| giolekva | 603e73a | 2021-10-22 14:46:45 +0400 | [diff] [blame] | 1 | --- |
| 2 | apiVersion: v1 |
| 3 | kind: Namespace |
| 4 | metadata: |
| 5 | name: core-auth |
| 6 | --- |
| 7 | apiVersion: v1 |
| 8 | kind: Service |
| 9 | metadata: |
| 10 | name: kratos-selfservice-ui |
| 11 | namespace: core-auth |
| 12 | spec: |
| 13 | type: ClusterIP |
| 14 | selector: |
| 15 | app: kratos-selfservice-ui |
| 16 | ports: |
| 17 | - name: http |
| 18 | port: 80 |
| 19 | targetPort: http |
| 20 | protocol: TCP |
| 21 | --- |
| 22 | apiVersion: networking.k8s.io/v1 |
| 23 | kind: Ingress |
| 24 | metadata: |
| 25 | name: ingress-kratos-selfservice-ui-public |
| 26 | namespace: core-auth |
| 27 | annotations: |
| 28 | cert-manager.io/cluster-issuer: "letsencrypt-prod" |
| 29 | acme.cert-manager.io/http01-edit-in-place: "true" |
| 30 | spec: |
| 31 | ingressClassName: nginx |
| 32 | tls: |
| 33 | - hosts: |
| 34 | - accounts-ui.lekva.me |
| 35 | secretName: cert-accounts-ui.lekva.me |
| 36 | rules: |
| 37 | - host: accounts-ui.lekva.me |
| 38 | http: |
| 39 | paths: |
| 40 | - path: / |
| 41 | pathType: Prefix |
| 42 | backend: |
| 43 | service: |
| 44 | name: kratos-selfservice-ui |
| 45 | port: |
| 46 | name: http |
| 47 | --- |
| 48 | apiVersion: apps/v1 |
| 49 | kind: Deployment |
| 50 | metadata: |
| 51 | name: kratos-selfservice-ui |
| 52 | namespace: core-auth |
| 53 | spec: |
| 54 | selector: |
| 55 | matchLabels: |
| 56 | app: kratos-selfservice-ui |
| 57 | replicas: 1 |
| 58 | template: |
| 59 | metadata: |
| 60 | labels: |
| 61 | app: kratos-selfservice-ui |
| 62 | spec: |
| giolekva | eb59028 | 2021-10-22 17:31:40 +0400 | [diff] [blame^] | 63 | volumes: |
| 64 | - name: cert |
| 65 | secret: |
| 66 | secretName: node-auth-ui-cert |
| 67 | - name: config |
| 68 | configMap: |
| 69 | name: auth-ui-lighthouse-config |
| 70 | hostAliases: |
| 71 | - ip: "111.0.0.1" |
| 72 | hostnames: |
| 73 | - "hydra.pcloud" |
| giolekva | 603e73a | 2021-10-22 14:46:45 +0400 | [diff] [blame] | 74 | containers: |
| 75 | - name: server |
| giolekva | 603e73a | 2021-10-22 14:46:45 +0400 | [diff] [blame] | 76 | image: giolekva/auth-ui:latest |
| 77 | imagePullPolicy: Always |
| 78 | env: |
| 79 | - name: KRATOS_PUBLIC_URL |
| 80 | value: "https://accounts.lekva.me" |
| 81 | ports: |
| 82 | - name: http |
| 83 | containerPort: 8080 |
| 84 | protocol: TCP |
| 85 | command: ["server", "--port=8080"] |
| 86 | # resources: |
| 87 | # requests: |
| 88 | # memory: "10Mi" |
| 89 | # cpu: "10m" |
| 90 | # limits: |
| 91 | # memory: "20Mi" |
| 92 | # cpu: "100m" |
| giolekva | eb59028 | 2021-10-22 17:31:40 +0400 | [diff] [blame^] | 93 | - name: lighthouse |
| 94 | image: giolekva/nebula:latest |
| 95 | imagePullPolicy: IfNotPresent |
| 96 | securityContext: |
| 97 | capabilities: |
| 98 | add: ["NET_ADMIN"] |
| 99 | privileged: true |
| 100 | ports: |
| 101 | - name: lighthouse |
| 102 | containerPort: 4247 |
| 103 | protocol: UDP |
| 104 | command: ["nebula", "--config=/etc/nebula/config/lighthouse.yaml"] |
| 105 | volumeMounts: |
| 106 | - name: cert |
| 107 | mountPath: /etc/nebula/lighthouse |
| 108 | readOnly: true |
| 109 | - name: config |
| 110 | mountPath: /etc/nebula/config |
| 111 | readOnly: true |
| 112 | --- |
| 113 | apiVersion: lekva.me/v1 |
| 114 | kind: NebulaNode |
| 115 | metadata: |
| 116 | name: auth-ui |
| 117 | namespace: core-auth |
| 118 | spec: |
| 119 | caName: pcloud |
| 120 | caNamespace: ingress-nginx-private |
| 121 | ipCidr: "111.0.0.10/24" |
| 122 | secretName: node-auth-ui-cert |