diff --git a/deploy/base/deploy-elon-staging.yaml b/deploy/base/deploy-elon-staging.yaml new file mode 100644 index 0000000..b4a3eec --- /dev/null +++ b/deploy/base/deploy-elon-staging.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: elon-staging + labels: + app.kubernetes.io/name: elon-staging + app.kubernetes.io/instance: elon-staging +spec: + selector: + matchLabels: + app.kubernetes.io/name: elon-staging + app.kubernetes.io/instance: elon-staging + template: + metadata: + labels: + app.kubernetes.io/name: elon-staging + app.kubernetes.io/instance: elon-staging + spec: + containers: + - image: netfluxio/elon:latest + imagePullPolicy: Always + name: elon-staging + ports: + - name: http + protocol: TCP + containerPort: 8000 + env: + - name: ELON_TWITTER_AUTHORIZE_URL + value: https://twitter.com/i/oauth2/authorize + - name: ELON_TWITTER_TOKEN_URL + value: https://api.twitter.com/2/oauth2/token + - name: ELON_DATABASE_URL + valueFrom: + secretKeyRef: + name: elon-staging-credentials + key: database-url + - name: ELON_SESSION_KEY + valueFrom: + secretKeyRef: + name: elon-staging-credentials + key: session-key + - name: ELON_TWITTER_CLIENT_ID + valueFrom: + secretKeyRef: + name: elon-staging-credentials + key: twitter-client-id + - name: ELON_TWITTER_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: elon-staging-credentials + key: twitter-client-secret + - name: ELON_TWITTER_CALLBACK_URL + valueFrom: + secretKeyRef: + name: elon-staging-credentials + key: twitter-callback-url + - name: ELON_TWITTER_BEARER_TOKEN + valueFrom: + secretKeyRef: + name: elon-staging-credentials + key: twitter-bearer-token + resources: + requests: + memory: "16Mi" + cpu: "20m" + limits: + memory: "32Mi" + cpu: "50m" + livenessProbe: + failureThreshold: 10 + httpGet: + path: / + port: 8000 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 diff --git a/deploy/base/ingress.yaml b/deploy/base/ingress.yaml index 243c86a..b41bb5f 100644 --- a/deploy/base/ingress.yaml +++ b/deploy/base/ingress.yaml @@ -64,3 +64,13 @@ spec: name: drone port: name: http + - host: elon-staging.internal + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: elon-staging + port: + name: http diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index 0d7daec..62481e0 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -87,6 +87,9 @@ resources: - role-drone-runner.yaml - rolebinding-drone-runner.yaml +- deploy-elon-staging.yaml +- svc-elon-staging.yaml + configMapGenerator: - name: gitea-scripts files: diff --git a/deploy/base/svc-elon-staging.yaml b/deploy/base/svc-elon-staging.yaml new file mode 100644 index 0000000..c74e215 --- /dev/null +++ b/deploy/base/svc-elon-staging.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: elon-staging + app.kubernetes.io/name: elon-staging + name: elon-staging +spec: + ports: + - name: http + port: 8000 + protocol: TCP + targetPort: 8000 + selector: + app.kubernetes.io/instance: elon-staging + app.kubernetes.io/name: elon-staging + type: ClusterIP diff --git a/deploy/dev/kustomization.yaml b/deploy/dev/kustomization.yaml index 8b761c5..0d1e376 100644 --- a/deploy/dev/kustomization.yaml +++ b/deploy/dev/kustomization.yaml @@ -71,6 +71,14 @@ secretGenerator: - gitea-client-id=55847c4a-c80e-4e77-ab36-c6d102273115 - gitea-client-secret=IU4cb59RNNLuI9PRkUbldcEQ5wYPEZMBK5s6p7vTdVfe - rpc-secret=f5ec349109bb9bbdf00e4394afd28754 +- name: elon-staging-credentials + literals: + - session-key=secret + - twitter-client-id=foo + - twitter-client-secret=bar + - twitter-callback-url=http://localhost:8000/callback + - twitter-bearer-token=secret + - database-url=postgres://postgres:postgres@dev-db:5432/elon_staging?sslmode=disable patches: # Patch the metrics-server to not require TLS in dev cluster. diff --git a/deploy/prod/ingress.yaml b/deploy/prod/ingress.yaml index e33bf3c..8b83658 100644 --- a/deploy/prod/ingress.yaml +++ b/deploy/prod/ingress.yaml @@ -14,6 +14,7 @@ - element.netflux.io - git.netflux.io - drone.netflux.io + - staging.eloneatsmytweets.com secretName: prod-ingress-tls - op: replace path: /spec/rules/0/host @@ -30,3 +31,6 @@ - op: replace path: /spec/rules/4/host value: drone.netflux.io +- op: replace + path: /spec/rules/5/host + value: staging.eloneatsmytweets.com diff --git a/deploy/prod/kustomization.yaml b/deploy/prod/kustomization.yaml index e5b8371..a29b96d 100644 --- a/deploy/prod/kustomization.yaml +++ b/deploy/prod/kustomization.yaml @@ -60,6 +60,14 @@ secretGenerator: - gitea-client-id=secrets/drone-gitea-client-id - gitea-client-secret=secrets/drone-gitea-client-secret - rpc-secret=secrets/drone-rpc-secret +- name: elon-staging-credentials + files: + - session-key=secrets/elon-staging-session-key + - twitter-client-id=secrets/elon-staging-twitter-client-id + - twitter-client-secret=secrets/elon-staging-twitter-client-secret + - twitter-callback-url=secrets/elon-staging-twitter-callback-url + - twitter-bearer-token=secrets/elon-staging-twitter-bearer-token + - database-url=secrets/elon-staging-database-url patches: # Patch the ingress-nginx deployment to allow it to use a service with a