Blame - scripts/homelab/installer/root-ca-server.yaml - pcloud

blob: caa2cf153bfcf7b0bfca32564f4cc350141e862e [file] [log] [blame]

giolekva	e4f767b	2021-10-06 16:44:20 +0400	[diff] [blame]	1	# TODO(giolekva): move to ingerss-nginx-private namespace
				2	---
				3	apiVersion: apps/v1
				4	kind: Deployment
				5	metadata:
				6	name: selfsigned-root-ca
				7	namespace: cert-manager
				8	spec:
				9	selector:
				10	matchLabels:
				11	app: selfsigned-root-ca
				12	replicas: 1
				13	template:
				14	metadata:
				15	labels:
				16	app: selfsigned-root-ca
				17	spec:
				18	volumes:
				19	- name: root-ca-secret
				20	secret:
				21	secretName: selfsigned-ca-root
				22	items:
				23	- key: ca.crt
				24	path: selfsigned-root-ca.crt
				25	containers:
				26	- name: file-server
				27	image: giolekva/static-file-server:latest
				28	imagePullPolicy: Always
				29	ports:
				30	- name: http
				31	containerPort: 80
				32	command: ["static-file-server"]
				33	args: ["-port=80", "-dir=/etc/static-file-server/data"]
				34	volumeMounts:
				35	- name: root-ca-secret
				36	mountPath: /etc/static-file-server/data/
				37	readOnly: true
				38	resources:
				39	requests:
				40	memory: "10Mi"
				41	cpu: "10m"
				42	limits:
				43	memory: "20Mi"
				44	cpu: "100m"
				45	tolerations:
				46	- key: "pcloud"
				47	operator: "Equal"
				48	value: "role"
				49	effect: "NoSchedule"
				50	---
				51	apiVersion: v1
				52	kind: Service
				53	metadata:
				54	name: selfsigned-root-ca
				55	namespace: cert-manager
				56	spec:
				57	type: ClusterIP
				58	selector:
				59	app: selfsigned-root-ca
				60	ports:
				61	- name: http
				62	port: 80
				63	targetPort: http
				64	protocol: TCP
				65	---
				66	apiVersion: networking.k8s.io/v1
				67	kind: Ingress
				68	metadata:
				69	name: selfsigned-root-ca
				70	namespace: cert-manager
				71	annotations:
				72	nginx.ingress.kubernetes.io/ssl-redirect: "false"
				73	spec:
				74	ingressClassName: nginx-private
				75	rules:
				76	- host: root-ca.pcloud
				77	http:
				78	paths:
				79	- pathType: Prefix
				80	path: "/"
				81	backend:
				82	service:
				83	name: selfsigned-root-ca
				84	port:
				85	name: http