Skip to content

Instantly share code, notes, and snippets.

@ramytamer

ramytamer/ecr-renew.yml

Last active June 28, 2021 18:49
Show Gist options
  • Save ramytamer/530e5fcc0f7531959f6b2235e99b37df to your computer and use it in GitHub Desktop.
Save ramytamer/530e5fcc0f7531959f6b2235e99b37df to your computer and use it in GitHub Desktop.
Download ZIP
sabeela-k8s
Raw
ecr-renew.yml
# kubectl create secret -n preprod generic ecr-renew-cred \
# --from-literal=REGION=[AWS_REGION] \
# --from-literal=ID=[AWS_ACCESS_KEY] \
# --from-literal=SECRET=[AWS_SECRET]
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: preprod
name: svc-ecr-renew
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: preprod
name: cr-ecr-renew
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "update", "get", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: preprod
name: rb-ecr-renew
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cr-ecr-renew
subjects:
- kind: ServiceAccount
name: svc-ecr-renew
namespace: preprod
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
namespace: preprod
name: cron-ecr-renew
labels:
app: ecr-renew
spec:
schedule: "30 * * * *"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 5
jobTemplate:
spec:
template:
spec:
restartPolicy: OnFailure
serviceAccountName: svc-ecr-renew
containers:
- name: ecr-renew
image: nabsul/k8s-ecr-login-renew:latest
env:
- name: DOCKER_SECRET_NAME
value: ecr-docker-login
- name: TARGET_NAMESPACE
value: preprod
- name: AWS_REGION
valueFrom:
secretKeyRef:
name: ecr-renew-cred
key: REGION
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: ecr-renew-cred
key: ID
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: ecr-renew-cred
key: SECRET
Raw
pv.yml
kind: PersistentVolume
apiVersion: v1
metadata:
name: sabeela-volume
labels:
type: local
spec:
capacity:
storage: 8Gi
hostPath:
path: /mnt/sabeela-vol
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: manual
volumeMode: Filesystem
---
Raw
redis.yml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: redis-pvc
namespace: preprod
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
volumeName: sabeela-volume
storageClassName: manual
volumeMode: Filesystem
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
namespace: preprod
labels:
app: sabeela
component: redis
spec:
replicas: 1
selector:
matchLabels:
app: sabeela
component: redis
strategy:
type: Recreate
template:
metadata:
labels:
app: sabeela
component: redis
spec:
restartPolicy: Always
volumes:
- name: data
persistentVolumeClaim:
claimName: redis-pvc
containers:
- name: redis
image: redis:4.0.9
resources:
limits:
cpu: '2'
memory: 3Gi
livenessProbe:
tcpSocket:
port: 6379
readinessProbe:
tcpSocket:
port: 6379
volumeMounts:
- name: data
mountPath: /data
command:
- redis-server
- --appendonly
- "yes"
---
apiVersion: v1
kind: Service
metadata:
name: sabeela-redis
namespace: preprod
labels:
app: sabeela
component: redis
spec:
ports:
- protocol: TCP
port: 6379
selector:
app: sabeela
component: redis
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment