Created
August 20, 2019 13:24
-
-
Save veggiemonk/623a51ea47fe41a6ea255ec06ba6bc0c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: atlantis | |
| labels: | |
| app: atlantis | |
| spec: | |
| type: LoadBalancer | |
| loadBalancerIP: ${load_balancer_ip} | |
| externalTrafficPolicy: Local | |
| selector: | |
| app: atlantis | |
| ports: | |
| - name: atlantis-port | |
| port: 443 | |
| targetPort: ${atlantis_port} | |
| protocol: TCP | |
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| type: kubernetes.io/tls | |
| metadata: | |
| name: atlantis-tls | |
| data: | |
| tls.crt: ${tls_cert} | |
| tls.key: ${tls_key} | |
| --- | |
| apiVersion: v1 | |
| kind: Secret | |
| type: Opaque | |
| metadata: | |
| name: github | |
| data: | |
| github_token: ${github_token} | |
| webhook_secret: ${webhook_secret} | |
| --- | |
| apiVersion: policy/v1beta1 | |
| kind: PodDisruptionBudget | |
| metadata: | |
| name: atlantis | |
| spec: | |
| maxUnavailable: 1 | |
| selector: | |
| matchLabels: | |
| app: atlantis | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: atlantis | |
| labels: | |
| app: atlantis | |
| spec: | |
| replicas: ${num_atlantis_pods} | |
| selector: | |
| matchLabels: | |
| app: atlantis | |
| template: | |
| metadata: | |
| labels: | |
| app: atlantis | |
| spec: | |
| affinity: | |
| podAntiAffinity: | |
| preferredDuringSchedulingIgnoredDuringExecution: | |
| - weight: 60 | |
| podAffinityTerm: | |
| labelSelector: | |
| matchExpressions: | |
| - key: app | |
| operator: In | |
| values: ["atlantis"] | |
| topologyKey: kubernetes.io/hostname | |
| terminationGracePeriodSeconds: 10 | |
| securityContext: | |
| fsGroup: 1000 # Atlantis group (1000) read/write access to volumes. | |
| containers: | |
| - name: atlantis | |
| image: "${atlantis_container}" | |
| imagePullPolicy: Always | |
| args: ["server"] | |
| ports: | |
| - containerPort: ${atlantis_port} | |
| name: atlantis-port | |
| protocol: TCP | |
| resources: | |
| requests: | |
| cpu: "500m" | |
| memory: "512Mi" | |
| volumeMounts: | |
| - name: atlantis-tls | |
| mountPath: /etc/atlantis/tls | |
| - name: atlantis-data | |
| mountPath: /atlantis-data | |
| env: | |
| - name: ATLANTIS_LOG_LEVEL | |
| value: ${atlantis_log_level} | |
| - name: ATLANTIS_PORT | |
| value: "${atlantis_port}" | |
| - name: ATLANTIS_ATLANTIS_URL | |
| value: https://${load_balancer_ip} | |
| - name: ATLANTIS_GH_TOKEN | |
| valueFrom: | |
| secretKeyRef: | |
| name: github | |
| key: github_token | |
| - name: ATLANTIS_GH_USER | |
| value: ${github_user} | |
| - name: ATLANTIS_GH_WEBHOOK_SECRET | |
| valueFrom: | |
| secretKeyRef: | |
| name: github | |
| key: webhook_secret | |
| - name: ATLANTIS_REPO_WHITELIST | |
| value: ${repo_whitelist} | |
| - name: ATLANTIS_DATA_DIR | |
| value: /atlantis-data | |
| - name: ATLANTIS_REPO_CONFIG_JSON | |
| value: '${atlantis_config}' | |
| - name: ATLANTIS_SSL_CERT_FILE | |
| value: /etc/atlantis/tls/tls.crt | |
| - name: ATLANTIS_SSL_KEY_FILE | |
| value: /etc/atlantis/tls/tls.key | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: ${atlantis_port} | |
| scheme: HTTPS | |
| initialDelaySeconds: 5 | |
| periodSeconds: 60 | |
| successThreshold: 1 | |
| failureThreshold: 3 | |
| readinessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: ${atlantis_port} | |
| scheme: HTTPS | |
| initialDelaySeconds: 5 | |
| periodSeconds: 60 | |
| volumes: | |
| - name: atlantis-tls | |
| secret: | |
| secretName: atlantis-tls | |
| - name: atlantis-data | |
| persistentVolumeClaim: | |
| claimName: atlantis-nfs | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: nfs-server | |
| spec: | |
| ports: | |
| - name: nfs | |
| port: 2049 | |
| - name: mountd | |
| port: 20048 | |
| - name: rpcbind | |
| port: 111 | |
| selector: | |
| role: nfs-server | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: nfs-server | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| role: nfs-server | |
| template: | |
| metadata: | |
| labels: | |
| role: nfs-server | |
| spec: | |
| containers: | |
| - name: nfs-server | |
| image: gcr.io/google_containers/volume-nfs:0.8 | |
| ports: | |
| - name: nfs | |
| containerPort: 2049 | |
| - name: mountd | |
| containerPort: 20048 | |
| - name: rpcbind | |
| containerPort: 111 | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - mountPath: /data | |
| name: nfs-pvc | |
| volumes: | |
| - name: nfs-pvc | |
| gcePersistentDisk: | |
| pdName: ${nfs-disk} | |
| fsType: ext4 | |
| --- | |
| apiVersion: v1 | |
| kind: PersistentVolume | |
| metadata: | |
| name: atlantis-nfs | |
| labels: | |
| name: atlantis-nfs | |
| spec: | |
| capacity: | |
| storage: 5Gi | |
| storageClassName: standard | |
| accessModes: | |
| - ReadWriteMany | |
| nfs: | |
| server: nfs-server.default.svc.cluster.local | |
| path: "/" | |
| --- | |
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| name: atlantis-nfs | |
| spec: | |
| accessModes: | |
| - ReadWriteMany | |
| resources: | |
| requests: | |
| storage: 5Gi | |
| selector: | |
| matchLabels: | |
| name: atlantis-nfs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment