forked from k-space/kube
167 lines
4.3 KiB
YAML
167 lines
4.3 KiB
YAML
# Referenced/linked and documented by https://wiki.k-space.ee/en/hosting/doors
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: doorboy-proxy
|
|
spec:
|
|
revisionHistoryLimit: 0
|
|
replicas: 3
|
|
selector:
|
|
matchLabels: &selectorLabels
|
|
app.kubernetes.io/name: doorboy-proxy
|
|
template:
|
|
metadata:
|
|
labels: *selectorLabels
|
|
spec:
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app.kubernetes.io/name
|
|
operator: In
|
|
values:
|
|
- doorboy-proxy
|
|
topologyKey: topology.kubernetes.io/zone
|
|
weight: 100
|
|
containers:
|
|
- name: doorboy-proxy
|
|
image: harbor.k-space.ee/k-space/doorboy-proxy:latest
|
|
envFrom:
|
|
- secretRef:
|
|
name: inventory-mongodb
|
|
- secretRef:
|
|
name: doorboy-api
|
|
env:
|
|
- name: FLOOR_ACCESS_GROUP
|
|
value: 'k-space:floor'
|
|
- name: WORKSHOP_ACCESS_GROUP
|
|
value: 'k-space:workshop'
|
|
- name: CARD_URI
|
|
value: 'https://inventory.k-space.ee/cards'
|
|
- name: SWIPE_URI
|
|
value: 'https://inventory.k-space.ee/m/doorboy/swipe'
|
|
- name: INVENTORY_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: inventory-api-key
|
|
key: INVENTORY_API_KEY
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
ports:
|
|
- containerPort: 5000
|
|
name: "http"
|
|
resources:
|
|
requests:
|
|
memory: "200Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "500Mi"
|
|
cpu: "1"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: doorboy-proxy
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/name: doorboy-proxy
|
|
ports:
|
|
- protocol: TCP
|
|
name: http
|
|
port: 5000
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: doorboy-proxy
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
|
spec:
|
|
rules:
|
|
- host: doorboy-proxy.k-space.ee
|
|
http:
|
|
paths:
|
|
- pathType: Prefix
|
|
path: "/"
|
|
backend:
|
|
service:
|
|
name: doorboy-proxy
|
|
port:
|
|
name: http
|
|
tls:
|
|
- hosts:
|
|
- "*.k-space.ee"
|
|
---
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: PodMonitor
|
|
metadata:
|
|
name: doorboy-proxy
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: doorboy-proxy
|
|
podMetricsEndpoints:
|
|
- port: http
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: kdoorpi
|
|
spec:
|
|
selector:
|
|
matchLabels: &selectorLabels
|
|
app.kubernetes.io/name: kdoorpi
|
|
template:
|
|
metadata:
|
|
labels: *selectorLabels
|
|
spec:
|
|
containers:
|
|
- name: kdoorpi
|
|
image: harbor.k-space.ee/k-space/kdoorpi:latest
|
|
env:
|
|
- name: KDOORPI_API_ALLOWED
|
|
value: https://doorboy-proxy.k-space.ee/allowed
|
|
- name: KDOORPI_API_LONGPOLL
|
|
value: https://doorboy-proxy.k-space.ee/longpoll
|
|
- name: KDOORPI_API_SWIPE
|
|
value: http://172.21.99.98/swipe
|
|
- name: KDOORPI_DOOR
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: KDOORPI_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: doorboy-api
|
|
key: DOORBOY_SECRET
|
|
- name: KDOORPI_UID_SALT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: doorboy-uid-hash-salt
|
|
key: KDOORPI_UID_SALT
|
|
resources:
|
|
limits:
|
|
memory: 200Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
nodeSelector:
|
|
dedicated: door
|
|
tolerations:
|
|
- key: dedicated
|
|
operator: Equal
|
|
value: door
|
|
effect: NoSchedule
|
|
- key: arch
|
|
operator: Equal
|
|
value: arm64
|
|
effect: NoSchedule
|