Issue #408: separate deployment

ai-cfia · Oct 24, 2024 · c349ce5 · c349ce5
1 parent 7843714
commit c349ce5
Show file tree

Hide file tree

Showing 3 changed files with 117 additions and 78 deletions.
diff --git a/kubernetes/aks/apps/fertiscan/base/fertiscan-backend-deployment.yaml b/kubernetes/aks/apps/fertiscan/base/fertiscan-backend-deployment.yaml
@@ -73,27 +73,6 @@ spec:
             capabilities:
               drop:
                 - ALL
-        - name: file-browser
-          image: filebrowser/filebrowser
-          ports:
-            - containerPort: 80
-              name: http
-          volumeMounts:
-            - name: logs
-              mountPath: /srv/logs
-            - name: uploads
-              mountPath: /srv/uploads
-            - name: filebrowser-db
-              mountPath: /db
-          command:
-            - "/bin/sh"
-            - "-c"
-            - |
-              if [ ! -f /db/database.db ]; then
-                /filebrowser config init --database=/db/database.db;
-              fi
-              /filebrowser config set --auth.method=proxy --auth.header=X-Vouch-Token && \
-              /filebrowser -r /srv -d /database.db
       volumes:
         - name: tmp
           emptyDir: {}
@@ -103,9 +82,6 @@ spec:
         - name: uploads
           persistentVolumeClaim:
             claimName: fertiscan-uploads-pvc
-        - name: filebrowser-db
-          persistentVolumeClaim:
-            claimName: filebrowser-db-pvc
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -130,17 +106,6 @@ spec:
     requests:
       storage: 2Gi
 ---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: filebrowser-db-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
----
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
@@ -165,7 +130,3 @@ spec:
       port: 5000
       targetPort: 5000
       name: api
-    - protocol: TCP
-      port: 80
-      targetPort: 80
-      name: file-browser
diff --git a/kubernetes/aks/apps/fertiscan/base/fertiscan-ingress.yaml b/kubernetes/aks/apps/fertiscan/base/fertiscan-ingress.yaml
@@ -72,42 +72,3 @@ spec:
                 name: fertiscan-backend-svc
                 port:
                   number: 5000
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: fertiscan-filebrowser-ingress
-  annotations:
-    nginx.ingress.kubernetes.io/whitelist-source-range: 205.194.32.0/24,10.244.0.0/16,192.197.71.0/24
-    external-dns.alpha.kubernetes.io/target: inspection.alpha.canada.ca
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/add-base-url: "true"
-    nginx.ingress.kubernetes.io/client_max_body_size: "200m"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
-    kubernetes.io/tls-acme: "true"
-    # Vouch Proxy Authentication
-    nginx.ingress.kubernetes.io/auth-signin: "https://vouch.inspection.alpha.canada.ca/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err"
-    nginx.ingress.kubernetes.io/auth-url: https://vouch.inspection.alpha.canada.ca/validate
-    nginx.ingress.kubernetes.io/auth-snippet: |
-      auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
-      auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
-      auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
-    nginx.ingress.kubernetes.io/custom-http-errors: "403"
-    nginx.ingress.kubernetes.io/default-backend: "default-nginx-backend"
-spec:
-  ingressClassName: nginx
-  tls:
-    - hosts:
-        - filebrowser.inspection.alpha.canada.ca
-      secretName: aciacfia-tls
-  rules:
-    - host: filebrowser.inspection.alpha.canada.ca
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: fertiscan-backend-svc
-                port:
-                  number: 80
diff --git a/kubernetes/aks/apps/fertiscan/base/filebrowser.yaml b/kubernetes/aks/apps/fertiscan/base/filebrowser.yaml
@@ -0,0 +1,117 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: filebrowser
+  labels:
+    app: filebrowser
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: filebrowser
+  template:
+    metadata:
+      labels:
+        app: filebrowser
+    spec:
+      containers:
+        - name: file-browser
+          image: filebrowser/filebrowser
+          ports:
+            - containerPort: 80
+              name: http
+          volumeMounts:
+            - name: logs
+              mountPath: /srv/logs
+              readOnly: true
+            - name: uploads
+              mountPath: /srv/uploads
+              readOnly: true
+            - name: filebrowser-db
+              mountPath: /db
+          command:
+            - "/bin/sh"
+            - "-c"
+            - |
+              if [ ! -f /db/database.db ]; then
+                /filebrowser config init --database=/db/database.db;
+              fi
+              /filebrowser config set --auth.method=proxy --auth.header=X-Vouch-Token && \
+              /filebrowser -r /srv -d /db/database.db
+      volumes:
+        - name: logs
+          persistentVolumeClaim:
+            claimName: fertiscan-logs-pvc
+        - name: uploads
+          persistentVolumeClaim:
+            claimName: fertiscan-uploads-pvc
+        - name: filebrowser-db
+          persistentVolumeClaim:
+            claimName: filebrowser-db-pvc
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: filebrowser-db-pvc
+  namespace: dashboard
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: filebrowser-svc
+  namespace: dashboard
+spec:
+  selector:
+    app: filebrowser
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+      name: http
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fertiscan-filebrowser-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/whitelist-source-range: 205.194.32.0/24,10.244.0.0/16,192.197.71.0/24
+    external-dns.alpha.kubernetes.io/target: inspection.alpha.canada.ca
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/add-base-url: "true"
+    nginx.ingress.kubernetes.io/client_max_body_size: "200m"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
+    kubernetes.io/tls-acme: "true"
+    # Vouch Proxy Authentication
+    nginx.ingress.kubernetes.io/auth-signin: "https://vouch.inspection.alpha.canada.ca/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err"
+    nginx.ingress.kubernetes.io/auth-url: https://vouch.inspection.alpha.canada.ca/validate
+    nginx.ingress.kubernetes.io/auth-snippet: |
+      auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
+      auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
+      auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
+    nginx.ingress.kubernetes.io/custom-http-errors: "403"
+    nginx.ingress.kubernetes.io/default-backend: "default-nginx-backend"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - filebrowser.inspection.alpha.canada.ca
+      secretName: aciacfia-tls
+  rules:
+    - host: filebrowser.inspection.alpha.canada.ca
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: fertiscan-backend-svc
+                port:
+                  number: 80