Skip to content

Instantly share code, notes, and snippets.

@veggiemonk veggiemonk/nfs.yaml
Created Aug 20, 2019

Embed
What would you like to do?
---
apiVersion: v1
kind: Service
metadata:
name: atlantis
labels:
app: atlantis
spec:
type: LoadBalancer
loadBalancerIP: ${load_balancer_ip}
externalTrafficPolicy: Local
selector:
app: atlantis
ports:
- name: atlantis-port
port: 443
targetPort: ${atlantis_port}
protocol: TCP
---
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: atlantis-tls
data:
tls.crt: ${tls_cert}
tls.key: ${tls_key}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: github
data:
github_token: ${github_token}
webhook_secret: ${webhook_secret}
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: atlantis
spec:
maxUnavailable: 1
selector:
matchLabels:
app: atlantis
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: atlantis
labels:
app: atlantis
spec:
replicas: ${num_atlantis_pods}
selector:
matchLabels:
app: atlantis
template:
metadata:
labels:
app: atlantis
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 60
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values: ["atlantis"]
topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 10
securityContext:
fsGroup: 1000 # Atlantis group (1000) read/write access to volumes.
containers:
- name: atlantis
image: "${atlantis_container}"
imagePullPolicy: Always
args: ["server"]
ports:
- containerPort: ${atlantis_port}
name: atlantis-port
protocol: TCP
resources:
requests:
cpu: "500m"
memory: "512Mi"
volumeMounts:
- name: atlantis-tls
mountPath: /etc/atlantis/tls
- name: atlantis-data
mountPath: /atlantis-data
env:
- name: ATLANTIS_LOG_LEVEL
value: ${atlantis_log_level}
- name: ATLANTIS_PORT
value: "${atlantis_port}"
- name: ATLANTIS_ATLANTIS_URL
value: https://${load_balancer_ip}
- name: ATLANTIS_GH_TOKEN
valueFrom:
secretKeyRef:
name: github
key: github_token
- name: ATLANTIS_GH_USER
value: ${github_user}
- name: ATLANTIS_GH_WEBHOOK_SECRET
valueFrom:
secretKeyRef:
name: github
key: webhook_secret
- name: ATLANTIS_REPO_WHITELIST
value: ${repo_whitelist}
- name: ATLANTIS_DATA_DIR
value: /atlantis-data
- name: ATLANTIS_REPO_CONFIG_JSON
value: '${atlantis_config}'
- name: ATLANTIS_SSL_CERT_FILE
value: /etc/atlantis/tls/tls.crt
- name: ATLANTIS_SSL_KEY_FILE
value: /etc/atlantis/tls/tls.key
livenessProbe:
httpGet:
path: /healthz
port: ${atlantis_port}
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 60
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /healthz
port: ${atlantis_port}
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 60
volumes:
- name: atlantis-tls
secret:
secretName: atlantis-tls
- name: atlantis-data
persistentVolumeClaim:
claimName: atlantis-nfs
---
apiVersion: v1
kind: Service
metadata:
name: nfs-server
spec:
ports:
- name: nfs
port: 2049
- name: mountd
port: 20048
- name: rpcbind
port: 111
selector:
role: nfs-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfs-server
spec:
replicas: 1
selector:
matchLabels:
role: nfs-server
template:
metadata:
labels:
role: nfs-server
spec:
containers:
- name: nfs-server
image: gcr.io/google_containers/volume-nfs:0.8
ports:
- name: nfs
containerPort: 2049
- name: mountd
containerPort: 20048
- name: rpcbind
containerPort: 111
securityContext:
privileged: true
volumeMounts:
- mountPath: /data
name: nfs-pvc
volumes:
- name: nfs-pvc
gcePersistentDisk:
pdName: ${nfs-disk}
fsType: ext4
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: atlantis-nfs
labels:
name: atlantis-nfs
spec:
capacity:
storage: 5Gi
storageClassName: standard
accessModes:
- ReadWriteMany
nfs:
server: nfs-server.default.svc.cluster.local
path: "/"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: atlantis-nfs
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: atlantis-nfs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.