apiVersion: v1 kind: Service metadata: name: receipts labels: &labels app.kubernetes.io/name: receipts app.kubernetes.io/component: receipts spec: ports: - name: http port: 8000 selector: *labels type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: name: receipts labels: &labels app.kubernetes.io/name: receipts app.kubernetes.io/component: receipts spec: selector: matchLabels: *labels template: metadata: labels: *labels spec: containers: - name: receipts image: git.pyrocufflink.net/packages/receipts imagePullPolicy: Always env: - name: RUST_LOG value: info,rocket=warn,receipts=debug - name: ROCKET_ADDRESS value: 0.0.0.0 ports: - name: http containerPort: 8000 securityContext: readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/receipts name: config readOnly: true - mountPath: /run/secrets/receipts/secrets name: secrets readOnly: true - mountPath: /tmp name: tmp subPath: tmp imagePullSecrets: - name: imagepull-gitea securityContext: runAsNonRoot: true runAsUser: 943 runAsGroup: 943 fsGroup: 943 volumes: - name: config configMap: name: receipts-config - name: secrets secret: secretName: receipts - name: tmp emptyDir: medium: Memory --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: labels: app.kubernetes.io/name: receipts app.kubernetes.io/component: receipts annotations: nginx.ingress.kubernetes.io/proxy-body-size: '0' name: receipts spec: tls: - hosts: - receipts.pyrocufflink.blue rules: - host: receipts.pyrocufflink.blue http: paths: - path: / pathType: Prefix backend: service: name: receipts port: name: http