atst/deploy/azure/azure.yml

---
apiVersion: v1
kind: Namespace
metadata:
  name: atat
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: atst
  name: atst
  namespace: atat
spec:
  selector:
    matchLabels:
      role: web
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: atst
        role: web
    spec:
      securityContext:
        fsGroup: 101
      containers:
        - name: atst
          image: pwatat.azurecr.io/atat:latest
          envFrom:
          - configMapRef:
              name: atst-envvars
          volumeMounts:
            - name: atst-config
              mountPath: "/opt/atat/atst/atst-overrides.ini"
              subPath: atst-overrides.ini
            - name: nginx-client-ca-bundle
              mountPath: "/opt/atat/atst/ssl/server-certs/ca-chain.pem"
              subPath: client-ca-bundle.pem
            - name: uwsgi-socket-dir
              mountPath: "/var/run/uwsgi"
            - name: crls-vol
              mountPath: "/opt/atat/atst/crls"
            - name: pgsslrootcert
              mountPath: "/opt/atat/atst/ssl/pgsslrootcert.crt"
              subPath: pgsslrootcert.crt
        - name: nginx
          image: nginx:alpine
          ports:
            - containerPort: 8342
              name: main-upgrade
            - containerPort: 8442
              name: main
            - containerPort: 8343
              name: auth-upgrade
            - containerPort: 8443
              name: auth
          volumeMounts:
            - name: nginx-config
              mountPath: "/etc/nginx/conf.d/atst.conf"
              subPath: atst.conf
            - name: uwsgi-socket-dir
              mountPath: "/var/run/uwsgi"
            - name: nginx-htpasswd
              mountPath: "/etc/nginx/.htpasswd"
              subPath: .htpasswd
            - name: tls
              mountPath: "/etc/ssl/private"
            - name: nginx-client-ca-bundle
              mountPath: "/etc/ssl/"
      volumes:
        - name: atst-config
          secret:
            secretName: atst-config-ini
            items:
            - key: override.ini
              path: atst-overrides.ini
              mode: 0644
        - name: nginx-client-ca-bundle
          secret:
            secretName: nginx-client-ca-bundle
            items:
            - key: client-ca-bundle.pem
              path: client-ca-bundle.pem
              mode: 0666
        - name: nginx-config
          configMap:
            name: atst-nginx
            items:
            - key: nginx-config
              path: atst.conf
        - name: uwsgi-socket-dir
          emptyDir:
            medium: Memory
        - name: nginx-htpasswd
          secret:
            secretName: atst-nginx-htpasswd
            items:
            - key: htpasswd
              path: .htpasswd
              mode: 0640
        - name: tls
          secret:
            secretName: azure-atat-code-mil-tls
            items:
            - key: tls.crt
              path: atat.crt
              mode: 0644
            - key: tls.key
              path: atat.key
              mode: 0640
        - name: crls-vol
          persistentVolumeClaim:
            claimName: crls-vol-claim
        - name: pgsslrootcert
          configMap:
            name: pgsslrootcert
            items:
            - key: cert
              path: pgsslrootcert.crt
              mode: 0666
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: atst
  name: atst-worker
  namespace: atat
spec:
  selector:
    matchLabels:
      role: worker
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: atst
        role: worker
    spec:
      securityContext:
        fsGroup: 101
      containers:
        - name: atst-worker
          image: pwatat.azurecr.io/atat:latest
          args: [
            "/opt/atat/atst/.venv/bin/python",
            "/opt/atat/atst/.venv/bin/celery",
            "-A",
            "celery_worker.celery",
            "worker",
            "--loglevel=info"
          ]
          envFrom:
          - configMapRef:
              name: atst-envvars
          - configMapRef:
              name: atst-worker-envvars
          volumeMounts:
            - name: atst-config
              mountPath: "/opt/atat/atst/atst-overrides.ini"
              subPath: atst-overrides.ini
            - name: pgsslrootcert
              mountPath: "/opt/atat/atst/ssl/pgsslrootcert.crt"
              subPath: pgsslrootcert.crt
      volumes:
        - name: atst-config
          secret:
            secretName: atst-config-ini
            items:
            - key: override.ini
              path: atst-overrides.ini
              mode: 0644
        - name: pgsslrootcert
          configMap:
            name: pgsslrootcert
            items:
            - key: cert
              path: pgsslrootcert.crt
              mode: 0666
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: atst
  name: atst-beat
  namespace: atat
spec:
  selector:
    matchLabels:
      role: beat
  replicas: 1
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: atst
        role: beat
    spec:
      securityContext:
        fsGroup: 101
      containers:
        - name: atst-beat
          image: pwatat.azurecr.io/atat:latest
          args: [
            "/opt/atat/atst/.venv/bin/python",
            "/opt/atat/atst/.venv/bin/celery",
            "-A",
            "celery_worker.celery",
            "beat",
            "--loglevel=info"
          ]
          envFrom:
          - configMapRef:
              name: atst-envvars
          - configMapRef:
              name: atst-worker-envvars
          volumeMounts:
            - name: atst-config
              mountPath: "/opt/atat/atst/atst-overrides.ini"
              subPath: atst-overrides.ini
            - name: pgsslrootcert
              mountPath: "/opt/atat/atst/ssl/pgsslrootcert.crt"
              subPath: pgsslrootcert.crt
      volumes:
        - name: atst-config
          secret:
            secretName: atst-config-ini
            items:
            - key: override.ini
              path: atst-overrides.ini
              mode: 0644
        - name: pgsslrootcert
          configMap:
            name: pgsslrootcert
            items:
            - key: cert
              path: pgsslrootcert.crt
              mode: 0666
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: atst
  name: atst-main
  namespace: atat
spec:
  loadBalancerIP: 13.92.235.6
  ports:
  - port: 80
    targetPort: 8342
    name: http
  - port: 443
    targetPort: 8442
    name: https
  selector:
    role: web
  type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: atst
  name: atst-auth
  namespace: atat
spec:
  loadBalancerIP: 23.100.24.41
  ports:
  - port: 80
    targetPort: 8343
    name: http
  - port: 443
    targetPort: 8443
    name: https
  selector:
    role: web
  type: LoadBalancer