imfreedom/k8s-cluster

Disable the fsGroup security context because it causes our container to time out for 20 minutes as k8s chown's all of the files in the volume. This isn't necessary except first start.

2020-05-07, Gary Kramlich
40090e27f8de
Disable the fsGroup security context because it causes our container to time out for 20 minutes as k8s chown's all of the files in the volume. This isn't necessary except first start.
# this manifest contains an ingress that does path based matching to route to
# individual services that are runnings the docs via a simple http server.
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: docs-strip-prefix
namespace: roost
spec:
stripPrefix:
forceSlash: false
prefixes:
- /gplugin/latest
- /gplugin-gtk/latest
- /libgnt/latest
- /libgnt/next
- /pidgin/2.x.y
- /talkatu/latest
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: docs-pidgin-im
namespace: roost
spec:
entryPoints:
- https
routes:
- match: Host(`docs.pidgin.im`) && PathPrefix(`/pidgin/2.x.y`)
kind: Rule
services:
- name: docs-pidgin-2-x-y
port: 3000
middlewares:
- name: docs-strip-prefix
- name: common-headers
- match: Host(`docs.pidgin.im`) && PathPrefix(`/gplugin/latest`)
kind: Rule
services:
- name: docs-gplugin-latest
port: 3000
middlewares:
- name: docs-strip-prefix
- name: common-headers
- match: Host(`docs.pidgin.im`) && PathPrefix(`/gplugin-gtk/latest`)
kind: Rule
services:
- name: docs-gplugin-gtk-latest
port: 3000
middlewares:
- name: docs-strip-prefix
- name: common-headers
- match: Host(`docs.pidgin.im`) && PathPrefix(`/libgnt/latest`)
kind: Rule
services:
- name: docs-libgnt-latest
port: 3000
middlewares:
- name: docs-strip-prefix
- name: common-headers
- match: Host(`docs.pidgin.im`) && PathPrefix(`/libgnt/next`)
kind: Rule
services:
- name: docs-libgnt-next
port: 3000
middlewares:
- name: docs-strip-prefix
- name: common-headers
- match: Host(`docs.pidgin.im`) && PathPrefix(`/talkatu/latest`)
kind: Rule
services:
- name: docs-talkatu-latest
port: 3000
middlewares:
- name: docs-strip-prefix
- name: common-headers
tls:
secretName: docs-tls
options:
name: default
namespace: kube-public
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
namespace: roost
name: docs-tls
spec:
secretName: docs-tls
issuerRef:
name: letsencrypt
commonName: docs.pidgin.im
dnsNames:
- docs.pidgin.im
---
apiVersion: v1
kind: Service
metadata:
namespace: roost
name: docs-gplugin-latest
labels:
app: gplugin
version: latest
spec:
ports:
- port: 3000
protocol: TCP
selector:
app: gplugin
version: latest
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: roost
name: docs-gplugin-latest
labels:
app: gplugin
version: latest
spec:
podSelector:
matchLabels:
app: gplugin
version: latest
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-public
podSelector:
matchLabels:
app: traefik
role: controller
ports:
- port: 3000
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: roost
name: docs-gplugin-latest
labels:
app: gplugin
version: latest
spec:
replicas: 2
selector:
matchLabels:
app: gplugin
version: latest
template:
metadata:
labels:
app: gplugin
version: latest
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- gplugin
- key: version
operator: In
values:
- latest
topologyKey: failure-domain.beta.kubernetes.io/region
weight: 100
containers:
- name: docs-gplugin-latest
image: gplugin/gplugin-docs:latest
imagePullPolicy: Always
ports:
- containerPort: 3000
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 10m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
namespace: roost
name: docs-gplugin-gtk-latest
labels:
app: gplugin-gtk
version: latest
spec:
ports:
- port: 3000
protocol: TCP
selector:
app: gplugin-gtk
version: latest
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: roost
name: docs-gplugin-gtk-latest
labels:
app: gplugin-gtk
version: latest
spec:
podSelector:
matchLabels:
app: gplugin-gtk
version: latest
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-public
podSelector:
matchLabels:
app: traefik
role: controller
ports:
- port: 3000
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: roost
name: docs-gplugin-gtk-latest
labels:
app: gplugin-gtk
version: latest
spec:
replicas: 2
selector:
matchLabels:
app: gplugin-gtk
version: latest
template:
metadata:
labels:
app: gplugin-gtk
version: latest
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- gplugin-gtk
- key: version
operator: In
values:
- latest
topologyKey: failure-domain.beta.kubernetes.io/region
weight: 100
containers:
- name: docs-gplugin-gtk-latest
image: gplugin/gplugin-gtk-docs:latest
imagePullPolicy: Always
ports:
- containerPort: 3000
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 10m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
namespace: roost
name: docs-libgnt-latest
labels:
app: libgnt
version: latest
spec:
ports:
- port: 3000
protocol: TCP
selector:
app: libgnt
version: latest
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: roost
name: docs-libgnt-latest
labels:
app: libgnt
version: latest
spec:
podSelector:
matchLabels:
app: libgnt
version: latest
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-public
podSelector:
matchLabels:
app: traefik
role: controller
ports:
- port: 3000
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: roost
name: docs-libgnt-latest
labels:
app: libgnt
version: latest
spec:
replicas: 2
selector:
matchLabels:
app: libgnt
version: latest
template:
metadata:
labels:
app: libgnt
version: latest
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- libgnt
- key: version
operator: In
values:
- latest
topologyKey: failure-domain.beta.kubernetes.io/region
weight: 100
containers:
- name: docs-libgnt-latest
image: libgnt/docs:latest
imagePullPolicy: Always
ports:
- containerPort: 3000
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 10m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
namespace: roost
name: docs-libgnt-next
labels:
app: libgnt
version: next
spec:
ports:
- port: 3000
protocol: TCP
selector:
app: libgnt
version: next
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: roost
name: docs-libgnt-next
labels:
app: libgnt
version: next
spec:
podSelector:
matchLabels:
app: libgnt
version: next
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-public
podSelector:
matchLabels:
app: traefik
role: controller
ports:
- port: 3000
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: roost
name: docs-libgnt-next
labels:
app: libgnt
version: next
spec:
replicas: 2
selector:
matchLabels:
app: libgnt
version: next
template:
metadata:
labels:
app: libgnt
version: next
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- libgnt
- key: version
operator: In
values:
- next
topologyKey: failure-domain.beta.kubernetes.io/region
weight: 100
containers:
- name: docs-libgnt-next
image: libgnt/docs:next
imagePullPolicy: Always
ports:
- containerPort: 3000
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 10m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
namespace: roost
name: docs-pidgin-2-x-y
labels:
app: pidgin
version: 2.x.y
spec:
ports:
- port: 3000
protocol: TCP
selector:
app: pidgin
version: 2.x.y
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: roost
name: docs-pidgin-2-x-y
labels:
app: pidgin
version: 2.x.y
spec:
podSelector:
matchLabels:
app: pidgin
version: 2.x.y
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-public
podSelector:
matchLabels:
app: traefik
role: controller
ports:
- port: 3000
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: roost
name: docs-pidgin-2-x-y
labels:
app: pidgin
version: 2.x.y
spec:
replicas: 2
selector:
matchLabels:
app: pidgin
version: 2.x.y
template:
metadata:
labels:
app: pidgin
version: 2.x.y
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- pidgin
- key: version
operator: In
values:
- 2.x.y
topologyKey: failure-domain.beta.kubernetes.io/region
weight: 100
containers:
- name: docs-pidgin-2-x-y
image: pidgin/pidgin2-docs:latest
imagePullPolicy: Always
ports:
- containerPort: 3000
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 10m
memory: 32Mi
---
apiVersion: v1
kind: Service
metadata:
namespace: roost
name: docs-talkatu-latest
labels:
app: talkatu
version: latest
spec:
ports:
- port: 3000
protocol: TCP
selector:
app: talkatu
version: latest
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: roost
name: docs-talkatu-latest
labels:
app: talkatu
version: latest
spec:
podSelector:
matchLabels:
app: talkatu
version: latest
ingress:
- from:
- namespaceSelector:
matchLabels:
name: kube-public
podSelector:
matchLabels:
app: traefik
role: controller
ports:
- port: 3000
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: roost
name: docs-talkatu-latest
labels:
app: talkatu
version: latest
spec:
replicas: 2
selector:
matchLabels:
app: talkatu
version: latest
template:
metadata:
labels:
app: talkatu
version: latest
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- talkatu
- key: version
operator: In
values:
- latest
topologyKey: failure-domain.beta.kubernetes.io/region
weight: 100
containers:
- name: docs-talkatu-lastest
image: talkatu/docs:latest
imagePullPolicy: Always
ports:
- containerPort: 3000
resources:
limits:
cpu: 50m
memory: 64Mi
requests:
cpu: 10m
memory: 32Mi
---