Initial commit

2022-05-20 20:48:03 +02:00 · 2022-05-20 20:48:03 +02:00 · 1cf24ffec9
commit 1cf24ffec9
7 changed files with 302 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,30 @@
+# CMP-LAB
+## Setup
+```bash
+sh ./install_helm.sh
+sh ./install_repos.sh
+```
+
+### Longhorn (storage)
+```bash
+helm install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace
+kubectl patch storageclass standard -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
+```
+
+### MetalLB (loadbalancer)
+```bash
+kubectl apply -f ./deployments/metallb-prep.yml
+kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
+kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
+```
+
+### Traefik (ingress)
+```bash
+kubectl apply -f ./deployments/traefik-prep.yml
+helm install traefik traefik/traefik --namespace=traefik --values=./values-files/traefik-values.yaml --create-namespace
+```
+
+### Nginx
+```bash
+kubectl apply -f ./deployments/nginx.yml
+```
--- a/deployments/metallb-prep.yml
+++ b/deployments/metallb-prep.yml
@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: metallb-system
+  name: config
+data:
+  config: |
+    address-pools:
+    - name: default
+      protocol: layer2
+      addresses:
+      - 192.168.2.180-192.168.2.200
--- a/deployments/nginx.yml
+++ b/deployments/nginx.yml
@ -0,0 +1,63 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: apps
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginxdemos-hello
+  namespace: apps
+  labels:
+    app: nginxdemos-hello
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginxdemos-hello
+  template:
+    metadata:
+      labels:
+        app: nginxdemos-hello
+    spec:
+      containers:
+      - name: nginxdemos-hello
+        image: nginxdemos/hello
+        ports:
+        - containerPort: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginxdemos-hello-lb
+  annotations: 
+  namespace: apps
+spec:
+  ports:
+  - port: 80
+    targetPort: 80
+  selector:
+    app: nginxdemos-hello
+  type: LoadBalancer
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginxdemos-hello-ingress
+  namespace: apps
+spec:
+  rules:
+  - host: nginx.watson.holowaif.us
+    http:
+      paths:
+      - backend:
+          service:
+            name: nginxdemos-hello-lb
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
--- a/deployments/traefik-prep.yml
+++ b/deployments/traefik-prep.yml
@ -0,0 +1,24 @@
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: ssl-certs
+provisioner: driver.longhorn.io
+allowVolumeExpansion: true
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
+parameters:
+  numberOfReplicas: "2"
+  staleReplicaTimeout: "2880"
+  fromBackup: ""
+  fsType: "ext4"
+
+---
+apiVersion: v1
+kind: Secret
+data:
+  apiKey: VlhNZnh6c3dsX1c3UDNBTVRMN1BWN1IydVAxUGNqUWdxVTJCalhKUwo=
+metadata:
+  name: cloudflare
+  namespace: traefik
+type: Opaque
--- a/install_helm.sh
+++ b/install_helm.sh
@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+cd /tmp
+curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+chmod 700 get_helm.sh
+./get_helm.sh
--- a/install_repos.sh
+++ b/install_repos.sh
@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+helm repo add traefik https://helm.traefik.io/traefik
+helm repo update
--- a/values-files/traefik-values.yaml
+++ b/values-files/traefik-values.yaml
@ -0,0 +1,164 @@
+additionalArguments:
+  - '--certificatesresolvers.letsencrypt.acme.email=nvdpoel01@gmail.com'
+  - '--certificatesresolvers.letsencrypt.acme.storage=/ssl-certs/acme.json'
+  - '--certificatesResolvers.letsencrypt.acme.dnschallenge.provider=cloudflare'
+  - >-
+    --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+  - '--certificatesResolvers.letsencrypt.acme.dnschallenge=true'
+  - '--api.insecure=true'
+additionalVolumeMounts: []
+affinity: {}
+autoscaling:
+  enabled: false
+deployment:
+  additionalContainers: []
+  additionalVolumes: []
+  annotations: {}
+  enabled: true
+  imagePullSecrets: []
+  initContainers:
+    # - name: volume-permissions
+    #   image: busybox:1.31.1
+    #   command: ['sh', '-c', 'chmod -Rv 600 /ssl-certs/*']
+    #   volumeMounts:
+    #     - mountPath: /ssl-certs
+    #       name: ssl-certs
+  kind: Deployment
+  labels: {}
+  podAnnotations: {}
+  podLabels: {}
+  replicas: 1
+  terminationGracePeriodSeconds: 60
+env:
+  - name: CF_DNS_API_TOKEN
+    valueFrom:
+      secretKeyRef:
+        key: apiKey
+        name: cloudflare
+envFrom: []
+experimental:
+  kubernetesGateway:
+    appLabelSelector: traefik
+    certificates: []
+    enabled: false
+  plugins:
+    enabled: false
+globalArguments:
+  - '--global.checknewversion'
+  - '--global.sendanonymoususage'
+hostNetwork: false
+image:
+  name: traefik
+  pullPolicy: IfNotPresent
+ingressClass:
+  enabled: true
+  fallbackApiVersion: null
+  isDefaultClass: true
+ingressRoute:
+  dashboard:
+    annotations: {}
+    enabled: false
+    labels: {}
+logs:
+  access:
+    enabled: null
+    fields:
+      general:
+        defaultmode: null
+        names: {}
+      headers:
+        defaultmode: null
+        names: {}
+    filters: {}
+  general:
+    level: DEBUG
+metrics:
+  prometheus:
+    entryPoint: metrics
+nodeSelector: {}
+persistence:
+  accessMode: ReadWriteOnce
+  annotations: {}
+  enabled: true
+  name: ssl-certs
+  path: /ssl-certs
+  size: 128Mi
+pilot:
+  enabled: false
+  token: ''
+podDisruptionBudget:
+  enabled: false
+podSecurityContext:
+  fsGroup: 65532
+podSecurityPolicy:
+  enabled: false
+ports:
+  metrics:
+    expose: false
+    exposedPort: 9100
+    port: 9100
+    protocol: TCP
+  traefik:
+    expose: false
+    exposedPort: 9000
+    port: 9000
+    protocol: TCP
+  web:
+    expose: true
+    exposedPort: 80
+    port: 8000
+    protocol: TCP
+    redirectTo: websecure
+  websecure:
+    expose: true
+    exposedPort: 443
+    port: 8443
+    protocol: TCP
+    tls:
+      certResolver: letsencrypt
+      domains: null
+      enabled: true
+      options: null
+priorityClassName: ''
+providers:
+  kubernetesCRD:
+    allowCrossNamespace: false
+    allowExternalNameServices: false
+    enabled: true
+    namespaces: []
+  kubernetesIngress:
+    enabled: true
+    namespaces: []
+    publishedService:
+      enabled: false
+rbac:
+  enabled: true
+  namespaced: false
+resources: {}
+rollingUpdate:
+  maxSurge: 1
+  maxUnavailable: 1
+securityContext:
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  runAsGroup: 65532
+  runAsNonRoot: true
+  runAsUser: 65532
+service:
+  annotations: {}
+  annotationsTCP: {}
+  annotationsUDP: {}
+  enabled: true
+  externalIPs: []
+  labels: {}
+  loadBalancerSourceRanges: []
+  spec: {}
+  type: LoadBalancer
+serviceAccount:
+  name: ''
+serviceAccountAnnotations: {}
+tlsOptions: {}
+tolerations: []
+volumes: []