ondrejmo/speed.yml

## speed.yml
---

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: speed

spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: speed
  policyTypes:
    - Egress
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: kube-system
          podSelector:
            matchLabels:
              app.kubernetes.io/name: traefik
      ports:
        - protocol: TCP
          port: 80

---

apiVersion: v1
kind: Service
metadata:
  name: speed

spec:
  selector:
    app.kubernetes.io/name: speed
  ports:
    - name: http
      port: 80

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: speed

spec:
  replicas: 1
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: speed
  template:
    metadata:
      labels:
        app.kubernetes.io/name: speed
    spec:
      automountServiceAccountToken: false
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                topologyKey: kubernetes.io/hostname
                labelSelector:
                  matchExpressions:
                    - {key: app.kubernetes.io/name, operator: In, values: [speed]}
      initContainers:
        # DISCLAIMER: workarround for my lack of IPv6 support
        - name: speed-init
          image: lscr.io/linuxserver/librespeed:5.3.2-ls193
          command: [ /bin/bash, -c ]
          args:
            - grep -v '\[::\]' /defaults/nginx/site-confs/default.conf.sample | tee /temp/default.conf;
          resources:
            requests:
              cpu: 5m
              memory: 32Mi
          volumeMounts:
            - name: temp
              mountPath: /temp
      containers:
        - name: speed
          image: lscr.io/linuxserver/librespeed:5.3.2-ls193
          resources:
            requests:
              cpu: 5m
              memory: 32Mi
          ports:
            - name: http
              containerPort: 80
          env:
            - name: TZ
              value: Europe/Prague
          volumeMounts:
            - name: temp
              mountPath: /config/nginx/site-confs/default.conf
              subPath: default.conf
              readOnly: true
      volumes:
        - name: temp
          emptyDir: {}

---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: speed

spec:
  commonName: speed.home.arpa
  dnsNames:
    - speed.home.arpa
  secretName: speed-certificate
  issuerRef:
    name: trusted-ca
    kind: ClusterIssuer

---

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: speed
  annotations:
    link.argocd.argoproj.io/external-link: https://speed.home.arpa

spec:
  entryPoints:
    - websecure

  routes:
    - match: Host(`speed.home.arpa`)
      kind: Rule
      services:
        - name: speed
          port: 80

  tls:
    secretName: speed-certificate
	---

	apiVersion: networking.k8s.io/v1
	kind: NetworkPolicy
	metadata:
	name: speed

	spec:
	podSelector:
	matchLabels:
	app.kubernetes.io/name: speed
	policyTypes:
	- Egress
	- Ingress
	ingress:
	- from:
	- namespaceSelector:
	matchLabels:
	kubernetes.io/metadata.name: kube-system
	podSelector:
	matchLabels:
	app.kubernetes.io/name: traefik
	ports:
	- protocol: TCP
	port: 80

	---

	apiVersion: v1
	kind: Service
	metadata:
	name: speed

	spec:
	selector:
	app.kubernetes.io/name: speed
	ports:
	- name: http
	port: 80

	---

	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: speed

	spec:
	replicas: 1
	revisionHistoryLimit: 3
	selector:
	matchLabels:
	app.kubernetes.io/name: speed
	template:
	metadata:
	labels:
	app.kubernetes.io/name: speed
	spec:
	automountServiceAccountToken: false
	affinity:
	podAntiAffinity:
	preferredDuringSchedulingIgnoredDuringExecution:
	- weight: 100
	podAffinityTerm:
	topologyKey: kubernetes.io/hostname
	labelSelector:
	matchExpressions:
	- {key: app.kubernetes.io/name, operator: In, values: [speed]}
	initContainers:
	# DISCLAIMER: workarround for my lack of IPv6 support
	- name: speed-init
	image: lscr.io/linuxserver/librespeed:5.3.2-ls193
	command: [ /bin/bash, -c ]
	args:
	- grep -v '\[::\]' /defaults/nginx/site-confs/default.conf.sample \| tee /temp/default.conf;
	resources:
	requests:
	cpu: 5m
	memory: 32Mi
	volumeMounts:
	- name: temp
	mountPath: /temp
	containers:
	- name: speed
	image: lscr.io/linuxserver/librespeed:5.3.2-ls193
	resources:
	requests:
	cpu: 5m
	memory: 32Mi
	ports:
	- name: http
	containerPort: 80
	env:
	- name: TZ
	value: Europe/Prague
	volumeMounts:
	- name: temp
	mountPath: /config/nginx/site-confs/default.conf
	subPath: default.conf
	readOnly: true
	volumes:
	- name: temp
	emptyDir: {}

	---

	apiVersion: cert-manager.io/v1
	kind: Certificate
	metadata:
	name: speed

	spec:
	commonName: speed.home.arpa
	dnsNames:
	- speed.home.arpa
	secretName: speed-certificate
	issuerRef:
	name: trusted-ca
	kind: ClusterIssuer

	---

	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: speed
	annotations:
	link.argocd.argoproj.io/external-link: https://speed.home.arpa

	spec:
	entryPoints:
	- websecure

	routes:
	- match: Host(`speed.home.arpa`)
	kind: Rule
	services:
	- name: speed
	port: 80

	tls:
	secretName: speed-certificate