apiVersion: gateway.networking.k8s.io/v1beta1 kind: ReferenceGrant metadata: name: allow-kube-system-to-default namespace: default spec: from: - group: gateway.networking.k8s.io kind: HTTPRoute namespace: kube-system to: - group: "" kind: Service --- apiVersion: v1 kind: ServiceAccount metadata: name: txt2md-sa namespace: default annotations: iam.gke.io/gcp-service-account: "txt2md-app-gsa@project-84ddd43d-e408-4cb9-8cb.iam.gserviceaccount.com" --- apiVersion: external-secrets.io/v1beta1 kind: SecretStore metadata: name: gcp-store namespace: default spec: provider: gcpsm: projectID: project-84ddd43d-e408-4cb9-8cb --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: txt2md-api-key namespace: default spec: refreshInterval: 1h secretStoreRef: name: gcp-store kind: SecretStore target: name: txt2md-secrets # This matches the Secret name expected by the Deployment creationPolicy: Owner data: - secretKey: ai-api-key remoteRef: key: gemini-api-key - secretKey: flask-secret-key remoteRef: key: flask-secret-key --- apiVersion: apps/v1 kind: Deployment metadata: name: txt2md labels: app: txt2md spec: replicas: 2 selector: matchLabels: app: txt2md template: metadata: labels: app: txt2md spec: serviceAccountName: txt2md-sa containers: - name: txt2md image: europe-west3-docker.pkg.dev/project-84ddd43d-e408-4cb9-8cb/txt2md-repo/txt2md:latest ports: - containerPort: 5000 env: - name: AI_API_KEY valueFrom: secretKeyRef: name: txt2md-secrets key: ai-api-key - name: FLASK_SECRET_KEY valueFrom: secretKeyRef: name: txt2md-secrets key: flask-secret-key --- apiVersion: v1 kind: Service metadata: name: txt2md spec: selector: app: txt2md ports: - name: http protocol: TCP port: 80 targetPort: 5000 type: ClusterIP --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: txt2md-monitor namespace: default labels: release: monitoring # Matches the Prometheus operator selector spec: selector: matchLabels: app: txt2md endpoints: - port: http interval: 30s path: /metrics