# Referenced/linked and documented by https://wiki.k-space.ee/en/hosting/doors --- apiVersion: apps/v1 kind: Deployment metadata: name: doorboy-proxy spec: revisionHistoryLimit: 0 replicas: 3 selector: matchLabels: &selectorLabels app.kubernetes.io/name: doorboy-proxy template: metadata: labels: *selectorLabels spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - doorboy-proxy topologyKey: topology.kubernetes.io/zone weight: 100 containers: - name: doorboy-proxy image: harbor.k-space.ee/k-space/doorboy-proxy:latest envFrom: - secretRef: name: inventory-mongodb - secretRef: name: doorboy-api env: - name: FLOOR_ACCESS_GROUP value: 'k-space:floor' - name: WORKSHOP_ACCESS_GROUP value: 'k-space:workshop' - name: CARD_URI value: 'https://inventory.k-space.ee/cards' - name: SWIPE_URI value: 'https://inventory.k-space.ee/m/doorboy/swipe' - name: INVENTORY_API_KEY valueFrom: secretKeyRef: name: inventory-api-key key: INVENTORY_API_KEY securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 ports: - containerPort: 5000 name: "http" resources: requests: memory: "200Mi" cpu: "100m" limits: memory: "500Mi" cpu: "1" --- apiVersion: v1 kind: Service metadata: name: doorboy-proxy spec: selector: app.kubernetes.io/name: doorboy-proxy ports: - protocol: TCP name: http port: 5000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: doorboy-proxy annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - host: doorboy-proxy.k-space.ee http: paths: - pathType: Prefix path: "/" backend: service: name: doorboy-proxy port: name: http tls: - hosts: - "*.k-space.ee" --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: doorboy-proxy spec: selector: matchLabels: app.kubernetes.io/name: doorboy-proxy podMetricsEndpoints: - port: http --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kdoorpi spec: selector: matchLabels: &selectorLabels app.kubernetes.io/name: kdoorpi template: metadata: labels: *selectorLabels spec: containers: - name: kdoorpi image: harbor.k-space.ee/k-space/kdoorpi:latest env: - name: KDOORPI_API_ALLOWED value: https://doorboy-proxy.k-space.ee/allowed - name: KDOORPI_API_LONGPOLL value: https://doorboy-proxy.k-space.ee/longpoll - name: KDOORPI_API_SWIPE value: http://172.21.99.98/swipe - name: KDOORPI_DOOR valueFrom: fieldRef: fieldPath: spec.nodeName - name: KDOORPI_API_KEY valueFrom: secretKeyRef: name: doorboy-api key: DOORBOY_SECRET - name: KDOORPI_UID_SALT valueFrom: secretKeyRef: name: doorboy-uid-hash-salt key: KDOORPI_UID_SALT resources: limits: memory: 200Mi requests: cpu: 100m memory: 100Mi nodeSelector: dedicated: door tolerations: - key: dedicated operator: Equal value: door effect: NoSchedule - key: arch operator: Equal value: arm64 effect: NoSchedule