HGKeeper

imfreedom/k8s-cluster

Add the deployment for lists.imfreedom.org.

18 months ago, Gary Kramlich

22ca0a0280d4

Add the deployment for lists.imfreedom.org.

This is currently running at liststest.imfreedom.org until we are actually ready
to migrate the production stuff.

---

apiVersion: traefik.containo.us/v1alpha1

kind: IngressRoute

metadata:

name: ci-http

spec:

entryPoints:

- http

routes:

- match: Host(`ci.imfreedom.org`) || Host(`artifacts.imfreedom.org`)

kind: Rule

services:

- name: ci

port: 8111

middlewares:

- name: https-redirect

---

apiVersion: traefik.containo.us/v1alpha1

kind: Middleware

metadata:

name: ci-body-size

spec:

buffering:

maxRequestBodyBytes: 16777216

memRequestBodyBytes: 209715

---

apiVersion: traefik.containo.us/v1alpha1

kind: IngressRoute

metadata:

name: ci

spec:

entryPoints:

- https

routes:

- match: Host(`ci.imfreedom.org`) || Host(`artifacts.imfreedom.org`)

kind: Rule

services:

- name: ci

port: 8111

middlewares:

# - name: ci-body-size

- name: common-headers

- name: hsts-headers

tls:

secretName: ci-tls

---

apiVersion: cert-manager.io/v1

kind: Certificate

metadata:

name: ci-tls

spec:

secretName: ci-tls

issuerRef:

name: letsencrypt

commonName: ci.imfreedom.org

dnsNames:

- ci.imfreedom.org

- artifacts.imfreedom.org

---

apiVersion: v1

kind: Service

metadata:

name: ci

spec:

ports:

- port: 8111

protocol: TCP

selector:

app: ci

role: app

---

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: ci

spec:

podSelector:

matchLabels:

app: ci

role: app

ingress:

- from:

- namespaceSelector:

matchLabels:

name: kube-public

podSelector:

matchExpressions:

- key: app

operator: In

values:

- traefik

- key: role

operator: In

values:

- controller

ports:

- port: 8111

protocol: TCP

---

apiVersion: apps/v1

kind: Deployment

metadata:

name: ci

spec:

replicas: 1

revisionHistoryLimit: 0

selector:

matchLabels:

app: ci

role: app

strategy:

type: Recreate

template:

spec:

containers:

- name: teamcity

image: docker.io/rwgrim/teamcity-server:latest

imagePullPolicy: Always

env:

- name: TEAMCITY_SERVER_MEM_OPTS

value: -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Xmx3g -XX:ReservedCodeCacheSize=350m

- name: TEAMCITY_HTTPS_PROXY_ENABLED

value: 'true'

ports:

- containerPort: 8111

resources:

limits:

cpu: 1000m

memory: 3072Mi

requests:

cpu: 500m

memory: 1024Mi

volumeMounts:

- mountPath: /data/teamcity_server/datadir/

name: datadir

readOnly: false

subPath: datadir

- mountPath: /opt/teamcity/logs/

name: hostdir

readOnly: false

subPath: logs

- mountPath: /opt/teamcity/temp/

name: hostdir

readOnly: false

subPath: temp

securityContext:

# fsGroup: 1000

runAsUser: 1000

volumes:

- name: datadir

persistentVolumeClaim:

claimName: ci

- name: hostdir

emptyDir: {}

---

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

name: ci

spec:

accessModes:

- ReadWriteOnce

resources:

requests:

storage: 25Gi

---

apiVersion: gemini.fairwinds.com/v1beta1

kind: SnapshotGroup

metadata:

name: ci

spec:

persistentVolumeClaim:

claimName: ci

schedule:

- every: 12 hours

keep: 2

---