--- apiVersion: v1 kind: Namespace metadata: name: atat --- apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: app: atst name: atst namespace: atat spec: selector: matchLabels: role: web replicas: 1 strategy: type: RollingUpdate template: metadata: labels: app: atst role: web spec: securityContext: fsGroup: 101 containers: - name: atst image: 904153757533.dkr.ecr.us-east-2.amazonaws.com/atat:884d95ada21a5097f5c07f305d8e4e24d0f2a03f resources: requests: memory: "500Mi" envFrom: - configMapRef: name: atst-envvars volumeMounts: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" subPath: atst-overrides.ini - name: nginx-client-ca-bundle mountPath: "/opt/atat/atst/ssl/server-certs/ca-chain.pem" subPath: client-ca-bundle.pem - name: uwsgi-socket-dir mountPath: "/var/run/uwsgi" - name: crls-vol mountPath: "/opt/atat/atst/crls" - name: nginx image: nginx:alpine ports: - containerPort: 8342 name: main-upgrade - containerPort: 8442 name: main - containerPort: 8343 name: auth-upgrade - containerPort: 8443 name: auth volumeMounts: - name: nginx-config mountPath: "/etc/nginx/conf.d/atst.conf" subPath: atst.conf - name: uwsgi-socket-dir mountPath: "/var/run/uwsgi" - name: nginx-htpasswd mountPath: "/etc/nginx/.htpasswd" subPath: .htpasswd - name: tls mountPath: "/etc/ssl/private" - name: nginx-client-ca-bundle mountPath: "/etc/ssl/" volumes: - name: atst-config secret: secretName: atst-config-ini items: - key: override.ini path: atst-overrides.ini mode: 0644 - name: nginx-client-ca-bundle secret: secretName: nginx-client-ca-bundle items: - key: client-ca-bundle.pem path: client-ca-bundle.pem mode: 0666 - name: nginx-config configMap: name: atst-nginx items: - key: nginx-config path: atst.conf - name: uwsgi-socket-dir emptyDir: medium: Memory - name: nginx-htpasswd secret: secretName: atst-nginx-htpasswd items: - key: htpasswd path: .htpasswd mode: 0640 - name: tls secret: secretName: aws-atat-code-mil-tls items: - key: tls.crt path: atat.crt mode: 0644 - key: tls.key path: atat.key mode: 0640 - name: crls-vol persistentVolumeClaim: claimName: efs --- apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: app: atst name: atst-worker namespace: atat spec: selector: matchLabels: role: worker replicas: 1 strategy: type: RollingUpdate template: metadata: labels: app: atst role: worker spec: securityContext: fsGroup: 101 containers: - name: atst-worker image: 904153757533.dkr.ecr.us-east-2.amazonaws.com/atat:884d95ada21a5097f5c07f305d8e4e24d0f2a03f args: [ "/opt/atat/atst/.venv/bin/python", "/opt/atat/atst/.venv/bin/celery", "-A", "celery_worker.celery", "worker", ] resources: requests: memory: "500Mi" envFrom: - configMapRef: name: atst-envvars - configMapRef: name: atst-worker-envvars volumeMounts: - name: atst-config mountPath: "/opt/atat/atst/atst-overrides.ini" subPath: atst-overrides.ini volumes: - name: atst-config secret: secretName: atst-config-ini items: - key: override.ini path: atst-overrides.ini mode: 0644 --- apiVersion: v1 kind: Service metadata: labels: app: atst name: atst-main namespace: atat annotations: service.beta.kubernetes.io/aws-load-balancer-type: "nlb" spec: ports: - port: 80 targetPort: 8342 name: http - port: 443 targetPort: 8442 name: https selector: role: web type: LoadBalancer --- apiVersion: v1 kind: Service metadata: labels: app: atst name: atst-auth namespace: atat annotations: service.beta.kubernetes.io/aws-load-balancer-type: "nlb" spec: ports: - port: 80 targetPort: 8343 name: http - port: 443 targetPort: 8443 name: https selector: role: web type: LoadBalancer