kubernetes/kitchen/kitchen.yaml

---
apiVersion: v1
kind: Namespace
metadata:
  name: kitchen

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/name: kitchen
    app.kubernetes.io/instance: kitchen
    app.kubernetes.io/component: kitchen
    app.kubernetes.io/part-of: kitchen
  name: kitchen
  namespace: kitchen
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: kitchen
      app.kubernetes.io/instance: kitchen
      app.kubernetes.io/component: kitchen
      app.kubernetes.io/part-of: kitchen
  template:
    metadata:
      labels:
        app.kubernetes.io/name: kitchen
        app.kubernetes.io/instance: kitchen
        app.kubernetes.io/component: kitchen
        app.kubernetes.io/part-of: kitchen
    spec:
      containers:
      - name: kitchen
        image: git.pyrocufflink.net/packages/kitchen:master
        args:
        - --host=0.0.0.0
        env:
        - name: TZ
          value: America/Chicago
        - name: SSL_CERT_FILE
          value: /usr/lib/python3.10/site-packages/certifi/cacert.pem
        imagePullPolicy: Always
        ports:
        - containerPort: 8000
          name: http
        volumeMounts:
        - name: config
          mountPath: /kitchen.yaml
          subPath: config.yaml
          readOnly: true
        - name: tzinfo
          mountPath: /usr/share/zoneinfo
          readOnly: true
      volumes:
      - name: config
        secret:
          secretName: kitchen
          optional: true
      - name: tzinfo
        hostPath:
          path: /usr/share/zoneinfo
          type: Directory

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/name: kitchen
    app.kubernetes.io/instance: kitchen
    app.kubernetes.io/component: kitchen
  name: kitchen
  namespace: kitchen
spec:
  ports:
  - port: 8000
    name: http
  selector:
    app.kubernetes.io/name: kitchen
    app.kubernetes.io/instance: kitchen
    app.kubernetes.io/component: kitchen

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kitchen
  namespace: kitchen
spec:
  tls:
  - hosts:
    - kitchen.pyrocufflink.blue
  rules:
  - host: kitchen.pyrocufflink.blue
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kitchen
            port:
              name: http

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: jenkins
  namespace: kitchen
rules:
  - apiGroups:
    - apps
    resources:
    - deployments
    resourceNames:
    - kitchen
    verbs:
    - get
    - patch

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins
  namespace: kitchen
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: default
  namespace: jenkins-jobs