fix duplicate root error when bw is starting, add modesec rule to core ui and init work on k8s/swarm integration files
This commit is contained in:
parent
dbd052e9a8
commit
c2402b118f
|
@ -18,7 +18,6 @@ services:
|
|||
- www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /admin
|
||||
- www.example.com_INTERCEPTED_ERROR_CODES=400 401 405 413 429 500 501 502 503 504
|
||||
- www.example.com_CUSTOM_CONF_MODSEC_CRS_remove_ui_false_positives=SecRule REQUEST_FILENAME "@rx /global_config$$" "id:999,ctl:ruleRemoveByTag=platform-pgsql,nolog"
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
|
|
@ -0,0 +1,318 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cr-bunkerweb
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "pods", "configmaps"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: sa-bunkerweb
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: crb-bunkerweb
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sa-bunkerweb
|
||||
namespace: default
|
||||
apiGroup: ""
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cr-bunkerweb
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: bunkerweb
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb
|
||||
# mandatory annotation
|
||||
annotations:
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
runAsGroup: 101
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
hostPort: 80
|
||||
- containerPort: 8443
|
||||
hostPort: 443
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
# replace with your DNS resolvers
|
||||
# e.g. : kube-dns.kube-system.svc.cluster.local
|
||||
- name: DNS_RESOLVERS
|
||||
value: "coredns.kube-system.svc.cluster.local"
|
||||
- name: USE_API
|
||||
value: "yes"
|
||||
# 10.0.0.0/8 is the cluster internal subnet
|
||||
- name: API_WHITELIST_IP
|
||||
value: "127.0.0.0/8 10.0.0.0/8"
|
||||
- name: SERVER_NAME
|
||||
value: ""
|
||||
- name: MULTISITE
|
||||
value: "yes"
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 1
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-controller
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-controller
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-scheduler
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-scheduler
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-redis
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-redis
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-redis
|
||||
image: redis:7-alpine
|
||||
imagePullPolicy: Always
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-db
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-db
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-db
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-db
|
||||
image: mariadb:10.10
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MYSQL_RANDOM_ROOT_PASSWORD
|
||||
value: "yes"
|
||||
- name: "MYSQL_DATABASE"
|
||||
value: "db"
|
||||
- name: "MYSQL_USER"
|
||||
value: "bunkerweb"
|
||||
- name: "MYSQL_PASSWORD"
|
||||
value: "changeme"
|
||||
volumeMounts:
|
||||
- mountPath: "/var/lib/mysql"
|
||||
name: vol-db
|
||||
volumes:
|
||||
- name: vol-db
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-ui
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-ui
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-ui
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-ui
|
||||
image: bunkerity/bunkerweb-ui:1.5.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: ADMIN_USERNAME
|
||||
value: "admin"
|
||||
- name: "ADMIN_PASSWORD"
|
||||
value: "changeme"
|
||||
- name: "ABSOLUTE_URI"
|
||||
value: "http://www.example.com/admin"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-db
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-db
|
||||
ports:
|
||||
- name: sql
|
||||
protocol: TCP
|
||||
port: 3306
|
||||
targetPort: 3306
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-redis
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-redis
|
||||
ports:
|
||||
- name: redis
|
||||
protocol: TCP
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-ui
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-ui
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 7000
|
||||
targetPort: 7000
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: ""
|
||||
volumeName: pv-bunkerweb
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress
|
||||
annotations:
|
||||
bunkerweb.io/www.example.com_USE_UI: "yes"
|
||||
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /admin
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: svc-bunkerweb-ui
|
||||
port:
|
||||
number: 7000
|
|
@ -0,0 +1,256 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cr-bunkerweb
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "pods", "configmaps"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: sa-bunkerweb
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: crb-bunkerweb
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sa-bunkerweb
|
||||
namespace: default
|
||||
apiGroup: ""
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cr-bunkerweb
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: bunkerweb
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb
|
||||
# mandatory annotation
|
||||
annotations:
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
runAsGroup: 101
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
hostPort: 80
|
||||
- containerPort: 8443
|
||||
hostPort: 443
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
# replace with your DNS resolvers
|
||||
# e.g. : kube-dns.kube-system.svc.cluster.local
|
||||
- name: DNS_RESOLVERS
|
||||
value: "coredns.kube-system.svc.cluster.local"
|
||||
- name: USE_API
|
||||
value: "yes"
|
||||
# 10.0.0.0/8 is the cluster internal subnet
|
||||
- name: API_WHITELIST_IP
|
||||
value: "127.0.0.0/8 10.0.0.0/8"
|
||||
- name: SERVER_NAME
|
||||
value: ""
|
||||
- name: MULTISITE
|
||||
value: "yes"
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 1
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-controller
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-controller
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-scheduler
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-scheduler
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-redis
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-redis
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-redis
|
||||
image: redis:7-alpine
|
||||
imagePullPolicy: Always
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-db
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-db
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-db
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-db
|
||||
image: mariadb:10.10
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MYSQL_RANDOM_ROOT_PASSWORD
|
||||
value: "yes"
|
||||
- name: "MYSQL_DATABASE"
|
||||
value: "db"
|
||||
- name: "MYSQL_USER"
|
||||
value: "bunkerweb"
|
||||
- name: "MYSQL_PASSWORD"
|
||||
value: "changeme"
|
||||
volumeMounts:
|
||||
- mountPath: "/var/lib/mysql"
|
||||
name: vol-db
|
||||
volumes:
|
||||
- name: vol-db
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-db
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-db
|
||||
ports:
|
||||
- name: sql
|
||||
protocol: TCP
|
||||
port: 3306
|
||||
targetPort: 3306
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-redis
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-redis
|
||||
ports:
|
||||
- name: redis
|
||||
protocol: TCP
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: ""
|
||||
volumeName: pv-bunkerweb
|
|
@ -0,0 +1,376 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cr-bunkerweb
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "pods", "configmaps"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: sa-bunkerweb
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: crb-bunkerweb
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sa-bunkerweb
|
||||
namespace: default
|
||||
apiGroup: ""
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cr-bunkerweb
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: bunkerweb
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb
|
||||
# mandatory annotation
|
||||
annotations:
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
runAsGroup: 101
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
hostPort: 80
|
||||
- containerPort: 8443
|
||||
hostPort: 443
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
# replace with your DNS resolvers
|
||||
# e.g. : kube-dns.kube-system.svc.cluster.local
|
||||
- name: DNS_RESOLVERS
|
||||
value: "coredns.kube-system.svc.cluster.local"
|
||||
- name: USE_API
|
||||
value: "yes"
|
||||
# 10.0.0.0/8 is the cluster internal subnet
|
||||
- name: API_WHITELIST_IP
|
||||
value: "127.0.0.0/8 10.0.0.0/8"
|
||||
- name: SERVER_NAME
|
||||
value: ""
|
||||
- name: MULTISITE
|
||||
value: "yes"
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 1
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-controller
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-controller
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-scheduler
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-scheduler
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-redis
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-redis
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-redis
|
||||
image: redis:7-alpine
|
||||
imagePullPolicy: Always
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-db
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-db
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-db
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-db
|
||||
image: mysql:8.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MYSQL_RANDOM_ROOT_PASSWORD
|
||||
value: "yes"
|
||||
- name: "MYSQL_DATABASE"
|
||||
value: "db"
|
||||
- name: "MYSQL_USER"
|
||||
value: "bunkerweb"
|
||||
- name: "MYSQL_PASSWORD"
|
||||
value: "changeme"
|
||||
volumeMounts:
|
||||
- mountPath: "/var/lib/mysql"
|
||||
name: vol-db
|
||||
volumes:
|
||||
- name: vol-db
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-redis
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-redis
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-redis
|
||||
image: redis:7-alpine
|
||||
imagePullPolicy: Always
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-db
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-db
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-db
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-db
|
||||
image: mariadb:10.10
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MYSQL_RANDOM_ROOT_PASSWORD
|
||||
value: "yes"
|
||||
- name: "MYSQL_DATABASE"
|
||||
value: "db"
|
||||
- name: "MYSQL_USER"
|
||||
value: "bunkerweb"
|
||||
- name: "MYSQL_PASSWORD"
|
||||
value: "changeme"
|
||||
volumeMounts:
|
||||
- mountPath: "/var/lib/mysql"
|
||||
name: vol-db
|
||||
volumes:
|
||||
- name: vol-db
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-ui
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-ui
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-ui
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-ui
|
||||
image: bunkerity/bunkerweb-ui:1.5.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: ADMIN_USERNAME
|
||||
value: "admin"
|
||||
- name: "ADMIN_PASSWORD"
|
||||
value: "changeme"
|
||||
- name: "ABSOLUTE_URI"
|
||||
value: "http://www.example.com/admin"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-db
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-db
|
||||
ports:
|
||||
- name: sql
|
||||
protocol: TCP
|
||||
port: 3306
|
||||
targetPort: 3306
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-redis
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-redis
|
||||
ports:
|
||||
- name: redis
|
||||
protocol: TCP
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-ui
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-ui
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 7000
|
||||
targetPort: 7000
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: ""
|
||||
volumeName: pv-bunkerweb
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress
|
||||
annotations:
|
||||
bunkerweb.io/www.example.com_USE_UI: "yes"
|
||||
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /admin
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: svc-bunkerweb-ui
|
||||
port:
|
||||
number: 7000
|
|
@ -0,0 +1,256 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cr-bunkerweb
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "pods", "configmaps"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: sa-bunkerweb
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: crb-bunkerweb
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sa-bunkerweb
|
||||
namespace: default
|
||||
apiGroup: ""
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cr-bunkerweb
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: bunkerweb
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb
|
||||
# mandatory annotation
|
||||
annotations:
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
runAsGroup: 101
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
hostPort: 80
|
||||
- containerPort: 8443
|
||||
hostPort: 443
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
# replace with your DNS resolvers
|
||||
# e.g. : kube-dns.kube-system.svc.cluster.local
|
||||
- name: DNS_RESOLVERS
|
||||
value: "coredns.kube-system.svc.cluster.local"
|
||||
- name: USE_API
|
||||
value: "yes"
|
||||
# 10.0.0.0/8 is the cluster internal subnet
|
||||
- name: API_WHITELIST_IP
|
||||
value: "127.0.0.0/8 10.0.0.0/8"
|
||||
- name: SERVER_NAME
|
||||
value: ""
|
||||
- name: MULTISITE
|
||||
value: "yes"
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 1
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-controller
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-controller
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-scheduler
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-scheduler
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-redis
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-redis
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-redis
|
||||
image: redis:7-alpine
|
||||
imagePullPolicy: Always
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-db
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-db
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-db
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-db
|
||||
image: mysql:8.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MYSQL_RANDOM_ROOT_PASSWORD
|
||||
value: "yes"
|
||||
- name: "MYSQL_DATABASE"
|
||||
value: "db"
|
||||
- name: "MYSQL_USER"
|
||||
value: "bunkerweb"
|
||||
- name: "MYSQL_PASSWORD"
|
||||
value: "changeme"
|
||||
volumeMounts:
|
||||
- mountPath: "/var/lib/mysql"
|
||||
name: vol-db
|
||||
volumes:
|
||||
- name: vol-db
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-db
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-db
|
||||
ports:
|
||||
- name: sql
|
||||
protocol: TCP
|
||||
port: 3306
|
||||
targetPort: 3306
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-redis
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-redis
|
||||
ports:
|
||||
- name: redis
|
||||
protocol: TCP
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: ""
|
||||
volumeName: pv-bunkerweb
|
|
@ -0,0 +1,329 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cr-bunkerweb
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "pods", "configmaps"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: sa-bunkerweb
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: crb-bunkerweb
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sa-bunkerweb
|
||||
namespace: default
|
||||
apiGroup: ""
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cr-bunkerweb
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: bunkerweb
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb
|
||||
# mandatory annotation
|
||||
annotations:
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
runAsGroup: 101
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
hostPort: 80
|
||||
- containerPort: 8443
|
||||
hostPort: 443
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
# replace with your DNS resolvers
|
||||
# e.g. : kube-dns.kube-system.svc.cluster.local
|
||||
- name: DNS_RESOLVERS
|
||||
value: "coredns.kube-system.svc.cluster.local"
|
||||
- name: USE_API
|
||||
value: "yes"
|
||||
# 10.0.0.0/8 is the cluster internal subnet
|
||||
- name: API_WHITELIST_IP
|
||||
value: "127.0.0.0/8 10.0.0.0/8"
|
||||
- name: SERVER_NAME
|
||||
value: ""
|
||||
- name: MULTISITE
|
||||
value: "yes"
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 1
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-controller
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-controller
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-scheduler
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-scheduler
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-redis
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-redis
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-redis
|
||||
image: redis:7-alpine
|
||||
imagePullPolicy: Always
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-db
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-db
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-db
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-db
|
||||
image: postgres:15.1
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: "POSTGRES_DB"
|
||||
value: "db"
|
||||
- name: "POSTGRES_USER"
|
||||
value: "bunkerweb"
|
||||
- name: "POSTGRES_PASSWORD"
|
||||
value: "changeme"
|
||||
volumeMounts:
|
||||
- mountPath: "/var/lib/postgresql/data"
|
||||
name: vol-db
|
||||
volumes:
|
||||
- name: vol-db
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-ui
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-ui
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-ui
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-ui
|
||||
image: bunkerity/bunkerweb-ui:1.5.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: ADMIN_USERNAME
|
||||
value: "admin"
|
||||
- name: "ADMIN_PASSWORD"
|
||||
value: "changeme"
|
||||
- name: "ABSOLUTE_URI"
|
||||
value: "http://www.example.com/admin"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-db
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-db
|
||||
ports:
|
||||
- name: sql
|
||||
protocol: TCP
|
||||
port: 5432
|
||||
targetPort: 5432
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-redis
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-redis
|
||||
ports:
|
||||
- name: redis
|
||||
protocol: TCP
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-ui
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-ui
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 7000
|
||||
targetPort: 7000
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: ""
|
||||
volumeName: pv-bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: ""
|
||||
volumeName: pv-bunkerweb
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress
|
||||
annotations:
|
||||
bunkerweb.io/www.example.com_USE_UI: "yes"
|
||||
bunkerweb.io/www.example.com_REVERSE_PROXY_HEADERS: "X-Script-Name /admin"
|
||||
spec:
|
||||
rules:
|
||||
- host: www.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /admin
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: svc-bunkerweb-ui
|
||||
port:
|
||||
number: 7000
|
|
@ -0,0 +1,254 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cr-bunkerweb
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["services", "pods", "configmaps"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: sa-bunkerweb
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: crb-bunkerweb
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: sa-bunkerweb
|
||||
namespace: default
|
||||
apiGroup: ""
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: cr-bunkerweb
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: bunkerweb
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb
|
||||
# mandatory annotation
|
||||
annotations:
|
||||
bunkerweb.io/AUTOCONF: "yes"
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb
|
||||
image: bunkerity/bunkerweb:1.4.6
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
runAsUser: 101
|
||||
runAsGroup: 101
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
hostPort: 80
|
||||
- containerPort: 8443
|
||||
hostPort: 443
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
# replace with your DNS resolvers
|
||||
# e.g. : kube-dns.kube-system.svc.cluster.local
|
||||
- name: DNS_RESOLVERS
|
||||
value: "coredns.kube-system.svc.cluster.local"
|
||||
- name: USE_API
|
||||
value: "yes"
|
||||
# 10.0.0.0/8 is the cluster internal subnet
|
||||
- name: API_WHITELIST_IP
|
||||
value: "127.0.0.0/8 10.0.0.0/8"
|
||||
- name: SERVER_NAME
|
||||
value: ""
|
||||
- name: MULTISITE
|
||||
value: "yes"
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 1
|
||||
timeoutSeconds: 1
|
||||
failureThreshold: 3
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-controller
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-controller
|
||||
spec:
|
||||
serviceAccountName: sa-bunkerweb
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-scheduler
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-scheduler
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-scheduler
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-controller
|
||||
image: bunkerity/bunkerweb-autoconf:1.4.6
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: KUBERNETES_MODE
|
||||
value: "yes"
|
||||
- name: "DATABASE_URI"
|
||||
value: "mariadb+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-redis
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-redis
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-redis
|
||||
image: redis:7-alpine
|
||||
imagePullPolicy: Always
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bunkerweb-db
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bunkerweb-db
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bunkerweb-db
|
||||
spec:
|
||||
containers:
|
||||
- name: bunkerweb-db
|
||||
image: postgres:15.1
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: "POSTGRES_DB"
|
||||
value: "db"
|
||||
- name: "POSTGRES_USER"
|
||||
value: "bunkerweb"
|
||||
- name: "POSTGRES_PASSWORD"
|
||||
value: "changeme"
|
||||
volumeMounts:
|
||||
- mountPath: "/var/lib/postgresql/data"
|
||||
name: vol-db
|
||||
volumes:
|
||||
- name: vol-db
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc-bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: bunkerweb
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-db
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-db
|
||||
ports:
|
||||
- name: sql
|
||||
protocol: TCP
|
||||
port: 5432
|
||||
targetPort: 5432
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: svc-bunkerweb-redis
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: bunkerweb-redis
|
||||
ports:
|
||||
- name: redis
|
||||
protocol: TCP
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc-bunkerweb
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
storageClassName: ""
|
||||
volumeName: pv-bunkerweb
|
|
@ -0,0 +1,127 @@
|
|||
version: "3.5"
|
||||
|
||||
services:
|
||||
bunkerweb:
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- published: 80
|
||||
target: 8080
|
||||
mode: host
|
||||
protocol: tcp
|
||||
- published: 443
|
||||
target: 8443
|
||||
mode: host
|
||||
protocol: tcp
|
||||
environment:
|
||||
- SERVER_NAME=
|
||||
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db
|
||||
- SWARM_MODE=yes
|
||||
- MULTISITE=yes
|
||||
- USE_REDIS=yes
|
||||
- REDIS_HOST=bw-redis
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role == worker"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE"
|
||||
|
||||
bw-autoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- DOCKER_HOST=tcp://bw-docker:2375
|
||||
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
|
||||
bw-docker:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONFIGS=1
|
||||
- CONTAINERS=1
|
||||
- SERVICES=1
|
||||
- SWARM=1
|
||||
- TASKS=1
|
||||
networks:
|
||||
- bw-docker
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role == manager"
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- DOCKER_HOST=tcp://bw-docker:2375
|
||||
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
|
||||
bw-db:
|
||||
image: mariadb:10.10
|
||||
environment:
|
||||
- MYSQL_RANDOM_ROOT_PASSWORD=yes
|
||||
- MYSQL_DATABASE=db
|
||||
- MYSQL_USER=bunkerweb
|
||||
- MYSQL_PASSWORD=changeme
|
||||
volumes:
|
||||
- bw-data:/var/lib/mysql
|
||||
networks:
|
||||
- bw-docker
|
||||
|
||||
bw-redis:
|
||||
image: redis:7-alpine
|
||||
networks:
|
||||
- bw-universe
|
||||
|
||||
bw-ui:
|
||||
image: bunkerity/bunkerweb-ui:1.5.0
|
||||
environment:
|
||||
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database
|
||||
- DOCKER_HOST=tcp://bw-docker:2375
|
||||
- ADMIN_USERNAME=admin
|
||||
- ADMIN_PASSWORD=changeme # Remember to set a stronger password for the admin user
|
||||
- ABSOLUTE_URI=http://www.example.com/admin
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
deploy:
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_UI=yes
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/admin
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /admin
|
||||
- bunkerweb.INTERCEPTED_ERROR_CODES=400 401 405 413 429 500 501 502 503 504
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
name: bw-universe
|
||||
driver: overlay
|
||||
attachable: true
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
name: bw-services
|
||||
driver: overlay
|
||||
attachable: true
|
||||
bw-docker:
|
||||
name: bw-docker
|
||||
driver: overlay
|
||||
attachable: true
|
|
@ -17,6 +17,8 @@ services:
|
|||
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db
|
||||
- SWARM_MODE=yes
|
||||
- MULTISITE=yes
|
||||
- USE_REDIS=yes
|
||||
- REDIS_HOST=bw-redis
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
networks:
|
||||
- bw-universe
|
||||
|
@ -78,6 +80,11 @@ services:
|
|||
networks:
|
||||
- bw-docker
|
||||
|
||||
bw-redis:
|
||||
image: redis:7-alpine
|
||||
networks:
|
||||
- bw-universe
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
|
|
@ -0,0 +1,127 @@
|
|||
version: "3.5"
|
||||
|
||||
services:
|
||||
bunkerweb:
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- published: 80
|
||||
target: 8080
|
||||
mode: host
|
||||
protocol: tcp
|
||||
- published: 443
|
||||
target: 8443
|
||||
mode: host
|
||||
protocol: tcp
|
||||
environment:
|
||||
- SERVER_NAME=
|
||||
- DATABASE_URI=mysql+pymysql://bunkerweb:changeme@bw-db:3306/db
|
||||
- SWARM_MODE=yes
|
||||
- MULTISITE=yes
|
||||
- USE_REDIS=yes
|
||||
- REDIS_HOST=bw-redis
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role == worker"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE"
|
||||
|
||||
bw-autoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- DOCKER_HOST=tcp://bw-docker:2375
|
||||
- DATABASE_URI=mysql+pymysql://bunkerweb:changeme@bw-db:3306/db
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
|
||||
bw-docker:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONFIGS=1
|
||||
- CONTAINERS=1
|
||||
- SERVICES=1
|
||||
- SWARM=1
|
||||
- TASKS=1
|
||||
networks:
|
||||
- bw-docker
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role == manager"
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- DOCKER_HOST=tcp://bw-docker:2375
|
||||
- DATABASE_URI=mysql+pymysql://bunkerweb:changeme@bw-db:3306/db
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
|
||||
bw-db:
|
||||
image: mysql:8.0
|
||||
environment:
|
||||
- MYSQL_RANDOM_ROOT_PASSWORD=yes
|
||||
- MYSQL_DATABASE=db
|
||||
- MYSQL_USER=bunkerweb
|
||||
- MYSQL_PASSWORD=changeme
|
||||
volumes:
|
||||
- bw-data:/var/lib/mysql
|
||||
networks:
|
||||
- bw-docker
|
||||
|
||||
bw-redis:
|
||||
image: redis:7-alpine
|
||||
networks:
|
||||
- bw-universe
|
||||
|
||||
bw-ui:
|
||||
image: bunkerity/bunkerweb-ui:1.5.0
|
||||
environment:
|
||||
- DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database
|
||||
- DOCKER_HOST=tcp://bw-docker:2375
|
||||
- ADMIN_USERNAME=admin
|
||||
- ADMIN_PASSWORD=changeme # Remember to set a stronger password for the admin user
|
||||
- ABSOLUTE_URI=http://www.example.com/admin
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
deploy:
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_UI=yes
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/admin
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /admin
|
||||
- bunkerweb.INTERCEPTED_ERROR_CODES=400 401 405 413 429 500 501 502 503 504
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
name: bw-universe
|
||||
driver: overlay
|
||||
attachable: true
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
name: bw-services
|
||||
driver: overlay
|
||||
attachable: true
|
||||
bw-docker:
|
||||
name: bw-docker
|
||||
driver: overlay
|
||||
attachable: true
|
|
@ -17,6 +17,8 @@ services:
|
|||
- DATABASE_URI=mysql+pymysql://bunkerweb:changeme@bw-db:3306/db
|
||||
- SWARM_MODE=yes
|
||||
- MULTISITE=yes
|
||||
- USE_REDIS=yes
|
||||
- REDIS_HOST=bw-redis
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
networks:
|
||||
- bw-universe
|
||||
|
@ -78,6 +80,11 @@ services:
|
|||
networks:
|
||||
- bw-docker
|
||||
|
||||
bw-redis:
|
||||
image: redis:7-alpine
|
||||
networks:
|
||||
- bw-universe
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
|
|
@ -0,0 +1,126 @@
|
|||
version: "3.5"
|
||||
|
||||
services:
|
||||
bunkerweb:
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- published: 80
|
||||
target: 8080
|
||||
mode: host
|
||||
protocol: tcp
|
||||
- published: 443
|
||||
target: 8443
|
||||
mode: host
|
||||
protocol: tcp
|
||||
environment:
|
||||
- SERVER_NAME=
|
||||
- DATABASE_URI=postgresql://bunkerweb:changeme@bw-db:5432/db
|
||||
- SWARM_MODE=yes
|
||||
- MULTISITE=yes
|
||||
- USE_REDIS=yes
|
||||
- REDIS_HOST=bw-redis
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role == worker"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE"
|
||||
|
||||
bw-autoconf:
|
||||
image: bunkerity/bunkerweb-autoconf:1.5.0
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- DOCKER_HOST=tcp://bw-docker:2375
|
||||
- DATABASE_URI=postgresql://bunkerweb:changeme@bw-db:5432/db
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
|
||||
bw-docker:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONFIGS=1
|
||||
- CONTAINERS=1
|
||||
- SERVICES=1
|
||||
- SWARM=1
|
||||
- TASKS=1
|
||||
networks:
|
||||
- bw-docker
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role == manager"
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
environment:
|
||||
- SWARM_MODE=yes
|
||||
- DOCKER_HOST=tcp://bw-docker:2375
|
||||
- DATABASE_URI=postgresql://bunkerweb:changeme@bw-db:5432/db
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
|
||||
bw-db:
|
||||
image: postgres:15.1
|
||||
environment:
|
||||
- POSTGRES_USER=bunkerweb
|
||||
- POSTGRES_PASSWORD=changeme
|
||||
- POSTGRES_DB=db
|
||||
volumes:
|
||||
- bw-data:/var/lib/postgresql/data
|
||||
networks:
|
||||
- bw-docker
|
||||
|
||||
bw-redis:
|
||||
image: redis:7-alpine
|
||||
networks:
|
||||
- bw-universe
|
||||
|
||||
bw-ui:
|
||||
image: bunkerity/bunkerweb-ui:1.5.0
|
||||
environment:
|
||||
- DATABASE_URI=postgresql://bunkerweb:changeme@bw-db:5432/db
|
||||
- DOCKER_HOST=tcp://bw-docker:2375
|
||||
- ADMIN_USERNAME=admin
|
||||
- ADMIN_PASSWORD=changeme
|
||||
- ABSOLUTE_URI=http://www.example.com/admin
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-docker
|
||||
deploy:
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_UI=yes
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/admin
|
||||
- bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000
|
||||
- bunkerweb.REVERSE_PROXY_HEADERS=X-Script-Name /admin
|
||||
- bunkerweb.INTERCEPTED_ERROR_CODES=400 401 405 413 429 500 501 502 503 504
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
name: bw-universe
|
||||
driver: overlay
|
||||
attachable: true
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
name: bw-services
|
||||
driver: overlay
|
||||
attachable: true
|
||||
bw-docker:
|
||||
name: bw-docker
|
||||
driver: overlay
|
||||
attachable: true
|
|
@ -17,6 +17,8 @@ services:
|
|||
- DATABASE_URI=postgresql://bunkerweb:changeme@bw-db:5432/db
|
||||
- SWARM_MODE=yes
|
||||
- MULTISITE=yes
|
||||
- USE_REDIS=yes
|
||||
- REDIS_HOST=bw-redis
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
networks:
|
||||
- bw-universe
|
||||
|
@ -77,6 +79,11 @@ services:
|
|||
networks:
|
||||
- bw-docker
|
||||
|
||||
bw-redis:
|
||||
image: redis:7-alpine
|
||||
networks:
|
||||
- bw-universe
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{% if DISABLE_DEFAULT_SERVER == "no" +%}
|
||||
{% if IS_LOADING != "yes" and DISABLE_DEFAULT_SERVER == "no" +%}
|
||||
root /usr/share/bunkerweb/core/misc/files;
|
||||
location / {
|
||||
try_files /default.html =404;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{% if USE_UI == "yes" +%}
|
||||
SecRule REQUEST_FILENAME "@rx /services$" "id:1,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-xss,ctl:ruleRemoveByTag=attack-generic,nolog"
|
||||
SecRule REQUEST_FILENAME "@rx /global_config$" "id:2,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-xss,ctl:ruleRemoveByTag=attack-generic,nolog"
|
||||
SecRule REQUEST_FILENAME "@rx /global_config$" "id:2,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-xss,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=platform-pgsqlnolog"
|
||||
SecRule REQUEST_FILENAME "@rx /configs$" "id:3,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-xss,ctl:ruleRemoveByTag=attack-generic,nolog"
|
||||
{% endif +%}
|
Loading…
Reference in New Issue