cic-internal-integration/kubernetes/cic-meta/cic-meta-server-deployment.yaml

123 lines
3.4 KiB
YAML

# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
apiVersion: apps/v1
kind: Deployment
metadata:
name: cic-meta-server
namespace: grassroots
labels:
app: cic-meta-server
annotations:
keel.sh/policy: "glob:master-*"
keel.sh/trigger: poll
keel.sh/pollSchedule: "@every 5m"
spec:
selector:
matchLabels:
app: cic-meta-server
replicas: 1
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: cic-meta-server
group: cic
spec:
containers:
- name: cic-meta-server
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:master-fe017d2b-1625932004 # {"$imagepolicy": "flux-system:cic-meta"}
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:latest
imagePullPolicy: Always
resources:
requests:
cpu: 50m
memory: 250Mi
limits:
cpu: 100m
memory: 500Mi
env:
- name: DATABASE_USER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_USER
- name: DATABASE_HOST
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_HOST
- name: DATABASE_PORT
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PORT
- name: DATABASE_ENGINE
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_ENGINE
- name: DATABASE_DRIVER
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_DRIVER
- name: DATABASE_PASSWORD
valueFrom:
configMapKeyRef:
name: postgresql-conn-common
key: DATABASE_PASSWORD
- name: SCHEMA_SQL_PATH
value: scripts/initdb/server.postgres.sql
- name: DATABASE_NAME
value: cic_meta
- name: SERVER_HOST
value: localhost
- name: SERVER_PORT
value: "8000"
- name: DATABASE_SCHEMA_SQL_PATH
value: ""
- name: PGP_EXPORTS_DIR
value: /tmp/src/keys
- name: PGP_PRIVATEKEY_FILE # Private key here is for enrypting data
value: privatekey.asc
- name: PGP_PASSPHRASE
value: queenmarlena # TODO move to secret
- name: PGP_PUBLICKEY_TRUSTED_FILE
value: publickeys.asc
- name: PGP_PUBLICKEY_ACTIVE_FILE # public key here is to know who to trust
value: publickeys.asc
- name: PGP_PUBLICKEY_ENCRYPT_FILE
value: publickeys.asc
ports:
- containerPort: 8000
name: cic-meta-server
volumeMounts:
- mountPath: /tmp/src/keys
readOnly: true
name: pgp
volumes:
- name: pgp
configMap:
name: pgp-meta-test
items:
restartPolicy: Always
---
# https://kubernetes.io/docs/concepts/services-networking/service/
apiVersion: v1
kind: Service
metadata:
name: cic-meta-server
namespace: grassroots
spec:
selector:
app: cic-meta-server
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8000