ryan/lunarfront-charts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add manager deployment manifests

Browse Source
This commit is contained in:
Ryan Moon
2026-04-03 06:49:58 -05:00
parent bda73afa18
commit 899dc7980f
5 changed files with 187 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
argocd/manager-app.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: manager
namespace: argocd
spec:
project: default
source:
repoURL: ssh://git@git-ssh.lunarfront.tech/ryan/lunarfront-charts.git
targetRevision: main
path: manager
destination:
server: https://kubernetes.default.svc
namespace: manager
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

68
manager/deployment.yaml Normal file
View File

@@ -0,0 +1,68 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: manager
namespace: manager
spec:
replicas: 1
selector:
matchLabels:
app: manager
template:
metadata:
labels:
app: manager
spec:
serviceAccountName: manager
containers:
- name: manager
image: git.lunarfront.tech/ryan/lunarfront-manager:latest
ports:
- containerPort: 3000
env:
- name: PORT
value: "3000"
- name: DO_API_TOKEN
valueFrom:
secretKeyRef:
name: manager-secrets
key: do-api-token
- name: DO_DB_CLUSTER_ID
valueFrom:
secretKeyRef:
name: manager-secrets
key: do-db-cluster-id
- name: GIT_SSH_KEY
valueFrom:
secretKeyRef:
name: manager-secrets
key: git-ssh-key
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: manager-secrets
key: database-url
- name: DOADMIN_DATABASE_URL
valueFrom:
secretKeyRef:
name: manager-secrets
key: doadmin-database-url
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 10
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 5
periodSeconds: 10

26
manager/ingress.yaml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: manager
namespace: manager
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: "173.174.129.105/32"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
ingressClassName: nginx
rules:
- host: manager.lunarfront.tech
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: manager
port:
number: 3000
tls:
- secretName: manager-lunarfront-tech-tls
hosts:
- manager.lunarfront.tech

62
manager/rbac.yaml Normal file
View File

@@ -0,0 +1,62 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: manager
namespace: manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: manager-pgbouncer
namespace: pgbouncer
rules:
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["pgbouncer-config"]
verbs: ["get", "patch"]
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["pgbouncer-userlist"]
verbs: ["get", "patch"]
- apiGroups: ["apps"]
resources: ["deployments"]
resourceNames: ["pgbouncer"]
verbs: ["get", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: manager-pgbouncer
namespace: pgbouncer
subjects:
- kind: ServiceAccount
name: manager
namespace: manager
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: manager-pgbouncer
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: manager-argocd
namespace: argocd
rules:
- apiGroups: ["argoproj.io"]
resources: ["applications"]
verbs: ["get", "create", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: manager-argocd
namespace: argocd
subjects:
- kind: ServiceAccount
name: manager
namespace: manager
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
name: manager-argocd

11
manager/service.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: manager
namespace: manager
spec:
selector:
app: manager
ports:
- port: 3000
targetPort: 3000