apiVersion: v1 kind: Service metadata: name: zinc spec: clusterIP: None selector: app: zinc ports: - name: http port: 4080 targetPort: 4080 --- apiVersion: apps/v1 kind: StatefulSet metadata: name: zinc spec: serviceName: zinc replicas: 1 selector: matchLabels: app: zinc template: metadata: labels: app: zinc spec: securityContext: fsGroup: 2000 runAsUser: 10000 runAsGroup: 3000 runAsNonRoot: true containers: - name: zinc image: public.ecr.aws/zinclabs/zinc:latest env: - name: GIN_MODE value: release - name: ZINC_FIRST_ADMIN_USER value: admin - name: ZINC_FIRST_ADMIN_PASSWORD value: salakala - name: ZINC_DATA_PATH value: /data imagePullPolicy: Always resources: limits: cpu: "4" memory: 4Gi requests: cpu: 32m memory: 50Mi ports: - containerPort: 4080 name: http volumeMounts: - name: data mountPath: /data volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 20Gi --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: zinc annotations: cert-manager.io/cluster-issuer: default traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd spec: rules: - host: zinc.k-space.ee http: paths: - pathType: Prefix path: "/" backend: service: name: zinc port: number: 4080 tls: - hosts: - zinc.k-space.ee secretName: zinc-tls --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: zinc spec: podSelector: matchLabels: app: zinc policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: app: filebeat ports: - protocol: TCP port: 4080 - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: traefik podSelector: matchLabels: app.kubernetes.io/name: traefik