Skip to content
This repository has been archived by the owner on Jun 9, 2024. It is now read-only.

Commit

Permalink
Merge pull request #255 from JensDll/staging
Browse files Browse the repository at this point in the history
github-actions: merge staging into main
  • Loading branch information
JensDll committed Jun 3, 2023
2 parents 00fb211 + 4442487 commit f9310d7
Show file tree
Hide file tree
Showing 31 changed files with 233 additions and 310 deletions.
39 changes: 39 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,45 @@ $RECYCLE.BIN/
!.vscode/launch.json
!.vscode/extensions.json

##
## Terraform
##

# Local .terraform directories
**/.terraform/*

# .tfstate files
*.tfstate
*.tfstate.*

# Crash log files
crash.log
crash.*.log

# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json

# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# Include override files you do wish to add to version control using negated pattern
# !example_override.tf

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
*tfplan*

# Ignore CLI configuration files
.terraformrc
terraform.rc

##
## Others
##
Expand Down
Empty file.
File renamed without changes.
1 change: 1 addition & 0 deletions deploy/kube/infrastructure/cert_manager/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
installCRDs: true
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
installCRDs: true
metrics:
prometheus: null
globalArguments: ""
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: web-cert
name: app-cert
namespace: services
spec:
secretName: web-cert
secretName: app-cert
dnsNames:
- steganography.app
- www.steganography.app
Expand Down
23 changes: 23 additions & 0 deletions deploy/kube/services/app/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
appsettings.json: |
{
"Kestrel": {
"Endpoints": {
"Https": {
"Url": "https://0.0.0.0:8443",
"Path": "/usr/local/certs/tls.crt",
"KeyPath": "/usr/local/certs/tls.key"
}
},
"Limits": {
"MaxRequestBodySize": 31457280
}
},
"HttpHeaders": {
"ContentSecurityPolicy": "default-src 'self';upgrade-insecure-requests;script-src 'self' 'sha256-8atrH6Pge+As3TgWrRwcD2pUDCYuTIBfIIqQGFDl3eA=';form-action 'none';img-src 'self' data: blob:; connect-src 'self' sentry.io;report-uri https://o4504621394165760.ingest.sentry.io/api/4504621566001152/security/?sentry_key=ab4ccfc57221482aafb411c6b9b4744a"
}
}
Original file line number Diff line number Diff line change
@@ -1,26 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-deployment
name: app-deployment
spec:
replicas: 2
selector:
matchLabels:
app: api
app: app
revisionHistoryLimit: 4
strategy:
type: Recreate
template:
metadata:
labels:
app: api
app: app
spec:
automountServiceAccountToken: false
imagePullSecrets:
- name: docker-pull
volumes:
- name: appsettings
configMap:
name: app-config
items:
- key: appsettings.json
path: appsettings.json
- name: cert
secret:
secretName: app-cert
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
mode: 0004
containers:
- name: api
image: jensdll/steganography:api.latest
- name: app
image: jensdll/steganography:app.latest
imagePullPolicy: Always
securityContext:
capabilities:
Expand All @@ -33,34 +49,18 @@ spec:
allowPrivilegeEscalation: false
volumeMounts:
- name: appsettings
mountPath: /app/Properties/
mountPath: /app/properties/
readOnly: true
- name: cert
mountPath: /usr/local/certs/
readOnly: true
resources:
requests:
cpu: '450m'
memory: '768Mi'
cpu: "256m"
memory: "768Mi"
limits:
cpu: '700m'
memory: '1024Mi'
cpu: "512m"
memory: "1024Mi"
ports:
- containerPort: 8433
protocol: TCP
volumes:
- name: appsettings
configMap:
name: api-config
items:
- key: appsettings.json
path: appsettings.json
- name: cert
secret:
secretName: api-cert
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
mode: 0004
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: web-route-tcp
name: app-route-tcp
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`steganography.app`) || HostSNI(`www.steganography.app`)
services:
- name: web-service
- name: app-service
port: websecure
tls:
passthrough: true
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: web-service
name: app-service
spec:
type: ClusterIP
selector:
app: web
app: app
ports:
- name: websecure
port: 8443
Expand Down
File renamed without changes.
10 changes: 10 additions & 0 deletions deploy/kube/services/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: services

resources:
- app/config.yaml
- app/deployment.yaml
- app/service.yaml
- app/route.yaml
File renamed without changes.
14 changes: 0 additions & 14 deletions deploy/services/api/certificate.yaml

This file was deleted.

23 changes: 0 additions & 23 deletions deploy/services/api/config.yaml

This file was deleted.

14 changes: 0 additions & 14 deletions deploy/services/api/route.yaml

This file was deleted.

12 changes: 0 additions & 12 deletions deploy/services/api/service.yaml

This file was deleted.

14 changes: 0 additions & 14 deletions deploy/services/kustomization.yaml

This file was deleted.

Loading

0 comments on commit f9310d7

Please sign in to comment.