cic-internal-integration/kubernetes/cic-auth-proxy/cic-auth-proxy-ussd-deployment.yaml

# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cic-auth-proxy-ussd
  namespace: grassroots
  labels:
    app: cic-auth-proxy-ussd
    group: cic
  annotations:
      keel.sh/policy: "glob:master-*"
      keel.sh/trigger: poll
      keel.sh/pollSchedule: "@every 5m"
spec:
  selector:
    matchLabels:
      app: cic-auth-proxy-ussd
  replicas: 1
  template:
    metadata:
      labels:
        app: cic-auth-proxy-ussd
        group: cic
    spec:
      containers:
      - name: cic-auth-proxy-ussd
        #image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"} 
        image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest
        imagePullPolicy: Always   
        command: ["uwsgi", "--wsgi-file", "meta/scripts/proxy-ussd.py", "--http",
          ":8080"]
        resources:
          requests:

            cpu: 50m
            memory: 100Mi
          limits:
            cpu: 100m
            memory: 200Mi
        env:
        - name: PROXY_HOST
          value: cic-user-ussd-server
        - name: PROXY_PORT
          value: "80"
        - name: PROXY_PATH_PREFIX
          value: "/"
        - name: HTTP_AUTH_ORIGIN
          value: https://ussd-auth.dev.grassrootseconomics.net:443
        - name: HTTP_AUTH_REALM
          value: GE
        - name: ACL_CREDENTIALS_ENDPOINT
          value: http://key-server:8081/
        - name: ACL_PATH
          value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692
        - name: ACL_QUERYSTRING_USERNAME
          valueFrom:
            secretKeyRef:
              name: cic-ussd-querystring-creds
              key: username
        - name: ACL_QUERYSTRING_PASSWORD
          valueFrom:
            secretKeyRef:
              name: cic-ussd-querystring-creds
              key: password
        - name: ACL_WHITELIST
          value: "37.188.113.15, 164.177.157.18, 5.79.0.242, 164.177.141.82, 164.177.141.83"
        - name: GPG_PUBLICKEYS_ENDPOINT
          value: http://key-server:8080/.well-known/publickeys/
        - name: GPG_SIGNATURE_ENDPOINT
          value: http://key-server:8080/.well-known/signature/
        - name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key
          value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
        - name: GPG_HOMEDIR
          value: /usr/local/etc/cic-auth-proxy/.gnupg/
        - name: GPG_IMPORT_DIR
          value: /usr/local/etc/cic-auth-proxy/import/
        - name: GPG_PUBLICKEY_FILENAME
          value: publickeys.asc
        - name: GPG_SIGNATURE_FILENAME
          value: signature.asc
        - name: GPG_TRUSTED_PUBLICKEY_MATERIAL
          value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc
        ports:
        - containerPort: 8080
          name: http
        volumeMounts:
        - name: acl-config
          mountPath: /data/acls/
          readOnly: true
        - name: credentials-config
          mountPath: /data/noop/
          readOnly: true
        - name: trusted-publickey
          mountPath: /usr/local/etc/cic-auth-proxy/trusted/
        - name: gpg-homedir
          mountPath: /usr/local/etc/cic-auth-proxy/.gnupg
        - name: pgp-meta-test
          mountPath: /usr/local/etc/cic-auth-proxy/import
      volumes:
      - name: pgp-meta-test
        configMap:
          name: pgp-meta-test
      - name: acl-config
        configMap:
          name: cic-auth-proxy-acl-configmap
      - name: credentials-config
        configMap:
          name: cic-auth-proxy-credentials-configmap
      - name: trusted-publickey
        configMap:
          name: pgp-trusted-publickey
      - name: gpg-homedir
        emptyDir: {}
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
  name: cic-auth-proxy-ussd
  namespace: grassroots
spec:
  selector:
    app: cic-auth-proxy-ussd
  type: ClusterIP
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 8080
try and launch some k8s 2021-08-23 22:46:17 +02:00			`# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: cic-auth-proxy-ussd`
			`namespace: grassroots`
			`labels:`
			`app: cic-auth-proxy-ussd`
			`group: cic`
			`annotations:`
			`keel.sh/policy: "glob:master-*"`
			`keel.sh/trigger: poll`
			`keel.sh/pollSchedule: "@every 5m"`
			`spec:`
			`selector:`
			`matchLabels:`
			`app: cic-auth-proxy-ussd`
			`replicas: 1`
			`template:`
			`metadata:`
			`labels:`
			`app: cic-auth-proxy-ussd`
			`group: cic`
			`spec:`
			`containers:`
			`- name: cic-auth-proxy-ussd`
			`#image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:master-c05fafbf-1627493790 # {"$imagepolicy": "flux-system:cic-auth-proxy"}`
			`image: registry.gitlab.com/grassrootseconomics/cic-auth-proxy:latest`
			`imagePullPolicy: Always`
			`command: ["uwsgi", "--wsgi-file", "meta/scripts/proxy-ussd.py", "--http",`
			`":8080"]`
			`resources:`
			`requests:`

			`cpu: 50m`
			`memory: 100Mi`
			`limits:`
			`cpu: 100m`
			`memory: 200Mi`
			`env:`
			`- name: PROXY_HOST`
			`value: cic-user-ussd-server`
			`- name: PROXY_PORT`
			`value: "80"`
			`- name: PROXY_PATH_PREFIX`
			`value: "/"`
			`- name: HTTP_AUTH_ORIGIN`
			`value: https://ussd-auth.dev.grassrootseconomics.net:443`
			`- name: HTTP_AUTH_REALM`
			`value: GE`
			`- name: ACL_CREDENTIALS_ENDPOINT`
			`value: http://key-server:8081/`
			`- name: ACL_PATH`
			`value: /data/acls/F3FAF668E82EF5124D5187BAEF26F4682343F692`
			`- name: ACL_QUERYSTRING_USERNAME`
			`valueFrom:`
			`secretKeyRef:`
			`name: cic-ussd-querystring-creds`
			`key: username`
			`- name: ACL_QUERYSTRING_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: cic-ussd-querystring-creds`
			`key: password`
			`- name: ACL_WHITELIST`
			`value: "37.188.113.15, 164.177.157.18, 5.79.0.242, 164.177.141.82, 164.177.141.83"`
			`- name: GPG_PUBLICKEYS_ENDPOINT`
			`value: http://key-server:8080/.well-known/publickeys/`
			`- name: GPG_SIGNATURE_ENDPOINT`
			`value: http://key-server:8080/.well-known/signature/`
			`- name: GPG_TRUSTED_PUBLICKEY_FINGERPRINT # fingerprint of trusted key`
			`value: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5`
			`- name: GPG_HOMEDIR`
			`value: /usr/local/etc/cic-auth-proxy/.gnupg/`
			`- name: GPG_IMPORT_DIR`
			`value: /usr/local/etc/cic-auth-proxy/import/`
			`- name: GPG_PUBLICKEY_FILENAME`
			`value: publickeys.asc`
			`- name: GPG_SIGNATURE_FILENAME`
			`value: signature.asc`
			`- name: GPG_TRUSTED_PUBLICKEY_MATERIAL`
			`value: /usr/local/etc/cic-auth-proxy/trusted/trustedpublickey.asc`
			`ports:`
			`- containerPort: 8080`
			`name: http`
			`volumeMounts:`
			`- name: acl-config`
			`mountPath: /data/acls/`
			`readOnly: true`
			`- name: credentials-config`
			`mountPath: /data/noop/`
			`readOnly: true`
			`- name: trusted-publickey`
			`mountPath: /usr/local/etc/cic-auth-proxy/trusted/`
			`- name: gpg-homedir`
			`mountPath: /usr/local/etc/cic-auth-proxy/.gnupg`
			`- name: pgp-meta-test`
			`mountPath: /usr/local/etc/cic-auth-proxy/import`
			`volumes:`
			`- name: pgp-meta-test`
			`configMap:`
			`name: pgp-meta-test`
			`- name: acl-config`
			`configMap:`
			`name: cic-auth-proxy-acl-configmap`
			`- name: credentials-config`
			`configMap:`
			`name: cic-auth-proxy-credentials-configmap`
			`- name: trusted-publickey`
			`configMap:`
			`name: pgp-trusted-publickey`
			`- name: gpg-homedir`
			`emptyDir: {}`
			`---`
			`# https://kubernetes.io/docs/concepts/services-networking/service/`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: cic-auth-proxy-ussd`
			`namespace: grassroots`
			`spec:`
			`selector:`
			`app: cic-auth-proxy-ussd`
			`type: ClusterIP`
			`ports:`
			`- name: http`
			`protocol: TCP`
			`port: 80`
			`targetPort: 8080`