k-space/kube
12
1
Fork 3
Code Issues 62 Pull Requests 1 Wiki Activity

inventory: add ingress and other manifests

Browse Source
This commit is contained in:
Madis Mägi
2024-07-28 20:58:25 +03:00
parent 249ad2e9ed
commit 62be47c2e1
1 changed files with 91 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
hackerspace/inventory.yaml
View File

@@ -1,3 +1,4 @@
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@@ -25,7 +26,7 @@ spec:
- name: INVENTORY_ASSETS_BASE_URL - name: INVENTORY_ASSETS_BASE_URL
value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/ value: https://minio-cluster-shared.k-space.ee/inventory-5b342be1-60a1-4290-8061-e0b8fc17d40d/
- name: OIDC_USERS_NAMESPACE - name: OIDC_USERS_NAMESPACE
value: oidc-gateway value: passmower
- name: SECRET_KEY - name: SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -82,5 +83,92 @@ spec:
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
volumes: volumes:
- name: tmp - name: tmp
# TODO: full manifests ---
# TODO: k6 ingress apiVersion: v1
kind: Service
metadata:
name: inventory-app
labels:
app: inventory-app
spec:
selector:
app: inventory-app
ports:
- protocol: TCP
port: 5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: inventory-app
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
ingressClassName: shared
rules:
- host: inventory.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: inventory-app
port:
number: 5000
tls:
- hosts:
- "*.codemowers.ee"
---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
name: inventory-app
spec:
uri: 'https://inventory.k-space.ee'
redirectUris:
- 'https://inventory.k-space.ee/login-callback'
grantTypes:
- 'authorization_code'
responseTypes:
- 'code'
availableScopes:
- 'openid'
- 'profile'
tokenEndpointAuthMethod: 'client_secret_basic'
pkce: false
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: inventory
rules:
- verbs:
- get
- list
- watch
apiGroups:
- codemowers.cloud
resources:
- oidcusers
- oidcusers/status
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: inventory
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: inventory
subjects:
- kind: ServiceAccount
name: inventory
namespace: hackerspace
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: inventory