netmaker/kube/netmaker-template-udp.yaml
2022-04-21 15:53:44 -04:00

353 lines
7.3 KiB
YAML

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rqlite-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-backend
labels:
app: netmaker-backend
spec:
nodeSelector:
netmaker-server: true
selector:
matchLabels:
app: netmaker-backend
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
app: netmaker-backend
spec:
containers:
- name: netmaker-backend
image: gravitl/netmaker:0.7.2
imagePullPolicy: Always
ports:
- containerPort: 8081
volumeMounts:
- name: nm-pvc
mountPath: /root/config/dnsconfig
- mountPath: /etc/netclient
name: etc-netclient
- mountPath: /usr/bin/wg
name: wg
- mountPath: /var/run/dbus/system_bus_socket
name: systemd-bus-socket
- mountPath: /sys/fs/cgroup
name: cgroup
- mountPath: /run/systemd/system
name: run-systemd
- mountPath: /etc/systemd/system
name: etc-systemd
securityContext:
privileged: true
env:
- name: SERVER_API_CONN_STRING
value: "api.NETMAKER_BASE_DOMAIN:443"
- name: COREDNS_ADDR
value: "10.152.183.53"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: SERVER_HTTP_HOST
value: "api.NETMAKER_BASE_DOMAIN:443"
- name: API_PORT
value: "8081"
- name: CLIENT_MODE
value: "off"
- name: MASTER_KEY
value: "Unkn0wn!"
- name: PLATFORM
value: "Kubernetes"
- name: CORS_ALLOWED_ORIGIN
value: "*"
- name: rqlite
image: rqlite/rqlite
ports:
- containerPort: 4001
- containerPort: 4002
volumeMounts:
- name: rqlitevol
mountPath: /rqlite/file/data
volumes:
- name: rqlitevol
persistentVolumeClaim:
claimName: rqlite-pvc
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
- hostPath:
path: /etc/netclient
type: DirectoryOrCreate
name: etc-netclient
- hostPath:
path: /usr/bin/wg
type: File
name: wg
- hostPath:
path: /usr/bin/resolvectl
type: File
name: resolvectl
- hostPath:
path: /var/run/dbus/system_bus_socket
type: ""
name: systemd-bus-socket
- hostPath:
path: /etc/systemd/system
type: ""
name: etc-systemd
- hostPath:
path: /run/systemd/system
type: ""
name: run-systemd
- hostPath:
path: /sys/fs/cgroup
type: ""
name: cgroup
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nm-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 128Mi
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
name: netmaker-api
spec:
ports:
- port: 8081
protocol: TCP
targetPort: 8081
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-backend
name: netmaker-grpc
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
app: netmaker-backend
sessionAffinity: None
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-dns
labels:
app: netmaker-dns
spec:
selector:
matchLabels:
app: netmaker-dns
replicas: 1
template:
metadata:
labels:
app: netmaker-dns
spec:
containers:
- args:
- -conf
- /root/dnsconfig/Corefile
image: coredns/coredns
imagePullPolicy: Always
name: netmaker-dns
ports:
- containerPort: 53
name: dns
protocol: UDP
- containerPort: 53
name: dns-tcp
protocol: TCP
volumeMounts:
- mountPath: /root/dnsconfig
name: nm-pvc
readOnly: true
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
dnsPolicy: "None"
dnsConfig:
nameservers:
- 127.0.0.1
volumes:
- name: nm-pvc
persistentVolumeClaim:
claimName: nm-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-dns
name: netmaker-dns
spec:
ports:
- port: 53
protocol: UDP
targetPort: 53
name: udp
- port: 53
protocol: TCP
targetPort: 53
name: tcp
selector:
app: netmaker-dns
sessionAffinity: None
type: ClusterIP
clusterIP: 10.152.183.53
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-ui
labels:
app: netmaker-ui
spec:
selector:
matchLabels:
app: netmaker-ui
replicas: 1
template:
metadata:
labels:
app: netmaker-ui
spec:
containers:
- name: netmaker-ui
image: gravitl/netmaker-ui:v0.7
ports:
- containerPort: 80
env:
- name: BACKEND_URL
value: "https://api.NETMAKER_BASE_DOMAIN"
---
apiVersion: v1
kind: Service
metadata:
labels:
app: netmaker-ui
name: netmaker-ui
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: netmaker-ui
sessionAffinity: None
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-api-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- api.NETMAKER_BASE_DOMAIN
secretName: nm-api-tls
rules:
- host: api.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-api
port:
number: 8081
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-grpc-ingress-nginx
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
ingressClassName: nginx
tls:
- hosts:
- grpc.NETMAKER_BASE_DOMAIN
secretName: nm-grpc-tls
rules:
- host: grpc.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-grpc
port:
number: 443
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nm-ui-ingress-nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- dashboard.NETMAKER_BASE_DOMAIN
secretName: nm-ui-tls
rules:
- host: dashboard.NETMAKER_BASE_DOMAIN
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netmaker-ui
port:
number: 80