automation/kubernetes-templates/piston.yml

---
apiVersion: v1
kind: Namespace
metadata:
  name: piston
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: piston-sa
  namespace: piston
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: piston-config
  namespace: piston
data:
  piston.domain: "piston.khongisa.co.za"
  piston.rooturl: "https://piston.khongisa.co.za"
---
apiVersion: v1
kind: Secret
metadata:
  name: piston-ui-secret
  namespace: piston
type: Opaque
data:
  password: QmxhY2tzdGFyMkBob21l
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: piston-pvc
  namespace: piston
spec:
  accessModes: ["ReadWriteOnce"]
  storageClassName: nfs-storage
  resources:
    requests:
      storage: 50Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: piston
  namespace: piston
spec:
  replicas: 1
  selector:
    matchLabels:
      app: piston
  template:
    metadata:
      labels:
        app: piston
    spec:
      serviceAccountName: piston-sa
      hostNetwork: false
      hostPID: false
      hostIPC: false
      containers:
      - name: piston
        image: ghcr.io/engineer-man/piston:latest
        securityContext:
          privileged: true
          allowPrivilegeEscalation: true
          runAsNonRoot: false
        ports:
          - containerPort: 2000
        volumeMounts:
          - name: packages
            mountPath: /piston/packages
        resources:
          requests:
            cpu: "500m"
            memory: "1Gi"
          limits:
            cpu: "1"
            memory: "2Gi"
      - name: ui
        image: codercom/code-server:latest
        ports:
          - containerPort: 8080
        resources:
          requests:
            cpu: "500m"
            memory: "1Gi"
          limits:
            cpu: "1"
            memory: "2Gi"
        env:
          - name: PASSWORD
            valueFrom:
              secretKeyRef:
                name: piston-ui-secret
                key: password
        volumeMounts:
          - name: packages
            mountPath: /home/coder/project
      volumes:
        - name: packages
          persistentVolumeClaim:
            claimName: piston-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: piston-service
  namespace: piston
spec:
  type: NodePort
  selector:
    app: piston
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 8080 
      nodePort: 31003