| giolekva | b64297c | 2021-12-13 14:36:32 +0400 | [diff] [blame] | 1 | apiVersion: v1 |
| 2 | kind: Service |
| 3 | metadata: |
| 4 | name: nebula-api |
| 5 | namespace: {{ .Release.Namespace }} |
| 6 | spec: |
| 7 | type: LoadBalancer |
| 8 | selector: |
| 9 | app: nebula-api |
| 10 | ports: |
| 11 | - name: http |
| 12 | port: 80 |
| 13 | targetPort: http |
| 14 | protocol: TCP |
| 15 | --- |
| 16 | apiVersion: apps/v1 |
| 17 | kind: Deployment |
| 18 | metadata: |
| 19 | name: nebula-api |
| 20 | namespace: {{ .Release.Namespace }} |
| 21 | spec: |
| 22 | selector: |
| 23 | matchLabels: |
| 24 | app: nebula-api |
| 25 | replicas: 1 |
| 26 | template: |
| 27 | metadata: |
| 28 | labels: |
| 29 | app: nebula-api |
| 30 | spec: |
| giolekva | cc3ebcb | 2021-12-17 10:52:17 +0400 | [diff] [blame^] | 31 | volumes: |
| 32 | - name: config |
| 33 | configMap: |
| 34 | name: lighthouse-config-template |
| giolekva | b64297c | 2021-12-13 14:36:32 +0400 | [diff] [blame] | 35 | containers: |
| 36 | - name: api |
| 37 | image: {{ .Values.api.image.repository }}:{{ .Values.api.image.tag }} |
| 38 | imagePullPolicy: {{ .Values.api.image.pullPolicy }} |
| 39 | ports: |
| 40 | - name: http |
| 41 | containerPort: 8080 |
| 42 | protocol: TCP |
| 43 | command: |
| 44 | - nebula-api |
| 45 | - --port=8080 |
| 46 | - --namespace={{ .Release.Namespace }} |
| giolekva | f58a769 | 2021-12-15 18:05:39 +0400 | [diff] [blame] | 47 | - --ca-name={{ .Values.certificateAuthority.name }} |
| giolekva | cc3ebcb | 2021-12-17 10:52:17 +0400 | [diff] [blame^] | 48 | - --config-tmpl=/etc/nebula-api/config/lighthouse.yaml |
| 49 | volumeMounts: |
| 50 | - name: config |
| 51 | mountPath: /etc/nebula-api/config |
| 52 | readOnly: true |
| giolekva | b64297c | 2021-12-13 14:36:32 +0400 | [diff] [blame] | 53 | resources: |
| 54 | requests: |
| 55 | memory: "10Mi" |
| 56 | cpu: "10m" |
| 57 | limits: |
| 58 | memory: "20Mi" |
| 59 | cpu: "100m" |
| 60 | tolerations: |
| 61 | - key: "pcloud" |
| 62 | operator: "Equal" |
| 63 | value: "role" |
| 64 | effect: "NoSchedule" |
| 65 | --- |
| 66 | apiVersion: networking.k8s.io/v1 |
| 67 | kind: Ingress |
| 68 | metadata: |
| 69 | name: ingress |
| 70 | namespace: {{ .Release.Namespace }} |
| 71 | spec: |
| 72 | ingressClassName: {{ .Values.ingressClassName }} |
| 73 | tls: |
| 74 | - hosts: |
| 75 | - vpn.{{ .Values.domain }} |
| 76 | secretName: cert-vpn.{{ .Values.domain }} |
| 77 | rules: |
| 78 | - host: vpn.{{ .Values.domain }} |
| 79 | http: |
| 80 | paths: |
| 81 | - path: / |
| 82 | pathType: Prefix |
| 83 | backend: |
| 84 | service: |
| 85 | name: nebula-api |
| 86 | port: |
| 87 | name: http |
| 88 | --- |
| 89 | apiVersion: cert-manager.io/v1 |
| 90 | kind: Certificate |
| 91 | metadata: |
| 92 | name: vpn.{{ .Values.domain }} |
| 93 | namespace: {{ .Release.Namespace }} |
| 94 | annotations: |
| 95 | helm.sh/resource-policy: keep |
| 96 | spec: |
| 97 | dnsNames: |
| 98 | - 'vpn.{{ .Values.domain }}' |
| 99 | issuerRef: |
| 100 | name: {{ .Values.certificateIssuer }} |
| 101 | kind: ClusterIssuer |
| 102 | secretName: cert-vpn.{{ .Values.domain }} |