simplify kubernetes example

opensanctions · Jul 13, 2023 · 327cc7c · 327cc7c
1 parent 282e8a7
commit 327cc7c
Showing 1 changed file with 7 additions and 51 deletions.
diff --git a/kubernetes.example.yml b/kubernetes.example.yml
@@ -1,19 +1,4 @@
 ---
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-prod
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: info@opensanctions.org
-    privateKeySecretRef:
-      name: letsencrypt-prod
-    solvers:
-      - http01:
-          ingress:
-            class: nginx
----
 apiVersion: v1
 kind: Service
 metadata:
@@ -28,37 +13,6 @@ spec:
       targetPort: 8000
       name: http
 ---
-# Supposes you have an ingress, and ideally cert-manager installed on your
-# cluster. You should also consider running the service internally to the
-# cluster without exposing it on an ingress.
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: yente-ingress
-  annotations:
-    # you need to configure letsencrypt for your cluster:
-    # cert-manager.io/cluster-issuer: letsencrypt-prod
-    acme.cert-manager.io/http01-edit-in-place: "true"
-  labels:
-    app: opensanctions
-spec:
-  ingressClassName: nginx
-  tls:
-    - hosts:
-        - api.opensanctions.org
-      secretName: tls-api.opensanctions.org
-  rules:
-    - host: api.opensanctions.org
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: yente
-                port:
-                  number: 8000
----
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -67,7 +21,7 @@ data:
   manifest.yml: |
     catalogs:
       - url: "https://data.opensanctions.org/datasets/latest/index.json"
-        scope: all
+        scope: default
         resource_name: entities.ftm.json
       # - url: "https://data.opensanctions.org/graph/catalog.json"
       #   resource_name: entities.ftm.json
@@ -107,10 +61,10 @@ spec:
               name: http
           resources:
             requests:
-              memory: 300Mi
+              memory: 600Mi
               cpu: 200m
             limits:
-              memory: 300Mi
+              memory: 600Mi
               cpu: 200m
           securityContext:
             readOnlyRootFilesystem: true
@@ -122,6 +76,8 @@ spec:
             - mountPath: /tmp
               name: tmp-volume
           env:
+            - name: YENTE_PORT
+              value: 8000
             - name: YENTE_TITLE
               value: "OpenSanctions API"
             - name: YENTE_LOG_JSON
@@ -205,10 +161,10 @@ spec:
                 - reindex
               resources:
                 requests:
-                  memory: 300M
+                  memory: 600M
                   cpu: 400m
                 limits:
-                  memory: 300M
+                  memory: 600M
                   cpu: 400m
               securityContext:
                 readOnlyRootFilesystem: true