apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: phpipam
app.kubernetes.io/name: phpipam
name: phpipam
---
apiVersion: v1
kind: ConfigMap
metadata:
name: phpipam-httpd-conf
namespace: phpipam
data:
phpipam.conf: |
DocumentRoot /phpipam
SetEnvIf Remote-User "(.*)$" PHP_AUTH_USER=$1
AllowOverride All
Options FollowSymLinks
Require all granted
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: phpipam-pvc
namespace: phpipam
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: phpipam-db
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
app.kubernetes.io/part-of: phpipam
name: phpipam-db
namespace: phpipam
spec:
serviceName: phpipam-db
selector:
matchLabels:
app.kubernetes.io/component: phpipam-db
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
template:
metadata:
labels:
app.kubernetes.io/component: phpipam-db
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
spec:
containers:
- image: docker.io/library/mariadb:10.9.3
imagePullPolicy: IfNotPresent
name: phpipam-mariadb
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: phpipam-mysql-root
key: password
- name: MYSQL_DATABASE
value: phpipam
- name: MYSQL_USER
value: phpipam
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: phpipam-mysql
key: password
volumeMounts:
- mountPath: /var/lib/mysql
name: phpipam-db
volumes:
- name: phpipam-db
persistentVolumeClaim:
claimName: phpipam-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: phpipam-www
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
app.kubernetes.io/part-of: phpipam
name: phpipam
namespace: phpipam
spec:
selector:
matchLabels:
app.kubernetes.io/component: phpipam-www
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
template:
metadata:
labels:
app.kubernetes.io/component: phpipam-www
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
spec:
containers:
- image: docker.io/phpipam/phpipam-www:v1.5.2
imagePullPolicy: IfNotPresent
name: phpipam-web
ports:
- containerPort: 80
name: http
env:
- name: IPAM_DATABASE_HOST
value: phpipam-db
- name: IPAM_DATABASE_PASS
valueFrom:
secretKeyRef:
name: phpipam-mysql
key: password
- name: IPAM_DATABASE_WEBHOST
value: '%'
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
volumeMounts:
- name: httpd-conf
mountPath: /etc/apache2/conf.d/phpipam.conf
subPath: phpipam.conf
readOnly: true
- image: docker.io/phpipam/phpipam-cron:v1.5.2
imagePullPolicy: IfNotPresent
name: phpipam-cron
env:
- name: IPAM_DATABASE_HOST
value: phpipam-db
- name: IPAM_DATABASE_PASS
valueFrom:
secretKeyRef:
name: phpipam-mysql
key: password
- name: SCAN_INTERVAL
value: 1h
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
volumes:
- name: httpd-conf
configMap:
name: phpipam-httpd-conf
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/component
operator: In
values:
- phpipam-db
topologyKey: kubernetes.io/hostname
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: phpipam-db
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
app.kubernetes.io/part-of: phpipam
name: phpipam-db
namespace: phpipam
spec:
ports:
- port: 3306
targetPort: 3306
selector:
app.kubernetes.io/component: phpipam-db
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: phpipam-www
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
app.kubernetes.io/part-of: phpipam
name: phpipam
namespace: phpipam
spec:
ports:
- port: 80
targetPort: 80
selector:
app.kubernetes.io/component: phpipam-www
app.kubernetes.io/name: phpipam
app.kubernetes.io/instance: phpipam
type: ClusterIP
status:
loadBalancer: {}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/auth-method: GET
nginx.ingress.kubernetes.io/auth-url: http://authelia.authelia.svc.cluster.local:9091/api/verify
nginx.ingress.kubernetes.io/auth-signin: https://auth.pyrocufflink.blue/?rm=$request_method
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
name: phpipam
namespace: phpipam
spec:
ingressClassName: nginx
tls:
- hosts:
- phpipam.pyrocufflink.blue
secretName: pyrocufflink-cert
rules:
- host: phpipam.pyrocufflink.blue
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: phpipam
port:
number: 80