example k8s deployment

DreamLab · Sep 20, 2024 · b8137c2 · b8137c2
1 parent c653161
commit b8137c2
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 0 deletions.
diff --git a/deployment/aws-credentials.yaml b/deployment/aws-credentials.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-ecr-http-proxy-aws-credentials
+  namespace: kube-system
+type: Opaque
+data:
+  aws_access_key_id: __base64_encoded_access_key_id__
+  aws_secret_access_key: __base64_encoded_secret_access_key__
+
diff --git a/deployment/certs.yaml b/deployment/certs.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-ecr-http-proxy-ssl-certs
+  namespace: kube-system
+type: Opaque
+data:
+  ssl.cert: __base64_encoded_cert__
+  ssl.key: __base64_encoded_key__
diff --git a/deployment/deployment.yaml b/deployment/deployment.yaml
@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: aws-ecr-http-proxy
+  namespace: kube-system
+  labels:
+    app: aws-ecr-http-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: aws-ecr-http-proxy
+  template:
+    metadata:
+      labels:
+        app: aws-ecr-http-proxy
+    spec:
+      containers:
+      - name: aws-ecr-http-proxy
+        image: kwarunek/aws-ecr-http-proxy:2.0.1
+        resources:
+          limits:
+            cpu: "500m"
+            memory: "512Mi"
+          requests:
+            cpu: "250m"
+            memory: "256Mi"
+        ports:
+        - containerPort: 5000
+        env:
+        - name: PORT
+          value: "5000"
+        - name: RESOLVER
+          value: "8.8.8.8"
+        - name: ECR
+          value: "https://_____ACCOUNT_ID______.dkr.ecr.eu-central-1.amazonaws.com"
+        - name: CACHE_MAX_SIZE
+          value: "75g"
+        - name: ENABLE_SSL
+          value: "true"
+        - name: SSL_KEY
+          value: "/opt/ssl/ssl.key"
+        - name: SSL_CERTIFICATE
+          value: "/opt/ssl/ssl.cert"
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: aws-ecr-http-proxy-aws-credentials
+              key: AWS_ACCESS_KEY_ID
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: aws-ecr-http-proxy-aws-credentials
+              key: AWS_SECRET_ACCESS_KEY
+        volumeMounts:
+        - name: ssl-certs
+          mountPath: /opt/ssl
+          readOnly: true
+        - name: cache-volume
+          mountPath: /cache
+      volumes:
+      - name: cache-volume
+        emptyDir: {}
+      - name: ssl-certs
+        secret:
+          secretName: aws-ecr-http-proxy-ssl-certs
diff --git a/deployment/service.yaml b/deployment/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: aws-ecr-http-proxy
+  namespace: kube-system
+  labels:
+    app: aws-ecr-http-proxy
+spec:
+  type: ClusterIP
+  ports:
+  - port: 5000
+    targetPort: 5000
+    protocol: TCP
+  selector:
+    app: aws-ecr-http-proxy