mirror of
https://github.com/lukaszraczylo/gohoarder.git
synced 2026-07-01 03:26:03 +00:00
fixes
This commit is contained in:
@@ -0,0 +1,54 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: gohoarder-config
|
||||
namespace: default
|
||||
data:
|
||||
config.yaml: |
|
||||
server:
|
||||
host: "0.0.0.0"
|
||||
port: 8080
|
||||
read_timeout: 30s
|
||||
write_timeout: 30s
|
||||
|
||||
cache:
|
||||
max_size_bytes: 10737418240 # 10GB
|
||||
default_ttl: 24h
|
||||
cleanup_interval: 1h
|
||||
|
||||
storage:
|
||||
backend: filesystem
|
||||
path: /var/lib/gohoarder/cache
|
||||
|
||||
metadata:
|
||||
backend: sqlite
|
||||
connection: /var/lib/gohoarder/gohoarder.db
|
||||
|
||||
security:
|
||||
enabled: true
|
||||
providers:
|
||||
- osv
|
||||
- github
|
||||
severity_threshold: medium
|
||||
block_on_vulnerability: false
|
||||
rescan_interval: 24h
|
||||
|
||||
handlers:
|
||||
npm:
|
||||
enabled: true
|
||||
upstream_registry: "https://registry.npmjs.org"
|
||||
|
||||
pypi:
|
||||
enabled: true
|
||||
upstream_index: "https://pypi.org/simple"
|
||||
|
||||
go:
|
||||
enabled: true
|
||||
upstream_proxy: "https://proxy.golang.org"
|
||||
checksum_db: "https://sum.golang.org"
|
||||
# Path to git credentials file (mounted from Secret)
|
||||
git_credentials_file: /etc/gohoarder/git-credentials.json
|
||||
|
||||
logging:
|
||||
level: info
|
||||
format: json
|
||||
@@ -0,0 +1,502 @@
|
||||
# GoHoarder - Kubernetes Deployment (All-in-One)
|
||||
# This manifest deploys all GoHoarder services under a single ingress
|
||||
#
|
||||
# Usage:
|
||||
# kubectl create namespace gohoarder
|
||||
# kubectl apply -f deployment-all-in-one.yaml -n gohoarder
|
||||
#
|
||||
# Prerequisites:
|
||||
# - Kubernetes 1.19+
|
||||
# - Ingress controller (nginx, traefik, etc.)
|
||||
# - Persistent volume provisioner
|
||||
# - Optional: cert-manager for TLS certificates
|
||||
|
||||
---
|
||||
# Namespace
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: namespace
|
||||
|
||||
---
|
||||
# ConfigMap for application configuration
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: gohoarder-config
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: config
|
||||
data:
|
||||
# Add your configuration here or mount from a file
|
||||
# config.yaml: |
|
||||
# server:
|
||||
# port: 8080
|
||||
# ...
|
||||
|
||||
---
|
||||
# PersistentVolumeClaim for cache storage
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: gohoarder-cache
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: storage
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany # Multiple pods can access for scanner + server
|
||||
resources:
|
||||
requests:
|
||||
storage: 100Gi
|
||||
# storageClassName: your-storage-class # Specify your storage class
|
||||
|
||||
---
|
||||
# PersistentVolumeClaim for metadata storage
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: gohoarder-metadata
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: storage
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
# storageClassName: your-storage-class
|
||||
|
||||
---
|
||||
# Deployment - Application Server
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gohoarder-server
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: server
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: server
|
||||
spec:
|
||||
containers:
|
||||
- name: server
|
||||
image: ghcr.io/lukaszraczylo/gohoarder-server:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
- name: metrics
|
||||
containerPort: 9090
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: CONFIG_FILE
|
||||
value: /config/config.yaml
|
||||
- name: STORAGE_BACKEND
|
||||
value: filesystem
|
||||
- name: STORAGE_PATH
|
||||
value: /data/cache
|
||||
- name: DB_PATH
|
||||
value: /data/metadata/gohoarder.db
|
||||
- name: LOG_LEVEL
|
||||
value: info
|
||||
- name: LOG_FORMAT
|
||||
value: json
|
||||
volumeMounts:
|
||||
- name: cache
|
||||
mountPath: /data/cache
|
||||
- name: metadata
|
||||
mountPath: /data/metadata
|
||||
- name: config
|
||||
mountPath: /config
|
||||
readOnly: true
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/local/bin/gohoarder
|
||||
- version
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 8080
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 2Gi
|
||||
volumes:
|
||||
- name: cache
|
||||
persistentVolumeClaim:
|
||||
claimName: gohoarder-cache
|
||||
- name: metadata
|
||||
persistentVolumeClaim:
|
||||
claimName: gohoarder-metadata
|
||||
- name: config
|
||||
configMap:
|
||||
name: gohoarder-config
|
||||
|
||||
---
|
||||
# Service - Application Server
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: gohoarder-server
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: server
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: http
|
||||
port: 8080
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
- name: metrics
|
||||
port: 9090
|
||||
targetPort: metrics
|
||||
protocol: TCP
|
||||
selector:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: server
|
||||
|
||||
---
|
||||
# Deployment - Frontend
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gohoarder-frontend
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: frontend
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: frontend
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: frontend
|
||||
spec:
|
||||
containers:
|
||||
- name: frontend
|
||||
image: ghcr.io/lukaszraczylo/gohoarder-frontend:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: API_BASE_URL
|
||||
value: /api
|
||||
- name: APP_VERSION
|
||||
value: "1.0.0"
|
||||
- name: APP_NAME
|
||||
value: GoHoarder
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 80
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 30
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 80
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 256Mi
|
||||
|
||||
---
|
||||
# Service - Frontend
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: gohoarder-frontend
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: frontend
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
selector:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: frontend
|
||||
|
||||
---
|
||||
# Deployment - Scanner (Optional)
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gohoarder-scanner
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: scanner
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: scanner
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: scanner
|
||||
spec:
|
||||
containers:
|
||||
- name: scanner
|
||||
image: ghcr.io/lukaszraczylo/gohoarder-scanner:latest
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: CONFIG_FILE
|
||||
value: /config/config.yaml
|
||||
- name: SCANNER_MODE
|
||||
value: "true"
|
||||
- name: SCANNER_WORKERS
|
||||
value: "4"
|
||||
- name: LOG_LEVEL
|
||||
value: info
|
||||
volumeMounts:
|
||||
- name: cache
|
||||
mountPath: /data/cache
|
||||
readOnly: true
|
||||
- name: metadata
|
||||
mountPath: /data/metadata
|
||||
- name: config
|
||||
mountPath: /config
|
||||
readOnly: true
|
||||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 1Gi
|
||||
limits:
|
||||
cpu: 2000m
|
||||
memory: 4Gi
|
||||
volumes:
|
||||
- name: cache
|
||||
persistentVolumeClaim:
|
||||
claimName: gohoarder-cache
|
||||
- name: metadata
|
||||
persistentVolumeClaim:
|
||||
claimName: gohoarder-metadata
|
||||
- name: config
|
||||
configMap:
|
||||
name: gohoarder-config
|
||||
|
||||
---
|
||||
# Deployment - Gateway (Nginx Reverse Proxy)
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gohoarder-gateway
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: gateway
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: gateway
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: gateway
|
||||
spec:
|
||||
containers:
|
||||
- name: gateway
|
||||
image: ghcr.io/lukaszraczylo/gohoarder-gateway:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: BACKEND_HOST
|
||||
value: gohoarder-server
|
||||
- name: BACKEND_PORT
|
||||
value: "8080"
|
||||
- name: FRONTEND_HOST
|
||||
value: gohoarder-frontend
|
||||
- name: FRONTEND_PORT
|
||||
value: "80"
|
||||
- name: SERVER_NAME
|
||||
value: hoarder.i.raczylo.com
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 80
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 30
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 80
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 256Mi
|
||||
|
||||
---
|
||||
# Service - Gateway
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: gohoarder-gateway
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: gateway
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
selector:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: gateway
|
||||
|
||||
---
|
||||
# Ingress - Expose via domain
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: gohoarder
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: ingress
|
||||
annotations:
|
||||
# Nginx ingress annotations
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "500m"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
|
||||
# Enable CORS if needed
|
||||
# nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||
# TLS/SSL configuration (uncomment if using cert-manager)
|
||||
# cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
spec:
|
||||
ingressClassName: nginx # Adjust based on your ingress controller
|
||||
rules:
|
||||
- host: hoarder.i.raczylo.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: gohoarder-gateway
|
||||
port:
|
||||
number: 80
|
||||
# Uncomment for HTTPS/TLS
|
||||
# tls:
|
||||
# - hosts:
|
||||
# - hoarder.i.raczylo.com
|
||||
# secretName: gohoarder-tls
|
||||
|
||||
---
|
||||
# HorizontalPodAutoscaler - Server
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: gohoarder-server
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: server
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: gohoarder-server
|
||||
minReplicas: 2
|
||||
maxReplicas: 10
|
||||
metrics:
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 70
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 80
|
||||
|
||||
---
|
||||
# HorizontalPodAutoscaler - Gateway
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: gohoarder-gateway
|
||||
namespace: gohoarder
|
||||
labels:
|
||||
app.kubernetes.io/name: gohoarder
|
||||
app.kubernetes.io/component: gateway
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: gohoarder-gateway
|
||||
minReplicas: 2
|
||||
maxReplicas: 10
|
||||
metrics:
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 70
|
||||
@@ -0,0 +1,104 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: gohoarder
|
||||
namespace: default
|
||||
labels:
|
||||
app: gohoarder
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: gohoarder
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: gohoarder
|
||||
spec:
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
|
||||
containers:
|
||||
- name: gohoarder
|
||||
image: gohoarder:latest
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
|
||||
env:
|
||||
- name: CONFIG_FILE
|
||||
value: /etc/gohoarder/config.yaml
|
||||
|
||||
volumeMounts:
|
||||
# Configuration file
|
||||
- name: config
|
||||
mountPath: /etc/gohoarder/config.yaml
|
||||
subPath: config.yaml
|
||||
readOnly: true
|
||||
|
||||
# Git credentials (pattern-based)
|
||||
- name: git-credentials
|
||||
mountPath: /etc/gohoarder/git-credentials.json
|
||||
subPath: credentials.json
|
||||
readOnly: true
|
||||
|
||||
# Persistent storage for cache
|
||||
- name: cache
|
||||
mountPath: /var/lib/gohoarder/cache
|
||||
|
||||
# Persistent storage for metadata database
|
||||
- name: metadata
|
||||
mountPath: /var/lib/gohoarder
|
||||
|
||||
resources:
|
||||
requests:
|
||||
memory: "512Mi"
|
||||
cpu: "250m"
|
||||
limits:
|
||||
memory: "2Gi"
|
||||
cpu: "1000m"
|
||||
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 3
|
||||
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health/ready
|
||||
port: http
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 3
|
||||
|
||||
volumes:
|
||||
# ConfigMap with application configuration
|
||||
- name: config
|
||||
configMap:
|
||||
name: gohoarder-config
|
||||
|
||||
# Secret with git credentials
|
||||
- name: git-credentials
|
||||
secret:
|
||||
secretName: gohoarder-git-credentials
|
||||
defaultMode: 0400 # Read-only for owner
|
||||
|
||||
# PersistentVolumeClaim for cache
|
||||
- name: cache
|
||||
persistentVolumeClaim:
|
||||
claimName: gohoarder-cache-pvc
|
||||
|
||||
# PersistentVolumeClaim for metadata
|
||||
- name: metadata
|
||||
persistentVolumeClaim:
|
||||
claimName: gohoarder-metadata-pvc
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: gohoarder-cache-pvc
|
||||
namespace: default
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
# Uncomment and set your storage class if needed
|
||||
# storageClassName: fast-ssd
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: gohoarder-metadata-pvc
|
||||
namespace: default
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
# Uncomment and set your storage class if needed
|
||||
# storageClassName: standard
|
||||
@@ -0,0 +1,61 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: gohoarder-git-credentials
|
||||
namespace: default
|
||||
type: Opaque
|
||||
stringData:
|
||||
credentials.json: |
|
||||
{
|
||||
"credentials": [
|
||||
{
|
||||
"pattern": "github.com/mycompany/*",
|
||||
"host": "github.com",
|
||||
"username": "oauth2",
|
||||
"token": "ghp_REPLACE_WITH_YOUR_GITHUB_TOKEN",
|
||||
"fallback": false
|
||||
},
|
||||
{
|
||||
"pattern": "github.com/external-vendor/*",
|
||||
"host": "github.com",
|
||||
"username": "oauth2",
|
||||
"token": "ghp_REPLACE_WITH_VENDOR_TOKEN",
|
||||
"fallback": false
|
||||
},
|
||||
{
|
||||
"pattern": "gitlab.com/backend-team/*",
|
||||
"host": "gitlab.com",
|
||||
"username": "oauth2",
|
||||
"token": "glpat_REPLACE_WITH_GITLAB_TOKEN",
|
||||
"fallback": false
|
||||
},
|
||||
{
|
||||
"pattern": "*",
|
||||
"host": "*",
|
||||
"username": "oauth2",
|
||||
"token": "ghp_REPLACE_WITH_DEFAULT_READONLY_TOKEN",
|
||||
"fallback": true
|
||||
}
|
||||
]
|
||||
}
|
||||
---
|
||||
# Example using External Secrets Operator (ESO)
|
||||
# Uncomment and configure if you're using ESO
|
||||
# apiVersion: external-secrets.io/v1beta1
|
||||
# kind: ExternalSecret
|
||||
# metadata:
|
||||
# name: gohoarder-git-credentials
|
||||
# namespace: default
|
||||
# spec:
|
||||
# refreshInterval: 1h
|
||||
# secretStoreRef:
|
||||
# name: vault-backend # Your SecretStore name
|
||||
# kind: SecretStore
|
||||
# target:
|
||||
# name: gohoarder-git-credentials
|
||||
# creationPolicy: Owner
|
||||
# data:
|
||||
# - secretKey: credentials.json
|
||||
# remoteRef:
|
||||
# key: secret/gohoarder/git-credentials
|
||||
# property: credentials.json
|
||||
@@ -0,0 +1,44 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: gohoarder
|
||||
namespace: default
|
||||
labels:
|
||||
app: gohoarder
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app: gohoarder
|
||||
---
|
||||
# Optional: Ingress for external access
|
||||
# Uncomment and configure based on your ingress controller
|
||||
# apiVersion: networking.k8s.io/v1
|
||||
# kind: Ingress
|
||||
# metadata:
|
||||
# name: gohoarder
|
||||
# namespace: default
|
||||
# annotations:
|
||||
# nginx.ingress.kubernetes.io/proxy-body-size: "500m"
|
||||
# nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
|
||||
# spec:
|
||||
# ingressClassName: nginx
|
||||
# rules:
|
||||
# - host: gohoarder.example.com
|
||||
# http:
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
# backend:
|
||||
# service:
|
||||
# name: gohoarder
|
||||
# port:
|
||||
# name: http
|
||||
# tls:
|
||||
# - hosts:
|
||||
# - gohoarder.example.com
|
||||
# secretName: gohoarder-tls
|
||||
Reference in New Issue
Block a user