diff options
| author | Vincent Ambo <tazjin@google.com> | 2019-12-20T20·18+0000 |
|---|---|---|
| committer | Vincent Ambo <tazjin@google.com> | 2019-12-20T20·18+0000 |
| commit | 03bfe08e1dd9faf48b06cb146bfa446575cde88a (patch) | |
| tree | 55317968922a9b2a01516f1b79527874df037517 /ops/infra/kubernetes/nixery/config.yaml | |
| parent | e52eed3cd4f73779c2e7c350537fb346835ba9f3 (diff) | |
chore: Significantly restructure folder layout r/237
This moves the various projects from "type-based" folders (such as "services" or "tools") into more appropriate semantic folders (such as "nix", "ops" or "web"). Deprecated projects (nixcon-demo & gotest) which only existed for testing/demonstration purposes have been removed. (Note: *all* builds are broken with this commit)
Diffstat (limited to 'ops/infra/kubernetes/nixery/config.yaml')
| -rw-r--r-- | ops/infra/kubernetes/nixery/config.yaml | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/ops/infra/kubernetes/nixery/config.yaml b/ops/infra/kubernetes/nixery/config.yaml new file mode 100644 index 000000000000..0775e79b5843 --- /dev/null +++ b/ops/infra/kubernetes/nixery/config.yaml @@ -0,0 +1,67 @@ +# Deploys an instance of Nixery into the cluster. +# +# The service via which Nixery is exposed has a private DNS entry +# pointing to it, which makes it possible to resolve `nixery.local` +# in-cluster without things getting nasty. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nixery + namespace: kube-public + labels: + app: nixery +spec: + replicas: 1 + selector: + matchLabels: + app: nixery + template: + metadata: + labels: + app: nixery + spec: + containers: + - name: nixery + image: eu.gcr.io/tazjins-infrastructure/nixery:{{ .version }} + volumeMounts: + - name: nixery-secrets + mountPath: /var/nixery + env: + - name: BUCKET + value: {{ .bucket}} + - name: PORT + value: "{{ .port }}" + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/nixery/gcs-key.json + - name: GCS_SIGNING_KEY + value: /var/nixery/gcs-key.pem + - name: GCS_SIGNING_ACCOUNT + value: {{ .account }} + - name: GIT_SSH_COMMAND + value: 'ssh -F /var/nixery/ssh_config' + - name: NIXERY_PKGS_REPO + value: {{ .repo }} + - name: NIX_POPULARITY_URL + value: 'https://storage.googleapis.com/nixery-layers/popularity/{{ .popularity }}' + volumes: + - name: nixery-secrets + secret: + secretName: nixery-secrets + defaultMode: 256 +--- +apiVersion: v1 +kind: Service +metadata: + name: nixery + namespace: kube-public + annotations: + cloud.google.com/load-balancer-type: "Internal" +spec: + selector: + app: nixery + type: LoadBalancer + ports: + - protocol: TCP + port: 80 + targetPort: 8080 |