lnmch/kops-arm64
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ecf60cfb5df21738d8e3c41ff7467e79880234c4
kops-arm64/openshift/deploy-with-oauth-proxy/deployment.yaml
Armin Kunaschik b79285b4fb Added Openshift example deployments
2023-05-22 01:11:41 +02:00

116 lines
3.4 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
labels:
application: kube-ops-view
component: frontend
name: kube-ops-view
spec:
replicas: 1
selector:
matchLabels:
application: kube-ops-view
component: frontend
template:
metadata:
labels:
application: kube-ops-view
component: frontend
spec:
serviceAccountName: kube-ops-view
containers:
- name: service
# see https://github.com/hjacobs/kube-ops-view/releases
image: hjacobs/kube-ops-view:23.5.0
args:
# remove this option to use built-in memory store
- --redis-url=redis://kube-ops-view-redis:6379
# example to add external links for nodes and pods
# - --node-link-url-template=https://kube-web-view.example.org/clusters/{cluster}/nodes/{name}
# - --pod-link-url-template=https://kube-web-view.example.org/clusters/{cluster}/namespaces/{namespace}/pods/{name}
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 5
resources:
limits:
cpu: 750m
memory: 512Mi
requests:
cpu: 500m
memory: 512Mi
securityContext:
readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
- name: oauth-proxy
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: registry.redhat.io/openshift4/ose-oauth-proxy:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
name: public
args:
- --https-address=:8443
- --provider=openshift
- --openshift-service-account=kube-ops-view
- '-openshift-sar={"namespace":"$(MY_POD_NAMESPACE)","resource": "namespaces", "verb": "get"}'
- --upstream=http://localhost:8080
- --tls-cert=/etc/tls/private/tls.crt
- --tls-key=/etc/tls/private/tls.key
- --client-secret-file=/var/run/secrets/kubernetes.io/serviceaccount/token
- --openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
- --openshift-ca=/etc/pki/tls/cert.pem
- --cookie-secret=dGVzdGNvb2tpZQo=
- -skip-provider-button
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 100m
memory: 256Mi
livenessProbe:
httpGet:
path: /oauth/healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 60
failureThreshold: 60
periodSeconds: 10
timeoutSeconds: 10
readinessProbe:
httpGet:
path: /oauth/healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 5
failureThreshold: 20
periodSeconds: 10
timeoutSeconds: 5
volumeMounts:
- mountPath: /etc/tls/private
name: proxy-tls
volumes:
- name: proxy-tls
secret:
secretName: proxy-tls
Reference in New Issue View Git Blame Copy Permalink