mirror of
https://github.com/gravitl/netmaker.git
synced 2024-11-10 17:48:25 +08:00
353 lines
7.3 KiB
YAML
353 lines
7.3 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: rqlite-pvc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: netmaker-backend
|
|
labels:
|
|
app: netmaker-backend
|
|
spec:
|
|
nodeSelector:
|
|
netmaker-server: true
|
|
selector:
|
|
matchLabels:
|
|
app: netmaker-backend
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: netmaker-backend
|
|
spec:
|
|
containers:
|
|
- name: netmaker-backend
|
|
image: gravitl/netmaker:0.7.2
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- containerPort: 8081
|
|
volumeMounts:
|
|
- name: nm-pvc
|
|
mountPath: /root/config/dnsconfig
|
|
- mountPath: /etc/netclient
|
|
name: etc-netclient
|
|
- mountPath: /usr/bin/wg
|
|
name: wg
|
|
- mountPath: /var/run/dbus/system_bus_socket
|
|
name: systemd-bus-socket
|
|
- mountPath: /sys/fs/cgroup
|
|
name: cgroup
|
|
- mountPath: /run/systemd/system
|
|
name: run-systemd
|
|
- mountPath: /etc/systemd/system
|
|
name: etc-systemd
|
|
securityContext:
|
|
privileged: true
|
|
env:
|
|
- name: SERVER_API_CONN_STRING
|
|
value: "api.NETMAKER_BASE_DOMAIN:443"
|
|
- name: COREDNS_ADDR
|
|
value: "10.152.183.53"
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: SERVER_HTTP_HOST
|
|
value: "api.NETMAKER_BASE_DOMAIN:443"
|
|
- name: API_PORT
|
|
value: "8081"
|
|
- name: CLIENT_MODE
|
|
value: "off"
|
|
- name: MASTER_KEY
|
|
value: "Unkn0wn!"
|
|
- name: PLATFORM
|
|
value: "Kubernetes"
|
|
- name: CORS_ALLOWED_ORIGIN
|
|
value: "*"
|
|
- name: rqlite
|
|
image: rqlite/rqlite
|
|
ports:
|
|
- containerPort: 4001
|
|
- containerPort: 4002
|
|
volumeMounts:
|
|
- name: rqlitevol
|
|
mountPath: /rqlite/file/data
|
|
volumes:
|
|
- name: rqlitevol
|
|
persistentVolumeClaim:
|
|
claimName: rqlite-pvc
|
|
- name: nm-pvc
|
|
persistentVolumeClaim:
|
|
claimName: nm-pvc
|
|
- hostPath:
|
|
path: /etc/netclient
|
|
type: DirectoryOrCreate
|
|
name: etc-netclient
|
|
- hostPath:
|
|
path: /usr/bin/wg
|
|
type: File
|
|
name: wg
|
|
- hostPath:
|
|
path: /usr/bin/resolvectl
|
|
type: File
|
|
name: resolvectl
|
|
- hostPath:
|
|
path: /var/run/dbus/system_bus_socket
|
|
type: ""
|
|
name: systemd-bus-socket
|
|
- hostPath:
|
|
path: /etc/systemd/system
|
|
type: ""
|
|
name: etc-systemd
|
|
- hostPath:
|
|
path: /run/systemd/system
|
|
type: ""
|
|
name: run-systemd
|
|
- hostPath:
|
|
path: /sys/fs/cgroup
|
|
type: ""
|
|
name: cgroup
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: nm-pvc
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteMany
|
|
resources:
|
|
requests:
|
|
storage: 128Mi
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: netmaker-backend
|
|
name: netmaker-api
|
|
spec:
|
|
ports:
|
|
- port: 8081
|
|
protocol: TCP
|
|
targetPort: 8081
|
|
selector:
|
|
app: netmaker-backend
|
|
sessionAffinity: None
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: netmaker-backend
|
|
name: netmaker-grpc
|
|
spec:
|
|
ports:
|
|
- port: 443
|
|
protocol: TCP
|
|
targetPort: 443
|
|
selector:
|
|
app: netmaker-backend
|
|
sessionAffinity: None
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: netmaker-dns
|
|
labels:
|
|
app: netmaker-dns
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: netmaker-dns
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: netmaker-dns
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- -conf
|
|
- /root/dnsconfig/Corefile
|
|
image: coredns/coredns
|
|
imagePullPolicy: Always
|
|
name: netmaker-dns
|
|
ports:
|
|
- containerPort: 53
|
|
name: dns
|
|
protocol: UDP
|
|
- containerPort: 53
|
|
name: dns-tcp
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- mountPath: /root/dnsconfig
|
|
name: nm-pvc
|
|
readOnly: true
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
add:
|
|
- NET_BIND_SERVICE
|
|
drop:
|
|
- all
|
|
dnsPolicy: "None"
|
|
dnsConfig:
|
|
nameservers:
|
|
- 127.0.0.1
|
|
volumes:
|
|
- name: nm-pvc
|
|
persistentVolumeClaim:
|
|
claimName: nm-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: netmaker-dns
|
|
name: netmaker-dns
|
|
spec:
|
|
ports:
|
|
- port: 53
|
|
protocol: UDP
|
|
targetPort: 53
|
|
name: udp
|
|
- port: 53
|
|
protocol: TCP
|
|
targetPort: 53
|
|
name: tcp
|
|
selector:
|
|
app: netmaker-dns
|
|
sessionAffinity: None
|
|
type: ClusterIP
|
|
clusterIP: 10.152.183.53
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: netmaker-ui
|
|
labels:
|
|
app: netmaker-ui
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: netmaker-ui
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: netmaker-ui
|
|
spec:
|
|
containers:
|
|
- name: netmaker-ui
|
|
image: gravitl/netmaker-ui:v0.7
|
|
ports:
|
|
- containerPort: 80
|
|
env:
|
|
- name: BACKEND_URL
|
|
value: "https://api.NETMAKER_BASE_DOMAIN"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app: netmaker-ui
|
|
name: netmaker-ui
|
|
spec:
|
|
ports:
|
|
- port: 80
|
|
protocol: TCP
|
|
targetPort: 80
|
|
selector:
|
|
app: netmaker-ui
|
|
sessionAffinity: None
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: nm-api-ingress-nginx
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- api.NETMAKER_BASE_DOMAIN
|
|
secretName: nm-api-tls
|
|
rules:
|
|
- host: api.NETMAKER_BASE_DOMAIN
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: netmaker-api
|
|
port:
|
|
number: 8081
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: nm-grpc-ingress-nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
|
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- grpc.NETMAKER_BASE_DOMAIN
|
|
secretName: nm-grpc-tls
|
|
rules:
|
|
- host: grpc.NETMAKER_BASE_DOMAIN
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: netmaker-grpc
|
|
port:
|
|
number: 443
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: nm-ui-ingress-nginx
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
|
spec:
|
|
ingressClassName: nginx
|
|
tls:
|
|
- hosts:
|
|
- dashboard.NETMAKER_BASE_DOMAIN
|
|
secretName: nm-ui-tls
|
|
rules:
|
|
- host: dashboard.NETMAKER_BASE_DOMAIN
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: netmaker-ui
|
|
port:
|
|
number: 80
|