treydock/deployment.yaml

## deployment.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: harvest-demo
  namespace: harvesttest
spec:
  selector:
    matchLabels:
      app: harvest-demo
  replicas: 2
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 40%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: harvest-demo
    spec:
      securityContext:
        runAsNonRoot: true
      imagePullSecrets:
      - name: osc-registry
      containers:
      - name: harvest
        image: docker-registry.osc.edu/harvest/http-echo:latest
        imagePullPolicy: Always
        command: ['/http-echo']
        args:
          - "-listen=:8080"
          - "-text=Harvest Demo"
        ports:
        - containerPort: 8080
          name: http
        volumeMounts:
        #- mountPath: /fs/ess/PAS2271
        #  name: project
        - mountPath: /users/PAS2699/harvesttest
          name: home
        - mountPath: /var/run/munge/munge.socket.2
          name: munge-socket
        - mountPath: /etc/slurm
          name: slurm-conf
        livenessProbe:
          httpGet:
            path: /
            port: http
          initialDelaySeconds: 1
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /
            port: http
          initialDelaySeconds: 1
          periodSeconds: 30
        resources:
          limits:
            cpu: 1
            memory: 512Mi
          requests:
            cpu: 500m
            memory: 128Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          seccompProfile:
            type: RuntimeDefault
          privileged: false
          readOnlyRootFilesystem: true
          runAsNonRoot: true
      volumes:
      #- hostPath:
      #    path: /fs/ess/PAS2271
      #    type: Directory
      #  name: project
      - hostPath:
          path: /users/PAS2699/harvesttest
          type: Directory
        name: home
      - hostPath:
          path: /var/run/munge/munge.socket.2
          type: Socket
        name: munge-socket
      - hostPath:
          path: /etc/slurm
          type: Directory
        name: slurm-conf
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: harvest-demo
  name: harvest-demo
  namespace: harvesttest
spec:
  ports:
  - name: harvest-demo
    port: 8080
    protocol: TCP
    targetPort: http
  selector:
    app: harvest-demo
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: harvest-demo
  namespace: harvesttest
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/server-alias: harvest-demo.osc.edu
    nginx.ingress.kubernetes.io/whitelist-source-range: '192.148.247.0/24'
  labels:
    app: harvest-demo
spec:
  rules:
  - host: harvest-demo.k8.osc.edu
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: harvest-demo
            port:
              number: 8080
  tls:
  - hosts:
    - harvest-demo.k8.osc.edu
    - harvest-demo.osc.edu
    secretName: harvest-demo-cert
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: harvest-demo
  namespace: harvesttest
spec:
  podSelector:
    matchLabels:
      app: harvest-demo
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          app.kubernetes.io/name: ingress-nginx
    - namespaceSelector:
        matchLabels:
          app.kubernetes.io/name: prometheus
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: harvest-demo
  namespace: harvesttest
spec:
  minAvailable: 1
  selector:
    matchLabels:
      app: harvest-demo
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: harvest-demo
	namespace: harvesttest
	spec:
	selector:
	matchLabels:
	app: harvest-demo
	replicas: 2
	strategy:
	rollingUpdate:
	maxSurge: 1
	maxUnavailable: 40%
	type: RollingUpdate
	template:
	metadata:
	labels:
	app: harvest-demo
	spec:
	securityContext:
	runAsNonRoot: true
	imagePullSecrets:
	- name: osc-registry
	containers:
	- name: harvest
	image: docker-registry.osc.edu/harvest/http-echo:latest
	imagePullPolicy: Always
	command: ['/http-echo']
	args:
	- "-listen=:8080"
	- "-text=Harvest Demo"
	ports:
	- containerPort: 8080
	name: http
	volumeMounts:
	#- mountPath: /fs/ess/PAS2271
	# name: project
	- mountPath: /users/PAS2699/harvesttest
	name: home
	- mountPath: /var/run/munge/munge.socket.2
	name: munge-socket
	- mountPath: /etc/slurm
	name: slurm-conf
	livenessProbe:
	httpGet:
	path: /
	port: http
	initialDelaySeconds: 1
	periodSeconds: 30
	readinessProbe:
	httpGet:
	path: /
	port: http
	initialDelaySeconds: 1
	periodSeconds: 30
	resources:
	limits:
	cpu: 1
	memory: 512Mi
	requests:
	cpu: 500m
	memory: 128Mi
	securityContext:
	allowPrivilegeEscalation: false
	capabilities:
	drop:
	- ALL
	seccompProfile:
	type: RuntimeDefault
	privileged: false
	readOnlyRootFilesystem: true
	runAsNonRoot: true
	volumes:
	#- hostPath:
	# path: /fs/ess/PAS2271
	# type: Directory
	# name: project
	- hostPath:
	path: /users/PAS2699/harvesttest
	type: Directory
	name: home
	- hostPath:
	path: /var/run/munge/munge.socket.2
	type: Socket
	name: munge-socket
	- hostPath:
	path: /etc/slurm
	type: Directory
	name: slurm-conf
	---
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: harvest-demo
	name: harvest-demo
	namespace: harvesttest
	spec:
	ports:
	- name: harvest-demo
	port: 8080
	protocol: TCP
	targetPort: http
	selector:
	app: harvest-demo
	type: ClusterIP
	---
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: harvest-demo
	namespace: harvesttest
	annotations:
	kubernetes.io/ingress.class: nginx
	cert-manager.io/cluster-issuer: letsencrypt
	nginx.ingress.kubernetes.io/server-alias: harvest-demo.osc.edu
	nginx.ingress.kubernetes.io/whitelist-source-range: '192.148.247.0/24'
	labels:
	app: harvest-demo
	spec:
	rules:
	- host: harvest-demo.k8.osc.edu
	http:
	paths:
	- path: /
	pathType: Prefix
	backend:
	service:
	name: harvest-demo
	port:
	number: 8080
	tls:
	- hosts:
	- harvest-demo.k8.osc.edu
	- harvest-demo.osc.edu
	secretName: harvest-demo-cert
	---
	kind: NetworkPolicy
	apiVersion: networking.k8s.io/v1
	metadata:
	name: harvest-demo
	namespace: harvesttest
	spec:
	podSelector:
	matchLabels:
	app: harvest-demo
	ingress:
	- from:
	- namespaceSelector:
	matchLabels:
	app.kubernetes.io/name: ingress-nginx
	- namespaceSelector:
	matchLabels:
	app.kubernetes.io/name: prometheus
	---
	apiVersion: policy/v1
	kind: PodDisruptionBudget
	metadata:
	name: harvest-demo
	namespace: harvesttest
	spec:
	minAvailable: 1
	selector:
	matchLabels:
	app: harvest-demo