From d8471da75fc6b97d9020209f096137feb1a25751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Sat, 17 Dec 2022 17:49:57 +0200 Subject: [PATCH] Migrate doorboy to Kubernetes --- member-site/doorboy.yml | 158 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 member-site/doorboy.yml diff --git a/member-site/doorboy.yml b/member-site/doorboy.yml new file mode 100644 index 0000000..a3a9e16 --- /dev/null +++ b/member-site/doorboy.yml @@ -0,0 +1,158 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: doorboy-proxy + annotations: + keel.sh/policy: force + keel.sh/trigger: poll +spec: + revisionHistoryLimit: 0 + replicas: 3 + selector: + matchLabels: &selectorLabels + app.kubernetes.io/name: doorboy-proxy + template: + metadata: + labels: *selectorLabels + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - doorboy-proxy + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - name: doorboy-proxy + image: harbor.k-space.ee/k-space/doorboy-proxy:latest + envFrom: + - secretRef: + name: doorboy-api + env: + - name: MONGO_URI + valueFrom: + secretKeyRef: + name: mongo-application-readwrite + key: connectionString.standard + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + ports: + - containerPort: 5000 + name: "http" + resources: + requests: + memory: "200Mi" + cpu: "100m" + limits: + memory: "500Mi" + cpu: "1" +--- +apiVersion: v1 +kind: Service +metadata: + name: doorboy-proxy +spec: + selector: + app.kubernetes.io/name: doorboy-proxy + ports: + - protocol: TCP + name: http + port: 5000 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: doorboy-proxy + annotations: + kubernetes.io/ingress.class: traefik + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + external-dns.alpha.kubernetes.io/target: traefik.k-space.ee +spec: + rules: + - host: doorboy-proxy.k-space.ee + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: doorboy-proxy + port: + name: http + tls: + - hosts: + - "*.k-space.ee" +--- +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: doorboy-proxy +spec: + selector: + matchLabels: + app.kubernetes.io/name: doorboy-proxy + podMetricsEndpoints: + - port: http +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kdoorpi +spec: + selector: + matchLabels: &selectorLabels + app.kubernetes.io/name: kdoorpi + template: + metadata: + labels: *selectorLabels + spec: + containers: + - name: kdoorpi + image: harbor.k-space.ee/k-space/kdoorpi:latest + env: + - name: KDOORPI_API_ALLOWED + value: https://doorboy-proxy.k-space.ee/allowed + - name: KDOORPI_API_LONGPOLL + value: https://doorboy-proxy.k-space.ee/longpoll + - name: KDOORPI_API_SWIPE + value: http://172.21.99.98/swipe + - name: KDOORPI_DOOR + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: KDOORPI_API_KEY + valueFrom: + secretKeyRef: + name: doorboy-api + key: DOORBOY_SECRET + - name: KDOORPI_UID_SALT + valueFrom: + secretKeyRef: + name: doorboy-uid-hash-salt + key: KDOORPI_UID_SALT + resources: + limits: + memory: 200Mi + requests: + cpu: 100m + memory: 100Mi + nodeSelector: + dedicated: door + tolerations: + - key: dedicated + operator: Equal + value: door + effect: NoSchedule + - key: arch + operator: Equal + value: arm64 + effect: NoSchedule