infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity
kubernetes/keyserv/keyserv.yaml

92 lines
2.2 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: Service
metadata:
name: keyserv
namespace: keyserv
labels:
app.kubernetes.io/name: keyserv
app.kubernetes.io/component: keyserv
app.kubernetes.io/instance: keyserv
app.kubernetes.io/part-of: keyserv
spec:
ports:
- port: 8087
name: keyserv
selector:
app.kubernetes.io/name: keyserv
app.kubernetes.io/component: keyserv
app.kubernetes.io/instance: keyserv
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keyserv
labels:
app.kubernetes.io/name: keyserv
app.kubernetes.io/component: keyserv
spec:
selector:
matchLabels:
app.kubernetes.io/name: keyserv
app.kubernetes.io/component: keyserv
template:
metadata:
labels:
app.kubernetes.io/name: keyserv
app.kubernetes.io/component: keyserv
spec:
enableServiceLinks: false
imagePullSecrets:
- name: imagepull-gitea
containers:
- name: keyserv
image: git.pyrocufflink.net/packages/keyserv
args:
- --master-key
- /run/secrets/keyserv/master.key
- --key-map
- /run/keyserv/key-map.yml
workingDir: /run/keyserv
env:
- name: RUST_LOG
value: debug
readinessProbe: &probe
httpGet:
path: /
port: 8087
periodSeconds: 60
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
startupProbe:
<<: *probe
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 30
securityContext:
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /run/keyserv
name: keyserv-config
readOnly: true
- mountPath: /run/keyserv/age-keys
name: age-keys
readOnly: true
- mountPath: /run/secrets/keyserv
name: master-key
readOnly: true
securityContext:
runAsNonRoot: true
volumes:
- name: age-keys
secret:
secretName: age-keys
- name: master-key
secret:
secretName: master-key
- name: keyserv-config
configMap:
name: keyserv-config
View Git Blame Copy Permalink