123 lines
2.5 KiB
YAML
123 lines
2.5 KiB
YAML
---
|
|
apiVersion: codemowers.cloud/v1beta1
|
|
kind: OIDCMiddlewareClient
|
|
metadata:
|
|
name: rotmower
|
|
spec:
|
|
displayName: rotmower
|
|
uri: 'https://rotmower.k-space.ee'
|
|
headerMapping:
|
|
email: Remote-Email
|
|
groups: Remote-Groups
|
|
name: Remote-Name
|
|
user: Remote-Username
|
|
allowedGroups:
|
|
- k-space:kubernetes:admins
|
|
- github.com:codemowers:admins
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: rotmower
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
|
traefik.ingress.kubernetes.io/router.middlewares: rotmower-rotmower@kubernetescrd
|
|
spec:
|
|
rules:
|
|
- host: rotmower.k-space.ee
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: rotmower
|
|
port:
|
|
number: 80
|
|
tls:
|
|
- hosts:
|
|
- "*.k-space.ee"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: rotmower
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: rotmower
|
|
ports:
|
|
- protocol: TCP
|
|
port: 80
|
|
targetPort: 8080
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: rotmower
|
|
namespace: kube-system
|
|
labels:
|
|
app: rotmower
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: rotmower
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: rotmower
|
|
spec:
|
|
serviceAccountName: rotmower
|
|
containers:
|
|
- name: rotmower
|
|
image: docker.io/codemowers/rotmower:latest
|
|
args:
|
|
- web
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
resources:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "512Mi"
|
|
cpu: "500m"
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: rotmower
|
|
namespace: rotmower
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: rotmower
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods", "secrets"]
|
|
verbs: ["get", "list"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["deployments", "replicasets", "daemonsets", "statefulsets"]
|
|
verbs: ["get", "list"]
|
|
- apiGroups: ["batch"]
|
|
resources: ["jobs", "cronjobs"]
|
|
verbs: ["get", "list"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: rotmower
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: rotmower
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: rotmower
|
|
namespace: rotmower
|