From 1cf24ffec9509a02654a2e0b0d77746fd3bf4262 Mon Sep 17 00:00:00 2001
From: strNophix <nickpoelson@gmail.com>
Date: Fri, 20 May 2022 20:48:03 +0200
Subject: [PATCH] Initial commit
---
README.md | 30 ++++++
deployments/metallb-prep.yml | 13 +++
deployments/nginx.yml | 63 ++++++++++++
deployments/traefik-prep.yml | 24 +++++
install_helm.sh | 5 +
install_repos.sh | 3 +
values-files/traefik-values.yaml | 164 +++++++++++++++++++++++++++++++
7 files changed, 302 insertions(+)
create mode 100644 README.md
create mode 100644 deployments/metallb-prep.yml
create mode 100644 deployments/nginx.yml
create mode 100644 deployments/traefik-prep.yml
create mode 100644 install_helm.sh
create mode 100644 install_repos.sh
create mode 100644 values-files/traefik-values.yaml
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d05b0dd
--- /dev/null
+++ b/README.md
@@ -0,0 +1,30 @@
+# CMP-LAB
+## Setup
+```bash
+sh ./install_helm.sh
+sh ./install_repos.sh
+```
+
+### Longhorn (storage)
+```bash
+helm install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace
+kubectl patch storageclass standard -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
+```
+
+### MetalLB (loadbalancer)
+```bash
+kubectl apply -f ./deployments/metallb-prep.yml
+kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
+kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
+```
+
+### Traefik (ingress)
+```bash
+kubectl apply -f ./deployments/traefik-prep.yml
+helm install traefik traefik/traefik --namespace=traefik --values=./values-files/traefik-values.yaml --create-namespace
+```
+
+### Nginx
+```bash
+kubectl apply -f ./deployments/nginx.yml
+```
diff --git a/deployments/metallb-prep.yml b/deployments/metallb-prep.yml
new file mode 100644
index 0000000..1b30d35
--- /dev/null
+++ b/deployments/metallb-prep.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: metallb-system
+ name: config
+data:
+ config: |
+ address-pools:
+ - name: default
+ protocol: layer2
+ addresses:
+ - 192.168.2.180-192.168.2.200
\ No newline at end of file
diff --git a/deployments/nginx.yml b/deployments/nginx.yml
new file mode 100644
index 0000000..ed6b5b3
--- /dev/null
+++ b/deployments/nginx.yml
@@ -0,0 +1,63 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: apps
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nginxdemos-hello
+ namespace: apps
+ labels:
+ app: nginxdemos-hello
+spec:
+ replicas: 3
+ selector:
+ matchLabels:
+ app: nginxdemos-hello
+ template:
+ metadata:
+ labels:
+ app: nginxdemos-hello
+ spec:
+ containers:
+ - name: nginxdemos-hello
+ image: nginxdemos/hello
+ ports:
+ - containerPort: 80
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nginxdemos-hello-lb
+ annotations:
+ namespace: apps
+spec:
+ ports:
+ - port: 80
+ targetPort: 80
+ selector:
+ app: nginxdemos-hello
+ type: LoadBalancer
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: nginxdemos-hello-ingress
+ namespace: apps
+spec:
+ rules:
+ - host: nginx.watson.holowaif.us
+ http:
+ paths:
+ - backend:
+ service:
+ name: nginxdemos-hello-lb
+ port:
+ number: 80
+ path: /
+ pathType: Prefix
diff --git a/deployments/traefik-prep.yml b/deployments/traefik-prep.yml
new file mode 100644
index 0000000..b4e7e45
--- /dev/null
+++ b/deployments/traefik-prep.yml
@@ -0,0 +1,24 @@
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+ name: ssl-certs
+provisioner: driver.longhorn.io
+allowVolumeExpansion: true
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
+parameters:
+ numberOfReplicas: "2"
+ staleReplicaTimeout: "2880"
+ fromBackup: ""
+ fsType: "ext4"
+
+---
+apiVersion: v1
+kind: Secret
+data:
+ apiKey: VlhNZnh6c3dsX1c3UDNBTVRMN1BWN1IydVAxUGNqUWdxVTJCalhKUwo=
+metadata:
+ name: cloudflare
+ namespace: traefik
+type: Opaque
\ No newline at end of file
diff --git a/install_helm.sh b/install_helm.sh
new file mode 100644
index 0000000..ccf5f17
--- /dev/null
+++ b/install_helm.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+cd /tmp
+curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+chmod 700 get_helm.sh
+./get_helm.sh
\ No newline at end of file
diff --git a/install_repos.sh b/install_repos.sh
new file mode 100644
index 0000000..42663ad
--- /dev/null
+++ b/install_repos.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+helm repo add traefik https://helm.traefik.io/traefik
+helm repo update
diff --git a/values-files/traefik-values.yaml b/values-files/traefik-values.yaml
new file mode 100644
index 0000000..6037635
--- /dev/null
+++ b/values-files/traefik-values.yaml
@@ -0,0 +1,164 @@
+additionalArguments:
+ - '--certificatesresolvers.letsencrypt.acme.email=nvdpoel01@gmail.com'
+ - '--certificatesresolvers.letsencrypt.acme.storage=/ssl-certs/acme.json'
+ - '--certificatesResolvers.letsencrypt.acme.dnschallenge.provider=cloudflare'
+ - >-
+ --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+ - '--certificatesResolvers.letsencrypt.acme.dnschallenge=true'
+ - '--api.insecure=true'
+additionalVolumeMounts: []
+affinity: {}
+autoscaling:
+ enabled: false
+deployment:
+ additionalContainers: []
+ additionalVolumes: []
+ annotations: {}
+ enabled: true
+ imagePullSecrets: []
+ initContainers:
+ # - name: volume-permissions
+ # image: busybox:1.31.1
+ # command: ['sh', '-c', 'chmod -Rv 600 /ssl-certs/*']
+ # volumeMounts:
+ # - mountPath: /ssl-certs
+ # name: ssl-certs
+ kind: Deployment
+ labels: {}
+ podAnnotations: {}
+ podLabels: {}
+ replicas: 1
+ terminationGracePeriodSeconds: 60
+env:
+ - name: CF_DNS_API_TOKEN
+ valueFrom:
+ secretKeyRef:
+ key: apiKey
+ name: cloudflare
+envFrom: []
+experimental:
+ kubernetesGateway:
+ appLabelSelector: traefik
+ certificates: []
+ enabled: false
+ plugins:
+ enabled: false
+globalArguments:
+ - '--global.checknewversion'
+ - '--global.sendanonymoususage'
+hostNetwork: false
+image:
+ name: traefik
+ pullPolicy: IfNotPresent
+ingressClass:
+ enabled: true
+ fallbackApiVersion: null
+ isDefaultClass: true
+ingressRoute:
+ dashboard:
+ annotations: {}
+ enabled: false
+ labels: {}
+logs:
+ access:
+ enabled: null
+ fields:
+ general:
+ defaultmode: null
+ names: {}
+ headers:
+ defaultmode: null
+ names: {}
+ filters: {}
+ general:
+ level: DEBUG
+metrics:
+ prometheus:
+ entryPoint: metrics
+nodeSelector: {}
+persistence:
+ accessMode: ReadWriteOnce
+ annotations: {}
+ enabled: true
+ name: ssl-certs
+ path: /ssl-certs
+ size: 128Mi
+pilot:
+ enabled: false
+ token: ''
+podDisruptionBudget:
+ enabled: false
+podSecurityContext:
+ fsGroup: 65532
+podSecurityPolicy:
+ enabled: false
+ports:
+ metrics:
+ expose: false
+ exposedPort: 9100
+ port: 9100
+ protocol: TCP
+ traefik:
+ expose: false
+ exposedPort: 9000
+ port: 9000
+ protocol: TCP
+ web:
+ expose: true
+ exposedPort: 80
+ port: 8000
+ protocol: TCP
+ redirectTo: websecure
+ websecure:
+ expose: true
+ exposedPort: 443
+ port: 8443
+ protocol: TCP
+ tls:
+ certResolver: letsencrypt
+ domains: null
+ enabled: true
+ options: null
+priorityClassName: ''
+providers:
+ kubernetesCRD:
+ allowCrossNamespace: false
+ allowExternalNameServices: false
+ enabled: true
+ namespaces: []
+ kubernetesIngress:
+ enabled: true
+ namespaces: []
+ publishedService:
+ enabled: false
+rbac:
+ enabled: true
+ namespaced: false
+resources: {}
+rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 1
+securityContext:
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsGroup: 65532
+ runAsNonRoot: true
+ runAsUser: 65532
+service:
+ annotations: {}
+ annotationsTCP: {}
+ annotationsUDP: {}
+ enabled: true
+ externalIPs: []
+ labels: {}
+ loadBalancerSourceRanges: []
+ spec: {}
+ type: LoadBalancer
+serviceAccount:
+ name: ''
+serviceAccountAnnotations: {}
+tlsOptions: {}
+tolerations: []
+volumes: []