HGKeeper

imfreedom/k8s-cluster

Disable the fsGroup security context because it causes our container to time out for 20 minutes as k8s chown's all of the files in the volume. This isn't necessary except first start.

2020-05-07, Gary Kramlich

40090e27f8de

Disable the fsGroup security context because it causes our container to time out for 20 minutes as k8s chown's all of the files in the volume. This isn't necessary except first start.

---

apiVersion: traefik.containo.us/v1alpha1

kind: Middleware

metadata:

name: common-headers

namespace: reaperworld

spec:

headers:

customResponseHeaders:

X-Frame-Options: SAMEORIGIN

---

apiVersion: traefik.containo.us/v1alpha1

kind: Middleware

metadata:

name: https-redirect

namespace: reaperworld

spec:

redirectScheme:

scheme: https

permanent: true

---

apiVersion: traefik.containo.us/v1alpha1

kind: IngressRoute

metadata:

name: www-http

namespace: reaperworld

spec:

entryPoints:

- http

routes:

- match: Host(`reaperworld.com`) || Host(`www.reaperworld.com`)

kind: Rule

services:

- name: www

port: 3000

middlewares:

- name: https-redirect

---

apiVersion: traefik.containo.us/v1alpha1

kind: IngressRoute

metadata:

name: www

namespace: reaperworld

spec:

entryPoints:

- https

routes:

- match: Host(`reaperworld.com`) || Host(`www.reaperworld.com`)

kind: Rule

services:

- name: www

port: 3000

middlewares:

- name: common-headers

tls:

secretName: www-tls

options:

name: default

namespace: kube-public

---

apiVersion: cert-manager.io/v1alpha2

kind: Certificate

metadata:

namespace: reaperworld

name: www-tls

spec:

secretName: www-tls

issuerRef:

name: letsencrypt

commonName: reaperworld.com

dnsNames:

- reaperworld.com

- www.reaperworld.com

---

apiVersion: v1

kind: Service

metadata:

namespace: reaperworld

name: www

labels:

app: www

spec:

ports:

- port: 3000

protocol: TCP

selector:

app: www

---

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

namespace: reaperworld

name: www

labels:

app: www

spec:

podSelector:

matchLabels:

app: www

ingress:

- from:

- namespaceSelector:

matchLabels:

name: kube-public

podSelector:

matchLabels:

app: traefik

role: controller

ports:

- port: 3000

protocol: TCP

---

apiVersion: apps/v1

kind: Deployment

metadata:

namespace: reaperworld

name: www

labels:

app: www

spec:

replicas: 2

selector:

matchLabels:

app: www

template:

metadata:

labels:

app: www

annotations:

tagops/autoupdate: 15m

spec:

affinity:

podAntiAffinity:

preferredDuringSchedulingIgnoredDuringExecution:

- podAffinityTerm:

labelSelector:

matchExpressions:

- key: app

operator: In

values:

- www

topologyKey: failure-domain.beta.kubernetes.io/region

weight: 100

containers:

- name: www

image: rwgrim/www.reaperworld.com

imagePullPolicy: Always

ports:

- containerPort: 3000

resources:

limits:

cpu: 50m

memory: 96Mi

requests:

cpu: 10m

memory: 64Mi

---