--- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/instance: recipe-importer app.kubernetes.io/name: recipe-importer name: recipe-importer namespace: tandoor-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/instance: recipe-importer app.kubernetes.io/name: recipe-importer strategy: type: Recreate template: metadata: labels: app.kubernetes.io/instance: recipe-importer app.kubernetes.io/name: recipe-importer spec: containers: - name: recipe-importer image: gitea.dooplex.hu/admin/recipe-importer:latest imagePullPolicy: Always env: - name: TZ value: Europe/Budapest - name: SECRET_KEY valueFrom: secretKeyRef: name: recipe-importer-app key: secret-key - name: TANDOOR_INTERNAL_URL value: http://tandoor.tandoor-system.svc.cluster.local:8080 - name: TANDOOR_URL value: https://tandoor.dooplex.hu - name: TANDOOR_API_KEY valueFrom: secretKeyRef: name: recipe-importer-app key: tandoor-api-key - name: MEALIE_URL value: https://mealie.dooplex.hu - name: MEALIE_API_KEY valueFrom: secretKeyRef: name: recipe-importer-app key: mealie-api-key ports: - containerPort: 8000 name: http protocol: TCP livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 15 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /health port: http initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 resources: limits: cpu: 500m memory: 256Mi requests: cpu: 50m memory: 64Mi volumeMounts: - name: data mountPath: /data volumes: - name: data persistentVolumeClaim: claimName: recipe-importer-data --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/instance: recipe-importer app.kubernetes.io/name: recipe-importer name: recipe-importer namespace: tandoor-system spec: type: ClusterIP ports: - name: http port: 8000 protocol: TCP targetPort: http selector: app.kubernetes.io/instance: recipe-importer app.kubernetes.io/name: recipe-importer --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod external-dns.alpha.kubernetes.io/hostname: rimp.dooplex.hu nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/configuration-snippet: | set $geo_allowed 0; if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } if ($geoip2_country_code = "HU") { set $geo_allowed 1; } if ($geo_allowed = 0) { return 403 "Access restricted to Hungary"; } labels: app.kubernetes.io/instance: recipe-importer app.kubernetes.io/name: recipe-importer name: recipe-importer namespace: tandoor-system spec: ingressClassName: nginx-internal rules: - host: rimp.dooplex.hu http: paths: - backend: service: name: recipe-importer port: number: 8000 path: / pathType: Prefix tls: - hosts: - rimp.dooplex.hu secretName: recipe-importer-tls --- apiVersion: v1 kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/instance: recipe-importer app.kubernetes.io/name: recipe-importer name: recipe-importer-data namespace: tandoor-system spec: accessModes: - ReadWriteOnce resources: requests: storage: 128Mi storageClassName: longhorn