commit 1cf24ffec9509a02654a2e0b0d77746fd3bf4262 Author: strNophix Date: Fri May 20 20:48:03 2022 +0200 Initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..d05b0dd --- /dev/null +++ b/README.md @@ -0,0 +1,30 @@ +# CMP-LAB +## Setup +```bash +sh ./install_helm.sh +sh ./install_repos.sh +``` + +### Longhorn (storage) +```bash +helm install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace +kubectl patch storageclass standard -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}' +``` + +### MetalLB (loadbalancer) +```bash +kubectl apply -f ./deployments/metallb-prep.yml +kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml +kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml +``` + +### Traefik (ingress) +```bash +kubectl apply -f ./deployments/traefik-prep.yml +helm install traefik traefik/traefik --namespace=traefik --values=./values-files/traefik-values.yaml --create-namespace +``` + +### Nginx +```bash +kubectl apply -f ./deployments/nginx.yml +``` diff --git a/deployments/metallb-prep.yml b/deployments/metallb-prep.yml new file mode 100644 index 0000000..1b30d35 --- /dev/null +++ b/deployments/metallb-prep.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: metallb-system + name: config +data: + config: | + address-pools: + - name: default + protocol: layer2 + addresses: + - 192.168.2.180-192.168.2.200 \ No newline at end of file diff --git a/deployments/nginx.yml b/deployments/nginx.yml new file mode 100644 index 0000000..ed6b5b3 --- /dev/null +++ b/deployments/nginx.yml @@ -0,0 +1,63 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: apps + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginxdemos-hello + namespace: apps + labels: + app: nginxdemos-hello +spec: + replicas: 3 + selector: + matchLabels: + app: nginxdemos-hello + template: + metadata: + labels: + app: nginxdemos-hello + spec: + containers: + - name: nginxdemos-hello + image: nginxdemos/hello + ports: + - containerPort: 80 + +--- +apiVersion: v1 +kind: Service +metadata: + name: nginxdemos-hello-lb + annotations: + namespace: apps +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: nginxdemos-hello + type: LoadBalancer + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginxdemos-hello-ingress + namespace: apps +spec: + rules: + - host: nginx.watson.holowaif.us + http: + paths: + - backend: + service: + name: nginxdemos-hello-lb + port: + number: 80 + path: / + pathType: Prefix diff --git a/deployments/traefik-prep.yml b/deployments/traefik-prep.yml new file mode 100644 index 0000000..b4e7e45 --- /dev/null +++ b/deployments/traefik-prep.yml @@ -0,0 +1,24 @@ +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: ssl-certs +provisioner: driver.longhorn.io +allowVolumeExpansion: true +reclaimPolicy: Delete +volumeBindingMode: Immediate +parameters: + numberOfReplicas: "2" + staleReplicaTimeout: "2880" + fromBackup: "" + fsType: "ext4" + +--- +apiVersion: v1 +kind: Secret +data: + apiKey: VlhNZnh6c3dsX1c3UDNBTVRMN1BWN1IydVAxUGNqUWdxVTJCalhKUwo= +metadata: + name: cloudflare + namespace: traefik +type: Opaque \ No newline at end of file diff --git a/install_helm.sh b/install_helm.sh new file mode 100644 index 0000000..ccf5f17 --- /dev/null +++ b/install_helm.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +cd /tmp +curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +chmod 700 get_helm.sh +./get_helm.sh \ No newline at end of file diff --git a/install_repos.sh b/install_repos.sh new file mode 100644 index 0000000..42663ad --- /dev/null +++ b/install_repos.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +helm repo add traefik https://helm.traefik.io/traefik +helm repo update diff --git a/values-files/traefik-values.yaml b/values-files/traefik-values.yaml new file mode 100644 index 0000000..6037635 --- /dev/null +++ b/values-files/traefik-values.yaml @@ -0,0 +1,164 @@ +additionalArguments: + - '--certificatesresolvers.letsencrypt.acme.email=nvdpoel01@gmail.com' + - '--certificatesresolvers.letsencrypt.acme.storage=/ssl-certs/acme.json' + - '--certificatesResolvers.letsencrypt.acme.dnschallenge.provider=cloudflare' + - >- + --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory + - '--certificatesResolvers.letsencrypt.acme.dnschallenge=true' + - '--api.insecure=true' +additionalVolumeMounts: [] +affinity: {} +autoscaling: + enabled: false +deployment: + additionalContainers: [] + additionalVolumes: [] + annotations: {} + enabled: true + imagePullSecrets: [] + initContainers: + # - name: volume-permissions + # image: busybox:1.31.1 + # command: ['sh', '-c', 'chmod -Rv 600 /ssl-certs/*'] + # volumeMounts: + # - mountPath: /ssl-certs + # name: ssl-certs + kind: Deployment + labels: {} + podAnnotations: {} + podLabels: {} + replicas: 1 + terminationGracePeriodSeconds: 60 +env: + - name: CF_DNS_API_TOKEN + valueFrom: + secretKeyRef: + key: apiKey + name: cloudflare +envFrom: [] +experimental: + kubernetesGateway: + appLabelSelector: traefik + certificates: [] + enabled: false + plugins: + enabled: false +globalArguments: + - '--global.checknewversion' + - '--global.sendanonymoususage' +hostNetwork: false +image: + name: traefik + pullPolicy: IfNotPresent +ingressClass: + enabled: true + fallbackApiVersion: null + isDefaultClass: true +ingressRoute: + dashboard: + annotations: {} + enabled: false + labels: {} +logs: + access: + enabled: null + fields: + general: + defaultmode: null + names: {} + headers: + defaultmode: null + names: {} + filters: {} + general: + level: DEBUG +metrics: + prometheus: + entryPoint: metrics +nodeSelector: {} +persistence: + accessMode: ReadWriteOnce + annotations: {} + enabled: true + name: ssl-certs + path: /ssl-certs + size: 128Mi +pilot: + enabled: false + token: '' +podDisruptionBudget: + enabled: false +podSecurityContext: + fsGroup: 65532 +podSecurityPolicy: + enabled: false +ports: + metrics: + expose: false + exposedPort: 9100 + port: 9100 + protocol: TCP + traefik: + expose: false + exposedPort: 9000 + port: 9000 + protocol: TCP + web: + expose: true + exposedPort: 80 + port: 8000 + protocol: TCP + redirectTo: websecure + websecure: + expose: true + exposedPort: 443 + port: 8443 + protocol: TCP + tls: + certResolver: letsencrypt + domains: null + enabled: true + options: null +priorityClassName: '' +providers: + kubernetesCRD: + allowCrossNamespace: false + allowExternalNameServices: false + enabled: true + namespaces: [] + kubernetesIngress: + enabled: true + namespaces: [] + publishedService: + enabled: false +rbac: + enabled: true + namespaced: false +resources: {} +rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 +service: + annotations: {} + annotationsTCP: {} + annotationsUDP: {} + enabled: true + externalIPs: [] + labels: {} + loadBalancerSourceRanges: [] + spec: {} + type: LoadBalancer +serviceAccount: + name: '' +serviceAccountAnnotations: {} +tlsOptions: {} +tolerations: [] +volumes: []