BorgWarehouse® avec Kubernetes

apiVersion: "v1"
kind: "Namespace"
metadata:
  name: "borgwarehouse"
  labels:
    name: "borgwarehouse"
---
# only if you need credential to pull image
apiVersion: 'v1'
kind: 'Secret'
metadata:
  name: 'dockerregistry'
  namespace: 'borgwarehouse'
type: 'kubernetes.io/dockerconfigjson'
data:
  .dockerconfigjson : your-secret-as-base64-encoded
---
apiVersion: v1
kind: "Secret"
metadata:
  name: "borgwarehouse-secret-envvars"
  namespace: "borgwarehouse"
type: "Opaque"
stringData:
  # Url to reach the IHM service
  NEXTAUTH_URL: "https://your.domain.com"
  NEXTAUTH_SECRET: "your-secret"
  CRONJOB_KEY: your-other-secret
  FQDN: "your.domain.com"
  # Port to reach ssh service
  SSH_SERVER_PORT: "your-exposed-ssh-port"
---
apiVersion: "v1"
kind: "PersistentVolumeClaim"
# in regards your cloud configuration

# 4 volumes - for config, /etc/ssh & ~/.ssh you could set to 1Mi
#             && repos set to (WyW)Gi
#  accessModes:
#    - "ReadWriteOnce"
#  resources:
#    requests:
#      storage: "1Mi"
---
# Adapt to your needs
apiVersion: "v1"
kind: "LimitRange"
metadata:
  name: "limitrange-borgwarehouse"
  namespace: "borgwarehouse"
spec:
  limits:
    - default:
        cpu: "1500m"
        memory: "800Mi"
      defaultRequest:
        cpu: "10m"
        memory: "50Mi"
      max:
        cpu: "1500m"
        memory: "800Mi"
      min:
        cpu: "10m"
        memory: "50Mi"
      type: Container
---
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
  name: "borgwarehouse"
  namespace: "borgwarehouse"
spec:
  # Adapt to your needs
  revisionHistoryLimit: 1
  strategy:
    type: "Recreate" # | rollingUpdate
  selector:
    matchLabels:
      app: "borgwarehouse"
  replicas: 1
  template:
    metadata:
      labels:
        app: "borgwarehouse"
    spec:
      imagePullSecrets:
        - name: "dockerregistry" # If you need secret to pull image
      securityContext:
        runAsUser: 1001
        runAsGroup: 1001
        fsGroup: 1001
        runAsNonRoot: true
      containers:
        - name: "borgwarehouse"
      containers:
      - name: 'borgwarehouse'
        env:
          - name: 'NEXTAUTH_URL'
            valueFrom :
              secretKeyRef:
                name: 'borgwarehouse-secret-envvars'
                key: 'NEXTAUTH_URL'
                optional: false
          - name: 'NEXTAUTH_SECRET'
            valueFrom :
              secretKeyRef:
                name: 'borgwarehouse-secret-envvars'
                key: 'NEXTAUTH_SECRET'
                optional: false
          - name: 'CRONJOB_KEY'
            valueFrom :
              secretKeyRef:
                name: 'borgwarehouse-secret-envvars'
                key: 'CRONJOB_KEY'
                optional: false
          - name: 'FQDN'
            valueFrom :
              secretKeyRef:
                name: 'borgwarehouse-secret-envvars'
                key: 'FQDN'
                optional: false
          - name: 'SSH_SERVER_PORT'
            valueFrom :
              secretKeyRef:
                name: 'borgwarehouse-secret-envvars'
                key: 'SSH_SERVER_PORT'
          image: "borgwarehouse/borgwarehouse:latest" # lastest is a bad practise...
          # Adapt to your needs
          imagePullPolicy: "Always"
          readinessProbe:
            httpGet:
              path: "/"
              port: 3000
            initialDelaySeconds: 10
            periodSeconds: 30
            timeoutSeconds: 3
          startupProbe:
            httpGet:
              path: "/"
              port: 3000
            periodSeconds: 10
            failureThreshold: 30
          livenessProbe:
            httpGet:
              path: "/"
              port: 3000
            periodSeconds: 120
            timeoutSeconds: 3
          securityContext:
          ports:
            - containerPort: 22
              protocol: "TCP"
              name: "port-22"
            - containerPort: 3000
              protocol: "TCP"
              name: "port-3000"
          volumeMounts:
            - mountPath: "/home/borgwarehouse/app/config"
              name: "xxxxx-borgwarehouse-config"
            - mountPath: "/home/borgwarehouse/repos"
              name: "xxxxx-borgwarehouse-repos"
            - mountPath: "/home/borgwarehouse/.ssh"
              name: "xxxxx-borgwarehouse-homedirssh"
            - mountPath: "/etc/ssh"
              name: "xxxxx-borgwarehouse-etcssh"
      volumes:
        - name: "xxxxx-borgwarehouse-config"
          persistentVolumeClaim:
            # because only this claimref is able to use final volumes
            claimName: "claimref-xxxxx-borgwarehouse-config"
        - name: "xxxxx-borgwarehouse-repos"
          persistentVolumeClaim:
            claimName: "claimref-xxxxx-borgwarehouse-repos"
        - name: "xxxxx-borgwarehouse-homedirssh"
          persistentVolumeClaim:
            claimName: "claimref-xxxxx-borgwarehouse-homedirssh"
        - name: "xxxxx-borgwarehouse-etcssh"
          persistentVolumeClaim:
            claimName: "claimref-xxxxx-borgwarehouse-etcssh"
---
apiVersion: "v1"
kind: "Service"
metadata:
  name: "borgwarehouse-app-port-22"
  namespace: "borgwarehouse"
spec:
  # Adapt to your cluster configuration
  type: "NodePort"
  ports:
    - port: 22
      protocol: "TCP"
      targetPort: 22
      name: "port-borgwarehouse-22"
  selector:
    app: "borgwarehouse"
---
apiVersion: "v1"
kind: "Service"
metadata:
  name: "borgwarehouse-app-port-3000"
  namespace: "borgwarehouse"
spec:
  # Adapt to your cluster configuration
  type: "NodePort"
  ports:
    - port: 3000
      protocol: "TCP"
      targetPort: 3000
      name: "port-borgwarehouse-3000"
  selector:
    app: "borgwarehouse"
---
## Your ingress definitions...
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: "borgwarehouse-app-port-3000"
  namespace: "borgwarehouse"
[...]
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: "borgwarehouse-app-port-22"
  namespace: "borgwarehouse"