--- apiVersion: apps/v1 kind: Deployment metadata: labels: app: atst name: atst namespace: atat spec: selector: matchLabels: role: web replicas: 1 strategy: type: RollingUpdate template: metadata: labels: app: atst role: web spec: securityContext: fsGroup: 101 containers: - name: atst image: atat:latest imagePullPolicy: Never envFrom: - configMapRef: name: atst-envvars volumeMounts: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" subPath: atst-overrides.ini - name: nginx-client-ca-bundle mountPath: "/opt/atat/atst/ssl/server-certs/ca-chain.pem" subPath: client-ca-bundle.pem - name: uwsgi-socket-dir mountPath: "/var/run/uwsgi" - name: nginx image: nginx:alpine imagePullPolicy: Never ports: - containerPort: 8342 name: main-upgrade - containerPort: 8442 name: main - containerPort: 8343 name: auth-upgrade - containerPort: 8443 name: auth volumeMounts: - name: nginx-config mountPath: "/etc/nginx/conf.d/atst.conf" subPath: atst.conf - name: uwsgi-socket-dir mountPath: "/var/run/uwsgi" - name: nginx-htpasswd mountPath: "/etc/nginx/.htpasswd" subPath: .htpasswd - name: nginx-client-ca-bundle mountPath: "/etc/ssl/" volumes: - name: atst-config secret: secretName: atst-config-ini items: - key: override.ini path: atst-overrides.ini mode: 0644 - name: nginx-client-ca-bundle configMap: name: nginx-client-ca-bundle defaultMode: 0666 - name: nginx-config configMap: name: atst-nginx items: - key: nginx-config path: atst.conf - name: uwsgi-socket-dir emptyDir: medium: Memory - name: nginx-htpasswd secret: secretName: atst-nginx-htpasswd items: - key: htpasswd path: .htpasswd mode: 0640 --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: atst name: atst-worker namespace: atat spec: selector: matchLabels: role: worker replicas: 1 strategy: type: RollingUpdate template: metadata: labels: app: atst role: worker spec: securityContext: fsGroup: 101 containers: - name: atst-worker image: atat:latest imagePullPolicy: Never args: [ "/opt/atat/atst/.venv/bin/python", "/opt/atat/atst/.venv/bin/celery", "-A", "celery_worker.celery", "worker", "--loglevel=info" ] envFrom: - configMapRef: name: atst-envvars - configMapRef: name: atst-worker-envvars volumeMounts: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" subPath: atst-overrides.ini volumes: - name: atst-config secret: secretName: atst-config-ini items: - key: override.ini path: atst-overrides.ini mode: 0644 --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: atst name: atst-beat namespace: atat spec: selector: matchLabels: role: beat replicas: 1 strategy: type: RollingUpdate template: metadata: labels: app: atst role: beat spec: securityContext: fsGroup: 101 containers: - name: atst-beat image: atat:latest imagePullPolicy: Never args: [ "/opt/atat/atst/.venv/bin/python", "/opt/atat/atst/.venv/bin/celery", "-A", "celery_worker.celery", "beat", "--loglevel=info" ] envFrom: - configMapRef: name: atst-envvars - configMapRef: name: atst-worker-envvars volumeMounts: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" subPath: atst-overrides.ini volumes: - name: atst-config secret: secretName: atst-config-ini items: - key: override.ini path: atst-overrides.ini mode: 0644 --- apiVersion: v1 kind: Service metadata: labels: app: atst name: atst-main namespace: atat spec: ports: - port: 80 targetPort: 8342 name: http-main - port: 443 targetPort: 8442 name: https-main selector: role: web type: LoadBalancer --- apiVersion: v1 kind: Service metadata: labels: app: atst name: atst-auth namespace: atat spec: ports: - port: 80 targetPort: 8343 name: http-auth - port: 443 targetPort: 8443 name: https-auth selector: role: web type: LoadBalancer