auth service deployment

2025-08-13 22:39:06 +02:00 · 2024-03-17 16:59:09 +01:00
parent 2e720c326a
commit 26c227c062
4 changed files with 122 additions and 0 deletions
--- a/deployment/auth-service/certificate.yaml
+++ b/deployment/auth-service/certificate.yaml
@@ -0,0 +1,29 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gh-auth-service-certificate
+  annotations:
+    argocd.argoproj.io/hook: PreSync
+spec:
+  isCA: false
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  dnsNames:
+    - gh-auth-service.generations-heritage.svc.cluster.local
+    - gh-auth-service
+    - localhost
+  ipAddresses:
+    - 127.0.0.1
+  subject:
+    organizations:
+      - GenerationsHeritage
+  secretName: gh-auth-service-tls
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  issuerRef:
+    name: default-cluster-ca-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+  
--- a/deployment/auth-service/deployment.yaml
+++ b/deployment/auth-service/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: gh-auth-service
+    app.kubernetes.io/name: gh-auth-service
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+    argocd.argoproj.io/hook: Synce
+  name: gh-auth-service
+  namespace: generations-heritage
+spec:
+  podManagementPolicy: OrderedReady
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: gh-auth-service
+      app.kubernetes.io/name: gh-auth-service
+  serviceName: gh-auth-service
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: gh-auth-service
+        app.kubernetes.io/name: gh-auth-service
+    spec:
+      containers:
+        - image: vcscsvcscs/gheritage-auth-service:latest
+          imagePullPolicy: Always
+          name: gh-auth-service
+          ports:
+          - containerPort: 443
+            name: gin
+          securityContext:
+            runAsUser: 0
+          resources:
+            limits:
+              cpu: 250m
+              memory: 200Mi
+            requests:
+              cpu: 100m
+              memory: 50Mi
+            volumeMounts:
+              - name: gh-auth-service-certs
+                mountPath: /etc/gh-auth-service/ssl
+      volumes:
+      - name: gh-auth-service-certs
+        secret:
+          secretName: gh-auth-service-tls
+  updateStrategy:
+    type: RollingUpdate
--- a/deployment/auth-service/horizontalPodAutoScaler.yaml
+++ b/deployment/auth-service/horizontalPodAutoScaler.yaml
@@ -0,0 +1,26 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: gh-auth-service
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: gh-auth-service
+  minReplicas: 1
+  maxReplicas: 5
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 50
+  - type: Resource
+    resource:
+      name: memory
+      target:
+        type: Utilization
+        averageUtilization: 50
--- a/deployment/auth-service/service.yaml
+++ b/deployment/auth-service/service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: gh-auth-service
+    app.kubernetes.io/name: gh-auth-service
+  name: gh-auth-service
+spec:
+  ports:
+  - name: gin
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    app.kubernetes.io/instance: gh-auth-service
+    app.kubernetes.io/name: gh-auth-service
+  type: ClusterIP