apiVersion: v1 kind: Secret metadata: name: nam-frontend-dev-secret namespace: nam-frontend-dev labels: app.kubernetes.io/name: nam-frontend-dev app.kubernetes.io/instance: nam-frontend-dev io.portainer.kubernetes.application.name: nam-frontend-dev io.portainer.kubernetes.application.owner: admin type: Opaque data: VITE_API_URL: YW1lc2NhZmUuY29t --- apiVersion: v1 kind: ConfigMap metadata: name: nam-frontend-dev-config namespace: nam-frontend-dev labels: app.kubernetes.io/name: nam-frontend-dev app.kubernetes.io/instance: nam-frontend-dev io.portainer.kubernetes.application.name: nam-frontend-dev io.portainer.kubernetes.application.owner: admin data: ".env": | VITE_API_URL=https://api-nam.winteraccess.id --- apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: volume.alpha.kubernetes.io/storage-class: generic volume.beta.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner volume.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner labels: app.kubernetes.io/name: nam-frontend-dev app.kubernetes.io/instance: nam-frontend-dev io.portainer.kubernetes.application.name: nam-frontend-dev io.portainer.kubernetes.application.owner: admin name: nam-frontend-dev-storage namespace: nam-frontend-dev spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: nfs volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: volume.alpha.kubernetes.io/storage-class: generic volume.beta.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner volume.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner labels: app.kubernetes.io/name: nam-frontend-dev app.kubernetes.io/instance: nam-frontend-dev io.portainer.kubernetes.application.name: nam-frontend-dev io.portainer.kubernetes.application.owner: admin name: nam-frontend-dev-public namespace: nam-frontend-dev spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: nfs volumeMode: Filesystem --- apiVersion: v1 kind: PersistentVolumeClaim metadata: annotations: volume.alpha.kubernetes.io/storage-class: generic volume.beta.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner volume.kubernetes.io/storage-provisioner: cluster.local/nfs-nfs-subdir-external-provisioner labels: app.kubernetes.io/instance: nam-frontend-dev app.kubernetes.io/name: nam-frontend-dev io.portainer.kubernetes.application.name: nam-frontend-dev io.portainer.kubernetes.application.owner: admin name: nam-frontend-dev-public namespace: nam-frontend-dev spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi storageClassName: nfs volumeMode: Filesystem --- apiVersion: apps/v1 kind: Deployment metadata: name: nam-frontend-dev namespace: nam-frontend-dev labels: app.kubernetes.io/instance: nam-frontend-dev app.kubernetes.io/name: nam-frontend-dev io.portainer.kubernetes.application.name: nam-frontend-dev io.portainer.kubernetes.application.owner: admin spec: progressDeadlineSeconds: 600 replicas: 3 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/instance: nam-frontend-dev app.kubernetes.io/name: nam-frontend-dev strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: labels: app.kubernetes.io/instance: nam-frontend-dev app.kubernetes.io/name: nam-frontend-dev spec: affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: app.kubernetes.io/instance: nam-frontend-dev app.kubernetes.io/name: nam-frontend-dev topologyKey: "kubernetes.io/hostname" containers: - name: web image: git.winteraccess.id/winter-access/frontend-nam:dev imagePullPolicy: Always envFrom: - configMapRef: name: nam-frontend-dev-config - secretRef: name: nam-frontend-dev-secret resources: limits: cpu: "250m" memory: 1024M requests: cpu: "100m" memory: 512M ports: - containerPort: 80 name: http protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] add: ["NET_ADMIN", "SYS_TIME"] readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /app/public name: public - mountPath: /app/storage name: storage - mountPath: /tmp name: tmp initContainers: - name: init image: git.winteraccess.id/winter-access/frontend-nam:dev imagePullPolicy: Always command: ["/scripts/initialize"] env: - name: DB_PASSWORD valueFrom: secretKeyRef: name: nam-frontend-dev-secret key: DB_PASSWORD resources: limits: cpu: "250m" memory: 1024M requests: cpu: "100m" memory: 512M securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] add: ["NET_ADMIN", "SYS_TIME"] readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /app/public name: public - mountPath: /app/storage name: storage - mountPath: /tmp name: tmp imagePullSecrets: - name: winter-registry dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: runAsUser: 10001 runAsGroup: 10001 fsGroup: 10001 runAsNonRoot: true terminationGracePeriodSeconds: 30 volumes: - name: cache emptyDir: {} - name: run emptyDir: {} - name: logs emptyDir: {} - name: tmp emptyDir: {} - name: psysh emptyDir: {} - name: config configMap: name: nam-frontend-dev-config - name: public persistentVolumeClaim: claimName: nam-frontend-dev-public - name: storage persistentVolumeClaim: claimName: nam-frontend-dev-storage --- apiVersion: v1 kind: Service metadata: name: nam-frontend-dev namespace: nam-frontend-dev annotations: traefik.ingress.kubernetes.io/service.sticky.cookie: "true" traefik.ingress.kubernetes.io/service.sticky.cookie.name: "nam-frontend-dev" traefik.ingress.kubernetes.io/service.sticky.cookie.secure: "true" traefik.ingress.kubernetes.io/service.sticky.cookie.samesite: "none" labels: app.kubernetes.io/name: nam-frontend-dev app.kubernetes.io/instance: nam-frontend-dev io.portainer.kubernetes.application.name: nam-frontend-dev io.portainer.kubernetes.application.owner: admin spec: internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: http port: 80 protocol: TCP targetPort: 8000 selector: app.kubernetes.io/instance: nam-frontend-dev app.kubernetes.io/name: nam-frontend-dev sessionAffinity: None type: ClusterIP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: web traefik.ingress.kubernetes.io/router.middlewares: default-https-redirect@kubernetescrd labels: app.kubernetes.io/instance: nam-frontend-dev app.kubernetes.io/name: nam-frontend-dev io.portainer.kubernetes.application.name: nam-frontend-dev io.portainer.kubernetes.application.owner: admin name: nam-frontend-dev-http namespace: nam-frontend-dev spec: ingressClassName: traefik rules: - host: dev-nam-frontend.winteraccess.id http: paths: - backend: service: name: nam-frontend-dev port: number: 80 path: / pathType: Prefix --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-production kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure labels: app.kubernetes.io/instance: nam-frontend-dev app.kubernetes.io/name: nam-frontend-dev io.portainer.kubernetes.application.name: nam-frontend-dev io.portainer.kubernetes.application.owner: admin name: nam-frontend-dev-https namespace: nam-frontend-dev spec: ingressClassName: traefik rules: - host: dev-nam-frontend.winteraccess.id http: paths: - backend: service: name: nam-frontend-dev port: number: 80 path: / pathType: Prefix tls: - hosts: - dev-nam-frontend.winteraccess.id secretName: nam-frontend-dev-tls