Skip to content
Snippets Groups Projects
Verified Commit 6da44fe0 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

feat(blog): Provide intial blog deployment

This patch is a first try to move my blog into the cluster. There is still quite
some refinement to do.
parent 2bbb6b56
Branches
Tags
No related merge requests found
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: blog
labels:
app.kubernetes.io/name: blog
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: blog
template:
metadata:
labels:
app.kubernetes.io/name: blog
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app.kubernetes.io/name: blog
topologyKey: kubernetes.io/hostname
automountServiceAccountToken: false
containers:
- name: dnsproxy
image: quay.io/shivering-isles/blog:latest
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
name: http
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 100m
memory: 256Mi
---
apiVersion: v1
kind: Service
metadata:
name: blog
labels:
app.kubernetes.io/name: blog
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: blog
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: blog
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/name: blog
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: blog-tls
namespace: blog
labels:
app.kubernetes.io/name: blog
spec:
privateKey:
algorithm: Ed25519
dnsNames:
- ENC[AES256_GCM,data:0GFhR/qy7O08SttmyTr7XE4Myw==,iv:A/uABlCzi7KWoUsVGdZC0oW1P/AhXfRiyHAr1DGNlPA=,tag:QymCw+8esywtOeIm+mE5Iw==,type:str]
- ENC[AES256_GCM,data:EwUpRPyUQnP2VW6K4qygCqlqYN2nXWs=,iv:FIBxTelhrzOmDRbfebIb/rNqI9Ex2AgS2YOJgHcFB5A=,tag:q0/vNaVzafhxAMbHQVUz6g==,type:str]
issuerRef:
name: letsencrypt
kind: ClusterIssuer
secretName: ingress-blog-tls
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-11-13T02:09:37Z"
mac: ENC[AES256_GCM,data:gGSRaXKGVoFeFaJOmWYacdiGnw0S4guWB/0bdxRTtlS7hP3zYrUD/Em1Wzyfque57Ykmq8egQ+a+6ExFFIMp9w/PA4vh2NWa0QxuET45JihpXZDqMkYj4trMvkzx6/GbAm/e7qOLXC9a8vTuJMG70J46yxfIKtXti1S82GnSjak=,iv:ObaMfHmMbjHPJFYRwQlFDx/JMCuMuI02r0vrNze5+2s=,tag:xyl4Vay/GFolaHSyZJazsA==,type:str]
pgp:
- created_at: "2022-01-21T18:13:48Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7kpg2bgzVHcARAAs0OQxzkgcgs/iXO3DXjnuyddgI5X/Gz5Gd3q0U6MrK18
gfZIWvh2gemiU0YepfnQwbHkFLWOO/hYLjppAd4/HS93Gg8Hqg7Kh9WLiQFqolAn
SSvm1KvlesTselWGu8/282UO5jDM7E0NuqsHPC9K/4im+jkWO9s2fAw+hQIvvVPw
CktPYqihMvTmLyTVX9dMkwgDzTdJ8JeaI26S5tyMkAg+B/ymxKWG4m7bRIG9+kOD
fnsUUfd+zobOLR3w251+AydJlCy3gs6hJYlW1wz8m6cOzKHe3SEnN9GLJSbSa95n
+WpY31VF+eXZ4Z8GXoy3QHTWzbcWJ10RKb5eTPixAJzL3opSTbKJGmUuQlq+/9Wg
876dUQGl26CHm8solPytStPJDoSjcNbClJN1Rfp2SopAucqDG5XPIzXh7gIzfwrR
qauiO2AnC85DkWwU9w3wODB9zY3PzcmbzxyLPzEqnSABIEVw8VJoM/pnIRv2gs17
2YN61VO/YgUuxXtvvAHMgk1XQPfH45bM/i9lwX8EHDHqBWQVtYIqyw0lnVPZl1Hz
VuN6/aH4AnVAqeMjS4ezLZ26cyF8S/wkuQPK8tOfOs2l4smD1jp67A1A9RQfF4Hz
QRHL7VEc3EElB7FobZSAccjptfghhFjtIEhrmiZJgIIFcYv8IGDCf59pmVXSUKPS
UQGgA6xeWVYOj7DKYrgO4xMUXtofOv4WVRFO7iejeRqF5YbWmaCIq0GNvpwwZvWe
jqtu9MjOqwG0X682yB6/Ss/HBV+vAYrMoRqunjrSlZ+oLw==
=pOY7
-----END PGP MESSAGE-----
fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- created_at: "2022-01-21T18:13:48Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4oYbIHZIrAPARAAlM62U+idC9A4irm5RkSx5fZv+HGu7Jrm5GNPzv2tQ9WY
ponFAjh0/DDq2qWcpveRS3owFAwhoMbm1vYx9O29ycM5XzjxHF5CjytSssRU0FkX
UK5OdW+SURLREvIOZjYoEqjxFGj22ZAegkNIHYadTSGyesWM8Fj3Q6Su0EVyeyaI
FaE5Eo3Ya0tn7p+oMoAsJFJhtz9oFvPcaXCri+BTiIHCGZBQf9ndAvpr23zd2cO8
LBNwHOmJmtiHM3xndhVstBt9YnRqjqg3hZt65zB7LIP8zRPDtzsvTAdcLMkibhh5
GPn6JyOvlBPFrxR0ZmuGTURFODfjFrjn96igHDGbET1XKDVb99uQA7tJDRjZYUPM
3zfjj+aKi8R9k+/fU/jO827K8jHN9tPmrsJslUGDtV6sRxfWXUsfur8840TfnFBm
f8mqqOBA9ahJaN+0EyXvFHCfPglYs7zXKL4fYnO6PKB7fR+IDFUQzHxZGDTgLB6g
gtayT8FHE6EQ/1Lxsjw4kHfJYlabi5jSPAWtws/RXF8oZgByT6O1yYCtfJPzzlyT
A9b2X2EG4Lj6QFQNN7n/qOwa6timOrdZOfIDLMZt7JIDpHXhCmzo2WCm3wFS/L4R
6zuYDUg5rm3sxHzcw+9xn/PK8yedVCmCGNrnON9hn0TeqXmuY87KQu1Az+3wJqDU
ZgEJAhCnHsdsGhUmeXb4Lb8+hJfFB1DTL3qk6iPqxPsjfA1n3N/KYLd3KYWaM6fm
21yCsmkJZRWxgOwTPbF+KIQAq4yleW06ys6DFLz2wgLc3LlRjJFlPeajM6v6XicO
lDUgoEyZhw==
=y2A9
-----END PGP MESSAGE-----
fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$
version: 3.7.3
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: blog
namespace: blog
labels:
app.kubernetes.io/name: blog
annotations:
forecastle.stakater.com/expose: "true"
forecastle.stakater.com/appName: Blog
forecastle.stakater.com/group: Apps
spec:
rules:
- host: ENC[AES256_GCM,data:ppI47WC3acfE0wU+ES4GIYYrpQ==,iv:64B7Iq33LIA0ZlW/dX70WPIt8+USIj8WyQKsnDV84KM=,tag:o0OUBlEvgYyyJeLG729HzA==,type:str]
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: blog
port:
number: 80
- host: ENC[AES256_GCM,data:KuF4mLV6HvWj2If/YHEnefFLprYilow=,iv:5TAwfNWAH+aDabUeEkkDBQA6icDgbaL99ptqZFwB3Vk=,tag:KRzVkueByKcZKox7YRgcgg==,type:str]
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: blog
port:
number: 80
tls:
- hosts:
- ENC[AES256_GCM,data:PO5x7BaDhzNbw74zPhWFVkUmpg==,iv:tr16kBcknaBHAsPzBS2eCNsuH+yvclLNdaV7t4ObiI0=,tag:jDJHCjybZZ2PclhBmQcfWA==,type:str]
- ENC[AES256_GCM,data:uOa5ivvA40/r2zcptgPNC5+SJYqwAFM=,iv:TwaYhLr6NUJ8s2MooJ6WDfnbcICTlpbUUe1i2hibjIE=,tag:87iuuLIHkzsJCBdna/nKfg==,type:str]
secretName: ingress-blog-tls
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2022-11-13T02:09:45Z"
mac: ENC[AES256_GCM,data:rXKZ7xsJbQ6x1HchVKlyK8j2Mr2DlAA1Re9LDoN+R6dIv8+2LahGcoVYblI9L1SNr2Ou+V8AEYEp79lDE1NBnqtFCmpg1UJUXfunwuw9NQYVy75LucWh3315A9wlzcMl90A2DgkjIZpsgz8DCjHWJtIQKYrpLNzm/g9k+6qswPE=,iv:29WyyXfxFE/k/NaSaLvgVadNcGyRK+g5AW7lXXsC4d4=,tag:EVTSL8stQ2rjpoGzoL9VcQ==,type:str]
pgp:
- created_at: "2022-09-13T20:16:18Z"
enc: |-
-----BEGIN PGP MESSAGE-----
wcFMA7kpg2bgzVHcAQ//QKUo6MGGO7kJyGfQ8WULaFNILDGmSNjPj6avjps8nbpa
BdNlszBms4ghflXW6xfBe2vqTvo+Bjd6XqngSoEOpYQNruKTodDpkRBj2KsT+nza
PfQocIiGaLmYsjdT7RtrCIzkm27IwL1MMtPrWPPfiiRHv5lw18y+l2c2kkO8TA4A
eETwEpbeVTo+iryTYSHMQKHeKk+s3Oh/MVGHHC3AlNn8hmvi2Wt/eSLye27a7J5T
lbJrNkIDX/1G9NR0bg2045MkljzYyY7ttP58j+WsOca3ct8NWy4Z4OQeldCmwIFr
BrKYCoFI6eZ6DHT9Rlqm246WN70hbRb7usCgX8dn8WT/Z8dXWzRryYtIVjkzrIVm
AZQ1XelkdXybGa/ORV5aj81AIXu7konepcJX64L6OxcQjFhQWAO7y1rwclOW8QOb
h2RlsE79wNobUsErXTvUmsW30l0GWYeh3IgR0HAMu2P8ttDvb8I4yu5H1/5uZnZY
jLBnH8ooC9uDnh2z5u6ru5JmHjlQ8BWUF/dptt57qUo/I+xBhiSCqYLFo2WOy1lx
hDlSzIE5Sn5TA3fxXyc9Hwv5/c3ELW6EuXqiy4MUcLREL07C4OLp0/1q/Tshj0FG
PReQZkVON4jFuDtfFVID8Rm20CBkVe2xahThK8jCGms15UpiU8hsv8VgAn7aIsPS
UQF1wuAsfdOVLBugwP0jsc57R60KmtLpig04S0WLJAlNEXGk+yGqAsluHGxJpnnm
LUM72fLPLolfVdF2aS9UjTSkSy34Rh5J/j08usEN8R7mWw==
=xL8K
-----END PGP MESSAGE-----
fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
- created_at: "2022-09-13T20:16:18Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4oYbIHZIrAPARAAi5C2YbFg1dJGa/C+tsp2xn3fhu5Qvl2ywWFz/lWyO6rW
si4H0ivAkiI85jd2xgxXq54EWY5pkH0a/Ynly5p9zJuZf+dXP5RkOa7EEbv7h/UV
ZRQRpJRJuMKIOUXHKvRR93lQYItSPTCkcRkt6mVEhvYQwOxJmmmjtOF1umbra3Zi
sFWez2yil9BCC9kGWM4n2kHHLhb0RJdlfj3tP7RTYC9ssGCdoUnh4CgksRv6QW2G
HbrO38UJf96gzrjh09HJS4gSnIbtHVDGZ5lVITFpU3WPirga4BGEgib6Ip2GNb4i
6hPmb3aWFwLeHf83CoDV8VbL03t5OLdeUWkAn9xNSZOPy8rZJgm/UXfuii1l39ui
gJk2VWVleK1rHGEV+sCsjGQjQvGL6QUgB+4dp6petsw5Jt1gxBbVZmvkuWjpkPw4
BkLHPf51Gs0SCogWaVf5XdQqX1bovTZotTbTpa6A0G4iwsPIqQkSB/C7ykod5I0s
lXBqXCk9sgAr+hxdRtMpzZJhWC82EoP+Z8IhVEl0GvRyFC+BjFJKMNiTNLRsqmxL
iGaZrCXym7qM++uGKaUWmhVPg3g+l2AUmAwgf6ISIGQolaIf7J+jIc9jw4HSYcIM
MAjvGOGD02ABGvNGwiyi84ibIhnVngmrxuBrQTfBSfhqhJa6XUtLvaTt0OJa2UnU
aAEJAhAjKsBPBcSGRBgbDk+peX46kE7gF1p0tIqKjD1mBaSW5+x5xcITUHQxTcuV
tievOikl8nF+zBDmG3TlRiKimMGz2DwlARwkIsXOaU9I/VVwot153VYG/tpEbqKs
8LzbNsLdj2Ld
=S0CC
-----END PGP MESSAGE-----
fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
version: 3.7.3
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: blog
resources:
- namespace.yaml
- certificate.yaml
- blog.yaml
- ingress.yaml
- ../../../shared/networkpolicies/allow-from-ingress.yaml
- ../../../shared/resourcequotas/default.yaml
patchesStrategicMerge:
- networkpolicy.yaml
\ No newline at end of file
apiVersion: v1
kind: Namespace
metadata:
name: blog
labels:
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/enforce: baseline
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/audit-version: v1.23
pod-security.kubernetes.io/enforce-version: v1.23
pod-security.kubernetes.io/warn-version: v1.23
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flux-reconciler
namespace: blog
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: flux-reconciler
namespace: blog
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- kind: ServiceAccount
name: flux-reconciler
namespace: blog
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-ingress
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: blog
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment