imfreedom/k8s-cluster
Clone
Summary
Browse
Changes
Graph
comment ou the fsgroup as apparently that isn't necessary anymore and causes issues when there's lots of files
2020-05-03, Gary Kramlich
c16b4bcef85f
comment ou the fsgroup as apparently that isn't necessary anymore and causes issues when there's lots of files
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRouteTCP
metadata
:
name
:
keep-ssh
namespace
:
roost
spec
:
entryPoints
:
-
keep-ssh
routes
:
-
match
:
HostSNI(`*`)
kind
:
Rule
services
:
-
name
:
keep
port
:
22222
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
keep-http
namespace
:
roost
spec
:
entryPoints
:
-
http
routes
:
-
match
:
Host(`keep.imfreedom.org`)
kind
:
Rule
services
:
-
name
:
keep-http
port
:
8080
middlewares
:
-
name
:
https-redirect
---
apiVersion
:
traefik.containo.us/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
keep-https
namespace
:
roost
spec
:
entryPoints
:
-
https
routes
:
-
match
:
Host(`keep.imfreedom.org`)
kind
:
Rule
services
:
-
name
:
keep-http
port
:
8080
middlewares
:
-
name
:
common-headers
tls
:
secretName
:
keep-tls
---
apiVersion
:
cert-manager.io/v1alpha2
kind
:
Certificate
metadata
:
namespace
:
roost
name
:
keep-tls
spec
:
secretName
:
keep-tls
issuerRef
:
name
:
letsencrypt
commonName
:
keep.imfreedom.org
dnsNames
:
-
keep.imfreedom.org
---
apiVersion
:
v1
kind
:
Service
metadata
:
namespace
:
roost
labels
:
app
:
hgkeeper
name
:
keep-http
spec
:
ports
:
-
port
:
8080
protocol
:
TCP
selector
:
app
:
hgkeeper
---
apiVersion
:
v1
kind
:
Service
metadata
:
namespace
:
roost
labels
:
app
:
hgkeeper
name
:
keep
spec
:
ports
:
-
port
:
22222
protocol
:
TCP
selector
:
app
:
hgkeeper
---
apiVersion
:
v1
kind
:
ConfigMap
metadata
:
name
:
keep-configmap
namespace
:
roost
data
:
admin-pubkey
:
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/mCAuMfKq4ukgGufiERyddsPIj2/KNXzB+gDTjHBGl grim@spectre
---
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
namespace
:
roost
name
:
keep
labels
:
app
:
hgkeeper
spec
:
podSelector
:
matchLabels
:
app
:
hgkeeper
ingress
:
-
from
:
-
namespaceSelector
:
matchLabels
:
name
:
kube-public
podSelector
:
matchLabels
:
app
:
traefik
role
:
controller
ports
:
-
port
:
8080
protocol
:
TCP
-
port
:
22222
protocol
:
TCP
---
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
namespace
:
roost
name
:
keep
labels
:
app
:
hgkeeper
spec
:
replicas
:
1
selector
:
matchLabels
:
app
:
hgkeeper
strategy
:
type
:
Recreate
template
:
metadata
:
labels
:
app
:
hgkeeper
spec
:
initContainers
:
-
name
:
setup
image
:
docker.io/rwgrim/hgkeeper:latest
imagePullPolicy
:
Always
command
:
[
"sh"
,
"-c"
,
"test
-d
/repos/hgkeeper
||
hgkeeper
setup"
]
env
:
-
name
:
HGK_ADMIN_USERNAME
value
:
grim
-
name
:
HGK_ADMIN_PUBKEY
value
:
/config/admin-pubkey
-
name
:
HGK_REPOS_PATH
value
:
/repos
volumeMounts
:
-
mountPath
:
/repos
name
:
keep
readOnly
:
false
subPath
:
repos
-
mountPath
:
/config
name
:
keep-configmap
readOnly
:
true
containers
:
-
name
:
hgkeeper
image
:
docker.io/rwgrim/hgkeeper:latest
imagePullPolicy
:
Always
command
:
[
"hgkeeper"
,
"serve"
]
env
:
-
name
:
TMPDIR
value
:
/tmp
-
name
:
HGK_REPOS_PATH
value
:
/repos
-
name
:
HGK_SSH_HOST_KEYS_PATH
value
:
/host-keys
ports
:
-
containerPort
:
8080
-
containerPort
:
22222
resources
:
limits
:
cpu
:
1000m
memory
:
512Mi
requests
:
cpu
:
500m
memory
:
128Mi
volumeMounts
:
-
mountPath
:
/repos
name
:
keep
readOnly
:
false
subPath
:
repos
-
mountPath
:
/host-keys
name
:
keep-ssh-host-keys
readOnly
:
true
-
mountPath
:
/tmp
name
:
keep-tmp
readOnly
:
false
securityContext
:
fsGroup
:
22271
runAsUser
:
22271
volumes
:
-
name
:
keep
persistentVolumeClaim
:
claimName
:
keep
-
name
:
keep-configmap
configMap
:
name
:
keep-configmap
-
name
:
keep-ssh-host-keys
secret
:
secretName
:
keep
-
name
:
keep-tmp
emptyDir
:
{}
---
apiVersion
:
v1
kind
:
PersistentVolumeClaim
metadata
:
namespace
:
roost
name
:
keep
labels
:
app
:
hgkeeper
spec
:
accessModes
:
-
ReadWriteOnce
resources
:
requests
:
storage
:
30Gi
volumeName
:
pvc-fdabb9b0-68d2-4c13-9d6f-6a6dbcd34a38
---