ab/homelab
1
1
Fork 1
Code Pull Requests 37 Actions Packages Wiki Activity

Added secrets
All checks were successful
Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s
Details
Check with kubeconform / lint (push) Successful in 7s
Details
Auto-update README / Generate README and Create MR (push) Successful in 6s
Details

Browse Source
This commit is contained in:
AB from home.homenet
2026-02-11 21:49:12 +02:00
parent ba6180a83d
commit 057c301eba
3 changed files with 74 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
k8s/apps/mtproxy/kustomization.yaml
View File

@@ -6,5 +6,6 @@ resources:
- ./rbac.yaml - ./rbac.yaml
- ./daemonset.yaml - ./daemonset.yaml
- ./external-secrets.yaml - ./external-secrets.yaml
- ./service.yaml
- ./secret-reader.yaml
# - ./storage.yaml # - ./storage.yaml
# - ./service.yaml

63
k8s/apps/mtproxy/secret-reader.yaml Normal file
View File

@@ -0,0 +1,63 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: secret-reader
labels:
app: secret-reader
spec:
replicas: 1
selector:
matchLabels:
app: secret-reader
template:
metadata:
labels:
app: secret-reader
spec:
serviceAccountName: mtproxy
nodeSelector:
kubernetes.io/os: linux
containers:
- name: secret-reader
image: ultradesu/k8s-secrets:0.2.1
imagePullPolicy: Always
args:
- "--secrets"
- "mtproxy-links"
- "--namespace"
- "mtproxy"
- "--port"
- "3000"
ports:
- containerPort: 3000
name: http
env:
- name: RUST_LOG
value: "info"
resources:
requests:
memory: "64Mi"
cpu: "50m"
limits:
memory: "128Mi"
cpu: "150m"
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
securityContext:
runAsNonRoot: true
runAsUser: 1000
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL

16
k8s/apps/mtproxy/service.yaml
View File

@@ -2,15 +2,15 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: mtproxy name: secret-reader
labels:
app: secret-reader
spec: spec:
type: LoadBalancer type: ClusterIP
selector: selector:
app: mtproxy app: secret-reader
ports: ports:
- name: proxy - port: 80
port: 30443 targetPort: 3000
targetPort: 30443
protocol: TCP protocol: TCP
nodePort: 30443 name: http