Khwezi Mngoma
203 lines
6.8 KiB
YAML
203 lines
6.8 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: midrandbooksapi-uat
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: midrandbooksapi-config
|
|
namespace: midrandbooksapi-uat
|
|
data:
|
|
ASPNETCORE_ENVIRONMENT: "Development"
|
|
ASPNETCORE_URLS: "http://0.0.0.0:8080"
|
|
Monitoring__Address: "http://aspire-dashboard-service.aspire.svc.cluster.local:18889"
|
|
Monitoring__ServiceName: "MidrandBooksApi.Uat"
|
|
HasherSettings__MinHashLength: "11"
|
|
BookshopS3Settings__ServiceUrl: "http://garage.garage.svc.cluster.local:3900"
|
|
BookshopS3Settings__Region: "garage"
|
|
BookshopS3Settings__BucketName: "bookshop"
|
|
BookshopS3Settings__CdnBaseUrl: "https://bookshop.cdn.khongisa.co.za"
|
|
ValidPayfastHosts__0: "www.payfast.co.za"
|
|
ValidPayfastHosts__1: "sandbox.payfast.co.za"
|
|
ValidPayfastHosts__2: "w1w.payfast.co.za"
|
|
ValidPayfastHosts__3: "w2w.payfast.co.za"
|
|
ValidPayfastHosts__4: "ips.payfast.co.za"
|
|
ValidPayfastHosts__5: "api.payfast.co.za"
|
|
ValidPayfastHosts__6: "payment.payfast.io"
|
|
AuthentikSettings__Authority: "https://id.khongisa.co.za/application/o/midrand-books-api-uat/"
|
|
AuthentikSettings__IntrospectionEndpoint: "https://id.khongisa.co.za/application/o/introspect/"
|
|
AuthentikSettings__RequiredClaimName: "scope"
|
|
AuthentikSettings__RequiredClaimNameValue: "openid"
|
|
AuthentikSettings__RequireHttpsMetadata: "true"
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: midrandbooksapi-secrets
|
|
namespace: midrandbooksapi-uat
|
|
type: Opaque
|
|
data:
|
|
connection-string: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPW1pZHJhbmRzaG9wLWRldjtVc2VybmFtZT1taWRyYW5kc2hvcC1kZXYtdXNlcjtQYXNzd29yZD1hUFh5a0tnM3RTOWNtRDtQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZQ==
|
|
connection-string-quartz: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPXNjaGVkdWxlci1kZXY7VXNlcm5hbWU9c2NoZWR1bGVyLWRldi11c2VyO1Bhc3N3b3JkPWtWVm1vV0tKM3h6Z1FYO1BlcnNpc3QgU2VjdXJpdHkgSW5mbz1UcnVl
|
|
aspire-apikey: bWMzRzYzSzJqNVpPRXNpMEFqTW9qTFRYbTFLRVpGY3R6SUlqU3dEaVRHdXQ4cUdTa1B1V3d4R1AxUmJzY0pVbw==
|
|
hasher-salt: VEdsbmFIUWdRMmhoY20xekxDQk5hV1J5WVc1a1FtOXZhM01nYldGclpTQnNiM1J6SUc5bUlHMXZibVY1SUdGdVpDQmhjbVVnWVNCemRXTmpaWE56Wm5Wc0lIWnBjbUZzSUhOMGIzSjVJR2x1SUZOdmRYUm9JRUZtY21sallRPT0=
|
|
hasher-payfastpassphrase: OUdBSVIwdFdwaFgwcU8=
|
|
bookshop-s3-accesskey: R0s1MTRkMmNlOGRjNjkyMzdhMDVjMDFlZWY=
|
|
bookshop-s3-secretkey: ZWFhZmVkYTFhZWQ0MDllY2ZlNjA3MTRlY2RhNTQ5YjgyYmRmNWEzZGFmOWYxOGRkNjFmNjZiNDk3M2E2NDgyZQ==
|
|
authentik-clientid: aTZ5Z3I4NEhsbmh4RllxTEpWSjJIaGRsVnJPWUU0UG51clQ1Y1BRVw==
|
|
authentik-clientsecret: dHZQVU0zVnFmazJzcmE5OXM5bE4zWWxpMHlsYUdUNnZiUUJxZkg3S3ZTSWJUZUo2ZFpHQjEyTlc0TXhxRERXSmV4UDd2WGZqVEFadFIzajNpdkQ2Y1RKcjV4UTlTNHJwRm5TZlk0Rmk2OVJOd1J2S0hqOGhWcmQzd29icTZPREc=
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: midrandbooksapi-pvc
|
|
namespace: midrandbooksapi-uat
|
|
spec:
|
|
accessModes: ["ReadWriteMany"]
|
|
storageClassName: nfs-storage
|
|
resources:
|
|
requests:
|
|
storage: 2Gi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: midrandbooks-api
|
|
namespace: midrandbooksapi-uat
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app: midrandbooks-api
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: midrandbooks-api
|
|
spec:
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: DoesNotExist
|
|
containers:
|
|
- name: midrandbooks-api
|
|
image: nexus.khongisa.co.za/midrandbooks-api:latest
|
|
imagePullPolicy: Always
|
|
resources:
|
|
limits:
|
|
memory: "512Mi"
|
|
cpu: "500m"
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "100m"
|
|
ports:
|
|
- containerPort: 8080
|
|
envFrom:
|
|
- configMapRef:
|
|
name: midrandbooksapi-config
|
|
env:
|
|
- name: AuthentikSettings__ClientId
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: midrandbooksapi-secrets
|
|
key: authentik-clientid
|
|
- name: AuthentikSettings__ClientSecret
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: midrandbooksapi-secrets
|
|
key: authentik-clientsecret
|
|
- name: BookshopS3Settings__AccessKey
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: midrandbooksapi-secrets
|
|
key: bookshop-s3-accesskey
|
|
- name: BookshopS3Settings__SecretKey
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: midrandbooksapi-secrets
|
|
key: bookshop-s3-secretkey
|
|
- name: HasherSettings__Salt
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: midrandbooksapi-secrets
|
|
key: hasher-salt
|
|
- name: HasherSettings__PayfastPassphrase
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: midrandbooksapi-secrets
|
|
key: hasher-payfastpassphrase
|
|
- name: ConnectionStrings__PostgresScheduler
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: midrandbooksapi-secrets
|
|
key: connection-string-quartz
|
|
- name: ConnectionStrings__PostgresMidrandBooks
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: midrandbooksapi-secrets
|
|
key: connection-string
|
|
- name: Monitoring__ApiKey
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: midrandbooksapi-secrets
|
|
key: aspire-apikey
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /app/wwwroot/content
|
|
resources:
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 8080
|
|
initialDelaySeconds: 3
|
|
periodSeconds: 5
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: midrandbooksapi-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: midrandbooksapi-service
|
|
namespace: midrandbooksapi-uat
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: midrandbooks-api
|
|
ports:
|
|
- name: http
|
|
protocol: TCP
|
|
port: 80
|
|
targetPort: 8080
|
|
---
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: IngressRoute
|
|
metadata:
|
|
name: midrandbooksapi-web-secure
|
|
namespace: midrandbooksapi-uat
|
|
spec:
|
|
entryPoints:
|
|
- websecure
|
|
routes:
|
|
- match: Host(`api.uat.midrandbooks.co.za`)
|
|
kind: Rule
|
|
services:
|
|
- name: midrandbooksapi-service
|
|
port: 80
|
|
sticky:
|
|
cookie:
|
|
name: "lp-sticky-session"
|
|
httpOnly: true
|
|
secure: true
|
|
tls: {} |