TeamPass deployment

$ kubectl create ns teampass-system
namespace/teampass-system created

pvc-teampass.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: teampass
  namespace: teampass-system
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: nfs-client
  resources:
    requests:
      storage: 4Gi

$ kubectl apply -f pvc-teampass.yaml
persistentvolumeclaim/teampass created

$ kubectl get pvc -n teampass-system
NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
teampass   Bound    pvc-8edc83c7-1ee1-4e5f-88db-3986f69d4a91   4Gi        RWO            nfs-client     52s

$ cat secret-db.yaml
apiVersion: v1
kind: Secret
metadata:
  name: db-secrets
  namespace: teampass-system
data:
  MYSQL_PASSWORD: WlBmemptd3FaN0xY
  MYSQL_ROOT_PASSWORD: WlBmemptd3FaN0xY

$ kubectl apply -f secret-db.yaml
secret/db-secrets created

db-teampass.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: db-teampass
  name: db-teampass
  namespace: teampass-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: db-teampass
  strategy: {}
  template:
    metadata:
      labels:
        app: db-teampass
    spec:
      securityContext:
        fsGroup: 1001
        runAsUser: 1001
      containers:
        - env:
            - name: MYSQL_DATABASE
              value: teampass
            - name: MYSQL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: db-secrets
                  key: MYSQL_PASSWORD
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: db-secrets
                  key: MYSQL_ROOT_PASSWORD
            - name: MYSQL_USER
              value: teampass
          image: hub.juntotelecom.com.br/library/mariadb:10.5
          imagePullPolicy: IfNotPresent
          name: db-teampass
          resources: {}
          volumeMounts:
            - mountPath: /var/lib/mysql
              name: db-teampass
      volumes:
        - name: db-teampass
          persistentVolumeClaim:
            claimName: teampass

$ kubectl get pods -n teampass-system -o wide
NAME                           READY   STATUS    RESTARTS   AGE   IP               NODE                                 NOMINATED NODE   READINESS GATES
db-teampass-5cff5b5985-qqznl   1/1     Running   0          38s   10.244.213.160   kube-worker-02.juntotelecom.com.br   <none>           <none>

$ kubectl describe pod db-teampass-5cff5b5985-qqznl -n teampass-system
Name:         db-teampass-5cff5b5985-qqznl
Namespace:    teampass-system
Priority:     0
Node:         kube-worker-02.juntotelecom.com.br/172.28.128.100
Start Time:   Thu, 19 May 2022 18:30:47 -0300
Labels:       app=db-teampass
              pod-template-hash=5cff5b5985
Annotations:  cni.projectcalico.org/containerID: a37ba8ffb4ec37b2b36bf8100cc043dd5e674c184e90eea3897057455cff9278
              cni.projectcalico.org/podIP: 10.244.213.160/32
              cni.projectcalico.org/podIPs: 10.244.213.160/32,fd00::e:1334:c75d:e2cb:7edf/128
Status:       Running
IP:           10.244.213.160
IPs:
  IP:           10.244.213.160
  IP:           fd00::e:1334:c75d:e2cb:7edf
Controlled By:  ReplicaSet/db-teampass-5cff5b5985
Containers:
  db-teampass:
    Container ID:   cri-o://62669318c48e1f3037456d49256de39255bd4d8325d0e1e3392fa0fd1ec144e1
    Image:          hub.juntotelecom.com.br/library/mariadb:10.5
    Image ID:       hub.juntotelecom.com.br/library/mariadb@sha256:bca4e8ecce022e54a3c7439287e92fcda1e7e0f1e0e9a7134318636b0063fbf2
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Thu, 19 May 2022 18:31:09 -0300
    Ready:          True
    Restart Count:  0
    Environment:
      MYSQL_DATABASE:       teampass
      MYSQL_PASSWORD:       <set to the key 'MYSQL_PASSWORD' in secret 'db-secrets'>       Optional: false
      MYSQL_ROOT_PASSWORD:  <set to the key 'MYSQL_ROOT_PASSWORD' in secret 'db-secrets'>  Optional: false
      MYSQL_USER:           teampass
    Mounts:
      /var/lib/mysql from db-teampass (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-bt56s (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  db-teampass:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  teampass
    ReadOnly:   false
  kube-api-access-bt56s:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  82s   default-scheduler  Successfully assigned teampass-system/db-teampass-5cff5b5985-qqznl to kube-worker-02.juntotelecom.com.br
  Normal  Pulling    81s   kubelet            Pulling image "hub.juntotelecom.com.br/library/mariadb:10.5"
  Normal  Pulled     60s   kubelet            Successfully pulled image "hub.juntotelecom.com.br/library/mariadb:10.5" in 21.334057491s
  Normal  Created    60s   kubelet            Created container db-teampass
  Normal  Started    60s   kubelet            Started container db-teampass

db-service.yaml

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: db-teampass
  name: db-teampass
  namespace: teampass-system
spec:
  ipFamilies:
  - IPv4
  - IPv6
  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "3306"
      port: 3306
      targetPort: 3306
  selector:
    app: db-teampass
  type: ClusterIP

$ kubectl apply -f db-service.yaml
service/db-teampass created

$ kubectl describe service db-teampass -n teampass-system
Name:              db-teampass
Namespace:         teampass-system
Labels:            app=db-teampass
Annotations:       <none>
Selector:          app=db-teampass
Type:              ClusterIP
IP Family Policy:  PreferDualStack
IP Families:       IPv4,IPv6
IP:                10.96.197.88
IPs:               10.96.197.88,fd00:0:0:100::4baf
Port:              3306  3306/TCP
TargetPort:        3306/TCP
Endpoints:         10.244.213.160:3306
Session Affinity:  None
Events:            <none>

pvc-html.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: teampass-html
  namespace: teampass-system
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: nfs-client
  resources:
    requests:
      storage: 1Gi

$ kubectl apply -f pvc-html.yaml
persistentvolumeclaim/teampass-html created

teampass-deploy.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: teampass
  name: teampass
  namespace: teampass-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: teampass
  strategy: {}
  template:
    metadata:
      labels:
        app: teampass
    spec:
      containers:
        - image: hub.juntotelecom.com.br/library/teampass_teampass-web
          name: teampass
          ports:
            - containerPort: 80
            - containerPort: 443
          volumeMounts:
            - mountPath: /var/www/html
              name: teampass-html
      restartPolicy: Always
      securityContext:
        fsGroup: 1001
        runAsUser: 1001
      volumes:
        - name: teampass-html
          persistentVolumeClaim:
            claimName: teampass-html

$ kubectl apply -f teampass-deploy.yaml
deployment.apps/teampass created

$ kubectl get pods -n teampass-system -o wide
NAME                           READY   STATUS    RESTARTS   AGE   IP               NODE                                 NOMINATED NODE   READINESS GATES
db-teampass-5cff5b5985-qqznl   1/1     Running   0          18m   10.244.213.160   kube-worker-02.juntotelecom.com.br   <none>           <none>
teampass-64778bb6c9-lwg4q      1/1     Running   0          61s   10.244.213.161   kube-worker-02.juntotelecom.com.br   <none>           <none>

$ kubectl describe pod teampass-64778bb6c9-lwg4q -n teampass-system
Name:         teampass-64778bb6c9-lwg4q
Namespace:    teampass-system
Priority:     0
Node:         kube-worker-02.juntotelecom.com.br/172.28.128.100
Start Time:   Thu, 19 May 2022 18:48:38 -0300
Labels:       app=teampass
              pod-template-hash=64778bb6c9
Annotations:  cni.projectcalico.org/containerID: cf8fcce01aa26a43b91c5eed4af553108aabc9021c9d780fad7d8bd53735f6c9
              cni.projectcalico.org/podIP: 10.244.213.161/32
              cni.projectcalico.org/podIPs: 10.244.213.161/32,fd00::e:1334:c75d:e2cb:7ee0/128
Status:       Running
IP:           10.244.213.161
IPs:
  IP:           10.244.213.161
  IP:           fd00::e:1334:c75d:e2cb:7ee0
Controlled By:  ReplicaSet/teampass-64778bb6c9
Containers:
  teampass:
    Container ID:   cri-o://23c720a8d6e93b61e2289e54825974b02ba23159164ae30962602bdb4bd328b3
    Image:          hub.juntotelecom.com.br/library/teampass_teampass-web
    Image ID:       hub.juntotelecom.com.br/library/teampass_teampass-web@sha256:fc89c9b5d7fecfd1807f33ab647d7fc3eca92931125f55ca4e3fb0f89d30f4e5
    Ports:          80/TCP, 443/TCP
    Host Ports:     0/TCP, 0/TCP
    State:          Running
      Started:      Thu, 19 May 2022 18:50:17 -0300
    Last State:     Terminated
      Reason:       Error
      Exit Code:    2
      Started:      Thu, 19 May 2022 18:49:15 -0300
      Finished:     Thu, 19 May 2022 18:50:16 -0300
    Ready:          True
    Restart Count:  1
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-kgg69 (ro)
      /var/www/html from teampass-html (rw)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  teampass-html:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  teampass-html
    ReadOnly:   false
  kube-api-access-kgg69:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age                From               Message
  ----    ------     ----               ----               -------
  Normal  Scheduled  101s               default-scheduler  Successfully assigned teampass-system/teampass-64778bb6c9-lwg4q to kube-worker-02.juntotelecom.com.br
  Normal  Pulled     64s                kubelet            Successfully pulled image "hub.juntotelecom.com.br/library/teampass_teampass-web" in 36.141823893s
  Normal  Pulling    2s (x2 over 100s)  kubelet            Pulling image "hub.juntotelecom.com.br/library/teampass_teampass-web"
  Normal  Created    2s (x2 over 64s)   kubelet            Created container teampass
  Normal  Started    2s (x2 over 64s)   kubelet            Started container teampass
  Normal  Pulled     2s                 kubelet            Successfully pulled image "hub.juntotelecom.com.br/library/teampass_teampass-web" in 352.032935ms

service-teampass.yaml

apiVersion: v1
kind: Service
metadata:
  annotations:
  labels:
    app: teampaass
  name: teampass
  namespace: teampass-system
spec:
  ipFamilies:
  - IPv4
  - IPv6
  ipFamilyPolicy: PreferDualStack
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  - name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app: teampass
  type: ClusterIP

$ kubectl apply -f service-teampass.yaml
service/teampass created

$ kubectl get service -n teampass-system
NAME          TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
db-teampass   ClusterIP   10.96.197.88   <none>        3306/TCP         20m
teampass      ClusterIP   10.96.1.44     <none>        80/TCP,443/TCP   60s