# FlowerCore SignalControl — Signal sequencing and relay coordination --- apiVersion: v1 kind: Namespace metadata: name: fc-signalcontrol labels: app.kubernetes.io/part-of: bluejay-infra --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: signalcontrol-data namespace: fc-signalcontrol labels: app.kubernetes.io/name: signalcontrol-web app.kubernetes.io/part-of: flowercore spec: accessModes: - ReadWriteOnce storageClassName: longhorn resources: requests: storage: 1Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: signalcontrol-web namespace: fc-signalcontrol labels: app.kubernetes.io/name: signalcontrol-web app.kubernetes.io/part-of: flowercore spec: replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: signalcontrol-web template: metadata: labels: app.kubernetes.io/name: signalcontrol-web app.kubernetes.io/part-of: flowercore spec: containers: - name: signalcontrol-web image: localhost/fc-signalcontrol-web:s50cx12-20260602-1d26c58 imagePullPolicy: Never ports: - containerPort: 5000 name: http env: - name: ASPNETCORE_ENVIRONMENT value: Production - name: ASPNETCORE_URLS value: "http://+:5000" - name: ConnectionStrings__Default value: Data Source=/data/signalcontrol.db - name: Logging__LogLevel__Default value: Information - name: Auth__ApiKey valueFrom: secretKeyRef: name: signalcontrol-auth key: Auth__ApiKey - name: Auth__AdminApiKey valueFrom: secretKeyRef: name: signalcontrol-auth key: Auth__AdminApiKey optional: true - name: Auth__Enabled value: "false" - name: FlowerCore__Auth__Enabled value: "false" - name: FlowerCore__Auth__Oidc__Enabled value: "true" - name: FlowerCore__Auth__Oidc__Authority valueFrom: secretKeyRef: name: signalcontrol-oidc-client key: issuer_url optional: true - name: FlowerCore__Auth__Oidc__ClientId valueFrom: secretKeyRef: name: signalcontrol-oidc-client key: client_id optional: true - name: FlowerCore__Auth__Oidc__ClientSecret valueFrom: secretKeyRef: name: signalcontrol-oidc-client key: client_secret optional: true - name: TrafficSignal__RelayBridge__Enabled value: "true" - name: TrafficSignal__RelayBridge__BaseUrl value: https://pirelay.iamworkin.lan - name: TrafficSignal__RelayBridge__ApiKey valueFrom: secretKeyRef: name: signalcontrol-pirelay key: ApiKey optional: true - name: LiveStatus__TrafficSignal__BaseAddress value: https://signalcontrol.iamworkin.lan volumeMounts: - name: data mountPath: /data resources: requests: memory: "128Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" livenessProbe: tcpSocket: port: http initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 5 readinessProbe: tcpSocket: port: http initialDelaySeconds: 10 periodSeconds: 10 failureThreshold: 6 timeoutSeconds: 5 securityContext: fsGroup: 4200 fsGroupChangePolicy: OnRootMismatch volumes: - name: data persistentVolumeClaim: claimName: signalcontrol-data --- apiVersion: v1 kind: Service metadata: name: signalcontrol-web namespace: fc-signalcontrol labels: app.kubernetes.io/name: signalcontrol-web app.kubernetes.io/part-of: flowercore spec: selector: app.kubernetes.io/name: signalcontrol-web ports: - port: 80 targetPort: http name: http --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: signalcontrol-web-tls namespace: fc-signalcontrol spec: secretName: signalcontrol-web-tls issuerRef: name: step-ca-acme kind: ClusterIssuer dnsNames: - signalcontrol.iamworkin.lan --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: signalcontrol-web namespace: fc-signalcontrol spec: entryPoints: - websecure routes: - match: Host(`signalcontrol.iamworkin.lan`) kind: Rule services: - name: signalcontrol-web port: 80 tls: secretName: signalcontrol-web-tls