apiVersion: v1 kind: Namespace metadata: name: midrandbooks-uat --- apiVersion: v1 kind: ConfigMap metadata: name: midrandbooks-config namespace: midrandbooks-uat data: ASPNETCORE_ENVIRONMENT: "Development" ASPNETCORE_URLS: "http://0.0.0.0:8443" Monitoring__Address: "http://aspire-dashboard-service.aspire.svc.cluster.local:18889" Monitoring__ServiceName: "MidrandBooks.Uat" HasherSettings__MinHashLength: "11" BookshopS3Settings__ServiceUrl: "http://garage.garage.svc.cluster.local:3900" BookshopS3Settings__Region: "garage" BookshopS3Settings__BucketName: "bookshop" BookshopS3Settings__CdnBaseUrl: "https://bookshop.cdn.khongisa.co.za" PayfastSettings__CheckoutUrl: "https://sandbox.payfast.co.za/eng/process" PayfastSettings__ValidHosts__0: "www.payfast.co.za" PayfastSettings__ValidHosts__1: "sandbox.payfast.co.za" PayfastSettings__ValidHosts__2: "ips.payfast.co.za" PayfastSettings__ValidHosts__3: "api.payfast.co.za" PayfastSettings__ValidHosts__4: "payment.payfast.io" LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za" LiteCharmsSettings__Audience: "midrandbooks-api" LiteCharmsClientSettings__Authority: "https://sts.security.khongisa.co.za" LiteCharmsClientSettings__GrantType: "client_credentials" LiteCharmsClientSettings__Scope: "midrandbooks-api" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: midrandbooks-pvc namespace: midrandbooks-uat spec: accessModes: ["ReadWriteMany"] storageClassName: nfs-storage resources: requests: storage: 2Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: midrandbooks namespace: midrandbooks-uat spec: replicas: 2 revisionHistoryLimit: 0 selector: matchLabels: app: midrandbooks template: metadata: labels: app: midrandbooks spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: DoesNotExist containers: - name: midrandbooks image: nexus.khongisa.co.za/midrandbooks:latest imagePullPolicy: Always resources: limits: memory: "512Mi" cpu: "500m" requests: memory: "256Mi" cpu: "100m" ports: - containerPort: 8443 envFrom: - configMapRef: name: midrandbooks-config - secretRef: name: midrandbooks-secrets env: - name: DataProtection__Certificate valueFrom: secretKeyRef: name: litecharms-certs key: litecharms.pfx - name: DataProtection__Password valueFrom: secretKeyRef: name: litecharms-certs key: passphrase volumeMounts: - name: cluster-certs-volume mountPath: /tmp/litecharms-raw-certs readOnly: true - name: data mountPath: /app/content subPath: bookshop-content lifecycle: postStart: exec: command: - /bin/sh - -c - | cp /tmp/litecharms-raw-certs/litecharms.crt /usr/local/share/ca-certificates/litecharms.crt update-ca-certificates livenessProbe: httpGet: path: /health port: 8443 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 readinessProbe: httpGet: path: /health port: 8443 scheme: HTTP initialDelaySeconds: 3 periodSeconds: 5 volumes: - name: data persistentVolumeClaim: claimName: midrandbooks-pvc - name: cluster-certs-volume secret: secretName: litecharms-certs --- apiVersion: v1 kind: Service metadata: name: midrandbooks-service namespace: midrandbooks-uat spec: ports: - name: https port: 443 targetPort: 8443 selector: app: midrandbooks --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: midrandbooks-web-secure namespace: midrandbooks-uat spec: entryPoints: - websecure routes: - match: Host(`uat.midrandbooks.co.za`) kind: Rule services: - name: midrandbooks-service port: 443 sticky: cookie: name: "lp-sticky-session" httpOnly: true secure: true scheme: http tls: {}