diff options
| -rw-r--r-- | dns/zones/pydis.wtf.zone/root.yaml | 8 | ||||
| -rw-r--r-- | kubernetes/namespaces/merch/deployment.yaml | 30 | ||||
| -rw-r--r-- | kubernetes/namespaces/merch/ingress.yaml | 37 | ||||
| -rw-r--r-- | kubernetes/namespaces/merch/secrets.yaml | bin | 0 -> 431 bytes | |||
| -rw-r--r-- | kubernetes/namespaces/merch/service.yaml | 12 |
5 files changed, 87 insertions, 0 deletions
diff --git a/dns/zones/pydis.wtf.zone/root.yaml b/dns/zones/pydis.wtf.zone/root.yaml index 452d3e7..9f381a7 100644 --- a/dns/zones/pydis.wtf.zone/root.yaml +++ b/dns/zones/pydis.wtf.zone/root.yaml @@ -104,6 +104,14 @@ metabase: type: CNAME value: linode-lb.box.pydis.wtf. +merch: + octodns: + cloudflare: + proxied: true + ttl: 300 + type: CNAME + value: linode-lb.box.pydis.wtf. + modmail: octodns: cloudflare: diff --git a/kubernetes/namespaces/merch/deployment.yaml b/kubernetes/namespaces/merch/deployment.yaml new file mode 100644 index 0000000..2f72e0d --- /dev/null +++ b/kubernetes/namespaces/merch/deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: thallium-backend + namespace: merch +spec: + replicas: 1 + selector: + matchLabels: + app: thallium-backend + template: + metadata: + labels: + app: thallium-backend + spec: + containers: + - name: thallium-backend + image: ghcr.io/owl-corp/thallium-backend:latest + imagePullPolicy: "Always" + envFrom: + - secretRef: + name: thallium-backend-env + securityContext: + readOnlyRootFilesystem: true + imagePullSecrets: + - name: ghcr-pull-secret + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true diff --git a/kubernetes/namespaces/merch/ingress.yaml b/kubernetes/namespaces/merch/ingress.yaml new file mode 100644 index 0000000..1e74b96 --- /dev/null +++ b/kubernetes/namespaces/merch/ingress.yaml @@ -0,0 +1,37 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" + name: thallium-backend + namespace: merch +spec: + tls: + - hosts: + - "*.owlcorp.uk" + secretName: owlcorp.uk-tls + - hosts: + - "*.pydis.wtf" + secretName: pydis.wtf-tls + rules: + - host: merch.owlcorp.uk + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: thallium-backend-svc + port: + number: 80 + - host: merch.pydis.wtf + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: thallium-backend-svc + port: + number: 80 diff --git a/kubernetes/namespaces/merch/secrets.yaml b/kubernetes/namespaces/merch/secrets.yaml Binary files differnew file mode 100644 index 0000000..9cebeec --- /dev/null +++ b/kubernetes/namespaces/merch/secrets.yaml diff --git a/kubernetes/namespaces/merch/service.yaml b/kubernetes/namespaces/merch/service.yaml new file mode 100644 index 0000000..b516471 --- /dev/null +++ b/kubernetes/namespaces/merch/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: thallium-backend-svc + namespace: merch +spec: + selector: + app: thallium-backend + ports: + - protocol: TCP + port: 80 + targetPort: 8000 |