Add elon-staging manifests

deploy/base/deploy-elon-staging.yaml

@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: elon-staging
+  labels:
+    app.kubernetes.io/name: elon-staging
+    app.kubernetes.io/instance: elon-staging
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: elon-staging
+      app.kubernetes.io/instance: elon-staging
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: elon-staging
+        app.kubernetes.io/instance: elon-staging
+    spec:
+      containers:
+      - image: netfluxio/elon:latest
+        imagePullPolicy: Always
+        name: elon-staging
+        ports:
+        - name: http
+          protocol: TCP
+          containerPort: 8000
+        env:
+        - name: ELON_TWITTER_AUTHORIZE_URL
+          value: https://twitter.com/i/oauth2/authorize
+        - name: ELON_TWITTER_TOKEN_URL
+          value: https://api.twitter.com/2/oauth2/token
+        - name: ELON_DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: elon-staging-credentials
+              key: database-url
+        - name: ELON_SESSION_KEY
+          valueFrom:
+            secretKeyRef:
+              name: elon-staging-credentials
+              key: session-key
+        - name: ELON_TWITTER_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: elon-staging-credentials
+              key: twitter-client-id
+        - name: ELON_TWITTER_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: elon-staging-credentials
+              key: twitter-client-secret
+        - name: ELON_TWITTER_CALLBACK_URL
+          valueFrom:
+            secretKeyRef:
+              name: elon-staging-credentials
+              key: twitter-callback-url
+        - name: ELON_TWITTER_BEARER_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: elon-staging-credentials
+              key: twitter-bearer-token
+        resources:
+          requests:
+            memory: "16Mi"
+            cpu: "20m"
+          limits:
+            memory: "32Mi"
+            cpu: "50m"
+        livenessProbe:
+          failureThreshold: 10
+          httpGet:
+            path: /
+            port: 8000
+            scheme: HTTP
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          timeoutSeconds: 10

deploy/base/ingress.yaml

@@ -64,3 +64,13 @@ spec:
             name: drone
             port:
               name: http
+  - host: elon-staging.internal
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: elon-staging
+            port:
+              name: http

deploy/base/kustomization.yaml

@@ -87,6 +87,9 @@ resources:
 - role-drone-runner.yaml
 - rolebinding-drone-runner.yaml
 
+- deploy-elon-staging.yaml
+- svc-elon-staging.yaml
+
 configMapGenerator:
 - name: gitea-scripts
   files:

deploy/base/svc-elon-staging.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: elon-staging
+    app.kubernetes.io/name: elon-staging
+  name: elon-staging
+spec:
+  ports:
+  - name: http
+    port: 8000
+    protocol: TCP
+    targetPort: 8000
+  selector:
+    app.kubernetes.io/instance: elon-staging
+    app.kubernetes.io/name: elon-staging
+  type: ClusterIP

deploy/dev/kustomization.yaml

@@ -71,6 +71,14 @@ secretGenerator:
   - gitea-client-id=55847c4a-c80e-4e77-ab36-c6d102273115
   - gitea-client-secret=IU4cb59RNNLuI9PRkUbldcEQ5wYPEZMBK5s6p7vTdVfe
   - rpc-secret=f5ec349109bb9bbdf00e4394afd28754
+- name: elon-staging-credentials
+  literals:
+  - session-key=secret
+  - twitter-client-id=foo
+  - twitter-client-secret=bar
+  - twitter-callback-url=http://localhost:8000/callback
+  - twitter-bearer-token=secret
+  - database-url=postgres://postgres:postgres@dev-db:5432/elon_staging?sslmode=disable
 
 patches:
 # Patch the metrics-server to not require TLS in dev cluster.

deploy/prod/ingress.yaml

@@ -14,6 +14,7 @@
       - element.netflux.io
       - git.netflux.io
       - drone.netflux.io
+      - staging.eloneatsmytweets.com
       secretName: prod-ingress-tls
 - op: replace
   path: /spec/rules/0/host
@@ -30,3 +31,6 @@
 - op: replace
   path: /spec/rules/4/host
   value: drone.netflux.io
+- op: replace
+  path: /spec/rules/5/host
+  value: staging.eloneatsmytweets.com

deploy/prod/kustomization.yaml

@@ -60,6 +60,14 @@ secretGenerator:
   - gitea-client-id=secrets/drone-gitea-client-id
   - gitea-client-secret=secrets/drone-gitea-client-secret
   - rpc-secret=secrets/drone-rpc-secret
+- name: elon-staging-credentials
+  files:
+  - session-key=secrets/elon-staging-session-key
+  - twitter-client-id=secrets/elon-staging-twitter-client-id
+  - twitter-client-secret=secrets/elon-staging-twitter-client-secret
+  - twitter-callback-url=secrets/elon-staging-twitter-callback-url
+  - twitter-bearer-token=secrets/elon-staging-twitter-bearer-token
+  - database-url=secrets/elon-staging-database-url
 
 patches:
 # Patch the ingress-nginx deployment to allow it to use a service with a