apiVersion: v1 kind: Secret metadata: name: node-red namespace: node-red annotations: kube-1password: to62npgx5vvlknphuytg7qgrny kube-1password/vault: Kubernetes kube-1password/secret-text-key: settings.js type: Opaque --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: node-red namespace: node-red spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi --- apiVersion: v1 kind: Service metadata: name: node-red namespace: node-red spec: type: ClusterIP ports: - port: 80 targetPort: web name: web selector: app: node-red --- apiVersion: apps/v1 kind: Deployment metadata: name: node-red namespace: node-red spec: replicas: 1 selector: matchLabels: app: node-red template: metadata: labels: app: node-red spec: securityContext: fsGroup: 1000 initContainers: - name: config-copy image: bash:latest imagePullPolicy: IfNotPresent args: - -c - | cp /config/settings.js /data/ volumeMounts: - name: config mountPath: /config/settings.js subPath: settings.js - name: data mountPath: /data containers: - name: web image: nodered/node-red:2.2.3-12 imagePullPolicy: Always ports: - containerPort: 1880 name: web volumeMounts: - name: data mountPath: /data volumes: - name: config secret: secretName: node-red - name: data persistentVolumeClaim: claimName: node-red --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: node-red namespace: node-red annotations: cert-manager.io/cluster-issuer: letsencrypt nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: tls: - hosts: - nodered.cluster.fun secretName: node-red-ingress rules: - host: nodered.cluster.fun http: paths: - path: / pathType: ImplementationSpecific backend: service: name: node-red port: number: 80