scripts/homelab/installer/root-ca-server.yaml - pcloud - Gitiles

 # TODO(giolekva): move to ingerss-nginx-private namespace
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: selfsigned-root-ca
   namespace: cert-manager
 spec:
   selector:
     matchLabels:
       app: selfsigned-root-ca
   replicas: 1
   template:
     metadata:
       labels:
         app: selfsigned-root-ca
     spec:
       volumes:
       - name: root-ca-secret
         secret:
           secretName: selfsigned-ca-root
           items:
           - key: ca.crt
             path: selfsigned-root-ca.crt
       containers:
       - name: file-server
         image: giolekva/static-file-server:latest
         imagePullPolicy: Always
         ports:
         - name: http
           containerPort: 80
         command: ["static-file-server"]
         args: ["-port=80", "-dir=/etc/static-file-server/data"]
         volumeMounts:
         - name: root-ca-secret
           mountPath: /etc/static-file-server/data/
           readOnly: true
         resources:
           requests:
             memory: "10Mi"
             cpu: "10m"
           limits:
             memory: "20Mi"
             cpu: "100m"
       tolerations:
       - key: "pcloud"
         operator: "Equal"
         value: "role"
         effect: "NoSchedule"
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: selfsigned-root-ca
   namespace: cert-manager
 spec:
   type: ClusterIP
   selector:
     app: selfsigned-root-ca
   ports:
     - name: http
       port: 80
       targetPort: http
       protocol: TCP
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: selfsigned-root-ca
   namespace: cert-manager
   annotations:
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
 spec:
   ingressClassName: nginx-private
   rules:
   - host: root-ca.pcloud
     http:
       paths:
       - pathType: Prefix
         path: "/"
         backend:
           service:
             name: selfsigned-root-ca
             port:
               name: http
	# TODO(giolekva): move to ingerss-nginx-private namespace
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: selfsigned-root-ca
	namespace: cert-manager
	spec:
	selector:
	matchLabels:
	app: selfsigned-root-ca
	replicas: 1
	template:
	metadata:
	labels:
	app: selfsigned-root-ca
	spec:
	volumes:
	- name: root-ca-secret
	secret:
	secretName: selfsigned-ca-root
	items:
	- key: ca.crt
	path: selfsigned-root-ca.crt
	containers:
	- name: file-server
	image: giolekva/static-file-server:latest
	imagePullPolicy: Always
	ports:
	- name: http
	containerPort: 80
	command: ["static-file-server"]
	args: ["-port=80", "-dir=/etc/static-file-server/data"]
	volumeMounts:
	- name: root-ca-secret
	mountPath: /etc/static-file-server/data/
	readOnly: true
	resources:
	requests:
	memory: "10Mi"
	cpu: "10m"
	limits:
	memory: "20Mi"
	cpu: "100m"
	tolerations:
	- key: "pcloud"
	operator: "Equal"
	value: "role"
	effect: "NoSchedule"
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: selfsigned-root-ca
	namespace: cert-manager
	spec:
	type: ClusterIP
	selector:
	app: selfsigned-root-ca
	ports:
	- name: http
	port: 80
	targetPort: http
	protocol: TCP
	---
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: selfsigned-root-ca
	namespace: cert-manager
	annotations:
	nginx.ingress.kubernetes.io/ssl-redirect: "false"
	spec:
	ingressClassName: nginx-private
	rules:
	- host: root-ca.pcloud
	http:
	paths:
	- pathType: Prefix
	path: "/"
	backend:
	service:
	name: selfsigned-root-ca
	port:
	name: http