| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: nebula-api |
| namespace: {{ .Release.Namespace }} |
| spec: |
| type: LoadBalancer |
| selector: |
| app: nebula-api |
| ports: |
| - name: http |
| port: 80 |
| targetPort: http |
| protocol: TCP |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: nebula-api |
| namespace: {{ .Release.Namespace }} |
| spec: |
| selector: |
| matchLabels: |
| app: nebula-api |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: nebula-api |
| spec: |
| containers: |
| - name: api |
| image: {{ .Values.api.image.repository }}:{{ .Values.api.image.tag }} |
| imagePullPolicy: {{ .Values.api.image.pullPolicy }} |
| ports: |
| - name: http |
| containerPort: 8080 |
| protocol: TCP |
| command: |
| - nebula-api |
| - --port=8080 |
| - --namespace={{ .Release.Namespace }} |
| - --ca-name={{ .Values.certificateAuthority.name }} |
| resources: |
| requests: |
| memory: "10Mi" |
| cpu: "10m" |
| limits: |
| memory: "20Mi" |
| cpu: "100m" |
| tolerations: |
| - key: "pcloud" |
| operator: "Equal" |
| value: "role" |
| effect: "NoSchedule" |
| --- |
| apiVersion: networking.k8s.io/v1 |
| kind: Ingress |
| metadata: |
| name: ingress |
| namespace: {{ .Release.Namespace }} |
| spec: |
| ingressClassName: {{ .Values.ingressClassName }} |
| tls: |
| - hosts: |
| - vpn.{{ .Values.domain }} |
| secretName: cert-vpn.{{ .Values.domain }} |
| rules: |
| - host: vpn.{{ .Values.domain }} |
| http: |
| paths: |
| - path: / |
| pathType: Prefix |
| backend: |
| service: |
| name: nebula-api |
| port: |
| name: http |
| --- |
| apiVersion: cert-manager.io/v1 |
| kind: Certificate |
| metadata: |
| name: vpn.{{ .Values.domain }} |
| namespace: {{ .Release.Namespace }} |
| annotations: |
| helm.sh/resource-policy: keep |
| spec: |
| dnsNames: |
| - 'vpn.{{ .Values.domain }}' |
| issuerRef: |
| name: {{ .Values.certificateIssuer }} |
| kind: ClusterIssuer |
| secretName: cert-vpn.{{ .Values.domain }} |