tvl-depot/infra/kubernetes/cgit/config.yaml
Vincent Ambo 2512ea4256 feat(infra/k8s): Add cgit to Ingress load balancer
Apart from the fact that TLS certificate provisioning is very wonky,
it seems to be working now.

AFAICT the L7 LBs still don't support path rewriting, which means that
this is likely not the final configuration and it will move behind
nginx instead.
2019-12-20 16:07:40 +00:00

74 lines
1.5 KiB
YAML

---
apiVersion: v1
kind: Secret
metadata:
name: gcsr-secrets
type: Opaque
data:
username: "Z2l0LXRhemppbi5nbWFpbC5jb20="
# This credential is a GCSR 'gitcookie' token.
password: '{{ passLookup "gcsr-tazjin-password" | b64enc }}'
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cgit
labels:
app: cgit
spec:
replicas: 1
selector:
matchLabels:
app: cgit
template:
metadata:
labels:
app: cgit
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: cgit
image: nixery.local/shell/services.cgit-taz:{{ gitHEAD }}
command: [ "cgit-launch" ]
env:
- name: HOME
value: /git
volumeMounts:
- name: git-volume
mountPath: /git
- name: sync-gcsr
image: nixery.local/shell/services.sync-gcsr:{{ gitHEAD }}
command: [ "sync-gcsr" ]
env:
- name: SYNC_USER
valueFrom:
secretKeyRef:
name: gcsr-secrets
key: username
- name: SYNC_PASS
valueFrom:
secretKeyRef:
name: gcsr-secrets
key: password
volumeMounts:
- name: git-volume
mountPath: /git
volumes:
- name: git-volume
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: cgit
spec:
type: NodePort
selector:
app: cgit
ports:
- protocol: TCP
port: 2448 # cgit
targetPort: 8080