From f8b9f3878d4df7a808b75e970709bb9c79ccf7d7 Mon Sep 17 00:00:00 2001 From: Sebas Risco Date: Tue, 2 Jun 2020 11:30:22 +0200 Subject: [PATCH] Add deployment files --- deploy/yaml/oscar-deployment.yaml | 60 ++++++++++++++++++++++ deploy/yaml/oscar-ingress.yaml | 16 ++++++ deploy/yaml/oscar-namespaces.yaml | 10 ++++ deploy/yaml/oscar-rbac.yaml | 52 +++++++++++++++++++ deploy/yaml/oscar-service.yaml | 13 +++++ deploy/yaml/oscar-volume.yaml | 11 ++++ deploy/yaml/populate-oscar-volume-job.yaml | 24 +++++++++ 7 files changed, 186 insertions(+) create mode 100644 deploy/yaml/oscar-deployment.yaml create mode 100644 deploy/yaml/oscar-ingress.yaml create mode 100644 deploy/yaml/oscar-namespaces.yaml create mode 100644 deploy/yaml/oscar-rbac.yaml create mode 100644 deploy/yaml/oscar-service.yaml create mode 100644 deploy/yaml/oscar-volume.yaml create mode 100644 deploy/yaml/populate-oscar-volume-job.yaml diff --git a/deploy/yaml/oscar-deployment.yaml b/deploy/yaml/oscar-deployment.yaml new file mode 100644 index 00000000..f6e07280 --- /dev/null +++ b/deploy/yaml/oscar-deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oscar + namespace: oscar + labels: + app: oscar +spec: + selector: + matchLabels: + app: oscar + replicas: 1 + template: + metadata: + labels: + app: oscar + spec: + serviceAccountName: oscar-sa + containers: + - name: oscar + image: "srisco/oscar:2.0.0-preview" + imagePullPolicy: Always + securityContext: + readOnlyRootFilesystem: true + runAsUser: 10001 + livenessProbe: + httpGet: + path: /health + port: 8080 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /health + port: 8080 + timeoutSeconds: 5 + env: + - name: OSCAR_USERNAME + value: admin + - name: OSCAR_PASSWORD + value: password + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: + - name: MINIO_TLS_VERIFY + value: "false" + ports: + - name: http + containerPort: 8080 + protocol: TCP + resources: + requests: + cpu: 200m + memory: 256Mi + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/master: '' \ No newline at end of file diff --git a/deploy/yaml/oscar-ingress.yaml b/deploy/yaml/oscar-ingress.yaml new file mode 100644 index 00000000..6d45284a --- /dev/null +++ b/deploy/yaml/oscar-ingress.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + namespace: oscar + name: oscar + annotations: + #nginx.ingress.kubernetes.io/rewrite-target: / + kubernetes.io/ingress.class: nginx +spec: + rules: + - http: + paths: + - backend: + serviceName: oscar + servicePort: 8080 + path: / \ No newline at end of file diff --git a/deploy/yaml/oscar-namespaces.yaml b/deploy/yaml/oscar-namespaces.yaml new file mode 100644 index 00000000..8e86a0d7 --- /dev/null +++ b/deploy/yaml/oscar-namespaces.yaml @@ -0,0 +1,10 @@ + +apiVersion: v1 +kind: Namespace +metadata: + name: oscar +--- +apiVersion: v1 +kind: Namespace +metadata: + name: oscar-svc diff --git a/deploy/yaml/oscar-rbac.yaml b/deploy/yaml/oscar-rbac.yaml new file mode 100644 index 00000000..55958ab2 --- /dev/null +++ b/deploy/yaml/oscar-rbac.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: oscar-sa + namespace: oscar +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: oscar-controller + namespace: oscar-svc +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - podtemplates + - configmaps + verbs: + - get + - list + - watch + - create + - delete + - update +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete + - deletecollection +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: oscar-controller-binding + namespace: oscar-svc +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: oscar-controller +subjects: +- kind: ServiceAccount + name: oscar-sa + namespace: oscar \ No newline at end of file diff --git a/deploy/yaml/oscar-service.yaml b/deploy/yaml/oscar-service.yaml new file mode 100644 index 00000000..f77b9978 --- /dev/null +++ b/deploy/yaml/oscar-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: oscar + namespace: oscar +spec: + ports: + - name: endpoint + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: oscar \ No newline at end of file diff --git a/deploy/yaml/oscar-volume.yaml b/deploy/yaml/oscar-volume.yaml new file mode 100644 index 00000000..84216239 --- /dev/null +++ b/deploy/yaml/oscar-volume.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: oscar-pvc + namespace: oscar-svc +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 2Gi diff --git a/deploy/yaml/populate-oscar-volume-job.yaml b/deploy/yaml/populate-oscar-volume-job.yaml new file mode 100644 index 00000000..a11fca29 --- /dev/null +++ b/deploy/yaml/populate-oscar-volume-job.yaml @@ -0,0 +1,24 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: populate-volume-job + namespace: oscar-svc +spec: + template: + spec: + containers: + - name: download + image: busybox + command: ["/bin/sh", "-c"] + args: ["wget https://github.com/grycap/faas-supervisor/releases/download/1.2.4-beta1/supervisor -O /data/supervisor \ + && chmod +x /data/supervisor \ + && wget https://github.com/openfaas/faas/releases/download/0.18.10/fwatchdog -O /data/fwatchdog \ + && chmod +x /data/fwatchdog"] + volumeMounts: + - name: oscar-vol + mountPath: /data + restartPolicy: Never + volumes: + - name: oscar-vol + persistentVolumeClaim: + claimName: oscar-pvc