inventory: add ingress and other manifests
This commit is contained in:
parent
249ad2e9ed
commit
62be47c2e1
@ -1,3 +1,4 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -25,7 +26,7 @@ spec:
|
||||
- name: INVENTORY_ASSETS_BASE_URL
|
||||
value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/
|
||||
- name: OIDC_USERS_NAMESPACE
|
||||
value: oidc-gateway
|
||||
value: passmower
|
||||
- name: SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@ -82,5 +83,92 @@ spec:
|
||||
terminationGracePeriodSeconds: 30
|
||||
volumes:
|
||||
- name: tmp
|
||||
# TODO: full manifests
|
||||
# TODO: k6 ingress
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: inventory-app
|
||||
labels:
|
||||
app: inventory-app
|
||||
spec:
|
||||
selector:
|
||||
app: inventory-app
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 5000
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: inventory-app
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
spec:
|
||||
ingressClassName: shared
|
||||
rules:
|
||||
- host: inventory.k-space.ee
|
||||
http:
|
||||
paths:
|
||||
- pathType: Prefix
|
||||
path: "/"
|
||||
backend:
|
||||
service:
|
||||
name: inventory-app
|
||||
port:
|
||||
number: 5000
|
||||
tls:
|
||||
- hosts:
|
||||
- "*.codemowers.ee"
|
||||
---
|
||||
apiVersion: codemowers.cloud/v1beta1
|
||||
kind: OIDCClient
|
||||
metadata:
|
||||
name: inventory-app
|
||||
spec:
|
||||
uri: 'https://inventory.k-space.ee'
|
||||
redirectUris:
|
||||
- 'https://inventory.k-space.ee/login-callback'
|
||||
grantTypes:
|
||||
- 'authorization_code'
|
||||
responseTypes:
|
||||
- 'code'
|
||||
availableScopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
tokenEndpointAuthMethod: 'client_secret_basic'
|
||||
pkce: false
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: inventory
|
||||
rules:
|
||||
- verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
apiGroups:
|
||||
- codemowers.cloud
|
||||
resources:
|
||||
- oidcusers
|
||||
- oidcusers/status
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: inventory
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: inventory
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: inventory
|
||||
namespace: hackerspace
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: inventory
|
||||
|
Loading…
Reference in New Issue
Block a user