apiVersion: apps/v1 kind: StatefulSet metadata: labels: app: netmaker name: netmaker spec: replicas: 3 serviceName: netmaker-headless selector: matchLabels: app: netmaker template: metadata: labels: app: netmaker spec: initContainers: - name: init-sysctl image: busybox imagePullPolicy: IfNotPresent command: ["/bin/sh", "-c"] args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"] securityContext: privileged: true dnsPolicy: ClusterFirstWithHostNet affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - netmaker topologyKey: "kubernetes.io/hostname" containers: - env: - name: NODE_ID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SERVER_NAME value: broker.NETMAKER_SUBDOMAIN - name: SERVER_API_CONN_STRING value: api.NETMAKER_SUBDOMAIN:443 - name: SERVER_HTTP_HOST value: api.NETMAKER_SUBDOMAIN - name: API_PORT value: "8081" - name: WG_QUICK_USERSPACE_IMPLEMENTATION value: wireguard-go - name: DNS_MODE value: "off" - name: CLIENT_MODE value: "on" - name: DISPLAY_KEYS value: "on" - name: DATABASE value: postgres - name: SQL_HOST value: "DB_NAME-postgresql" - name: SQL_PORT value: "5432" - name: SQL_DB value: "postgres" - name: SQL_USER value: "postgres" - name: SQL_PASS value: "DB_PASS" - name: MASTER_KEY value: REPLACE_MASTER_KEY - name: CORS_ALLOWED_ORIGIN value: '*' - name: MQ_HOST value: "mq" - name: MQ_PORT value: "31883" - name: MQ_SERVER_PORT value: "1883" - name: PLATFORM value: "Kubernetes" - name: VERBOSITY value: "3" image: gravitl/netmaker:v0.16.2 imagePullPolicy: Always name: netmaker ports: - containerPort: 8081 protocol: TCP - containerPort: 31821 protocol: UDP - containerPort: 31822 protocol: UDP - containerPort: 31823 protocol: UDP - containerPort: 31824 protocol: UDP - containerPort: 31825 protocol: UDP - containerPort: 31826 protocol: UDP - containerPort: 31827 protocol: UDP - containerPort: 31828 protocol: UDP - containerPort: 31829 protocol: UDP - containerPort: 31830 protocol: UDP resources: {} securityContext: capabilities: add: - NET_ADMIN - NET_RAW - SYS_MODULE volumeMounts: - mountPath: /etc/netmaker/ name: shared-certs volumes: - name: shared-certs persistentVolumeClaim: claimName: shared-certs-pvc --- apiVersion: v1 kind: Service metadata: labels: name: 'netmaker-wireguard' spec: externalTrafficPolicy: Local type: NodePort ports: - port: 31821 nodePort: 31821 protocol: UDP targetPort: 31821 name: wg-iface-31821 - port: 31822 nodePort: 31822 protocol: UDP targetPort: 31822 name: wg-iface-31822 - port: 31823 nodePort: 31823 protocol: UDP targetPort: 31823 name: wg-iface-31823 - port: 31824 nodePort: 31824 protocol: UDP targetPort: 31824 name: wg-iface-31824 - port: 31825 nodePort: 31825 protocol: UDP targetPort: 31825 name: wg-iface-31825 - port: 31826 nodePort: 31826 protocol: UDP targetPort: 31826 name: wg-iface-31826 - port: 31827 nodePort: 31827 protocol: UDP targetPort: 31827 name: wg-iface-31827 - port: 31828 nodePort: 31828 protocol: UDP targetPort: 31828 name: wg-iface-31828 - port: 31829 nodePort: 31829 protocol: UDP targetPort: 31829 name: wg-iface-31829 - port: 31830 nodePort: 31830 protocol: UDP targetPort: 31830 name: wg-iface-31830 selector: app: 'netmaker' --- apiVersion: v1 kind: Service metadata: name: 'netmaker-rest' spec: ports: - name: rest port: 8081 protocol: TCP targetPort: 8081 selector: app: 'netmaker' sessionAffinity: None type: ClusterIP # --- # apiVersion: networking.k8s.io/v1 # kind: Ingress # metadata: # name: nm-api-ingress-nginx # annotations: # nginx.ingress.kubernetes.io/rewrite-target: / # cert-manager.io/cluster-issuer: "letsencrypt-nginx" # nginx.ingress.kubernetes.io/ssl-redirect: 'true' # spec: # ingressClassName: nginx # tls: # - hosts: # - api.NETMAKER_SUBDOMAIN # secretName: nm-api-tls # rules: # - host: api.NETMAKER_SUBDOMAIN # http: # paths: # - path: / # pathType: Prefix # backend: # service: # name: netmaker-rest # port: # number: 8081