1---
2apiVersion: v1
3kind: Namespace
4metadata:
5 name: ${ZED_KUBE_NAMESPACE}
6---
7kind: Service
8apiVersion: v1
9metadata:
10 namespace: ${ZED_KUBE_NAMESPACE}
11 name: zed
12 annotations:
13 service.beta.kubernetes.io/do-loadbalancer-tls-ports: "443"
14 service.beta.kubernetes.io/do-loadbalancer-certificate-id: "${ZED_LOAD_BALANCER_CERT_ID}"
15spec:
16 type: LoadBalancer
17 selector:
18 app: zed
19 ports:
20 - name: web
21 protocol: TCP
22 port: 443
23 targetPort: 8080
24---
25apiVersion: apps/v1
26kind: Deployment
27metadata:
28 namespace: ${ZED_KUBE_NAMESPACE}
29 name: zed
30spec:
31 replicas: 1
32 selector:
33 matchLabels:
34 app: zed
35 template:
36 metadata:
37 labels:
38 app: zed
39 spec:
40 containers:
41 - name: zed
42 image: "${ZED_IMAGE_ID}"
43 ports:
44 - containerPort: 8080
45 protocol: TCP
46 env:
47 - name: HTTP_PORT
48 value: "8080"
49 - name: DATABASE_URL
50 valueFrom:
51 secretKeyRef:
52 name: database
53 key: url
54 - name: SESSION_SECRET
55 valueFrom:
56 secretKeyRef:
57 name: session
58 key: secret
59 - name: GITHUB_APP_ID
60 valueFrom:
61 secretKeyRef:
62 name: github
63 key: appId
64 - name: GITHUB_CLIENT_ID
65 valueFrom:
66 secretKeyRef:
67 name: github
68 key: clientId
69 - name: GITHUB_CLIENT_SECRET
70 valueFrom:
71 secretKeyRef:
72 name: github
73 key: clientSecret
74 - name: GITHUB_PRIVATE_KEY
75 valueFrom:
76 secretKeyRef:
77 name: github
78 key: privateKey
79 securityContext:
80 capabilities:
81 # FIXME - Switch to the more restrictive `PERFMON` capability.
82 # This capability isn't yet available in a stable version of Debian.
83 add: ["SYS_ADMIN"]