pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #591 from dod-ccpo/k8s-auth-traffic-config

Browse Source 
update k8s config so auth traffic is only directed to web pods
This commit is contained in:
dandds 2019-02-01 12:48:52 -05:00 committed by GitHub
commit 121d3c6d09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 36 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
deploy/kubernetes/atst.yml
View File

@ -12,6 +12,9 @@ metadata:
name: atst name: atst
namespace: atat namespace: atat
spec: spec:
selector:
matchLabels:
role: web
replicas: 2 replicas: 2
strategy: strategy:
type: RollingUpdate type: RollingUpdate
@ -19,12 +22,13 @@ spec:
metadata: metadata:
labels: labels:
app: atst app: atst
role: web
spec: spec:
securityContext: securityContext:
fsGroup: 101 fsGroup: 101
containers: containers:
- name: atst - name: atst
image: registry.atat.codes:443/atst-prod:5550eed2 image: registry.atat.codes:443/atst-prod:50f0843c
resources: resources:
requests: requests:
memory: "2500Mi" memory: "2500Mi"
@ -133,6 +137,9 @@ metadata:
name: atst-worker name: atst-worker
namespace: atat namespace: atat
spec: spec:
selector:
matchLabels:
role: worker
replicas: 1 replicas: 1
strategy: strategy:
type: RollingUpdate type: RollingUpdate
@ -140,12 +147,13 @@ spec:
metadata: metadata:
labels: labels:
app: atst app: atst
role: worker
spec: spec:
securityContext: securityContext:
fsGroup: 101 fsGroup: 101
containers: containers:
- name: atst-worker - name: atst-worker
image: registry.atat.codes:443/atst-prod:5550eed2 image: registry.atat.codes:443/atst-prod:50f0843c
args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"]
resources: resources:
requests: requests:
@ -183,7 +191,7 @@ spec:
port: 80 port: 80
targetPort: 8442 targetPort: 8442
selector: selector:
app: atst role: web
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -200,7 +208,7 @@ spec:
nodePort: 32751 nodePort: 32751
port: 8443 port: 8443
selector: selector:
app: atst role: web
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress

16
deploy/kubernetes/test/test.yml
View File

@ -12,6 +12,9 @@ metadata:
name: atst name: atst
namespace: atat-test namespace: atat-test
spec: spec:
selector:
matchLabels:
role: web
replicas: 1 replicas: 1
strategy: strategy:
type: RollingUpdate type: RollingUpdate
@ -19,12 +22,13 @@ spec:
metadata: metadata:
labels: labels:
app: atst app: atst
role: web
spec: spec:
securityContext: securityContext:
fsGroup: 101 fsGroup: 101
containers: containers:
- name: atst - name: atst
image: registry.atat.codes:443/atst-prod:24b2543c image: registry.atat.codes:443/atst-prod:50f0843c
resources: resources:
requests: requests:
memory: "2500Mi" memory: "2500Mi"
@ -130,6 +134,9 @@ metadata:
name: atst-worker name: atst-worker
namespace: atat-test namespace: atat-test
spec: spec:
selector:
matchLabels:
role: worker
replicas: 1 replicas: 1
strategy: strategy:
type: RollingUpdate type: RollingUpdate
@ -137,12 +144,13 @@ spec:
metadata: metadata:
labels: labels:
app: atst app: atst
role: worker
spec: spec:
securityContext: securityContext:
fsGroup: 101 fsGroup: 101
containers: containers:
- name: atst-worker - name: atst-worker
image: registry.atat.codes:443/atst-prod:24b2543c image: registry.atat.codes:443/atst-prod:50f0843c
args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"]
resources: resources:
requests: requests:
@ -180,7 +188,7 @@ spec:
port: 80 port: 80
targetPort: 8442 targetPort: 8442
selector: selector:
app: atst role: web
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -197,7 +205,7 @@ spec:
nodePort: 32711 nodePort: 32711
port: 8443 port: 8443
selector: selector:
app: atst role: web
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress

16
deploy/kubernetes/uat/uat.yml
View File

@ -12,6 +12,9 @@ metadata:
name: atst name: atst
namespace: atat-uat namespace: atat-uat
spec: spec:
selector:
matchLabels:
role: web
replicas: 1 replicas: 1
strategy: strategy:
type: RollingUpdate type: RollingUpdate
@ -19,12 +22,13 @@ spec:
metadata: metadata:
labels: labels:
app: atst app: atst
role: web
spec: spec:
securityContext: securityContext:
fsGroup: 101 fsGroup: 101
containers: containers:
- name: atst - name: atst
image: registry.atat.codes:443/atst-prod:a9fc2bd2 image: registry.atat.codes:443/atst-prod:50f0843c
resources: resources:
requests: requests:
memory: "2500Mi" memory: "2500Mi"
@ -133,6 +137,9 @@ metadata:
name: atst-worker name: atst-worker
namespace: atat-uat namespace: atat-uat
spec: spec:
selector:
matchLabels:
role: worker
replicas: 1 replicas: 1
strategy: strategy:
type: RollingUpdate type: RollingUpdate
@ -140,12 +147,13 @@ spec:
metadata: metadata:
labels: labels:
app: atst app: atst
role: worker
spec: spec:
securityContext: securityContext:
fsGroup: 101 fsGroup: 101
containers: containers:
- name: atst-worker - name: atst-worker
image: registry.atat.codes:443/atst-prod:a9fc2bd2 image: registry.atat.codes:443/atst-prod:50f0843c
args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"] args: ["/bin/bash", "-c", "/opt/atat/atst/script/rq_worker"]
resources: resources:
requests: requests:
@ -183,7 +191,7 @@ spec:
port: 80 port: 80
targetPort: 8442 targetPort: 8442
selector: selector:
app: atst role: web
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -200,7 +208,7 @@ spec:
nodePort: 32701 nodePort: 32701
port: 8443 port: 8443
selector: selector:
app: atst role: web
--- ---
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress