feat(infra/k8s): Deploy Nixery instance to cluster

This commit is contained in:
Vincent Ambo 2019-08-16 18:20:20 +01:00
parent ba06317836
commit dd35be7add
2 changed files with 80 additions and 0 deletions

View file

@ -0,0 +1,69 @@
# Deploys an instance of Nixery into the cluster.
#
# The service via which Nixery is exposed has a private DNS entry
# pointing to it, which makes it possible to resolve `nixery.local`
# in-cluster without things getting nasty.
#
# The 'nixery-keys' secret was configured manually using a created
# service account key. This does not use metadata-based authentication
# due to the requirement for having an actual PEM-key to sign with.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nixery
namespace: kube-public
labels:
app: nixery
spec:
replicas: 1
selector:
matchLabels:
app: nixery
template:
metadata:
labels:
app: nixery
spec:
containers:
- name: nixery
image: eu.gcr.io/tazjins-infrastructure/nixery:demo
volumeMounts:
- name: nixery-secrets
mountPath: /var/nixery
env:
- name: BUCKET
value: {{ .bucket}}
- name: PORT
value: "{{ .port }}"
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /var/nixery/gcs-key.json
- name: GCS_SIGNING_KEY
value: /var/nixery/gcs-key.pem
- name: GCS_SIGNING_ACCOUNT
value: {{ .account }}
- name: GIT_SSH_COMMAND
value: 'ssh -F /var/nixery/ssh_config'
- name: NIXERY_PKGS_REPO
value: {{ .repo }}
volumes:
- name: nixery-secrets
secret:
secretName: nixery-secrets
defaultMode: 256
---
apiVersion: v1
kind: Service
metadata:
name: nixery
namespace: kube-public
annotations:
cloud.google.com/load-balancer-type: "Internal"
spec:
selector:
app: nixery
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 8080

View file

@ -0,0 +1,11 @@
# Kontemplate configuration for the primary GKE cluster in the project
# 'tazjins-infrastructure'.
---
context: gke_tazjins-infrastructure_europe-north1_tazjin-cluster
include:
- name: nixery
values:
port: 8080
bucket: tazjins-data
account: nixery@tazjins-infrastructure.iam.gserviceaccount.com
repo: ssh://source.developers.google.com:2022/p/tazjins-infrastructure/r/monorepo