Skarlso · November 29, 2019 07:31
diff --git a/athens_deployment.yaml b/athens_deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  namespace: athens
  name: athens-app
  labels:
    app: athens
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: athens
  template:
    metadata:
      labels:
        app: athens
        app.kubernetes.io/name: athens
        app.kubernetes.io/instance: athens
    spec:
      containers:
      - name: athens
        image: gomods/athens:v0.5.0
        livenessProbe:
          httpGet:
            path: "/healthz"
            port: 3000
        readinessProbe:
          httpGet:
            path: "/readyz"
            port: 3000
        env:
          - name: ATHENS_GOGET_WORKERS
            value: "3"
          - name: ATHENS_STORAGE_TYPE
            value: "disk"
          - name: ATHENS_DISK_STORAGE_ROOT
            value: /var/lib/athens
        ports:
          - containerPort: 3000
            name: athens-http
        volumeMounts:
          - name: athens-data
            mountPath: /var/lib/athens
            subPath: athens
      volumes:
        - name: athens-data
          persistentVolumeClaim:
            claimName: athens-storage
diff --git a/athens_ingress_resource.yaml b/athens_ingress_resource.yaml
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  namespace: athens
  name: athens-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
    certmanager.k8s.io/acme-challenge-type: http01
    nginx.ingress.kubernetes.io/rewrite-target: /
 spec:
  tls:
  - hosts:
    - athens.example.org
    secretName: athens-tls
  rules:
  - host: athens.example.org
    http:
      paths:
      - backend:
          serviceName: athens
          servicePort: 80
        path: /
diff --git a/athens_nginx_ingress.yaml b/athens_nginx_ingress.yaml
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app: nginx-ingress
    release: nginx-ingress
  name: nginx-ingress-controller
  namespace: default
 spec:
  externalTrafficPolicy: Cluster
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: https
  - name: http
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-ingress
    component: controller
    release: nginx-ingress
  sessionAffinity: None
  type: LoadBalancer
diff --git a/athens_pvc.yaml b/athens_pvc.yaml
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  namespace: athens
  name: athens-storage
 spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: do-block-storage
diff --git a/athens_service.yaml b/athens_service.yaml
 kind: Service
 apiVersion: v1
 metadata:
  namespace: athens
  name: athens
  labels:
    app: athens
    app.kubernetes.io/name: athens
    app.kubernetes.io/instance: athens
 spec:
  selector:
    app: athens
    app.kubernetes.io/name: athens
    app.kubernetes.io/instance: athens
  ports:
  - port: 80
    targetPort: 3000
diff --git a/lets-encrypt-cluster-issuer.yaml b/lets-encrypt-cluster-issuer.yaml
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-prod
 spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: [email protected]
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    http01: {}
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	namespace: athens
	name: athens-app
	labels:
	app: athens
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: athens
	template:
	metadata:
	labels:
	app: athens
	app.kubernetes.io/name: athens
	app.kubernetes.io/instance: athens
	spec:
	containers:
	- name: athens
	image: gomods/athens:v0.5.0
	livenessProbe:
	httpGet:
	path: "/healthz"
	port: 3000
	readinessProbe:
	httpGet:
	path: "/readyz"
	port: 3000
	env:
	- name: ATHENS_GOGET_WORKERS
	value: "3"
	- name: ATHENS_STORAGE_TYPE
	value: "disk"
	- name: ATHENS_DISK_STORAGE_ROOT
	value: /var/lib/athens
	ports:
	- containerPort: 3000
	name: athens-http
	volumeMounts:
	- name: athens-data
	mountPath: /var/lib/athens
	subPath: athens
	volumes:
	- name: athens-data
	persistentVolumeClaim:
	claimName: athens-storage
	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	namespace: athens
	name: athens-ingress
	annotations:
	kubernetes.io/ingress.class: "nginx"
	certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
	certmanager.k8s.io/acme-challenge-type: http01
	nginx.ingress.kubernetes.io/rewrite-target: /
	spec:
	tls:
	- hosts:
	- athens.example.org
	secretName: athens-tls
	rules:
	- host: athens.example.org
	http:
	paths:
	- backend:
	serviceName: athens
	servicePort: 80
	path: /
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: nginx-ingress
	release: nginx-ingress
	name: nginx-ingress-controller
	namespace: default
	spec:
	externalTrafficPolicy: Cluster
	ports:
	- name: https
	port: 443
	protocol: TCP
	targetPort: https
	- name: http
	port: 80
	protocol: TCP
	targetPort: 80
	selector:
	app: nginx-ingress
	component: controller
	release: nginx-ingress
	sessionAffinity: None
	type: LoadBalancer
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	namespace: athens
	name: athens-storage
	spec:
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: 10Gi
	storageClassName: do-block-storage
	apiVersion: certmanager.k8s.io/v1alpha1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod
	spec:
	acme:
	# The ACME server URL
	server: https://acme-v02.api.letsencrypt.org/directory
	# Email address used for ACME registration
	email: [email protected]
	# Name of a secret used to store the ACME account private key
	privateKeySecretRef:
	name: letsencrypt-prod
	# Enable the HTTP-01 challenge provider
	http01: {}