--- apiVersion: v1 kind: Namespace metadata: name: atat --- apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: app: atst name: atst namespace: atat spec: selector: matchLabels: role: web replicas: 4 strategy: type: RollingUpdate template: metadata: labels: app: atst role: web aadpodidbinding: atat-kv-id-binding spec: securityContext: fsGroup: 101 containers: - name: atst image: $CONTAINER_IMAGE envFrom: - configMapRef: name: atst-envvars volumeMounts: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" subPath: atst-overrides.ini - name: nginx-client-ca-bundle mountPath: "/opt/atat/atst/ssl/server-certs/ca-chain.pem" subPath: client-ca-bundle.pem - name: uwsgi-socket-dir mountPath: "/var/run/uwsgi" - name: crls-vol mountPath: "/opt/atat/atst/crls" - name: pgsslrootcert mountPath: "/opt/atat/atst/ssl/pgsslrootcert.crt" subPath: pgsslrootcert.crt - name: uwsgi-config mountPath: "/opt/atat/atst/uwsgi.ini" subPath: uwsgi.ini - name: nginx image: nginx:alpine ports: - containerPort: 8342 name: main-upgrade - containerPort: 8442 name: main - containerPort: 8343 name: auth-upgrade - containerPort: 8443 name: auth volumeMounts: - name: nginx-config mountPath: "/etc/nginx/conf.d/" - name: uwsgi-socket-dir mountPath: "/var/run/uwsgi" - name: nginx-htpasswd mountPath: "/etc/nginx/.htpasswd" subPath: .htpasswd - name: tls mountPath: "/etc/ssl/private" - name: nginx-client-ca-bundle mountPath: "/etc/ssl/" - name: acme mountPath: "/usr/share/nginx/html/.well-known/acme-challenge/" - name: snippets mountPath: "/etc/nginx/snippets/" - name: nginx-dhparam-secret mountPath: "/etc/ssl/" readOnly: true volumes: - name: atst-config secret: secretName: atst-config-ini items: - key: override.ini path: atst-overrides.ini mode: 0644 - name: nginx-client-ca-bundle configMap: name: nginx-client-ca-bundle defaultMode: 0666 - name: nginx-config configMap: name: atst-nginx - name: uwsgi-socket-dir emptyDir: medium: Memory - name: nginx-htpasswd secret: secretName: atst-nginx-htpasswd items: - key: htpasswd path: .htpasswd mode: 0640 - name: tls secret: secretName: azure-atat-code-mil-tls items: - key: tls.crt path: atat.crt mode: 0644 - key: tls.key path: atat.key mode: 0640 - name: crls-vol persistentVolumeClaim: claimName: crls-vol-claim - name: pgsslrootcert configMap: name: pgsslrootcert items: - key: cert path: pgsslrootcert.crt mode: 0666 - name: acme configMap: name: acme-challenges defaultMode: 0666 - name: uwsgi-config configMap: name: uwsgi-config defaultMode: 0666 items: - key: uwsgi.ini path: uwsgi.ini mode: 0644 - name: snippets configMap: name: nginx-snippets - name: nginx-dhparam-secret flexVolume: driver: "azure/kv" options: usepodidentity: "true" keyvaultname: "atat-vault-test" keyvaultobjectnames: "dhparam4096" keyvaultobjectaliases: "dhparam.pem" keyvaultobjecttypes: secret tenantid: "b5ab0e1e-09f8-4258-afb7-fb17654bc5b3" --- apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: app: atst name: atst-worker namespace: atat spec: selector: matchLabels: role: worker replicas: 2 strategy: type: RollingUpdate template: metadata: labels: app: atst role: worker spec: securityContext: fsGroup: 101 containers: - name: atst-worker image: $CONTAINER_IMAGE args: [ "/opt/atat/atst/.venv/bin/python", "/opt/atat/atst/.venv/bin/celery", "-A", "celery_worker.celery", "worker", "--loglevel=info", ] envFrom: - configMapRef: name: atst-envvars - configMapRef: name: atst-worker-envvars volumeMounts: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" subPath: atst-overrides.ini - name: pgsslrootcert mountPath: "/opt/atat/atst/ssl/pgsslrootcert.crt" subPath: pgsslrootcert.crt volumes: - name: atst-config secret: secretName: atst-config-ini items: - key: override.ini path: atst-overrides.ini mode: 0644 - name: pgsslrootcert configMap: name: pgsslrootcert items: - key: cert path: pgsslrootcert.crt mode: 0666 --- apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: app: atst name: atst-beat namespace: atat spec: selector: matchLabels: role: beat replicas: 1 strategy: type: RollingUpdate template: metadata: labels: app: atst role: beat spec: securityContext: fsGroup: 101 containers: - name: atst-beat image: $CONTAINER_IMAGE args: [ "/opt/atat/atst/.venv/bin/python", "/opt/atat/atst/.venv/bin/celery", "-A", "celery_worker.celery", "beat", "--loglevel=info", ] envFrom: - configMapRef: name: atst-envvars - configMapRef: name: atst-worker-envvars volumeMounts: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" subPath: atst-overrides.ini - name: pgsslrootcert mountPath: "/opt/atat/atst/ssl/pgsslrootcert.crt" subPath: pgsslrootcert.crt volumes: - name: atst-config secret: secretName: atst-config-ini items: - key: override.ini path: atst-overrides.ini mode: 0644 - name: pgsslrootcert configMap: name: pgsslrootcert items: - key: cert path: pgsslrootcert.crt mode: 0666 --- apiVersion: v1 kind: Service metadata: labels: app: atst name: atst-main namespace: atat spec: loadBalancerIP: 13.92.235.6 ports: - port: 80 targetPort: 8342 name: http - port: 443 targetPort: 8442 name: https selector: role: web type: LoadBalancer --- apiVersion: v1 kind: Service metadata: labels: app: atst name: atst-auth namespace: atat spec: loadBalancerIP: 23.100.24.41 ports: - port: 80 targetPort: 8343 name: http - port: 443 targetPort: 8443 name: https selector: role: web type: LoadBalancer