Skip to content
Snippets Groups Projects
Verified Commit 6da44fe0 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

feat(blog): Provide intial blog deployment 

This patch is a first try to move my blog into the cluster. There is still quite
some refinement to do.
parent 2bbb6b56
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/k8s01/blog/blog.yaml 0 → 100644
+ 66
0
View file @ 6da44fe0
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: blog
labels:
app.kubernetes.io/name: blog
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: blog
template:
metadata:
labels:
app.kubernetes.io/name: blog
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: blog
topologyKey: kubernetes.io/hostname
automountServiceAccountToken: false
containers:
- name: dnsproxy
image: quay.io/shivering-isles/blog:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
name: http
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 100m
memory: 256Mi
---
apiVersion: v1
kind: Service
metadata:
name: blog
labels:
app.kubernetes.io/name: blog
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: blog
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: blog
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: blog
apps/k8s01/blog/certificate.yaml 0 → 100644
+ 69
0
View file @ 6da44fe0
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: blog-tls
namespace: blog
labels:
app.kubernetes.io/name: blog
spec:
privateKey:
algorithm: Ed25519
dnsNames:
- ENC[AES256_GCM,data:0GFhR/qy7O08SttmyTr7XE4Myw==,iv:A/uABlCzi7KWoUsVGdZC0oW1P/AhXfRiyHAr1DGNlPA=,tag:QymCw+8esywtOeIm+mE5Iw==,type:str]
- ENC[AES256_GCM,data:EwUpRPyUQnP2VW6K4qygCqlqYN2nXWs=,iv:FIBxTelhrzOmDRbfebIb/rNqI9Ex2AgS2YOJgHcFB5A=,tag:q0/vNaVzafhxAMbHQVUz6g==,type:str]
issuerRef:
name: letsencrypt
kind: ClusterIssuer
secretName: ingress-blog-tls
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-11-13T02:09:37Z"
mac: ENC[AES256_GCM,data:gGSRaXKGVoFeFaJOmWYacdiGnw0S4guWB/0bdxRTtlS7hP3zYrUD/Em1Wzyfque57Ykmq8egQ+a+6ExFFIMp9w/PA4vh2NWa0QxuET45JihpXZDqMkYj4trMvkzx6/GbAm/e7qOLXC9a8vTuJMG70J46yxfIKtXti1S82GnSjak=,iv:ObaMfHmMbjHPJFYRwQlFDx/JMCuMuI02r0vrNze5+2s=,tag:xyl4Vay/GFolaHSyZJazsA==,type:str]
pgp:
- created_at: "2022-01-21T18:13:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7kpg2bgzVHcARAAs0OQxzkgcgs/iXO3DXjnuyddgI5X/Gz5Gd3q0U6MrK18
gfZIWvh2gemiU0YepfnQwbHkFLWOO/hYLjppAd4/HS93Gg8Hqg7Kh9WLiQFqolAn
SSvm1KvlesTselWGu8/282UO5jDM7E0NuqsHPC9K/4im+jkWO9s2fAw+hQIvvVPw
CktPYqihMvTmLyTVX9dMkwgDzTdJ8JeaI26S5tyMkAg+B/ymxKWG4m7bRIG9+kOD
fnsUUfd+zobOLR3w251+AydJlCy3gs6hJYlW1wz8m6cOzKHe3SEnN9GLJSbSa95n
+WpY31VF+eXZ4Z8GXoy3QHTWzbcWJ10RKb5eTPixAJzL3opSTbKJGmUuQlq+/9Wg
876dUQGl26CHm8solPytStPJDoSjcNbClJN1Rfp2SopAucqDG5XPIzXh7gIzfwrR
qauiO2AnC85DkWwU9w3wODB9zY3PzcmbzxyLPzEqnSABIEVw8VJoM/pnIRv2gs17
2YN61VO/YgUuxXtvvAHMgk1XQPfH45bM/i9lwX8EHDHqBWQVtYIqyw0lnVPZl1Hz
VuN6/aH4AnVAqeMjS4ezLZ26cyF8S/wkuQPK8tOfOs2l4smD1jp67A1A9RQfF4Hz
QRHL7VEc3EElB7FobZSAccjptfghhFjtIEhrmiZJgIIFcYv8IGDCf59pmVXSUKPS
UQGgA6xeWVYOj7DKYrgO4xMUXtofOv4WVRFO7iejeRqF5YbWmaCIq0GNvpwwZvWe
jqtu9MjOqwG0X682yB6/Ss/HBV+vAYrMoRqunjrSlZ+oLw==
=pOY7
-----END PGP MESSAGE-----
fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- created_at: "2022-01-21T18:13:48Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4oYbIHZIrAPARAAlM62U+idC9A4irm5RkSx5fZv+HGu7Jrm5GNPzv2tQ9WY
ponFAjh0/DDq2qWcpveRS3owFAwhoMbm1vYx9O29ycM5XzjxHF5CjytSssRU0FkX
UK5OdW+SURLREvIOZjYoEqjxFGj22ZAegkNIHYadTSGyesWM8Fj3Q6Su0EVyeyaI
FaE5Eo3Ya0tn7p+oMoAsJFJhtz9oFvPcaXCri+BTiIHCGZBQf9ndAvpr23zd2cO8
LBNwHOmJmtiHM3xndhVstBt9YnRqjqg3hZt65zB7LIP8zRPDtzsvTAdcLMkibhh5
GPn6JyOvlBPFrxR0ZmuGTURFODfjFrjn96igHDGbET1XKDVb99uQA7tJDRjZYUPM
3zfjj+aKi8R9k+/fU/jO827K8jHN9tPmrsJslUGDtV6sRxfWXUsfur8840TfnFBm
f8mqqOBA9ahJaN+0EyXvFHCfPglYs7zXKL4fYnO6PKB7fR+IDFUQzHxZGDTgLB6g
gtayT8FHE6EQ/1Lxsjw4kHfJYlabi5jSPAWtws/RXF8oZgByT6O1yYCtfJPzzlyT
A9b2X2EG4Lj6QFQNN7n/qOwa6timOrdZOfIDLMZt7JIDpHXhCmzo2WCm3wFS/L4R
6zuYDUg5rm3sxHzcw+9xn/PK8yedVCmCGNrnON9hn0TeqXmuY87KQu1Az+3wJqDU
ZgEJAhCnHsdsGhUmeXb4Lb8+hJfFB1DTL3qk6iPqxPsjfA1n3N/KYLd3KYWaM6fm
21yCsmkJZRWxgOwTPbF+KIQAq4yleW06ys6DFLz2wgLc3LlRjJFlPeajM6v6XicO
lDUgoEyZhw==
=y2A9
-----END PGP MESSAGE-----
fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$
version: 3.7.3
apps/k8s01/blog/ingress.yaml 0 → 100644
+ 90
0
View file @ 6da44fe0
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: blog
namespace: blog
labels:
app.kubernetes.io/name: blog
annotations:
forecastle.stakater.com/expose: "true"
forecastle.stakater.com/appName: Blog
forecastle.stakater.com/group: Apps
spec:
rules:
- host: ENC[AES256_GCM,data:ppI47WC3acfE0wU+ES4GIYYrpQ==,iv:64B7Iq33LIA0ZlW/dX70WPIt8+USIj8WyQKsnDV84KM=,tag:o0OUBlEvgYyyJeLG729HzA==,type:str]
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: blog
port:
number: 80
- host: ENC[AES256_GCM,data:KuF4mLV6HvWj2If/YHEnefFLprYilow=,iv:5TAwfNWAH+aDabUeEkkDBQA6icDgbaL99ptqZFwB3Vk=,tag:KRzVkueByKcZKox7YRgcgg==,type:str]
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: blog
port:
number: 80
tls:
- hosts:
- ENC[AES256_GCM,data:PO5x7BaDhzNbw74zPhWFVkUmpg==,iv:tr16kBcknaBHAsPzBS2eCNsuH+yvclLNdaV7t4ObiI0=,tag:jDJHCjybZZ2PclhBmQcfWA==,type:str]
- ENC[AES256_GCM,data:uOa5ivvA40/r2zcptgPNC5+SJYqwAFM=,iv:TwaYhLr6NUJ8s2MooJ6WDfnbcICTlpbUUe1i2hibjIE=,tag:87iuuLIHkzsJCBdna/nKfg==,type:str]
secretName: ingress-blog-tls
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-11-13T02:09:45Z"
mac: ENC[AES256_GCM,data:rXKZ7xsJbQ6x1HchVKlyK8j2Mr2DlAA1Re9LDoN+R6dIv8+2LahGcoVYblI9L1SNr2Ou+V8AEYEp79lDE1NBnqtFCmpg1UJUXfunwuw9NQYVy75LucWh3315A9wlzcMl90A2DgkjIZpsgz8DCjHWJtIQKYrpLNzm/g9k+6qswPE=,iv:29WyyXfxFE/k/NaSaLvgVadNcGyRK+g5AW7lXXsC4d4=,tag:EVTSL8stQ2rjpoGzoL9VcQ==,type:str]
pgp:
- created_at: "2022-09-13T20:16:18Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7kpg2bgzVHcAQ//QKUo6MGGO7kJyGfQ8WULaFNILDGmSNjPj6avjps8nbpa
BdNlszBms4ghflXW6xfBe2vqTvo+Bjd6XqngSoEOpYQNruKTodDpkRBj2KsT+nza
PfQocIiGaLmYsjdT7RtrCIzkm27IwL1MMtPrWPPfiiRHv5lw18y+l2c2kkO8TA4A
eETwEpbeVTo+iryTYSHMQKHeKk+s3Oh/MVGHHC3AlNn8hmvi2Wt/eSLye27a7J5T
lbJrNkIDX/1G9NR0bg2045MkljzYyY7ttP58j+WsOca3ct8NWy4Z4OQeldCmwIFr
BrKYCoFI6eZ6DHT9Rlqm246WN70hbRb7usCgX8dn8WT/Z8dXWzRryYtIVjkzrIVm
AZQ1XelkdXybGa/ORV5aj81AIXu7konepcJX64L6OxcQjFhQWAO7y1rwclOW8QOb
h2RlsE79wNobUsErXTvUmsW30l0GWYeh3IgR0HAMu2P8ttDvb8I4yu5H1/5uZnZY
jLBnH8ooC9uDnh2z5u6ru5JmHjlQ8BWUF/dptt57qUo/I+xBhiSCqYLFo2WOy1lx
hDlSzIE5Sn5TA3fxXyc9Hwv5/c3ELW6EuXqiy4MUcLREL07C4OLp0/1q/Tshj0FG
PReQZkVON4jFuDtfFVID8Rm20CBkVe2xahThK8jCGms15UpiU8hsv8VgAn7aIsPS
UQF1wuAsfdOVLBugwP0jsc57R60KmtLpig04S0WLJAlNEXGk+yGqAsluHGxJpnnm
LUM72fLPLolfVdF2aS9UjTSkSy34Rh5J/j08usEN8R7mWw==
=xL8K
-----END PGP MESSAGE-----
fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- created_at: "2022-09-13T20:16:18Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4oYbIHZIrAPARAAi5C2YbFg1dJGa/C+tsp2xn3fhu5Qvl2ywWFz/lWyO6rW
si4H0ivAkiI85jd2xgxXq54EWY5pkH0a/Ynly5p9zJuZf+dXP5RkOa7EEbv7h/UV
ZRQRpJRJuMKIOUXHKvRR93lQYItSPTCkcRkt6mVEhvYQwOxJmmmjtOF1umbra3Zi
sFWez2yil9BCC9kGWM4n2kHHLhb0RJdlfj3tP7RTYC9ssGCdoUnh4CgksRv6QW2G
HbrO38UJf96gzrjh09HJS4gSnIbtHVDGZ5lVITFpU3WPirga4BGEgib6Ip2GNb4i
6hPmb3aWFwLeHf83CoDV8VbL03t5OLdeUWkAn9xNSZOPy8rZJgm/UXfuii1l39ui
gJk2VWVleK1rHGEV+sCsjGQjQvGL6QUgB+4dp6petsw5Jt1gxBbVZmvkuWjpkPw4
BkLHPf51Gs0SCogWaVf5XdQqX1bovTZotTbTpa6A0G4iwsPIqQkSB/C7ykod5I0s
lXBqXCk9sgAr+hxdRtMpzZJhWC82EoP+Z8IhVEl0GvRyFC+BjFJKMNiTNLRsqmxL
iGaZrCXym7qM++uGKaUWmhVPg3g+l2AUmAwgf6ISIGQolaIf7J+jIc9jw4HSYcIM
MAjvGOGD02ABGvNGwiyi84ibIhnVngmrxuBrQTfBSfhqhJa6XUtLvaTt0OJa2UnU
aAEJAhAjKsBPBcSGRBgbDk+peX46kE7gF1p0tIqKjD1mBaSW5+x5xcITUHQxTcuV
tievOikl8nF+zBDmG3TlRiKimMGz2DwlARwkIsXOaU9I/VVwot153VYG/tpEbqKs
8LzbNsLdj2Ld
=S0CC
-----END PGP MESSAGE-----
fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
version: 3.7.3
apps/k8s01/blog/kustomization.yaml 0 → 100644
+ 12
0
View file @ 6da44fe0
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: blog
resources:
- namespace.yaml
- certificate.yaml
- blog.yaml
- ingress.yaml
- ../../../shared/networkpolicies/allow-from-ingress.yaml
- ../../../shared/resourcequotas/default.yaml
patchesStrategicMerge:
- networkpolicy.yaml
\ No newline at end of file
apps/k8s01/blog/namespace.yaml 0 → 100644
+ 31
0
View file @ 6da44fe0
apiVersion: v1
kind: Namespace
metadata:
name: blog
labels:
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/enforce: baseline
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/audit-version: v1.23
pod-security.kubernetes.io/enforce-version: v1.23
pod-security.kubernetes.io/warn-version: v1.23
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flux-reconciler
namespace: blog
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: flux-reconciler
namespace: blog
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- kind: ServiceAccount
name: flux-reconciler
namespace: blog
apps/k8s01/blog/networkpolicy.yaml 0 → 100644
+ 9
0
View file @ 6da44fe0
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-ingress
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: blog
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment