123 lines
3.9 KiB
HCL
123 lines
3.9 KiB
HCL
resource "kubectl_manifest" "deploy" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: "${var.component}-${var.instance}"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.common-labels)}
|
|
spec:
|
|
replicas: 1
|
|
hostname: "${var.component}-${var.instance}"
|
|
subdomain: "${var.domain_name}"
|
|
selector:
|
|
matchLabels: ${jsonencode(local.common-labels)}
|
|
template:
|
|
metadata:
|
|
labels: ${jsonencode(local.common-labels)}
|
|
annotations:
|
|
container.apparmor.security.beta.kubernetes.io/code-server: unconfined
|
|
container.seccomp.security.alpha.kubernetes.io/code-server: unconfined
|
|
spec:
|
|
securityContext:
|
|
fsGroup: 1000
|
|
runAsGroup: 1000
|
|
capabilities:
|
|
add:
|
|
- SETGID
|
|
- SETUID
|
|
- SYS_CHROOT
|
|
hostname: "${var.component}-${var.instance}"
|
|
containers:
|
|
- name: code-server
|
|
securityContext:
|
|
fsGroup: 1000
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
privileged: true
|
|
procMount: unmasked
|
|
env:
|
|
- name: DOCKER_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: password
|
|
name: "${var.component}-${var.instance}"
|
|
- name: DOCKER_USER
|
|
value: coder
|
|
- name: IS_CONSOLE
|
|
value: "${var.no-editor?"shellinabox":"code-server"}"
|
|
- name: TZ
|
|
value: "${var.timezone}"
|
|
- name: ENTRYPOINTD
|
|
value: /usr/local/startup
|
|
- name: PORT
|
|
value: "8080"
|
|
- name: CODE_SERVER_CONFIG
|
|
value: /etc/code-server/config.yml
|
|
image: "${var.images.codeserver.registry}/${var.images.codeserver.repository}:${var.images.codeserver.tag}"
|
|
imagePullPolicy: "${var.images.codeserver.pullPolicy}"
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
protocol: TCP
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
scheme: HTTP
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /
|
|
port: http
|
|
scheme: HTTP
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/code-server/config.yml
|
|
subPath: config.yml
|
|
- name: startup
|
|
mountPath: /usr/local/startup/autostart.sh
|
|
subPath: autostart.sh
|
|
- name: home
|
|
mountPath: /home/coder
|
|
- name: run
|
|
mountPath: /run
|
|
restartPolicy: Always
|
|
securityContext:
|
|
fsGroup: 1000
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
serviceAccount: "${var.component}-${var.instance}"
|
|
serviceAccountName: "${var.component}-${var.instance}"
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
defaultMode: 0420
|
|
name: "${var.component}-${var.instance}"
|
|
items:
|
|
- key: config.yml
|
|
path: config.yml
|
|
- name: startup
|
|
configMap:
|
|
defaultMode: 0755
|
|
name: "${var.component}-${var.instance}"
|
|
items:
|
|
- key: autostart.sh
|
|
path: autostart.sh
|
|
- name: home
|
|
persistentVolumeClaim:
|
|
claimName: "${var.component}-${var.instance}"
|
|
- name: run
|
|
emptyDir: {}
|
|
EOF
|
|
}
|