--- # NOTE: Images must be built and loaded onto nodes before applying. # Run: /home/dan/homelab/services/device-inventory/build-and-load.sh # # Images required: # inventory-server:latest → kube-node-2 # inventory-web-ui:latest → kube-node-2 # inventory-cli:latest → kube-node-2, kube-node-3 # # nfs-general StorageClass is cluster-wide — no extra Helm release needed. --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: device-inventory-db-pvc namespace: infrastructure spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: nfs-general --- apiVersion: apps/v1 kind: Deployment metadata: name: inventory-server namespace: infrastructure spec: replicas: 1 selector: matchLabels: app: inventory-server strategy: type: Recreate template: metadata: labels: app: inventory-server spec: containers: - name: inventory-server image: inventory-server:latest imagePullPolicy: Never ports: - containerPort: 9876 name: tcp resources: limits: cpu: 200m memory: 128Mi requests: cpu: 25m memory: 32Mi livenessProbe: tcpSocket: port: 9876 initialDelaySeconds: 10 periodSeconds: 20 failureThreshold: 5 readinessProbe: tcpSocket: port: 9876 initialDelaySeconds: 5 periodSeconds: 10 failureThreshold: 3 volumeMounts: - mountPath: /var/lib/inventory name: db-storage volumes: - name: db-storage persistentVolumeClaim: claimName: device-inventory-db-pvc --- apiVersion: v1 kind: Service metadata: name: inventory-server namespace: infrastructure spec: selector: app: inventory-server ports: - name: tcp port: 9876 targetPort: 9876 nodePort: 30987 type: NodePort --- apiVersion: apps/v1 kind: Deployment metadata: name: inventory-web-ui namespace: infrastructure spec: replicas: 1 selector: matchLabels: app: inventory-web-ui template: metadata: labels: app: inventory-web-ui spec: containers: - name: inventory-web-ui image: inventory-web-ui:latest imagePullPolicy: Never env: - name: INVENTORY_HOST value: inventory-server.infrastructure.svc.cluster.local - name: INVENTORY_PORT value: "9876" - name: PORT value: "8080" ports: - containerPort: 8080 name: http resources: limits: cpu: 100m memory: 64Mi requests: cpu: 10m memory: 32Mi livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 5 periodSeconds: 20 failureThreshold: 3 readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 3 periodSeconds: 10 failureThreshold: 3 --- apiVersion: v1 kind: Service metadata: name: inventory-web-ui namespace: infrastructure spec: selector: app: inventory-web-ui ports: - name: http port: 80 targetPort: 8080 type: ClusterIP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: inventory-web-ui namespace: infrastructure annotations: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/auth-url: "https://auth.vandachevici.ro/outpost.goauthentik.io/auth/nginx" nginx.ingress.kubernetes.io/auth-signin: "https://auth.vandachevici.ro/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri" nginx.ingress.kubernetes.io/auth-response-headers: >- Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid spec: ingressClassName: nginx rules: - host: device-inventory.vandachevici.ro http: paths: - path: / pathType: Prefix backend: service: name: inventory-web-ui port: number: 80 tls: - hosts: - device-inventory.vandachevici.ro secretName: device-inventory-tls