ungleich-public
/
ungleich-k8s
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ungleich-k8s/apps/opennebula/templates/deployment.yaml

262 lines
7.0 KiB
YAML
Raw Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}-opennebula
spec:
selector:
matchLabels:
app-inside: {{ .Release.Name }}-opennebula
replicas: 1
strategy:
type: "Recreate"
template:
metadata:
labels:
app: {{ .Release.Name }}
app-inside: {{ .Release.Name }}-opennebula
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
initContainers:
- name: wait-for-cert
image: busybox
command:
- sh
- -c
- until ls /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem; do sleep 2; done
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: sync-opennebula
image: "opennebula/opennebula:{{ .Chart.AppVersion }}"
command:
- rsync
- -av
- /usr/lib/one/sunstone/public/
- /for-nginx
volumeMounts:
- name: tmp
mountPath: "/for-nginx"
containers:
- name: nginx
image: nginx:1.21-alpine
ports:
- containerPort: 443
- containerPort: 2634
volumeMounts:
- name: nginx-config
mountPath: "/etc/nginx/conf.d/"
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
- name: tmp
mountPath: "/usr/share/nginx/html"
- name: memcached
image: "memcached:1.6.10-alpine"
ports:
- name: tcp-11211
containerPort: 11211
protocol: TCP
- name: mysql
image: "mysql:8.0.26"
ports:
- name: tcp-3306
containerPort: 3306
protocol: TCP
env:
- name: MYSQL_ALLOW_EMPTY_PASSWORD
value: "yes"
# - name: MYSQL_ROOT_PASSWORD
# valueFrom:
# secretKeyRef:
# name: {{ .Release.Name }}-mysql-config
# key: PASSWORD
volumeMounts:
- name: mysql-data
mountPath: "/var/lib/mysql/"
subPath: mysql
- name: oned
image: "opennebula/opennebula:{{ .Chart.AppVersion }}"
ports:
- name: tcp-2633
containerPort: 2633
protocol: TCP
volumeMounts:
- name: auth
mountPath: "/root/.one"
- name: opennebula-config
mountPath: "/tmp/one"
command:
- "/bin/sh"
- "-c"
- "cp /tmp/one/oned.conf /etc/one/ && mkdir -p /run/lock/one && sleep 15; oned -f; sleep 86400"
- name: sunstone
image: "opennebula/opennebula:{{ .Chart.AppVersion }}"
ports:
- name: tcp-9869
containerPort: 9869
protocol: TCP
- name: vnc-proxy
containerPort: 29876
protocol: TCP
volumeMounts:
- name: auth
mountPath: "/var/lib/one/.one"
- name: opennebula-config
mountPath: "/tmp/one"
command:
- "/bin/sh"
- "-c"
- "cp /tmp/one/sunstone-server.conf /etc/one/ && mkdir -p /run/lock/one /run/one && sleep 20; ruby /usr/lib/one/sunstone/sunstone-server.rb; sleep 120"
- name: scheduler
image: "opennebula/opennebula:{{ .Chart.AppVersion }}"
command:
- "sh"
- "-c"
- "cp /tmp/one/sched.conf /etc/one/ && /usr/bin/mm_sched"
volumeMounts:
- name: auth
mountPath: "/root/.one"
- name: opennebula-config
mountPath: "/tmp/one"
volumes:
- name: auth
secret:
secretName: {{ .Release.Name }}-one-auth
- name: etcletsencrypt
persistentVolumeClaim:
claimName: {{ .Release.Name}}-letsencrypt-certs
- name: mysql-data
persistentVolumeClaim:
claimName: {{ .Release.Name }}-mysql-data
- name: nginx-config
configMap:
name: {{ .Release.Name }}-nginx-config
- name: opennebula-config
configMap:
name: {{ .Release.Name }}-opennebula-config
- name: tmp
emptyDir: {}
# ---
# apiVersion: batch/v1
# kind: Job
# metadata:
# name: {{ .Release.Name }}-getcert
# spec:
# template:
# metadata:
# labels:
# app: {{ .Release.Name }}-opennebula
# spec:
# restartPolicy: Never
# containers:
# - name: certbot
# image: ungleich/ungleich-certbot
# ports:
# - containerPort: 80
# env:
# - name: DOMAIN
# value: {{ .Values.fqdn }}
# - name: EMAIL
# value: {{ .Values.email }}
# - name: STAGING
# value: {{ .Values.letsencryptStaging }}
# # volumeMounts:
# # - name: etcletsencrypt
# # mountPath: "/etc/letsencrypt"
# # volumes:
# # - name: etcletsencrypt
# # persistentVolumeClaim:
# # claimName: {{ .Release.Name }}-letsencrypt-certs
# backoffLimit: 3
---
apiVersion: v1
kind: Service
metadata:
name: {{ .Release.Name }}
labels:
app: {{ .Release.Name }}
spec:
type: ClusterIP
ports:
- port: 80
protocol: TCP
name: http
- port: 443
protocol: TCP
name: https
- port: 2643
protocol: TCP
name: xmlrpc
selector:
app: {{ .Release.Name }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Release.Name}}-letsencrypt-certs
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 50Mi
storageClassName: rook-cephfs
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ .Release.Name }}-mysql-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.dbsizeingb }}Gi
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-one-auth
stringData:
one_auth: {{ .Values.one_auth }}
sunstone_auth: {{ .Values.sunstone_auth }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Release.Name }}-getcert
spec:
template:
metadata:
labels:
app: {{ .Release.Name }}
spec:
restartPolicy: Never
containers:
- name: certbot
image: ungleich/ungleich-certbot
ports:
- containerPort: 80
env:
- name: DOMAIN
value: "{{ tpl .Values.fqdn . }}"
- name: ONLYGETCERT
value: "yes"
- name: EMAIL
value: "{{ .Values.email }}"
{{ if eq .Values.letsencryptStaging "no" }}
- name: STAGING
value: "no"
{{ end }}
volumeMounts:
- name: etcletsencrypt
mountPath: "/etc/letsencrypt"
volumes:
- name: etcletsencrypt
persistentVolumeClaim:
claimName: {{ .Release.Name }}-letsencrypt-certs
backoffLimit: 3
Reference in New Issue View Git Blame Copy Permalink