cluster-deployments/manifests/ara-server+cronjob.yml

106 lines
2.5 KiB
YAML
Raw Normal View History

2023-07-29 13:37:44 +00:00
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: ara-server
namespace: argocd
spec:
project: default
source:
repoURL: https://lib42.github.io/charts
targetRevision: "0.3.*"
chart: ara
helm:
values: |
ingress:
enabled: true
hosts:
- ara.k8s.smsvc.net
persistentVolumes:
enabled: true
size: 128Mi
storageClassName: local-path
destination:
server: 'https://kubernetes.default.svc'
namespace: ara
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
retry:
limit: 5
backoff:
duration: 5s
factor: 2
maxDuration: 5m
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cronjob-serviceaccount
namespace: ara
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-patch-role
namespace: ara
rules:
- apiGroups: ["", "extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-patch-rolebinding
namespace: ara
subjects:
- kind: ServiceAccount
name: cronjob-serviceaccount
namespace: ara
roleRef:
kind: Role
name: ingress-patch-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: update-ingress-whitelist
namespace: ara
spec:
schedule: '@hourly'
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
serviceAccountName: cronjob-serviceaccount
restartPolicy: Never
containers:
- name: update-ingress-whitelist
image: portainer/kubectl-shell
command:
- /bin/bash
- -c
- |
date
DOMAIN=smark.ddns.net
while true; do
IP=$(nslookup $DOMAIN | grep -A1 $DOMAIN | awk 'END {print $NF}')
[[ -n "$IP" ]] && break
sleep 10
done
set -x
kubectl -n ara patch ingress ara-ara-server-ingress --type='json' --patch='[
{
"op": "replace",
"path": "/metadata/annotations/nginx.ingress.kubernetes.io~1whitelist-source-range",
"value":"'$IP'"
}
]'