terraform-libvirt-talos/example-spin.yml

---
# see https://kubernetes.io/docs/concepts/services-networking/ingress/
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#ingress-v1-networking-k8s-io
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-spin
spec:
  rules:
    - host: example-spin.example.test
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: example-spin
                port:
                  name: web
---
# see https://kubernetes.io/docs/concepts/services-networking/service/#type-clusterip
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#service-v1-core
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#serviceport-v1-core
apiVersion: v1
kind: Service
metadata:
  name: example-spin
spec:
  type: ClusterIP
  selector:
    app: example-spin
  ports:
    - name: web
      port: 80
      protocol: TCP
      targetPort: web
---
# see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#deployment-v1-apps
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#podtemplatespec-v1-core
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#container-v1-core
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#probe-v1-core
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#httpgetaction-v1-core
apiVersion: apps/v1
kind: Deployment
metadata:
  name: example-spin
spec:
  replicas: 1
  selector:
    matchLabels:
      app: example-spin
  template:
    metadata:
      labels:
        app: example-spin
    spec:
      runtimeClassName: wasmtime-spin-v2
      enableServiceLinks: false
      containers:
        - name: example
          # see https://github.com/rgl/spin-http-rust-example
          # see https://github.com/rgl/spin-http-rust-example/pkgs/container/spin-http-rust-example
          image: ghcr.io/rgl/spin-http-rust-example:0.3.1
          ports:
            - name: web
              containerPort: 8080
          env:
            - name: SPIN_HTTP_LISTEN_ADDR
              value: 0.0.0.0:8080
          readinessProbe:
            httpGet:
              path: /healthz/ready
              port: web
          resources:
            requests:
              memory: 32Mi
              cpu: '0.1'
            limits:
              memory: 32Mi
              cpu: '0.1'
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
               - ALL
            readOnlyRootFilesystem: false
            runAsNonRoot: true
            runAsUser: 65534 # 65534 is the uid of the nobody user.
            runAsGroup: 65534 # 65534 is the gid of the nogroup group.
            seccompProfile:
              type: RuntimeDefault