add node-red-1 instance
This commit is contained in:
parent
6e86ffa7a6
commit
5dbc67b63d
138
node-red/node-red-1.yaml
Normal file
138
node-red/node-red-1.yaml
Normal file
|
@ -0,0 +1,138 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
deployment.kubernetes.io/revision: "3"
|
||||
creationTimestamp: "2023-03-26T23:49:50Z"
|
||||
generation: 5
|
||||
labels:
|
||||
app: node-red-1
|
||||
name: node-red-1
|
||||
namespace: node-red
|
||||
resourceVersion: "114759861"
|
||||
uid: 437f3f19-da65-4e5e-ac20-e631792825ac
|
||||
spec:
|
||||
progressDeadlineSeconds: 600
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
selector:
|
||||
matchLabels:
|
||||
app: node-red-1
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 25%
|
||||
maxUnavailable: 25%
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
vault.hashicorp.com/agent-inject: "true"
|
||||
vault.hashicorp.com/agent-inject-secret-config.cfg: x
|
||||
vault.hashicorp.com/agent-inject-template-config.cfg: |
|
||||
cookie_secret='0ViLJk3i3NNRaTvoIFlXaA=='
|
||||
cookie_domains=['werts.us']
|
||||
whitelist_domains=[".werts.us"]
|
||||
# only users with this domain will be let in
|
||||
email_domains=["werts.us","strudelline.net","andariese.net"]
|
||||
|
||||
{{- with secret "kvv2/data/k8s-ns/node-red/node-red-1-werts-oidc" }}
|
||||
client_id="{{ .Data.data.client_id }}"
|
||||
client_secret="{{ .Data.data.client_secret }}"
|
||||
{{- end }}
|
||||
cookie_secure="false"
|
||||
|
||||
redirect_url="https://red-1.werts.us/oauth2/callback"
|
||||
|
||||
upstreams = [ "http://localhost:1880" ]
|
||||
skip_auth_routes = [
|
||||
"!=^/admin(/.*)?$"
|
||||
]
|
||||
|
||||
reverse_proxy = true
|
||||
set_xauthrequest = true
|
||||
|
||||
provider="oidc"
|
||||
oidc_issuer_url="https://auth.werts.us/realms/werts"
|
||||
vault.hashicorp.com/role: default
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app: node-red-1
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: CHROMIUM_USER_FLAGS
|
||||
value: --no-sandbox --disable-setuid-sandbox
|
||||
image: jamesandariese/node-red-with-chrome
|
||||
imagePullPolicy: Always
|
||||
name: node-red-1
|
||||
resources: {}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: data-pv
|
||||
- image: haproxy
|
||||
imagePullPolicy: Always
|
||||
name: haproxy
|
||||
resources: {}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
volumeMounts:
|
||||
- mountPath: /usr/local/etc/haproxy
|
||||
name: haproxy-config
|
||||
readOnly: true
|
||||
- args:
|
||||
- --http-address=0.0.0.0:4180
|
||||
- --config=/vault/secrets/config.cfg
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /ping
|
||||
port: http
|
||||
scheme: HTTP
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
name: oauth2-proxy
|
||||
ports:
|
||||
- containerPort: 4180
|
||||
name: http
|
||||
protocol: TCP
|
||||
resources: {}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
dnsPolicy: ClusterFirst
|
||||
restartPolicy: Always
|
||||
schedulerName: default-scheduler
|
||||
securityContext: {}
|
||||
terminationGracePeriodSeconds: 30
|
||||
volumes:
|
||||
- name: data-pv
|
||||
nfs:
|
||||
path: /volume1/k8s-volumes/node-red-1
|
||||
server: 172.16.18.1
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
name: node-red-1-haproxy-config
|
||||
name: haproxy-config
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: node-red-1
|
||||
namespace: node-red
|
||||
spec:
|
||||
ingressClassName: istio
|
||||
rules:
|
||||
- host: red-1.werts.us
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: node-red-1
|
||||
port:
|
||||
number: 4180
|
Loading…
Reference in New Issue
Block a user