d-b.ca/db-cd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add stage.d-b.ca application

Browse Source
This commit is contained in:
Drew Bowering 2025-05-11 12:23:52 -06:00
parent 1978ece02a
commit c57e6bd981
Signed by: drew
GPG Key ID: DC9462335BDDAC6B
8 changed files with 129 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/kustomize/web/base/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- web/deployment.yaml
- web/ingress.yaml
- web/service.yaml
- web/web-backend-tls.yaml

35
apps/kustomize/web/base/web/deployment.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
labels:
app: web
spec:
selector:
matchLabels:
app: web
replicas: 2
template:
metadata:
labels:
app: web
spec:
containers:
- name: web
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
memory: 512Mi
ports:
- containerPort: 443
protocol: TCP
name: https
volumeMounts:
- mountPath: /tls
name: web-backend-tls
volumes:
- name: web-backend-tls
secret:
secretName: web-backend-tls

11
apps/kustomize/web/base/web/ingress.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
acme.cert-manager.io/http01-ingress-class: nginx
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
name: web
labels:
app: web
spec:
ingressClassName: nginx

13
apps/kustomize/web/base/web/service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: web
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: 443
selector:
app: web
type: ClusterIP

13
apps/kustomize/web/base/web/web-backend-tls.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: web-backend-tls
spec:
secretName: web-backend-tls
duration: 2160h # 90d
renewBefore: 360h # 15d
dnsNames:
- web
issuerRef:
name: kubernetes-issuer
kind: ClusterIssuer

9
apps/kustomize/web/envs/stage/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
patchesStrategicMerge:
- web/ingress.yaml
- web/web-image.yaml

30
apps/kustomize/web/envs/stage/web/ingress.yaml Normal file
View File

@ -0,0 +1,30 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-forward-auth-proxy-default.iam.svc.k8s.ho.brds.ca:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |-
https://stage.d-b.ca/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
name: web
spec:
rules:
- host: stage.d-b.ca
http:
paths:
- backend:
service:
name: web
port:
name: https
path: /
pathType: Prefix
tls:
- hosts:
- stage.d-b.ca
secretName: web-tls

10
apps/kustomize/web/envs/stage/web/web-image.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
spec:
template:
spec:
containers:
- name: web
image: git.brds.ca/d-b.ca/web:6d7d641bc24a17038441054568943cb230cedce9