86cd961ee4
- scripts/release.sh: full release orchestration (build, publish, install) - deploy/k3s/: Deployment, ConfigMap, PVC, Namespace with kustomize hostNetwork for dnsmasq, NET_ADMIN caps, local-path PVC - Infra role gets /var/lib/rancher partition (20GB, preserved on reprovision) for k3s etcd data persistence across reinstalls - Infra %post installs k3s server (INSTALL_K3S_SKIP_START=true) - 5 new kickstart tests (27 total) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
66 lines
1.5 KiB
YAML
66 lines
1.5 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bastion
|
|
namespace: lab-infra
|
|
labels:
|
|
app: bastion
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: bastion
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bastion
|
|
spec:
|
|
hostNetwork: true
|
|
containers:
|
|
- name: bastion
|
|
image: mysources.co.uk/michal/lab-bastion:latest
|
|
command:
|
|
- node
|
|
- src/cli/dist/index.js
|
|
- init
|
|
- bastion
|
|
- standalone
|
|
- start
|
|
envFrom:
|
|
- configMapRef:
|
|
name: bastion-config
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
volumeMounts:
|
|
- name: state
|
|
mountPath: /data
|
|
- name: ssh-keys
|
|
mountPath: /root/.ssh
|
|
readOnly: true
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /api/machines
|
|
port: 8080
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 30
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /api/machines
|
|
port: 8080
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
volumes:
|
|
- name: state
|
|
persistentVolumeClaim:
|
|
claimName: bastion-state
|
|
- name: ssh-keys
|
|
hostPath:
|
|
path: /root/.ssh
|
|
type: Directory
|