k8s/app.yaml
apiVersion: v1
kind: Namespace
metadata:
name: blueprint
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: blueprint
name: blueprint
namespace: blueprint
spec:
replicas: 1
template:
metadata:
labels:
app: blueprint
spec:
containers:
# - image: docker.pkg.github.com/martinheinz/python-project-blueprint/example:flask
# ^^^^^ https://github.com/containerd/containerd/issues/3291 https://github.com/kubernetes-sigs/kind/issues/870 - image: martinheinz/python-project-blueprint:flask
name: blueprint
imagePullPolicy: Always
ports:
- containerPort: 5000
protocol: TCP
envFrom:
- configMapRef:
name: env-config-blueprint
- secretRef:
name: env-secrets-blueprint
# imagePullSecrets: # In case you are using private registry (see kubectl command at the bottom on how to create regcred)
# - name: regcred
selector:
matchLabels:
app: blueprint
---
apiVersion: v1
kind: ConfigMap
metadata:
name: env-config-blueprint
namespace: blueprint
data: # Example vars that will get picked up by Flask application
FLASK_ENV: development
FLASK_DEBUG: "1"
---
apiVersion: v1
kind: Service
metadata:
name: blueprint
namespace: blueprint
labels:
app: blueprint
spec:
selector:
app: blueprint
ports:
- name: http
targetPort: 5000 # port the container accepts traffic on
port: 443 # port other pods use to access the Service
protocol: TCP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: blueprint-ingress
namespace: blueprint
annotations:
# nginx.ingress.kubernetes.io/auth-tls-secret: tls-secret # https://kubernetes.github.io/ingress-nginx/user-guide/tls/
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
labels:
app: blueprint
spec:
tls:
- hosts:
- localhost
secretName: tls-secret
rules:
- host: localhost
http:
paths:
- path: "/"
backend:
serviceName: blueprint
servicePort: 443
---
# To create secret map for application:
#
# kubectl create secret generic env-secrets-blueprint --from-literal=VAR=VALUE --dry-run -o yaml >> app.yaml && echo "---" >> app.yaml
#
# To create TLS secret
#
# KEY_FILE="blueprint.key"
# CERT_FILE="blueprint.crt"
# HOST="localhost"
# CERT_NAME=tls-secret
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}"
#
# kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE} --dry-run -o yaml >> app.yaml && echo "---" >> app.yaml
#
# kubectl create secret docker-registry regcred --namespace=kube-system --docker-server=docker.pkg.github.com --docker-username=<USERNAME> --docker-password=<GITHUB_REG_TOKEN> --dry-run -o yaml >> app.yaml