90DaysOfDevOps/2022/ja/Days/Kubernetes/pacman-stateful-demo.yaml

281 lines
5.9 KiB
YAML

apiVersion: v1
kind: Namespace
metadata:
name: pacman
"labels": {
"name": "pacman"
}
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: pacman
namespace: pacman
spec:
privileged: true
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- '*'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: pacman-clusterrole
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- pacman
- apiGroups: [""]
resources: ["pods", "nodes"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pacman-clusterrole
namespace: pacman
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pacman-clusterrole
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts
- kind: ServiceAccount
name: default
namespace: pacman
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pacman-clusterrole
namespace: pacman
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pacman-clusterrole
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts
- kind: ServiceAccount
name: default
namespace: pacman
---
apiVersion: v1
kind: Secret
metadata:
name: mongodb-users-secret
namespace: pacman
type: Opaque
data:
database-admin-name: Y2x5ZGU=
database-admin-password: Y2x5ZGU=
database-name: cGFjbWFu
database-password: cGlua3k=
database-user: Ymxpbmt5
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: mongo-storage
namespace: pacman
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
name: mongo
name: mongo
namespace: pacman
annotations:
source: "https://github.com/saintdle/pacman-tanzu"
spec:
replicas: 1
serviceName: mongo
selector:
matchLabels:
name: mongo
template:
metadata:
labels:
name: mongo
spec:
initContainers:
- args:
- |
mkdir -p /bitnami/mongodb
chown -R "1001:1001" "/bitnami/mongodb"
command:
- /bin/bash
- -ec
image: docker.io/bitnami/bitnami-shell:10-debian-10-r158
imagePullPolicy: Always
name: volume-permissions
resources: {}
securityContext:
runAsUser: 0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /bitnami/mongodb
name: mongo-db
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
fsGroup: 1001
serviceAccountName: default
terminationGracePeriodSeconds: 30
volumes:
- name: mongo-db
persistentVolumeClaim:
claimName: mongo-storage
containers:
- image: bitnami/mongodb:4.4.8
name: mongo
env:
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
key: database-admin-password
name: mongodb-users-secret
- name: MONGODB_DATABASE
valueFrom:
secretKeyRef:
key: database-name
name: mongodb-users-secret
- name: MONGODB_PASSWORD
valueFrom:
secretKeyRef:
key: database-password
name: mongodb-users-secret
- name: MONGODB_USERNAME
valueFrom:
secretKeyRef:
key: database-user
name: mongodb-users-secret
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USERNAME -p $MONGODB_PASSWORD
--eval="quit()"
ports:
- name: mongo
containerPort: 27017
volumeMounts:
- name: mongo-db
mountPath: /bitnami/mongodb/
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: pacman
name: pacman
namespace: pacman
annotations:
source: "https://github.com/saintdle/pacman-tanzu"
spec:
replicas: 1
selector:
matchLabels:
name: pacman
template:
metadata:
labels:
name: pacman
spec:
containers:
- image: quay.io/ifont/pacman-nodejs-app:latest
name: pacman
ports:
- containerPort: 8080
name: http-server
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 8080
readinessProbe:
httpGet:
path: /
port: 8080
env:
- name: MONGO_SERVICE_HOST
value: mongo
- name: MONGO_AUTH_USER
valueFrom:
secretKeyRef:
key: database-user
name: mongodb-users-secret
- name: MONGO_AUTH_PWD
valueFrom:
secretKeyRef:
key: database-password
name: mongodb-users-secret
- name: MONGO_DATABASE
value: pacman
- name: MY_MONGO_PORT
value: "27017"
- name: MONGO_USE_SSL
value: "false"
- name: MONGO_VALIDATE_SSL
value: "false"
- name: MY_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
---
apiVersion: v1
kind: Service
metadata:
labels:
name: mongo
name: mongo
namespace: pacman
spec:
type: ClusterIP
ports:
- port: 27017
targetPort: 27017
selector:
name: mongo
---
apiVersion: v1
kind: Service
metadata:
name: pacman
namespace: pacman
labels:
name: pacman
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
name: pacman