Skip to content

Instantly share code, notes, and snippets.

@j18e

j18e/configmap.yml

Created December 20, 2017 14:44
Show Gist options
  • Save j18e/23ad2b13b3ce4d38067b10f63aec3346 to your computer and use it in GitHub Desktop.
Save j18e/23ad2b13b3ce4d38067b10f63aec3346 to your computer and use it in GitHub Desktop.
Download ZIP
Concourse on AWS Kubernetes Deployment with HTTPS endpoint
Raw
configmap.yml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: concourse-keys
data:
authorized_worker_keys: |+
ssh-rsa {{public_key_text}} worker-key
session_signing_key: |+
-----BEGIN RSA PRIVATE KEY-----
{{private_key_text}}
-----END RSA PRIVATE KEY-----
tsa_host_key: |+
-----BEGIN RSA PRIVATE KEY-----
{{public_key_text}}
-----END RSA PRIVATE KEY-----
tsa_host_key.pub: |
ssh-rsa {{public_key_text}}
worker_key: |+
-----BEGIN RSA PRIVATE KEY-----
{{public_key_text}}
-----END RSA PRIVATE KEY-----
Raw
services.yml
---
kind: Service
apiVersion: v1
metadata:
name: concourse-ingress
annotations:
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "{{certificate_arn}}"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
spec:
type: LoadBalancer
selector:
app: concourse-web
ports:
- name: https
port: 443
targetPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: concourse-web
spec:
selector:
app: concourse-web
ports:
- port: 8080
name: atc
- port: 2222
name: tsa
Raw
web-deployment.yml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: concourse-web
spec:
replicas: 1
template:
metadata:
labels:
app: concourse-web
spec:
containers:
- name: web
image: concourse/concourse:{{concourse_version}}
args:
- web
- '--basic_auth_username'
- '{{concourse_username}}'
- '--basic_auth_password'
- '{{concourse_password}}'
- '--external_url'
- 'https://{{concourse_server}}'
- '--postgres_data_source'
- '{{postgres_uri}}'
ports:
- containerPort: 8080
name: atc
- containerPort: 2222
name: tsa
volumeMounts:
- name: concourse-keys
mountPath: /concourse-keys
readOnly: true
volumes:
- name: concourse-keys
configMap:
name: concourse-keys
Raw
worker-deployment.yml
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: concourse-worker
spec:
replicas: 1
template:
metadata:
labels:
app: concourse-worker
spec:
containers:
- name: concourse-worker
image: concourse/concourse:{{concourse_version}}
args:
- worker
- --work-dir
- /concourse-work-dir
env:
- name: CONCOURSE_TSA_HOST
value: concourse-web
- name: CONCOURSE_GARDEN_NETWORK
ports: []
securityContext: {privileged: true}
volumeMounts:
- name: concourse-keys
mountPath: /concourse-keys
readOnly: true
- name: concourse-work-dir
mountPath: /concourse-work-dir
volumes:
- name: concourse-keys
configMap:
name: concourse-keys
- name: concourse-work-dir
emptyDir: {}
@j18e
Copy link
Author

j18e commented Dec 20, 2017
edited
Loading

Once the concourse-ingress service is created you can run kubectl get svc concourse-ingress -o yaml and look for the loadbalancer address. Map your external_url DNS name to this loadbalancer and you'll have a complete endpoint!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment