From b8137c2e8713360d4239e244a861cb385df3cb11 Mon Sep 17 00:00:00 2001 From: Krzysztof Warunek Date: Fri, 20 Sep 2024 13:55:31 +0200 Subject: [PATCH] example k8s deployment --- deployment/aws-credentials.yaml | 10 +++++ deployment/certs.yaml | 9 +++++ deployment/deployment.yaml | 66 +++++++++++++++++++++++++++++++++ deployment/service.yaml | 15 ++++++++ 4 files changed, 100 insertions(+) create mode 100644 deployment/aws-credentials.yaml create mode 100644 deployment/certs.yaml create mode 100644 deployment/deployment.yaml create mode 100644 deployment/service.yaml diff --git a/deployment/aws-credentials.yaml b/deployment/aws-credentials.yaml new file mode 100644 index 0000000..1b4dbc7 --- /dev/null +++ b/deployment/aws-credentials.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aws-ecr-http-proxy-aws-credentials + namespace: kube-system +type: Opaque +data: + aws_access_key_id: __base64_encoded_access_key_id__ + aws_secret_access_key: __base64_encoded_secret_access_key__ + diff --git a/deployment/certs.yaml b/deployment/certs.yaml new file mode 100644 index 0000000..bb9d3a2 --- /dev/null +++ b/deployment/certs.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aws-ecr-http-proxy-ssl-certs + namespace: kube-system +type: Opaque +data: + ssl.cert: __base64_encoded_cert__ + ssl.key: __base64_encoded_key__ diff --git a/deployment/deployment.yaml b/deployment/deployment.yaml new file mode 100644 index 0000000..bc278a2 --- /dev/null +++ b/deployment/deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aws-ecr-http-proxy + namespace: kube-system + labels: + app: aws-ecr-http-proxy +spec: + replicas: 1 + selector: + matchLabels: + app: aws-ecr-http-proxy + template: + metadata: + labels: + app: aws-ecr-http-proxy + spec: + containers: + - name: aws-ecr-http-proxy + image: kwarunek/aws-ecr-http-proxy:2.0.1 + resources: + limits: + cpu: "500m" + memory: "512Mi" + requests: + cpu: "250m" + memory: "256Mi" + ports: + - containerPort: 5000 + env: + - name: PORT + value: "5000" + - name: RESOLVER + value: "8.8.8.8" + - name: ECR + value: "https://_____ACCOUNT_ID______.dkr.ecr.eu-central-1.amazonaws.com" + - name: CACHE_MAX_SIZE + value: "75g" + - name: ENABLE_SSL + value: "true" + - name: SSL_KEY + value: "/opt/ssl/ssl.key" + - name: SSL_CERTIFICATE + value: "/opt/ssl/ssl.cert" + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-ecr-http-proxy-aws-credentials + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-ecr-http-proxy-aws-credentials + key: AWS_SECRET_ACCESS_KEY + volumeMounts: + - name: ssl-certs + mountPath: /opt/ssl + readOnly: true + - name: cache-volume + mountPath: /cache + volumes: + - name: cache-volume + emptyDir: {} + - name: ssl-certs + secret: + secretName: aws-ecr-http-proxy-ssl-certs diff --git a/deployment/service.yaml b/deployment/service.yaml new file mode 100644 index 0000000..8acda98 --- /dev/null +++ b/deployment/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: aws-ecr-http-proxy + namespace: kube-system + labels: + app: aws-ecr-http-proxy +spec: + type: ClusterIP + ports: + - port: 5000 + targetPort: 5000 + protocol: TCP + selector: + app: aws-ecr-http-proxy