152 lines
3.3 KiB
YAML
152 lines
3.3 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: atat
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: atst
|
|
name: atst
|
|
namespace: atat
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: atst
|
|
spec:
|
|
containers:
|
|
- name: atst
|
|
image: registry.atat.codes:443/atst-prod:c06b0f6
|
|
volumeMounts:
|
|
- name: atst-config
|
|
mountPath: "/opt/atat"
|
|
- name: uswgi-socket-dir
|
|
mountPath: "/var/run/uwsgi"
|
|
- name: atst-nginx
|
|
image: nginx:alpine
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
- containerPort: 8443
|
|
name: http
|
|
volumeMounts:
|
|
- name: nginx-auth-tls
|
|
mountPath: "/etc/ssl/private"
|
|
- name: nginx-config
|
|
mountPath: "/etc/nginx/conf.d"
|
|
- name: nginx-dhparam
|
|
mountPath: "/etc/ssl"
|
|
- name: nginx-htpasswd
|
|
mountPath: "/etc/nginx"
|
|
- name: uswgi-socket-dir
|
|
mountPath: "/var/run/uwsgi"
|
|
imagePullSecrets:
|
|
- name: regcred
|
|
volumes:
|
|
- name: atst-config
|
|
configMap:
|
|
name: atst
|
|
items:
|
|
- key: atst-config
|
|
path: atst-overrides.ini
|
|
mode: 0644
|
|
- name: nginx-auth-tls
|
|
secret:
|
|
secretName: auth-atst-ingress-tls
|
|
items:
|
|
- key: tls.crt
|
|
path: auth.atat.crt
|
|
mode: 0644
|
|
- key: tls.key
|
|
path: auth.atat.crt
|
|
mode: 0640
|
|
- name: nginx-config
|
|
configMap:
|
|
name: atst-nginx
|
|
items:
|
|
- key: nginx-config
|
|
path: atst.conf
|
|
- name: nginx-dhparam
|
|
secret:
|
|
secretName: dhparam-4096
|
|
items:
|
|
- key: dhparam.pem
|
|
path: dhparam.pem
|
|
mode: 0640
|
|
- name: nginx-htpasswd
|
|
configMap:
|
|
name: atst-nginx
|
|
items:
|
|
- key: httpasswd
|
|
path: .htpasswd
|
|
mode: 0640
|
|
- name: uswgi-socket-dir
|
|
emptyDir:
|
|
medium: Memory
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: atst
|
|
name: atst
|
|
namespace: atat
|
|
spec:
|
|
ports:
|
|
- name: "http"
|
|
port: 80
|
|
targetPort: 8080
|
|
- name: "https"
|
|
port: 443
|
|
targetPort: 8443
|
|
selector:
|
|
app: atst
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: atst
|
|
namespace: atat
|
|
annotations:
|
|
kubernetes.io/tls-acme: "true"
|
|
kubernetes.io/ingress.class: "nginx"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 10m
|
|
spec:
|
|
tls:
|
|
- hosts:
|
|
- www.atat.codes
|
|
secretName: atst-ingress-tls
|
|
rules:
|
|
- host: www.atat.codes
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: atst
|
|
servicePort: 80
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
apiVersion: extensions/v1beta1
|
|
kind: Ingress
|
|
metadata:
|
|
name: atst-auth
|
|
namespace: atat
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 10m
|
|
ingress.kubernetes.io/ssl-passthrough: "true"
|
|
spec:
|
|
rules:
|
|
- host: auth.atat.codes
|
|
http:
|
|
paths:
|
|
- path: /
|
|
backend:
|
|
serviceName: atst
|
|
servicePort: 443
|