--- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: rqlite-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: netmaker-backend labels: app: netmaker-backend spec: nodeSelector: netmaker-server: true selector: matchLabels: app: netmaker-backend replicas: 1 strategy: type: Recreate template: metadata: labels: app: netmaker-backend spec: containers: - name: netmaker-backend image: gravitl/netmaker:0.7.2 imagePullPolicy: Always ports: - containerPort: 8081 volumeMounts: - name: nm-pvc mountPath: /root/config/dnsconfig - mountPath: /etc/netclient name: etc-netclient - mountPath: /usr/bin/wg name: wg - mountPath: /var/run/dbus/system_bus_socket name: systemd-bus-socket - mountPath: /sys/fs/cgroup name: cgroup - mountPath: /run/systemd/system name: run-systemd - mountPath: /etc/systemd/system name: etc-systemd securityContext: privileged: true env: - name: SERVER_API_CONN_STRING value: "api.NETMAKER_BASE_DOMAIN:443" - name: SERVER_GRPC_CONN_STRING value: "grpc.NETMAKER_BASE_DOMAIN:443" - name: COREDNS_ADDR value: "10.152.183.53" - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: GRPC_SSL value: "on" - name: SERVER_HTTP_HOST value: "api.NETMAKER_BASE_DOMAIN:443" - name: SERVER_GRPC_HOST value: "grpc.NETMAKER_BASE_DOMAIN:443" - name: API_PORT value: "8081" - name: GRPC_PORT value: "443" - name: CLIENT_MODE value: "off" - name: MASTER_KEY value: "Unkn0wn!" - name: PLATFORM value: "Kubernetes" - name: CORS_ALLOWED_ORIGIN value: "*" - name: rqlite image: rqlite/rqlite ports: - containerPort: 4001 - containerPort: 4002 volumeMounts: - name: rqlitevol mountPath: /rqlite/file/data volumes: - name: rqlitevol persistentVolumeClaim: claimName: rqlite-pvc - name: nm-pvc persistentVolumeClaim: claimName: nm-pvc - hostPath: path: /etc/netclient type: DirectoryOrCreate name: etc-netclient - hostPath: path: /usr/bin/wg type: File name: wg - hostPath: path: /usr/bin/resolvectl type: File name: resolvectl - hostPath: path: /var/run/dbus/system_bus_socket type: "" name: systemd-bus-socket - hostPath: path: /etc/systemd/system type: "" name: etc-systemd - hostPath: path: /run/systemd/system type: "" name: run-systemd - hostPath: path: /sys/fs/cgroup type: "" name: cgroup --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: nm-pvc spec: accessModes: - ReadWriteMany resources: requests: storage: 128Mi --- apiVersion: v1 kind: Service metadata: labels: app: netmaker-backend name: netmaker-api spec: ports: - port: 8081 protocol: TCP targetPort: 8081 selector: app: netmaker-backend sessionAffinity: None type: ClusterIP --- apiVersion: v1 kind: Service metadata: labels: app: netmaker-backend name: netmaker-grpc spec: ports: - port: 443 protocol: TCP targetPort: 443 selector: app: netmaker-backend sessionAffinity: None type: ClusterIP --- apiVersion: apps/v1 kind: Deployment metadata: name: netmaker-dns labels: app: netmaker-dns spec: selector: matchLabels: app: netmaker-dns replicas: 1 template: metadata: labels: app: netmaker-dns spec: containers: - args: - -conf - /root/dnsconfig/Corefile image: coredns/coredns imagePullPolicy: Always name: netmaker-dns ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP volumeMounts: - mountPath: /root/dnsconfig name: nm-pvc readOnly: true securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all dnsPolicy: "None" dnsConfig: nameservers: - 127.0.0.1 volumes: - name: nm-pvc persistentVolumeClaim: claimName: nm-pvc --- apiVersion: v1 kind: Service metadata: labels: app: netmaker-dns name: netmaker-dns spec: ports: - port: 53 protocol: UDP targetPort: 53 name: udp - port: 53 protocol: TCP targetPort: 53 name: tcp selector: app: netmaker-dns sessionAffinity: None type: ClusterIP clusterIP: 10.152.183.53 --- apiVersion: apps/v1 kind: Deployment metadata: name: netmaker-ui labels: app: netmaker-ui spec: selector: matchLabels: app: netmaker-ui replicas: 1 template: metadata: labels: app: netmaker-ui spec: containers: - name: netmaker-ui image: gravitl/netmaker-ui:v0.7 ports: - containerPort: 80 env: - name: BACKEND_URL value: "https://api.NETMAKER_BASE_DOMAIN" --- apiVersion: v1 kind: Service metadata: labels: app: netmaker-ui name: netmaker-ui spec: ports: - port: 80 protocol: TCP targetPort: 80 selector: app: netmaker-ui sessionAffinity: None type: ClusterIP --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nm-api-ingress-nginx annotations: nginx.ingress.kubernetes.io/rewrite-target: / cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-redirect: 'true' spec: ingressClassName: nginx tls: - hosts: - api.NETMAKER_BASE_DOMAIN secretName: nm-api-tls rules: - host: api.NETMAKER_BASE_DOMAIN http: paths: - path: / pathType: Prefix backend: service: name: netmaker-api port: number: 8081 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nm-grpc-ingress-nginx annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-redirect: 'true' nginx.ingress.kubernetes.io/backend-protocol: "GRPC" spec: ingressClassName: nginx tls: - hosts: - grpc.NETMAKER_BASE_DOMAIN secretName: nm-grpc-tls rules: - host: grpc.NETMAKER_BASE_DOMAIN http: paths: - path: / pathType: Prefix backend: service: name: netmaker-grpc port: number: 443 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nm-ui-ingress-nginx annotations: nginx.ingress.kubernetes.io/rewrite-target: / cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/ssl-redirect: 'true' spec: ingressClassName: nginx tls: - hosts: - dashboard.NETMAKER_BASE_DOMAIN secretName: nm-ui-tls rules: - host: dashboard.NETMAKER_BASE_DOMAIN http: paths: - path: / pathType: Prefix backend: service: name: netmaker-ui port: number: 80