From ffb5d9066f63d5ee098e430d567f0e40a4873f50 Mon Sep 17 00:00:00 2001
From: Khwezi <khwezi@mngoma.lab>
Date: Sun, 12 Apr 2026 12:15:48 +0200
Subject: [PATCH] Added the semaphoreui template

---
 kubernetes-templates/semaphoreui.yml | 148 +++++++++++++++++++++++++++
 1 file changed, 148 insertions(+)
 create mode 100644 kubernetes-templates/semaphoreui.yml

diff --git a/kubernetes-templates/semaphoreui.yml b/kubernetes-templates/semaphoreui.yml
new file mode 100644
index 0000000..c48d058
--- /dev/null
+++ b/kubernetes-templates/semaphoreui.yml
@@ -0,0 +1,148 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: semaphore
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: semaphore-data-pvc
+  namespace: semaphore
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: nfs-storage
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: semaphore-secrets
+  namespace: semaphore
+type: Opaque
+data:
+  db-password: c2VYbk42RGt1cFJaN0Y=
+  admin-password: QmxhY2tzdGFyMkBob21l
+  access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE=
+  id_ed25519: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZWQyNTUxOQAAACDnDP06snc4Ci73FOImgNk3Mblsno53hj6XD2SK15dZbAAAAJgel/2wHpf9sAAAAAtzc2gtZWQyNTUxOQAAACDnDP06snc4Ci73FOImgNk3Mblsno53hj6XD2SK15dZbAAAAEBThqcrsWeeUZzEyWVZbhDiJdOEBFXJH85sa1Cc+WWCI+cM/TqydzgKLvcU4iaA2TcxuWyejneGPpcPZIrXl1lsAAAADmtod2V6aUBEQVJLU1VOAQIDBAUGBw==
+  id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNSWklyWGwx bHMgS2h3ZXppQERBUktTVU4K
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: semaphore-configs
+  namespace: semaphore
+data:
+  SEMAPHORE_DB_USER: "semaphore_user"
+  SEMAPHORE_DB_HOST: "192.168.1.170"
+  SEMAPHORE_DB_NAME: "semaphore"
+  SEMAPHORE_ADMIN_USERNAME: "khwezi"
+  SEMAPHORE_ADMIN_EMAIL: "khwezi@litecharms.co.za"
+  SEMAPHORE_SCHEDULE_TIMEZONE: "Africa/Johannesburg"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: semaphore
+  namespace: semaphore
+  labels:
+    app: semaphore
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: semaphore
+  template:
+    metadata:
+      labels:
+        app: semaphore
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: DoesNotExist
+      securityContext:
+        runAsUser: 1001
+        fsGroup: 1001
+      containers:
+        - name: semaphore
+          image: semaphoreui/semaphore:latest
+          ports:
+            - containerPort: 3000
+              name: http
+          resources:
+            requests:
+              cpu: "200m"
+              memory: "512Mi"
+            limits:
+              cpu: "1"
+              memory: "1Gi"
+          env:
+            - name: SEMAPHORE_DB_DIALECT
+              value: "postgres"
+            - name: SEMAPHORE_DB_PORT
+              value: "5432"
+            - name: SEMAPHORE_DB_USER
+              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_USER } }
+            - name: SEMAPHORE_DB_HOST
+              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_HOST } }
+            - name: SEMAPHORE_DB
+              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_NAME } }
+            - name: SEMAPHORE_ADMIN
+              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_USERNAME } }
+            - name: SEMAPHORE_ADMIN_NAME
+              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_USERNAME } }
+            - name: SEMAPHORE_ADMIN_EMAIL
+              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_EMAIL } }
+            - name: SEMAPHORE_SCHEDULE_TIMEZONE
+              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_SCHEDULE_TIMEZONE } }
+            - name: SEMAPHORE_DB_PASS
+              valueFrom: { secretKeyRef: { name: semaphore-secrets, key: db-password } }
+            - name: SEMAPHORE_ADMIN_PASSWORD
+              valueFrom: { secretKeyRef: { name: semaphore-secrets, key: admin-password } }
+            - name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
+              valueFrom: { secretKeyRef: { name: semaphore-secrets, key: access-key-encryption } }
+          volumeMounts:
+            - name: semaphore-tmp
+              mountPath: /tmp/semaphore
+            - name: ssh-keys-volume
+              mountPath: /home/semaphore/.ssh/id_ed25519
+              subPath: id_ed25519
+            - name: ssh-keys-volume
+              mountPath: /home/semaphore/.ssh/id_ed25519.pub
+              subPath: id_ed25519.pub
+      volumes:
+        - name: semaphore-tmp
+          persistentVolumeClaim:
+            claimName: semaphore-data-pvc
+        - name: ssh-keys-volume
+          secret:
+            secretName: semaphore-secrets
+            defaultMode: 384
+            items:
+              - key: id_ed25519
+                path: id_ed25519
+              - key: id_ed25519.pub
+                path: id_ed25519.pub
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: semaphore-service
+  namespace: semaphore
+spec:
+  type: NodePort
+  selector:
+    app: semaphore
+  ports:
+    - name: http
+      protocol: TCP
+      port: 3000
+      targetPort: 3000
+      nodePort: 31011
\ No newline at end of file
-- 
2.47.3