forked from usdot-jpo-ode/jpo-cvmanager
-
Notifications
You must be signed in to change notification settings - Fork 2
/
cv-manager-api.yaml
177 lines (177 loc) · 4.9 KB
/
cv-manager-api.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# K8s ManagedCertificate for using SSL/TLS with a domain
# Domain and DNS forwarding to the Ingress endpoint must be configured
apiVersion: networking.gke.io/v1
kind: ManagedCertificate
metadata:
name: cv-manager-api-managed-cert
spec:
domains:
- your-api.domain.com
---
# K8s FrontendConfig for applying SSL certificate to Ingress
# Requires 'cv-manager-api-ssl-policy' SSL policy to exist
apiVersion: networking.gke.io/v1beta1
kind: FrontendConfig
metadata:
name: cv-manager-api-frontend
labels:
app: cv-manager-api
spec:
redirectToHttps:
enabled: true
sslPolicy: cv-manager-api-ssl-policy
---
# NodePort to expose CV Manager web application
apiVersion: v1
kind: Service
metadata:
labels:
app: cv-manager-api
name: cv-manager-api-service-internal
spec:
ports:
- port: 80
protocol: TCP
targetPort: 5000
selector:
app: cv-manager-api
type: NodePort
---
# External HTTP/HTTPS Ingress to internal NodePort
# Requires 'cv-manager-api-ip' as a global static external IP to be reserved
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cv-manager-api-ingress
labels:
app: cv-manager-api
annotations:
kubernetes.io/ingress.regional-static-ip-name: "cv-manager-api-ip"
networking.gke.io/managed-certificates: "cv-manager-api-managed-cert"
networking.gke.io/v1beta1.FrontendConfig: "cv-manager-api-frontend"
spec:
defaultBackend:
service:
name: cv-manager-api-service-internal
port:
number: 80
---
# Limits the number of pods that are down simultaneously
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: cv-manager-api-pdb
spec:
selector:
matchLabels:
app: cv-manager-api
maxUnavailable: 1
---
apiVersion: 'apps/v1'
kind: 'Deployment'
metadata:
name: cv-manager-api
spec:
replicas: 1
selector:
matchLabels:
app: cv-manager-api
template:
metadata:
labels:
app: cv-manager-api
spec:
containers:
- name: cv-manager-api
imagePullPolicy: Always
# Replace image with an actual built jpo-cvmanager API image from an image repository
image: jpoode-cvmanager-api:tag
resources:
requests:
memory: '4Gi'
cpu: '1'
ephemeral-storage: '4Gi'
limits:
memory: '4Gi'
cpu: '1'
ephemeral-storage: '4Gi'
tty: true
stdin: true
ports:
- containerPort: 5000
env:
# Fill out the ENV vars with your own values
- name: CORS_DOMAIN
value: ''
- name: KEYCLOAK_ENDPOINT
value: ""
- name: KEYCLOAK_REALM
value: ""
- name: KEYCLOAK_API_CLIENT_ID
value: ""
- name: KEYCLOAK_API_CLIENT_SECRET_KEY
valueFrom:
secretKeyRef:
name: some-keycloak-secret-name
key: some-keycloak-secret-key
- name: PG_DB_HOST
value: ""
- name: PG_DB_NAME
value: ""
- name: PG_DB_USER
valueFrom:
secretKeyRef:
name: some-postgres-secret-user
key: some-postgres-secret-key
- name: PG_DB_PASS
valueFrom:
secretKeyRef:
name: some-postgres-secret-password
key: some-postgres-secret-key
- name: MONGO_DB_URI
value: ""
- name: MONGO_DB_NAME
value: ""
- name: COUNTS_MSG_TYPES
value: ""
- name: GEO_DB_NAME
value: ""
- name: SSM_DB_NAME
value: ""
- name: SRM_DB_NAME
value: ""
- name: WZDX_ENDPOINT
value: ""
- name: WZDX_API_KEY
value: ""
- name: CSM_EMAIL_TO_SEND_FROM
value: ""
- name: CSM_EMAIL_APP_USERNAME
valueFrom:
secretKeyRef:
name: some_email_secret_name
key: some_email_secret_key
- name: CSM_EMAIL_APP_PASSWORD
valueFrom:
secretKeyRef:
name: some_email_secret_password
key: some_email_secret_key
- name: CSM_TARGET_SMTP_SERVER_ADDRESS
value: ""
- name: CSM_TARGET_SMTP_SERVER_PORT
value: ""
- name: TIMEZONE
value: ""
- name: LOGGING_LEVEL
value: ""
- name: MAX_GEO_QUERY_RECORDS
value: ""
volumeMounts:
- name: cv-manager-service-key
mountPath: /home/secret
tty: true
stdin: true
volumes:
- name: some-service-key
secret:
secretName: some-secret-name