kind: PersistentVolumeClaim apiVersion: v1 metadata: name: rss-db namespace: rss spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- apiVersion: v1 kind: Secret metadata: name: rss-auth namespace: rss annotations: kube-1password: mr6spkkx7n3memkbute6ojaarm kube-1password/vault: Kubernetes type: Opaque --- apiVersion: v1 kind: Service metadata: name: rss-new namespace: rss spec: type: ClusterIP ports: - port: 80 targetPort: 8000 name: web selector: app: rss --- apiVersion: apps/v1 kind: Deployment metadata: name: rss namespace: rss labels: app: rss spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app: rss template: metadata: labels: app: rss spec: dnsConfig: options: - name: ndots value: "2" containers: - args: - --cookie-secure=false - --provider=oidc - --provider-display-name=Auth0 - --upstream=http://localhost:8080 - --http-address=$(HOST_IP):8000 - --redirect-url=https://rss.cluster.fun/oauth2/callback - --email-domain=marcusnoble.co.uk - --pass-basic-auth=false - --pass-access-token=false - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN env: - name: HOST_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: key: username name: rss-auth - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: key: password name: rss-auth image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 name: oauth-proxy ports: - containerPort: 8000 protocol: TCP resources: limits: memory: 125Mi requests: memory: 125Mi - name: web image: docker.cluster.fun/averagemarcus/gopherss:latest env: - name: PORT value: "8080" - name: DB_PATH value: /data/feeds.db ports: - containerPort: 8080 name: web resources: limits: memory: 308Mi requests: memory: 308Mi volumeMounts: - mountPath: /data name: storage volumes: - name: storage persistentVolumeClaim: claimName: rss-db --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: rss namespace: rss annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/frontend-entry-points: http,https traefik.ingress.kubernetes.io/redirect-entry-point: https traefik.ingress.kubernetes.io/redirect-permanent: "true" spec: tls: - hosts: - rss.cluster.fun secretName: rss-ingress rules: - host: rss.cluster.fun http: paths: - path: / backend: serviceName: rss-new servicePort: 80 ---