examples - init k8s example

2021-07-27 12:03:31 +02:00 · 2021-07-27 12:03:31 +02:00 · bc3c17a2f0
parent 556836b499
commit bc3c17a2f0
1 changed files with 102 additions and 0 deletions
--- a/examples/kubernetes/deploy.yml
+++ b/examples/kubernetes/deploy.yml
@ -0,0 +1,102 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: bunkerized-nginx-ingress-controller
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["extensions"]
+  resources: ["ingresses"]
+  verbs: ["get", "watch", "list"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: bunkerized-nginx-ingress-controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: bunkerized-nginx-ingress-controller
+subjects:
+- kind: ServiceAccount
+  name: bunkerized-nginx-ingress-controller
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: bunkerized-nginx-ingress-controller
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bunkerized-nginx-ingress-controller
+  labels:
+    app: bunkerized-nginx-autoconf
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bunkerized-nginx-autoconf
+  template:
+    metadata:
+      labels:
+        app: bunkerized-nginx-autoconf
+    spec:
+      serviceAccountName: bunkerized-nginx-ingress-controller
+      containers:
+      - name: bunkerized-nginx-autoconf
+        image: bunkerity/bunkerized-nginx-autoconf:1.3.0
+        env:
+        - name: KUBERNETES_MODE
+          value: "yes"
+        - name: API_URI
+          value: "/ChangeMeToSomethingHardToGuess"
+        volumeMounts:
+        - name: config
+          mountPath: "/etc/nginx"
+        - name: certs
+          mountPath: "/etc/letsencrypt"
+        - name: challenges
+          mountPath: "/acme-challenge"
+        - name: cache
+          mountPath: "/cache"
+      volumes:
+      - name: config
+        hostPath:
+          path: /shared
+# TODO volumes : /etc/nginx, /etc/letsencrypt, /acme-challenge, /cache
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: bunkerized-nginx
+  labels:
+    app: bunkerized-nginx
+  annotations:
+    bunkerized-nginx.AUTOCONF: "yes"
+    bunkerized-nginx.MULTISITE: "yes"
+    bunkerized-nginx.SERVER_NAME: ""
+spec:
+  selector:
+    matchLabels:
+      name: bunkerized-nginx
+  template:
+    metadata:
+      labels:
+        name: bunkerized-nginx
+  spec:
+    hostNetwork: true
+    dnsPolicy: ClusterFirstWithHostNet
+    containers:
+    - name: bunkerized-nginx
+      image: bunkerity/bunkerized-nginx:1.3.0
+      env:
+      - name: KUBERNETES_MODE
+        value: "yes"
+      - name: USE_API
+        value: "yes"
+      - name: API_URI
+        value: "/ChangeMeToSomethingHardToGuess"
+# TODO volumes : /etc/nginx, /etc/letsencrypt, /acme-challenge