diff options
| -rw-r--r-- | kubernetes/namespaces/tooling/ff-bot/README.md | 8 | ||||
| -rw-r--r-- | kubernetes/namespaces/tooling/ff-bot/deployment.yml | 38 | ||||
| -rw-r--r-- | kubernetes/namespaces/tooling/ff-bot/ingress.yml | 25 | ||||
| -rw-r--r-- | kubernetes/namespaces/tooling/ff-bot/secrets.yml | bin | 0 -> 2096 bytes | |||
| -rw-r--r-- | kubernetes/namespaces/tooling/ff-bot/service.yml | 11 |
5 files changed, 82 insertions, 0 deletions
diff --git a/kubernetes/namespaces/tooling/ff-bot/README.md b/kubernetes/namespaces/tooling/ff-bot/README.md new file mode 100644 index 0000000..f1d4ffa --- /dev/null +++ b/kubernetes/namespaces/tooling/ff-bot/README.md @@ -0,0 +1,8 @@ +# Fast-Forward Bot + +We deploy an instance of [ff_bot](https://github.com/jb3/ff_bot) to aid in +repository management. + +See the documentation of the `ff_bot` project for information on deployment and +usage, but it boils down to authorised users (dictated by the repository policy +file) running `/merge` and the bot running a fast-forward merge. diff --git a/kubernetes/namespaces/tooling/ff-bot/deployment.yml b/kubernetes/namespaces/tooling/ff-bot/deployment.yml new file mode 100644 index 0000000..fcc21d2 --- /dev/null +++ b/kubernetes/namespaces/tooling/ff-bot/deployment.yml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ff-bot + namespace: tooling +spec: + replicas: 1 + selector: + matchLabels: + app: ff-bot + template: + metadata: + labels: + app: ff-bot + spec: + containers: + - name: ff-bot + image: ghcr.io/jb3/ff_bot:latest + imagePullPolicy: Always + ports: + - containerPort: 4000 + envFrom: + - secretRef: + name: ff-bot-env + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - name: tmpfs + mountPath: /tmp + securityContext: + fsGroup: 2000 + runAsUser: 1000 + runAsNonRoot: true + volumes: + - name: tmpfs + emptyDir: + medium: Memory + sizeLimit: 500Mi diff --git a/kubernetes/namespaces/tooling/ff-bot/ingress.yml b/kubernetes/namespaces/tooling/ff-bot/ingress.yml new file mode 100644 index 0000000..0c3cb4f --- /dev/null +++ b/kubernetes/namespaces/tooling/ff-bot/ingress.yml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + name: ff-bot + namespace: tooling +spec: + tls: + - hosts: + - "*.pydis.wtf" + secretName: pydis.wtf-tls + rules: + - host: ff-bot.pydis.wtf + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ff-bot + port: + number: 4000 diff --git a/kubernetes/namespaces/tooling/ff-bot/secrets.yml b/kubernetes/namespaces/tooling/ff-bot/secrets.yml Binary files differnew file mode 100644 index 0000000..b14d175 --- /dev/null +++ b/kubernetes/namespaces/tooling/ff-bot/secrets.yml diff --git a/kubernetes/namespaces/tooling/ff-bot/service.yml b/kubernetes/namespaces/tooling/ff-bot/service.yml new file mode 100644 index 0000000..3dcc66a --- /dev/null +++ b/kubernetes/namespaces/tooling/ff-bot/service.yml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: ff-bot + namespace: tooling +spec: + selector: + app: ff-bot + ports: + - port: 4000 + targetPort: 4000 |