apiVersion: apps/v1 kind: Deployment metadata: name: radicle spec: replicas: 1 selector: matchLabels: name: radicle template: metadata: labels: name: radicle nginx: backend spec: volumes: - name: storage persistentVolumeClaim: claimName: "radicle-pvc" restartPolicy: Always containers: - name: radicle image: qdii/radicle:latest imagePullPolicy: "Always" env: - name: HOSTNAME value: "radicle.dodges.it" - name: RAD_SEEDING_POLICY value: "allow" - name: RAD_KEYGEN_SEED valueFrom: secretKeyRef: name: radicle key: seed - name: RAD_PASSPHRASE valueFrom: secretKeyRef: name: radicle key: passphrase resources: requests: cpu: "2" ephemeral-storage: "1Gi" memory: "5Gi" limits: cpu: "3" ephemeral-storage: "2Gi" memory: "6Gi" ports: - containerPort: 8776 name: seed protocol: TCP - containerPort: 8080 name: http protocol: TCP volumeMounts: - name: storage mountPath: /home/ubuntu/radicle livenessProbe: httpGet: path: /api/v1 port: http --- apiVersion: v1 kind: Service metadata: name: radicle spec: type: ClusterIP ipFamilyPolicy: SingleStack ipFamilies: - IPv4 selector: name: radicle ports: - protocol: TCP port: 8080 targetPort: 8080 name: http - protocol: TCP port: 8776 targetPort: 8776 name: seed --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: radicle-ingress annotations: cert-manager.io/cluster-issuer: "letsencrypt" acme.cert-manager.io/http01-edit-in-place: "true" nginx.org/client-max-body-size: "500m" nginx.org/proxy-connect-timeout: "60s" nginx.org/proxy-read-timeout: "60s" # Uncomment to allow solving HTTP01 challenge nginx.org/hsts: "true" ingress.kubernetes.io/ssl-redirect: "true" nginx.org/redirect-to-https: "true" spec: tls: - hosts: - radicle.dodges.it secretName: radicle-le-secret rules: - host: radicle.dodges.it http: paths: - path: / pathType: Prefix backend: service: name: radicle port: number: 8080 ingressClassName: nginx --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: radicle-pvc spec: storageClassName: nfs-vrt accessModes: - ReadWriteOnce resources: requests: storage: 50Gi