Commit 8312cc2d authored by Matthias's avatar Matthias
Browse files

update k8s manifests

parent bf6a9b04
Pipeline #10771 passed with stages
in 8 minutes and 45 seconds
apiVersion: apps/v1
kind: Deployment
metadata:
name: me-test-deployment
namespace: memobase
spec:
selector:
matchLabels:
app: me-test-app
replicas: 1
template:
metadata:
labels:
app: me-test-app
tier: web
spec:
serviceAccountName: me-test-service-account #to be able to manage other pods inside the cluster
containers:
- name: me-test-container
image: cr.gitlab.switch.ch/memoriav/memobase-2020/services/me-test:latest
ports:
- containerPort: 5000
name: http
protocol: TCP
imagePullPolicy: Always
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
namespace: memobase
name: memobase-me-test-ingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- me-test.memobase.k8s.unibas.ch
secretName: me-test.memobase.k8s.unibas.ch-tls
rules:
- host: me-test.memobase.k8s.unibas.ch
http:
paths:
- path: /
backend:
serviceName: me-test-service
servicePort: 5000
\ No newline at end of file
#create service account so that this pod can manage the other pods
apiVersion: v1
kind: ServiceAccount
metadata:
name: me-test-service-account
---
#necessary role so that the service account can access the kubernetes api to list pods
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: memobase
name: me-test-roles
rules:
- apiGroups: ["", "batch"] # "" indicates the core API group
resources: ["pods", "secrets", "configmaps", "jobs"]
verbs: ["get", "list", "create", "watch", "create", "update", "patch", "delete"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: me-test-roles
namespace: memobase
subjects:
- kind: ServiceAccount
name: me-test-service-account
namespace: memobase
roleRef:
kind: Role
name: me-test-roles
apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
apiVersion: v1
kind: Service
metadata:
namespace: memobase
name: me-test
labels:
app: me-test-app
spec:
ports:
- port: 5000
selector:
app: me-test-app
tier: web
clusterIP: None
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment