159 lines
3.1 KiB
YAML
159 lines
3.1 KiB
YAML
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: pgadmin
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: pgadmin-config
|
|
namespace: pgadmin
|
|
data:
|
|
server.email: "khwezi@mngoma.lab"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: pgadmin-secret
|
|
namespace: pgadmin
|
|
type: Opaque
|
|
data:
|
|
server.password: M3pDQTQz
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: pgadmin-sa
|
|
namespace: pgadmin
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: pgadmin-role
|
|
namespace: pgadmin
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods", "services", "persistentvolumeclaims", "configmaps", "secrets"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: pgadmin-rolebinding
|
|
namespace: pgadmin
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: pgadmin-sa
|
|
namespace: pgadmin
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: pgadmin-role
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: pgadmin-pv
|
|
spec:
|
|
capacity:
|
|
storage: 2Gi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: local-pvs
|
|
local:
|
|
path: /home/ansible/k3s/makhiwane/pgadmin
|
|
nodeAffinity:
|
|
required:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/hostname
|
|
operator: In
|
|
values:
|
|
- lead
|
|
persistentVolumeReclaimPolicy: Retain
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: pgadmin-pvc
|
|
namespace: pgadmin
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
storageClassName: local-pvs
|
|
resources:
|
|
requests:
|
|
storage: 2Gi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: pgadmin
|
|
namespace: pgadmin
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: pgadmin
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: pgadmin
|
|
spec:
|
|
serviceAccountName: pgadmin-sa
|
|
securityContext:
|
|
runAsUser: 5050
|
|
runAsGroup: 5050
|
|
fsGroup: 5050
|
|
containers:
|
|
- name: pgadmin
|
|
image: dpage/pgadmin4:latest
|
|
ports:
|
|
- containerPort: 80
|
|
volumeMounts:
|
|
- name: pgadmin-data
|
|
mountPath: /var/lib/pgadmin
|
|
env:
|
|
- name: PGADMIN_DEFAULT_EMAIL
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: pgadmin-config
|
|
key: server.email
|
|
- name: PGADMIN_DEFAULT_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: pgadmin-secret
|
|
key: server.password
|
|
volumes:
|
|
- name: pgadmin-data
|
|
persistentVolumeClaim:
|
|
claimName: pgadmin-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: pgadmin
|
|
namespace: pgadmin
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: pgadmin
|
|
ports:
|
|
- port: 80
|
|
targetPort: 80
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: pgadmin-ingress
|
|
namespace: pgadmin
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`pgadmin.apps.mngoma.lab`)
|
|
kind: Rule
|
|
services:
|
|
- name: pgadmin
|
|
port: 80
|
|
tls: {} |