--- apiVersion: v1 kind: Namespace metadata: name: semaphore --- apiVersion: v1 kind: ServiceAccount metadata: name: semaphore-sa namespace: semaphore --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: semaphore-role namespace: semaphore rules: - apiGroups: [""] resources: ["pods", "secrets", "configmaps"] verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: semaphore-rb namespace: semaphore subjects: - kind: ServiceAccount name: semaphore-sa namespace: semaphore roleRef: kind: Role name: semaphore-role apiGroups: rbac.authorization.k8s.io --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: semaphore-data-pvc namespace: semaphore spec: accessModes: - ReadWriteMany storageClassName: nfs-storage resources: requests: storage: 5Gi --- apiVersion: v1 kind: Secret metadata: name: semaphore-secrets namespace: semaphore type: Opaque data: db-password: c2VYbk42RGt1cFJaN0Y= admin-password: QmxhY2tzdGFyMkBob21l access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE= id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0= id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4= --- apiVersion: v1 kind: ConfigMap metadata: name: semaphore-configs namespace: semaphore data: SEMAPHORE_DB_USER: "semaphore_user" SEMAPHORE_DB_HOST: "192.168.1.170" SEMAPHORE_DB_NAME: "semaphore" SEMAPHORE_ADMIN_USERNAME: "khwezi" SEMAPHORE_ADMIN_EMAIL: "khwezi@litecharms.co.za" SEMAPHORE_SCHEDULE_TIMEZONE: "Africa/Johannesburg" --- apiVersion: apps/v1 kind: Deployment metadata: name: semaphore namespace: semaphore spec: replicas: 1 selector: matchLabels: app: semaphore template: metadata: labels: app: semaphore spec: serviceAccountName: semaphore-sa affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: DoesNotExist hostAliases: - ip: "169.255.58.144" hostnames: - "gitea.khongisa.co.za" securityContext: runAsUser: 1001 fsGroup: 1001 fsGroupChangePolicy: "Always" containers: - name: semaphore image: semaphoreui/semaphore:latest ports: - containerPort: 3000 name: http resources: requests: cpu: "200m" memory: "512Mi" limits: cpu: "1" memory: "1Gi" env: - name: SEMAPHORE_DB_DIALECT value: "postgres" - name: SEMAPHORE_DB_PORT value: "5432" - name: SEMAPHORE_DB_USER valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_USER } } - name: SEMAPHORE_DB_HOST valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_HOST } } - name: SEMAPHORE_DB valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_NAME } } - name: SEMAPHORE_ADMIN valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_USERNAME } } - name: SEMAPHORE_ADMIN_NAME valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_USERNAME } } - name: SEMAPHORE_ADMIN_EMAIL valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_EMAIL } } - name: SEMAPHORE_SCHEDULE_TIMEZONE valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_SCHEDULE_TIMEZONE } } - name: SEMAPHORE_DB_PASS valueFrom: { secretKeyRef: { name: semaphore-secrets, key: db-password } } - name: SEMAPHORE_ADMIN_PASSWORD valueFrom: { secretKeyRef: { name: semaphore-secrets, key: admin-password } } - name: SEMAPHORE_ACCESS_KEY_ENCRYPTION valueFrom: { secretKeyRef: { name: semaphore-secrets, key: access-key-encryption } } volumeMounts: - name: semaphore-persistent-storage mountPath: /home/semaphore - name: semaphore-persistent-storage mountPath: /tmp/semaphore subPath: tmp - name: ssh-keys-volume mountPath: /home/semaphore/.ssh/id_ed25519 subPath: id_ed25519 - name: ssh-keys-volume mountPath: /home/semaphore/.ssh/id_ed25519.pub subPath: id_ed25519.pub volumes: - name: semaphore-persistent-storage persistentVolumeClaim: claimName: semaphore-data-pvc - name: ssh-keys-volume secret: secretName: semaphore-secrets defaultMode: 384 items: - key: id_ed25519 path: id_ed25519 - key: id_ed25519.pub path: id_ed25519.pub --- apiVersion: v1 kind: Service metadata: name: semaphore-service namespace: semaphore spec: type: NodePort selector: app: semaphore ports: - name: http protocol: TCP port: 3000 targetPort: 3000 nodePort: 31011