-
Notifications
You must be signed in to change notification settings - Fork 5
/
app.yaml
103 lines (99 loc) · 2.18 KB
/
app.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# [[ Manifest 1 ]]
#
# Our application Deployment
# Keeps four replicas of our app running at all times.
# Replicas are automatically spread throughout the cluster.
#
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sintel
spec:
replicas: 4
selector:
matchLabels:
app: sintel
template:
metadata:
labels:
app: sintel
spec:
containers:
- name: sintel
image: asauber/sintel:latest
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
# [[ Manifest 2 ]]
# Cluster Issuer Manifest
#
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# Email address used for ACME registration
# Be sure to replace with your own email address!
email: example@example.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Name of a secret used to store the ACME account private key
name: letsencrypt-prod
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: nginx
# [[ Manifest 3 ]]
#
# Service for our Deployment.
# Creates an IP address reachable only within the cluster which load-balances
# our application replicas.
#
---
kind: Service
apiVersion: v1
metadata:
name: sintel
spec:
type: ClusterIP
selector:
app: sintel
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
# [[ Manifest 4 ]]
#
# A resource which allows external traffic to reach our app.
# Tells nginx to forward traffic based on a hostname.
# Tells cert-manager to give us a cert.
# Tells external-dns to give us a DNS record.
#
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: sintel-ingress
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: demo1.kubeyboy.com
external-dns.alpha.kubernetes.io/ttl: "5m"
spec:
tls:
- hosts:
- demo1.kubeyboy.com
secretName: sintel-tls
rules:
- host: demo1.kubeyboy.com
http:
paths:
- backend:
serviceName: sintel
servicePort: 80