Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
251 lines (187 sloc) 3.55 KB
# ------------------ PERMS----------------------
apiVersion: v1
kind: Namespace
metadata:
name: nectar
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nectar
namespace: nectar
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nectar-cluster-wide-role
namespace: nectar
rules:
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "update", "patch"]
- apiGroups: ["apps"]
resources: ["deployments/scale"]
verbs: ['*']
- apiGroups: [""]
resources: ["services", "events", "endpoints", "pods/logs"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["list"]
- apiGroups: [""]
resources: ["pods", "pods/exec", "pods/attach"]
verbs: ['*']
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nectar-permissions
namespace: nectar
subjects:
- kind: ServiceAccount
name: nectar
namespace: nectar
roleRef:
kind: ClusterRole
name: nectar-cluster-wide-role
apiGroup: rbac.authorization.k8s.io
---
# ------------------ KAPI DEP AND SVC----------------------
apiVersion: apps/v1
kind: Deployment
metadata:
name: kapi
namespace: nectar
labels:
app: kapi
core: "true"
spec:
replicas: 1
selector:
matchLabels:
app: kapi
template:
metadata:
namespace: nectar
labels:
app: kapi
spec:
serviceAccountName: nectar
containers:
- name: main
image: xnectar/kapi:latest
imagePullPolicy: 'Always'
ports:
- containerPort: 5000
env:
- name: DOCKER_HOST
value: tcp://dind.nectar:2375
---
kind: Service
apiVersion: v1
metadata:
name: kapi
namespace: nectar
labels:
app: kapi
core: "true"
spec:
type: ClusterIP
selector:
app: kapi
ports:
- protocol: TCP
port: 5000
targetPort: 5000
---
# ------------------ DIND DEP AND SVC----------------------
apiVersion: apps/v1
kind: Deployment
metadata:
name: dind
namespace: nectar
labels:
app: dind
core: "false"
spec:
replicas: 1
selector:
matchLabels:
app: dind
template:
metadata:
namespace: nectar
labels:
app: dind
spec:
serviceAccountName: nectar
containers:
- name: dind
image: docker:18.05-dind
securityContext:
privileged: true
volumeMounts:
- name: dind-storage
mountPath: /var/lib/docker
volumes:
- name: dind-storage
emptyDir: {}
---
kind: Service
apiVersion: v1
metadata:
name: dind
namespace: nectar
labels:
app: dind
core: "false"
spec:
type: ClusterIP
selector:
app: dind
ports:
- protocol: TCP
port: 2375
targetPort: 2375
---
# ------------------ FRONTEND DEP AND SVC----------------------
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: nectar
labels:
app: frontend
core: "true"
spec:
replicas: 1
selector:
matchLabels:
app: frontend
template:
metadata:
namespace: nectar
labels:
app: frontend
spec:
containers:
- name: main
image: xnectar/frontend:latest
imagePullPolicy: 'Always'
---
kind: Service
apiVersion: v1
metadata:
name: frontend
namespace: nectar
labels:
app: frontend
core: "true"
spec:
type: ClusterIP
selector:
app: frontend
ports:
- protocol: TCP
port: 80
targetPort: 80
You can’t perform that action at this time.