144 lines
3.7 KiB
YAML
144 lines
3.7 KiB
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: s3uploader
|
|
namespace: default
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: s3uploader
|
|
namespace: default
|
|
labels:
|
|
app.kubernetes.io/component: s3uploader
|
|
annotations:
|
|
kubernetes.io/change-cause: "${TIMESTAMP} Deployed commit id: ${COMMIT}"
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/component: s3uploader
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: '10%'
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: s3uploader
|
|
spec:
|
|
serviceAccountName: s3uploader
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: "app.kubernetes.io/component"
|
|
operator: In
|
|
values:
|
|
- s3uploader
|
|
topologyKey: kubernetes.io/hostname
|
|
containers:
|
|
- name: s3uploader
|
|
image: registry.gitlab.com/unboundsoftware/s3uploader:${COMMIT}
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: BUCKET
|
|
value: upload.unbound.se
|
|
- name: RETURN_URL
|
|
value: https://uploads.unbound.se
|
|
- name: AWS_DEFAULT_REGION
|
|
value: "eu-west-1"
|
|
- name: AWS_REGION
|
|
value: "eu-west-1"
|
|
- name: AWS_ROLE_ARN
|
|
value: "arn:aws:iam::724902258495:role/s3uploader.default.sa.k8s.unbound.se"
|
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
value: "/var/run/secrets/amazonaws.com/serviceaccount/token"
|
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
value: "regional"
|
|
ports:
|
|
- containerPort: 80
|
|
name: http
|
|
resources:
|
|
requests:
|
|
memory: 10Mi
|
|
cpu: 10m
|
|
limits:
|
|
memory: 100Mi
|
|
cpu: 100m
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 80
|
|
failureThreshold: 1
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
successThreshold: 1
|
|
timeoutSeconds: 5
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 80
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 5
|
|
volumeMounts:
|
|
- mountPath: "/var/run/secrets/amazonaws.com/serviceaccount/"
|
|
name: aws-token
|
|
restartPolicy: Always
|
|
volumes:
|
|
- name: aws-token
|
|
projected:
|
|
sources:
|
|
- serviceAccountToken:
|
|
audience: "amazonaws.com"
|
|
expirationSeconds: 86400
|
|
path: token
|
|
securityContext:
|
|
fsGroup: 65534
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: s3uploader
|
|
labels:
|
|
app.kubernetes.io/component: s3uploader
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/component: s3uploader
|
|
ports:
|
|
- port: 80
|
|
name: http
|
|
targetPort: 80
|
|
type: NodePort
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: s3uploader-ingress
|
|
annotations:
|
|
kubernetes.io/ingress.class: "alb"
|
|
alb.ingress.kubernetes.io/group.name: unbound
|
|
alb.ingress.kubernetes.io/scheme: internet-facing
|
|
alb.ingress.kubernetes.io/target-type: instance
|
|
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS": 443}]'
|
|
alb.ingress.kubernetes.io/ssl-redirect: "443"
|
|
alb.ingress.kubernetes.io/healthcheck-path: /health
|
|
spec:
|
|
rules:
|
|
- host: "upload.unbound.se"
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: s3uploader
|
|
port:
|
|
number: 80
|