--- apiVersion: apps/v1 kind: Deployment metadata: name: {{ .Release.Name }}-opennebula spec: selector: matchLabels: app-inside: {{ .Release.Name }}-opennebula replicas: 1 strategy: type: "Recreate" template: metadata: labels: app: {{ .Release.Name }} app-inside: {{ .Release.Name }}-opennebula annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: initContainers: - name: wait-for-cert image: busybox command: - sh - -c - until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 2; done volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" - name: sync-opennebula image: "opennebula/opennebula:{{ .Chart.AppVersion }}" command: - rsync - -av - /usr/lib/one/sunstone/public/ - /for-nginx volumeMounts: - name: tmp mountPath: "/for-nginx" containers: - name: nginx image: nginx:1.21-alpine ports: - containerPort: 443 - containerPort: 2634 volumeMounts: - name: nginx-config mountPath: "/etc/nginx/conf.d/" - name: etcletsencrypt mountPath: "/etc/letsencrypt" - name: tmp mountPath: "/usr/share/nginx/html" - name: memcached image: "memcached:1.6.10-alpine" ports: - name: tcp-11211 containerPort: 11211 protocol: TCP - name: mysql image: "mysql:8.0.26" ports: - name: tcp-3306 containerPort: 3306 protocol: TCP env: - name: MYSQL_ALLOW_EMPTY_PASSWORD value: "yes" # - name: MYSQL_ROOT_PASSWORD # valueFrom: # secretKeyRef: # name: {{ .Release.Name }}-mysql-config # key: PASSWORD volumeMounts: - name: mysql-data mountPath: "/var/lib/mysql/" subPath: mysql - name: oned image: "opennebula/opennebula:{{ .Chart.AppVersion }}" ports: - name: tcp-2633 containerPort: 2633 protocol: TCP volumeMounts: - name: auth mountPath: "/root/.one" - name: opennebula-config mountPath: "/tmp/one" command: - "/bin/sh" - "-c" - "cp /tmp/one/oned.conf /etc/one/ && mkdir -p /run/lock/one && sleep 15; oned -f; sleep 86400" - name: sunstone image: "opennebula/opennebula:{{ .Chart.AppVersion }}" ports: - name: tcp-9869 containerPort: 9869 protocol: TCP - name: vnc-proxy containerPort: 29876 protocol: TCP volumeMounts: - name: auth mountPath: "/var/lib/one/.one" - name: opennebula-config mountPath: "/tmp/one" command: - "/bin/sh" - "-c" - "cp /tmp/one/sunstone-server.conf /etc/one/ && mkdir -p /run/lock/one /run/one && sleep 20; ruby /usr/lib/one/sunstone/sunstone-server.rb; sleep 120" - name: scheduler image: "opennebula/opennebula:{{ .Chart.AppVersion }}" command: - "sh" - "-c" - "cp /tmp/one/sched.conf /etc/one/ && /usr/bin/mm_sched" volumeMounts: - name: auth mountPath: "/root/.one" - name: opennebula-config mountPath: "/tmp/one" volumes: - name: auth secret: secretName: {{ .Release.Name }}-one-auth - name: etcletsencrypt persistentVolumeClaim: claimName: {{ .Release.Name}}-letsencrypt-certs - name: mysql-data persistentVolumeClaim: claimName: {{ .Release.Name }}-mysql-data - name: nginx-config configMap: name: {{ .Release.Name }}-nginx-config - name: opennebula-config configMap: name: {{ .Release.Name }}-opennebula-config - name: tmp emptyDir: {} # --- # apiVersion: batch/v1 # kind: Job # metadata: # name: {{ .Release.Name }}-getcert # spec: # template: # metadata: # labels: # app: {{ .Release.Name }}-opennebula # spec: # restartPolicy: Never # containers: # - name: certbot # image: ungleich/ungleich-certbot # ports: # - containerPort: 80 # env: # - name: DOMAIN # value: {{ .Values.fqdn }} # - name: EMAIL # value: {{ .Values.email }} # - name: STAGING # value: {{ .Values.letsencryptStaging }} # # volumeMounts: # # - name: etcletsencrypt # # mountPath: "/etc/letsencrypt" # # volumes: # # - name: etcletsencrypt # # persistentVolumeClaim: # # claimName: {{ .Release.Name }}-letsencrypt-certs # backoffLimit: 3 --- apiVersion: v1 kind: Service metadata: name: {{ .Release.Name }} labels: app: {{ .Release.Name }} spec: type: ClusterIP ports: - port: 80 protocol: TCP name: http - port: 443 protocol: TCP name: https - port: 2643 protocol: TCP name: xmlrpc selector: app: {{ .Release.Name }} --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ .Release.Name}}-letsencrypt-certs spec: accessModes: - ReadWriteMany resources: requests: storage: 50Mi storageClassName: rook-cephfs --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ .Release.Name }}-mysql-data spec: accessModes: - ReadWriteOnce resources: requests: storage: {{ .Values.dbsizeingb }}Gi --- apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-one-auth stringData: one_auth: {{ .Values.one_auth }} sunstone_auth: {{ .Values.sunstone_auth }} --- apiVersion: batch/v1 kind: Job metadata: name: {{ .Release.Name }}-getcert spec: template: metadata: labels: app: {{ .Release.Name }} spec: restartPolicy: Never containers: - name: certbot image: ungleich/ungleich-certbot ports: - containerPort: 80 env: - name: DOMAIN value: "{{ tpl .Values.fqdn . }}" - name: ONLYGETCERT value: "yes" - name: EMAIL value: "{{ .Values.email }}" {{ if eq .Values.letsencryptStaging "no" }} - name: STAGING value: "no" {{ end }} volumeMounts: - name: etcletsencrypt mountPath: "/etc/letsencrypt" volumes: - name: etcletsencrypt persistentVolumeClaim: claimName: {{ .Release.Name }}-letsencrypt-certs backoffLimit: 3