mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-21 07:46:04 +08:00
227 lines
5.3 KiB
YAML
227 lines
5.3 KiB
YAML
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
labels:
|
|
app: netmaker
|
|
name: netmaker
|
|
spec:
|
|
replicas: 3
|
|
serviceName: netmaker-headless
|
|
selector:
|
|
matchLabels:
|
|
app: netmaker
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: netmaker
|
|
spec:
|
|
initContainers:
|
|
- name: init-sysctl
|
|
image: busybox
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/bin/sh", "-c"]
|
|
args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
|
|
securityContext:
|
|
privileged: true
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- netmaker
|
|
topologyKey: "kubernetes.io/hostname"
|
|
containers:
|
|
- env:
|
|
- name: NODE_ID
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.name
|
|
- name: SERVER_NAME
|
|
value: broker.NETMAKER_SUBDOMAIN
|
|
- name: SERVER_API_CONN_STRING
|
|
value: api.NETMAKER_SUBDOMAIN:443
|
|
- name: SERVER_HTTP_HOST
|
|
value: api.NETMAKER_SUBDOMAIN
|
|
- name: API_PORT
|
|
value: "8081"
|
|
- name: WG_QUICK_USERSPACE_IMPLEMENTATION
|
|
value: wireguard-go
|
|
- name: DNS_MODE
|
|
value: "off"
|
|
- name: DISPLAY_KEYS
|
|
value: "on"
|
|
- name: DATABASE
|
|
value: postgres
|
|
- name: SQL_HOST
|
|
value: "DB_NAME-postgresql"
|
|
- name: SQL_PORT
|
|
value: "5432"
|
|
- name: SQL_DB
|
|
value: "postgres"
|
|
- name: SQL_USER
|
|
value: "postgres"
|
|
- name: SQL_PASS
|
|
value: "DB_PASS"
|
|
- name: MASTER_KEY
|
|
value: REPLACE_MASTER_KEY
|
|
- name: CORS_ALLOWED_ORIGIN
|
|
value: '*'
|
|
- name: MQ_HOST
|
|
value: "mq"
|
|
- name: MQ_PORT
|
|
value: "443"
|
|
- name: MQ_SERVER_PORT
|
|
value: "1883"
|
|
- name: PLATFORM
|
|
value: "Kubernetes"
|
|
- name: VERBOSITY
|
|
value: "3"
|
|
image: gravitl/netmaker:v0.17.1
|
|
imagePullPolicy: Always
|
|
name: netmaker
|
|
ports:
|
|
- containerPort: 8081
|
|
protocol: TCP
|
|
- containerPort: 31821
|
|
protocol: UDP
|
|
- containerPort: 31822
|
|
protocol: UDP
|
|
- containerPort: 31823
|
|
protocol: UDP
|
|
- containerPort: 31824
|
|
protocol: UDP
|
|
- containerPort: 31825
|
|
protocol: UDP
|
|
- containerPort: 31826
|
|
protocol: UDP
|
|
- containerPort: 31827
|
|
protocol: UDP
|
|
- containerPort: 31828
|
|
protocol: UDP
|
|
- containerPort: 31829
|
|
protocol: UDP
|
|
- containerPort: 31830
|
|
protocol: UDP
|
|
resources: {}
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
- NET_RAW
|
|
- SYS_MODULE
|
|
volumeMounts:
|
|
- mountPath: /etc/netmaker/
|
|
name: shared-certs
|
|
volumes:
|
|
- name: shared-certs
|
|
persistentVolumeClaim:
|
|
claimName: shared-certs-pvc
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
name: 'netmaker-wireguard'
|
|
spec:
|
|
externalTrafficPolicy: Local
|
|
type: NodePort
|
|
ports:
|
|
- port: 31821
|
|
nodePort: 31821
|
|
protocol: UDP
|
|
targetPort: 31821
|
|
name: wg-iface-31821
|
|
- port: 31822
|
|
nodePort: 31822
|
|
protocol: UDP
|
|
targetPort: 31822
|
|
name: wg-iface-31822
|
|
- port: 31823
|
|
nodePort: 31823
|
|
protocol: UDP
|
|
targetPort: 31823
|
|
name: wg-iface-31823
|
|
- port: 31824
|
|
nodePort: 31824
|
|
protocol: UDP
|
|
targetPort: 31824
|
|
name: wg-iface-31824
|
|
- port: 31825
|
|
nodePort: 31825
|
|
protocol: UDP
|
|
targetPort: 31825
|
|
name: wg-iface-31825
|
|
- port: 31826
|
|
nodePort: 31826
|
|
protocol: UDP
|
|
targetPort: 31826
|
|
name: wg-iface-31826
|
|
- port: 31827
|
|
nodePort: 31827
|
|
protocol: UDP
|
|
targetPort: 31827
|
|
name: wg-iface-31827
|
|
- port: 31828
|
|
nodePort: 31828
|
|
protocol: UDP
|
|
targetPort: 31828
|
|
name: wg-iface-31828
|
|
- port: 31829
|
|
nodePort: 31829
|
|
protocol: UDP
|
|
targetPort: 31829
|
|
name: wg-iface-31829
|
|
- port: 31830
|
|
nodePort: 31830
|
|
protocol: UDP
|
|
targetPort: 31830
|
|
name: wg-iface-31830
|
|
selector:
|
|
app: 'netmaker'
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: 'netmaker-rest'
|
|
spec:
|
|
ports:
|
|
- name: rest
|
|
port: 8081
|
|
protocol: TCP
|
|
targetPort: 8081
|
|
selector:
|
|
app: 'netmaker'
|
|
sessionAffinity: None
|
|
type: ClusterIP
|
|
# ---
|
|
# apiVersion: networking.k8s.io/v1
|
|
# kind: Ingress
|
|
# metadata:
|
|
# name: nm-api-ingress-nginx
|
|
# annotations:
|
|
# nginx.ingress.kubernetes.io/rewrite-target: /
|
|
# cert-manager.io/cluster-issuer: "letsencrypt-nginx"
|
|
# nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
|
# spec:
|
|
# ingressClassName: nginx
|
|
# tls:
|
|
# - hosts:
|
|
# - api.NETMAKER_SUBDOMAIN
|
|
# secretName: nm-api-tls
|
|
# rules:
|
|
# - host: api.NETMAKER_SUBDOMAIN
|
|
# http:
|
|
# paths:
|
|
# - path: /
|
|
# pathType: Prefix
|
|
# backend:
|
|
# service:
|
|
# name: netmaker-rest
|
|
# port:
|
|
# number: 8081
|