imfreedom/k8s-cluster

Add the teamcity manifest

2019-10-16, Gary Kramlich
caa6fffdbf59
Parents e66d37205a07
Children b380be712b3d
Add the teamcity manifest
1 files changed, 278 insertions(+), 0 deletions(-)
  • +278 -0
    50-ci.imfreedom.org.yaml
    • --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/50-ci.imfreedom.org.yaml Wed Oct 16 03:06:37 2019 -0500
    @@ -0,0 +1,278 @@
    +# teamcity is a continuous integration system from jetbrains. This manifest
    +# sets it up as well as a postgres instance.
    +---
    +apiVersion: v1
    +kind: Service
    +metadata:
    + namespace: imfreedom
    + name: ci-postgres
    + labels:
    + app: ci
    + role: db
    +spec:
    + ports:
    + - port: 5432
    + protocol: TCP
    + selector:
    + app: ci
    + role: db
    +---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: imfreedom
    + name: ci-postgres
    + labels:
    + app: ci
    + role: db
    +spec:
    + podSelector:
    + matchLabels:
    + app: ci
    + role: db
    + ingress:
    + - from:
    + - podSelector:
    + matchLabels:
    + app: ci
    + role: app
    + ports:
    + - port: 5432
    + protocol: TCP
    +---
    +apiVersion: apps/v1
    +kind: Deployment
    +metadata:
    + namespace: imfreedom
    + name: ci-postgres
    + labels:
    + app: ci
    + role: db
    +spec:
    + replicas: 1
    + selector:
    + matchLabels:
    + app: ci
    + role: db
    + strategy:
    + type: Recreate
    + template:
    + metadata:
    + labels:
    + app: ci
    + role: db
    + spec:
    + containers:
    + - name: postgres
    + image: postgres:11
    + imagePullPolicy: Always
    + env:
    + - name: POSTGRES_USER
    + valueFrom:
    + secretKeyRef:
    + name: ci-postgres
    + key: username
    + - name: POSTGRES_PASSWORD
    + valueFrom:
    + secretKeyRef:
    + name: ci-postgres
    + key: password
    + - name: POSTGRES_DB
    + valueFrom:
    + secretKeyRef:
    + name: ci-postgres
    + key: db
    + resources:
    + limits:
    + cpu: 200m
    + memory: 256Mi
    + requests:
    + cpu: 100m
    + memory: 128Mi
    + ports:
    + - containerPort: 5432
    + volumeMounts:
    + - mountPath: /var/lib/postgresql/data
    + name: ci-postgres
    + readOnly: false
    + subPath: postgresql
    + volumes:
    + - name: ci-postgres
    + persistentVolumeClaim:
    + claimName: ci-db
    +---
    +apiVersion: v1
    +kind: PersistentVolumeClaim
    +metadata:
    + namespace: imfreedom
    + name: ci-db
    + labels:
    + app: ci
    + role: db
    +spec:
    + accessModes:
    + - ReadWriteOnce
    + resources:
    + requests:
    + storage: 1Gi
    +---
    +apiVersion: extensions/v1beta1
    +kind: Ingress
    +metadata:
    + namespace: imfreedom
    + name: ci
    + annotations:
    + certmanager.k8s.io/issuer: letsencrypt
    + nginx.ingress.kubernetes.io/configuration-snippet: |
    + more_set_headers "X-Frame-Options: SAMEORIGIN";
    + labels:
    + app: ci
    + role: app
    +spec:
    + rules:
    + - host: ci.imfreedom.org
    + http:
    + paths:
    + - backend:
    + serviceName: ci
    + servicePort: 8111
    + path: /
    + tls:
    + - hosts:
    + - ci.imfreedom.org
    + secretName: ci-tls
    +---
    +apiVersion: certmanager.k8s.io/v1alpha1
    +kind: Certificate
    +metadata:
    + namespace: imfreedom
    + name: ci
    +spec:
    + secretName: ci-tls
    + issuerRef:
    + name: letsencrypt
    + commonName: ci.imfreedom.org
    + dnsNames:
    + - ci.imfreedom.org
    + acme:
    + config:
    + - http01:
    + ingress: ci
    + domains:
    + - ci.imfreedom.org
    +---
    +apiVersion: v1
    +kind: Service
    +metadata:
    + namespace: imfreedom
    + labels:
    + app: ci
    + role: app
    + name: ci
    +spec:
    + ports:
    + - port: 8111
    + protocol: TCP
    + selector:
    + app: ci
    + role: app
    +---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: imfreedom
    + name: ci
    + labels:
    + app: ci
    + role: app
    +spec:
    + podSelector:
    + matchLabels:
    + app: ci
    + role: app
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 8111
    + protocol: TCP
    +---
    +apiVersion: apps/v1
    +kind: Deployment
    +metadata:
    + namespace: imfreedom
    + name: ci
    + labels:
    + app: ci
    + role: app
    +spec:
    + replicas: 1
    + selector:
    + matchLabels:
    + app: ci
    + role: app
    + strategy:
    + type: Recreate
    + template:
    + metadata:
    + labels:
    + app: ci
    + role: app
    + spec:
    + containers:
    + - name: teamcity
    + image: docker.io/rwgrim/teamcity-server:latest
    + ports:
    + - containerPort: 8111
    + resources:
    + limits:
    + cpu: 1000m
    + memory: 2048Mi
    + requests:
    + cpu: 500m
    + memory: 1024Mi
    + volumeMounts:
    + - mountPath: /data/teamcity_server/datadir/
    + name: datadir
    + readOnly: false
    + subPath: datadir
    + - mountPath: /opt/teamcity/logs/
    + name: hostdir
    + readOnly: false
    + subPath: logs
    + - mountPath: /opt/teamcity/temp/
    + name: hostdir
    + readOnly: false
    + subPath: temp
    + securityContext:
    + fsGroup: 1000
    + runAsUser: 1000
    + volumes:
    + - name: datadir
    + persistentVolumeClaim:
    + claimName: ci
    + - name: hostdir
    + emptyDir: {}
    +---
    +apiVersion: v1
    +kind: PersistentVolumeClaim
    +metadata:
    + namespace: imfreedom
    + name: ci
    + labels:
    + app: ci
    + role: app
    +spec:
    + accessModes:
    + - ReadWriteOnce
    + resources:
    + requests:
    + storage: 25Gi
    +---
    +