Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / f9f0beec8492e05a459bd7080ad095b4cf9292bc / . / charts / vpn-mesh-config / templates / api.yaml
blob: a747f4f632f03dbd40693a09d066c0382009dbe9 [file] [log] [blame]
giolekvab64297c2021-12-13 14:36:32 +0400[diff] [blame]1apiVersion: v1
2kind: Service
3metadata:
4 name: nebula-api
5 namespace: {{ .Release.Namespace }}
6spec:
7 type: LoadBalancer
8 selector:
9 app: nebula-api
10 ports:
11 - name: http
12 port: 80
13 targetPort: http
14 protocol: TCP
15---
16apiVersion: apps/v1
17kind: Deployment
18metadata:
19 name: nebula-api
20 namespace: {{ .Release.Namespace }}
21spec:
22 selector:
23 matchLabels:
24 app: nebula-api
25 replicas: 1
26 template:
27 metadata:
28 labels:
29 app: nebula-api
giolekva52da88a2021-12-17 18:08:25 +0400[diff] [blame]30 annotations:
31 checksum/config: {{ include (print $.Template.BasePath "/lighthouse-config-template.yaml") . | sha256sum }}
giolekvab64297c2021-12-13 14:36:32 +0400[diff] [blame]32 spec:
giolekvacc3ebcb2021-12-17 10:52:17 +0400[diff] [blame]33 volumes:
34 - name: config
35 configMap:
36 name: lighthouse-config-template
giolekvab64297c2021-12-13 14:36:32 +0400[diff] [blame]37 containers:
38 - name: api
39 image: {{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}
40 imagePullPolicy: {{ .Values.api.image.pullPolicy }}
41 ports:
42 - name: http
43 containerPort: 8080
44 protocol: TCP
45 command:
46 - nebula-api
47 - --port=8080
48 - --namespace={{ .Release.Namespace }}
giolekvaf58a7692021-12-15 18:05:39 +0400[diff] [blame]49 - --ca-name={{ .Values.certificateAuthority.name }}
giolekvacc3ebcb2021-12-17 10:52:17 +0400[diff] [blame]50 - --config-tmpl=/etc/nebula-api/config/lighthouse.yaml
51 volumeMounts:
52 - name: config
53 mountPath: /etc/nebula-api/config
54 readOnly: true
giolekvab64297c2021-12-13 14:36:32 +0400[diff] [blame]55 resources:
56 requests:
57 memory: "10Mi"
58 cpu: "10m"
59 limits:
60 memory: "20Mi"
61 cpu: "100m"
62 tolerations:
63 - key: "pcloud"
64 operator: "Equal"
65 value: "role"
66 effect: "NoSchedule"
67---
68apiVersion: networking.k8s.io/v1
69kind: Ingress
70metadata:
71 name: ingress
72 namespace: {{ .Release.Namespace }}
73spec:
74 ingressClassName: {{ .Values.ingressClassName }}
75 tls:
76 - hosts:
77 - vpn.{{ .Values.domain }}
78 secretName: cert-vpn.{{ .Values.domain }}
79 rules:
80 - host: vpn.{{ .Values.domain }}
81 http:
82 paths:
83 - path: /
84 pathType: Prefix
85 backend:
86 service:
87 name: nebula-api
88 port:
89 name: http
90---
91apiVersion: cert-manager.io/v1
92kind: Certificate
93metadata:
94 name: vpn.{{ .Values.domain }}
95 namespace: {{ .Release.Namespace }}
96 annotations:
97 helm.sh/resource-policy: keep
98spec:
99 dnsNames:
100 - 'vpn.{{ .Values.domain }}'
101 issuerRef:
102 name: {{ .Values.certificateIssuer }}
103 kind: ClusterIssuer
104 secretName: cert-vpn.{{ .Values.domain }}