kube/hackerspace/doorboy.yaml

# Referenced/linked and documented by https://wiki.k-space.ee/en/hosting/doors
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: doorboy-proxy
spec:
  revisionHistoryLimit: 0
  replicas: 3
  selector:
    matchLabels: &selectorLabels
      app.kubernetes.io/name: doorboy-proxy
  template:
    metadata:
      labels: *selectorLabels
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchExpressions:
                  - key: app.kubernetes.io/name
                    operator: In
                    values:
                      - doorboy-proxy
                topologyKey: topology.kubernetes.io/zone
              weight: 100
      serviceAccountName: inventory-svcacc
      containers:
        - name: doorboy-proxy
          image: harbor.k-space.ee/k-space/doorboy-proxy:latest
          envFrom:
            - secretRef:
                name: inventory-mongodb
            - secretRef:
                name: doorboy-godoor
            - secretRef:
                name: doorboy-slack
          env:
            - name: OIDC_USERS_NAMESPACE
              value: passmower
            - name: SLACK_CHANNEL_ID
              value: CDL9H8Q9W
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          ports:
            - containerPort: 5000
              name: "http"
          resources:
            requests:
              memory: "200Mi"
              cpu: "100m"
            limits:
              memory: "500Mi"
              cpu: "1"
---
apiVersion: v1
kind: Service
metadata:
  name: doorboy-proxy
spec:
  selector:
    app.kubernetes.io/name: doorboy-proxy
  ports:
  - protocol: TCP
    name: http
    port: 5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: doorboy-proxy
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
  rules:
  - host: doorboy-proxy.k-space.ee
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: doorboy-proxy
            port:
              name: http
  tls:
  - hosts:
    - "*.k-space.ee"
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
  name: doorboy-proxy
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: doorboy-proxy
  podMetricsEndpoints:
    - port: http