scripts/fogcutter/k8s/haproxy.yml

253 lines
4.8 KiB
YAML

---
apiVersion: v1
kind: Namespace
metadata:
name: pew
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: haproxy-ingress-service-account
namespace: pew
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: haproxy-ingress-cluster-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- services
- namespaces
- events
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
resources:
- ingresses
- ingresses/status
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- patch
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: haproxy-ingress-cluster-role-binding
namespace: pew
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: haproxy-ingress-cluster-role
subjects:
- kind: ServiceAccount
name: haproxy-ingress-service-account
namespace: pew
---
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy
namespace: pew
data:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tcpservices
namespace: pew
data:
2223:
pew/gitea:2223
25565:
pew/minecraft:25565
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: haproxy-ingress
name: haproxy-ingress
namespace: pew
spec:
replicas: 1
selector:
matchLabels:
run: haproxy-ingress
template:
metadata:
labels:
run: haproxy-ingress
spec:
serviceAccountName: haproxy-ingress-service-account
containers:
- name: haproxy-ingress
image: haproxytech/kubernetes-ingress:1.4.9
args:
- --configmap=pew/haproxy
- --configmap-tcp-services=pew/tcpservices
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: ssh
containerPort: 2223
- name: minecraft
containerPort: 25565
---
apiVersion: v1
kind: Service
metadata:
labels:
run: haproxy-ingress
name: haproxy-ingress
namespace: pew
spec:
selector:
run: haproxy-ingress
ports:
- name: http
port: 80
protocol: TCP
- name: https
port: 443
protocol: TCP
- name: ssh
port: 2223
protocol: TCP
- name: minecraft
port: 25565
protocol: TCP
externalIPs:
- 10.42.0.203
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# set to false if doing letsencrypt validation
ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
name: haproxy-ingress
namespace: pew
spec:
rules:
- host: seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: nginx
port:
number: 80
- path: /files
pathType: "Exact"
backend:
service:
name: nginx
port:
number: 80
- path: /grafana
pathType: "Exact"
backend:
service:
name: grafana
port:
number: 3000
- host: airsonic.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: airsonic
port:
number: 4040
- host: git.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: gitea
port:
number: 3000
- host: nc.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: nextcloud
port:
number: 80
- host: plex.seaturtle.pw
http:
paths:
- path: /
pathType: "Exact"
backend:
service:
name: plex
port:
number: 32400
tls:
- secretName: pew-cert
hosts:
- seaturtle.pw
- airsonic.seaturtle.pw
- git.seaturtle.pw
- plex.seaturtle.pw
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: paulsw.pw@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: pew-account-key
# Add a ACME HTTP01 challenge solver
solvers:
- http01:
ingress: {}