mirror of
https://github.com/MichaelCade/90DaysOfDevOps.git
synced 2025-01-21 01:37:56 +07:00
281 lines
5.9 KiB
YAML
281 lines
5.9 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: pacman
|
|
"labels": {
|
|
"name": "pacman"
|
|
}
|
|
---
|
|
apiVersion: policy/v1beta1
|
|
kind: PodSecurityPolicy
|
|
metadata:
|
|
name: pacman
|
|
namespace: pacman
|
|
spec:
|
|
privileged: true
|
|
seLinux:
|
|
rule: RunAsAny
|
|
supplementalGroups:
|
|
rule: RunAsAny
|
|
runAsUser:
|
|
rule: RunAsAny
|
|
fsGroup:
|
|
rule: RunAsAny
|
|
volumes:
|
|
- '*'
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: pacman-clusterrole
|
|
rules:
|
|
- apiGroups:
|
|
- policy
|
|
resources:
|
|
- podsecuritypolicies
|
|
verbs:
|
|
- use
|
|
resourceNames:
|
|
- pacman
|
|
- apiGroups: [""]
|
|
resources: ["pods", "nodes"]
|
|
verbs: ["get", "watch", "list"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: pacman-clusterrole
|
|
namespace: pacman
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: pacman-clusterrole
|
|
subjects:
|
|
- apiGroup: rbac.authorization.k8s.io
|
|
kind: Group
|
|
name: system:serviceaccounts
|
|
- kind: ServiceAccount
|
|
name: default
|
|
namespace: pacman
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: pacman-clusterrole
|
|
namespace: pacman
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: pacman-clusterrole
|
|
subjects:
|
|
- apiGroup: rbac.authorization.k8s.io
|
|
kind: Group
|
|
name: system:serviceaccounts
|
|
- kind: ServiceAccount
|
|
name: default
|
|
namespace: pacman
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: mongodb-users-secret
|
|
namespace: pacman
|
|
type: Opaque
|
|
data:
|
|
database-admin-name: Y2x5ZGU=
|
|
database-admin-password: Y2x5ZGU=
|
|
database-name: cGFjbWFu
|
|
database-password: cGlua3k=
|
|
database-user: Ymxpbmt5
|
|
---
|
|
kind: PersistentVolumeClaim
|
|
apiVersion: v1
|
|
metadata:
|
|
name: mongo-storage
|
|
namespace: pacman
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
labels:
|
|
name: mongo
|
|
name: mongo
|
|
namespace: pacman
|
|
annotations:
|
|
source: "https://github.com/saintdle/pacman-tanzu"
|
|
spec:
|
|
replicas: 1
|
|
serviceName: mongo
|
|
selector:
|
|
matchLabels:
|
|
name: mongo
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: mongo
|
|
spec:
|
|
initContainers:
|
|
- args:
|
|
- |
|
|
mkdir -p /bitnami/mongodb
|
|
chown -R "1001:1001" "/bitnami/mongodb"
|
|
command:
|
|
- /bin/bash
|
|
- -ec
|
|
image: docker.io/bitnami/bitnami-shell:10-debian-10-r158
|
|
imagePullPolicy: Always
|
|
name: volume-permissions
|
|
resources: {}
|
|
securityContext:
|
|
runAsUser: 0
|
|
terminationMessagePath: /dev/termination-log
|
|
terminationMessagePolicy: File
|
|
volumeMounts:
|
|
- mountPath: /bitnami/mongodb
|
|
name: mongo-db
|
|
restartPolicy: Always
|
|
schedulerName: default-scheduler
|
|
securityContext:
|
|
fsGroup: 1001
|
|
serviceAccountName: default
|
|
terminationGracePeriodSeconds: 30
|
|
volumes:
|
|
- name: mongo-db
|
|
persistentVolumeClaim:
|
|
claimName: mongo-storage
|
|
containers:
|
|
- image: bitnami/mongodb:4.4.8
|
|
name: mongo
|
|
env:
|
|
- name: MONGODB_ROOT_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: database-admin-password
|
|
name: mongodb-users-secret
|
|
- name: MONGODB_DATABASE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: database-name
|
|
name: mongodb-users-secret
|
|
- name: MONGODB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: database-password
|
|
name: mongodb-users-secret
|
|
- name: MONGODB_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: database-user
|
|
name: mongodb-users-secret
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- /bin/sh
|
|
- -i
|
|
- -c
|
|
- mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USERNAME -p $MONGODB_PASSWORD
|
|
--eval="quit()"
|
|
ports:
|
|
- name: mongo
|
|
containerPort: 27017
|
|
volumeMounts:
|
|
- name: mongo-db
|
|
mountPath: /bitnami/mongodb/
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
name: pacman
|
|
name: pacman
|
|
namespace: pacman
|
|
annotations:
|
|
source: "https://github.com/saintdle/pacman-tanzu"
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
name: pacman
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: pacman
|
|
spec:
|
|
containers:
|
|
- image: quay.io/ifont/pacman-nodejs-app:latest
|
|
name: pacman
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http-server
|
|
protocol: TCP
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 8080
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
port: 8080
|
|
env:
|
|
- name: MONGO_SERVICE_HOST
|
|
value: mongo
|
|
- name: MONGO_AUTH_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: database-user
|
|
name: mongodb-users-secret
|
|
- name: MONGO_AUTH_PWD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: database-password
|
|
name: mongodb-users-secret
|
|
- name: MONGO_DATABASE
|
|
value: pacman
|
|
- name: MY_MONGO_PORT
|
|
value: "27017"
|
|
- name: MONGO_USE_SSL
|
|
value: "false"
|
|
- name: MONGO_VALIDATE_SSL
|
|
value: "false"
|
|
- name: MY_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: spec.nodeName
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
name: mongo
|
|
name: mongo
|
|
namespace: pacman
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 27017
|
|
targetPort: 27017
|
|
selector:
|
|
name: mongo
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: pacman
|
|
namespace: pacman
|
|
labels:
|
|
name: pacman
|
|
spec:
|
|
type: LoadBalancer
|
|
ports:
|
|
- port: 80
|
|
targetPort: 8080
|
|
protocol: TCP
|
|
selector:
|
|
name: pacman |