qdii
/
k8s


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
							apiVersion: apps/v1
kind: Deployment
metadata:
  name: radicle
spec:
  replicas: 1
  selector:
    matchLabels:
      name: radicle
  template:
    metadata:
      labels:
        name: radicle
        nginx: backend
    spec:
      volumes:
      - name: storage
        persistentVolumeClaim:
          claimName: "radicle-pvc"
      restartPolicy: Always
      containers:
        - name: radicle
          image: qdii/radicle:latest
          imagePullPolicy: "Always"
          env:
          - name: HOSTNAME
            value: "radicle.dodges.it"
          - name: RAD_SEEDING_POLICY
            value: "allow"
          - name: RAD_KEYGEN_SEED
            valueFrom: 
              secretKeyRef:
                name: radicle
                key: seed
          - name: RAD_PASSPHRASE
            valueFrom: 
              secretKeyRef:
                name: radicle
                key: passphrase
          resources:
            requests:
              cpu: "2"
              ephemeral-storage: "1Gi"
              memory: "5Gi"
            limits:
              cpu: "3"
              ephemeral-storage: "2Gi"
              memory: "6Gi"
          ports:
            - containerPort: 8776
              name: seed
              protocol: TCP
            - containerPort: 8080
              name: http
              protocol: TCP
          volumeMounts:
            - name: storage
              mountPath: /home/ubuntu/radicle
          livenessProbe:
            httpGet:
              path: /api/v1
              port: http
---
apiVersion: v1
kind: Service
metadata:
  name: radicle
spec:
  type: ClusterIP
  ipFamilyPolicy: SingleStack
  ipFamilies:
    - IPv4
  selector:
    name: radicle
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 8080
      name: http
    - protocol: TCP
      port: 8776
      targetPort: 8776
      name: seed
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: radicle-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt"
    acme.cert-manager.io/http01-edit-in-place: "true"
    nginx.org/client-max-body-size: "500m"
    nginx.org/proxy-connect-timeout: "60s"
    nginx.org/proxy-read-timeout: "60s"
    # Uncomment to allow solving HTTP01 challenge
    nginx.org/hsts: "true"
    ingress.kubernetes.io/ssl-redirect: "true"
    nginx.org/redirect-to-https: "true"
spec:
  tls:
  - hosts:
    - radicle.dodges.it
    secretName: radicle-le-secret
  rules:
  - host: radicle.dodges.it
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: radicle
            port:
              number: 8080
  ingressClassName: nginx
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: radicle-pvc
spec:
  storageClassName: nfs-vrt
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi