kube/_disabled/logging/zinc.yml

apiVersion: v1
kind: Service
metadata:
  name: zinc
spec:
  clusterIP: None
  selector:
    app: zinc
  ports:
  - name: http
    port: 4080
    targetPort: 4080
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: zinc
spec:
  serviceName: zinc
  replicas: 1
  selector:
    matchLabels:
      app: zinc
  template:
    metadata:
      labels:
        app: zinc
    spec:
      securityContext:
        fsGroup: 2000
        runAsUser: 10000
        runAsGroup: 3000
        runAsNonRoot: true
      containers:
        - name: zinc
          image: public.ecr.aws/zinclabs/zinc:latest
          env:
            - name: GIN_MODE
              value: release
            - name: ZINC_FIRST_ADMIN_USER
              value: admin
            - name: ZINC_FIRST_ADMIN_PASSWORD
              value: salakala
            - name: ZINC_DATA_PATH
              value: /data
          imagePullPolicy: Always
          resources:
            limits:
              cpu: "4"
              memory: 4Gi
            requests:
              cpu: 32m
              memory: 50Mi
          ports:
            - containerPort: 4080
              name: http
          volumeMounts:
          - name: data
            mountPath: /data
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes:
        - ReadWriteOnce
      storageClassName: longhorn
      resources:
        requests:
          storage: 20Gi
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: zinc
  annotations:
    cert-manager.io/cluster-issuer: default
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
    traefik.ingress.kubernetes.io/router.middlewares: traefik-sso@kubernetescrd
spec:
  rules:
  - host: zinc.k-space.ee
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: zinc
            port:
              number: 4080
  tls:
  - hosts:
    - zinc.k-space.ee
    secretName: zinc-tls
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: zinc
spec:
  podSelector:
    matchLabels:
      app: zinc
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: filebeat
    ports:
    - protocol: TCP
      port: 4080
  - from:
    - namespaceSelector:
        matchLabels:
          kubernetes.io/metadata.name: traefik
      podSelector:
        matchLabels:
          app.kubernetes.io/name: traefik