argoyle
b08ee1b646
Creates an ExternalSecret for the geo-service to manage sensitive information through an external secrets store. Removes the legacy create-secrets script and updates references in the deployment configuration to use the new secret. This enhances security and maintainability by centralizing secret management.
66 lines
1.6 KiB
YAML
66 lines
1.6 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: geo-service
|
|
name: geo-service
|
|
annotations:
|
|
kubernetes.io/change-cause: "${TIMESTAMP} Deployed commit id: ${COMMIT}"
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: geo-service
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 1
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: geo-service
|
|
spec:
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: "app.kubernetes.io/name"
|
|
operator: In
|
|
values:
|
|
- geo-service
|
|
topologyKey: kubernetes.io/hostname
|
|
containers:
|
|
- name: geo-service
|
|
resources:
|
|
limits:
|
|
memory: "100Mi"
|
|
requests:
|
|
memory: "100Mi"
|
|
imagePullPolicy: Always
|
|
image: registry.gitlab.com/unboundsoftware/dancefinder/geo-service:${COMMIT}
|
|
ports:
|
|
- containerPort: 80
|
|
name: http
|
|
envFrom:
|
|
- secretRef:
|
|
name: geo-service
|
|
restartPolicy: Always
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: geo-service
|
|
spec:
|
|
ports:
|
|
- port: 80
|
|
name: http
|
|
protocol: TCP
|
|
targetPort: 80
|
|
selector:
|
|
app.kubernetes.io/name: geo-service
|
|
type: ClusterIP
|