legendary-doc-site/infrastructure/kube.yaml
2021-10-22 18:33:04 +00:00

176 lines
4.4 KiB
YAML

apiVersion: v1
kind: Namespace
metadata:
name: legendary-doc-site
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: legendary-doc-site
namespace: legendary-doc-site
spec:
replicas: 2
selector:
matchLabels:
app: legendary-doc-site
template:
metadata:
labels:
app: legendary-doc-site
spec:
containers:
- name: app
image: registry.gitlab.com/mythic-insight/legendary-doc-site:3.0.4
command: ["elixir"]
args:
- "--name"
- "$(NAME)@$(POD_IP)"
- "--cookie"
- "$(SECRET_KEY_BASE)"
- "-S"
- "mix"
- "phx.server"
ports:
- containerPort: 4000
- containerPort: 4369
env:
- name: HOSTNAME
value: legendaryframework.org
- name: POOL_SIZE
value: "25"
- name: EMAIL_FROM
value: no-reply@legendaryframework.org
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NAME
value: legendary-doc-site
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: database
key: url
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: legendary-doc-site
key: secret-key-base
- name: LIVE_VIEW_SIGNING_SALT
valueFrom:
secretKeyRef:
name: legendary-doc-site
key: live-view-signing-salt
- name: OBJECT_STORAGE_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: legendary-doc-site
key: object-storage-access-key-id
- name: OBJECT_STORAGE_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: legendary-doc-site
key: object-storage-secret-access-key
- name: SMTP_HOST
valueFrom:
secretKeyRef:
name: legendary-doc-site
key: smtp-host
- name: SMTP_USERNAME
valueFrom:
secretKeyRef:
name: legendary-doc-site
key: smtp-username
- name: SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: legendary-doc-site
key: smtp-password
---
apiVersion: v1
kind: Service
metadata:
name: legendary-doc-site
namespace: legendary-doc-site
spec:
selector:
app: legendary-doc-site
ports:
- protocol: TCP
port: 80
targetPort: 4000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: legendary-doc-site
namespace: legendary-doc-site
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt
spec:
rules:
- host: legendary-doc-site.mythicinsight.com
http:
paths:
- backend:
service:
name: legendary-doc-site
port:
number: 80
path: /
pathType: Prefix
- host: legendaryframework.com
http:
paths:
- backend:
service:
name: legendary-doc-site
port:
number: 80
path: /
pathType: Prefix
- host: legendaryframework.org
http:
paths:
- backend:
service:
name: legendary-doc-site
port:
number: 80
path: /
pathType: Prefix
tls:
- hosts:
- legendary-doc-site.mythicinsight.com
- legendaryframework.org
- legendaryframework.com
secretName: legendary-doc-site-cert
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: legendary-doc-site
name: pod-watcher
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: legendary-doc-site
name: pod-watcher-binding
subjects:
- kind: ServiceAccount
namespace: legendary-doc-site
name: default
roleRef:
kind: Role
name: pod-watcher
apiGroup: rbac.authorization.k8s.io