imfreedom/k8s-cluster

Add the deployment for lists.imfreedom.org.

17 months ago, Gary Kramlich
22ca0a0280d4
Add the deployment for lists.imfreedom.org.

This is currently running at liststest.imfreedom.org until we are actually ready
to migrate the production stuff.
# keel.sh is a tool to automatically update deployments when external things
# like image tags change on a registry.
#
# This manifest is a cleaned up version of
# curl "https://sunstone.dev/keel?namespace=keel&username=admin&password=admin&tag=latest"
---
apiVersion: v1
kind: Namespace
metadata:
name: keel
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: keel
namespace: keel
labels:
app: keel
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: keel
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- watch
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- list
- apiGroups:
- ""
- extensions
- apps
- batch
resources:
- pods
- replicasets
- replicationcontrollers
- statefulsets
- deployments
- daemonsets
- jobs
- cronjobs
verbs:
- get
- delete # required to delete pods during force upgrade of the same tag
- watch
- list
- update
- apiGroups:
- ""
resources:
- configmaps
- pods/portforward
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: keel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: keel
subjects:
- kind: ServiceAccount
name: keel
namespace: keel
---
apiVersion: v1
kind: Service
metadata:
name: keel
namespace: keel
labels:
app: keel
spec:
ports:
- port: 9300
protocol: TCP
name: keel
selector:
app: keel
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keel
namespace: keel
labels:
app: keel
spec:
replicas: 1
selector:
matchLabels:
app: keel
template:
metadata:
labels:
app: keel
spec:
serviceAccountName: keel
containers:
- name: keel
image: keelhq/keel:latest
imagePullPolicy: Always
command: ["/bin/keel"]
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# Basic auth (to enable UI/API)
- name: BASIC_AUTH_USER
value: "admin"
- name: BASIC_AUTH_PASSWORD
value: "abc123"
- name: AUTHENTICATED_WEBHOOKS
value: "false"
- name: NOTIFICATION_LEVEL
value: "info"
# Enable insecure registries
- name: INSECURE_REGISTRY
value: "true"
# Our discord bridge
- name: WEBHOOK_ENDPOINT
value: "http://discord-keel-bridge:5000/v1/incoming"
ports:
- containerPort: 9300
livenessProbe:
httpGet:
path: /healthz
port: 9300
initialDelaySeconds: 30
timeoutSeconds: 10
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
---