docker build --platform linux/amd64 -t scriptheads-cryptopro .
docker tag scriptheads-cryptopro:latest cr.yandex/crptshuuct3ne1mn7rg1/scriptheads-cryptopro:v3
docker push cr.yandex/crptshuuct3ne1mn7rg1/scriptheads-cryptopro:v3apiVersion: v1
kind: ConfigMap
metadata:
name: cryptopro-key
namespace: default
data:
BASE64ZIPKEYS: "put base64 zip file here"Zip должен быть закодирован в base64 и содержать 1 папку с именем ключа и набором файлов:
2500.000
├── header.key
├── masks.key
├── masks2.key
├── name.key
├── primary.key
└── primary2.key
apiVersion: apps/v1
kind: Deployment
metadata:
name: cryptopro
namespace: default
labels:
app: cryptopro
spec:
selector:
matchLabels:
app: cryptopro
replicas: 1
template:
metadata:
labels:
app: cryptopro
spec:
containers:
- name: cryptopro
image: cr.yandex/crptshuuct3ne1mn7rg1/cryptopro
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /docs#
port: 80
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 2
successThreshold: 1
livenessProbe:
httpGet:
path: /docs#
port: 80
initialDelaySeconds: 15
timeoutSeconds: 1
periodSeconds: 3
failureThreshold: 5
successThreshold: 1
imagePullPolicy: Always
command:
- /bin/bash
- -c
- |
echo $BASE64ZIPKEYS | base64 -d | /scripts/keys &
poetry run uvicorn main:app --host 0.0.0.0 --port 80 --no-access-log
envFrom:
- configMapRef:
name: cryptopro-keyapiVersion: v1
kind: Service
metadata:
name: cryptopro
namespace: default
spec:
selector:
app: cryptopro
ports:
- port: 80
targetPort: 80Укажите свой домен (для работы SSL нужен cert-manager.io)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cryptopro
namespace: default
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
spec:
tls:
- hosts:
- "sign.scriptheads.io"
secretName: sign-tls
rules:
- host: sign.scriptheads.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: cryptopro
port:
number: 80