123 lines
3.4 KiB
YAML
123 lines
3.4 KiB
YAML
# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cic-meta-server
|
|
namespace: grassroots
|
|
labels:
|
|
app: cic-meta-server
|
|
annotations:
|
|
keel.sh/policy: "glob:master-*"
|
|
keel.sh/trigger: poll
|
|
keel.sh/pollSchedule: "@every 5m"
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: cic-meta-server
|
|
replicas: 1
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 25%
|
|
maxUnavailable: 25%
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: cic-meta-server
|
|
group: cic
|
|
spec:
|
|
containers:
|
|
- name: cic-meta-server
|
|
#image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:master-fe017d2b-1625932004 # {"$imagepolicy": "flux-system:cic-meta"}
|
|
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-meta:latest
|
|
imagePullPolicy: Always
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 250Mi
|
|
limits:
|
|
cpu: 100m
|
|
memory: 500Mi
|
|
env:
|
|
- name: DATABASE_USER
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: postgresql-conn-common
|
|
key: DATABASE_USER
|
|
- name: DATABASE_HOST
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: postgresql-conn-common
|
|
key: DATABASE_HOST
|
|
- name: DATABASE_PORT
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: postgresql-conn-common
|
|
key: DATABASE_PORT
|
|
- name: DATABASE_ENGINE
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: postgresql-conn-common
|
|
key: DATABASE_ENGINE
|
|
- name: DATABASE_DRIVER
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: postgresql-conn-common
|
|
key: DATABASE_DRIVER
|
|
- name: DATABASE_PASSWORD
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: postgresql-conn-common
|
|
key: DATABASE_PASSWORD
|
|
- name: SCHEMA_SQL_PATH
|
|
value: scripts/initdb/server.postgres.sql
|
|
- name: DATABASE_NAME
|
|
value: cic_meta
|
|
- name: SERVER_HOST
|
|
value: localhost
|
|
- name: SERVER_PORT
|
|
value: "8000"
|
|
- name: DATABASE_SCHEMA_SQL_PATH
|
|
value: ""
|
|
- name: PGP_EXPORTS_DIR
|
|
value: /tmp/src/keys
|
|
- name: PGP_PRIVATEKEY_FILE # Private key here is for enrypting data
|
|
value: privatekey.asc
|
|
- name: PGP_PASSPHRASE
|
|
value: queenmarlena # TODO move to secret
|
|
- name: PGP_PUBLICKEY_TRUSTED_FILE
|
|
value: publickeys.asc
|
|
- name: PGP_PUBLICKEY_ACTIVE_FILE # public key here is to know who to trust
|
|
value: publickeys.asc
|
|
- name: PGP_PUBLICKEY_ENCRYPT_FILE
|
|
value: publickeys.asc
|
|
ports:
|
|
- containerPort: 8000
|
|
name: cic-meta-server
|
|
volumeMounts:
|
|
- mountPath: /tmp/src/keys
|
|
readOnly: true
|
|
name: pgp
|
|
volumes:
|
|
- name: pgp
|
|
configMap:
|
|
name: pgp-meta-test
|
|
items:
|
|
restartPolicy: Always
|
|
---
|
|
# https://kubernetes.io/docs/concepts/services-networking/service/
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: cic-meta-server
|
|
namespace: grassroots
|
|
spec:
|
|
selector:
|
|
app: cic-meta-server
|
|
type: ClusterIP
|
|
ports:
|
|
- name: http
|
|
protocol: TCP
|
|
port: 80
|
|
targetPort: 8000
|