MngomaLab/automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev
automation/kubernetes-templates/semaphoreui.yml
Khwezi db32982c30 Reconfigured semaphore secrets
2026-04-12 14:19:28 +02:00

199 lines
6.4 KiB
YAML
Raw Permalink Blame History

---
apiVersion: v1
kind: Namespace
metadata:
name: semaphore
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: semaphore-sa
namespace: semaphore
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: semaphore-role
namespace: semaphore
rules:
- apiGroups: [""]
resources: ["pods", "secrets", "configmaps"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: semaphore-rb
namespace: semaphore
subjects:
- kind: ServiceAccount
name: semaphore-sa
namespace: semaphore
roleRef:
kind: Role
name: semaphore-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: semaphore-data-pvc
namespace: semaphore
spec:
accessModes:
- ReadWriteMany
storageClassName: nfs-storage
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: Secret
metadata:
name: semaphore-secrets
namespace: semaphore
type: Opaque
data:
db-password: c2VYbk42RGt1cFJaN0Y=
admin-password: QmxhY2tzdGFyMkBob21l
access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE=
id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K
id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4K
---
apiVersion: v1
kind: ConfigMap
metadata:
name: semaphore-configs
namespace: semaphore
data:
SEMAPHORE_DB_USER: "semaphore_user"
SEMAPHORE_DB_HOST: "192.168.1.170"
SEMAPHORE_DB_NAME: "semaphore"
SEMAPHORE_ADMIN_USERNAME: "khwezi"
SEMAPHORE_ADMIN_EMAIL: "khwezi@litecharms.co.za"
SEMAPHORE_SCHEDULE_TIMEZONE: "Africa/Johannesburg"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: semaphore
namespace: semaphore
spec:
replicas: 1
selector:
matchLabels:
app: semaphore
template:
metadata:
labels:
app: semaphore
spec:
serviceAccountName: semaphore-sa
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
hostAliases:
- ip: "169.255.58.144"
hostnames:
- "gitea.khongisa.co.za"
securityContext:
runAsUser: 1001
fsGroup: 1001
fsGroupChangePolicy: "Always"
initContainers:
- name: fix-ssh-permissions
image: busybox:latest
# We ensure the directory exists and has 700.
# We don't touch the files yet because they are mounted by the main container.
command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chmod 700 /home/semaphore/.ssh"]
volumeMounts:
- name: semaphore-persistent-storage
mountPath: /home/semaphore
containers:
- name: semaphore
image: semaphoreui/semaphore:latest
ports:
- containerPort: 3000
name: http
resources:
requests:
cpu: "200m"
memory: "512Mi"
limits:
cpu: "1"
memory: "1Gi"
env:
- name: SEMAPHORE_DB_DIALECT
value: "postgres"
- name: SEMAPHORE_DB_PORT
value: "5432"
- name: SEMAPHORE_DB_USER
valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_USER } }
- name: SEMAPHORE_DB_HOST
valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_HOST } }
- name: SEMAPHORE_DB
valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_NAME } }
- name: SEMAPHORE_ADMIN
valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_USERNAME } }
- name: SEMAPHORE_ADMIN_NAME
valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_USERNAME } }
- name: SEMAPHORE_ADMIN_EMAIL
valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_EMAIL } }
- name: SEMAPHORE_SCHEDULE_TIMEZONE
valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_SCHEDULE_TIMEZONE } }
- name: SEMAPHORE_DB_PASS
valueFrom: { secretKeyRef: { name: semaphore-secrets, key: db-password } }
- name: SEMAPHORE_ADMIN_PASSWORD
valueFrom: { secretKeyRef: { name: semaphore-secrets, key: admin-password } }
- name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
valueFrom: { secretKeyRef: { name: semaphore-secrets, key: access-key-encryption } }
volumeMounts:
- name: semaphore-persistent-storage
mountPath: /home/semaphore
- name: semaphore-persistent-storage
mountPath: /tmp/semaphore
subPath: tmp
- name: ssh-keys-volume
mountPath: /home/semaphore/.ssh/id_ed25519
subPath: id_ed25519
readOnly: true
- name: ssh-keys-volume
mountPath: /home/semaphore/.ssh/id_ed25519.pub
subPath: id_ed25519.pub
readOnly: true
volumes:
- name: semaphore-persistent-storage
persistentVolumeClaim:
claimName: semaphore-data-pvc
- name: ssh-keys-volume
secret:
secretName: semaphore-secrets
defaultMode: 384 # 0600
items:
- key: id_ed25519
path: id_ed25519
- key: id_ed25519.pub
path: id_ed25519.pub
---
apiVersion: v1
kind: Service
metadata:
name: semaphore-service
namespace: semaphore
spec:
type: NodePort
selector:
app: semaphore
ports:
- name: http
protocol: TCP
port: 3000
targetPort: 3000
nodePort: 31011
Reference in New Issue View Git Blame Copy Permalink