diff options
| author | Xe Iaso <me@xeiaso.net> | 2024-05-31 14:33:47 -0400 |
|---|---|---|
| committer | Xe Iaso <me@xeiaso.net> | 2024-05-31 14:33:56 -0400 |
| commit | e7a5a25e62fb05ffbfbf66e846093fdf1216944c (patch) | |
| tree | e72718a64ee8a2ab2d8a503218e79f20802fa32b /cmd/mimi | |
| parent | f75745a1cb5bead3e509275333b720c2c93de198 (diff) | |
| download | x-e7a5a25e62fb05ffbfbf66e846093fdf1216944c.tar.xz x-e7a5a25e62fb05ffbfbf66e846093fdf1216944c.zip | |
cmd/mimi: prepare for k8s
Signed-off-by: Xe Iaso <me@xeiaso.net>
Diffstat (limited to 'cmd/mimi')
| -rw-r--r-- | cmd/mimi/manifest.yaml | 149 |
1 files changed, 149 insertions, 0 deletions
diff --git a/cmd/mimi/manifest.yaml b/cmd/mimi/manifest.yaml new file mode 100644 index 0000000..3de5dc4 --- /dev/null +++ b/cmd/mimi/manifest.yaml @@ -0,0 +1,149 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: mimi + labels: + app.kubernetes.io/name: mimi +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: irc + namespace: mimi + labels: + app.kubernetes.io/name: mimi +spec: + itemPath: "vaults/Kubernetes/items/IRC [Mara]" +--- +apiVersion: onepassword.com/v1 +kind: OnePasswordItem +metadata: + name: mimi + namespace: mimi + labels: + app.kubernetes.io/name: mimi +spec: + itemPath: "vaults/Kubernetes/items/Mimi" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mimi + namespace: mimi + labels: + app.kubernetes.io/name: mimi + annotations: + operator.1password.io/auto-restart: "true" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: mimi + template: + metadata: + namespace: mimi + labels: + app.kubernetes.io/name: mimi + spec: + volumes: + - name: mimi + secret: + secretName: mimi + - name: irc + secret: + secretName: irc + securityContext: + fsGroup: 1000 + containers: + - name: main + image: ghcr.io/xe/x/mimi:latest + imagePullPolicy: "Always" + resources: + limits: + cpu: "4" + memory: "1024Mi" + requests: + cpu: "2" + memory: "1025Mi" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + livenessProbe: + httpGet: + path: /healthz + port: 8080 + httpHeaders: + - name: X-Kubernetes + value: "is kinda okay" + initialDelaySeconds: 3 + periodSeconds: 3 + env: + - name: BIND + value: ":8080" + - name: DB_LOC + value: "/data/mi.db" + - name: INTERNAL_BIND + value: ":9195" + volumeMounts: + - name: mimi + readOnly: true + mountPath: "/run/secrets/mimi" + - name: irc + readOnly: true + mountPath: "/run/secrets/irc" +--- +apiVersion: v1 +kind: Service +metadata: + name: mimi + namespace: mimi + labels: + app.kubernetes.io/name: mimi +spec: + selector: + app.kubernetes.io/name: mimi + ports: + - protocol: TCP + port: 80 + targetPort: 9002 + name: http + - protocol: TCP + port: 9001 + targetPort: 9001 + name: grpc + type: ClusterIP +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: mi-public + namespace: mi + labels: + app.kubernetes.io/name: mimi + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + ingressClassName: nginx + tls: + - hosts: + - mimi.cetacean.club + secretName: mimi-public-tls + rules: + - host: mimi.cetacean.club + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: mi + port: + name: http |