260 lines
5.8 KiB
YAML
260 lines
5.8 KiB
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: cr-bunkerweb
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["services", "pods", "configmaps"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources: ["ingresses"]
|
|
verbs: ["get", "watch", "list"]
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: sa-bunkerweb
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: crb-bunkerweb
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: sa-bunkerweb
|
|
namespace: default
|
|
apiGroup: ""
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: cr-bunkerweb
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: bunkerweb
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: bunkerweb
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bunkerweb
|
|
# mandatory annotation
|
|
annotations:
|
|
bunkerweb.io/INSTANCE: "yes"
|
|
spec:
|
|
containers:
|
|
# using bunkerweb as name is mandatory
|
|
- name: bunkerweb
|
|
image: bunkerity/bunkerweb:1.5.4
|
|
imagePullPolicy: Always
|
|
securityContext:
|
|
runAsUser: 101
|
|
runAsGroup: 101
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
ports:
|
|
- containerPort: 8080
|
|
hostPort: 80
|
|
- containerPort: 8443
|
|
hostPort: 443
|
|
env:
|
|
- name: KUBERNETES_MODE
|
|
value: "yes"
|
|
# replace with your DNS resolvers
|
|
# e.g. : kube-dns.kube-system.svc.cluster.local
|
|
- name: DNS_RESOLVERS
|
|
value: "coredns.kube-system.svc.cluster.local"
|
|
- name: USE_API
|
|
value: "yes"
|
|
# 10.0.0.0/8 is the cluster internal subnet
|
|
- name: API_WHITELIST_IP
|
|
value: "127.0.0.0/8 10.0.0.0/8"
|
|
- name: SERVER_NAME
|
|
value: ""
|
|
- name: MULTISITE
|
|
value: "yes"
|
|
- name: USE_REDIS
|
|
value: "yes"
|
|
- name: REDIS_HOST
|
|
value: "svc-bunkerweb-redis.default.svc.cluster.local"
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- /usr/share/bunkerweb/helpers/healthcheck.sh
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 1
|
|
timeoutSeconds: 1
|
|
failureThreshold: 3
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bunkerweb-controller
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: bunkerweb-controller
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bunkerweb-controller
|
|
spec:
|
|
serviceAccountName: sa-bunkerweb
|
|
containers:
|
|
- name: bunkerweb-controller
|
|
image: bunkerity/bunkerweb-autoconf:1.5.4
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: KUBERNETES_MODE
|
|
value: "yes"
|
|
- name: "DATABASE_URI"
|
|
value: "mysql+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bunkerweb-scheduler
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: bunkerweb-scheduler
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bunkerweb-scheduler
|
|
spec:
|
|
containers:
|
|
- name: bunkerweb-controller
|
|
image: bunkerity/bunkerweb-autoconf:1.5.4
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: KUBERNETES_MODE
|
|
value: "yes"
|
|
- name: "DATABASE_URI"
|
|
value: "mysql+pymysql://bunkerweb:changeme@svc-bunkerweb-db:3306/db"
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bunkerweb-redis
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: bunkerweb-redis
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bunkerweb-redis
|
|
spec:
|
|
containers:
|
|
- name: bunkerweb-redis
|
|
image: redis:7-alpine
|
|
imagePullPolicy: Always
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bunkerweb-db
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: bunkerweb-db
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bunkerweb-db
|
|
spec:
|
|
containers:
|
|
- name: bunkerweb-db
|
|
image: mysql:8.0
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: MYSQL_RANDOM_ROOT_PASSWORD
|
|
value: "yes"
|
|
- name: "MYSQL_DATABASE"
|
|
value: "db"
|
|
- name: "MYSQL_USER"
|
|
value: "bunkerweb"
|
|
- name: "MYSQL_PASSWORD"
|
|
value: "changeme"
|
|
volumeMounts:
|
|
- mountPath: "/var/lib/mysql"
|
|
name: vol-db
|
|
volumes:
|
|
- name: vol-db
|
|
persistentVolumeClaim:
|
|
claimName: pvc-bunkerweb
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: svc-bunkerweb
|
|
spec:
|
|
clusterIP: None
|
|
selector:
|
|
app: bunkerweb
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: svc-bunkerweb-db
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: bunkerweb-db
|
|
ports:
|
|
- name: sql
|
|
protocol: TCP
|
|
port: 3306
|
|
targetPort: 3306
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: svc-bunkerweb-redis
|
|
spec:
|
|
type: ClusterIP
|
|
selector:
|
|
app: bunkerweb-redis
|
|
ports:
|
|
- name: redis
|
|
protocol: TCP
|
|
port: 6379
|
|
targetPort: 6379
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: pvc-bunkerweb
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|