apiVersion: v1 kind: Namespace metadata: name: polly --- apiVersion: v1 kind: Secret metadata: name: polly-secrets namespace: polly type: Opaque data: admin-password: NElzVGhlTWluZEtpbGxlcg== stringData: postgres-password: "change-this-db-password" database-url: "postgresql://polly:change-this-db-password@postgres:5432/polly" session-secret: "change-this-to-a-random-secret-with-at-least-32-characters" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: postgres-data namespace: polly spec: accessModes: - ReadWriteOnce resources: requests: storage: 8Gi storageClassName: cephfs-hyper --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: polly-uploads namespace: polly spec: accessModes: - ReadWriteOnce resources: requests: storage: 4Gi storageClassName: cephfs-hyper --- apiVersion: apps/v1 kind: Deployment metadata: name: postgres namespace: polly spec: replicas: 1 selector: matchLabels: app: postgres template: metadata: labels: app: postgres spec: containers: - name: postgres image: postgres:16-alpine imagePullPolicy: IfNotPresent env: - name: POSTGRES_DB value: polly - name: POSTGRES_USER value: polly - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: polly-secrets key: postgres-password ports: - name: postgres containerPort: 5432 volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data readinessProbe: exec: command: ["pg_isready", "-U", "polly", "-d", "polly"] initialDelaySeconds: 10 periodSeconds: 5 livenessProbe: exec: command: ["pg_isready", "-U", "polly", "-d", "polly"] initialDelaySeconds: 30 periodSeconds: 10 volumes: - name: postgres-data persistentVolumeClaim: claimName: postgres-data --- apiVersion: v1 kind: Service metadata: name: postgres namespace: polly spec: selector: app: postgres ports: - name: postgres port: 5432 targetPort: 5432 type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: name: polly namespace: polly spec: replicas: 1 selector: matchLabels: app: polly template: metadata: labels: app: polly spec: containers: - name: polly image: manfredsteger/polly:beta imagePullPolicy: IfNotPresent env: - name: DATABASE_URL valueFrom: secretKeyRef: name: polly-secrets key: database-url - name: SESSION_SECRET valueFrom: secretKeyRef: name: polly-secrets key: session-secret - name: APP_URL value: "https://polly.apps.undercloud.dev" - name: VITE_APP_URL value: "https://polly.apps.undercloud.dev" - name: BASE_URL value: "https://polly.apps.undercloud.dev" - name: ADMIN_USERNAME value: "admin" - name: ADMIN_PASSWORD valueFrom: secretKeyRef: name: polly-secrets key: admin-password - name: ADMIN_EMAIL value: "admin@undercloud.dev" - name: SEED_DEMO_DATA value: "true" ports: - name: http containerPort: 5000 volumeMounts: - name: uploads mountPath: /app/uploads #readinessProbe: # httpGet: # path: /api/v1/health # port: 5000 # initialDelaySeconds: 20 # periodSeconds: 10 #livenessProbe: # httpGet: # path: /api/v1/health # port: 5000 # initialDelaySeconds: 40 # periodSeconds: 20 volumes: - name: uploads persistentVolumeClaim: claimName: polly-uploads --- apiVersion: v1 kind: Service metadata: name: polly namespace: polly spec: selector: app: polly type: ClusterIP ipFamilyPolicy: SingleStack ipFamilies: #- IPv6 - IPv4 ports: - name: http port: 80 targetPort: 5000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: polly namespace: polly annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt spec: tls: - hosts: - polly.apps.undercloud.dev secretName: polly-tls rules: - host: polly.apps.undercloud.dev http: paths: - path: / pathType: Prefix backend: service: name: polly port: number: 80