scripts/fogcutter/k8s/haproxy.yml

---
apiVersion: v1
kind: Namespace
metadata:
  name: pew

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: haproxy-ingress-service-account
  namespace: pew

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: haproxy-ingress-cluster-role
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
      - endpoints
      - nodes
      - pods
      - services
      - namespaces
      - events
      - serviceaccounts
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - "extensions"
    resources:
      - ingresses
      - ingresses/status
    verbs:
      - get
      - list
      - watch
      - update
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - get
      - list
      - watch
      - create
      - patch
      - update

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: haproxy-ingress-cluster-role-binding
  namespace: pew
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: haproxy-ingress-cluster-role
subjects:
- kind: ServiceAccount
  name: haproxy-ingress-service-account
  namespace: pew

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: haproxy
  namespace: pew
data:
 
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: tcpservices
  namespace: pew
data:
  2223:
    pew/gitea:2223
  25565:
    pew/minecraft:25565

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    run: haproxy-ingress
  name: haproxy-ingress
  namespace: pew
spec:
  replicas: 1
  selector:
    matchLabels:
      run: haproxy-ingress
  template:
    metadata:
      labels:
        run: haproxy-ingress
    spec:
      serviceAccountName: haproxy-ingress-service-account
      containers:
        - name: haproxy-ingress
          image: haproxytech/kubernetes-ingress
          args:
            - --configmap=pew/haproxy
            - --configmap-tcp-services=pew/tcpservices
            - --default-backend-service=pew/ingress-default-backend
          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443
            - name: ssh
              containerPort: 2223
            - name: minecraft
              containerPort: 25565

---
apiVersion: v1
kind: Service
metadata:
  labels:
    run: haproxy-ingress
  name: haproxy-ingress
  namespace: pew
spec:
  selector:
    run: haproxy-ingress
  ports:
    - name: http
      port: 80
      protocol: TCP
    - name: https
      port: 443
      protocol: TCP
    - name: ssh
      port: 2223
      protocol: TCP
    - name: minecraft
      port: 25565
      protocol: TCP
  externalIPs:
    - 10.42.0.203

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    # set to false if doing letsencrypt validation
    ingress.kubernetes.io/ssl-redirect: "false"
    cert-manager.io/cluster-issuer: letsencrypt-prod
  name: haproxy-ingress
  namespace: pew
spec:
  rules:
    - host: seaturtle.pw
      http:
        paths:
          - path: /
            pathType: "Exact"
            backend:
              service:
                name: nginx
                port:
                  number: 80
          - path: /files
            pathType: "Exact"
            backend:
              service:
                name: nginx
                port:
                  number: 80
          - path: /grafana
            pathType: "Exact"
            backend:
              service:
                name: grafana
                port:
                  number: 3000
    - host: airsonic.seaturtle.pw
      http:
        paths:
          - path: /
            pathType: "Exact"
            backend:
              service:
                name: airsonic
                port:
                  number: 4040
    - host: git.seaturtle.pw
      http:
        paths:
          - path: /
            pathType: "Exact"
            backend:
              service:
                name: gitea
                port:
                  number: 3000
    - host: plex.seaturtle.pw
      http:
        paths:
          - path: /
            pathType: "Exact"
            backend:
              service:
                name: plex
                port:
                  number: 32400
  tls:
    - secretName: pew-cert
      hosts:
        - seaturtle.pw
        - airsonic.seaturtle.pw
        - git.seaturtle.pw
        - plex.seaturtle.pw
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: paulsw.pw@gmail.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: pew-account-key
    # Add a ACME HTTP01 challenge solver
    solvers:
    - http01:
        ingress: {}
docker -> k8s 2020-11-02 22:32:40 -05:00			`---`
			`apiVersion: v1`
			`kind: Namespace`
			`metadata:`
			`name: pew`

			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: haproxy-ingress-service-account`
			`namespace: pew`

			`---`
			`kind: ClusterRole`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: haproxy-ingress-cluster-role`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- configmaps`
			`- endpoints`
			`- nodes`
			`- pods`
			`- services`
			`- namespaces`
			`- events`
			`- serviceaccounts`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- "extensions"`
			`resources:`
			`- ingresses`
			`- ingresses/status`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- update`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- secrets`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- create`
			`- patch`
			`- update`

			`---`
			`kind: ClusterRoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: haproxy-ingress-cluster-role-binding`
			`namespace: pew`
			`roleRef:`
			`apiGroup: rbac.authorization.k8s.io`
			`kind: ClusterRole`
			`name: haproxy-ingress-cluster-role`
			`subjects:`
			`- kind: ServiceAccount`
			`name: haproxy-ingress-service-account`
			`namespace: pew`

			`---`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: haproxy`
			`namespace: pew`
			`data:`

			`---`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: tcpservices`
			`namespace: pew`
			`data:`
			`2223:`
			`pew/gitea:2223`
			`25565:`
			`pew/minecraft:25565`

			`---`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`labels:`
			`run: haproxy-ingress`
			`name: haproxy-ingress`
			`namespace: pew`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`run: haproxy-ingress`
			`template:`
			`metadata:`
			`labels:`
			`run: haproxy-ingress`
			`spec:`
			`serviceAccountName: haproxy-ingress-service-account`
			`containers:`
			`- name: haproxy-ingress`
			`image: haproxytech/kubernetes-ingress`
			`args:`
			`- --configmap=pew/haproxy`
			`- --configmap-tcp-services=pew/tcpservices`
			`- --default-backend-service=pew/ingress-default-backend`
			`ports:`
			`- name: http`
			`containerPort: 80`
			`- name: https`
			`containerPort: 443`
			`- name: ssh`
			`containerPort: 2223`
			`- name: minecraft`
			`containerPort: 25565`

			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`labels:`
			`run: haproxy-ingress`
			`name: haproxy-ingress`
			`namespace: pew`
			`spec:`
			`selector:`
			`run: haproxy-ingress`
			`ports:`
			`- name: http`
			`port: 80`
			`protocol: TCP`
			`- name: https`
			`port: 443`
			`protocol: TCP`
			`- name: ssh`
			`port: 2223`
			`protocol: TCP`
			`- name: minecraft`
			`port: 25565`
			`protocol: TCP`
			`externalIPs:`
			`- 10.42.0.203`

			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`annotations:`
			`# set to false if doing letsencrypt validation`
			`ingress.kubernetes.io/ssl-redirect: "false"`
			`cert-manager.io/cluster-issuer: letsencrypt-prod`
			`name: haproxy-ingress`
			`namespace: pew`
			`spec:`
			`rules:`
			`- host: seaturtle.pw`
			`http:`
			`paths:`
			`- path: /`
			`pathType: "Exact"`
			`backend:`
			`service:`
			`name: nginx`
			`port:`
			`number: 80`
			`- path: /files`
			`pathType: "Exact"`
			`backend:`
			`service:`
			`name: nginx`
			`port:`
			`number: 80`
			`- path: /grafana`
			`pathType: "Exact"`
			`backend:`
			`service:`
			`name: grafana`
			`port:`
			`number: 3000`
			`- host: airsonic.seaturtle.pw`
			`http:`
			`paths:`
			`- path: /`
			`pathType: "Exact"`
			`backend:`
			`service:`
			`name: airsonic`
			`port:`
			`number: 4040`
			`- host: git.seaturtle.pw`
			`http:`
			`paths:`
			`- path: /`
			`pathType: "Exact"`
			`backend:`
			`service:`
			`name: gitea`
			`port:`
			`number: 3000`
			`- host: plex.seaturtle.pw`
			`http:`
			`paths:`
			`- path: /`
			`pathType: "Exact"`
			`backend:`
			`service:`
			`name: plex`
			`port:`
			`number: 32400`
			`tls:`
			`- secretName: pew-cert`
			`hosts:`
			`- seaturtle.pw`
			`- airsonic.seaturtle.pw`
			`- git.seaturtle.pw`
			`- plex.seaturtle.pw`
			`---`
			`apiVersion: cert-manager.io/v1alpha2`
			`kind: ClusterIssuer`
			`metadata:`
			`name: letsencrypt-prod`
			`spec:`
			`acme:`
			`email: paulsw.pw@gmail.com`
			`server: https://acme-v02.api.letsencrypt.org/directory`
			`privateKeySecretRef:`
			`name: pew-account-key`
			`# Add a ACME HTTP01 challenge solver`
			`solvers:`
			`- http01:`
			`ingress: {}`