infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity
Files
c1d9ee049568c056d3bcabbb8d6a27b0fbcea677
kubernetes/kitchen/kitchen.yaml
Dustin C. Hatch 0eb121b833 kitchen: Remove config.yml ConfigMap generator 
The `config.yml` document for *kitchen* contains several "secret" values
(e.g. passwords to Nextcloud, MQTT, etc.).  We don't want to commit
these to the Git repository, of course, but as long as Kustomize expects
to find the `config.yml` file, we won't be able to manage the
application with Argo CD.  Ultimately, *kitchen* needs to be modified to
be able to read secrets separately from config, but until then, we will
have to avoid managing `config.yml` with Kustomize.
2023-10-14 22:01:26 -05:00

135 lines
2.7 KiB
YAML
Raw Blame History

---
apiVersion: v1
kind: Namespace
metadata:
name: kitchen
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: kitchen
app.kubernetes.io/instance: kitchen
app.kubernetes.io/component: kitchen
app.kubernetes.io/part-of: kitchen
name: kitchen
namespace: kitchen
spec:
selector:
matchLabels:
app.kubernetes.io/name: kitchen
app.kubernetes.io/instance: kitchen
app.kubernetes.io/component: kitchen
app.kubernetes.io/part-of: kitchen
template:
metadata:
labels:
app.kubernetes.io/name: kitchen
app.kubernetes.io/instance: kitchen
app.kubernetes.io/component: kitchen
app.kubernetes.io/part-of: kitchen
spec:
containers:
- name: kitchen
image: git.pyrocufflink.net/packages/kitchen:master
args:
- --host=0.0.0.0
env:
- name: TZ
value: America/Chicago
imagePullPolicy: Always
ports:
- containerPort: 8000
name: http
volumeMounts:
- name: config
mountPath: /kitchen.yaml
subPath: config.yaml
readOnly: true
- name: tzinfo
mountPath: /usr/share/zoneinfo
readOnly: true
volumes:
- name: config
configMap:
name: kitchen
optional: true
- name: tzinfo
hostPath:
path: /usr/share/zoneinfo
type: Directory
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: kitchen
app.kubernetes.io/instance: kitchen
app.kubernetes.io/component: kitchen
name: kitchen
namespace: kitchen
spec:
ports:
- port: 8000
name: http
selector:
app.kubernetes.io/name: kitchen
app.kubernetes.io/instance: kitchen
app.kubernetes.io/component: kitchen
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kitchen
namespace: kitchen
spec:
tls:
- hosts:
- kitchen.pyrocufflink.blue
rules:
- host: kitchen.pyrocufflink.blue
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kitchen
port:
name: http
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins
namespace: kitchen
rules:
- apiGroups:
- apps
resources:
- deployments
resourceNames:
- kitchen
verbs:
- get
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins
namespace: kitchen
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: jenkins
View Git Blame Copy Permalink