Add inventory and k6.ee redirector
This commit is contained in:
parent
f40a61946d
commit
0eafcfea18
57
hackerspace/goredirect.yaml
Normal file
57
hackerspace/goredirect.yaml
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: goredirect
|
||||||
|
namespace: hackerspace
|
||||||
|
spec:
|
||||||
|
replicas: 2
|
||||||
|
revisionHistoryLimit: 0
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: goredirect
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: goredirect
|
||||||
|
spec:
|
||||||
|
affinity:
|
||||||
|
podAntiAffinity:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- podAffinityTerm:
|
||||||
|
labelSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: app.kubernetes.io/name
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- goredirect
|
||||||
|
topologyKey: topology.kubernetes.io/zone
|
||||||
|
weight: 100
|
||||||
|
containers:
|
||||||
|
- image: harbor.k-space.ee/k-space/goredirect:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
env:
|
||||||
|
- name: GOREDIRECT_NOT_FOUND
|
||||||
|
value: https://inventory.k-space.ee/m/inventory/add-slug/%s
|
||||||
|
- name: GOREDIRECT_FOUND
|
||||||
|
value: https://inventory.k-space.ee/m/inventory/%s/view
|
||||||
|
- name: MONGO_URI
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: connectionString.standard
|
||||||
|
name: inventory-mongodb-application-readwrite
|
||||||
|
name: goredirect
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: http
|
||||||
|
protocol: TCP
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: "1"
|
||||||
|
memory: 500Mi
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 200Mi
|
||||||
|
securityContext:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
200
hackerspace/inventory.yaml
Normal file
200
hackerspace/inventory.yaml
Normal file
@ -0,0 +1,200 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: inventory
|
||||||
|
namespace: hackerspace
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
revisionHistoryLimit: 0
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: inventory
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: inventory
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- image: harbor.k-space.ee/k-space/inventory-app:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
env:
|
||||||
|
- name: ENVIRONMENT_TYPE
|
||||||
|
value: PROD
|
||||||
|
- name: PYTHONUNBUFFERED
|
||||||
|
value: "1"
|
||||||
|
- name: MEMBERS_HOST
|
||||||
|
value: https://members.k-space.ee
|
||||||
|
- name: INVENTORY_ASSETS_BASE_URL
|
||||||
|
value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/
|
||||||
|
- name: OIDC_USERS_NAMESPACE
|
||||||
|
value: oidc-gateway
|
||||||
|
- name: MONGO_URI
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: connectionString.standard
|
||||||
|
name: inventory-mongodb-application-readwrite
|
||||||
|
- name: SECRET_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: SECRET_KEY
|
||||||
|
name: inventory-secrets
|
||||||
|
- name: INVENTORY_API_KEY
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: INVENTORY_API_KEY
|
||||||
|
name: inventory-api-key
|
||||||
|
- name: SLACK_DOORLOG_CALLBACK
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: SLACK_DOORLOG_CALLBACK
|
||||||
|
name: slack-secrets
|
||||||
|
- name: SLACK_VERIFICATION_TOKEN
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
key: SLACK_VERIFICATION_TOKEN
|
||||||
|
name: slack-secrets
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: miniobucket-inventory-owner-secrets
|
||||||
|
- secretRef:
|
||||||
|
name: oidc-client-inventory-app-owner-secrets
|
||||||
|
name: inventory
|
||||||
|
ports:
|
||||||
|
- containerPort: 5000
|
||||||
|
name: http
|
||||||
|
protocol: TCP
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: "1"
|
||||||
|
memory: 500Mi
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 200Mi
|
||||||
|
securityContext:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
terminationMessagePath: /dev/termination-log
|
||||||
|
terminationMessagePolicy: File
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /tmp
|
||||||
|
name: tmp
|
||||||
|
dnsPolicy: ClusterFirst
|
||||||
|
restartPolicy: Always
|
||||||
|
schedulerName: default-scheduler
|
||||||
|
serviceAccount: inventory
|
||||||
|
serviceAccountName: inventory
|
||||||
|
terminationGracePeriodSeconds: 30
|
||||||
|
volumes:
|
||||||
|
- name: tmp
|
||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: SecretClaim
|
||||||
|
metadata:
|
||||||
|
name: inventory-mongodb-readwrite-password
|
||||||
|
spec:
|
||||||
|
size: 32
|
||||||
|
mapping:
|
||||||
|
- key: password
|
||||||
|
value: "%(plaintext)s"
|
||||||
|
---
|
||||||
|
apiVersion: mongodbcommunity.mongodb.com/v1
|
||||||
|
kind: MongoDBCommunity
|
||||||
|
metadata:
|
||||||
|
name: inventory-mongodb
|
||||||
|
spec:
|
||||||
|
agent:
|
||||||
|
logLevel: ERROR
|
||||||
|
maxLogFileDurationHours: 1
|
||||||
|
additionalMongodConfig:
|
||||||
|
systemLog:
|
||||||
|
quiet: true
|
||||||
|
members: 3
|
||||||
|
type: ReplicaSet
|
||||||
|
version: "6.0.3"
|
||||||
|
security:
|
||||||
|
authentication:
|
||||||
|
modes: ["SCRAM"]
|
||||||
|
users:
|
||||||
|
- name: readwrite
|
||||||
|
db: application
|
||||||
|
passwordSecretRef:
|
||||||
|
name: inventory-mongodb-readwrite-password
|
||||||
|
roles:
|
||||||
|
- name: readWrite
|
||||||
|
db: application
|
||||||
|
scramCredentialsSecretName: inventory-mongodb-readwrite
|
||||||
|
statefulSet:
|
||||||
|
spec:
|
||||||
|
logLevel: WARN
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: mongod
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 1Gi
|
||||||
|
limits:
|
||||||
|
cpu: 4000m
|
||||||
|
memory: 1Gi
|
||||||
|
volumeMounts:
|
||||||
|
- name: journal-volume
|
||||||
|
mountPath: /data/journal
|
||||||
|
- name: mongodb-agent
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
||||||
|
memory: 100Mi
|
||||||
|
limits: {}
|
||||||
|
affinity:
|
||||||
|
podAntiAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- labelSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: app
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- inventory-mongodb-svc
|
||||||
|
topologyKey: kubernetes.io/hostname
|
||||||
|
nodeSelector:
|
||||||
|
dedicated: monitoring
|
||||||
|
tolerations:
|
||||||
|
- key: dedicated
|
||||||
|
operator: Equal
|
||||||
|
value: monitoring
|
||||||
|
effect: NoSchedule
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: logs-volume
|
||||||
|
labels:
|
||||||
|
usecase: logs
|
||||||
|
spec:
|
||||||
|
storageClassName: mongo
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 100Mi
|
||||||
|
- metadata:
|
||||||
|
name: journal-volume
|
||||||
|
labels:
|
||||||
|
usecase: journal
|
||||||
|
spec:
|
||||||
|
storageClassName: mongo
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 512Mi
|
||||||
|
- metadata:
|
||||||
|
name: data-volume
|
||||||
|
labels:
|
||||||
|
usecase: data
|
||||||
|
spec:
|
||||||
|
storageClassName: mongo
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
1
hackerspace/mongodb-support.yml
Symbolic link
1
hackerspace/mongodb-support.yml
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../mongodb-operator/mongodb-support.yml
|
Loading…
Reference in New Issue
Block a user