creylopez
/
k8s-cluster-projects
1
1
Fork 0
Code Issues 1 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Cambios varios

main
Celestino Rey 2 years ago
parent
3f37ad4509
commit
24796f62a0
51 changed files with 2022 additions and 67 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      Comunes/buscaNodeport.sh
  2. +23
    -0
      HelmCharts/airsonic-advanced-chart/.helmignore
  3. +24
    -0
      HelmCharts/airsonic-advanced-chart/Chart.yaml
  4. +78
    -0
      HelmCharts/airsonic-advanced-chart/templates/airsonic-advanced-deployment.yaml
  5. +11
    -0
      HelmCharts/airsonic-advanced-chart/templates/registry-secrets.yaml
  6. +82
    -0
      HelmCharts/airsonic-advanced-chart/values.yaml
  7. +61
    -9
      HelmCharts/airsonic-chart/templates/airsonic-deployment.yaml
  8. +1
    -0
      HelmCharts/entra-airsonic.sh
  9. +1
    -0
      HelmCharts/entra-asa.sh
  10. +13
    -3
      HelmCharts/helmAirsonic.sh
  11. +16
    -0
      HelmCharts/helmAirsonicadvanced.sh
  12. +17
    -0
      HelmCharts/helmCitas.sh
  13. +4
    -1
      HelmCharts/helmKanboard.sh
  14. +4
    -1
      HelmCharts/helmMediawiki.sh
  15. +4
    -1
      HelmCharts/helmMiweb.sh
  16. +4
    -1
      HelmCharts/helmNextCloud.sh
  17. +8
    -1
      HelmCharts/helmVaultwarden.sh
  18. +4
    -1
      HelmCharts/helmWordpress.sh
  19. +1
    -1
      HelmCharts/preparaAirsonic/pv-local-airsonic-data.yaml
  20. +11
    -0
      HelmCharts/preparaAirsonic/pv-local-airsonic-music.yaml
  21. +11
    -0
      HelmCharts/preparaAirsonic/pv-local-airsonic-playlists.yaml
  22. +11
    -0
      HelmCharts/preparaAirsonic/pv-local-airsonic-podcasts.yaml
  23. +4
    -0
      HelmCharts/preparaAirsonicadvanced/asa-namespace.yaml
  24. +11
    -0
      HelmCharts/preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml
  25. +4
    -0
      HelmCharts/preparaCitas/citas-namespace.yaml
  26. +12
    -0
      HelmCharts/preparaCitas/pv-local-citas.yaml
  27. +11
    -0
      HelmCharts/preparaCitas/pv-local-mysql.yaml
  28. +14
    -0
      HelmCharts/preparaVaultwarden/issuer-production.yaml
  29. +4
    -2
      HelmCharts/preparaVaultwarden/vaultwarden-ingress.yaml
  30. +23
    -0
      HelmCharts/wpcitas/.helmignore
  31. +24
    -0
      HelmCharts/wpcitas/Chart.yaml
  32. +22
    -0
      HelmCharts/wpcitas/templates/NOTES.txt
  33. +62
    -0
      HelmCharts/wpcitas/templates/_helpers.tpl
  34. +70
    -0
      HelmCharts/wpcitas/templates/mysql-deployment.yaml
  35. +56
    -0
      HelmCharts/wpcitas/templates/php-deployment.yaml
  36. +11
    -0
      HelmCharts/wpcitas/templates/registry-secrets.yaml
  37. +80
    -0
      HelmCharts/wpcitas/templates/wpcitas-deployment.yaml
  38. +9
    -0
      HelmCharts/wpcitas/templates/wpcitas-secrets.yaml
  39. +82
    -0
      HelmCharts/wpcitas/values.yaml
  40. +4
    -0
      LetsEncrypt/instalaCertManager.sh
  41. +15
    -0
      LetsEncrypt/issuer-production.yaml
  42. +14
    -0
      LetsEncrypt/issuer.yaml
  43. BIN
      PeterDeTender/SettingupSSLTLSforKubernetesIngress.pdf
  44. +21
    -19
      PeterDeTender/certs/ingress-tls.crt
  45. +26
    -26
      PeterDeTender/certs/ingress-tls.key
  46. +1
    -0
      PeterDeTender/creaCert.sh
  47. +1
    -0
      PeterDeTender/creaSecret.sh
  48. +656
    -0
      PeterDeTender/ingress-controler-1.yaml
  49. +368
    -0
      PeterDeTender/ingress-controler-2.yaml
  50. +2
    -1
      PeterDeTender/sample-app.yaml
  51. +25
    -0
      PeterDeTender/sample-ingress.yaml.copia

+ 1
- 0
Comunes/buscaNodeport.sh View File

@ -0,0 +1 @@
kubectl get svc -A |grep -i nodeport | cut -c100-|cut -f2 -d:|cut -c1-5| sort

+ 23
- 0
HelmCharts/airsonic-advanced-chart/.helmignore View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

+ 24
- 0
HelmCharts/airsonic-advanced-chart/Chart.yaml View File

@ -0,0 +1,24 @@
apiVersion: v2
name: airsonic-advanced-chart
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

+ 78
- 0
HelmCharts/airsonic-advanced-chart/templates/airsonic-advanced-deployment.yaml View File

@ -0,0 +1,78 @@
apiVersion: v1
kind: Service
metadata:
name: airsonic-advanced
namespace: airsonic-advanced
spec:
type: NodePort
ports:
- name: http
#port: 4040
port: 80
nodePort: 30781
targetPort: air-adv-http
selector:
app: airsonic-advanced
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: airsonic-advanced-pv-claim
namespace: airsonic-advanced
labels:
app: airsonic-advanced
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: airsonic-advanced
namespace: airsonic-advanced
labels:
app: airsonic-advanced
spec:
selector:
matchLabels:
app: airsonic-advanced
tier: frontend
strategy:
type: Recreate
template:
metadata:
labels:
app: airsonic-advanced
tier: frontend
spec:
containers:
- image: sentriz/gonic:latest
name: airsonic-advanced
#image: airsonicadvanced/airsonic-advanced
#image: docker-registry:32000/airsonic:1.0
ports:
- containerPort: 80
name: "air-adv-http"
volumeMounts:
- name: airsonic-advanced-www-folder
#mountPath: /var/airsonic
mountPath: /data
- name: airsonic-advanced-www-folder
#mountPath: /var/music
mountPath: /music
- name: airsonic-advanced-www-folder
#mountPath: /var/playlists
mountPath: /cache
- name: airsonic-advanced-www-folder
#mountPath: /var/podcasts
mountPath: /podcasts
imagePullSecrets:
- name: reg-cred-secret
volumes:
- name: airsonic-advanced-www-folder
persistentVolumeClaim:
claimName: airsonic-advanced-pv-claim

+ 11
- 0
HelmCharts/airsonic-advanced-chart/templates/registry-secrets.yaml View File

@ -0,0 +1,11 @@
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXItcmVnaXN0cnk6MzIwMDAiOnsidXNlcm5hbWUiOiJjcmV5bG9wZXoiLCJwYXNzd29yZCI6IlJleS0xMTc2IiwiYXV0aCI6IlkzSmxlV3h2Y0dWNk9sSmxlUzB4TVRjMiJ9fX0=
kind: Secret
metadata:
creationTimestamp: "2023-01-29T10:54:14Z"
name: reg-cred-secret
namespace: airsonic-advanced
resourceVersion: "19890385"
uid: 66b3b7c5-26c1-4e5a-af4e-dc973aaafe4b
type: kubernetes.io/dockerconfigjson

+ 82
- 0
HelmCharts/airsonic-advanced-chart/values.yaml View File

@ -0,0 +1,82 @@
# Default values for airsonic-advanced-chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}

+ 61
- 9
HelmCharts/airsonic-chart/templates/airsonic-deployment.yaml View File

@ -16,7 +16,7 @@ spec:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: airsonic-pv-claim
name: airsonic-data-claim
namespace: airsonic
labels:
app: airsonic
@ -28,6 +28,51 @@ spec:
requests:
storage: 2Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: airsonic-music-claim
namespace: airsonic
labels:
app: airsonic
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 20Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: airsonic-playlists-claim
namespace: airsonic
labels:
app: airsonic
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: airsonic-podcasts-claim
namespace: airsonic
labels:
app: airsonic
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
@ -59,19 +104,26 @@ spec:
- containerPort: 4040
name: "airsonic-http"
volumeMounts:
- name: airsonic-www-folder
- name: airsonic-data-folder
mountPath: /airsonic/data
- name: airsonic-www-folder
- name: airsonic-music-folder
mountPath: /airsonic/music
#- name: airsonic-www-folder
#mountPath: /airsonic/luisa
- name: airsonic-www-folder
- name: airsonic-playlists-folder
mountPath: /airsonic/playlists
- name: airsonic-www-folder
- name: airsonic-podcasts-folder
mountPath: /airsonic/podcasts
imagePullSecrets:
- name: reg-cred-secret
volumes:
- name: airsonic-www-folder
- name: airsonic-data-folder
persistentVolumeClaim:
claimName: airsonic-data-claim
- name: airsonic-music-folder
persistentVolumeClaim:
claimName: airsonic-music-claim
- name: airsonic-playlists-folder
persistentVolumeClaim:
claimName: airsonic-playlists-claim
- name: airsonic-podcasts-folder
persistentVolumeClaim:
claimName: airsonic-pv-claim
claimName: airsonic-podcasts-claim

+ 1
- 0
HelmCharts/entra-airsonic.sh View File

@ -0,0 +1 @@
kubectl exec -ti deployment.apps/airsonic -n airsonic -- /bin/bash

+ 1
- 0
HelmCharts/entra-asa.sh View File

@ -0,0 +1 @@
kubectl exec -ti deployment.apps/airsonic-advanced -n airsonic-advanced -- /bin/bash

+ 13
- 3
HelmCharts/helmAirsonic.sh View File

@ -3,10 +3,20 @@
if [ "$1" = "i" ]
then
kubectl apply -f ./preparaAirsonic/as-namespace.yaml
kubectl apply -f ./preparaAirsonic/pv-local-airsonic.yaml
kubectl apply -f ./preparaAirsonic/pv-local-airsonic-data.yaml
kubectl apply -f ./preparaAirsonic/pv-local-airsonic-music.yaml
kubectl apply -f ./preparaAirsonic/pv-local-airsonic-playlists.yaml
kubectl apply -f ./preparaAirsonic/pv-local-airsonic-podcasts.yaml
helm install airsonic airsonic-chart/
else
elif [ "$1" = "u" ]
then
helm uninstall airsonic
kubectl delete -f ./preparaAirsonic/as-namespace.yaml
kubectl delete -f ./preparaAirsonic/pv-local-airsonic.yaml
kubectl delete -f ./preparaAirsonic/pv-local-airsonic-data.yaml
kubectl delete -f ./preparaAirsonic/pv-local-airsonic-music.yaml
kubectl delete -f ./preparaAirsonic/pv-local-airsonic-playlists.yaml
kubectl delete -f ./preparaAirsonic/pv-local-airsonic-podcasts.yaml
else
echo "Falta comando: i=instalar, u=desinstalar"
fi

+ 16
- 0
HelmCharts/helmAirsonicadvanced.sh View File

@ -0,0 +1,16 @@
#!/bin/bash
if [ "$1" = "i" ]
then
kubectl apply -f ./preparaAirsonicadvanced/asa-namespace.yaml
kubectl apply -f ./preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml
helm install airsonic-advanced airsonic-advanced-chart/
elif [ "$1" = "u" ]
then
helm uninstall airsonic-advanced
kubectl delete -f ./preparaAirsonicadvanced/asa-namespace.yaml
kubectl delete -f ./preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml
else
echo "Falta comando: i=instalar, u=desinstalar"
fi

+ 17
- 0
HelmCharts/helmCitas.sh View File

@ -0,0 +1,17 @@
#!/bin/bash
if [ "$1" = "i" ]
then
kubectl apply -f ./preparaCitas/citas-namespace.yaml
kubectl apply -f ./preparaCitas/pv-local-mysql.yaml
kubectl apply -f ./preparaCitas/pv-local-citas.yaml
helm install wpcitas wpcitas/
elif [ "$1" = "u" ]
then
helm uninstall wpcitas
kubectl delete -f ./preparaCitas/citas-namespace.yaml
kubectl delete -f ./preparaCitas/pv-local-mysql.yaml
kubectl delete -f ./preparaCitas/pv-local-citas.yaml
else
echo "Falta comando: i=instalar, u=desinstalar"
fi

+ 4
- 1
HelmCharts/helmKanboard.sh View File

@ -6,9 +6,12 @@ then
kubectl apply -f ./preparaKanboard/pv-local-mysql-kb.yaml
kubectl apply -f ./preparaKanboard/pv-local-kanboard.yaml
helm install kanboard kanboard-chart/
else
elif [ "$1" = "u" ]
then
helm uninstall kanboard
kubectl delete -f ./preparaKanboard/kb-namespace.yaml
kubectl delete -f ./preparaKanboard/pv-local-mysql-kb.yaml
kubectl delete -f ./preparaKanboard/pv-local-kanboard.yaml
else
echo "Falta comando: i=instalar, u=desinstalar"
fi

+ 4
- 1
HelmCharts/helmMediawiki.sh View File

@ -6,9 +6,12 @@ then
kubectl apply -f ./preparaMediawiki/pv-local-mysql-mw.yaml
kubectl apply -f ./preparaMediawiki/pv-local-mediawiki.yaml
helm install mediawiki mediawiki-chart/
else
elif [ "$1" = "u" ]
then
helm uninstall mediawiki
kubectl delete -f ./preparaMediawiki/mw-namespace.yaml
kubectl delete -f ./preparaMediawiki/pv-local-mysql-mw.yaml
kubectl delete -f ./preparaMediawiki/pv-local-mediawiki.yaml
else
echo "Falta comando: i=instalar, u=desinstalar"
fi

+ 4
- 1
HelmCharts/helmMiweb.sh View File

@ -6,9 +6,12 @@ then
#kubectl apply -f ./preparaMiweb/pv-local-miweb-certbot.yaml
#kubectl apply -f ./preparaMiweb/pv-local-miweb-conf.yaml
helm install miweb miweb-chart/
else
elif [ "$1" = "u" ]
then
helm uninstall miweb
kubectl delete -f ./preparaMiweb/pv-local-miweb.yaml
#kubectl delete -f ./preparaMiweb/pv-local-miweb-certbot.yaml
#kubectl delete -f ./preparaMiweb/pv-local-miweb-conf.yaml
else
echo "Falta comando: i=instalar, u=desinstalar"
fi

+ 4
- 1
HelmCharts/helmNextCloud.sh View File

@ -6,9 +6,12 @@ then
kubectl apply -f ./preparaNextCloud/pv-local-mysql.yaml
kubectl apply -f ./preparaNextCloud/pv-local-nextcloud.yaml
helm install nextcloud nextcloud-chart/
else
elif [ "$1" = "u" ]
then
helm uninstall nextcloud
kubectl delete -f ./preparaNextCloud/nc-namespace.yaml
kubectl delete -f ./preparaNextCloud/pv-local-mysql.yaml
kubectl delete -f ./preparaNextCloud/pv-local-nextcloud.yaml
else
echo "Falta comando: i=instalar, u=desinstalar"
fi

+ 8
- 1
HelmCharts/helmVaultwarden.sh View File

@ -4,9 +4,16 @@ if [ "$1" = "i" ]
then
kubectl apply -f ./preparaVaultwarden/vw-namespace.yaml
kubectl apply -f ./preparaVaultwarden/pv-local-vaultwarden.yaml
kubectl create -f ./preparaVaultwarden/issuer-production.yaml
helm install vaultwarden vaultwarden-chart/
else
kubectl apply -f ./preparaVaultwarden/vaultwarden-ingress.yaml
elif [ "$1" = "u" ]
then
kubectl delete -f ./preparaVaultwarden/vaultwarden-ingress.yaml
helm uninstall vaultwarden
kubectl delete -f ./preparaVaultwarden/issuer-production.yaml
kubectl delete -f ./preparaVaultwarden/vw-namespace.yaml
kubectl delete -f ./preparaVaultwarden/pv-local-vaultwarden.yaml
else
echo "Falta comando: i=instalar, u=desinstalar"
fi

+ 4
- 1
HelmCharts/helmWordpress.sh View File

@ -6,9 +6,12 @@ then
kubectl apply -f ./preparaWordpress/pv-local-mysql.yaml
kubectl apply -f ./preparaWordpress/pv-local-wordpress.yaml
helm install wordpress wordpress-chart/
else
elif [ "$1" = "u" ]
then
helm uninstall wordpress
kubectl delete -f ./preparaWordpress/wp-namespace.yaml
kubectl delete -f ./preparaWordpress/pv-local-mysql.yaml
kubectl delete -f ./preparaWordpress/pv-local-wordpress.yaml
else
echo "Falta comando: i=instalar, u=desinstalar"
fi

HelmCharts/preparaAirsonic/pv-local-airsonic.yaml → HelmCharts/preparaAirsonic/pv-local-airsonic-data.yaml View File

@ -8,4 +8,4 @@ spec:
accessModes:
- ReadWriteMany
hostPath:
path: "/mnt/Externo/airsonic"
path: "/mnt/Externo/airsonic/data"

+ 11
- 0
HelmCharts/preparaAirsonic/pv-local-airsonic-music.yaml View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: airsonic-music-folder
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteMany
hostPath:
path: "/mnt/Externo/airsonic/music"

+ 11
- 0
HelmCharts/preparaAirsonic/pv-local-airsonic-playlists.yaml View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: airsonic-playlists-folder
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
hostPath:
path: "/mnt/Externo/airsonic/playlists"

+ 11
- 0
HelmCharts/preparaAirsonic/pv-local-airsonic-podcasts.yaml View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: airsonic-podcasts-folder
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
hostPath:
path: "/mnt/Externo/airsonic/podcasts"

+ 4
- 0
HelmCharts/preparaAirsonicadvanced/asa-namespace.yaml View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: airsonic-advanced

+ 11
- 0
HelmCharts/preparaAirsonicadvanced/pv-local-airsonic-advanced.yaml View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: airsonic-advanced-data-folder
spec:
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
hostPath:
path: "/mnt/Externo/airsonic-advanced"

+ 4
- 0
HelmCharts/preparaCitas/citas-namespace.yaml View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: wpcitas

+ 12
- 0
HelmCharts/preparaCitas/pv-local-citas.yaml View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: citas-folder
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/cluster/wpcitas/wpcitas-citas"

+ 11
- 0
HelmCharts/preparaCitas/pv-local-mysql.yaml View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: citas-data
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/cluster/wpcitas/wpcitas-db"

+ 14
- 0
HelmCharts/preparaVaultwarden/issuer-production.yaml View File

@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: king.bernard.b@gmail.com
privateKeySecretRef:
name: letsencrypt-production
solvers:
- http01:
ingress:
class: nginx

+ 4
- 2
HelmCharts/preparaVaultwarden/vaultwarden-ingress.yaml View File

@ -3,12 +3,14 @@ kind: Ingress
metadata:
name: vaultwarden-ingress
namespace: vaultwarden
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-production
spec:
ingressClassName: nginx
tls:
- hosts:
- reymota.ddns.net
secretName: ingress-cert
secretName: letsencrypt-production
rules:
- host: "reymota.ddns.net"
http:


+ 23
- 0
HelmCharts/wpcitas/.helmignore View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

+ 24
- 0
HelmCharts/wpcitas/Chart.yaml View File

@ -0,0 +1,24 @@
apiVersion: v2
name: wpcitas
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

+ 22
- 0
HelmCharts/wpcitas/templates/NOTES.txt View File

@ -0,0 +1,22 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "wpcitas.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "wpcitas.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "wpcitas.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "wpcitas.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

+ 62
- 0
HelmCharts/wpcitas/templates/_helpers.tpl View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "wpcitas.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "wpcitas.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "wpcitas.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "wpcitas.labels" -}}
helm.sh/chart: {{ include "wpcitas.chart" . }}
{{ include "wpcitas.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "wpcitas.selectorLabels" -}}
app.kubernetes.io/name: {{ include "wpcitas.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "wpcitas.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "wpcitas.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

+ 70
- 0
HelmCharts/wpcitas/templates/mysql-deployment.yaml View File

@ -0,0 +1,70 @@
apiVersion: v1
kind: Service
metadata:
name: wpcitas-mysql
namespace: wpcitas
labels:
app: wpcitas
spec:
ports:
- port: 3306
selector:
app: wpcitas
tier: mysql
clusterIP: None
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-citas-pv-claim
namespace: wpcitas
labels:
app: wpcitas
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wpcitas-mysql
namespace: wpcitas
labels:
app: wpcitas
spec:
selector:
matchLabels:
app: wpcitas
tier: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: wpcitas
tier: mysql
spec:
containers:
- image: docker-registry:32000/mariadb:1.0
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysqlcitas-pass
key: password
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
imagePullSecrets:
- name: reg-cred-secret
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-citas-pv-claim

+ 56
- 0
HelmCharts/wpcitas/templates/php-deployment.yaml View File

@ -0,0 +1,56 @@
apiVersion: v1
kind: Service
metadata:
name: phpmyadmin-wpcitas
namespace: wpcitas
labels:
app: wpcitas
spec:
selector:
app: wpcitas
tier: phpmyadmin
type: NodePort
ports:
- name: phpadmin
port: 80
nodePort: 30680
targetPort: phpmyadm
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: phpmyadmin-wpcitas
namespace: wpcitas
labels:
app: wpcitas
spec:
selector:
matchLabels:
app: wpcitas
tier: phpmyadmin
strategy:
type: Recreate
template:
metadata:
labels:
app: wpcitas
tier: phpmyadmin
spec:
containers:
- name: phpmyadmin
image: docker-registry:32000/phpmyadmin:1.0
ports:
- containerPort: 80
name: phpmyadm
env:
- name: PMA_HOST
value: wpcitas-mysql
- name: PMA_PORT
value: "3306"
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysqlcitas-pass
key: password
imagePullSecrets:
- name: reg-cred-secret

+ 11
- 0
HelmCharts/wpcitas/templates/registry-secrets.yaml View File

@ -0,0 +1,11 @@
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXItcmVnaXN0cnk6MzIwMDAiOnsidXNlcm5hbWUiOiJjcmV5bG9wZXoiLCJwYXNzd29yZCI6IlJleS0xMTc2IiwiYXV0aCI6IlkzSmxlV3h2Y0dWNk9sSmxlUzB4TVRjMiJ9fX0=
kind: Secret
metadata:
creationTimestamp: "2023-01-29T10:54:14Z"
name: reg-cred-secret
namespace: wpcitas
resourceVersion: "19890385"
uid: 66b3b7c5-26c1-4e5a-af4e-dc973aaafe4b
type: kubernetes.io/dockerconfigjson

+ 80
- 0
HelmCharts/wpcitas/templates/wpcitas-deployment.yaml View File

@ -0,0 +1,80 @@
apiVersion: v1
kind: Service
metadata:
name: wpcitas
namespace: wpcitas
labels:
app: wpcitas
spec:
type: NodePort
ports:
- port: 80
nodePort: 30440
targetPort: wpcitas
selector:
app: wpcitas
tier: frontend
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: citas-pv-claim
namespace: wpcitas
labels:
app: wpcitas
spec:
accessModes:
- ReadWriteOnce
storageClassName: ""
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wpcitas
namespace: wpcitas
labels:
app: wpcitas
spec:
selector:
matchLabels:
app: wpcitas
tier: frontend
strategy:
type: Recreate
template:
metadata:
labels:
app: wpcitas
tier: frontend
spec:
containers:
- image: docker-registry:32000/wordpress:1.0
name: wpcitas
env:
- name: WORDPRESS_DB_HOST
value: wpcitas-mysql
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysqlcitas-pass
key: password
- name: WORDPRESS_DB_USER
valueFrom:
secretKeyRef:
name: mysqlcitas-pass
key: db_user
ports:
- containerPort: 80
name: wpcitas
volumeMounts:
- name: wpcitas-persistent-storage
mountPath: /var/www/html
imagePullSecrets:
- name: reg-cred-secret
volumes:
- name: wpcitas-persistent-storage
persistentVolumeClaim:
claimName: citas-pv-claim

+ 9
- 0
HelmCharts/wpcitas/templates/wpcitas-secrets.yaml View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Secret
metadata:
name: mysqlcitas-pass
namespace: wpcitas
data:
password: RHNhLTAyMTM=
db_user: cm9vdA==
db_passwd: RHNhLTAyMTM=

+ 82
- 0
HelmCharts/wpcitas/values.yaml View File

@ -0,0 +1,82 @@
# Default values for wordpress-chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: docker-registry:32000
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: [reg-cred-secret]
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: NodePort
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}

+ 4
- 0
LetsEncrypt/instalaCertManager.sh View File

@ -0,0 +1,4 @@
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.5.3 --set installCRDs=true

+ 15
- 0
LetsEncrypt/issuer-production.yaml View File

@ -0,0 +1,15 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
namespace: vaultwarden
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: king.bernard.b@gmail.com
privateKeySecretRef:
name: letsencrypt-production
solvers:
- http01:
ingress:
class: nginx

+ 14
- 0
LetsEncrypt/issuer.yaml View File

@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: king.bernard.b@gmail.com
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- http01:
ingress:
class: nginx

BIN
PeterDeTender/SettingupSSLTLSforKubernetesIngress.pdf View File


+ 21
- 19
PeterDeTender/certs/ingress-tls.crt View File

@ -1,21 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDZTCCAk2gAwIBAgIUeyhdjrJrbEReY7++sCIAKsXk4AMwDQYJKoZIhvcNAQEL
BQAwQTELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
cmlkMRAwDgYDVQQKDAdyZXltb3RhMCAXDTIzMDIxMDExNTE0MFoYDzIwNTAwNjI3
MTE1MTQwWjBBMQswCQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQH
DAZNYWRyaWQxEDAOBgNVBAoMB3JleW1vdGEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC579/wUkYvBm2/PtzMWWxWomDKM+Pep4UNKnAidM2Ymv725jIp
4i/QY8jDbQ8rGHs8hPMhRPNOjQ6BWioQNgSVS9XozXIE9KY/hVtZpw1I6BxLrdUe
bop3E/IztRNiVxxuMqTCjrG8H8AZJS8rSlif8dxMQFSRTQo+6mslZTH9S6By/8az
9ILKb74cvyZPSdaEVLhV9NMqLeX+K1uD7qMd4EBmRSfFiKX1vzU034Qs8cz8Ojq/
j6ikxEISKLE3M4t61GTFYnXI1LBrm8Wr6xyc0Xw5SMnMoW9Bi7CDB3HNOo1Mma1y
oLXvwdxb81ljuPDgB4sC5oj1vm0cs+vLuf5NAgMBAAGjUzBRMB0GA1UdDgQWBBQc
UNq9PGRmWfRDbvYGffFjoYZFizAfBgNVHSMEGDAWgBQcUNq9PGRmWfRDbvYGffFj
oYZFizAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC17xD3thy8
dVeQiTe3fLWHFL+IA59zPG+xDU0F2AjCl5BL3m76YfyIELO0QVmTjzOeCLeXDekA
0wYiLBCE3OTRZDy+/jFRcSmnEvWtkeDOJfdSe1AIGel8g60RxcpfMcdKzDkV4zLE
7riQSZfPNTpBgoBhwwts32mqTSumR8ufy/G0JX2EbMjHnYaGSs9VfaIf2wN2Ss9x
F/LD/bz1szLJksnB2jP8bgbIVjrwPVyh+lXP134lm0Z+q7m/QFJhWL0fMtxZudPv
2ja8gjHOAwlI+xQmDrnhtHfy6ofyynoYHNkviO3S6X/gD14Ug5Ra8YXzThfpkKHq
/NK+A73Mit8X
MIIDvTCCAqWgAwIBAgIUBjUZRQcc2tYtLdizbgWhEzaPpxAwDQYJKoZIhvcNAQEL
BQAwbTELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
cmlkMRMwEQYDVQQKDApSZXlBbmRNb3RhMScwJQYJKoZIhvcNAQkBFhhraW5nLmJl
cm5hcmQuYkBnbWFpbC5jb20wIBcNMjMwMjIwMDg1MzU4WhgPMjA1MDA3MDcwODUz
NThaMG0xCzAJBgNVBAYTAkVTMQ8wDQYDVQQIDAZNYWRyaWQxDzANBgNVBAcMBk1h
ZHJpZDETMBEGA1UECgwKUmV5QW5kTW90YTEnMCUGCSqGSIb3DQEJARYYa2luZy5i
ZXJuYXJkLmJAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnFDPyOTJZblBTkfGqxbxbu3mw8CQEEEuURnrKwDW1IgL3RwVfoSkQdUiwvf5
JN5SxwXbB49NRBpJ60OMk9Sl89QlZrkpz1nNnQ6bs3h34uw6b4wNqObhPS6vaxGs
O2KoY/smMgkcio1pbtNHneE1/F2dRZCIoWO6v9aBKCx2/gItuXiuaSG1GU4qmqV3
TRCVcaFEM65tF8Px4DpgXZV3yxVUurDcgxyip9vfiT2mo4dR4r2EHeMNwTSRyjmX
iy5D+4iAuXO1Lsp3h/jMi01qSX4L3HLn5dZdyZaukh+8f6BYEJL14lwG+0okU1ne
Y01aTTNaB+xJWO1kcNaRjKBurQIDAQABo1MwUTAdBgNVHQ4EFgQUif79aUzPUtJD
5X6Iwd1m6VCD2TgwHwYDVR0jBBgwFoAUif79aUzPUtJD5X6Iwd1m6VCD2TgwDwYD
VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAQyGbG+NwAvQYF2LFGlFJ
uMUNMeWPjvydZuoj/hEGu4iu7i1t3J4a2wZRrJQaSkdYga+SGmoj+E1TVZo2h4KR
vxHXtloBk7tfkxuC9dWOVa7ayDsceJx0d538K2+HhUFUX4DOc5cZFTRxkaN6q+gR
UAFNXe7VhTz0Znq7ceqkQQmVM1j7ZufqoRRdXSqrvNVKUYRdmU/r1bZ1cdOBNPI0
mD/MRqDYifXP1YZdoEcQ3kO53aY6hUGioyLPWF6Jab3ktpA0ZjZEBxzY1EHRgan3
Os0MIIYyXsRuSLqJQJzSa9x1LqxvvLsEoqYmVAy+h02+YHEaIc9tEWjc4Y2Jbpgz
6A==
-----END CERTIFICATE-----

+ 26
- 26
PeterDeTender/certs/ingress-tls.key View File

@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC579/wUkYvBm2/
PtzMWWxWomDKM+Pep4UNKnAidM2Ymv725jIp4i/QY8jDbQ8rGHs8hPMhRPNOjQ6B
WioQNgSVS9XozXIE9KY/hVtZpw1I6BxLrdUebop3E/IztRNiVxxuMqTCjrG8H8AZ
JS8rSlif8dxMQFSRTQo+6mslZTH9S6By/8az9ILKb74cvyZPSdaEVLhV9NMqLeX+
K1uD7qMd4EBmRSfFiKX1vzU034Qs8cz8Ojq/j6ikxEISKLE3M4t61GTFYnXI1LBr
m8Wr6xyc0Xw5SMnMoW9Bi7CDB3HNOo1Mma1yoLXvwdxb81ljuPDgB4sC5oj1vm0c
s+vLuf5NAgMBAAECggEAYqzmj0dab8Jdo8zcqKYcVK2/6A85swP8HEyVTfPm2EIJ
ZUYtAQVEkrch6HSMRDat0CROUy2gYeOB+yu6fvfr3r9sOiwtgmvDfpprLFz3M+Xa
fl82ZvwLB77SHpbOPrY0JFdEEOxhbpD7BV0ydyrxdZCJdP3+402bTmBhlGrr6Ju9
OXe8AANv2Qj9s3l1Wp/QRr2oWsBdeVdWPtAqj2FebqB1RmxXkFO88saK6asYjseF
iHvhkYw1Tn7vjl7eslO2ZYrCbNqaRl/lpyhQyL8BgDQDan9FQ4HdXZwJf+ZT0Bqx
Y2uipjSe+5JzmmzvinLlET8H4iGF0TAPGZXuN3wUAQKBgQDxjQ4K0tLYfTR7kW//
NUYbPxZrErN4Sc/TQFWCS3T2vYZpoSeQuLHysmBBZfrBS4Mfd052OETPE5l0FfCv
/eucwgjRGe1DCLaGtcbpYcR3llGTMfLRmEN9f4U2AsemzqBR1GfiqdHz9As512wO
n9343OjxFeblyetamCZB+Y/zDQKBgQDFDy+NPqxtaWbI6jyvtn3HDtlwgITsVnvQ
GRakBZmEN5xwHP0ZxMTv7NCHKjVjF16wOlVcnc12xL+IFG6Np36wj2QWdHPDEagh
AJmnFGukADAYYff2W9NxGW3MO6ZuO9LlxvHjJiUS1IPpd4ped2fLYHNbaVKbHQ9l
tZi0pTBoQQKBgEkKNwnM0BbIXVtUEgKgsE9C11uPLxebci1V0cVxXa/ShVdhdJ5N
SvmxOGvuE1HprH+SSvZyc1QOgCNbEwmUhW9EOPhJl7XiZ5b6VmhxuL/Ug1w4CU2Z
dib3rWc0lfx5lH7J9JPUd/kFfXODEVimvK8o1YM49TXcxb8CLOdcOEvtAoGBAMFa
2iy8T1H39vuzIqLC7H1SK7bA1CxV25zf0SBVwkFCk8RKHWqYcSh99Ep79vBo8Ob4
BeQfjog4Gzr52VQzAhNaTzndP+0quQ7Q2PNhDRFZgdea4UQg68Jw0hRwfyhwmMoP
QC7CsePdFCYTvnhcr0KWO/p4yK4cgIwq+FBgObRBAoGAaU55AetKon5vVeiE9qRS
u9aM7zdiBjJwlLDyybjLgyRKJ6muTz0NfK7y1LAjN81CDaWGi2xdbsdOXF7xMfsl
vHKQ+L/tnphwQUsezQEWbEwLXp0IH8yUAkCjCgtRl7aavHsXvyOz9426vJvdaBkt
YvtVeQaqukbh5F4BETam+1k=
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCcUM/I5MlluUFO
R8arFvFu7ebDwJAQQS5RGesrANbUiAvdHBV+hKRB1SLC9/kk3lLHBdsHj01EGknr
Q4yT1KXz1CVmuSnPWc2dDpuzeHfi7DpvjA2o5uE9Lq9rEaw7Yqhj+yYyCRyKjWlu
00ed4TX8XZ1FkIihY7q/1oEoLHb+Ai25eK5pIbUZTiqapXdNEJVxoUQzrm0Xw/Hg
OmBdlXfLFVS6sNyDHKKn29+JPaajh1HivYQd4w3BNJHKOZeLLkP7iIC5c7UuyneH
+MyLTWpJfgvccufl1l3Jlq6SH7x/oFgQkvXiXAb7SiRTWd5jTVpNM1oH7ElY7WRw
1pGMoG6tAgMBAAECggEAEJMNBSslI7EZ+Jfpu9hp7y4wis8PN3oB1D2gTuX+4Xgv
cdl5efnMhOJ5lhy/ASbFti6rw8hxE+iJr/VwoXgpxInZEWROx5qpD58t6UC7zYbo
x00dYaxhc6BQn1S3Y3CZlEhcC3Al45cM9+BVNqtbkw/GDks+AYbWlWLEPSNB1rrv
+OUA/1j2F+yxAqP+QS8QF+u5Vg8izf/4l4wcd7K5NAkZKxf4/a420FtKcZhTVCKC
ndM8m1ejVe+J5fsqchS9otacocbPyrtlEE/aVbJFnVy2oBa+p6THNTgkNIqEyzfO
OGIO6py3wH/3KMUrK1CvlhAnKglGWiMrKszNXyHwwQKBgQDM/d/asrCOSTLxS8iY
8YPwqvk8BYBWj4wzWnXoxyfltB+8Ja18w2mv1AU8LlQaBJpsmr9OxWeB2aFIcEPZ
AD9nkU0S8kW3/WOJPZuW5JF7J/YDxc7Ne74KC5vQnCpO3QG1hZau1cTwyFe7LdTW
WUELMOqGRQfMMuM8mn/tIKgjEQKBgQDDNjzXh/OfPxzY4s+4etCQ64DAUFmZ0wLI
mPjQ5PanwqihTllkVGnzW+vBMxjRT2TkYnx6uwUnt0hvIULVmGjZHWl2FuvqDZY9
nhE41g0LQNVJAexkcryHGNBpcrVjZ0kTol5VihSDT4IZQC37KhE2XQWMndoyPO9T
MusG3DWZ3QKBgHlUkpiZRxMQlExptJOB77wVFmvGPc3+LNeAZWWf6yd0U4xDKMo9
x2JAtdCHA1RbASPi+/SdtsQOkf2UJTRdhym/wMTEDSv3mGB0zJClPM6OOnjFLcBF
y5eag2EX7Zq8CPTt2uAkuuphSjwJxn4QWgVLsKREW3crb4BBWhJ6T8phAoGAaSoM
+OfKvR2ZAtadpPq05X2ZrQEcZBwjQcH3OUJABvx9L/kvezdmpK3+geRvGEO3TLop
6UxbaJv6r7Oxd7RVt7F6oR2UFlEfgS5ohL/74vYYcO5SVYLiQb2CeWxMf7Ki0asF
OvvaNSteIRBMNSTihPD0Dl7zr2DYZW/m4Zk8XxkCgYAQ2B9cXW6p6J4LQVuvppKi
iiZ++M5mWwzgJ0BPM4I0w9ymeNd1rsS7+KtHUXBAbcSxqP9Yd5RjlTEW+m8qlT3y
oWd5EBY1ZZzbORUaVsROBiuqyQl9niHGlkjHrHgz0cTOnjvSqF7ldPWbdhA0E8do
N8p77zxxoCZqauv52p3Nhw==
-----END PRIVATE KEY-----

+ 1
- 0
PeterDeTender/creaCert.sh View File

@ -0,0 +1 @@
openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout certs/ingress-tls.key -out certs/ingress-tls.crt

+ 1
- 0
PeterDeTender/creaSecret.sh View File

@ -0,0 +1 @@
kubectl create secret tls ingress-cert --key=certs/ingress-tls.key --cert=certs/ingress-tls.crt -o yaml

+ 656
- 0
PeterDeTender/ingress-controler-1.yaml View File

@ -0,0 +1,656 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
name: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
- ingress-nginx-leader
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- ingress-nginx-leader
resources:
- leases
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
- namespaces
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: v1
data:
allow-snippet-annotations: "true"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- appProtocol: http
name: http
port: 80
protocol: TCP
targetPort: http
- appProtocol: https
name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
ports:
- appProtocol: https
name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
minReadySeconds: 0
revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
spec:
containers:
- args:
- /nginx-ingress-controller
- --election-id=ingress-nginx-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
image: registry.k8s.io/ingress-nginx/controller:v1.5.1@sha256:4ba73c697770664c1e00e9f968de14e08f606ff961c76e5d7033a4a9c593c629
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: controller
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 8443
name: webhook
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 100m
memory: 90Mi
securityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
runAsUser: 101
volumeMounts:
- mountPath: /usr/local/certificates/
name: webhook-cert
readOnly: true
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission-create
namespace: ingress-nginx
spec:
template:
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission-create
spec:
containers:
- args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name=ingress-nginx-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
imagePullPolicy: IfNotPresent
name: create
securityContext:
allowPrivilegeEscalation: false
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission-patch
namespace: ingress-nginx
spec:
template:
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission-patch
spec:
containers:
- args:
- patch
- --webhook-name=ingress-nginx-admission
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f
imagePullPolicy: IfNotPresent
name: patch
securityContext:
allowPrivilegeEscalation: false
nodeSelector:
kubernetes.io/os: linux
restartPolicy: OnFailure
securityContext:
fsGroup: 2000
runAsNonRoot: true
runAsUser: 2000
serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: nginx
spec:
controller: k8s.io/ingress-nginx
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app.kubernetes.io/component: admission-webhook
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
app.kubernetes.io/version: 1.5.1
name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: ingress-nginx-controller-admission
namespace: ingress-nginx
path: /networking/v1/ingresses
failurePolicy: Fail
matchPolicy: Equivalent
name: validate.nginx.ingress.kubernetes.io
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
sideEffects: None

+ 368
- 0
PeterDeTender/ingress-controler-2.yaml View File

@ -0,0 +1,368 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx-internal
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
---
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: ingress-nginx-3.30.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.46.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx-internal
automountServiceAccountToken: true
---
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
helm.sh/chart: ingress-nginx-3.30.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.46.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx-internal
data:
---
# Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: ingress-nginx-3.30.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.46.0
app.kubernetes.io/managed-by: Helm
name: ingress-nginx-internal
rules:
- apiGroups:
- ''
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
---
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-3.30.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.46.0
app.kubernetes.io/managed-by: Helm
name: ingress-nginx-internal
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-internal
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx-internal
---
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
helm.sh/chart: ingress-nginx-3.30.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.46.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx-internal
rules:
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- ''
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- ingress-controller-leader-nginx-internal
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
---
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
helm.sh/chart: ingress-nginx-3.30.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.46.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx-internal
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx-internal
---
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
labels:
helm.sh/chart: ingress-nginx-3.30.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.46.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx-internal
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
helm.sh/chart: ingress-nginx-3.30.0
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/version: 0.46.0
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx-internal
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
revisionHistoryLimit: 10
minReadySeconds: 0
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
spec:
dnsPolicy: ClusterFirst
containers:
- name: controller
image: k8s.gcr.io/ingress-nginx/controller:v0.46.0@sha256:52f0058bed0a17ab0fb35628ba97e8d52b5d32299fbc03cc0f6c7b9ff036b61a
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx-internal
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 101
allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
resources:
requests:
cpu: 100m
memory: 90Mi
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300

+ 2
- 1
PeterDeTender/sample-app.yaml View File

@ -31,6 +31,7 @@ spec:
selector:
app: sample
ports:
- port: 80
- name: http
port: 80
targetPort: 8080
protocol: TCP

+ 25
- 0
PeterDeTender/sample-ingress.yaml.copia View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sample-app-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
# kubernetes.io/ingress.class: nginx-internal
spec:
ingressClassName: nginx-internal
tls:
- hosts:
- reymota.ddns.net
secretName: ingress-cert
rules:
- host: "reymota.ddns.net"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: sample-app-service
port:
number: 80

Write Preview
Loading…
Cancel
Save