gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-06 05:04:27 +08:00
Code Issues Projects Releases Packages Wiki Activity

initial commit on new k8s templates

Browse source
This commit is contained in:
afeiszli 2022-06-28 07:21:16 -04:00
parent edb7f50d2d
commit 314e5a143d
41 changed files with 715 additions and 1652 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
kube/example/clusterissuer.yaml → k8s/misc/clusterissuer.yaml
View file

0
kube/example/dnsutils.yaml → k8s/misc/dnsutils.yaml
View file

0
kube/example/nginx-example.yaml → k8s/misc/nginx-example.yaml
View file

0
kube/example/pingtest.yaml → k8s/misc/pingtest.yaml
View file

0
kube/ubuntu.yaml → k8s/misc/ubuntu.yaml
View file

0
kube/netclient-daemonset.yaml → k8s/netclient/netclient-daemonset.yaml
View file

0
kube/netclient-template-doks-uspace.yaml → k8s/netclient/netclient-template-doks-uspace.yaml
View file

0
kube/netclient-template-doks.yaml → k8s/netclient/netclient-template-doks.yaml
View file

0
kube/netclient-template.yaml → k8s/netclient/netclient-template.yaml
View file

13
k8s/netmaker-ha/kustomization.yml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: netmaker
resources:
- database/
- server/
- mq/
- ui/
- netmaker-deploy.yml
- netmaker-ing.yml
- netmaker-pvc.yml
- netmaker-sa.yml
- netmaker-ns.yml

76
k8s/netmaker-ha/netmaker-ing.yml Normal file
View file

@ -0,0 +1,76 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: &app "netmaker"
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/secure-backends: "true"
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: netmaker.<path:apps-kv/data/general#DN>
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: *app
port:
number: 80
tls:
- hosts:
- netmaker.<path:apps-kv/data/general#DN>
secretName: netmaker-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: netmaker-api
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- host: api.netmaker.<path:apps-kv/data/general#DN>
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-api
port:
number: 8081
tls:
- hosts:
- api.netmaker.<path:apps-kv/data/general#DN>
secretName: netmaker-tls
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: netmaker-grpc
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
rules:
- host: grpc.netmaker.<path:apps-kv/data/general#DN>
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-grpc
port:
number: 443
tls:
- hosts:
- grpc.netmaker.<path:apps-kv/data/general#DN>
secretName: netmaker-tls

4
k8s/netmaker-ha/netmaker-ns.yml Normal file
View file

@ -0,0 +1,4 @@
kind: Namespace
apiVersion: v1
metadata:
name: netmaker

26
k8s/netmaker-ha/netmaker-pvc.yml Normal file
View file

@ -0,0 +1,26 @@
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: netmaker
spec:
storageClassName: managed-nfs-storage
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: netmaker-rqlite
annotations:
nfs.io/storage-path: "data01/netmaker/rqlite"
spec:
storageClassName: managed-nfs-storage
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi

5
k8s/netmaker-ha/netmaker-sa.yml Normal file
View file

@ -0,0 +1,5 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: netmaker

6
k8s/netmaker-ha/server/kustomization.yml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: netmaker
resources:
- netmaker-deploy.yml
- netmaker-svc.yml

115
k8s/netmaker-ha/server/netmaker-backend-deploy.yml Normal file
View file

@ -0,0 +1,115 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: netmaker
name: netmaker
spec:
replicas: 1
serviceName: netmaker-headless
selector:
matchLabels:
app: netmaker
template:
metadata:
labels:
app: netmaker
spec:
initContainers:
- name: init-sysctl
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
securityContext:
privileged: true
dnsPolicy: ClusterFirstWithHostNet
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- netmaker
topologyKey: "kubernetes.io/hostname"
containers:
- env:
- name: SERVER_NAME
value: broker.nm.k8s.clustercat.com
- name: SERVER_API_CONN_STRING
value: api.nm.k8s.clustercat.com:443
- name: SERVER_HTTP_HOST
value: api.nm.k8s.clustercat.com
- name: API_PORT
value: "8081"
- name: WG_QUICK_USERSPACE_IMPLEMENTATION
value: wireguard-go
- name: DNS_MODE
value: "off"
- name: CLIENT_MODE
value: "on"
- name: DISPLAY_KEYS
value: "on"
- name: DATABASE
value: sqlite
- name: MASTER_KEY
value: cqYXwQGWiLKj
- name: PLATFORM
value: Kubernetes
- name: CORS_ALLOWED_ORIGIN
value: '*'
- name: MQ_HOST
value: "mq"
- name: MQ_PORT
value: "31883"
- name: PLATFORM
value: "Kubernetes"
- name: VERBOSITY
value: "3"
image: gravitl/netmaker:v0.14.3
imagePullPolicy: Always
name: netmaker
ports:
- containerPort: 8081
protocol: TCP
- containerPort: 31821
protocol: UDP
- containerPort: 31822
protocol: UDP
- containerPort: 31823
protocol: UDP
- containerPort: 31824
protocol: UDP
- containerPort: 31825
protocol: UDP
- containerPort: 31826
protocol: UDP
- containerPort: 31827
protocol: UDP
- containerPort: 31828
protocol: UDP
- containerPort: 31829
protocol: UDP
- containerPort: 31830
protocol: UDP
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
volumeMounts:
- mountPath: /etc/netmaker/
name: shared-certs
- mountPath: /root/data
name: netmaker-data
volumes:
- name: shared-certs
persistentVolumeClaim:
claimName: shared-certs-pvc
- name: netmaker-data
persistentVolumeClaim:
claimName: netmaker-data-pvc

32
k8s/netmaker-ha/server/netmaker-backend-svc.yml Normal file
View file

@ -0,0 +1,32 @@
---
apiVersion: v1
kind: Service
metadata:
labels: &labels
app: netmaker-backend
part-of: netmaker
name: netmaker-api
spec:
ports:
- port: 8081
protocol: TCP
targetPort: backend
selector: *labels
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels: &labels
app: netmaker-backend
part-of: netmaker
name: netmaker-grpc
spec:
ports:
- port: 443
protocol: TCP
targetPort: backend-grpc
selector: *labels
sessionAffinity: None
type: ClusterIP

4
k8s/netmaker-singlenode/01-namespace.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: netmaker

26
k8s/netmaker-singlenode/02-pvc.yaml Normal file
View file

@ -0,0 +1,26 @@
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nm-sqldata
namespace: netmaker
spec:
accessModes:
- ReadWriteOnce
storageClassName: STORAGE_CLASS_RWO
resources:
requests:
storage: 500Mi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nm-mq-certs
namespace: netmaker
spec:
accessModes:
- ReadWriteMany
storageClassName: STORAGE_CLASS_RWX
resources:
requests:
storage: 50Mi

107
k8s/netmaker-singlenode/03-svc.yaml Normal file
View file

@ -0,0 +1,107 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
name: 'netmaker-wireguard'
spec:
externalTrafficPolicy: Local
type: NodePort
ports:
- port: 31821
nodePort: 31821
protocol: UDP
targetPort: 31821
name: wg-iface-31821
- port: 31822
nodePort: 31822
protocol: UDP
targetPort: 31822
name: wg-iface-31822
- port: 31823
nodePort: 31823
protocol: UDP
targetPort: 31823
name: wg-iface-31823
- port: 31824
nodePort: 31824
protocol: UDP
targetPort: 31824
name: wg-iface-31824
- port: 31825
nodePort: 31825
protocol: UDP
targetPort: 31825
name: wg-iface-31825
selector:
app: 'netmaker'
---
apiVersion: v1
kind: Service
metadata:
name: 'netmaker-rest'
spec:
ports:
- name: rest
port: 8081
protocol: TCP
targetPort: 8081
selector:
app: 'netmaker'
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
namespace: netmaker
labels:
app: netmaker
name: netmaker-ui
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: netmaker
sessionAffinity: None
type: ClusterIP
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: mq
# namespace: netmaker
# spec:
# ports:
# - name: mqtt
# port: 1883
# protocol: TCP
# targetPort: mqtt
# - name: mqtt2
# port: 8883
# protocol: TCP
# targetPort: mqtt2
# selector:
# app.kubernetes.io/instance: mosquitto
# app.kubernetes.io/name: mosquitto
# sessionAffinity: None
# ---
# apiVersion: v1
# kind: Service
# metadata:
# labels:
# name: 'netmaker-mqtt'
# spec:
# externalTrafficPolicy: Local
# type: NodePort
# selector:
# app.kubernetes.io/instance: mosquitto
# app.kubernetes.io/name: mosquitto
# ports:
# - port: 31883
# nodePort: 31883
# protocol: TCP
# targetPort: 8883
# name: nm-mqtt

18
k8s/netmaker-singlenode/04-configmap.yaml Normal file
View file

@ -0,0 +1,18 @@
---
apiVersion: v1
data:
mosquitto.conf: |
per_listener_settings true
listener 8883
allow_anonymous false
require_certificate true
use_identity_as_username true
cafile /mosquitto/certs/root.pem
certfile /mosquitto/certs/server.pem
keyfile /mosquitto/certs/server.key
listener 1883
allow_anonymous true
kind: ConfigMap
metadata:
name: mosquitto-config
namespace: netmaker

52
k8s/netmaker-singlenode/05-ingress-nginx.yaml Normal file
View file

@ -0,0 +1,52 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-api-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-nginx"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- api.BASE_DOMAIN
secretName: nm-api-tls
rules:
- host: api.BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-rest
port:
number: 8081
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-ui-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-nginx"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- dashboard.BASE_DOMAIN
secretName: nm-ui-tls
rules:
- host: dashboard.BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-ui
port:
number: 80

75
k8s/netmaker-singlenode/05-ingress-traefik.yaml Normal file
View file

@ -0,0 +1,75 @@
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: secheaders
namespace: netmaker
spec:
headers:
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
forceSTSHeader: true
sslRedirect: true
referrerPolicy: "same-origin"
frameDeny: true
contentTypeNosniff: true
browserXssFilter: true
accessControlAllowMethods: ["GET", "OPTIONS", "PUT"]
accessControlMaxAge: 100
customFrameOptionsValue: SAMEORIGIN
contentSecurityPolicy: frame-ancestors 'self'
permissionsPolicy: geolocation=(), microphone=()
referrerPolicy: no-referrer
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nm-api-ingress-tls
namespace: netmaker
spec:
entryPoints:
- websecure
routes:
- match: Host(`api.BASE_DOMAIN`)
kind: Rule
services:
- name: netmaker-api
port: 8081
tls:
certResolver: CERT_PROVIDER
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: nm-ui-ingress-tls
namespace: netmaker
spec:
entryPoints:
- websecure
routes:
- match: Host(`dashboard.BASE_DOMAIN`)
kind: Rule
services:
- name: netmaker-ui
port: 80
middlewares:
- name: secheaders
tls:
certResolver: CERT_PROVIDER
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
namespace: netmaker
name: nm-mq-ingress-tls
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`broker.BASE_DOMAIN`)
services:
- name: netmaker-mq
port: 8883
tls:
passthrough: true

156
k8s/netmaker-singlenode/06-deployment.yaml Normal file
View file

@ -0,0 +1,156 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker
namespace: netmaker
labels:
app: netmaker
spec:
selector:
matchLabels:
app: netmaker
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: netmaker
spec:
initContainers:
- name: init-sysctl
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
securityContext:
privileged: true
dnsPolicy: ClusterFirstWithHostNet
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- netmaker
topologyKey: "kubernetes.io/hostname"
containers:
- env:
- name: SERVER_NAME
value: broker.BASE_DOMAIN
- name: SERVER_API_CONN_STRING
value: api.BASE_DOMAIN:443
- name: SERVER_HTTP_HOST
value: api.BASE_DOMAIN
- name: API_PORT
value: "8081"
- name: WG_QUICK_USERSPACE_IMPLEMENTATION
value: wireguard-go
- name: DNS_MODE
value: "off"
- name: CLIENT_MODE
value: "on"
- name: DISPLAY_KEYS
value: "on"
- name: DATABASE
value: sqlite
- name: MASTER_KEY
value: REPLACE_MASTER_KEY
- name: PLATFORM
value: Kubernetes
- name: CORS_ALLOWED_ORIGIN
value: '*'
- name: MQ_HOST
value: "127.0.0.1"
# Uncomment this section if using the Nginx config
# - name: MQ_PORT
# value: "31883"
- name: PLATFORM
value: "Kubernetes"
- name: VERBOSITY
value: "3"
image: gravitl/netmaker:v0.14.3
imagePullPolicy: Always
name: netmaker
ports:
- containerPort: 8081
protocol: TCP
- containerPort: 31821
protocol: UDP
- containerPort: 31822
protocol: UDP
- containerPort: 31823
protocol: UDP
- containerPort: 31824
protocol: UDP
- containerPort: 31825
protocol: d
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
volumeMounts:
- mountPath: /etc/netmaker/
name: shared-certs
- mountPath: /root/data
name: netmaker-data
- name: netmaker-ui
image: gravitl/netmaker-ui:v0.14.3
ports:
- containerPort: 80
env:
- name: BACKEND_URL
value: "https://api.netmaker.NETMAKER_BASE_DOMAIN"
- image: eclipse-mosquitto:2.0.11-openssl
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 8883
timeoutSeconds: 1
name: mosquitto
ports:
- containerPort: 1883
name: mqtt
protocol: TCP
- containerPort: 8883
name: mqtt2
protocol: TCP
readinessProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 8883
timeoutSeconds: 1
resources: {}
startupProbe:
failureThreshold: 30
periodSeconds: 5
successThreshold: 1
tcpSocket:
port: 8883
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /mosquitto/config/mosquitto.conf
name: mosquitto-config
subPath: mosquitto.conf
- mountPath: /mosquitto/certs
name: shared-certs
volumes:
- name: nm-sqldata
persistentVolumeClaim:
claimName: nm-pvc-sqldata
- name: netmaker-mq-configmap
configMap:
name: netmaker-mq-configmap

0
k8s/netmaker-singlenode/README.md Normal file
View file

59
kube/components/mongo-statefulset.yaml
View file

@ -1,59 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: mongo
labels:
name: mongo
spec:
ports:
- port: 27017
targetPort: 27017
clusterIP: None
selector:
role: mongo
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo
spec:
serviceName: "mongo"
replicas: 1
selector:
matchLabels:
role: mongo
template:
metadata:
labels:
app: mongo
role: mongo
spec:
containers:
- name: mongo
image: mongo
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: mongoadmin
- name: MONGO_INITDB_ROOT_PASSWORD
value: mongopass
securityContext:
privileged: true
volumeMounts:
- name: mongovol
mountPath: /data/db
volumes:
- name: mongovol
persistentVolumeClaim:
claimName: mongodb-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mongodb-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 7Gi
storageClassName: microk8s-hostpath

62
kube/components/netclient-template.yaml.backup
View file

@ -1,62 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: netclient
labels:
app: netclient
spec:
selector:
matchLabels:
app: netclient
template:
metadata:
labels:
app: netclient
spec:
hostNetwork: true
containers:
- name: netclient
image: gravitl/netclient:v0.5.8
command: ['bash', '-c', "/root/netclient join -t $ACCESS_TOKEN --daemon off --name $(echo $NODE_NAME| sed -e s/.$NETWORK//); while true; do /root/netclient checkin -n $NETWORK; sleep $SLEEP; done"]
env:
- name: ACCESS_TOKEN
value: "ACCESS_TOKEN_VALUE"
- name: NETWORK
value: "microk8s"
- name: SLEEP
value: "30"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /etc/netclient
name: etc-netclient
- mountPath: /usr/bin/wg
name: wg
- mountPath: /var/run/dbus/system_bus_socket
name: systemd-bus-socket
securityContext:
privileged: true
#capabilities:
# add:
# - ["NET_ADMIN","SYS_ADMIN","SYS_MODULE"]
volumes:
- hostPath:
path: /etc/netclient
type: DirectoryOrCreate
name: etc-netclient
- hostPath:
path: /usr/bin/wg
type: File
name: wg
- hostPath:
path: /usr/bin/resolvectl
type: File
name: resolvectl
- hostPath:
path: /var/run/dbus/system_bus_socket
type: ""
name: systemd-bus-socket

87
kube/components/netmaker-api.yaml
View file

@ -1,87 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-api
labels:
app: netmaker-api
spec:
selector:
matchLabels:
app: netmaker-api
replicas: 1
template:
metadata:
labels:
app: netmaker-api
spec:
containers:
- name: netmaker-api
image: gravitl/netmaker:v0.5.7
ports:
- containerPort: 8081
volumeMounts:
- name: nm-pvc
mountPath: /root/config/dnsconfig
env:
- name: SERVER_API_CONN_STRING
value: "api.nm.k8s.gravitl.com:443"
- name: COREDNS_ADDR
value: "netmaker-dns"
- name: SERVER_HTTP_HOST
value: "api.nm.k8s.gravitl.com"
- name: API_PORT
value: "8081"
- name: AGENT_BACKEND
value: "off"
- name: CLIENT_MODE
value: "off"
- name: DNS_MODE
value: "on"
- name: MASTER_KEY
value: "Unkn0wn!"
- name: MASTER_KEY
value: "secretkey"
- name: CORS_ALLOWED_ORIGIN
value: "*"
- name: DISABLE_REMOTE_IP_CHECK
value: "on"
- name: MONGO_ADMIN
value: "mongoadmin"
- name: MONGO_PASS
value: "mongopass"
- name: MONGO_HOST
value: "mongo-0.mongo"
- name: MONGO_OPTS
value: "/?authSource=admin"
volumes:
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nm-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 128Mi
storageClassName: microk8s-hostpath
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-api
name: netmaker-api
spec:
ports:
- port: 8081
protocol: TCP
targetPort: 8081
selector:
app: netmaker-api
sessionAffinity: None
type: ClusterIP

98
kube/components/netmaker-backend.yaml
View file

@ -1,98 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-backend
labels:
app: netmaker-backend
spec:
selector:
matchLabels:
app: netmaker-backend
replicas: 1
template:
metadata:
labels:
app: netmaker-backend
spec:
containers:
- name: netmaker-backend
image: gravitl/netmaker:v0.5.7
ports:
- containerPort: 8081
volumeMounts:
- name: nm-pvc
mountPath: /root/config/dnsconfig
env:
- name: SERVER_API_CONN_STRING
value: "api.nm.k8s.gravitl.com:443"
- name: COREDNS_ADDR
value: "10.152.183.53"
- name: SERVER_HTTP_HOST
value: "api.k8s.gravitl.com"
- name: API_PORT
value: "8081"
- name: CLIENT_MODE
value: "off"
- name: MASTER_KEY
value: "Unkn0wn!"
- name: MASTER_KEY
value: "secretkey"
- name: CORS_ALLOWED_ORIGIN
value: "*"
- name: DISABLE_REMOTE_IP_CHECK
value: "on"
- name: MONGO_ADMIN
value: "mongoadmin"
- name: MONGO_PASS
value: "mongopass"
- name: MONGO_HOST
value: "mongo-0.mongo"
- name: MONGO_OPTS
value: "/?authSource=admin"
volumes:
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nm-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 128Mi
storageClassName: microk8s-hostpath
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
name: netmaker-api
spec:
ports:
- port: 8081
protocol: TCP
targetPort: 8081
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP

71
kube/components/netmaker-dns.yaml
View file

@ -1,71 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-dns
labels:
app: netmaker-dns
spec:
selector:
matchLabels:
app: netmaker-dns
replicas: 1
template:
metadata:
labels:
app: netmaker-dns
spec:
containers:
- args:
- -conf
- /root/dnsconfig/Corefile
image: coredns/coredns
imagePullPolicy: Always
name: netmaker-dns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
volumeMounts:
- mountPath: /root/dnsconfig
name: nm-pvc
readOnly: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
dnsPolicy: "None"
dnsConfig:
nameservers:
- 127.0.0.1
volumes:
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-dns
name: netmaker-dns
spec:
ports:
- port: 53
protocol: UDP
targetPort: 53
name: udp
- port: 53
protocol: TCP
targetPort: 53
name: tcp
selector:
app: netmaker-dns
sessionAffinity: None
type: ClusterIP
clusterIP: 10.152.183.53

82
kube/components/netmaker-grpc.yaml
View file

@ -1,82 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-grpc
labels:
app: netmaker-grpc
spec:
selector:
matchLabels:
app: netmaker-grpc
replicas: 1
template:
metadata:
labels:
app: netmaker-grpc
spec:
containers:
- name: netmaker-grpc
image: gravitl/netmaker:v0.5.7
ports:
- containerPort: 443
volumeMounts:
- name: nm-pvc
mountPath: /root/dnsconfig
env:
- name: SERVER_API_CONN_STRING
value: "api.nm.k8s.gravitl.com:443"
- name: SERVER_GRPC_CONN_STRING
value: "grpc.nm.k8s.gravitl.com:443"
- name: COREDNS_ADDR
value: "netmaker-dns"
- name: GRPC_SSL
value: "on"
- name: CLIENT_MODE
value: "off"
- name: DNS_MODE
value: "on"
- name: MASTER_KEY
value: "Unkn0wn!"
- name: SERVER_GRPC_WIREGUARD
value: "off"
- name: MASTER_KEY
value: "secretkey"
- name: CORS_ALLOWED_ORIGIN
value: "*"
- name: DISABLE_REMOTE_IP_CHECK
value: "on"
- name: MONGO_ADMIN
value: "mongoadmin"
- name: MONGO_PASS
value: "mongopass"
- name: MONGO_HOST
value: "mongo-0.mongo"
- name: MONGO_OPTS
value: "/?authSource=admin"
- name: SERVER_GRPC_HOST
value: "0.0.0.0"
- name: GRPC_PORT
value: "443"
- name: REST_BACKEND
value: "off"
volumes:
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-grpc
name: netmaker-grpc
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
app: netmaker-grpc
sessionAffinity: None
type: ClusterIP

25
kube/components/netmaker-ingress-api.yaml
View file

@ -1,25 +0,0 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "traefik"
kubernetes.io/ingress.allow-http: "false"
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
cert-manager.io/cluster-issuer: wildcard-issuer
name: nm-api-ingress
namespace: netmaker
spec:
rules:
- host: api.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
backend:
serviceName: netmaker
servicePort: 8081
tls:
- hosts:
- api.NETMAKER_BASE_DOMAIN
secretName: cert-nm-api

25
kube/components/netmaker-ingress-frontend.yaml
View file

@ -1,25 +0,0 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "traefik"
kubernetes.io/ingress.allow-http: "false"
traefik.ingress.kubernetes.io/redirect-entry-point: https
traefik.ingress.kubernetes.io/redirect-permanent: "true"
traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
cert-manager.io/cluster-issuer: wildcard-issuer
name: nm-ui-ingress
namespace: netmaker
spec:
rules:
- host: dashboard.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
backend:
serviceName: netmaker-ui
servicePort: 80
tls:
- hosts:
- dashboard.NETMAKER_BASE_DOMAIN
secretName: cert-nm-ui

17
kube/components/netmaker-ingress-grpc.yaml
View file

@ -1,17 +0,0 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "traefik"
ingress.kubernetes.io/protocol: "h2c"
name: nm-grpc-ingress
namespace: netmaker
spec:
rules:
- host: grpc.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
backend:
serviceName: netmaker-grpc
servicePort: 50051

345
kube/components/netmaker-template.yaml.backup
View file

@ -1,345 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: mongo
labels:
name: mongo
spec:
ports:
- port: 27017
targetPort: 27017
clusterIP: None
selector:
role: mongo
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo
spec:
serviceName: "mongo"
replicas: 1
selector:
matchLabels:
role: mongo
template:
metadata:
labels:
app: mongo
role: mongo
spec:
containers:
- name: mongo
image: mongo
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: mongoadmin
- name: MONGO_INITDB_ROOT_PASSWORD
value: mongopass
securityContext:
privileged: true
volumeMounts:
- name: mongovol
mountPath: /data/db
volumes:
- name: mongovol
persistentVolumeClaim:
claimName: mongodb-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mongodb-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 7Gi
storageClassName: microk8s-hostpath
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-backend
labels:
app: netmaker-backend
spec:
selector:
matchLabels:
app: netmaker-backend
replicas: 1
template:
metadata:
labels:
app: netmaker-backend
spec:
containers:
- name: netmaker-backend
image: gravitl/netmaker:v0.5.7
ports:
- containerPort: 8081
volumeMounts:
- name: nm-pvc
mountPath: /root/config/dnsconfig
env:
- name: SERVER_API_CONN_STRING
value: "api.NETMAKER_BASE_DOMAIN:443"
- name: COREDNS_ADDR
value: "10.152.183.53"
- name: SERVER_HTTP_HOST
value: "api.NETMAKER_BASE_DOMAIN"
- name: API_PORT
value: "8081"
- name: CLIENT_MODE
value: "off"
- name: MASTER_KEY
value: "Unkn0wn!"
- name: MASTER_KEY
value: "secretkey"
- name: CORS_ALLOWED_ORIGIN
value: "*"
- name: DISABLE_REMOTE_IP_CHECK
value: "on"
- name: MONGO_ADMIN
value: "mongoadmin"
- name: MONGO_PASS
value: "mongopass"
- name: MONGO_HOST
value: "mongo-0.mongo"
- name: MONGO_OPTS
value: "/?authSource=admin"
volumes:
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nm-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 128Mi
storageClassName: microk8s-hostpath
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
name: netmaker-api
spec:
ports:
- port: 8081
protocol: TCP
targetPort: 8081
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
name: netmaker-grpc
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-dns
labels:
app: netmaker-dns
spec:
selector:
matchLabels:
app: netmaker-dns
replicas: 1
template:
metadata:
labels:
app: netmaker-dns
spec:
containers:
- args:
- -conf
- /root/dnsconfig/Corefile
image: coredns/coredns
imagePullPolicy: Always
name: netmaker-dns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
volumeMounts:
- mountPath: /root/dnsconfig
name: nm-pvc
readOnly: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
dnsPolicy: "None"
dnsConfig:
nameservers:
- 127.0.0.1
volumes:
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-dns
name: netmaker-dns
spec:
ports:
- port: 53
protocol: UDP
targetPort: 53
name: udp
- port: 53
protocol: TCP
targetPort: 53
name: tcp
selector:
app: netmaker-dns
sessionAffinity: None
type: ClusterIP
clusterIP: 10.152.183.53
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-ui
labels:
app: netmaker-ui
spec:
selector:
matchLabels:
app: netmaker-ui
replicas: 1
template:
metadata:
labels:
app: netmaker-ui
spec:
containers:
- name: netmaker-ui
image: gravitl/netmaker-ui:v0.5
ports:
- containerPort: 80
env:
- name: BACKEND_URL
value: "https://api.NETMAKER_BASE_DOMAIN"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-ui
name: netmaker-ui
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: netmaker-ui
sessionAffinity: None
type: ClusterIP
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-api-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: public
tls:
- hosts:
- api.NETMAKER_BASE_DOMAIN
secretName: nm-api-tls
rules:
- host: api.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-api
port:
number: 8081
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-grpc-ingress-nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
ingressClassName: public
tls:
- hosts:
- grpc.NETMAKER_BASE_DOMAIN
secretName: nm-grpc-tls
rules:
- host: grpc.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-grpc
port:
number: 443
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-ui-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: public
tls:
- hosts:
- dashboard.NETMAKER_BASE_DOMAIN
secretName: nm-ui-tls
rules:
- host: dashboard.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-ui
port:
number: 80

40
kube/components/netmaker-ui.yaml
View file

@ -1,40 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-ui
labels:
app: netmaker-ui
spec:
selector:
matchLabels:
app: netmaker-ui
replicas: 1
template:
metadata:
labels:
app: netmaker-ui
spec:
containers:
- name: netmaker-ui
image: gravitl/netmaker-ui:v0.5
ports:
- containerPort: 80
env:
- name: BACKEND_URL
value: "https://api.nm.k8s.gravitl.com"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-ui
name: netmaker-ui
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: netmaker-ui
sessionAffinity: None
type: ClusterIP

26
kube/components/nm-ingress-api-nginx.yaml
View file

@ -1,26 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-api-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: public
tls:
- hosts:
- api.NETMAKER_BASE_DOMAIN
secretName: nm-api-tls
rules:
- host: api.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-api
port:
number: 8081

25
kube/components/nm-ingress-grpc-nginx.yaml
View file

@ -1,25 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-grpc-ingress-nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
ingressClassName: public
tls:
- hosts:
- grpc.NETMAKER_BASE_DOMAIN
secretName: nm-grpc-tls-2
rules:
- host: grpc.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-grpc
port:
number: 443

26
kube/components/nm-ingress-ui-nginx.yaml
View file

@ -1,26 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-ui-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: public
tls:
- hosts:
- dashboard.NETMAKER_BASE_DOMAIN
secretName: nm-ui-tls
rules:
- host: dashboard.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-ui
port:
number: 80

353
kube/netmaker-template-udp.yaml
View file

@ -1,353 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rqlite-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-backend
labels:
app: netmaker-backend
spec:
nodeSelector:
netmaker-server: true
selector:
matchLabels:
app: netmaker-backend
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: netmaker-backend
spec:
containers:
- name: netmaker-backend
image: gravitl/netmaker:0.7.2
imagePullPolicy: Always
ports:
- containerPort: 8081
volumeMounts:
- name: nm-pvc
mountPath: /root/config/dnsconfig
- mountPath: /etc/netclient
name: etc-netclient
- mountPath: /usr/bin/wg
name: wg
- mountPath: /var/run/dbus/system_bus_socket
name: systemd-bus-socket
- mountPath: /sys/fs/cgroup
name: cgroup
- mountPath: /run/systemd/system
name: run-systemd
- mountPath: /etc/systemd/system
name: etc-systemd
securityContext:
privileged: true
env:
- name: SERVER_API_CONN_STRING
value: "api.NETMAKER_BASE_DOMAIN:443"
- name: COREDNS_ADDR
value: "10.152.183.53"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVER_HTTP_HOST
value: "api.NETMAKER_BASE_DOMAIN:443"
- name: API_PORT
value: "8081"
- name: CLIENT_MODE
value: "off"
- name: MASTER_KEY
value: "Unkn0wn!"
- name: PLATFORM
value: "Kubernetes"
- name: CORS_ALLOWED_ORIGIN
value: "*"
- name: rqlite
image: rqlite/rqlite
ports:
- containerPort: 4001
- containerPort: 4002
volumeMounts:
- name: rqlitevol
mountPath: /rqlite/file/data
volumes:
- name: rqlitevol
persistentVolumeClaim:
claimName: rqlite-pvc
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
- hostPath:
path: /etc/netclient
type: DirectoryOrCreate
name: etc-netclient
- hostPath:
path: /usr/bin/wg
type: File
name: wg
- hostPath:
path: /usr/bin/resolvectl
type: File
name: resolvectl
- hostPath:
path: /var/run/dbus/system_bus_socket
type: ""
name: systemd-bus-socket
- hostPath:
path: /etc/systemd/system
type: ""
name: etc-systemd
- hostPath:
path: /run/systemd/system
type: ""
name: run-systemd
- hostPath:
path: /sys/fs/cgroup
type: ""
name: cgroup
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nm-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 128Mi
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
name: netmaker-api
spec:
ports:
- port: 8081
protocol: TCP
targetPort: 8081
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
name: netmaker-grpc
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-dns
labels:
app: netmaker-dns
spec:
selector:
matchLabels:
app: netmaker-dns
replicas: 1
template:
metadata:
labels:
app: netmaker-dns
spec:
containers:
- args:
- -conf
- /root/dnsconfig/Corefile
image: coredns/coredns
imagePullPolicy: Always
name: netmaker-dns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
volumeMounts:
- mountPath: /root/dnsconfig
name: nm-pvc
readOnly: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
dnsPolicy: "None"
dnsConfig:
nameservers:
- 127.0.0.1
volumes:
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-dns
name: netmaker-dns
spec:
ports:
- port: 53
protocol: UDP
targetPort: 53
name: udp
- port: 53
protocol: TCP
targetPort: 53
name: tcp
selector:
app: netmaker-dns
sessionAffinity: None
type: ClusterIP
clusterIP: 10.152.183.53
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-ui
labels:
app: netmaker-ui
spec:
selector:
matchLabels:
app: netmaker-ui
replicas: 1
template:
metadata:
labels:
app: netmaker-ui
spec:
containers:
- name: netmaker-ui
image: gravitl/netmaker-ui:v0.7
ports:
- containerPort: 80
env:
- name: BACKEND_URL
value: "https://api.NETMAKER_BASE_DOMAIN"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-ui
name: netmaker-ui
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: netmaker-ui
sessionAffinity: None
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-api-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- api.NETMAKER_BASE_DOMAIN
secretName: nm-api-tls
rules:
- host: api.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-api
port:
number: 8081
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-grpc-ingress-nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
ingressClassName: nginx
tls:
- hosts:
- grpc.NETMAKER_BASE_DOMAIN
secretName: nm-grpc-tls
rules:
- host: grpc.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-grpc
port:
number: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-ui-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- dashboard.NETMAKER_BASE_DOMAIN
secretName: nm-ui-tls
rules:
- host: dashboard.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-ui
port:
number: 80

311
kube/netmaker-template.yaml
View file

@ -1,311 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rqlite-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-backend
labels:
app: netmaker-backend
spec:
selector:
matchLabels:
app: netmaker-backend
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: netmaker-backend
spec:
containers:
- name: netmaker-backend
image: gravitl/netmaker:v0.7
imagePullPolicy: Always
ports:
- containerPort: 8081
securityContext:
privileged: true
env:
- name: SERVER_API_CONN_STRING
value: "api.NETMAKER_BASE_DOMAIN:443"
- name: COREDNS_ADDR
value: "10.152.183.53"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVER_HTTP_HOST
value: "api.NETMAKER_BASE_DOMAIN"
- name: API_PORT
value: "8081"
- name: CLIENT_MODE
value: "off"
- name: MASTER_KEY
value: "Unkn0wn!"
- name: PLATFORM
value: "Kubernetes"
- name: CORS_ALLOWED_ORIGIN
value: "*"
volumeMounts:
- name: nm-pvc
mountPath: /root/config/dnsconfig
- name: rqlite
image: rqlite/rqlite
ports:
- containerPort: 4001
- containerPort: 4002
volumeMounts:
- name: rqlitevol
mountPath: /rqlite/file/data
volumes:
- name: rqlitevol
persistentVolumeClaim:
claimName: rqlite-pvc
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nm-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 128Mi
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
name: netmaker-api
spec:
ports:
- port: 8081
protocol: TCP
targetPort: 8081
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
name: netmaker-grpc
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-dns
labels:
app: netmaker-dns
spec:
selector:
matchLabels:
app: netmaker-dns
replicas: 1
template:
metadata:
labels:
app: netmaker-dns
spec:
containers:
- args:
- -conf
- /root/dnsconfig/Corefile
image: coredns/coredns
imagePullPolicy: Always
name: netmaker-dns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
volumeMounts:
- mountPath: /root/dnsconfig
name: nm-pvc
readOnly: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
dnsPolicy: "None"
dnsConfig:
nameservers:
- 127.0.0.1
volumes:
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-dns
name: netmaker-dns
spec:
ports:
- port: 53
protocol: UDP
targetPort: 53
name: udp
- port: 53
protocol: TCP
targetPort: 53
name: tcp
selector:
app: netmaker-dns
sessionAffinity: None
type: ClusterIP
clusterIP: 10.152.183.53
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-ui
labels:
app: netmaker-ui
spec:
selector:
matchLabels:
app: netmaker-ui
replicas: 1
template:
metadata:
labels:
app: netmaker-ui
spec:
containers:
- name: netmaker-ui
image: gravitl/netmaker-ui:v0.7
ports:
- containerPort: 80
env:
- name: BACKEND_URL
value: "https://api.NETMAKER_BASE_DOMAIN"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-ui
name: netmaker-ui
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: netmaker-ui
sessionAffinity: None
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-api-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- api.NETMAKER_BASE_DOMAIN
secretName: nm-api-tls
rules:
- host: api.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-api
port:
number: 8081
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-grpc-ingress-nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
ingressClassName: nginx
tls:
- hosts:
- grpc.NETMAKER_BASE_DOMAIN
secretName: nm-grpc-tls
rules:
- host: grpc.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-grpc
port:
number: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-ui-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- dashboard.NETMAKER_BASE_DOMAIN
secretName: nm-ui-tls
rules:
- host: dashboard.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-ui
port:
number: 80