Changeset - 76e097b3e248
Parent rev.
Child rev.
[Not reviewed]
default
0 2 0
drewp@bigasterisk.com - 18 months ago 2023-04-09 23:37:28
drewp@bigasterisk.com
reformat
2 files changed with 15 insertions and 15 deletions:
20-kube/06-postgres.yaml
13
13
20-kube/20-pom-deploy.yaml
2
2
0 comments (0 inline, 0 general)
20-kube/06-postgres.yaml
Show inline comments
 
@@ -17,80 +17,80 @@ spec:
 
    namespace: pomerium
 
    name: pomerium-db-data
 
---
 
apiVersion: v1
 
kind: PersistentVolumeClaim
 
metadata:
 
  namespace: pomerium
 
  name: pomerium-db-data
 
spec:
 
  storageClassName: ""
 
  volumeName: "pomerium-db-data"
 
  accessModes:
 
    - ReadWriteOnce
 
  resources:
 
    requests:
 
      storage: 50Gi
 
---
 
apiVersion: apps/v1
 
kind: Deployment
 
metadata:
 
  namespace: pomerium
 
  name: pomerium-db
 
spec:
 
  replicas: 1
 
  strategy: {type: Recreate}
 
  strategy: { type: Recreate }
 
  selector:
 
    matchLabels:
 
      app: pomerium-db
 
  template:
 
    metadata:
 
      labels:
 
        app: pomerium-db
 
      annotations:
 
        prometheus.io/scrape: "false"
 
    spec:
 
      volumes:
 
        - name: pomerium-db-data
 
          persistentVolumeClaim:
 
            claimName: pomerium-db-data
 
      containers:
 
        # see /my/serv/photoprism/deploy.yaml for exporter example (for mariadb)
 
        - name: pomerium-db
 
          image: postgres:14.2-alpine3.15
 
          env:
 
          - {name: POSTGRES_PASSWORD, value: admin}
 
          - {name: POSTGRES_DB, value: pomerium}
 
            - { name: POSTGRES_PASSWORD, value: admin }
 
            - { name: POSTGRES_DB, value: pomerium }
 
          ports:
 
          - containerPort: 5432
 
            - containerPort: 5432
 
          volumeMounts:
 
          - name: pomerium-db-data
 
            mountPath:  /var/lib/postgresql/data
 
            - name: pomerium-db-data
 
              mountPath: /var/lib/postgresql/data
 
      affinity:
 
        nodeAffinity:
 
          requiredDuringSchedulingIgnoredDuringExecution:
 
            nodeSelectorTerms:
 
            - matchExpressions:
 
              - key: "kubernetes.io/hostname"
 
                operator: In
 
                values: ["ditto"]
 
              - matchExpressions:
 
                  - key: "kubernetes.io/hostname"
 
                    operator: In
 
                    values: ["ditto"]
 
---
 
apiVersion: v1
 
kind: Service
 
metadata:
 
  namespace: pomerium
 
  name: pomerium-db
 
spec:
 
  ports:
 
  - port: 5432
 
    targetPort: 5432
 
    - port: 5432
 
      targetPort: 5432
 
  selector:
 
    app: pomerium-db
 
---
 
apiVersion: v1
 
kind: Secret
 
metadata:
 
  namespace: pomerium
 
  name: postgres-connection-key
 
type: Opaque
 
stringData:
 
stringData:
 
  connection: postgresql://pom:pom@pomerium-db/pomerium
20-kube/20-pom-deploy.yaml
Show inline comments
 
apiVersion: apps/v1
 
kind: Deployment
 
metadata:
 
  labels: { app.kubernetes.io/name: pomerium }
 
  name: pomerium
 
  namespace: pomerium
 
spec:
 
  replicas: 3
 
  strategy: {type: RollingUpdate}
 
  strategy: { type: RollingUpdate }
 
  selector:
 
    matchLabels: { app.kubernetes.io/name: pomerium }
 
  template:
 
    metadata:
 
      labels: { app.kubernetes.io/name: pomerium }
 
    spec:
 
      containers:
 
        - args:
 
            - all-in-one
 
            - --pomerium-config=global
 
            - --update-status-from-service=$(POMERIUM_NAMESPACE)/pomerium-proxy
 
            - --metrics-bind-address=$(POD_IP):9090
 
          env:
 
            - { name: TMPDIR, value: /tmp }
 
            - { name: XDG_CACHE_HOME, value: /tmp }
 
            - name: POMERIUM_NAMESPACE
 
              valueFrom:
 
                fieldRef:
 
                  apiVersion: v1
 
                  fieldPath: metadata.namespace
 
            - name: POD_IP
 
              valueFrom:
 
                fieldRef:
 
                  fieldPath: status.podIP
 
          # see https://hub.docker.com/r/pomerium/ingress-controller/tags but idk how to get the version number!
 
          # see https://hub.docker.com/r/pomerium/ingress-controller/tags but idk how to get the version number!
 
          # It's not even in the startup logs, just this: "pomerium_version":""
 
          # I think sha-2c8038a is v0.21.3 (by date, https://www.pomerium.com/docs/releases/changelog)
 
          image: pomerium/ingress-controller:sha-2c8038a
 
          imagePullPolicy: IfNotPresent
 
          name: pomerium
 
          ports:
 
            - { containerPort: 8443, name: https, protocol: TCP }
 
            - { containerPort: 8080, name: http, protocol: TCP }
 
            - { containerPort: 9090, name: metrics, protocol: TCP }
 
          resources:
 
            limits: { cpu: 5000m, memory: 1Gi }
 
            requests: { cpu: 300m, memory: 200Mi }
 
          securityContext:
 
            allowPrivilegeEscalation: false
 
            readOnlyRootFilesystem: true
 
            runAsGroup: 1000
 
            runAsNonRoot: true
 
            runAsUser: 1000
 
          volumeMounts:
 
            - { mountPath: /tmp, name: tmp }
 
            - { mountPath: /data/autocert, name: autocert }
 
            - { mountPath: /.local, name: autocert }
 
      nodeSelector:
 
        kubernetes.io/os: linux
0 comments (0 inline, 0 general)
Server instance: kallithea-749ff669b6-v9g5f-76 This site is powered by Kallithea 0.7.0, which is © 2010–2021 by various authors & licensed under GPLv3. – Support