| giolekva | 7032d3c | 2021-10-22 14:46:31 +0400 | [diff] [blame^] | 1 | --- |
| 2 | apiVersion: v1 |
| 3 | kind: Namespace |
| 4 | metadata: |
| 5 | name: core-auth |
| 6 | --- |
| 7 | apiVersion: v1 |
| 8 | kind: Service |
| 9 | metadata: |
| 10 | name: kratos |
| 11 | namespace: core-auth |
| 12 | spec: |
| 13 | type: ClusterIP |
| 14 | selector: |
| 15 | app: kratos |
| 16 | ports: |
| 17 | - name: public |
| 18 | port: 80 |
| 19 | targetPort: public |
| 20 | protocol: TCP |
| 21 | - name: admin |
| 22 | port: 81 |
| 23 | targetPort: admin |
| 24 | protocol: TCP |
| 25 | --- |
| 26 | apiVersion: networking.k8s.io/v1 |
| 27 | kind: Ingress |
| 28 | metadata: |
| 29 | name: ingress-kratos-public |
| 30 | namespace: core-auth |
| 31 | annotations: |
| 32 | cert-manager.io/cluster-issuer: "letsencrypt-prod" |
| 33 | acme.cert-manager.io/http01-edit-in-place: "true" |
| 34 | spec: |
| 35 | ingressClassName: nginx |
| 36 | tls: |
| 37 | - hosts: |
| 38 | - accounts.lekva.me |
| 39 | secretName: cert-accounts.lekva.me |
| 40 | rules: |
| 41 | - host: accounts.lekva.me |
| 42 | http: |
| 43 | paths: |
| 44 | - path: / |
| 45 | pathType: Prefix |
| 46 | backend: |
| 47 | service: |
| 48 | name: kratos |
| 49 | port: |
| 50 | name: public |
| 51 | --- |
| 52 | apiVersion: networking.k8s.io/v1 |
| 53 | kind: Ingress |
| 54 | metadata: |
| 55 | name: ingress-kratos-private |
| 56 | namespace: core-auth |
| 57 | annotations: |
| 58 | cert-manager.io/cluster-issuer: "selfsigned-ca" |
| 59 | acme.cert-manager.io/http01-edit-in-place: "true" |
| 60 | spec: |
| 61 | ingressClassName: nginx-private |
| 62 | tls: |
| 63 | - hosts: |
| 64 | - kratos.pcloud |
| 65 | secretName: cert-kratos.pcloud |
| 66 | rules: |
| 67 | - host: kratos.pcloud |
| 68 | http: |
| 69 | paths: |
| 70 | - path: / |
| 71 | pathType: Prefix |
| 72 | backend: |
| 73 | service: |
| 74 | name: kratos |
| 75 | port: |
| 76 | name: admin |
| 77 | --- |
| 78 | apiVersion: apps/v1 |
| 79 | kind: Deployment |
| 80 | metadata: |
| 81 | name: kratos |
| 82 | namespace: core-auth |
| 83 | spec: |
| 84 | selector: |
| 85 | matchLabels: |
| 86 | app: kratos |
| 87 | replicas: 1 |
| 88 | template: |
| 89 | metadata: |
| 90 | labels: |
| 91 | app: kratos |
| 92 | spec: |
| 93 | volumes: |
| 94 | - name: config |
| 95 | configMap: |
| 96 | name: kratos |
| 97 | - name: identity |
| 98 | configMap: |
| 99 | name: identity |
| 100 | containers: |
| 101 | - name: kratos |
| 102 | image: giolekva/ory-kratos:latest |
| 103 | imagePullPolicy: IfNotPresent |
| 104 | ports: |
| 105 | - name: public |
| 106 | containerPort: 4433 |
| 107 | protocol: TCP |
| 108 | - name: admin |
| 109 | containerPort: 4434 |
| 110 | protocol: TCP |
| 111 | command: ["kratos", "--config=/etc/kratos/config/kratos.yaml", "serve"] |
| 112 | #command: ["kratos", "serve"] |
| 113 | # resources: |
| 114 | # requests: |
| 115 | # memory: "10Mi" |
| 116 | # cpu: "10m" |
| 117 | # limits: |
| 118 | # memory: "20Mi" |
| 119 | # cpu: "100m" |
| 120 | volumeMounts: |
| 121 | - name: config |
| 122 | mountPath: /etc/kratos/config |
| 123 | - name: identity |
| 124 | mountPath: /etc/kratos/identity |