niku/cmp-lab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
strNophix
2022-05-20 20:48:03 +02:00
commit 1cf24ffec9
7 changed files with 302 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
README.md Normal file
View File

@@ -0,0 +1,30 @@
# CMP-LAB
## Setup
```bash
sh ./install_helm.sh
sh ./install_repos.sh
```
### Longhorn (storage)
```bash
helm install longhorn longhorn/longhorn --namespace longhorn-system --create-namespace
kubectl patch storageclass standard -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
```
### MetalLB (loadbalancer)
```bash
kubectl apply -f ./deployments/metallb-prep.yml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
```
### Traefik (ingress)
```bash
kubectl apply -f ./deployments/traefik-prep.yml
helm install traefik traefik/traefik --namespace=traefik --values=./values-files/traefik-values.yaml --create-namespace
```
### Nginx
```bash
kubectl apply -f ./deployments/nginx.yml
```

13
deployments/metallb-prep.yml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.2.180-192.168.2.200

63
deployments/nginx.yml Normal file
View File

@@ -0,0 +1,63 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: apps
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginxdemos-hello
namespace: apps
labels:
app: nginxdemos-hello
spec:
replicas: 3
selector:
matchLabels:
app: nginxdemos-hello
template:
metadata:
labels:
app: nginxdemos-hello
spec:
containers:
- name: nginxdemos-hello
image: nginxdemos/hello
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: nginxdemos-hello-lb
annotations:
namespace: apps
spec:
ports:
- port: 80
targetPort: 80
selector:
app: nginxdemos-hello
type: LoadBalancer
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginxdemos-hello-ingress
namespace: apps
spec:
rules:
- host: nginx.watson.holowaif.us
http:
paths:
- backend:
service:
name: nginxdemos-hello-lb
port:
number: 80
path: /
pathType: Prefix

24
deployments/traefik-prep.yml Normal file
View File

@@ -0,0 +1,24 @@
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: ssl-certs
provisioner: driver.longhorn.io
allowVolumeExpansion: true
reclaimPolicy: Delete
volumeBindingMode: Immediate
parameters:
numberOfReplicas: "2"
staleReplicaTimeout: "2880"
fromBackup: ""
fsType: "ext4"
---
apiVersion: v1
kind: Secret
data:
apiKey: VlhNZnh6c3dsX1c3UDNBTVRMN1BWN1IydVAxUGNqUWdxVTJCalhKUwo=
metadata:
name: cloudflare
namespace: traefik
type: Opaque

5
install_helm.sh Normal file
View File

@@ -0,0 +1,5 @@
#!/usr/bin/env bash
cd /tmp
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

3
install_repos.sh Normal file
View File

@@ -0,0 +1,3 @@
#!/usr/bin/env bash
helm repo add traefik https://helm.traefik.io/traefik
helm repo update

164
values-files/traefik-values.yaml Normal file
View File

@@ -0,0 +1,164 @@
additionalArguments:
- '--certificatesresolvers.letsencrypt.acme.email=nvdpoel01@gmail.com'
- '--certificatesresolvers.letsencrypt.acme.storage=/ssl-certs/acme.json'
- '--certificatesResolvers.letsencrypt.acme.dnschallenge.provider=cloudflare'
- >-
--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- '--certificatesResolvers.letsencrypt.acme.dnschallenge=true'
- '--api.insecure=true'
additionalVolumeMounts: []
affinity: {}
autoscaling:
enabled: false
deployment:
additionalContainers: []
additionalVolumes: []
annotations: {}
enabled: true
imagePullSecrets: []
initContainers:
# - name: volume-permissions
# image: busybox:1.31.1
# command: ['sh', '-c', 'chmod -Rv 600 /ssl-certs/*']
# volumeMounts:
# - mountPath: /ssl-certs
# name: ssl-certs
kind: Deployment
labels: {}
podAnnotations: {}
podLabels: {}
replicas: 1
terminationGracePeriodSeconds: 60
env:
- name: CF_DNS_API_TOKEN
valueFrom:
secretKeyRef:
key: apiKey
name: cloudflare
envFrom: []
experimental:
kubernetesGateway:
appLabelSelector: traefik
certificates: []
enabled: false
plugins:
enabled: false
globalArguments:
- '--global.checknewversion'
- '--global.sendanonymoususage'
hostNetwork: false
image:
name: traefik
pullPolicy: IfNotPresent
ingressClass:
enabled: true
fallbackApiVersion: null
isDefaultClass: true
ingressRoute:
dashboard:
annotations: {}
enabled: false
labels: {}
logs:
access:
enabled: null
fields:
general:
defaultmode: null
names: {}
headers:
defaultmode: null
names: {}
filters: {}
general:
level: DEBUG
metrics:
prometheus:
entryPoint: metrics
nodeSelector: {}
persistence:
accessMode: ReadWriteOnce
annotations: {}
enabled: true
name: ssl-certs
path: /ssl-certs
size: 128Mi
pilot:
enabled: false
token: ''
podDisruptionBudget:
enabled: false
podSecurityContext:
fsGroup: 65532
podSecurityPolicy:
enabled: false
ports:
metrics:
expose: false
exposedPort: 9100
port: 9100
protocol: TCP
traefik:
expose: false
exposedPort: 9000
port: 9000
protocol: TCP
web:
expose: true
exposedPort: 80
port: 8000
protocol: TCP
redirectTo: websecure
websecure:
expose: true
exposedPort: 443
port: 8443
protocol: TCP
tls:
certResolver: letsencrypt
domains: null
enabled: true
options: null
priorityClassName: ''
providers:
kubernetesCRD:
allowCrossNamespace: false
allowExternalNameServices: false
enabled: true
namespaces: []
kubernetesIngress:
enabled: true
namespaces: []
publishedService:
enabled: false
rbac:
enabled: true
namespaced: false
resources: {}
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
service:
annotations: {}
annotationsTCP: {}
annotationsUDP: {}
enabled: true
externalIPs: []
labels: {}
loadBalancerSourceRanges: []
spec: {}
type: LoadBalancer
serviceAccount:
name: ''
serviceAccountAnnotations: {}
tlsOptions: {}
tolerations: []
volumes: []