diff options
Diffstat (limited to 'templates/default')
6 files changed, 105 insertions, 1 deletions
diff --git a/templates/default/kubernetes/onionbalance-deploy.yml.j2 b/templates/default/kubernetes/onionbalance-deploy.yml.j2 new file mode 100644 index 0000000..c63b247 --- /dev/null +++ b/templates/default/kubernetes/onionbalance-deploy.yml.j2 @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ namespace }} + name: onionbalance + labels: + app: onionbalance +spec: + replicas: 1 + selector: + matchLabels: + app: onionbalance + strategy: + type: Recreate + revisionHistoryLimit: 5 + template: + metadata: + labels: + app: onionbalance + spec: + nodeName: {{ worker.name }} + serviceAccountName: onionbalance + securityContext: + runAsUser: 998 + fsGroup: 998 + containers: + - name: tor + image: spreadspace/onionbalance:{{ desc.globals.deployment.parameter.onionbalance_image_version }} + imagePullPolicy: Always + args: + - /run-tor.sh + volumeMounts: + - name: onion-run + mountPath: /var/run/tor + - name: onion-lib + mountPath: /var/lib/tor + - name: balance + image: spreadspace/onionbalance:{{ desc.globals.deployment.parameter.onionbalance_image_version }} + imagePullPolicy: Always + args: + - /run-balance.sh + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: onion-run + mountPath: /var/run/tor + - name: onion-keys + readOnly: true + mountPath: /var/run/secrets/spreadspace.org/onionbalance + volumes: + - name: onion-run + emptyDir: + medium: Memory + - name: onion-lib + hostPath: + type: DirectoryOrCreate + path: /var/lib/tor/{{ desc.globals.name }}/_balance + - name: onion-keys + secret: + secretName: onionbalance diff --git a/templates/default/kubernetes/onionbalance-role.yml.j2 b/templates/default/kubernetes/onionbalance-role.yml.j2 new file mode 100644 index 0000000..bd4f743 --- /dev/null +++ b/templates/default/kubernetes/onionbalance-role.yml.j2 @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ namespace }} + name: onionbalance +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch diff --git a/templates/default/kubernetes/onionbalance-rolebinding.yml.j2 b/templates/default/kubernetes/onionbalance-rolebinding.yml.j2 new file mode 100644 index 0000000..6623d6c --- /dev/null +++ b/templates/default/kubernetes/onionbalance-rolebinding.yml.j2 @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: {{ namespace }} + name: onionbalance +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: onionbalance +subjects: +- kind: ServiceAccount + name: onionbalance + namespace: {{ namespace }} diff --git a/templates/default/kubernetes/onionbalance-sa.yml.j2 b/templates/default/kubernetes/onionbalance-sa.yml.j2 new file mode 100644 index 0000000..d92b374 --- /dev/null +++ b/templates/default/kubernetes/onionbalance-sa.yml.j2 @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ namespace }} + name: onionbalance diff --git a/templates/default/kubernetes/onionbalance-secret.yml.j2 b/templates/default/kubernetes/onionbalance-secret.yml.j2 new file mode 100644 index 0000000..73ee05e --- /dev/null +++ b/templates/default/kubernetes/onionbalance-secret.yml.j2 @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ namespace }} + name: onionbalance + labels: + app: onionbalance +type: Opaque +data: diff --git a/templates/default/kubernetes/sfive-deploy.yml.j2 b/templates/default/kubernetes/sfive-deploy.yml.j2 index 4613a03..aafb468 100644 --- a/templates/default/kubernetes/sfive-deploy.yml.j2 +++ b/templates/default/kubernetes/sfive-deploy.yml.j2 @@ -106,7 +106,7 @@ spec: - name: onion-lib hostPath: type: DirectoryOrCreate - path: /var/lib/tor/{{ desc.globals.name }} + path: /var/lib/tor/{{ desc.globals.name }}/{{ worker.flags.stream }} {% endif %} - name: proxy-config configMap: |