Add inventory and k6.ee redirector
This commit is contained in:
parent
f40a61946d
commit
0eafcfea18
57
hackerspace/goredirect.yaml
Normal file
57
hackerspace/goredirect.yaml
Normal file
@ -0,0 +1,57 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: goredirect
|
||||
namespace: hackerspace
|
||||
spec:
|
||||
replicas: 2
|
||||
revisionHistoryLimit: 0
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: goredirect
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: goredirect
|
||||
spec:
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- podAffinityTerm:
|
||||
labelSelector:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: In
|
||||
values:
|
||||
- goredirect
|
||||
topologyKey: topology.kubernetes.io/zone
|
||||
weight: 100
|
||||
containers:
|
||||
- image: harbor.k-space.ee/k-space/goredirect:latest
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: GOREDIRECT_NOT_FOUND
|
||||
value: https://inventory.k-space.ee/m/inventory/add-slug/%s
|
||||
- name: GOREDIRECT_FOUND
|
||||
value: https://inventory.k-space.ee/m/inventory/%s/view
|
||||
- name: MONGO_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: connectionString.standard
|
||||
name: inventory-mongodb-application-readwrite
|
||||
name: goredirect
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
cpu: "1"
|
||||
memory: 500Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 200Mi
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
200
hackerspace/inventory.yaml
Normal file
200
hackerspace/inventory.yaml
Normal file
@ -0,0 +1,200 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: inventory
|
||||
namespace: hackerspace
|
||||
spec:
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 0
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: inventory
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: inventory
|
||||
spec:
|
||||
containers:
|
||||
- image: harbor.k-space.ee/k-space/inventory-app:latest
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: ENVIRONMENT_TYPE
|
||||
value: PROD
|
||||
- name: PYTHONUNBUFFERED
|
||||
value: "1"
|
||||
- name: MEMBERS_HOST
|
||||
value: https://members.k-space.ee
|
||||
- name: INVENTORY_ASSETS_BASE_URL
|
||||
value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/
|
||||
- name: OIDC_USERS_NAMESPACE
|
||||
value: oidc-gateway
|
||||
- name: MONGO_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: connectionString.standard
|
||||
name: inventory-mongodb-application-readwrite
|
||||
- name: SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: SECRET_KEY
|
||||
name: inventory-secrets
|
||||
- name: INVENTORY_API_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: INVENTORY_API_KEY
|
||||
name: inventory-api-key
|
||||
- name: SLACK_DOORLOG_CALLBACK
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: SLACK_DOORLOG_CALLBACK
|
||||
name: slack-secrets
|
||||
- name: SLACK_VERIFICATION_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: SLACK_VERIFICATION_TOKEN
|
||||
name: slack-secrets
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: miniobucket-inventory-owner-secrets
|
||||
- secretRef:
|
||||
name: oidc-client-inventory-app-owner-secrets
|
||||
name: inventory
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
name: http
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
cpu: "1"
|
||||
memory: 500Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 200Mi
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
dnsPolicy: ClusterFirst
|
||||
restartPolicy: Always
|
||||
schedulerName: default-scheduler
|
||||
serviceAccount: inventory
|
||||
serviceAccountName: inventory
|
||||
terminationGracePeriodSeconds: 30
|
||||
volumes:
|
||||
- name: tmp
|
||||
---
|
||||
apiVersion: codemowers.cloud/v1beta1
|
||||
kind: SecretClaim
|
||||
metadata:
|
||||
name: inventory-mongodb-readwrite-password
|
||||
spec:
|
||||
size: 32
|
||||
mapping:
|
||||
- key: password
|
||||
value: "%(plaintext)s"
|
||||
---
|
||||
apiVersion: mongodbcommunity.mongodb.com/v1
|
||||
kind: MongoDBCommunity
|
||||
metadata:
|
||||
name: inventory-mongodb
|
||||
spec:
|
||||
agent:
|
||||
logLevel: ERROR
|
||||
maxLogFileDurationHours: 1
|
||||
additionalMongodConfig:
|
||||
systemLog:
|
||||
quiet: true
|
||||
members: 3
|
||||
type: ReplicaSet
|
||||
version: "6.0.3"
|
||||
security:
|
||||
authentication:
|
||||
modes: ["SCRAM"]
|
||||
users:
|
||||
- name: readwrite
|
||||
db: application
|
||||
passwordSecretRef:
|
||||
name: inventory-mongodb-readwrite-password
|
||||
roles:
|
||||
- name: readWrite
|
||||
db: application
|
||||
scramCredentialsSecretName: inventory-mongodb-readwrite
|
||||
statefulSet:
|
||||
spec:
|
||||
logLevel: WARN
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: mongod
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 1Gi
|
||||
limits:
|
||||
cpu: 4000m
|
||||
memory: 1Gi
|
||||
volumeMounts:
|
||||
- name: journal-volume
|
||||
mountPath: /data/journal
|
||||
- name: mongodb-agent
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 100Mi
|
||||
limits: {}
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app
|
||||
operator: In
|
||||
values:
|
||||
- inventory-mongodb-svc
|
||||
topologyKey: kubernetes.io/hostname
|
||||
nodeSelector:
|
||||
dedicated: monitoring
|
||||
tolerations:
|
||||
- key: dedicated
|
||||
operator: Equal
|
||||
value: monitoring
|
||||
effect: NoSchedule
|
||||
volumeClaimTemplates:
|
||||
- metadata:
|
||||
name: logs-volume
|
||||
labels:
|
||||
usecase: logs
|
||||
spec:
|
||||
storageClassName: mongo
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 100Mi
|
||||
- metadata:
|
||||
name: journal-volume
|
||||
labels:
|
||||
usecase: journal
|
||||
spec:
|
||||
storageClassName: mongo
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 512Mi
|
||||
- metadata:
|
||||
name: data-volume
|
||||
labels:
|
||||
usecase: data
|
||||
spec:
|
||||
storageClassName: mongo
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
1
hackerspace/mongodb-support.yml
Symbolic link
1
hackerspace/mongodb-support.yml
Symbolic link
@ -0,0 +1 @@
|
||||
../mongodb-operator/mongodb-support.yml
|
Loading…
Reference in New Issue
Block a user