scripts/homelab/root-ca-server.yaml - pcloud - Gitiles

 # TODO(giolekva): move to ingerss-nginx-private namespace
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: selfsigned-root-ca
   namespace: cert-manager
 spec:
   selector:
     matchLabels:
       app: selfsigned-root-ca
   replicas: 1
   template:
     metadata:
       labels:
         app: selfsigned-root-ca
     spec:
       volumes:
       - name: root-ca-secret
         secret:
           secretName: selfsigned-ca-root
           items:
           - key: ca.crt
             path: selfsigned-root-ca.crt
       containers:
       - name: maddy
         image: giolekva/static-file-server:latest
         imagePullPolicy: Always
         ports:
         - name: http
           containerPort: 80
         command: ["static-file-server"]
         args: ["-port=80", "-dir=/etc/static-file-server/data"]
         volumeMounts:
         - name: root-ca-secret
           mountPath: /etc/static-file-server/data/
           readOnly: true
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: selfsigned-root-ca
   namespace: cert-manager
 spec:
   type: ClusterIP
   selector:
     app: selfsigned-root-ca
   ports:
     - name: http
       port: 80
       targetPort: http
       protocol: TCP
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: selfsigned-root-ca
   namespace: cert-manager
   annotations:
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
 spec:
   ingressClassName: nginx-private
   rules:
   - host: root-ca.pcloud
     http:
       paths:
       - pathType: Prefix
         path: "/"
         backend:
           service:
             name: selfsigned-root-ca
             port:
               name: http
	# TODO(giolekva): move to ingerss-nginx-private namespace
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: selfsigned-root-ca
	namespace: cert-manager
	spec:
	selector:
	matchLabels:
	app: selfsigned-root-ca
	replicas: 1
	template:
	metadata:
	labels:
	app: selfsigned-root-ca
	spec:
	volumes:
	- name: root-ca-secret
	secret:
	secretName: selfsigned-ca-root
	items:
	- key: ca.crt
	path: selfsigned-root-ca.crt
	containers:
	- name: maddy
	image: giolekva/static-file-server:latest
	imagePullPolicy: Always
	ports:
	- name: http
	containerPort: 80
	command: ["static-file-server"]
	args: ["-port=80", "-dir=/etc/static-file-server/data"]
	volumeMounts:
	- name: root-ca-secret
	mountPath: /etc/static-file-server/data/
	readOnly: true
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: selfsigned-root-ca
	namespace: cert-manager
	spec:
	type: ClusterIP
	selector:
	app: selfsigned-root-ca
	ports:
	- name: http
	port: 80
	targetPort: http
	protocol: TCP
	---
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: selfsigned-root-ca
	namespace: cert-manager
	annotations:
	nginx.ingress.kubernetes.io/ssl-redirect: "false"
	spec:
	ingressClassName: nginx-private
	rules:
	- host: root-ca.pcloud
	http:
	paths:
	- pathType: Prefix
	path: "/"
	backend:
	service:
	name: selfsigned-root-ca
	port:
	name: http