smatsiievskyi/kube
1
0
Fork 0
forked from k-space/kube
Code Issues Pull Requests Packages Projects Activity
Files
0447abecdc3385b519e3c0480afe8339d92495a0
kube/hackerspace/inventory.yaml

177 lines
4.1 KiB
YAML
Raw Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: inventory-app
labels:
app: signs-webpage
spec:
replicas: 1
revisionHistoryLimit: 0
selector:
matchLabels:
app: inventory-app
template:
metadata:
labels:
app: inventory-app
spec:
containers:
- image: harbor.k-space.ee/k-space/inventory-app:latest
imagePullPolicy: Always
env:
- name: ENVIRONMENT_TYPE
value: PROD
- name: PYTHONUNBUFFERED
value: "1"
- name: INVENTORY_ASSETS_BASE_URL
value: https://external.minio-clusters.k-space.ee/hackerspace-701d9303-0f27-4829-a2be-b1084021ad91/
- name: OIDC_USERS_NAMESPACE
value: passmower
- name: SECRET_KEY
valueFrom:
secretKeyRef:
key: SECRET_KEY
name: inventory-secrets
- name: INVENTORY_API_KEY
valueFrom:
secretKeyRef:
key: INVENTORY_API_KEY
name: inventory-api-key
- name: SLACK_DOORLOG_CALLBACK
valueFrom:
secretKeyRef:
key: SLACK_DOORLOG_CALLBACK
name: slack-secrets
- name: SLACK_VERIFICATION_TOKEN
valueFrom:
secretKeyRef:
key: SLACK_VERIFICATION_TOKEN
name: slack-secrets
envFrom:
- secretRef:
name: miniobucket-inventory-external-owner-secrets
- secretRef:
name: oidc-client-inventory-app-owner-secrets
- secretRef:
name: inventory-mongodb
name: inventory-app
ports:
- containerPort: 5000
name: http
protocol: TCP
resources:
limits:
cpu: "1"
memory: 500Mi
requests:
cpu: 100m
memory: 200Mi
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /tmp
name: tmp
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: inventory-svcacc
terminationGracePeriodSeconds: 30
volumes:
- name: tmp
---
apiVersion: v1
kind: Service
metadata:
name: inventory-app
spec:
type: ClusterIP
selector:
app: inventory-app
ports:
- protocol: TCP
port: 5000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: inventory-app
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
external-dns.alpha.kubernetes.io/hostname: inventory.k-space.ee,members.k-space.ee
spec:
rules:
- host: inventory.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: inventory-app
port:
number: 5000
tls:
- hosts:
- "*.k-space.ee"
---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
name: inventory-app
spec:
uri: 'https://inventory.k-space.ee'
redirectUris:
- 'https://inventory.k-space.ee/login-callback'
grantTypes:
- 'authorization_code'
responseTypes:
- 'code'
availableScopes:
- 'openid'
- 'profile'
- 'groups'
tokenEndpointAuthMethod: 'client_secret_basic'
pkce: false
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: inventory-role
namespace: hackerspace
rules:
- verbs:
- get
- list
- watch
apiGroups:
- codemowers.cloud
resources:
- oidcusers
- oidcusers/status
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: inventory-roles
namespace: hackerspace
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: inventory-role
subjects:
- kind: ServiceAccount
name: inventory-svcacc
namespace: hackerspace
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: inventory-svcacc
Reference in New Issue View Git Blame Copy Permalink