librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Lint code

This commit is contained in:
Théophile Diot 2023-03-09 10:04:59 +01:00
parent 966f57ceaa
commit 8c67d08aee
No known key found for this signature in database
GPG Key ID: E752C80DB72BB014
30 changed files with 1190 additions and 949 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/staging-container-build.yml vendored
View File

@ -63,4 +63,4 @@ jobs:
trivyignores: .trivyignore
# Push image
- name: Push image
run: docker tag local/${{ inputs.IMAGE }} ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:staging && docker push ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:staging
run: docker tag local/${{ inputs.IMAGE }} ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:staging && docker push ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.IMAGE }}-tests:staging

4
.github/workflows/staging-create-infra.yml vendored
View File

@ -29,8 +29,8 @@ jobs:
uses: actions/setup-python@v4
if: inputs.TYPE != 'k8s'
with:
python-version: '3.11'
cache: 'pip'
python-version: "3.11"
cache: "pip"
- name: Install ansible
run: pip install ansible
if: inputs.TYPE != 'k8s'

2
.github/workflows/staging-linux-build.yml vendored
View File

@ -65,4 +65,4 @@ jobs:
file: tests/linux/Dockerfile-${{ inputs.LINUX }}
platforms: linux/amd64
push: true
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.LINUX }}-tests:staging
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/${{ inputs.LINUX }}-tests:staging

4
.github/workflows/staging-push-packagecloud.yml vendored
View File

@ -39,7 +39,7 @@ jobs:
- name: Install ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.0'
ruby-version: "3.0"
- name: Install packagecloud
run: gem install package_cloud
# Download packages
@ -61,4 +61,4 @@ jobs:
PACKAGECLOUD-USERNAME: bunkerity
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
PACKAGECLOUD-DISTRIB: ${{ inputs.LINUX }}/${{ inputs.VERSION }}
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

2
.github/workflows/staging-tests-ui.yml vendored
View File

@ -34,4 +34,4 @@ jobs:
- name: Run tests
run: ./tests/ui/tests.sh
env:
MODE: ${{ inputs.MODE }}
MODE: ${{ inputs.MODE }}

2
.github/workflows/staging-tests.yml vendored
View File

@ -123,4 +123,4 @@ jobs:
run: export $(echo "$TEST_DOMAINS" | xargs) && ./tests/main.py "linux" "fedora"
env:
TEST_DOMAINS: ${{ secrets.TEST_DOMAINS_LINUX }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}
ROOT_DOMAIN: ${{ secrets.ROOT_DOMAIN }}

15
.github/workflows/staging.yml vendored
View File

@ -5,7 +5,6 @@ on:
branches: [staging]
jobs:
# Containers
build-bw:
uses: ./.github/workflows/staging-container-build.yml
@ -123,7 +122,7 @@ jobs:
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
# Create infrastructures
create-infra-docker:
needs: [code-security, build-bw, build-scheduler]
@ -154,7 +153,15 @@ jobs:
secrets:
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
create-infra-linux:
needs: [code-security, build-ubuntu, build-debian, build-centos, build-fedora, build-rhel]
needs:
[
code-security,
build-ubuntu,
build-debian,
build-centos,
build-fedora,
build-rhel,
]
uses: ./.github/workflows/staging-create-infra.yml
with:
TYPE: linux
@ -342,4 +349,4 @@ jobs:
VERSION: 37
PACKAGE: rpm
secrets:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

248
misc/integrations/k8s.mariadb.ui.yml
View File

@ -3,12 +3,12 @@ kind: ClusterRole
metadata:
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
@ -20,10 +20,10 @@ kind: ClusterRoleBinding
metadata:
name: crb-bunkerweb
subjects:
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cr-bunkerweb
@ -46,53 +46,53 @@ spec:
bunkerweb.io/AUTOCONF: "yes"
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
---
apiVersion: apps/v1
kind: Deployment
@ -112,14 +112,14 @@ spec:
spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -138,14 +138,14 @@ spec:
app: bunkerweb-scheduler
spec:
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -164,9 +164,9 @@ spec:
app: bunkerweb-redis
spec:
containers:
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
---
apiVersion: apps/v1
kind: Deployment
@ -185,21 +185,21 @@ spec:
app: bunkerweb-db
spec:
containers:
- name: bunkerweb-db
image: mariadb:10.10
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
- name: bunkerweb-db
image: mariadb:10.10
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
volumes:
- name: vol-db
persistentVolumeClaim:
@ -222,16 +222,16 @@ spec:
app: bunkerweb-ui
spec:
containers:
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.0
imagePullPolicy: Always
env:
- name: ADMIN_USERNAME
value: "admin"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/admin"
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.0
imagePullPolicy: Always
env:
- name: ADMIN_USERNAME
value: "admin"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/admin"
---
apiVersion: v1
kind: Service
@ -251,10 +251,10 @@ spec:
selector:
app: bunkerweb-db
ports:
- name: sql
protocol: TCP
port: 3306
targetPort: 3306
- name: sql
protocol: TCP
port: 3306
targetPort: 3306
---
apiVersion: v1
kind: Service
@ -265,10 +265,10 @@ spec:
selector:
app: bunkerweb-redis
ports:
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
---
apiVersion: v1
kind: Service
@ -279,10 +279,10 @@ spec:
selector:
app: bunkerweb-ui
ports:
- name: http
protocol: TCP
port: 7000
targetPort: 7000
- name: http
protocol: TCP
port: 7000
targetPort: 7000
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -290,7 +290,7 @@ metadata:
name: pvc-bunkerweb
spec:
accessModes:
- ReadWriteOnce
- ReadWriteOnce
resources:
requests:
storage: 5Gi
@ -306,13 +306,13 @@ metadata:
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
spec:
rules:
- host: www.example.com
http:
paths:
- path: /admin
pathType: Prefix
backend:
service:
name: svc-bunkerweb-ui
port:
number: 7000
- host: www.example.com
http:
paths:
- path: /admin
pathType: Prefix
backend:
service:
name: svc-bunkerweb-ui
port:
number: 7000

208
misc/integrations/k8s.mariadb.yml
View File

@ -3,12 +3,12 @@ kind: ClusterRole
metadata:
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
@ -20,10 +20,10 @@ kind: ClusterRoleBinding
metadata:
name: crb-bunkerweb
subjects:
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cr-bunkerweb
@ -46,55 +46,55 @@ spec:
bunkerweb.io/AUTOCONF: "yes"
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
#imagePullSecrets:
#- name: secret-registry
#- name: secret-registry
---
apiVersion: apps/v1
kind: Deployment
@ -114,16 +114,16 @@ spec:
spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
#imagePullSecrets:
#- name: secret-registry
#- name: secret-registry
---
apiVersion: apps/v1
kind: Deployment
@ -142,16 +142,16 @@ spec:
app: bunkerweb-scheduler
spec:
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
#imagePullSecrets:
#- name: secret-registry
#- name: secret-registry
---
apiVersion: apps/v1
kind: Deployment
@ -170,9 +170,9 @@ spec:
app: bunkerweb-redis
spec:
containers:
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
---
apiVersion: apps/v1
kind: Deployment
@ -191,21 +191,21 @@ spec:
app: bunkerweb-db
spec:
containers:
- name: bunkerweb-db
image: mariadb:10.10
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
- name: bunkerweb-db
image: mariadb:10.10
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
volumes:
- name: vol-db
persistentVolumeClaim:
@ -229,10 +229,10 @@ spec:
selector:
app: bunkerweb-db
ports:
- name: sql
protocol: TCP
port: 3306
targetPort: 3306
- name: sql
protocol: TCP
port: 3306
targetPort: 3306
---
apiVersion: v1
kind: Service
@ -243,10 +243,10 @@ spec:
selector:
app: bunkerweb-redis
ports:
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -254,9 +254,9 @@ metadata:
name: pvc-bunkerweb
spec:
accessModes:
- ReadWriteOnce
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: ""
volumeName: pv-bunkerweb
volumeName: pv-bunkerweb

284
misc/integrations/k8s.mysql.ui.yml
View File

@ -3,12 +3,12 @@ kind: ClusterRole
metadata:
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
@ -20,10 +20,10 @@ kind: ClusterRoleBinding
metadata:
name: crb-bunkerweb
subjects:
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cr-bunkerweb
@ -46,53 +46,53 @@ spec:
bunkerweb.io/AUTOCONF: "yes"
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
---
apiVersion: apps/v1
kind: Deployment
@ -112,14 +112,14 @@ spec:
spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -138,14 +138,14 @@ spec:
app: bunkerweb-scheduler
spec:
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -164,9 +164,9 @@ spec:
app: bunkerweb-redis
spec:
containers:
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
---
apiVersion: apps/v1
kind: Deployment
@ -185,21 +185,21 @@ spec:
app: bunkerweb-db
spec:
containers:
- name: bunkerweb-db
image: mysql:8.0
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
- name: bunkerweb-db
image: mysql:8.0
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
volumes:
- name: vol-db
persistentVolumeClaim:
@ -222,9 +222,9 @@ spec:
app: bunkerweb-redis
spec:
containers:
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
---
apiVersion: apps/v1
kind: Deployment
@ -243,21 +243,21 @@ spec:
app: bunkerweb-db
spec:
containers:
- name: bunkerweb-db
image: mariadb:10.10
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
- name: bunkerweb-db
image: mariadb:10.10
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
volumes:
- name: vol-db
persistentVolumeClaim:
@ -280,16 +280,16 @@ spec:
app: bunkerweb-ui
spec:
containers:
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.0
imagePullPolicy: Always
env:
- name: ADMIN_USERNAME
value: "admin"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/admin"
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.0
imagePullPolicy: Always
env:
- name: ADMIN_USERNAME
value: "admin"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/admin"
---
apiVersion: v1
kind: Service
@ -309,10 +309,10 @@ spec:
selector:
app: bunkerweb-db
ports:
- name: sql
protocol: TCP
port: 3306
targetPort: 3306
- name: sql
protocol: TCP
port: 3306
targetPort: 3306
---
apiVersion: v1
kind: Service
@ -323,10 +323,10 @@ spec:
selector:
app: bunkerweb-redis
ports:
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
---
apiVersion: v1
kind: Service
@ -337,10 +337,10 @@ spec:
selector:
app: bunkerweb-ui
ports:
- name: http
protocol: TCP
port: 7000
targetPort: 7000
- name: http
protocol: TCP
port: 7000
targetPort: 7000
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -348,7 +348,7 @@ metadata:
name: pvc-bunkerweb
spec:
accessModes:
- ReadWriteOnce
- ReadWriteOnce
resources:
requests:
storage: 5Gi
@ -364,13 +364,13 @@ metadata:
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
spec:
rules:
- host: www.example.com
http:
paths:
- path: /admin
pathType: Prefix
backend:
service:
name: svc-bunkerweb-ui
port:
number: 7000
- host: www.example.com
http:
paths:
- path: /admin
pathType: Prefix
backend:
service:
name: svc-bunkerweb-ui
port:
number: 7000

202
misc/integrations/k8s.mysql.yml
View File

@ -3,12 +3,12 @@ kind: ClusterRole
metadata:
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
@ -20,10 +20,10 @@ kind: ClusterRoleBinding
metadata:
name: crb-bunkerweb
subjects:
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cr-bunkerweb
@ -46,53 +46,53 @@ spec:
bunkerweb.io/AUTOCONF: "yes"
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
---
apiVersion: apps/v1
kind: Deployment
@ -112,14 +112,14 @@ spec:
spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -138,14 +138,14 @@ spec:
app: bunkerweb-scheduler
spec:
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -164,9 +164,9 @@ spec:
app: bunkerweb-redis
spec:
containers:
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
---
apiVersion: apps/v1
kind: Deployment
@ -185,21 +185,21 @@ spec:
app: bunkerweb-db
spec:
containers:
- name: bunkerweb-db
image: mysql:8.0
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
- name: bunkerweb-db
image: mysql:8.0
imagePullPolicy: Always
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "yes"
- name: "MYSQL_DATABASE"
value: "db"
- name: "MYSQL_USER"
value: "bunkerweb"
- name: "MYSQL_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/mysql"
name: vol-db
volumes:
- name: vol-db
persistentVolumeClaim:
@ -223,10 +223,10 @@ spec:
selector:
app: bunkerweb-db
ports:
- name: sql
protocol: TCP
port: 3306
targetPort: 3306
- name: sql
protocol: TCP
port: 3306
targetPort: 3306
---
apiVersion: v1
kind: Service
@ -237,10 +237,10 @@ spec:
selector:
app: bunkerweb-redis
ports:
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -248,9 +248,9 @@ metadata:
name: pvc-bunkerweb
spec:
accessModes:
- ReadWriteOnce
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: ""
volumeName: pv-bunkerweb
volumeName: pv-bunkerweb

246
misc/integrations/k8s.postgres.ui.yml
View File

@ -3,12 +3,12 @@ kind: ClusterRole
metadata:
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
@ -20,10 +20,10 @@ kind: ClusterRoleBinding
metadata:
name: crb-bunkerweb
subjects:
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cr-bunkerweb
@ -46,53 +46,53 @@ spec:
bunkerweb.io/AUTOCONF: "yes"
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
---
apiVersion: apps/v1
kind: Deployment
@ -112,14 +112,14 @@ spec:
spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -138,14 +138,14 @@ spec:
app: bunkerweb-scheduler
spec:
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -164,9 +164,9 @@ spec:
app: bunkerweb-redis
spec:
containers:
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
---
apiVersion: apps/v1
kind: Deployment
@ -185,19 +185,19 @@ spec:
app: bunkerweb-db
spec:
containers:
- name: bunkerweb-db
image: postgres:15.1
imagePullPolicy: Always
env:
- name: "POSTGRES_DB"
value: "db"
- name: "POSTGRES_USER"
value: "bunkerweb"
- name: "POSTGRES_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/postgresql/data"
name: vol-db
- name: bunkerweb-db
image: postgres:15.1
imagePullPolicy: Always
env:
- name: "POSTGRES_DB"
value: "db"
- name: "POSTGRES_USER"
value: "bunkerweb"
- name: "POSTGRES_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/postgresql/data"
name: vol-db
volumes:
- name: vol-db
persistentVolumeClaim:
@ -220,16 +220,16 @@ spec:
app: bunkerweb-ui
spec:
containers:
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.0
imagePullPolicy: Always
env:
- name: ADMIN_USERNAME
value: "admin"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/admin"
- name: bunkerweb-ui
image: bunkerity/bunkerweb-ui:1.5.0
imagePullPolicy: Always
env:
- name: ADMIN_USERNAME
value: "admin"
- name: "ADMIN_PASSWORD"
value: "changeme"
- name: "ABSOLUTE_URI"
value: "http://www.example.com/admin"
---
apiVersion: v1
kind: Service
@ -249,10 +249,10 @@ spec:
selector:
app: bunkerweb-db
ports:
- name: sql
protocol: TCP
port: 5432
targetPort: 5432
- name: sql
protocol: TCP
port: 5432
targetPort: 5432
---
apiVersion: v1
kind: Service
@ -263,10 +263,10 @@ spec:
selector:
app: bunkerweb-redis
ports:
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
---
apiVersion: v1
kind: Service
@ -277,10 +277,10 @@ spec:
selector:
app: bunkerweb-ui
ports:
- name: http
protocol: TCP
port: 7000
targetPort: 7000
- name: http
protocol: TCP
port: 7000
targetPort: 7000
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -288,7 +288,7 @@ metadata:
name: pvc-bunkerweb
spec:
accessModes:
- ReadWriteOnce
- ReadWriteOnce
resources:
requests:
storage: 5Gi
@ -301,7 +301,7 @@ metadata:
name: pvc-bunkerweb
spec:
accessModes:
- ReadWriteOnce
- ReadWriteOnce
resources:
requests:
storage: 5Gi
@ -317,13 +317,13 @@ metadata:
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
spec:
rules:
- host: www.example.com
http:
paths:
- path: /admin
pathType: Prefix
backend:
service:
name: svc-bunkerweb-ui
port:
number: 7000
- host: www.example.com
http:
paths:
- path: /admin
pathType: Prefix
backend:
service:
name: svc-bunkerweb-ui
port:
number: 7000

198
misc/integrations/k8s.postgres.yml
View File

@ -3,12 +3,12 @@ kind: ClusterRole
metadata:
name: cr-bunkerweb
rules:
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["services", "pods", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list"]
---
apiVersion: v1
kind: ServiceAccount
@ -20,10 +20,10 @@ kind: ClusterRoleBinding
metadata:
name: crb-bunkerweb
subjects:
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
- kind: ServiceAccount
name: sa-bunkerweb
namespace: default
apiGroup: ""
roleRef:
kind: ClusterRole
name: cr-bunkerweb
@ -46,53 +46,53 @@ spec:
bunkerweb.io/AUTOCONF: "yes"
spec:
containers:
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
- name: bunkerweb
image: bunkerity/bunkerweb:1.4.6
imagePullPolicy: Always
securityContext:
runAsUser: 101
runAsGroup: 101
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
ports:
- containerPort: 8080
hostPort: 80
- containerPort: 8443
hostPort: 443
env:
- name: KUBERNETES_MODE
value: "yes"
# replace with your DNS resolvers
# e.g. : kube-dns.kube-system.svc.cluster.local
- name: DNS_RESOLVERS
value: "coredns.kube-system.svc.cluster.local"
- name: USE_API
value: "yes"
# 10.0.0.0/8 is the cluster internal subnet
- name: API_WHITELIST_IP
value: "127.0.0.0/8 10.0.0.0/8"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
livenessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
exec:
command:
- /usr/share/bunkerweb/helpers/healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 1
timeoutSeconds: 1
failureThreshold: 3
---
apiVersion: apps/v1
kind: Deployment
@ -112,14 +112,14 @@ spec:
spec:
serviceAccountName: sa-bunkerweb
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -138,14 +138,14 @@ spec:
app: bunkerweb-scheduler
spec:
containers:
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
- name: bunkerweb-controller
image: bunkerity/bunkerweb-autoconf:1.4.6
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: "DATABASE_URI"
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
---
apiVersion: apps/v1
kind: Deployment
@ -164,9 +164,9 @@ spec:
app: bunkerweb-redis
spec:
containers:
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
- name: bunkerweb-redis
image: redis:7-alpine
imagePullPolicy: Always
---
apiVersion: apps/v1
kind: Deployment
@ -185,19 +185,19 @@ spec:
app: bunkerweb-db
spec:
containers:
- name: bunkerweb-db
image: postgres:15.1
imagePullPolicy: Always
env:
- name: "POSTGRES_DB"
value: "db"
- name: "POSTGRES_USER"
value: "bunkerweb"
- name: "POSTGRES_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/postgresql/data"
name: vol-db
- name: bunkerweb-db
image: postgres:15.1
imagePullPolicy: Always
env:
- name: "POSTGRES_DB"
value: "db"
- name: "POSTGRES_USER"
value: "bunkerweb"
- name: "POSTGRES_PASSWORD"
value: "changeme"
volumeMounts:
- mountPath: "/var/lib/postgresql/data"
name: vol-db
volumes:
- name: vol-db
persistentVolumeClaim:
@ -221,10 +221,10 @@ spec:
selector:
app: bunkerweb-db
ports:
- name: sql
protocol: TCP
port: 5432
targetPort: 5432
- name: sql
protocol: TCP
port: 5432
targetPort: 5432
---
apiVersion: v1
kind: Service
@ -235,10 +235,10 @@ spec:
selector:
app: bunkerweb-redis
ports:
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -246,9 +246,9 @@ metadata:
name: pvc-bunkerweb
spec:
accessModes:
- ReadWriteOnce
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: ""
volumeName: pv-bunkerweb
volumeName: pv-bunkerweb

1
src/autoconf/Config.py
View File

@ -47,7 +47,6 @@ class Config(ConfigCaller):
return False
def apply(self, instances, services, configs=None) -> bool:
success = True
# update values

2
src/common/gen/Templator.py
View File

@ -106,7 +106,7 @@ class Templator:
"set-lua.conf",
"log-stream-lua.conf",
"preread-stream-lua.conf",
"server-stream.conf"
"server-stream.conf",
]
for root_conf in root_confs:
if template.endswith(f"/{root_conf}"):

2
src/common/gen/save_config.py
View File

@ -225,7 +225,7 @@ if __name__ == "__main__":
if custom_confs_rx.match(k)
]
root_dirs = listdir("/etc/bunkerweb/configs")
for (root, dirs, files) in walk("/etc/bunkerweb/configs", topdown=True):
for root, dirs, files in walk("/etc/bunkerweb/configs", topdown=True):
if (
root != "configs"
and (dirs and not root.split("/")[-1] in root_dirs)

5
src/common/settings.json
View File

@ -197,10 +197,7 @@
"label": "Server type",
"regex": "^(http|stream)$",
"type": "select",
"select": [
"http",
"stream"
]
"select": ["http", "stream"]
},
"LISTEN_STREAM": {
"context": "multisite",

2
src/scheduler/main.py
View File

@ -236,7 +236,7 @@ if __name__ == "__main__":
# Checking if any custom config has been created by the user
custom_confs = []
root_dirs = listdir("/etc/bunkerweb/configs")
for (root, dirs, files) in walk("/etc/bunkerweb/configs", topdown=True):
for root, dirs, files in walk("/etc/bunkerweb/configs", topdown=True):
if (
root != "configs"
and (dirs and not root.split("/")[-1] in root_dirs)

20
src/ui/main.py
View File

@ -19,7 +19,13 @@ from flask import (
send_file,
url_for,
)
from flask_login import LoginManager, login_required, login_user, logout_user
from flask_login import (
current_user,
LoginManager,
login_required,
login_user,
logout_user,
)
from flask_wtf.csrf import CSRFProtect, CSRFError, generate_csrf
from importlib.machinery import SourceFileLoader
from io import BytesIO
@ -253,13 +259,6 @@ def load_user(user_id):
return User(user_id, vars["ADMIN_PASSWORD"])
@login_manager.unauthorized_handler
def unauthorized_callback():
if request.path == "/":
return redirect(url_for("login"))
return "Unauthorized", 401
# CSRF protection
csrf = CSRFProtect()
csrf.init_app(app)
@ -410,7 +409,6 @@ def instances():
@login_required
def services():
if request.method == "POST":
# Check operation
if not "operation" in request.form or not request.form["operation"] in (
"new",
@ -548,7 +546,6 @@ def services():
@login_required
def global_config():
if request.method == "POST":
# Check variables
variables = deepcopy(request.form.to_dict())
del variables["csrf_token"]
@ -1669,6 +1666,9 @@ def login():
render_template("login.html", error="Invalid username or password"),
401,
)
if current_user.is_authenticated:
return redirect(url_for("home"))
return render_template("login.html")

2
src/ui/src/ConfigFiles.py
View File

@ -22,7 +22,7 @@ class ConfigFiles:
def save_configs(self) -> str:
custom_configs = []
root_dirs = listdir("/etc/bunkerweb/configs")
for (root, dirs, files) in walk("/etc/bunkerweb/configs", topdown=True):
for root, dirs, files in walk("/etc/bunkerweb/configs", topdown=True):
if (
root != "configs"
and (dirs and not root.split("/")[-1] in root_dirs)

179
tests/AutoconfTest.py
View File

@ -7,122 +7,181 @@ from subprocess import run
from time import sleep
from logger import log
class AutoconfTest(Test) :
def __init__(self, name, timeout, tests, no_copy_container=False, delay=0) :
super().__init__(name, "autoconf", timeout, tests, no_copy_container=no_copy_container, delay=delay)
class AutoconfTest(Test):
def __init__(self, name, timeout, tests, no_copy_container=False, delay=0):
super().__init__(
name,
"autoconf",
timeout,
tests,
no_copy_container=no_copy_container,
delay=delay,
)
self._domains = {
r"www\.example\.com": getenv("TEST_DOMAIN1"),
r"auth\.example\.com": getenv("TEST_DOMAIN1"),
r"app1\.example\.com": getenv("TEST_DOMAIN1_1"),
r"app2\.example\.com": getenv("TEST_DOMAIN1_2"),
r"app3\.example\.com": getenv("TEST_DOMAIN1_3")
r"app3\.example\.com": getenv("TEST_DOMAIN1_3"),
}
self._check_domains()
def init() :
try :
if not Test.init() :
def init():
try:
if not Test.init():
return False
proc = run("sudo chown -R root:root /tmp/bw-data", shell=True)
if proc.returncode != 0 :
raise(Exception("chown failed (autoconf stack)"))
if isdir("/tmp/autoconf") :
if proc.returncode != 0:
raise (Exception("chown failed (autoconf stack)"))
if isdir("/tmp/autoconf"):
rmtree("/tmp/autoconf")
mkdir("/tmp/autoconf")
copy("./misc/integrations/autoconf.yml", "/tmp/autoconf/docker-compose.yml")
compose = "/tmp/autoconf/docker-compose.yml"
Test.replace_in_file(compose, r"bunkerity/bunkerweb:.*$", "local/bunkerweb-tests:latest")
Test.replace_in_file(compose, r"bunkerity/bunkerweb-autoconf:.*$", "local/autoconf-tests:latest")
Test.replace_in_file(compose, r"bunkerity/bunkerweb-scheduler:.*$", "local/scheduler-tests:latest")
Test.replace_in_file(
compose, r"bunkerity/bunkerweb:.*$", "local/bunkerweb-tests:latest"
)
Test.replace_in_file(
compose,
r"bunkerity/bunkerweb-autoconf:.*$",
"local/autoconf-tests:latest",
)
Test.replace_in_file(
compose,
r"bunkerity/bunkerweb-scheduler:.*$",
"local/scheduler-tests:latest",
)
Test.replace_in_file(compose, r"\./bw\-data:/", "/tmp/bw-data:/")
proc = run("docker-compose pull --ignore-pull-failures", cwd="/tmp/autoconf", shell=True)
if proc.returncode != 0 :
raise(Exception("docker-compose pull failed (autoconf stack)"))
proc = run(
"docker-compose pull --ignore-pull-failures",
cwd="/tmp/autoconf",
shell=True,
)
if proc.returncode != 0:
raise (Exception("docker-compose pull failed (autoconf stack)"))
proc = run("docker-compose up -d", cwd="/tmp/autoconf", shell=True)
if proc.returncode != 0 :
raise(Exception("docker-compose up failed (autoconf stack)"))
if proc.returncode != 0:
raise (Exception("docker-compose up failed (autoconf stack)"))
i = 0
healthy = False
while i < 30 :
proc = run('docker inspect --format "{{json .State.Health }}" autoconf-bunkerweb-1', cwd="/tmp/autoconf", shell=True, capture_output=True)
if proc.returncode != 0 :
raise(Exception("docker inspect failed (autoconf stack)"))
if "healthy" in proc.stdout.decode() :
while i < 30:
proc = run(
'docker inspect --format "{{json .State.Health }}" autoconf-bunkerweb-1',
cwd="/tmp/autoconf",
shell=True,
capture_output=True,
)
if proc.returncode != 0:
raise (Exception("docker inspect failed (autoconf stack)"))
if "healthy" in proc.stdout.decode():
healthy = True
break
sleep(1)
i += 1
if not healthy :
raise(Exception("autoconf stack is not healthy"))
except :
log("AUTOCONF", "", "exception while running AutoconfTest.init()\n" + format_exc())
if not healthy:
raise (Exception("autoconf stack is not healthy"))
except:
log(
"AUTOCONF",
"",
"exception while running AutoconfTest.init()\n" + format_exc(),
)
return False
return True
def end() :
def end():
ret = True
try :
if not Test.end() :
try:
if not Test.end():
return False
proc = run("docker-compose down -v", cwd="/tmp/autoconf", shell=True)
if proc.returncode != 0 :
if proc.returncode != 0:
ret = False
rmtree("/tmp/autoconf")
except :
log("AUTOCONF", "", "exception while running AutoconfTest.end()\n" + format_exc())
except:
log(
"AUTOCONF",
"",
"exception while running AutoconfTest.end()\n" + format_exc(),
)
return False
return ret
def _setup_test(self) :
try :
def _setup_test(self):
try:
super()._setup_test()
test = "/tmp/tests/" + self._name
compose = "/tmp/tests/" + self._name + "/autoconf.yml"
example_data = "/tmp/tests/" + self._name + "/bw-data"
Test.replace_in_file(compose, r"bunkerity/bunkerweb:.*$", "local/bunkerweb-tests:latest")
Test.replace_in_file(compose, r"bunkerity/bunkerweb-scheduler:.*$", "local/scheduler-tests:latest")
Test.replace_in_file(compose, r"bunkerity/bunkerweb-autoconf:.*$", "local/autoconf-tests:latest")
Test.replace_in_file(
compose, r"bunkerity/bunkerweb:.*$", "local/bunkerweb-tests:latest"
)
Test.replace_in_file(
compose,
r"bunkerity/bunkerweb-scheduler:.*$",
"local/scheduler-tests:latest",
)
Test.replace_in_file(
compose,
r"bunkerity/bunkerweb-autoconf:.*$",
"local/autoconf-tests:latest",
)
Test.replace_in_file(compose, r"\./bw\-data:/", "/tmp/bw-data:/")
Test.replace_in_file(compose, r"\- bw_data:/", "- /tmp/bw-data:/")
for ex_domain, test_domain in self._domains.items() :
for ex_domain, test_domain in self._domains.items():
Test.replace_in_files(test, ex_domain, test_domain)
Test.rename(test, ex_domain, test_domain)
Test.replace_in_files(test, "example.com", getenv("ROOT_DOMAIN"))
setup = test + "/setup-autoconf.sh"
if isfile(setup) :
if isfile(setup):
proc = run("sudo ./setup-autoconf.sh", cwd=test, shell=True)
if proc.returncode != 0 :
raise(Exception("setup-autoconf failed"))
if isdir(example_data) and not self._no_copy_container :
proc = run("sudo bash -c 'cp -rp " + example_data + "/* /tmp/bw-data'", shell=True)
if proc.returncode != 0 :
raise(Exception("cp bw-data failed"))
proc = run("docker-compose -f autoconf.yml pull --ignore-pull-failures", shell=True, cwd=test)
if proc.returncode != 0 :
raise(Exception("docker-compose pull failed"))
if proc.returncode != 0:
raise (Exception("setup-autoconf failed"))
if isdir(example_data) and not self._no_copy_container:
proc = run(
"sudo bash -c 'cp -rp " + example_data + "/* /tmp/bw-data'",
shell=True,
)
if proc.returncode != 0:
raise (Exception("cp bw-data failed"))
proc = run(
"docker-compose -f autoconf.yml pull --ignore-pull-failures",
shell=True,
cwd=test,
)
if proc.returncode != 0:
raise (Exception("docker-compose pull failed"))
proc = run("docker-compose -f autoconf.yml up -d", shell=True, cwd=test)
if proc.returncode != 0 :
raise(Exception("docker-compose up failed"))
except :
log("AUTOCONF", "", "exception while running AutoconfTest._setup_test()\n" + format_exc())
if proc.returncode != 0:
raise (Exception("docker-compose up failed"))
except:
log(
"AUTOCONF",
"",
"exception while running AutoconfTest._setup_test()\n" + format_exc(),
)
self._cleanup_test()
return False
return True
def _cleanup_test(self) :
try :
def _cleanup_test(self):
try:
test = "/tmp/tests/" + self._name
proc = run("docker-compose -f autoconf.yml down -v", shell=True, cwd=test)
if proc.returncode != 0 :
raise(Exception("docker-compose down failed"))
if proc.returncode != 0:
raise (Exception("docker-compose down failed"))
super()._cleanup_test()
except :
log("AUTOCONF", "", "exception while running AutoconfTest._cleanup_test()\n" + format_exc())
except:
log(
"AUTOCONF",
"",
"exception while running AutoconfTest._cleanup_test()\n" + format_exc(),
)
return False
return True
def _debug_fail(self) :
def _debug_fail(self):
autoconf = "/tmp/autoconf"
proc = run("docker-compose logs", shell=True, cwd=autoconf)
test = "/tmp/tests/" + self._name

111
tests/DockerTest.py
View File

@ -5,81 +5,116 @@ from traceback import format_exc
from subprocess import run
from logger import log
class DockerTest(Test) :
def __init__(self, name, timeout, tests, no_copy_container=False, delay=0) :
super().__init__(name, "docker", timeout, tests, no_copy_container=no_copy_container, delay=delay)
class DockerTest(Test):
def __init__(self, name, timeout, tests, no_copy_container=False, delay=0):
super().__init__(
name,
"docker",
timeout,
tests,
no_copy_container=no_copy_container,
delay=delay,
)
self._domains = {
r"www\.example\.com": getenv("TEST_DOMAIN1"),
r"auth\.example\.com": getenv("TEST_DOMAIN1"),
r"app1\.example\.com": getenv("TEST_DOMAIN1_1"),
r"app2\.example\.com": getenv("TEST_DOMAIN1_2"),
r"app3\.example\.com": getenv("TEST_DOMAIN1_3")
r"app3\.example\.com": getenv("TEST_DOMAIN1_3"),
}
self._check_domains()
def init() :
try :
if not Test.init() :
def init():
try:
if not Test.init():
return False
# proc = run("sudo chown -R 101:101 /tmp/bw-data", shell=True)
# if proc.returncode != 0 :
# raise(Exception("chown failed (autoconf stack)"))
except :
log("DOCKER", "", "exception while running DockerTest.init()\n" + format_exc())
except:
log(
"DOCKER",
"",
"exception while running DockerTest.init()\n" + format_exc(),
)
return False
return True
def _setup_test(self) :
try :
def _setup_test(self):
try:
super()._setup_test()
test = "/tmp/tests/" + self._name
compose = "/tmp/tests/" + self._name + "/docker-compose.yml"
example_data = "/tmp/tests/" + self._name + "/bw-data"
Test.replace_in_file(compose, r"bunkerity/bunkerweb:.*$", "local/bunkerweb-tests:latest")
Test.replace_in_file(compose, r"bunkerity/bunkerweb-scheduler:.*$", "local/scheduler-tests:latest")
Test.replace_in_file(
compose, r"bunkerity/bunkerweb:.*$", "local/bunkerweb-tests:latest"
)
Test.replace_in_file(
compose,
r"bunkerity/bunkerweb-scheduler:.*$",
"local/scheduler-tests:latest",
)
Test.replace_in_file(compose, r"\./bw\-data:/", "/tmp/bw-data:/")
Test.replace_in_file(compose, r"\- bw_data:/", "- /tmp/bw-data:/")
Test.replace_in_file(compose, r"AUTO_LETS_ENCRYPT=yes", "AUTO_LETS_ENCRYPT=yes\n - USE_LETS_ENCRYPT_STAGING=yes")
Test.replace_in_file(compose, r"DISABLE_DEFAULT_SERVER=yes", "DISABLE_DEFAULT_SERVER=no")
for ex_domain, test_domain in self._domains.items() :
Test.replace_in_file(
compose,
r"AUTO_LETS_ENCRYPT=yes",
"AUTO_LETS_ENCRYPT=yes\n - USE_LETS_ENCRYPT_STAGING=yes",
)
Test.replace_in_file(
compose, r"DISABLE_DEFAULT_SERVER=yes", "DISABLE_DEFAULT_SERVER=no"
)
for ex_domain, test_domain in self._domains.items():
Test.replace_in_files(test, ex_domain, test_domain)
Test.rename(test, ex_domain, test_domain)
Test.replace_in_files(test, "example.com", getenv("ROOT_DOMAIN"))
setup = test + "/setup-docker.sh"
if isfile(setup) :
if isfile(setup):
proc = run("sudo ./setup-docker.sh", cwd=test, shell=True)
if proc.returncode != 0 :
raise(Exception("setup-docker failed"))
if isdir(example_data) and not self._no_copy_container :
proc = run("sudo bash -c 'cp -rp " + example_data + "/* /tmp/bw-data'", shell=True)
if proc.returncode != 0 :
raise(Exception("cp bw-data failed"))
proc = run("docker-compose pull --ignore-pull-failures", shell=True, cwd=test)
if proc.returncode != 0 :
raise(Exception("docker-compose pull failed"))
if proc.returncode != 0:
raise (Exception("setup-docker failed"))
if isdir(example_data) and not self._no_copy_container:
proc = run(
"sudo bash -c 'cp -rp " + example_data + "/* /tmp/bw-data'",
shell=True,
)
if proc.returncode != 0:
raise (Exception("cp bw-data failed"))
proc = run(
"docker-compose pull --ignore-pull-failures", shell=True, cwd=test
)
if proc.returncode != 0:
raise (Exception("docker-compose pull failed"))
proc = run("docker-compose up -d", shell=True, cwd=test)
if proc.returncode != 0 :
raise(Exception("docker-compose up failed"))
except :
log("DOCKER", "", "exception while running DockerTest._setup_test()\n" + format_exc())
if proc.returncode != 0:
raise (Exception("docker-compose up failed"))
except:
log(
"DOCKER",
"",
"exception while running DockerTest._setup_test()\n" + format_exc(),
)
self._cleanup_test()
return False
return True
def _cleanup_test(self) :
try :
def _cleanup_test(self):
try:
test = "/tmp/tests/" + self._name
proc = run("docker-compose down -v", shell=True, cwd=test)
if proc.returncode != 0 :
raise(Exception("docker-compose down failed"))
if proc.returncode != 0:
raise (Exception("docker-compose down failed"))
super()._cleanup_test()
except :
log("DOCKER", "", "exception while running DockerTest._cleanup_test()\n" + format_exc())
except:
log(
"DOCKER",
"",
"exception while running DockerTest._cleanup_test()\n" + format_exc(),
)
return False
return True
def _debug_fail(self) :
def _debug_fail(self):
test = "/tmp/tests/" + self._name
proc = run("docker-compose logs", shell=True, cwd=test)

197
tests/KubernetesTest.py
View File

@ -7,21 +7,21 @@ from subprocess import run
from time import sleep
from logger import log
class KubernetesTest(Test) :
def __init__(self, name, timeout, tests, delay=0) :
class KubernetesTest(Test):
def __init__(self, name, timeout, tests, delay=0):
super().__init__(name, "kubernetes", timeout, tests, delay=delay)
self._domains = {
r"www\.example\.com": getenv("TEST_DOMAIN1_1"),
r"auth\.example\.com": getenv("TEST_DOMAIN1_2"),
r"app1\.example\.com": getenv("TEST_DOMAIN1"),
r"app2\.example\.com": getenv("TEST_DOMAIN2"),
r"app3\.example\.com": getenv("TEST_DOMAIN3")
r"app3\.example\.com": getenv("TEST_DOMAIN3"),
}
def init() :
try :
if not Test.init() :
def init():
try:
if not Test.init():
return False
# proc = run("sudo chown -R root:root /tmp/bw-data", shell=True)
# if proc.returncode != 0 :
@ -45,99 +45,178 @@ class KubernetesTest(Test) :
mkdir("/tmp/kubernetes")
copy("./misc/integrations/k8s.mariadb.yml", "/tmp/kubernetes/bunkerweb.yml")
deploy = "/tmp/kubernetes/bunkerweb.yml"
Test.replace_in_file(deploy, r"bunkerity/bunkerweb:.*$", getenv("PRIVATE_REGISTRY") + "/infra/bunkerweb-tests:" + getenv("IMAGE_TAG"))
Test.replace_in_file(deploy, r"bunkerity/bunkerweb-autoconf:.*$", getenv("PRIVATE_REGISTRY") + "/infra/autoconf-tests:" + getenv("IMAGE_TAG"))
Test.replace_in_file(deploy, r"bunkerity/bunkerweb-scheduler:.*$", getenv("PRIVATE_REGISTRY") + "/infra/scheduler-tests:" + getenv("IMAGE_TAG"))
Test.replace_in_file(
deploy,
r"bunkerity/bunkerweb:.*$",
getenv("PRIVATE_REGISTRY")
+ "/infra/bunkerweb-tests:"
+ getenv("IMAGE_TAG"),
)
Test.replace_in_file(
deploy,
r"bunkerity/bunkerweb-autoconf:.*$",
getenv("PRIVATE_REGISTRY")
+ "/infra/autoconf-tests:"
+ getenv("IMAGE_TAG"),
)
Test.replace_in_file(
deploy,
r"bunkerity/bunkerweb-scheduler:.*$",
getenv("PRIVATE_REGISTRY")
+ "/infra/scheduler-tests:"
+ getenv("IMAGE_TAG"),
)
Test.replace_in_file(deploy, r"#i", "i")
Test.replace_in_file(deploy, r"#-", "-")
proc = run("kubectl apply -f bunkerweb.yml", cwd="/tmp/kubernetes", shell=True)
if proc.returncode != 0 :
raise(Exception("kubectl apply bunkerweb failed (k8s stack)"))
proc = run(
"kubectl apply -f bunkerweb.yml", cwd="/tmp/kubernetes", shell=True
)
if proc.returncode != 0:
raise (Exception("kubectl apply bunkerweb failed (k8s stack)"))
healthy = False
i = 0
while i < 30 :
proc = run('kubectl get pods | grep bunkerweb | grep -v Running', shell=True, capture_output=True)
if "" == proc.stdout.decode() :
while i < 30:
proc = run(
"kubectl get pods | grep bunkerweb | grep -v Running",
shell=True,
capture_output=True,
)
if "" == proc.stdout.decode():
healthy = True
break
sleep(1)
i += 1
if not healthy :
run("kubectl describe daemonset/bunkerweb", cwd="/tmp/kubernetes", shell=True)
run("kubectl logs daemonset/bunkerweb", cwd="/tmp/kubernetes", shell=True)
run("kubectl describe deployment/bunkerweb-controller", cwd="/tmp/kubernetes", shell=True)
run("kubectl logs deployment/bunkerweb-controller", cwd="/tmp/kubernetes", shell=True)
run("kubectl describe deployment/bunkerweb-scheduler", cwd="/tmp/kubernetes", shell=True)
run("kubectl logs deployment/bunkerweb-scheduler", cwd="/tmp/kubernetes", shell=True)
run("kubectl logs deployment/bunkerweb-db", cwd="/tmp/kubernetes", shell=True)
run("kubectl logs deployment/bunkerweb-redis", cwd="/tmp/kubernetes", shell=True)
raise(Exception("k8s stack is not healthy"))
if not healthy:
run(
"kubectl describe daemonset/bunkerweb",
cwd="/tmp/kubernetes",
shell=True,
)
run(
"kubectl logs daemonset/bunkerweb",
cwd="/tmp/kubernetes",
shell=True,
)
run(
"kubectl describe deployment/bunkerweb-controller",
cwd="/tmp/kubernetes",
shell=True,
)
run(
"kubectl logs deployment/bunkerweb-controller",
cwd="/tmp/kubernetes",
shell=True,
)
run(
"kubectl describe deployment/bunkerweb-scheduler",
cwd="/tmp/kubernetes",
shell=True,
)
run(
"kubectl logs deployment/bunkerweb-scheduler",
cwd="/tmp/kubernetes",
shell=True,
)
run(
"kubectl logs deployment/bunkerweb-db",
cwd="/tmp/kubernetes",
shell=True,
)
run(
"kubectl logs deployment/bunkerweb-redis",
cwd="/tmp/kubernetes",
shell=True,
)
raise (Exception("k8s stack is not healthy"))
sleep(60)
except :
log("KUBERNETES", "", "exception while running KubernetesTest.init()\n" + format_exc())
except:
log(
"KUBERNETES",
"",
"exception while running KubernetesTest.init()\n" + format_exc(),
)
return False
return True
def end() :
def end():
ret = True
try :
if not Test.end() :
try:
if not Test.end():
return False
proc = run("kubectl delete -f bunkerweb.yml", cwd="/tmp/kubernetes", shell=True)
if proc.returncode != 0 :
proc = run(
"kubectl delete -f bunkerweb.yml", cwd="/tmp/kubernetes", shell=True
)
if proc.returncode != 0:
ret = False
rmtree("/tmp/kubernetes")
except :
log("KUBERNETES", "", "exception while running KubernetesTest.end()\n" + format_exc())
except:
log(
"KUBERNETES",
"",
"exception while running KubernetesTest.end()\n" + format_exc(),
)
return False
return ret
def _setup_test(self) :
try :
def _setup_test(self):
try:
super()._setup_test()
test = "/tmp/tests/" + self._name
deploy = "/tmp/tests/" + self._name + "/kubernetes.yml"
example_data = "./examples/" + self._name + "/bw-data"
for ex_domain, test_domain in self._domains.items() :
for ex_domain, test_domain in self._domains.items():
Test.replace_in_files(test, ex_domain, test_domain)
Test.rename(test, ex_domain, test_domain)
Test.replace_in_files(test, "example.com", getenv("ROOT_DOMAIN"))
setup = test + "/setup-kubernetes.sh"
if isfile(setup) :
if isfile(setup):
proc = run("./setup-kubernetes.sh", cwd=test, shell=True)
if proc.returncode != 0 :
raise(Exception("setup-kubernetes failed"))
if proc.returncode != 0:
raise (Exception("setup-kubernetes failed"))
# if isdir(example_data) :
# for cp_dir in listdir(example_data) :
# if isdir(join(example_data, cp_dir)) :
# copytree(join(example_data, cp_dir), join("/tmp/bw-data", cp_dir))
# for cp_dir in listdir(example_data) :
# if isdir(join(example_data, cp_dir)) :
# copytree(join(example_data, cp_dir), join("/tmp/bw-data", cp_dir))
proc = run("kubectl apply -f kubernetes.yml", shell=True, cwd=test)
if proc.returncode != 0 :
raise(Exception("kubectl apply failed"))
except :
log("KUBERNETES", "", "exception while running KubernetesTest._setup_test()\n" + format_exc())
if proc.returncode != 0:
raise (Exception("kubectl apply failed"))
except:
log(
"KUBERNETES",
"",
"exception while running KubernetesTest._setup_test()\n" + format_exc(),
)
self._cleanup_test()
return False
return True
def _cleanup_test(self) :
try :
def _cleanup_test(self):
try:
test = "/tmp/tests/" + self._name
cleanup = test + "/cleanup-kubernetes.sh"
if isfile(cleanup) :
if isfile(cleanup):
proc = run("./cleanup-kubernetes.sh", cwd=test, shell=True)
if proc.returncode != 0 :
raise(Exception("cleanup-kubernetes failed"))
if proc.returncode != 0:
raise (Exception("cleanup-kubernetes failed"))
proc = run("kubectl delete -f kubernetes.yml", shell=True, cwd=test)
if proc.returncode != 0 :
raise(Exception("kubectl delete failed"))
if proc.returncode != 0:
raise (Exception("kubectl delete failed"))
super()._cleanup_test()
except :
log("KUBERNETES", "", "exception while running KubernetesTest._cleanup_test()\n" + format_exc())
except:
log(
"KUBERNETES",
"",
"exception while running KubernetesTest._cleanup_test()\n"
+ format_exc(),
)
return False
return True
def _debug_fail(self) :
proc = run('kubectl get pods --no-headers -o custom-columns=":metadata.name"', shell=True, capture_output=True)
for pod in proc.stdout.decode().splitlines() :
def _debug_fail(self):
proc = run(
'kubectl get pods --no-headers -o custom-columns=":metadata.name"',
shell=True,
capture_output=True,
)
for pod in proc.stdout.decode().splitlines():
run("kubectl logs " + pod, shell=True)

22
tests/LinuxTest.py
View File

@ -74,7 +74,11 @@ class LinuxTest(Test):
)
sleep(60)
except:
log("LINUX", "", "exception while running LinuxTest.init()\n" + format_exc())
log(
"LINUX",
"",
"exception while running LinuxTest.init()\n" + format_exc(),
)
return False
return True
@ -88,7 +92,9 @@ class LinuxTest(Test):
if proc.returncode != 0:
ret = False
except:
log("LINUX", "", "exception while running LinuxTest.end()\n" + format_exc())
log(
"LINUX", "", "exception while running LinuxTest.end()\n" + format_exc()
)
return False
return ret
@ -127,7 +133,11 @@ class LinuxTest(Test):
if proc.returncode != 0:
raise Exception("docker exec systemctl restart failed (linux stack)")
except:
log("LINUX", "", "exception while running LinuxTest._setup_test()\n" + format_exc())
log(
"LINUX",
"",
"exception while running LinuxTest._setup_test()\n" + format_exc(),
)
self._debug_fail()
self._cleanup_test()
return False
@ -143,7 +153,11 @@ class LinuxTest(Test):
raise Exception("docker exec rm failed (cleanup)")
super()._cleanup_test()
except:
log("DOCKER", "", "exception while running LinuxTest._cleanup_test()\n" + format_exc())
log(
"DOCKER",
"",
"exception while running LinuxTest._cleanup_test()\n" + format_exc(),
)
return False
return True

22
tests/SwarmTest.py
View File

@ -81,7 +81,11 @@ class SwarmTest(Test):
raise (Exception("swarm stack is not healthy"))
sleep(60)
except:
log("SWARM", "", "exception while running SwarmTest.init()\n" + format_exc())
log(
"SWARM",
"",
"exception while running SwarmTest.init()\n" + format_exc(),
)
return False
return True
@ -96,7 +100,9 @@ class SwarmTest(Test):
ret = False
rmtree("/tmp/swarm")
except:
log("SWARM", "", "exception while running SwarmTest.end()\n" + format_exc())
log(
"SWARM", "", "exception while running SwarmTest.end()\n" + format_exc()
)
return False
return ret
@ -152,7 +158,11 @@ class SwarmTest(Test):
if not healthy:
raise (Exception("swarm stack is not healthy"))
except:
log("SWARM", "", "exception while running SwarmTest._setup_test()\n" + format_exc())
log(
"SWARM",
"",
"exception while running SwarmTest._setup_test()\n" + format_exc(),
)
self._cleanup_test()
return False
return True
@ -183,7 +193,11 @@ class SwarmTest(Test):
raise (Exception("docker pruner rm failed"))
super()._cleanup_test()
except:
log("SWARM", "", "exception while running SwarmTest._cleanup_test()\n" + format_exc())
log(
"SWARM",
"",
"exception while running SwarmTest._cleanup_test()\n" + format_exc(),
)
return False
return True

136
tests/Test.py
View File

@ -11,91 +11,115 @@ from datetime import datetime
from subprocess import run
from logger import log
class Test(ABC) :
def __init__(self, name, kind, timeout, tests, no_copy_container=False, delay=0) :
class Test(ABC):
def __init__(self, name, kind, timeout, tests, no_copy_container=False, delay=0):
self._name = name
self.__kind = kind
self._timeout = timeout
self.__tests = tests
self._no_copy_container = no_copy_container
self.__delay = delay
log("TEST", "", "instiantiated with " + str(len(tests)) + " tests and timeout of " + str(timeout) + "s for " + self._name)
log(
"TEST",
"",
"instiantiated with "
+ str(len(tests))
+ " tests and timeout of "
+ str(timeout)
+ "s for "
+ self._name,
)
# Class method
# called once before running all the different tests for a given integration
def init() :
try :
if not isdir("/tmp/bw-data") :
def init():
try:
if not isdir("/tmp/bw-data"):
mkdir("/tmp/bw-data")
run("sudo chmod 777 /tmp/bw-data", shell=True)
rm_dirs = ["configs", "plugins", "www"]
for rm_dir in rm_dirs :
if isdir(rm_dir) :
for rm_dir in rm_dirs:
if isdir(rm_dir):
run("sudo rm -rf /tmp/bw-data/" + rm_dir, shell=True)
if not isdir("/tmp/tests") :
if not isdir("/tmp/tests"):
mkdir("/tmp/tests")
except :
except:
log("TEST", "", "exception while running Test.init()\n" + format_exc())
return False
return True
# Class method
# called once all tests ended
def end() :
def end():
return True
# helper to check domains
def _check_domains(self) :
for k, v in self._domains.items() :
if v is None :
def _check_domains(self):
for k, v in self._domains.items():
if v is None:
log("TEST", "⚠️", "env " + k + " is None")
# called before starting the tests
# must be override if specific actions needs to be done
def _setup_test(self) :
try :
def _setup_test(self):
try:
rm_dirs = ["configs", "plugins", "www"]
for rm_dir in rm_dirs :
if isdir("/tmp/bw-data/" + rm_dir) :
run("sudo bash -c 'rm -rf /tmp/bw-data/" + rm_dir + "/*'", shell=True)
if isdir("/tmp/tests/" + self._name) :
for rm_dir in rm_dirs:
if isdir("/tmp/bw-data/" + rm_dir):
run(
"sudo bash -c 'rm -rf /tmp/bw-data/" + rm_dir + "/*'",
shell=True,
)
if isdir("/tmp/tests/" + self._name):
run("sudo rm -rf /tmp/tests/" + self._name, shell=True)
copytree("./examples/" + self._name, "/tmp/tests/" + self._name)
except :
log("TEST", "", "exception while running Test._setup_test()\n" + format_exc())
except:
log(
"TEST",
"",
"exception while running Test._setup_test()\n" + format_exc(),
)
return False
return True
# called after running the tests
def _cleanup_test(self) :
try :
def _cleanup_test(self):
try:
run("sudo rm -rf /tmp/tests/" + self._name, shell=True)
except :
log("TEST", "", "exception while running Test._cleanup_test()\n" + format_exc())
except:
log(
"TEST",
"",
"exception while running Test._cleanup_test()\n" + format_exc(),
)
return False
return True
# run all the tests
def run_tests(self) :
if not self._setup_test() :
def run_tests(self):
if not self._setup_test():
self._debug_fail()
return False
if self.__delay != 0 :
if self.__delay != 0:
log("TEST", "", "delay is set, sleeping " + str(self.__delay) + "s")
sleep(self.__delay)
start = time()
while time() < start + self._timeout :
while time() < start + self._timeout:
all_ok = True
for test in self.__tests :
for test in self.__tests:
ok = self.__run_test(test)
sleep(1)
if not ok :
if not ok:
all_ok = False
break
if all_ok :
if all_ok:
elapsed = str(int(time() - start))
log("TEST", "", "success (" + elapsed + "/" + str(self._timeout) + "s)")
log(
"TEST",
"",
"success (" + elapsed + "/" + str(self._timeout) + "s)",
)
return self._cleanup_test()
log("TEST", "⚠️", "tests not ok, retrying in 1s ...")
self._debug_fail()
@ -104,47 +128,47 @@ class Test(ABC) :
return False
# run a single test
def __run_test(self, test) :
try :
def __run_test(self, test):
try:
ex_url = test["url"]
for ex_domain, test_domain in self._domains.items() :
if search(ex_domain, ex_url) :
for ex_domain, test_domain in self._domains.items():
if search(ex_domain, ex_url):
ex_url = sub(ex_domain, test_domain, ex_url)
break
if test["type"] == "string" :
if test["type"] == "string":
r = get(ex_url, timeout=10, verify=False)
return test["string"].casefold() in r.text.casefold()
elif test["type"] == "status" :
elif test["type"] == "status":
r = get(ex_url, timeout=10, verify=False)
return test["status"] == r.status_code
except :
#log("TEST", "❌", "exception while running test of type " + test["type"] + " on URL " + ex_url + "\n" + format_exc())
except:
# log("TEST", "❌", "exception while running test of type " + test["type"] + " on URL " + ex_url + "\n" + format_exc())
return False
raise(Exception("unknow test type " + test["type"]))
raise (Exception("unknow test type " + test["type"]))
# called when tests fail : typical case is to show logs
def _debug_fail(self) :
def _debug_fail(self):
pass
def replace_in_file(path, old, new) :
try :
with open(path, "r") as f :
def replace_in_file(path, old, new):
try:
with open(path, "r") as f:
content = f.read()
content = sub(old, new, content, flags=MULTILINE)
with open(path, "w") as f :
with open(path, "w") as f:
f.write(content)
except :
except:
log("TEST", "⚠️", "can't replace file " + path + " : " + format_exc())
def replace_in_files(path, old, new) :
for root, dirs, files in walk(path) :
for name in files :
def replace_in_files(path, old, new):
for root, dirs, files in walk(path):
for name in files:
Test.replace_in_file(join(root, name), old, new)
def rename(path, old, new) :
for root, dirs, files in walk(path) :
for name in dirs + files :
def rename(path, old, new):
for root, dirs, files in walk(path):
for name in dirs + files:
full_path = join(root, name)
new_path = sub(old, new, full_path)
if full_path != new_path :
if full_path != new_path:
rename(full_path, new_path)

1
tests/Upgrade.py
View File

@ -1538,6 +1538,7 @@ elif distro == "fedora":
"sudo dnf system-upgrade reboot",
]
)
# Checking container is running
def start_container():
subprocess.run(["docker", "start", "systemd-fedora"])

3
tests/logger.py
View File

@ -1,5 +1,6 @@
from datetime import datetime
def log(what, level, msg) :
def log(what, level, msg):
when = datetime.now().strftime("[%Y-%m-%d %H:%M:%S]")
print(f"{when} - {what} - {level} - {msg}", flush=True)

15
tests/main.py
View File

@ -58,7 +58,11 @@ for example in glob("./examples/*"):
with open(f"{example}/tests.json") as f:
tests = loads(f.read())
if not test_type in tests["kinds"]:
log("TESTS", "", "Skipping tests for " + tests["name"] + " (not in kinds)")
log(
"TESTS",
"",
"Skipping tests for " + tests["name"] + " (not in kinds)",
)
continue
test_obj = None
no_copy_container = False
@ -103,7 +107,14 @@ for example in glob("./examples/*"):
ret = end_fun()
_exit(1)
except:
log("TESTS", "", "Exception while executing test for example " + example + " : " + format_exc())
log(
"TESTS",
"",
"Exception while executing test for example "
+ example
+ " : "
+ format_exc(),
)
if test_type == "linux":
ret = end_fun(distro)
else:

2
tests/ui/docker-compose.tests.yml
View File

@ -17,4 +17,4 @@ services:
networks:
bw-services:
external:
name: bw-services
name: bw-services