--- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: devpi namespace: homelab spec: storageClassName: longhorn accessModes: - ReadWriteMany resources: requests: storage: 128Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: devpi namespace: homelab spec: replicas: 3 selector: matchLabels: app: devpi template: metadata: labels: app: devpi spec: nodeSelector: nodepool: worker topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: app: devpi affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - devpi topologyKey: "kubernetes.io/hostname" containers: - name: devpi image: jonasal/devpi-server:latest env: - name: DEVPI_PASSWORD valueFrom: secretKeyRef: name: devpi-secret key: password ports: - containerPort: 3141 volumeMounts: - name: data mountPath: /devpi volumes: - name: data persistentVolumeClaim: claimName: devpi --- apiVersion: v1 kind: Service metadata: name: devpi namespace: homelab spec: selector: app: devpi ports: - port: 3141 targetPort: 3141 protocol: TCP type: ClusterIP --- apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: devpi namespace: homelab spec: ipAllowList: sourceRange: - "127.0.0.1/32" - "10.43.0.0/16" rateLimit: average: 10 burst: 50 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: devpi namespace: homelab annotations: nginx.ingress.kubernetes.io/proxy-body-size: "0" cert-manager.io/cluster-issuer: "cloudflare-issuer" cert-manager.io/acme-challenge-type: "dns01" cert-manager.io/private-key-size: "4096" # Traefik Middleware traefik.io/router.middlewares: "devpi@kubernetescrd" spec: ingressClassName: traefik tls: - hosts: - pip.dogar.dev secretName: devpi-tls rules: - host: pip.dogar.dev http: paths: - path: / pathType: Prefix backend: service: name: devpi port: number: 3141