HGKeeper

imfreedom/k8s-cluster

Add rehook.imfreedom.org

14 months ago, Gary Kramlich

7afc7575d513

Parents c97a97478126
Children 696f6066246c

Add rehook.imfreedom.org

This is an nginx container the proxy_pass's to keel for webhooks with anonymous
urls. This way we don't need to expose keel and everything is super fast

2 files changed, 157 insertions(+), 0 deletions(-)

+11 -0

50-rehook.imfreedom.org/kustomization.yaml

+146 -0

50-rehook.imfreedom.org/manifest.yaml

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-rehook.imfreedom.org/kustomization.yaml Tue Feb 21 00:38:02 2023 -0600

@@ -0,0 +1,11 @@

+---

+namespace: imfreedom

+resources:

+ - manifest.yaml

+secretGenerator:

+ - name: rehook-imfreedom-org

+ files:

+ - secrets/default.conf

+ options:

+ disableNameSuffixHash: true

+---

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/50-rehook.imfreedom.org/manifest.yaml Tue Feb 21 00:38:02 2023 -0600

@@ -0,0 +1,146 @@

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: rehook-imfreedom-org-http

+spec:

+ entryPoints:

+ - http

+ routes:

+ - match: Host(`rehook.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: rehook-imfreedom-org

+ port: 80

+ middlewares:

+ - name: https-redirect

+---

+apiVersion: traefik.containo.us/v1alpha1

+kind: IngressRoute

+metadata:

+ name: rehook-imfreedom-org-https

+spec:

+ entryPoints:

+ - https

+ routes:

+ - match: Host(`rehook.imfreedom.org`)

+ kind: Rule

+ services:

+ - name: rehook-imfreedom-org

+ port: 80

+ middlewares:

+ - name: common-headers

+ - name: hsts-headers

+ tls:

+ secretName: rehook-imfreedom-tls

+---

+apiVersion: cert-manager.io/v1

+kind: Certificate

+metadata:

+ name: rehook-imfreedom-tls

+spec:

+ secretName: rehook-imfreedom-tls

+ issuerRef:

+ name: letsencrypt

+ commonName: rehook.imfreedom.org

+ dnsNames:

+ - rehook.imfreedom.org

+---

+apiVersion: v1

+kind: Service

+metadata:

+ labels:

+ app: rehook-imfreedom-org

+ name: rehook-imfreedom-org

+spec:

+ ports:

+ - port: 80

+ protocol: TCP

+ selector:

+ app: rehook-imfreedom-org

+---

+apiVersion: networking.k8s.io/v1

+kind: NetworkPolicy

+metadata:

+ name: rehook-imfreedom-org-http

+ labels:

+ app: rehook-imfreedom-org

+spec:

+ podSelector:

+ matchLabels:

+ app: rehook-imfreedom-org

+ ingress:

+ - from:

+ - namespaceSelector:

+ matchLabels:

+ name: kube-public

+ podSelector:

+ matchLabels:

+ app: traefik

+ role: controller

+ ports:

+ - port: 80

+ protocol: TCP

+---

+apiVersion: policy/v1

+kind: PodDisruptionBudget

+metadata:

+ name: rehook-imfreedom-org

+spec:

+ minAvailable: 1

+ selector:

+ matchLabels:

+ app: rehook-imfreedom-org

+---

+apiVersion: apps/v1

+kind: Deployment

+metadata:

+ name: rehook-imfreedom-org

+ labels:

+ app: rehook-imfreedom-org

+spec:

+ replicas: 2

+ revisionHistoryLimit: 0

+ selector:

+ matchLabels:

+ app: rehook-imfreedom-org

+ template:

+ metadata:

+ labels:

+ app: rehook-imfreedom-org

+ spec:

+ affinity:

+ podAntiAffinity:

+ preferredDuringSchedulingIgnoredDuringExecution:

+ - podAffinityTerm:

+ labelSelector:

+ matchExpressions:

+ - key: app

+ operator: In

+ values:

+ - rehook-imfreedom-org

+ topologyKey: failure-domain.beta.kubernetes.io/region

+ weight: 100

+ containers:

+ - name: http

+ image: nginx:alpine

+ imagePullPolicy: Always

+ ports:

+ - containerPort: 80

+ resources:

+ limits:

+ cpu: 50m

+ memory: 96Mi

+ requests:

+ cpu: 10m

+ memory: 64Mi

+ volumeMounts:

+ - mountPath: /etc/nginx/conf.d/

+ name: rehook-imfreedom-org-config

+ readOnly: true

+ volumes:

+ - name: rehook-imfreedom-org-config

+ secret:

+ secretName: rehook-imfreedom-org

+---

+