automation/kubernetes-templates/semaphoreui.yml

---
apiVersion: v1
kind: Namespace
metadata:
  name: semaphore
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: semaphore-data-pvc
  namespace: semaphore
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs-storage
  resources:
    requests:
      storage: 5Gi
---
apiVersion: v1
kind: Secret
metadata:
  name: semaphore-secrets
  namespace: semaphore
type: Opaque
data:
  db-password: c2VYbk42RGt1cFJaN0Y=
  admin-password: QmxhY2tzdGFyMkBob21l
  access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE=
  id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0=
  id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4=
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: semaphore-configs
  namespace: semaphore
data:
  SEMAPHORE_DB_USER: "semaphore_user"
  SEMAPHORE_DB_HOST: "192.168.1.170"
  SEMAPHORE_DB_NAME: "semaphore"
  SEMAPHORE_ADMIN_USERNAME: "khwezi"
  SEMAPHORE_ADMIN_EMAIL: "khwezi@litecharms.co.za"
  SEMAPHORE_SCHEDULE_TIMEZONE: "Africa/Johannesburg"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: semaphore
  namespace: semaphore
spec:
  replicas: 1
  selector:
    matchLabels:
      app: semaphore
  template:
    metadata:
      labels:
        app: semaphore
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: node-role.kubernetes.io/control-plane
                    operator: DoesNotExist
      hostAliases:
        - ip: "169.255.58.144"
          hostnames:
            - "gitea.khongisa.co.za"
      
      initContainers:
        - name: volume-permissions
          image: busybox:latest
          command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chown -R 1001:1001 /home/semaphore /tmp/semaphore"]
          volumeMounts:
            - name: semaphore-persistent-storage
              mountPath: /home/semaphore
              subPath: home
            - name: semaphore-persistent-storage
              mountPath: /tmp/semaphore
              subPath: tmp

      securityContext:
        runAsUser: 1001
        fsGroup: 1001

      containers:
        - name: semaphore
          image: semaphoreui/semaphore:latest
          ports:
            - containerPort: 3000
              name: http
          resources:
            requests:
              cpu: "200m"
              memory: "512Mi"
            limits:
              cpu: "1"
              memory: "1Gi"
          env:
            - name: SEMAPHORE_DB_DIALECT
              value: "postgres"
            - name: SEMAPHORE_DB_PORT
              value: "5432"
            - name: SEMAPHORE_DB_USER
              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_USER } }
            - name: SEMAPHORE_DB_HOST
              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_HOST } }
            - name: SEMAPHORE_DB
              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_DB_NAME } }
            - name: SEMAPHORE_ADMIN
              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_USERNAME } }
            - name: SEMAPHORE_ADMIN_NAME
              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_USERNAME } }
            - name: SEMAPHORE_ADMIN_EMAIL
              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_ADMIN_EMAIL } }
            - name: SEMAPHORE_SCHEDULE_TIMEZONE
              valueFrom: { configMapKeyRef: { name: semaphore-configs, key: SEMAPHORE_SCHEDULE_TIMEZONE } }
            - name: SEMAPHORE_DB_PASS
              valueFrom: { secretKeyRef: { name: semaphore-secrets, key: db-password } }
            - name: SEMAPHORE_ADMIN_PASSWORD
              valueFrom: { secretKeyRef: { name: semaphore-secrets, key: admin-password } }
            - name: SEMAPHORE_ACCESS_KEY_ENCRYPTION
              valueFrom: { secretKeyRef: { name: semaphore-secrets, key: access-key-encryption } }
          volumeMounts:
            - name: semaphore-persistent-storage
              mountPath: /home/semaphore
              subPath: home
            - name: semaphore-persistent-storage
              mountPath: /tmp/semaphore
              subPath: tmp
            - name: ssh-keys-secret
              mountPath: /home/semaphore/.ssh/id_ed25519
              subPath: id_ed25519
            - name: ssh-keys-secret
              mountPath: /home/semaphore/.ssh/id_ed25519.pub
              subPath: id_ed25519.pub

      volumes:
        - name: semaphore-persistent-storage
          persistentVolumeClaim:
            claimName: semaphore-data-pvc
        - name: ssh-keys-secret
          secret:
            secretName: semaphore-secrets
            defaultMode: 384
            items:
              - key: id_ed25519
                path: id_ed25519
              - key: id_ed25519.pub
                path: id_ed25519.pub
---
apiVersion: v1
kind: Service
metadata:
  name: semaphore-service
  namespace: semaphore
spec:
  type: NodePort
  selector:
    app: semaphore
  ports:
    - name: http
      protocol: TCP
      port: 3000
      targetPort: 3000
      nodePort: 31011