ghndrx/k8s-game-2048
1
0
Fork 0
mirror of https://github.com/ghndrx/k8s-game-2048.git synced 2026-02-10 06:45:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d582108b16ff6a2b4f672a7c11b2df0c68ff661a
k8s-game-2048/manifests/webhook/webhook-handler.yaml
Greg d582108b16 🔒 Add environment-based configuration system 
- Add .env.example template with all configurable values
- Create comprehensive .gitignore for personal data
- Add sanitization script to remove hardcoded personal info
- Add environment-aware deployment scripts
- Add ENVIRONMENT.md documentation
- Keep personal information in .env (gitignored)

This makes the repository safe for public sharing while keeping personal domains, emails, and secrets secure.
2025-07-01 10:09:14 -07:00

233 lines
6.1 KiB
YAML
Raw Blame History

apiVersion: v1
kind: Namespace
metadata:
name: webhook-system
labels:
name: webhook-system
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-secret
namespace: webhook-system
type: Opaque
stringData:
webhook-secret: "CHANGE_ME_IN_PRODUCTION" # Replace with your actual webhook secret
---
apiVersion: v1
kind: ConfigMap
metadata:
name: webhook-handler-config
namespace: webhook-system
data:
MANIFESTS_PATH: "/app/manifests"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: webhook-handler
namespace: webhook-system
labels:
app: webhook-handler
spec:
replicas: 1 # Start with 1 for testing
selector:
matchLabels:
app: webhook-handler
template:
metadata:
labels:
app: webhook-handler
spec:
serviceAccountName: webhook-handler
initContainers:
- name: setup
image: python:3.11-slim
command:
- /bin/bash
- -c
- |
set -e
echo "🚀 Setting up webhook handler dependencies..."
# Update and install basic tools
apt-get update
apt-get install -y curl wget
# Install kubectl
echo "📦 Installing kubectl..."
curl -LO "https://dl.k8s.io/release/v1.28.0/bin/linux/amd64/kubectl"
chmod +x kubectl
cp kubectl /shared/kubectl
# Install Python dependencies
echo "📦 Installing Python dependencies..."
pip install flask requests
# Copy requirements to shared volume
pip freeze > /shared/requirements.txt
echo "✅ Setup completed!"
volumeMounts:
- name: shared-tools
mountPath: /shared
containers:
- name: webhook-handler
image: python:3.11-slim
ports:
- containerPort: 8080
name: http
env:
- name: WEBHOOK_SECRET
valueFrom:
secretKeyRef:
name: webhook-secret
key: webhook-secret
- name: MANIFESTS_PATH
valueFrom:
configMapKeyRef:
name: webhook-handler-config
key: MANIFESTS_PATH
- name: PATH
value: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/shared"
command:
- /bin/bash
- -c
- |
set -e
echo "🎯 Starting webhook handler..."
# Install Python dependencies from init container
if [ -f /shared/requirements.txt ]; then
pip install -r /shared/requirements.txt
else
pip install flask requests
fi
# Make kubectl available
cp /shared/kubectl /usr/local/bin/ 2>/dev/null || echo "kubectl already available"
chmod +x /usr/local/bin/kubectl 2>/dev/null || true
# Set up kubeconfig
mkdir -p /root/.kube
cp /etc/kubeconfig/config /root/.kube/config
chmod 600 /root/.kube/config
# Test connectivity
echo "🔍 Testing Kubernetes connectivity..."
kubectl version --client || echo "⚠️ kubectl client test failed"
kubectl cluster-info || echo "⚠️ cluster connectivity test failed, but continuing..."
# Start the webhook handler
echo "🚀 Starting Flask application..."
cd /app
exec python webhook-handler.py
volumeMounts:
- name: webhook-handler-script
mountPath: /app/webhook-handler.py
subPath: webhook-handler.py
- name: manifests
mountPath: /app/manifests
- name: docker-socket
mountPath: /var/run/docker.sock
- name: kubeconfig
mountPath: /etc/kubeconfig
- name: shared-tools
mountPath: /shared
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
volumes:
- name: webhook-handler-script
configMap:
name: webhook-handler-script
defaultMode: 0755
- name: manifests
hostPath:
path: /home/administrator/k8s-game-2048/manifests
type: Directory
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
- name: kubeconfig
secret:
secretName: webhook-kubeconfig
defaultMode: 0600
- name: shared-tools
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: webhook-handler
namespace: webhook-system
labels:
app: webhook-handler
spec:
selector:
app: webhook-handler
ports:
- name: http
port: 80
targetPort: 8080
protocol: TCP
type: ClusterIP
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: webhook-handler
namespace: webhook-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: webhook-handler
rules:
- apiGroups: [""]
resources: ["namespaces", "secrets", "configmaps", "services"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
- apiGroups: ["apps"]
resources: ["deployments", "replicasets"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
- apiGroups: ["serving.knative.dev"]
resources: ["services", "revisions"]
verbs: ["get", "list", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["events", "pods"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: webhook-handler
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: webhook-handler
subjects:
- kind: ServiceAccount
name: webhook-handler
namespace: webhook-system
Reference in New Issue View Git Blame Copy Permalink