Jarvis: A home automation ChatOps bot (+ Azure & Kubernetes)
azure
linux
🚧 Under Construction: Please check back soon for more words and less whitespace in this post!
joshspicer/jarvis:rollout.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: jarvis
spec:
replicas: 1
selector:
matchLabels:
app: jarvis
template:
metadata:
labels:
app: jarvis
spec:
nodeSelector:
"kubernetes.io/os": linux
containers:
- name: jarvis
image: jarvisdevacr.azurecr.io/jarvis:1.0.0
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 250m
memory: 256Mi
ports:
- containerPort: 80
volumeMounts:
- name: secrets-store01-inline
mountPath: "/mnt/secrets-store"
readOnly: true
env:
- name: PORT
value: "80"
- name: TELEGRAM_BOT_TOKEN
valueFrom:
secretKeyRef:
name: env-secrets
key: TelegramBotToken
- name: VALID_TELEGRAM_SENDERS
valueFrom:
secretKeyRef:
name: env-secrets
key: ValidTelegramSenders
- name: VALID_TELEGRAM_GROUPS
valueFrom:
secretKeyRef:
name: env-secrets
key: ValidTelegramGroups
volumes:
- name: secrets-store01-inline
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: "azure-jarviskv-secrets"
---
apiVersion: v1
kind: Service
metadata:
name: jarvis
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: jarvis
---
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: azure-jarviskv-secrets
spec:
provider: azure
parameters:
usePodIdentity: "false"
useVMManagedIdentity: "true" # Set to true for using managed identity
userAssignedIdentityID: dc34b44c-5ea3-40d3-8820-69945bc5ccde # Set the clientID of the user-assigned managed identity to use
keyvaultName: jarviskv # Set to the name of your key vault
objects: |
array:
- |
objectName: TelegramBotToken
objectType: secret
- |
objectName: ValidTelegramSenders
objectType: secret
- |
objectName: ValidTelegramGroups
objectType: secret
tenantId: 0ad1a6ca-bf0b-4eea-b39d-a0a369403977 # The tenant ID of the key vault
secretObjects:
- data:
- key: TelegramBotToken # data field to populate
objectName: TelegramBotToken # name of the mounted content to sync; this could be the object name or the object alias
- key: ValidTelegramSenders
objectName: ValidTelegramSenders
- key: ValidTelegramGroups
objectName: ValidTelegramGroups
secretName: env-secrets
type: Opaque
Resources
Found a mistake or typo in this post?
Suggest edit
Questions/Comments? Let me know
This post helpful? Buy me a coffee!
Questions/Comments? Let me know
This post helpful? Buy me a coffee!