forked from fhuegli/docker-shellinabox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeployment.yaml
130 lines (130 loc) · 2.72 KB
/
deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
apiVersion: v1
kind: Service
metadata:
name: shell-service
namespace: tools
labels:
app: shell
spec:
ports:
- name: http
port: 4200
protocol: TCP
targetPort: 4200
selector:
app: shell
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: shell-deploy
namespace: tools
spec:
selector:
matchLabels:
app: shell
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: shell
spec:
containers:
- name: shell
image: sybex/shellinabox:1.2.${DRONE_BUILD_NUMBER}
env:
- name: SIAB_SSL
value: "false"
- name: SIAB_HOME
valueFrom:
secretKeyRef:
name: shell-cred
key: homedir
- name: SIAB_USER
valueFrom:
secretKeyRef:
name: shell-cred
key: username
- name: SIAB_PASSWORD
valueFrom:
secretKeyRef:
name: shell-cred
key: password
resources:
limits:
cpu: 1000m
memory: 500Mi
requests:
cpu: 100m
memory: 10Mi
ports:
- containerPort: 4200
protocol: TCP
volumeMounts:
- mountPath: /home
name: shell-data
livenessProbe:
httpGet:
path: /
port: 4200
initialDelaySeconds: 300
timeoutSeconds: 30
- image: docker:18.06.3-dind
imagePullPolicy: Always
name: dind
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: true
procMount: Default
readOnlyRootFilesystem: false
runAsNonRoot: false
stdin: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
tty: true
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: shell-data
persistentVolumeClaim:
claimName: shell-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: shell-pvc
namespace: tools
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: shell-ingress
namespace: tools
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- shell.julina.ch
secretName: tls-shell-ingress
rules:
- host: shell.julina.ch
http:
paths:
- path: /
backend:
serviceName: shell-service
servicePort: 4200