imfreedom/k8s-cluster

Move 50-hub.imfreedom.org to kustomize

2021-06-17, Gary Kramlich
20da8b38faa3
Move 50-hub.imfreedom.org to kustomize
# This is an installation of https://www.reviewboard.org/.
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: reviews-http
namespace: roost
spec:
entryPoints:
- http
routes:
- match: Host(`reviews.imfreedom.org`)
kind: Rule
services:
- name: reviews-reviewboard
port: 8000
middlewares:
- name: https-redirect
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: reviews
namespace: roost
spec:
entryPoints:
- https
routes:
- match: Host(`reviews.imfreedom.org`)
kind: Rule
services:
- name: reviews-reviewboard
port: 8000
middlewares:
- name: common-headers
- name: hsts-headers
tls:
secretName: reviews-tls
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
namespace: roost
name: reviews-tls
spec:
secretName: reviews-tls
issuerRef:
name: letsencrypt
commonName: reviews.imfreedom.org
dnsNames:
- reviews.imfreedom.org
---
apiVersion: v1
kind: Service
metadata:
namespace: roost
labels:
app: reviews
role: memcached
name: reviews-memcached
spec:
ports:
- port: 11211
protocol: TCP
name: memcached
selector:
app: reviews
role: memcached
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: roost
name: reviews-memcached
labels:
app: reviews
role: memcached
spec:
podSelector:
matchLabels:
app: reviews
role: memcached
ingress:
- from:
- podSelector:
matchLabels:
app: reviews
role: reviewboard
ports:
- port: memcached
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: roost
name: reviews-memcached
labels:
app: reviews
role: memcached
spec:
replicas: 1
selector:
matchLabels:
app: reviews
role: memcached
strategy:
type: Recreate
template:
metadata:
labels:
app: reviews
role: memcached
spec:
containers:
- name: memcached
image: memcached:1.5.20-alpine
imagePullPolicy: Always
ports:
- name: memcached
containerPort: 11211
resources:
limits:
cpu: 50m
memory: 256Mi
requests:
cpu: 10m
memory: 128Mi
securityContext:
fsGroup: 11211
runAsUser: 11211
---
apiVersion: v1
kind: Service
metadata:
namespace: roost
labels:
app: reviews
role: postgres
name: reviews-postgres
spec:
ports:
- port: 5432
protocol: TCP
name: postgres
selector:
app: reviews
role: postgres
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: roost
name: reviews-postgres
labels:
app: reviews
role: postgres
spec:
podSelector:
matchLabels:
app: reviews
role: postgres
ingress:
- from:
- podSelector:
matchLabels:
app: reviews
role: reviewboard
ports:
- port: postgres
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: roost
name: reviews-postgres
labels:
app: reviews
role: postgres
spec:
replicas: 1
selector:
matchLabels:
app: reviews
role: postgres
strategy:
type: Recreate
template:
metadata:
labels:
app: reviews
role: postgres
spec:
containers:
- name: postgres
image: postgres:11
imagePullPolicy: Always
env:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: reviews-postgres
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: reviews-postgres
key: password
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: reviews-postgres
key: db
ports:
- name: postgres
containerPort: 5432
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: reviews-postgres
readOnly: false
subPath: postgresql
volumes:
- name: reviews-postgres
persistentVolumeClaim:
claimName: reviews-postgres
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: roost
name: reviews-postgres
labels:
app: reviews
role: postgres
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: gemini.fairwinds.com/v1beta1
kind: SnapshotGroup
metadata:
namespace: roost
name: reviews-postgres
spec:
persistentVolumeClaim:
claimName: reviews-postgres
schedule:
- every: 12 hours
keep: 2
---
apiVersion: v1
kind: Service
metadata:
namespace: roost
labels:
app: reviews
role: reviewboard
name: reviews-reviewboard
spec:
ports:
- port: 8000
protocol: TCP
name: http
selector:
app: reviews
role: reviewboard
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: roost
name: reviews-reviewboard
labels:
app: reviews
role: reviewboard
spec:
podSelector:
matchLabels:
app: reviews
role: reviewboard
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-public
podSelector:
matchLabels:
app: traefik
role: controller
ports:
- port: http
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: roost
name: reviews-reviewboard
labels:
app: reviews
role: reviewboard
spec:
replicas: 1
selector:
matchLabels:
app: reviews
role: reviewboard
strategy:
type: Recreate
template:
metadata:
labels:
app: reviews
role: reviewboard
spec:
containers:
- name: reviewboard
image: rwgrim/reviewboard:latest
imagePullPolicy: Always
env:
- name: PGUSER
valueFrom:
secretKeyRef:
name: reviews-postgres
key: username
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: reviews-postgres
key: password
- name: PGDB
valueFrom:
secretKeyRef:
name: reviews-postgres
key: db
- name: PGHOST
value: reviews-postgres
- name: MEMCACHED
value: reviews-memcached
ports:
- name: http
containerPort: 8000
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
volumeMounts:
- mountPath: /var/www/
name: reviews-reviewboard
readOnly: false
subPath: reviewboard
volumes:
- name: reviews-reviewboard
persistentVolumeClaim:
claimName: reviews-reviewboard
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: roost
name: reviews-reviewboard
labels:
app: reviews
role: reviewboard
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: gemini.fairwinds.com/v1beta1
kind: SnapshotGroup
metadata:
namespace: roost
name: reviews-reviewboard
spec:
persistentVolumeClaim:
claimName: reviews-reviewboard
schedule:
- every: 12 hours
keep: 2
---