switch to NAS for NC & nodeport to fix certs
parent
5b2054ab8c
commit
10e26768b9
|
@ -0,0 +1,4 @@
|
|||
# helm create namespace cert-manager
|
||||
# helm repo add jetstack https://charts.jetstack.io && helm repo update
|
||||
# helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.0.3 -f cert-manager.yml
|
||||
installCRDs: true
|
|
@ -1,2 +0,0 @@
|
|||
# cert-manager
|
||||
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager.yaml
|
|
@ -28,7 +28,7 @@ spec:
|
|||
- name: SSH_DOMAIN
|
||||
value: "git.seaturtle.pw"
|
||||
- name: SSH_PORT
|
||||
value: "2223"
|
||||
value: "22"
|
||||
- name: ROOT_URL
|
||||
value: "https://git.seaturtle.pw/"
|
||||
- name: LFS_START
|
||||
|
@ -84,7 +84,7 @@ spec:
|
|||
port: 3000
|
||||
protocol: TCP
|
||||
- name: ssh
|
||||
port: 2223
|
||||
port: 22
|
||||
protocol: TCP
|
||||
|
||||
---
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: tcpservices
|
||||
namespace: haproxy
|
||||
data:
|
||||
22:
|
||||
pew/gitea:22
|
||||
25565:
|
||||
pew/minecraft:25565
|
|
@ -1,252 +1,32 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: pew
|
||||
# k create namespace haproxy
|
||||
# Create tcp services configmap:
|
||||
# k apply -f haproxy-tcp.yml
|
||||
# helm repo add haproxytech https://haproxytech.github.io/helm-charts && helm repo update
|
||||
# helm install haproxy haproxytech/kubernetes-ingress --namespace haproxy -f haproxy.yml
|
||||
controller:
|
||||
replicaCount: 1
|
||||
extraArgs:
|
||||
- --configmap-tcp-services=haproxy/tcpservices
|
||||
service:
|
||||
type: NodePort
|
||||
nodePorts:
|
||||
http: 30080
|
||||
https: 30443
|
||||
enablePorts:
|
||||
http: true
|
||||
https: true
|
||||
stat: true
|
||||
ssh: true
|
||||
minecraft: true
|
||||
tcpPorts:
|
||||
- name: ssh
|
||||
port: 22
|
||||
targetPort: 22
|
||||
nodePort: 30022
|
||||
- name: minecraft
|
||||
port: 25565
|
||||
targetPort: 25565
|
||||
nodePort: 30565
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: haproxy-ingress-service-account
|
||||
namespace: pew
|
||||
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: haproxy-ingress-cluster-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- endpoints
|
||||
- nodes
|
||||
- pods
|
||||
- services
|
||||
- namespaces
|
||||
- events
|
||||
- serviceaccounts
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- "extensions"
|
||||
resources:
|
||||
- ingresses
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- patch
|
||||
- update
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: haproxy-ingress-cluster-role-binding
|
||||
namespace: pew
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: haproxy-ingress-cluster-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: haproxy-ingress-service-account
|
||||
namespace: pew
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: haproxy
|
||||
namespace: pew
|
||||
data:
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: tcpservices
|
||||
namespace: pew
|
||||
data:
|
||||
2223:
|
||||
pew/gitea:2223
|
||||
25565:
|
||||
pew/minecraft:25565
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
run: haproxy-ingress
|
||||
name: haproxy-ingress
|
||||
namespace: pew
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
run: haproxy-ingress
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
run: haproxy-ingress
|
||||
spec:
|
||||
serviceAccountName: haproxy-ingress-service-account
|
||||
containers:
|
||||
- name: haproxy-ingress
|
||||
image: haproxytech/kubernetes-ingress:1.4.9
|
||||
args:
|
||||
- --configmap=pew/haproxy
|
||||
- --configmap-tcp-services=pew/tcpservices
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
- name: https
|
||||
containerPort: 443
|
||||
- name: ssh
|
||||
containerPort: 2223
|
||||
- name: minecraft
|
||||
containerPort: 25565
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
run: haproxy-ingress
|
||||
name: haproxy-ingress
|
||||
namespace: pew
|
||||
spec:
|
||||
selector:
|
||||
run: haproxy-ingress
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
- name: https
|
||||
port: 443
|
||||
protocol: TCP
|
||||
- name: ssh
|
||||
port: 2223
|
||||
protocol: TCP
|
||||
- name: minecraft
|
||||
port: 25565
|
||||
protocol: TCP
|
||||
externalIPs:
|
||||
- 10.42.0.203
|
||||
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
# set to false if doing letsencrypt validation
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
name: haproxy-ingress
|
||||
namespace: pew
|
||||
spec:
|
||||
rules:
|
||||
- host: seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: nginx
|
||||
port:
|
||||
number: 80
|
||||
- path: /files
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: nginx
|
||||
port:
|
||||
number: 80
|
||||
- path: /grafana
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: grafana
|
||||
port:
|
||||
number: 3000
|
||||
- host: airsonic.seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: airsonic
|
||||
port:
|
||||
number: 4040
|
||||
- host: git.seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: gitea
|
||||
port:
|
||||
number: 3000
|
||||
- host: nc.seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: nextcloud
|
||||
port:
|
||||
number: 80
|
||||
- host: plex.seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: plex
|
||||
port:
|
||||
number: 32400
|
||||
tls:
|
||||
- secretName: pew-cert
|
||||
hosts:
|
||||
- seaturtle.pw
|
||||
- airsonic.seaturtle.pw
|
||||
- git.seaturtle.pw
|
||||
- plex.seaturtle.pw
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-prod
|
||||
spec:
|
||||
acme:
|
||||
email: paulsw.pw@gmail.com
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: pew-account-key
|
||||
# Add a ACME HTTP01 challenge solver
|
||||
solvers:
|
||||
- http01:
|
||||
ingress: {}
|
||||
defaultBackend:
|
||||
replicaCount: 1
|
||||
|
|
|
@ -0,0 +1,107 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
# set to false if doing letsencrypt validation
|
||||
ingress.kubernetes.io/ssl-redirect: "true"
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
name: haproxy-ingress
|
||||
namespace: pew
|
||||
spec:
|
||||
rules:
|
||||
- host: seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: nginx
|
||||
port:
|
||||
number: 80
|
||||
- path: /files
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: nginx
|
||||
port:
|
||||
number: 80
|
||||
- host: airsonic.seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: airsonic
|
||||
port:
|
||||
number: 4040
|
||||
- host: git.seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: gitea
|
||||
port:
|
||||
number: 3000
|
||||
- host: nc.seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: nextcloud
|
||||
port:
|
||||
number: 80
|
||||
- host: plex.seaturtle.pw
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: "Exact"
|
||||
backend:
|
||||
service:
|
||||
name: plex
|
||||
port:
|
||||
number: 32400
|
||||
tls:
|
||||
- secretName: pew-cert
|
||||
hosts:
|
||||
- seaturtle.pw
|
||||
- airsonic.seaturtle.pw
|
||||
- git.seaturtle.pw
|
||||
- nc.seaturtle.pw
|
||||
- plex.seaturtle.pw
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
acme:
|
||||
email: paulsw.pw@gmail.com
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: pew-account-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress: {}
|
||||
|
||||
---
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-prod
|
||||
spec:
|
||||
acme:
|
||||
email: paulsw.pw@gmail.com
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: pew-account-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress: {}
|
|
@ -48,7 +48,7 @@ spec:
|
|||
volumes:
|
||||
- name: nextcloud-data
|
||||
hostPath:
|
||||
path: /opt/NEXTCLOUD-K8S/data
|
||||
path: /bigdata/k8s-config/nextcloud/data
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -106,7 +106,7 @@ spec:
|
|||
volumes:
|
||||
- name: nextcloud-mariadb
|
||||
hostPath:
|
||||
path: /opt/NEXTCLOUD-K8S/mariadb
|
||||
path: /bigdata/k8s-config/nextcloud/mariadb
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
|
|
Loading…
Reference in New Issue