Adrien/projects-platform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
ebcadfcdeea75fb6c886865e248b58f10982190e
projects-platform/carrramba-encore-rate-deployment.yaml

241 lines
6.6 KiB
YAML
Raw Blame History

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-carrramba
namespace: default
spec:
acme:
email: me@adrien.run
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-carrramba
solvers:
- http01:
ingress:
class: istio
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: carrramba-encore-rate-frontend
labels:
app: carrramba-encore-rate-frontend
spec:
replicas: 1
selector:
matchLabels:
app: carrramba-encore-rate-frontend
template:
metadata:
labels:
app: carrramba-encore-rate-frontend
spec:
containers:
- name: carrramba-encore-rate-frontend
image: rg.fr-par.scw.cloud/asr-projects/carrramba-encore-rate-frontend:latest
ports:
- name: web
containerPort: 80
imagePullSecrets:
- name: registry-secret
---
apiVersion: v1
kind: Service
metadata:
name: carrramba-encore-rate-frontend
labels:
app: carrramba-encore-rate-frontend
spec:
ports:
- name: web
port: 80
targetPort: web
selector:
app: carrramba-encore-rate-frontend
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: carrramba-encore-rate-frontend-ingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: carrramba-encore-rate-frontend
port:
name: web
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: strip-api-prefix
spec:
stripPrefix:
prefixes:
- /api
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: carrramba-encore-rate-api-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-carrramba
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: default-strip-api-prefix@kubernetescrd
spec:
tls:
- hosts:
- carrramba.adrien.run
secretName: tls-carrramba-encore-rate-ingress
rules:
- http:
paths:
- path: /api/
pathType: Prefix
backend:
service:
name: carrramba-encore-rate-api
port:
name: web
---
# Service account to allow pod access to Vault via K8s auth
apiVersion: v1
kind: ServiceAccount
metadata:
name: carrramba-encore-rate-api
automountServiceAccountToken: true
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: carrramba-encore-rate-api
labels:
app: carrramba-encore-rate-api
spec:
replicas: 1
selector:
matchLabels:
app: carrramba-encore-rate-api
template:
metadata:
labels:
app: carrramba-encore-rate-api
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-secret-carrramba-encore-rate-api: "database/creds/carrramba-encore-rate-api"
vault.hashicorp.com/agent-inject-template-carrramba-encore-rate-api: |
{{ with secret "database/creds/carrramba-encore-rate-api" -}}
export CER__DB__NAME=carrramba_encore_rate
export CER__DB__HOST=postgres
export CER__DB__PORT=5432
export CER__DB__USER={{ .Data.username }}
export CER__DB__PASSWORD={{ .Data.password }}
{{- end }}
{{ with secret "carrramba-encore-rate-api/idfm-api-key" -}}
export CER__IDFM_API_KEY={{ .Data.key }}
{{- end}}
vault.hashicorp.com/role: "carrramba-encore-rate-api"
spec:
containers:
- name: carrramba-encore-rate-api
image: rg.fr-par.scw.cloud/asr-projects/carrramba-encore-rate-api:latest
command: ["/bin/bash"]
args: ["-c", "source ${BASH_ENV} ; python ./api_server.py "]
# args: ["-c", "while true; do echo hello; sleep 10;done"]
ports:
- name: web
containerPort: 8080
env:
- name: BASH_ENV
value: /vault/secrets/carrramba-encore-rate-api
- name: CONFIG_PATH
value: ./config.sample.yaml
- name: CER__TRACING__ENABLE
value: "true"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: "http://jaeger-all-in-one-collector.observability.svc.cluster.local:$(JAEGER_ALL_IN_ONE_COLLECTOR_SERVICE_PORT_HTTP_OTLP)"
imagePullPolicy: Always
imagePullSecrets:
- name: registry-secret
serviceAccountName: carrramba-encore-rate-api
---
apiVersion: v1
kind: Service
metadata:
name: carrramba-encore-rate-api
labels:
app: carrramba-encore-rate-api
spec:
ports:
- name: web
port: 8080
targetPort: web
selector:
app: carrramba-encore-rate-api
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: db-update
spec:
schedule: "0 1 * * 5" # At 01:00 on Friday
jobTemplate:
spec:
template:
metadata:
annotations:
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/agent-inject-secret-carrramba-encore-rate-admin: "database/creds/carrramba-encore-rate-admin"
vault.hashicorp.com/agent-inject-template-carrramba-encore-rate-admin: |
{{ with secret "database/creds/carrramba-encore-rate-admin" -}}
export CER__DB__NAME=carrramba_encore_rate
export CER__DB__HOST=postgres
export CER__DB__PORT=5432
export CER__DB__USER={{ .Data.username }}
export CER__DB__PASSWORD={{ .Data.password }}
{{- end }}
{{ with secret "carrramba-encore-rate-api/idfm-api-key" -}}
export CER__IDFM_API_KEY={{ .Data.key }}
{{- end}}
vault.hashicorp.com/role: "carrramba-encore-rate-admin"
spec:
containers:
- name: db-update
image: rg.fr-par.scw.cloud/asr-projects/carrramba-encore-rate-db-updater:latest
command: ["/bin/bash"]
args: ["-c", "source ${BASH_ENV} ; python ./db_updater.py"]
imagePullPolicy: IfNotPresent
env:
- name: BASH_ENV
value: /vault/secrets/carrramba-encore-rate-admin
- name: CONFIG_PATH
value: ./config.sample.yaml
restartPolicy: Never
imagePullSecrets:
- name: registry-secret
serviceAccountName: carrramba-encore-rate-admin
---
# Service account to allow pod access to Vault via K8s auth
apiVersion: v1
kind: ServiceAccount
metadata:
name: carrramba-encore-rate-admin
automountServiceAccountToken: true
Reference in New Issue View Git Blame Copy Permalink