tec3/ublue-forge
tec3/ublue-forge
1
0
Fork 0
mirror of https://github.com/ublue-os/forge.git synced 2025-04-04 14:13:43 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
ublue-forge/forge-pod.yml
Stephan Lüscher b213c826cf
fix(registry): disable performance constraints (#52) 
trying to avoid 'StatusCode: 499, Client Closed Request'
2024-05-26 18:53:19 +00:00

133 lines
3.9 KiB
YAML
Raw Permalink Blame History

# uBlue-OS forge podman deployment
## variables will be replaces with envsubst when invoked via forge.sh
---
apiVersion: v1
kind: Pod
metadata:
name: ${FORGE_POD_NAME_REVERSE_PROXY}
labels:
traefik.enable: true
traefik.http.routers.traefik-dashboard.entrypoints: web,websecure
traefik.http.routers.traefik-dashboard.rule: Host(`traefik.${FORGE_DOMAIN_NAME}`)
traefik.http.services.traefik-dashboard.loadbalancer.server.port: 8080
traefik.http.routers.traefik-dashboard.service: api@internal
spec:
securityContext:
seLinuxOptions:
type: "container_runtime_t" # needed for podman.sock access
restartPolicy: OnFailure
volumes:
- name: podman-socket
hostPath:
path: ${FORGE_PODMAN_SOCKET_PATH}
type: Socket
- name: ublue-os_forge-certs-pvc
persistentVolumeClaim:
claimName: ublue-os_forge-certs
containers:
- name: traefik.${FORGE_DOMAIN_NAME}
image: traefik # will be built on pod start
volumeMounts:
- mountPath: /var/run/podman.sock
name: podman-socket
readOnly: true
- mountPath: /certs
name: ublue-os_forge-certs-pvc
ports:
- containerPort: 80
hostPort: 80
protocol: TCP
- containerPort: 443
hostPort: 443
protocol: TCP
- containerPort: 8080
hostPort: 8080
protocol: TCP
initContainers:
- name: minica.${FORGE_DOMAIN_NAME}
image: minica
volumeMounts:
- mountPath: /certs
name: ublue-os_forge-certs-pvc
---
apiVersion: v1
kind: Pod
metadata:
name: ${FORGE_POD_NAME_REGISTRY}
labels:
traefik.enable: true
traefik.http.routers.registry.entryPoints: web,websecure
traefik.http.services.registry.loadbalancer.server.port: 5000
traefik.http.services.registry.loadbalancer.server.scheme: https
traefik.http.routers.registry.rule: Host(`registry.${FORGE_DOMAIN_NAME}`)
spec:
restartPolicy: OnFailure
volumes:
- name: ublue-os_forge-certs-pvc
persistentVolumeClaim:
claimName: ublue-os_forge-certs
- name: ublue-os_forge-registry-pvc
persistentVolumeClaim:
claimName: ublue-os_forge-registry
containers:
- name: docker.${FORGE_DOMAIN_NAME}
image: registry # will be built on pod start
volumeMounts:
- mountPath: /certs
name: ublue-os_forge-certs-pvc
subPath: _.${FORGE_DOMAIN_NAME}
- mountPath: /var/lib/registry
name: ublue-os_forge-registry-pvc
ports:
- containerPort: 5000
protocol: TCP
---
apiVersion: v1
kind: Pod
metadata:
name: ${FORGE_POD_NAME_ANVIL}
labels:
traefik.enable: true
traefik.http.routers.forge.entrypoints: web,websecure
traefik.http.routers.forge.rule: Host(`forge.${FORGE_DOMAIN_NAME}`)
traefik.http.services.forge.loadbalancer.server.port: 3000
spec:
restartPolicy: OnFailure
volumes:
- name: ublue-os_forge-certs-pvc
persistentVolumeClaim:
claimName: ublue-os_forge-certs
- name: ublue-os_forge-data-pvc
persistentVolumeClaim:
claimName: ublue-os_forge-data
hostAliases:
- ip: ${FORGE_HOST_IP_ADDRESS}
hostnames:
- registry.${FORGE_DOMAIN_NAME}
containers:
- name: ansible.${FORGE_DOMAIN_NAME}
image: anvil # will be built on pod start
volumeMounts:
- mountPath: /certs
name: ublue-os_forge-certs-pvc
readOnly: true
- mountPath: /data
name: ublue-os_forge-data-pvc
env:
- name: ANSIBLE_HOST_USER
valueFrom:
secretKeyRef:
name: ublue-os_forge-secure
key: ANSIBLE_HOST_USER
- name: ANSIBLE_HOST_BECOME_PASSWORD
valueFrom:
secretKeyRef:
name: ublue-os_forge-secure
key: ANSIBLE_HOST_BECOME_PASSWORD
ports:
- containerPort: 3000
protocol: TCP
Reference in a new issue View git blame Copy permalink