mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-21 23:23:57 +02:00
3257f316b5
Updated the workflow to push container images to GitHub Container Registry instead of Docker Hub. Added a login step for GHCR and updated image tagging and pushing commands accordingly. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
89 lines
2.2 KiB
YAML
89 lines
2.2 KiB
YAML
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
annotations:
|
|
kompose.cmd: kompose convert
|
|
labels:
|
|
io.kompose.network/teepot-default: "true"
|
|
io.kompose.service: vault-1
|
|
app: vault
|
|
name: vault-1
|
|
namespace: default
|
|
spec:
|
|
tolerations:
|
|
- key: sgx.intel.com/provision
|
|
operator: Exists
|
|
effect: NoSchedule
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- topologyKey: kubernetes.io/hostname
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- vault
|
|
imagePullSecrets:
|
|
- name: docker-regcred
|
|
containers:
|
|
- image: ghcr.io/matter-labs/teepot-vault-sgx-azure:latest
|
|
name: vault
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: VAULT_API_ADDR
|
|
value: "https://vault-1:8210"
|
|
- name: VAULT_CLUSTER_ADDR
|
|
value: "https://vault-1:8211"
|
|
- name: VAULT_RAFT_NODE_ID
|
|
value: "vault-1"
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- curl
|
|
- -k
|
|
- https://localhost:8210/v1/sys/health
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
ports:
|
|
- containerPort: 8210
|
|
hostPort: 8210
|
|
protocol: TCP
|
|
- containerPort: 8211
|
|
hostPort: 8211
|
|
protocol: TCP
|
|
resources:
|
|
limits:
|
|
sgx.intel.com/epc: "10Mi"
|
|
requests:
|
|
sgx.intel.com/epc: "10Mi"
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- mountPath: /opt/vault/data
|
|
name: data-1
|
|
- image: ghcr.io/matter-labs/teepot-vault-unseal-sgx-azure:latest
|
|
name: vault-unseal
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: VAULT_ADDR
|
|
value: "https://vault-1:8210"
|
|
- name: ALLOWED_TCB_LEVELS
|
|
value: "SwHardeningNeeded"
|
|
ports:
|
|
- containerPort: 8443
|
|
hostPort: 8443
|
|
protocol: TCP
|
|
resources:
|
|
limits:
|
|
sgx.intel.com/epc: "10Mi"
|
|
requests:
|
|
sgx.intel.com/epc: "10Mi"
|
|
securityContext:
|
|
privileged: true
|
|
restartPolicy: Never
|
|
volumes:
|
|
- name: data-1
|
|
persistentVolumeClaim:
|
|
claimName: data-1
|
|
status: { }
|