ublue-forge/forge-pod.yml

# uBlue-OS forge podman deployment
---
apiVersion: v1
kind: Pod
metadata:
  name: ublue-os_forge
spec:
  restartPolicy: OnFailure
  volumes:
    - name: ublue-os_forge-certs-pvc
      persistentVolumeClaim:
        claimName: ublue-os_forge-certs

    - name: ublue-os_forge-registry-pvc
      persistentVolumeClaim:
        claimName: ublue-os_forge-registry

    - name: ublue-os_forge-semaphore-pvc
      persistentVolumeClaim:
        claimName: ublue-os_forge-semaphore

  containers:
    - name: rvproxy.ublue.local
      image: rvproxy
      resources:
        limits:
          memory: 128Mi
          cpu: 200m
      volumeMounts:
        - mountPath: /certs
          name: ublue-os_forge-certs-pvc
      ports:
        - containerPort: 443
          hostPort: 443
          protocol: TCP

    - name: registry.ublue.local
      image: registry
      resources:
        limits:
          memory: 512Mi
          cpu: 200m
      volumeMounts:
        - mountPath: /certs
          name: ublue-os_forge-certs-pvc
          subPath: _.ublue.local
        - mountPath: /var/lib/registry
          name: ublue-os_forge-registry-pvc
      ports:
        - containerPort: 5000
          protocol: TCP

    - name: semaphore.ublue.local
      image: semaphore
      resources:
        limits:
          memory: 512Mi
          cpu: 200m
      volumeMounts:
        - mountPath: /var/lib/semaphore
          name: ublue-os_forge-semaphore-pvc
        - mountPath: /certs
          subPath: ssh
          name: ublue-os_forge-certs-pvc
          readOnly: true
      ports:
        - containerPort: 3000
          protocol: TCP

    - name: setup.ublue.local
      image: setup
      volumeMounts:
        - mountPath: /certs
          name: ublue-os_forge-certs-pvc
          readOnly: true
      env:
        - name: ANSIBLE_FORGE_HOST_USER
          valueFrom:
            secretKeyRef:
              name: ublue-os_forge-secure
              key: ANSIBLE_FORGE_HOST_USER

        - name: ANSIBLE_FORGE_HOST_BECOME_PASSWORD
          valueFrom:
            secretKeyRef:
              name: ublue-os_forge-secure
              key: ANSIBLE_FORGE_HOST_BECOME_PASSWORD
      workingDir: /ansible
      command:
        - ansible-playbook
      args:
        - main.yml
      resources:
        limits:
          memory: 512Mi
          cpu: 200m

  initContainers:
    - name: minica.ublue.local
      image: minica
      volumeMounts:
        - mountPath: /certs
          name: ublue-os_forge-certs-pvc