name: oidc-client-inventory-app-owner-secrets
|
|
ports:
|
|
- containerPort: 5000
|
|
name: metrics
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: inventory-app
|
|
labels:
|
|
app: inventory-app
|
|
spec:
|
|
selector:
|
|
app: inventory-app
|
|
ports:
|
|
- protocol: TCP
|
|
port: 5000
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: inventory-app
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
external-dns.alpha.kubernetes.io/target: traefik.codemowers.ee
|
|
spec:
|
|
ingressClassName: shared
|
|
rules:
|
|
- host: inventory-app-72zn4.codemowers.ee
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: inventory-app
|
|
port:
|
|
number: 5000
|
|
tls:
|
|
- hosts:
|
|
- "*.codemowers.ee"
|
|
---
|
|
apiVersion: codemowers.cloud/v1beta1
|
|
kind: OIDCClient
|
|
metadata:
|
|
name: inventory-app
|
|
spec:
|
|
uri: 'https://inventory-app-72zn4.codemowers.ee'
|
|
redirectUris:
|
|
- 'https://inventory-app-72zn4.codemowers.ee/login-callback'
|
|
grantTypes:
|
|
- 'authorization_code'
|
|
responseTypes:
|
|
- 'code'
|
|
availableScopes:
|
|
- 'openid'
|
|
- 'profile'
|
|
tokenEndpointAuthMethod: 'client_secret_basic'
|
|
pkce: false
|
|
|