diff --git a/Comunes/buscaNodeport.sh b/Comunes/buscaNodeport.sh new file mode 100644 index 00000000..4a04cceb --- /dev/null +++ b/Comunes/buscaNodeport.sh @@ -0,0 +1 @@ +kubectl get svc -A |grep -i nodeport | cut -c100-|cut -f2 -d:|cut -c1-5| sort diff --git a/HelmCharts/airsonic-advanced-chart/.helmignore b/HelmCharts/airsonic-advanced-chart/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/HelmCharts/airsonic-advanced-chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/HelmCharts/airsonic-advanced-chart/Chart.yaml b/HelmCharts/airsonic-advanced-chart/Chart.yaml new file mode 100644 index 00000000..dfa3d982 --- /dev/null +++ b/HelmCharts/airsonic-advanced-chart/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: airsonic-advanced-chart +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/HelmCharts/airsonic-advanced-chart/templates/airsonic-advanced-deployment.yaml b/HelmCharts/airsonic-advanced-chart/templates/airsonic-advanced-deployment.yaml new file mode 100644 index 00000000..545c093d --- /dev/null +++ b/HelmCharts/airsonic-advanced-chart/templates/airsonic-advanced-deployment.yaml @@ -0,0 +1,78 @@ +apiVersion: v1 +kind: Service +metadata: + name: airsonic-advanced + namespace: airsonic-advanced +spec: + type: NodePort + ports: + - name: http + #port: 4040 + port: 80 + nodePort: 30781 + targetPort: air-adv-http + selector: + app: airsonic-advanced +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: airsonic-advanced-pv-claim + namespace: airsonic-advanced + labels: + app: airsonic-advanced +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 2Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: airsonic-advanced + namespace: airsonic-advanced + labels: + app: airsonic-advanced +spec: + selector: + matchLabels: + app: airsonic-advanced + tier: frontend + strategy: + type: Recreate + template: + metadata: + labels: + app: airsonic-advanced + tier: frontend + spec: + containers: + - image: sentriz/gonic:latest + name: airsonic-advanced + #image: airsonicadvanced/airsonic-advanced + #image: docker-registry:32000/airsonic:1.0 + ports: + - containerPort: 80 + name: "air-adv-http" + volumeMounts: + - name: airsonic-advanced-www-folder + #mountPath: /var/airsonic + mountPath: /data + - name: airsonic-advanced-www-folder + #mountPath: /var/music + mountPath: /music + - name: airsonic-advanced-www-folder + #mountPath: /var/playlists + mountPath: /cache + - name: airsonic-advanced-www-folder + #mountPath: /var/podcasts + mountPath: /podcasts + imagePullSecrets: + - name: reg-cred-secret + volumes: + - name: airsonic-advanced-www-folder + persistentVolumeClaim: + claimName: airsonic-advanced-pv-claim diff --git a/HelmCharts/airsonic-advanced-chart/templates/registry-secrets.yaml b/HelmCharts/airsonic-advanced-chart/templates/registry-secrets.yaml new file mode 100644 index 00000000..4c2619dd --- /dev/null +++ b/HelmCharts/airsonic-advanced-chart/templates/registry-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXItcmVnaXN0cnk6MzIwMDAiOnsidXNlcm5hbWUiOiJjcmV5bG9wZXoiLCJwYXNzd29yZCI6IlJleS0xMTc2IiwiYXV0aCI6IlkzSmxlV3h2Y0dWNk9sSmxlUzB4TVRjMiJ9fX0= +kind: Secret +metadata: + creationTimestamp: "2023-01-29T10:54:14Z" + name: reg-cred-secret + namespace: airsonic-advanced + resourceVersion: "19890385" + uid: 66b3b7c5-26c1-4e5a-af4e-dc973aaafe4b +type: kubernetes.io/dockerconfigjson diff --git a/HelmCharts/airsonic-advanced-chart/values.yaml b/HelmCharts/airsonic-advanced-chart/values.yaml new file mode 100644 index 00000000..e8474eab --- /dev/null +++ b/HelmCharts/airsonic-advanced-chart/values.yaml @@ -0,0 +1,82 @@ +# Default values for airsonic-advanced-chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/HelmCharts/airsonic-chart/templates/airsonic-deployment.yaml b/HelmCharts/airsonic-chart/templates/airsonic-deployment.yaml index 0e2d12e2..39830433 100644 --- a/HelmCharts/airsonic-chart/templates/airsonic-deployment.yaml +++ b/HelmCharts/airsonic-chart/templates/airsonic-deployment.yaml @@ -16,7 +16,7 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: airsonic-pv-claim + name: airsonic-data-claim namespace: airsonic labels: app: airsonic @@ -28,6 +28,51 @@ spec: requests: storage: 2Gi --- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: airsonic-music-claim + namespace: airsonic + labels: + app: airsonic +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: airsonic-playlists-claim + namespace: airsonic + labels: + app: airsonic +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: airsonic-podcasts-claim + namespace: airsonic + labels: + app: airsonic +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 1Gi +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -59,19 +104,26 @@ spec: - containerPort: 4040 name: "airsonic-http" volumeMounts: - - name: airsonic-www-folder + - name: airsonic-data-folder mountPath: /airsonic/data - - name: airsonic-www-folder + - name: airsonic-music-folder mountPath: /airsonic/music - #- name: airsonic-www-folder - #mountPath: /airsonic/luisa - - name: airsonic-www-folder + - name: airsonic-playlists-folder mountPath: /airsonic/playlists - - name: airsonic-www-folder + - name: airsonic-podcasts-folder mountPath: /airsonic/podcasts imagePullSecrets: - name: reg-cred-secret volumes: - - name: airsonic-www-folder + - name: airsonic-data-folder + persistentVolumeClaim: + claimName: airsonic-data-claim + - name: airsonic-music-folder + persistentVolumeClaim: + claimName: airsonic-music-claim + - name: airsonic-playlists-folder + persistentVolumeClaim: + claimName: airsonic-playlists-claim + - name: airsonic-podcasts-folder persistentVolumeClaim: - claimName: airsonic-pv-claim + claimName: airsonic-podcasts-claim diff --git a/HelmCharts/entra-airsonic.sh b/HelmCharts/entra-airsonic.sh new file mode 100644 index 00000000..a824a540 --- /dev/null +++ b/HelmCharts/entra-airsonic.sh @@ -0,0 +1 @@ +kubectl exec -ti deployment.apps/airsonic -n airsonic -- /bin/bash diff --git a/HelmCharts/entra-asa.sh b/HelmCharts/entra-asa.sh new file mode 100644 index 00000000..bf07f65b --- /dev/null +++ b/HelmCharts/entra-asa.sh @@ -0,0 +1 @@ +kubectl exec -ti deployment.apps/airsonic-advanced -n airsonic-advanced -- /bin/bash diff --git a/HelmCharts/helmAirsonic.sh b/HelmCharts/helmAirsonic.sh index 871d06b2..2bf40bfa 100644 --- a/HelmCharts/helmAirsonic.sh +++ b/HelmCharts/helmAirsonic.sh @@ -3,10 +3,20 @@ if [ "$1" = "i" ] then kubectl apply -f ./preparaAirsonic/as-namespace.yaml - kubectl apply -f ./preparaAirsonic/pv-local-airsonic.yaml + kubectl apply -f ./preparaAirsonic/pv-local-airsonic-data.yaml + kubectl apply -f ./preparaAirsonic/pv-local-airsonic-music.yaml + kubectl apply -f ./preparaAirsonic/pv-local-airsonic-playlists.yaml + kubectl apply -f ./preparaAirsonic/pv-local-airsonic-podcasts.yaml helm install airsonic airsonic-chart/ -else +elif [ "$1" = "u" ] +then helm uninstall airsonic kubectl delete -f ./preparaAirsonic/as-namespace.yaml - kubectl delete -f ./preparaAirsonic/pv-local-airsonic.yaml + kubectl delete -f ./preparaAirsonic/pv-local-airsonic-data.yaml + kubectl delete -f ./preparaAirsonic/pv-local-airsonic-music.yaml + kubectl delete -f ./preparaAirsonic/pv-local-airsonic-playlists.yaml + kubectl delete -f ./preparaAirsonic/pv-local-airsonic-podcasts.yaml +else + echo "Falta comando: i=instalar, u=desinstalar" fi + diff --git a/HelmCharts/helmAirsonicadvanced.sh b/HelmCharts/helmAirsonicadvanced.sh new file mode 100644 index 00000000..49a931da --- /dev/null +++ b/HelmCharts/helmAirsonicadvanced.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +if [ "$1" = "i" ] +then + kubectl apply -f ./preparaAirsonicadvanced/asa-namespace.yaml + kubectl apply -f ./preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml + helm install airsonic-advanced airsonic-advanced-chart/ +elif [ "$1" = "u" ] +then + helm uninstall airsonic-advanced + kubectl delete -f ./preparaAirsonicadvanced/asa-namespace.yaml + kubectl delete -f ./preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml +else + echo "Falta comando: i=instalar, u=desinstalar" +fi + diff --git a/HelmCharts/helmCitas.sh b/HelmCharts/helmCitas.sh new file mode 100644 index 00000000..ddc89601 --- /dev/null +++ b/HelmCharts/helmCitas.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +if [ "$1" = "i" ] +then + kubectl apply -f ./preparaCitas/citas-namespace.yaml + kubectl apply -f ./preparaCitas/pv-local-mysql.yaml + kubectl apply -f ./preparaCitas/pv-local-citas.yaml + helm install wpcitas wpcitas/ +elif [ "$1" = "u" ] +then + helm uninstall wpcitas + kubectl delete -f ./preparaCitas/citas-namespace.yaml + kubectl delete -f ./preparaCitas/pv-local-mysql.yaml + kubectl delete -f ./preparaCitas/pv-local-citas.yaml +else + echo "Falta comando: i=instalar, u=desinstalar" +fi diff --git a/HelmCharts/helmKanboard.sh b/HelmCharts/helmKanboard.sh index 911a56f5..a9082cc0 100644 --- a/HelmCharts/helmKanboard.sh +++ b/HelmCharts/helmKanboard.sh @@ -6,9 +6,12 @@ then kubectl apply -f ./preparaKanboard/pv-local-mysql-kb.yaml kubectl apply -f ./preparaKanboard/pv-local-kanboard.yaml helm install kanboard kanboard-chart/ -else +elif [ "$1" = "u" ] +then helm uninstall kanboard kubectl delete -f ./preparaKanboard/kb-namespace.yaml kubectl delete -f ./preparaKanboard/pv-local-mysql-kb.yaml kubectl delete -f ./preparaKanboard/pv-local-kanboard.yaml +else + echo "Falta comando: i=instalar, u=desinstalar" fi diff --git a/HelmCharts/helmMediawiki.sh b/HelmCharts/helmMediawiki.sh index 0acef34b..c5ba66e5 100644 --- a/HelmCharts/helmMediawiki.sh +++ b/HelmCharts/helmMediawiki.sh @@ -6,9 +6,12 @@ then kubectl apply -f ./preparaMediawiki/pv-local-mysql-mw.yaml kubectl apply -f ./preparaMediawiki/pv-local-mediawiki.yaml helm install mediawiki mediawiki-chart/ -else +elif [ "$1" = "u" ] +then helm uninstall mediawiki kubectl delete -f ./preparaMediawiki/mw-namespace.yaml kubectl delete -f ./preparaMediawiki/pv-local-mysql-mw.yaml kubectl delete -f ./preparaMediawiki/pv-local-mediawiki.yaml +else + echo "Falta comando: i=instalar, u=desinstalar" fi diff --git a/HelmCharts/helmMiweb.sh b/HelmCharts/helmMiweb.sh index ca1f3110..99a9f86d 100644 --- a/HelmCharts/helmMiweb.sh +++ b/HelmCharts/helmMiweb.sh @@ -6,9 +6,12 @@ then #kubectl apply -f ./preparaMiweb/pv-local-miweb-certbot.yaml #kubectl apply -f ./preparaMiweb/pv-local-miweb-conf.yaml helm install miweb miweb-chart/ -else +elif [ "$1" = "u" ] +then helm uninstall miweb kubectl delete -f ./preparaMiweb/pv-local-miweb.yaml #kubectl delete -f ./preparaMiweb/pv-local-miweb-certbot.yaml #kubectl delete -f ./preparaMiweb/pv-local-miweb-conf.yaml +else + echo "Falta comando: i=instalar, u=desinstalar" fi diff --git a/HelmCharts/helmNextCloud.sh b/HelmCharts/helmNextCloud.sh index a08aeb70..f043c767 100644 --- a/HelmCharts/helmNextCloud.sh +++ b/HelmCharts/helmNextCloud.sh @@ -6,9 +6,12 @@ then kubectl apply -f ./preparaNextCloud/pv-local-mysql.yaml kubectl apply -f ./preparaNextCloud/pv-local-nextcloud.yaml helm install nextcloud nextcloud-chart/ -else +elif [ "$1" = "u" ] +then helm uninstall nextcloud kubectl delete -f ./preparaNextCloud/nc-namespace.yaml kubectl delete -f ./preparaNextCloud/pv-local-mysql.yaml kubectl delete -f ./preparaNextCloud/pv-local-nextcloud.yaml +else + echo "Falta comando: i=instalar, u=desinstalar" fi diff --git a/HelmCharts/helmVaultwarden.sh b/HelmCharts/helmVaultwarden.sh index 4bce2d2d..28db4f2b 100644 --- a/HelmCharts/helmVaultwarden.sh +++ b/HelmCharts/helmVaultwarden.sh @@ -4,9 +4,16 @@ if [ "$1" = "i" ] then kubectl apply -f ./preparaVaultwarden/vw-namespace.yaml kubectl apply -f ./preparaVaultwarden/pv-local-vaultwarden.yaml + kubectl create -f ./preparaVaultwarden/issuer-production.yaml helm install vaultwarden vaultwarden-chart/ -else + kubectl apply -f ./preparaVaultwarden/vaultwarden-ingress.yaml +elif [ "$1" = "u" ] +then + kubectl delete -f ./preparaVaultwarden/vaultwarden-ingress.yaml helm uninstall vaultwarden + kubectl delete -f ./preparaVaultwarden/issuer-production.yaml kubectl delete -f ./preparaVaultwarden/vw-namespace.yaml kubectl delete -f ./preparaVaultwarden/pv-local-vaultwarden.yaml +else + echo "Falta comando: i=instalar, u=desinstalar" fi diff --git a/HelmCharts/helmWordpress.sh b/HelmCharts/helmWordpress.sh index 96b83df5..6c5470dd 100644 --- a/HelmCharts/helmWordpress.sh +++ b/HelmCharts/helmWordpress.sh @@ -6,9 +6,12 @@ then kubectl apply -f ./preparaWordpress/pv-local-mysql.yaml kubectl apply -f ./preparaWordpress/pv-local-wordpress.yaml helm install wordpress wordpress-chart/ -else +elif [ "$1" = "u" ] +then helm uninstall wordpress kubectl delete -f ./preparaWordpress/wp-namespace.yaml kubectl delete -f ./preparaWordpress/pv-local-mysql.yaml kubectl delete -f ./preparaWordpress/pv-local-wordpress.yaml +else + echo "Falta comando: i=instalar, u=desinstalar" fi diff --git a/HelmCharts/preparaAirsonic/pv-local-airsonic.yaml b/HelmCharts/preparaAirsonic/pv-local-airsonic-data.yaml similarity index 80% rename from HelmCharts/preparaAirsonic/pv-local-airsonic.yaml rename to HelmCharts/preparaAirsonic/pv-local-airsonic-data.yaml index 65dc54b3..eace0613 100644 --- a/HelmCharts/preparaAirsonic/pv-local-airsonic.yaml +++ b/HelmCharts/preparaAirsonic/pv-local-airsonic-data.yaml @@ -8,4 +8,4 @@ spec: accessModes: - ReadWriteMany hostPath: - path: "/mnt/Externo/airsonic" + path: "/mnt/Externo/airsonic/data" diff --git a/HelmCharts/preparaAirsonic/pv-local-airsonic-music.yaml b/HelmCharts/preparaAirsonic/pv-local-airsonic-music.yaml new file mode 100644 index 00000000..b9f8bb97 --- /dev/null +++ b/HelmCharts/preparaAirsonic/pv-local-airsonic-music.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: airsonic-music-folder +spec: + capacity: + storage: 20Gi + accessModes: + - ReadWriteMany + hostPath: + path: "/mnt/Externo/airsonic/music" diff --git a/HelmCharts/preparaAirsonic/pv-local-airsonic-playlists.yaml b/HelmCharts/preparaAirsonic/pv-local-airsonic-playlists.yaml new file mode 100644 index 00000000..467ee60c --- /dev/null +++ b/HelmCharts/preparaAirsonic/pv-local-airsonic-playlists.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: airsonic-playlists-folder +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + hostPath: + path: "/mnt/Externo/airsonic/playlists" diff --git a/HelmCharts/preparaAirsonic/pv-local-airsonic-podcasts.yaml b/HelmCharts/preparaAirsonic/pv-local-airsonic-podcasts.yaml new file mode 100644 index 00000000..e5fe5a75 --- /dev/null +++ b/HelmCharts/preparaAirsonic/pv-local-airsonic-podcasts.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: airsonic-podcasts-folder +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + hostPath: + path: "/mnt/Externo/airsonic/podcasts" diff --git a/HelmCharts/preparaAirsonicadvanced/asa-namespace.yaml b/HelmCharts/preparaAirsonicadvanced/asa-namespace.yaml new file mode 100644 index 00000000..3e7e2c43 --- /dev/null +++ b/HelmCharts/preparaAirsonicadvanced/asa-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: airsonic-advanced diff --git a/HelmCharts/preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml b/HelmCharts/preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml new file mode 100644 index 00000000..5ac3c209 --- /dev/null +++ b/HelmCharts/preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: airsonic-advanced-data-folder +spec: + capacity: + storage: 2Gi + accessModes: + - ReadWriteMany + hostPath: + path: "/mnt/Externo/airsonic-advanced" diff --git a/HelmCharts/preparaCitas/citas-namespace.yaml b/HelmCharts/preparaCitas/citas-namespace.yaml new file mode 100644 index 00000000..81930e8f --- /dev/null +++ b/HelmCharts/preparaCitas/citas-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: wpcitas diff --git a/HelmCharts/preparaCitas/pv-local-citas.yaml b/HelmCharts/preparaCitas/pv-local-citas.yaml new file mode 100644 index 00000000..93f90081 --- /dev/null +++ b/HelmCharts/preparaCitas/pv-local-citas.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: citas-folder +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + hostPath: + path: "/mnt/cluster/wpcitas/wpcitas-citas" + diff --git a/HelmCharts/preparaCitas/pv-local-mysql.yaml b/HelmCharts/preparaCitas/pv-local-mysql.yaml new file mode 100644 index 00000000..43a28e6a --- /dev/null +++ b/HelmCharts/preparaCitas/pv-local-mysql.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: citas-data +spec: + capacity: + storage: 20Gi + accessModes: + - ReadWriteOnce + hostPath: + path: "/mnt/cluster/wpcitas/wpcitas-db" diff --git a/HelmCharts/preparaVaultwarden/issuer-production.yaml b/HelmCharts/preparaVaultwarden/issuer-production.yaml new file mode 100644 index 00000000..c5f89d70 --- /dev/null +++ b/HelmCharts/preparaVaultwarden/issuer-production.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: king.bernard.b@gmail.com + privateKeySecretRef: + name: letsencrypt-production + solvers: + - http01: + ingress: + class: nginx diff --git a/HelmCharts/preparaVaultwarden/vaultwarden-ingress.yaml b/HelmCharts/preparaVaultwarden/vaultwarden-ingress.yaml index ad571cd4..3654bce6 100644 --- a/HelmCharts/preparaVaultwarden/vaultwarden-ingress.yaml +++ b/HelmCharts/preparaVaultwarden/vaultwarden-ingress.yaml @@ -3,12 +3,14 @@ kind: Ingress metadata: name: vaultwarden-ingress namespace: vaultwarden + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-production spec: - ingressClassName: nginx tls: - hosts: - reymota.ddns.net - secretName: ingress-cert + secretName: letsencrypt-production rules: - host: "reymota.ddns.net" http: diff --git a/HelmCharts/wpcitas/.helmignore b/HelmCharts/wpcitas/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/HelmCharts/wpcitas/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/HelmCharts/wpcitas/Chart.yaml b/HelmCharts/wpcitas/Chart.yaml new file mode 100644 index 00000000..f8992982 --- /dev/null +++ b/HelmCharts/wpcitas/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: wpcitas +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/HelmCharts/wpcitas/templates/NOTES.txt b/HelmCharts/wpcitas/templates/NOTES.txt new file mode 100644 index 00000000..5e42047a --- /dev/null +++ b/HelmCharts/wpcitas/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "wpcitas.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "wpcitas.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "wpcitas.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "wpcitas.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/HelmCharts/wpcitas/templates/_helpers.tpl b/HelmCharts/wpcitas/templates/_helpers.tpl new file mode 100644 index 00000000..0e6be7ec --- /dev/null +++ b/HelmCharts/wpcitas/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "wpcitas.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "wpcitas.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "wpcitas.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "wpcitas.labels" -}} +helm.sh/chart: {{ include "wpcitas.chart" . }} +{{ include "wpcitas.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "wpcitas.selectorLabels" -}} +app.kubernetes.io/name: {{ include "wpcitas.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "wpcitas.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "wpcitas.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/HelmCharts/wpcitas/templates/mysql-deployment.yaml b/HelmCharts/wpcitas/templates/mysql-deployment.yaml new file mode 100755 index 00000000..71085b6a --- /dev/null +++ b/HelmCharts/wpcitas/templates/mysql-deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: v1 +kind: Service +metadata: + name: wpcitas-mysql + namespace: wpcitas + labels: + app: wpcitas +spec: + ports: + - port: 3306 + selector: + app: wpcitas + tier: mysql + clusterIP: None +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-citas-pv-claim + namespace: wpcitas + labels: + app: wpcitas +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wpcitas-mysql + namespace: wpcitas + labels: + app: wpcitas +spec: + selector: + matchLabels: + app: wpcitas + tier: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: wpcitas + tier: mysql + spec: + containers: + - image: docker-registry:32000/mariadb:1.0 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysqlcitas-pass + key: password + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: mysql-persistent-storage + mountPath: /var/lib/mysql + imagePullSecrets: + - name: reg-cred-secret + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-citas-pv-claim diff --git a/HelmCharts/wpcitas/templates/php-deployment.yaml b/HelmCharts/wpcitas/templates/php-deployment.yaml new file mode 100644 index 00000000..15e29807 --- /dev/null +++ b/HelmCharts/wpcitas/templates/php-deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: v1 +kind: Service +metadata: + name: phpmyadmin-wpcitas + namespace: wpcitas + labels: + app: wpcitas +spec: + selector: + app: wpcitas + tier: phpmyadmin + type: NodePort + ports: + - name: phpadmin + port: 80 + nodePort: 30680 + targetPort: phpmyadm +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: phpmyadmin-wpcitas + namespace: wpcitas + labels: + app: wpcitas +spec: + selector: + matchLabels: + app: wpcitas + tier: phpmyadmin + strategy: + type: Recreate + template: + metadata: + labels: + app: wpcitas + tier: phpmyadmin + spec: + containers: + - name: phpmyadmin + image: docker-registry:32000/phpmyadmin:1.0 + ports: + - containerPort: 80 + name: phpmyadm + env: + - name: PMA_HOST + value: wpcitas-mysql + - name: PMA_PORT + value: "3306" + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysqlcitas-pass + key: password + imagePullSecrets: + - name: reg-cred-secret diff --git a/HelmCharts/wpcitas/templates/registry-secrets.yaml b/HelmCharts/wpcitas/templates/registry-secrets.yaml new file mode 100644 index 00000000..21671da2 --- /dev/null +++ b/HelmCharts/wpcitas/templates/registry-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXItcmVnaXN0cnk6MzIwMDAiOnsidXNlcm5hbWUiOiJjcmV5bG9wZXoiLCJwYXNzd29yZCI6IlJleS0xMTc2IiwiYXV0aCI6IlkzSmxlV3h2Y0dWNk9sSmxlUzB4TVRjMiJ9fX0= +kind: Secret +metadata: + creationTimestamp: "2023-01-29T10:54:14Z" + name: reg-cred-secret + namespace: wpcitas + resourceVersion: "19890385" + uid: 66b3b7c5-26c1-4e5a-af4e-dc973aaafe4b +type: kubernetes.io/dockerconfigjson diff --git a/HelmCharts/wpcitas/templates/wpcitas-deployment.yaml b/HelmCharts/wpcitas/templates/wpcitas-deployment.yaml new file mode 100755 index 00000000..8655a99c --- /dev/null +++ b/HelmCharts/wpcitas/templates/wpcitas-deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: Service +metadata: + name: wpcitas + namespace: wpcitas + labels: + app: wpcitas +spec: + type: NodePort + ports: + - port: 80 + nodePort: 30440 + targetPort: wpcitas + selector: + app: wpcitas + tier: frontend +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: citas-pv-claim + namespace: wpcitas + labels: + app: wpcitas +spec: + accessModes: + - ReadWriteOnce + storageClassName: "" + resources: + requests: + storage: 10Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wpcitas + namespace: wpcitas + labels: + app: wpcitas +spec: + selector: + matchLabels: + app: wpcitas + tier: frontend + strategy: + type: Recreate + template: + metadata: + labels: + app: wpcitas + tier: frontend + spec: + containers: + - image: docker-registry:32000/wordpress:1.0 + name: wpcitas + env: + - name: WORDPRESS_DB_HOST + value: wpcitas-mysql + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysqlcitas-pass + key: password + - name: WORDPRESS_DB_USER + valueFrom: + secretKeyRef: + name: mysqlcitas-pass + key: db_user + ports: + - containerPort: 80 + name: wpcitas + volumeMounts: + - name: wpcitas-persistent-storage + mountPath: /var/www/html + imagePullSecrets: + - name: reg-cred-secret + volumes: + - name: wpcitas-persistent-storage + persistentVolumeClaim: + claimName: citas-pv-claim diff --git a/HelmCharts/wpcitas/templates/wpcitas-secrets.yaml b/HelmCharts/wpcitas/templates/wpcitas-secrets.yaml new file mode 100644 index 00000000..3db353bc --- /dev/null +++ b/HelmCharts/wpcitas/templates/wpcitas-secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mysqlcitas-pass + namespace: wpcitas +data: + password: RHNhLTAyMTM= + db_user: cm9vdA== + db_passwd: RHNhLTAyMTM= diff --git a/HelmCharts/wpcitas/values.yaml b/HelmCharts/wpcitas/values.yaml new file mode 100644 index 00000000..06692eed --- /dev/null +++ b/HelmCharts/wpcitas/values.yaml @@ -0,0 +1,82 @@ +# Default values for wordpress-chart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: docker-registry:32000 + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [reg-cred-secret] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: NodePort + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/LetsEncrypt/instalaCertManager.sh b/LetsEncrypt/instalaCertManager.sh new file mode 100644 index 00000000..a97eb9e5 --- /dev/null +++ b/LetsEncrypt/instalaCertManager.sh @@ -0,0 +1,4 @@ +helm repo add jetstack https://charts.jetstack.io +helm repo update + +helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.3 --set installCRDs=true diff --git a/LetsEncrypt/issuer-production.yaml b/LetsEncrypt/issuer-production.yaml new file mode 100644 index 00000000..65e2cc0b --- /dev/null +++ b/LetsEncrypt/issuer-production.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-production + namespace: vaultwarden +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: king.bernard.b@gmail.com + privateKeySecretRef: + name: letsencrypt-production + solvers: + - http01: + ingress: + class: nginx diff --git a/LetsEncrypt/issuer.yaml b/LetsEncrypt/issuer.yaml new file mode 100644 index 00000000..b1a25aad --- /dev/null +++ b/LetsEncrypt/issuer.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging +spec: + acme: + server: https://acme-staging-v02.api.letsencrypt.org/directory + email: king.bernard.b@gmail.com + privateKeySecretRef: + name: letsencrypt-staging + solvers: + - http01: + ingress: + class: nginx diff --git a/PeterDeTender/SettingupSSLTLSforKubernetesIngress.pdf b/PeterDeTender/SettingupSSLTLSforKubernetesIngress.pdf new file mode 100644 index 00000000..4b93804c Binary files /dev/null and b/PeterDeTender/SettingupSSLTLSforKubernetesIngress.pdf differ diff --git a/PeterDeTender/certs/ingress-tls.crt b/PeterDeTender/certs/ingress-tls.crt index f2d125cb..3a0fc9a5 100644 --- a/PeterDeTender/certs/ingress-tls.crt +++ b/PeterDeTender/certs/ingress-tls.crt @@ -1,21 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDZTCCAk2gAwIBAgIUeyhdjrJrbEReY7++sCIAKsXk4AMwDQYJKoZIhvcNAQEL -BQAwQTELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk -cmlkMRAwDgYDVQQKDAdyZXltb3RhMCAXDTIzMDIxMDExNTE0MFoYDzIwNTAwNjI3 -MTE1MTQwWjBBMQswCQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQH -DAZNYWRyaWQxEDAOBgNVBAoMB3JleW1vdGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQC579/wUkYvBm2/PtzMWWxWomDKM+Pep4UNKnAidM2Ymv725jIp -4i/QY8jDbQ8rGHs8hPMhRPNOjQ6BWioQNgSVS9XozXIE9KY/hVtZpw1I6BxLrdUe -bop3E/IztRNiVxxuMqTCjrG8H8AZJS8rSlif8dxMQFSRTQo+6mslZTH9S6By/8az -9ILKb74cvyZPSdaEVLhV9NMqLeX+K1uD7qMd4EBmRSfFiKX1vzU034Qs8cz8Ojq/ -j6ikxEISKLE3M4t61GTFYnXI1LBrm8Wr6xyc0Xw5SMnMoW9Bi7CDB3HNOo1Mma1y -oLXvwdxb81ljuPDgB4sC5oj1vm0cs+vLuf5NAgMBAAGjUzBRMB0GA1UdDgQWBBQc -UNq9PGRmWfRDbvYGffFjoYZFizAfBgNVHSMEGDAWgBQcUNq9PGRmWfRDbvYGffFj -oYZFizAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC17xD3thy8 -dVeQiTe3fLWHFL+IA59zPG+xDU0F2AjCl5BL3m76YfyIELO0QVmTjzOeCLeXDekA -0wYiLBCE3OTRZDy+/jFRcSmnEvWtkeDOJfdSe1AIGel8g60RxcpfMcdKzDkV4zLE -7riQSZfPNTpBgoBhwwts32mqTSumR8ufy/G0JX2EbMjHnYaGSs9VfaIf2wN2Ss9x -F/LD/bz1szLJksnB2jP8bgbIVjrwPVyh+lXP134lm0Z+q7m/QFJhWL0fMtxZudPv -2ja8gjHOAwlI+xQmDrnhtHfy6ofyynoYHNkviO3S6X/gD14Ug5Ra8YXzThfpkKHq -/NK+A73Mit8X +MIIDvTCCAqWgAwIBAgIUBjUZRQcc2tYtLdizbgWhEzaPpxAwDQYJKoZIhvcNAQEL +BQAwbTELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk +cmlkMRMwEQYDVQQKDApSZXlBbmRNb3RhMScwJQYJKoZIhvcNAQkBFhhraW5nLmJl +cm5hcmQuYkBnbWFpbC5jb20wIBcNMjMwMjIwMDg1MzU4WhgPMjA1MDA3MDcwODUz +NThaMG0xCzAJBgNVBAYTAkVTMQ8wDQYDVQQIDAZNYWRyaWQxDzANBgNVBAcMBk1h +ZHJpZDETMBEGA1UECgwKUmV5QW5kTW90YTEnMCUGCSqGSIb3DQEJARYYa2luZy5i +ZXJuYXJkLmJAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAnFDPyOTJZblBTkfGqxbxbu3mw8CQEEEuURnrKwDW1IgL3RwVfoSkQdUiwvf5 +JN5SxwXbB49NRBpJ60OMk9Sl89QlZrkpz1nNnQ6bs3h34uw6b4wNqObhPS6vaxGs +O2KoY/smMgkcio1pbtNHneE1/F2dRZCIoWO6v9aBKCx2/gItuXiuaSG1GU4qmqV3 +TRCVcaFEM65tF8Px4DpgXZV3yxVUurDcgxyip9vfiT2mo4dR4r2EHeMNwTSRyjmX +iy5D+4iAuXO1Lsp3h/jMi01qSX4L3HLn5dZdyZaukh+8f6BYEJL14lwG+0okU1ne +Y01aTTNaB+xJWO1kcNaRjKBurQIDAQABo1MwUTAdBgNVHQ4EFgQUif79aUzPUtJD +5X6Iwd1m6VCD2TgwHwYDVR0jBBgwFoAUif79aUzPUtJD5X6Iwd1m6VCD2TgwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQyGbG+NwAvQYF2LFGlFJ +uMUNMeWPjvydZuoj/hEGu4iu7i1t3J4a2wZRrJQaSkdYga+SGmoj+E1TVZo2h4KR +vxHXtloBk7tfkxuC9dWOVa7ayDsceJx0d538K2+HhUFUX4DOc5cZFTRxkaN6q+gR +UAFNXe7VhTz0Znq7ceqkQQmVM1j7ZufqoRRdXSqrvNVKUYRdmU/r1bZ1cdOBNPI0 +mD/MRqDYifXP1YZdoEcQ3kO53aY6hUGioyLPWF6Jab3ktpA0ZjZEBxzY1EHRgan3 +Os0MIIYyXsRuSLqJQJzSa9x1LqxvvLsEoqYmVAy+h02+YHEaIc9tEWjc4Y2Jbpgz +6A== -----END CERTIFICATE----- diff --git a/PeterDeTender/certs/ingress-tls.key b/PeterDeTender/certs/ingress-tls.key index 831c572b..6b282f9c 100644 --- a/PeterDeTender/certs/ingress-tls.key +++ b/PeterDeTender/certs/ingress-tls.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC579/wUkYvBm2/ -PtzMWWxWomDKM+Pep4UNKnAidM2Ymv725jIp4i/QY8jDbQ8rGHs8hPMhRPNOjQ6B -WioQNgSVS9XozXIE9KY/hVtZpw1I6BxLrdUebop3E/IztRNiVxxuMqTCjrG8H8AZ -JS8rSlif8dxMQFSRTQo+6mslZTH9S6By/8az9ILKb74cvyZPSdaEVLhV9NMqLeX+ -K1uD7qMd4EBmRSfFiKX1vzU034Qs8cz8Ojq/j6ikxEISKLE3M4t61GTFYnXI1LBr -m8Wr6xyc0Xw5SMnMoW9Bi7CDB3HNOo1Mma1yoLXvwdxb81ljuPDgB4sC5oj1vm0c -s+vLuf5NAgMBAAECggEAYqzmj0dab8Jdo8zcqKYcVK2/6A85swP8HEyVTfPm2EIJ -ZUYtAQVEkrch6HSMRDat0CROUy2gYeOB+yu6fvfr3r9sOiwtgmvDfpprLFz3M+Xa -fl82ZvwLB77SHpbOPrY0JFdEEOxhbpD7BV0ydyrxdZCJdP3+402bTmBhlGrr6Ju9 -OXe8AANv2Qj9s3l1Wp/QRr2oWsBdeVdWPtAqj2FebqB1RmxXkFO88saK6asYjseF -iHvhkYw1Tn7vjl7eslO2ZYrCbNqaRl/lpyhQyL8BgDQDan9FQ4HdXZwJf+ZT0Bqx -Y2uipjSe+5JzmmzvinLlET8H4iGF0TAPGZXuN3wUAQKBgQDxjQ4K0tLYfTR7kW// -NUYbPxZrErN4Sc/TQFWCS3T2vYZpoSeQuLHysmBBZfrBS4Mfd052OETPE5l0FfCv -/eucwgjRGe1DCLaGtcbpYcR3llGTMfLRmEN9f4U2AsemzqBR1GfiqdHz9As512wO -n9343OjxFeblyetamCZB+Y/zDQKBgQDFDy+NPqxtaWbI6jyvtn3HDtlwgITsVnvQ -GRakBZmEN5xwHP0ZxMTv7NCHKjVjF16wOlVcnc12xL+IFG6Np36wj2QWdHPDEagh -AJmnFGukADAYYff2W9NxGW3MO6ZuO9LlxvHjJiUS1IPpd4ped2fLYHNbaVKbHQ9l -tZi0pTBoQQKBgEkKNwnM0BbIXVtUEgKgsE9C11uPLxebci1V0cVxXa/ShVdhdJ5N -SvmxOGvuE1HprH+SSvZyc1QOgCNbEwmUhW9EOPhJl7XiZ5b6VmhxuL/Ug1w4CU2Z -dib3rWc0lfx5lH7J9JPUd/kFfXODEVimvK8o1YM49TXcxb8CLOdcOEvtAoGBAMFa -2iy8T1H39vuzIqLC7H1SK7bA1CxV25zf0SBVwkFCk8RKHWqYcSh99Ep79vBo8Ob4 -BeQfjog4Gzr52VQzAhNaTzndP+0quQ7Q2PNhDRFZgdea4UQg68Jw0hRwfyhwmMoP -QC7CsePdFCYTvnhcr0KWO/p4yK4cgIwq+FBgObRBAoGAaU55AetKon5vVeiE9qRS -u9aM7zdiBjJwlLDyybjLgyRKJ6muTz0NfK7y1LAjN81CDaWGi2xdbsdOXF7xMfsl -vHKQ+L/tnphwQUsezQEWbEwLXp0IH8yUAkCjCgtRl7aavHsXvyOz9426vJvdaBkt -YvtVeQaqukbh5F4BETam+1k= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCcUM/I5MlluUFO +R8arFvFu7ebDwJAQQS5RGesrANbUiAvdHBV+hKRB1SLC9/kk3lLHBdsHj01EGknr +Q4yT1KXz1CVmuSnPWc2dDpuzeHfi7DpvjA2o5uE9Lq9rEaw7Yqhj+yYyCRyKjWlu +00ed4TX8XZ1FkIihY7q/1oEoLHb+Ai25eK5pIbUZTiqapXdNEJVxoUQzrm0Xw/Hg +OmBdlXfLFVS6sNyDHKKn29+JPaajh1HivYQd4w3BNJHKOZeLLkP7iIC5c7UuyneH ++MyLTWpJfgvccufl1l3Jlq6SH7x/oFgQkvXiXAb7SiRTWd5jTVpNM1oH7ElY7WRw +1pGMoG6tAgMBAAECggEAEJMNBSslI7EZ+Jfpu9hp7y4wis8PN3oB1D2gTuX+4Xgv +cdl5efnMhOJ5lhy/ASbFti6rw8hxE+iJr/VwoXgpxInZEWROx5qpD58t6UC7zYbo +x00dYaxhc6BQn1S3Y3CZlEhcC3Al45cM9+BVNqtbkw/GDks+AYbWlWLEPSNB1rrv ++OUA/1j2F+yxAqP+QS8QF+u5Vg8izf/4l4wcd7K5NAkZKxf4/a420FtKcZhTVCKC +ndM8m1ejVe+J5fsqchS9otacocbPyrtlEE/aVbJFnVy2oBa+p6THNTgkNIqEyzfO +OGIO6py3wH/3KMUrK1CvlhAnKglGWiMrKszNXyHwwQKBgQDM/d/asrCOSTLxS8iY +8YPwqvk8BYBWj4wzWnXoxyfltB+8Ja18w2mv1AU8LlQaBJpsmr9OxWeB2aFIcEPZ +AD9nkU0S8kW3/WOJPZuW5JF7J/YDxc7Ne74KC5vQnCpO3QG1hZau1cTwyFe7LdTW +WUELMOqGRQfMMuM8mn/tIKgjEQKBgQDDNjzXh/OfPxzY4s+4etCQ64DAUFmZ0wLI +mPjQ5PanwqihTllkVGnzW+vBMxjRT2TkYnx6uwUnt0hvIULVmGjZHWl2FuvqDZY9 +nhE41g0LQNVJAexkcryHGNBpcrVjZ0kTol5VihSDT4IZQC37KhE2XQWMndoyPO9T +MusG3DWZ3QKBgHlUkpiZRxMQlExptJOB77wVFmvGPc3+LNeAZWWf6yd0U4xDKMo9 +x2JAtdCHA1RbASPi+/SdtsQOkf2UJTRdhym/wMTEDSv3mGB0zJClPM6OOnjFLcBF +y5eag2EX7Zq8CPTt2uAkuuphSjwJxn4QWgVLsKREW3crb4BBWhJ6T8phAoGAaSoM ++OfKvR2ZAtadpPq05X2ZrQEcZBwjQcH3OUJABvx9L/kvezdmpK3+geRvGEO3TLop +6UxbaJv6r7Oxd7RVt7F6oR2UFlEfgS5ohL/74vYYcO5SVYLiQb2CeWxMf7Ki0asF +OvvaNSteIRBMNSTihPD0Dl7zr2DYZW/m4Zk8XxkCgYAQ2B9cXW6p6J4LQVuvppKi +iiZ++M5mWwzgJ0BPM4I0w9ymeNd1rsS7+KtHUXBAbcSxqP9Yd5RjlTEW+m8qlT3y +oWd5EBY1ZZzbORUaVsROBiuqyQl9niHGlkjHrHgz0cTOnjvSqF7ldPWbdhA0E8do +N8p77zxxoCZqauv52p3Nhw== -----END PRIVATE KEY----- diff --git a/PeterDeTender/creaCert.sh b/PeterDeTender/creaCert.sh new file mode 100644 index 00000000..ba63ac77 --- /dev/null +++ b/PeterDeTender/creaCert.sh @@ -0,0 +1 @@ +openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout certs/ingress-tls.key -out certs/ingress-tls.crt diff --git a/PeterDeTender/creaSecret.sh b/PeterDeTender/creaSecret.sh new file mode 100644 index 00000000..ce156fe5 --- /dev/null +++ b/PeterDeTender/creaSecret.sh @@ -0,0 +1 @@ +kubectl create secret tls ingress-cert --key=certs/ingress-tls.key --cert=certs/ingress-tls.crt -o yaml diff --git a/PeterDeTender/ingress-controler-1.yaml b/PeterDeTender/ingress-controler-1.yaml new file mode 100644 index 00000000..9e6e905b --- /dev/null +++ b/PeterDeTender/ingress-controler-1.yaml @@ -0,0 +1,656 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + name: ingress-nginx +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx + namespace: ingress-nginx +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx + namespace: ingress-nginx +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - ingress-nginx-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-nginx-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission + namespace: ingress-nginx +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx +subjects: +- kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx-admission +subjects: +- kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx +subjects: +- kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx-admission +subjects: +- kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: v1 +data: + allow-snippet-annotations: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-controller + namespace: ingress-nginx +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + type: NodePort +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-controller-admission + namespace: ingress-nginx +spec: + ports: + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + minReadySeconds: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + template: + metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + spec: + containers: + - args: + - /nginx-ingress-controller + - --election-id=ingress-nginx-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true + dnsPolicy: ClusterFirst + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission-create + namespace: ingress-nginx +spec: + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission-create + spec: + containers: + - args: + - create + - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission-patch + namespace: ingress-nginx +spec: + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission-patch + spec: + containers: + - args: + - patch + - --webhook-name=ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: ingress-nginx-admission +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.5.1 + name: ingress-nginx-admission +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: ingress-nginx-controller-admission + namespace: ingress-nginx + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/PeterDeTender/ingress-controler-2.yaml b/PeterDeTender/ingress-controler-2.yaml new file mode 100644 index 00000000..14fe84df --- /dev/null +++ b/PeterDeTender/ingress-controler-2.yaml @@ -0,0 +1,368 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx-internal + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + +--- +# Source: ingress-nginx/templates/controller-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + helm.sh/chart: ingress-nginx-3.30.0 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx-internal +automountServiceAccountToken: true +--- +# Source: ingress-nginx/templates/controller-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + helm.sh/chart: ingress-nginx-3.30.0 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx-internal +data: +--- +# Source: ingress-nginx/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + helm.sh/chart: ingress-nginx-3.30.0 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/managed-by: Helm + name: ingress-nginx-internal +rules: + - apiGroups: + - '' + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - '' + resources: + - nodes + verbs: + - get + - apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io # k8s 1.14+ + resources: + - ingressclasses + verbs: + - get + - list + - watch +--- +# Source: ingress-nginx/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-3.30.0 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/managed-by: Helm + name: ingress-nginx-internal +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx-internal +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx-internal +--- +# Source: ingress-nginx/templates/controller-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + helm.sh/chart: ingress-nginx-3.30.0 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx-internal +rules: + - apiGroups: + - '' + resources: + - namespaces + verbs: + - get + - apiGroups: + - '' + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io # k8s 1.14+ + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - '' + resources: + - configmaps + resourceNames: + - ingress-controller-leader-nginx-internal + verbs: + - get + - update + - apiGroups: + - '' + resources: + - configmaps + verbs: + - create + - apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +--- +# Source: ingress-nginx/templates/controller-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + helm.sh/chart: ingress-nginx-3.30.0 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx + namespace: ingress-nginx-internal +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx-internal +--- +# Source: ingress-nginx/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' + labels: + helm.sh/chart: ingress-nginx-3.30.0 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx-internal +spec: + type: LoadBalancer + externalTrafficPolicy: Local + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller +--- +# Source: ingress-nginx/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + helm.sh/chart: ingress-nginx-3.30.0 + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/version: 0.46.0 + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + name: ingress-nginx-controller + namespace: ingress-nginx-internal +spec: + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + revisionHistoryLimit: 10 + minReadySeconds: 0 + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/component: controller + spec: + dnsPolicy: ClusterFirst + containers: + - name: controller + image: k8s.gcr.io/ingress-nginx/controller:v0.46.0@sha256:52f0058bed0a17ab0fb35628ba97e8d52b5d32299fbc03cc0f6c7b9ff036b61a + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller + - --election-id=ingress-controller-leader + - --ingress-class=nginx-internal + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller + securityContext: + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsUser: 101 + allowPrivilegeEscalation: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + livenessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 90Mi + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: ingress-nginx + terminationGracePeriodSeconds: 300 diff --git a/PeterDeTender/sample-app.yaml b/PeterDeTender/sample-app.yaml index 3cf4021b..3a6effbc 100644 --- a/PeterDeTender/sample-app.yaml +++ b/PeterDeTender/sample-app.yaml @@ -31,6 +31,7 @@ spec: selector: app: sample ports: - - port: 80 + - name: http + port: 80 targetPort: 8080 protocol: TCP diff --git a/PeterDeTender/sample-ingress.yaml.copia b/PeterDeTender/sample-ingress.yaml.copia new file mode 100644 index 00000000..28a85d52 --- /dev/null +++ b/PeterDeTender/sample-ingress.yaml.copia @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: sample-app-ingress + namespace: default + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + # kubernetes.io/ingress.class: nginx-internal +spec: + ingressClassName: nginx-internal + tls: + - hosts: + - reymota.ddns.net + secretName: ingress-cert + rules: + - host: "reymota.ddns.net" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: sample-app-service + port: + number: 80