s3uploader/k8s/deploy.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: s3uploader
  namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: s3uploader
  namespace: default
  labels:
    app.kubernetes.io/component: s3uploader
  annotations:
    kubernetes.io/change-cause: "${TIMESTAMP} Deployed commit id: ${COMMIT}"
spec:
  selector:
    matchLabels:
      app.kubernetes.io/component: s3uploader
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: '10%'
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/component: s3uploader
    spec:
      serviceAccountName: s3uploader
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: "app.kubernetes.io/component"
                  operator: In
                  values:
                  - s3uploader
              topologyKey: kubernetes.io/hostname
      containers:
      - name: s3uploader
        image: registry.gitlab.com/unboundsoftware/s3uploader:${COMMIT}
        imagePullPolicy: IfNotPresent
        env:
        - name: BUCKET
          value: upload.unbound.se
        - name: RETURN_URL
          value: https://uploads.unbound.se
        ports:
        - containerPort: 80
          name: http
        resources:
          requests:
            memory: 10Mi
            cpu: 10m
          limits:
            memory: 100Mi
            cpu: 100m
        readinessProbe:
          httpGet:
            path: /health
            port: 80
          failureThreshold: 1
          initialDelaySeconds: 5
          periodSeconds: 5
          successThreshold: 1
          timeoutSeconds: 5
        livenessProbe:
          httpGet:
            path: /health
            port: 80
          failureThreshold: 3
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 5
      restartPolicy: Always
      securityContext:
        fsGroup: 65534
---
apiVersion: v1
kind: Service
metadata:
  name: s3uploader
  labels:
    app.kubernetes.io/component: s3uploader
spec:
  selector:
    app.kubernetes.io/component: s3uploader
  ports:
  - port: 80
    name: http
    targetPort: 80
  type: NodePort
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: s3uploader-ingress
  annotations:
    kubernetes.io/ingress.class: "alb"
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: instance
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80},{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/ssl-redirect: "443"
    alb.ingress.kubernetes.io/healthcheck-path: /health
spec:
  rules:
  - host: "upload.unbound.se"
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: s3uploader
            port:
              number: 80