feat: ported manifests to use talos linux with omni sa (b3538c05) · Commits · kaas / simoncor-net

.gitea/workflows/deployment.yaml

deleted100644 → 0

+0 −34

Original line number	Diff line number	Diff line
		---

		# generic
		name: "Kubernetes Deployment"
		on:
		push:
		branches:
		- "main"

		# jobs
		jobs:
		# kubernetes deployment
		Deployment:
		runs-on: "ubuntu-latest"
		steps:
		# name: Build
		- name: "Kubernetes deployment"
		uses: "appleboy/ssh-action@v1.0.3"
		with:
		# bastion
		proxy_host: "wireguard.do.siempie.com"
		proxy_port: "22"
		proxy_username: ${{ secrets.USERNAME }}
		proxy_key: ${{ secrets.SSHKEY }}

		# kubernetes management
		host: "mgmt01.infra.vpn.mirahsimon.us"
		port: "22"
		username: ${{ secrets.USERNAME }}
		key: ${{ secrets.SSHKEY }}

		# command
		script: \|
		sudo -u simon kubectl apply -f /home/simon/Documents/kaas-simoncor-net/manifests

0 → 100644

+41 −0

Original line number	Diff line number	Diff line
		# service account
		---
		apiVersion: "v1"
		kind: "ServiceAccount"
		metadata:
		name: "buzz"
		namespace: "simoncor-net"

		# role
		---
		apiVersion: "rbac.authorization.k8s.io/v1"
		kind: "Role"
		metadata:
		namespace: "simoncor-net"
		name: "buzz-role"
		rules:
		- apiGroups: ["apps"]
		resources: ["deployments"]
		verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
		- apiGroups: [""]
		resources: ["services", "configmaps", "secrets"]
		verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
		- apiGroups: ["networking.k8s.io"]
		resources: ["ingresses"]
		verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

		# rolebineding
		---
		apiVersion: "rbac.authorization.k8s.io/v1"
		kind: "RoleBinding"
		metadata:
		name: "buzz-binding"
		namespace: "simoncor-net"
		subjects:
		- kind: "ServiceAccount"
		name: "buzz"
		namespace: "simoncor-net"
		roleRef:
		kind: "Role"
		name: "buzz-role"
		apiGroup: "rbac.authorization.k8s.io"

+0 −0

File moved.

+13 −9

Original line number	Diff line number	Diff line
		@@ -7,9 +7,8 @@ metadata:
		namespace: "simoncor-net"
		labels:
		app: "simoncor-net"

		spec:
		replicas: 2
		replicas: 3
		selector:
		matchLabels:
		app: "simoncor-net"
		@@ -17,8 +16,8 @@ spec:
		metadata:
		labels:
		app: "simoncor-net"

		spec:

		# login on docker.io
		imagePullSecrets:
		- name: "cr-simoncor-net-login"
		@@ -28,6 +27,17 @@ spec:
		image: "cr.simoncor.net/siempie/simoncor-net"
		imagePullPolicy: "Always"

		# securitycontext
		securityContext:
		allowPrivilegeEscalation: false
		runAsNonRoot: true
		runAsUser: 1001
		capabilities:
		drop:
		- "ALL"
		seccompProfile:
		type: "RuntimeDefault"

		readinessProbe:
		initialDelaySeconds: 5
		periodSeconds: 5
		@@ -47,7 +57,6 @@ spec:
		httpHeaders:
		- name: "Host"
		value: "simoncor.net"

		ports:
		- containerPort: 3000

		@@ -58,12 +67,10 @@ kind: "Service"
		metadata:
		name: "simoncor-net-svc"
		namespace: "simoncor-net"

		spec:
		type: "ClusterIP"
		selector:
		app: "simoncor-net"

		ports:
		- protocol: "TCP"
		port: 3000
		@@ -76,15 +83,12 @@ kind: "NetworkPolicy"
		metadata:
		name: "simoncor-net-np"
		namespace: "simoncor-net"

		spec:
		podSelector:
		matchLabels:
		app: "simoncor-net"

		policyTypes:
		- "Ingress"

		ingress:
		- ports:
		- protocol: "TCP"

+4 −1

Original line number	Diff line number	Diff line
		@@ -7,8 +7,11 @@ metadata:
		namespace: "simoncor-net"
		annotations:
		traefik.ingress.kubernetes.io/ssl-redirect: "true"

		spec:
		tls:
		- hosts:
		- "simoncor.net"
		secretName: "simoncor-net-tls"
		rules:
		- host: "simoncor.net"
		http: