Aner Zakobar
119 lines
2.8 KiB
YAML
119 lines
2.8 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: baikal-data-pvc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: longhorn
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: baikal-config-pvc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: longhorn
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: baikal
|
|
labels:
|
|
app: baikal
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: baikal
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: baikal
|
|
spec:
|
|
containers:
|
|
- name: baikal
|
|
image: ckulka/baikal-docker
|
|
imagePullPolicy: IfNotPresent
|
|
ports:
|
|
- name: dav
|
|
containerPort: 80
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /var/www/baikal/config
|
|
subPath: config
|
|
- name: data
|
|
mountPath: /var/www/baikal/Specific
|
|
subPath: Specific
|
|
restartPolicy: Always
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: baikal-data-pvc
|
|
- name: config
|
|
persistentVolumeClaim:
|
|
claimName: baikal-config-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: baikal
|
|
labels:
|
|
app.kubernetes.io/name: baikal
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- name: dav
|
|
port: 80
|
|
targetPort: 80
|
|
selector:
|
|
app.kubernetes.io/name: baikal
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: baikal
|
|
annotations:
|
|
kubernetes.io/ingress.allow-http: "false"
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/auth-method: GET
|
|
nginx.ingress.kubernetes.io/auth-url: http://authelia.{{ .Release.Namespace }}.svc.cluster.local:9091/api/verify
|
|
nginx.ingress.kubernetes.io/auth-signin: https://auth.{{ .Values.homey.url }}?rm=$request_method
|
|
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
|
nginx.ingress.kubernetes.io/auth-snippet: |
|
|
proxy_set_header X-Forwarded-Method $request_method;
|
|
auth_request_set $user $upstream_http_remote_user;
|
|
auth_request_set $groups $upstream_http_remote_groups;
|
|
auth_request_set $name $upstream_http_remote_name;
|
|
auth_request_set $email $upstream_http_remote_email;
|
|
proxy_set_header X-Remote-User $user;
|
|
proxy_set_header X-Remote-Fullname $name;
|
|
proxy_set_header X-Remote-Email $email;
|
|
spec:
|
|
ingressClassName: {{ .Values.homey.ingress_class }}
|
|
tls:
|
|
- hosts:
|
|
- dav.{{ .Values.homey.url }}
|
|
secretName: {{ .Values.homey.certname }}
|
|
rules:
|
|
- host: dav.{{ .Values.homey.url }}
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: baikal
|
|
port:
|
|
number: 80
|
|
---
|