netmaker/k8s/server/netmaker-server.yaml
2022-10-18 10:12:42 -04:00

228 lines
5.4 KiB
YAML

apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: netmaker
name: netmaker
spec:
replicas: 3
serviceName: netmaker-headless
selector:
matchLabels:
app: netmaker
template:
metadata:
labels:
app: netmaker
spec:
initContainers:
- name: init-sysctl
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
securityContext:
privileged: true
dnsPolicy: ClusterFirstWithHostNet
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- netmaker
topologyKey: "kubernetes.io/hostname"
containers:
- env:
- name: NODE_ID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: SERVER_NAME
value: broker.NETMAKER_SUBDOMAIN
- name: SERVER_API_CONN_STRING
value: api.NETMAKER_SUBDOMAIN:443
- name: SERVER_HTTP_HOST
value: api.NETMAKER_SUBDOMAIN
- name: API_PORT
value: "8081"
- name: WG_QUICK_USERSPACE_IMPLEMENTATION
value: wireguard-go
- name: DNS_MODE
value: "off"
- name: CLIENT_MODE
value: "on"
- name: DISPLAY_KEYS
value: "on"
- name: DATABASE
value: postgres
- name: SQL_HOST
value: "DB_NAME-postgresql"
- name: SQL_PORT
value: "5432"
- name: SQL_DB
value: "postgres"
- name: SQL_USER
value: "postgres"
- name: SQL_PASS
value: "DB_PASS"
- name: MASTER_KEY
value: REPLACE_MASTER_KEY
- name: CORS_ALLOWED_ORIGIN
value: '*'
- name: MQ_HOST
value: "mq"
- name: MQ_PORT
value: "31883"
- name: MQ_SERVER_PORT
value: "1883"
- name: PLATFORM
value: "Kubernetes"
- name: VERBOSITY
value: "3"
image: gravitl/netmaker:v0.16.2
imagePullPolicy: Always
name: netmaker
ports:
- containerPort: 8081
protocol: TCP
- containerPort: 31821
protocol: UDP
- containerPort: 31822
protocol: UDP
- containerPort: 31823
protocol: UDP
- containerPort: 31824
protocol: UDP
- containerPort: 31825
protocol: UDP
- containerPort: 31826
protocol: UDP
- containerPort: 31827
protocol: UDP
- containerPort: 31828
protocol: UDP
- containerPort: 31829
protocol: UDP
- containerPort: 31830
protocol: UDP
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
volumeMounts:
- mountPath: /etc/netmaker/
name: shared-certs
volumes:
- name: shared-certs
persistentVolumeClaim:
claimName: shared-certs-pvc
---
apiVersion: v1
kind: Service
metadata:
labels:
name: 'netmaker-wireguard'
spec:
externalTrafficPolicy: Local
type: NodePort
ports:
- port: 31821
nodePort: 31821
protocol: UDP
targetPort: 31821
name: wg-iface-31821
- port: 31822
nodePort: 31822
protocol: UDP
targetPort: 31822
name: wg-iface-31822
- port: 31823
nodePort: 31823
protocol: UDP
targetPort: 31823
name: wg-iface-31823
- port: 31824
nodePort: 31824
protocol: UDP
targetPort: 31824
name: wg-iface-31824
- port: 31825
nodePort: 31825
protocol: UDP
targetPort: 31825
name: wg-iface-31825
- port: 31826
nodePort: 31826
protocol: UDP
targetPort: 31826
name: wg-iface-31826
- port: 31827
nodePort: 31827
protocol: UDP
targetPort: 31827
name: wg-iface-31827
- port: 31828
nodePort: 31828
protocol: UDP
targetPort: 31828
name: wg-iface-31828
- port: 31829
nodePort: 31829
protocol: UDP
targetPort: 31829
name: wg-iface-31829
- port: 31830
nodePort: 31830
protocol: UDP
targetPort: 31830
name: wg-iface-31830
selector:
app: 'netmaker'
---
apiVersion: v1
kind: Service
metadata:
name: 'netmaker-rest'
spec:
ports:
- name: rest
port: 8081
protocol: TCP
targetPort: 8081
selector:
app: 'netmaker'
sessionAffinity: None
type: ClusterIP
# ---
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# name: nm-api-ingress-nginx
# annotations:
# nginx.ingress.kubernetes.io/rewrite-target: /
# cert-manager.io/cluster-issuer: "letsencrypt-nginx"
# nginx.ingress.kubernetes.io/ssl-redirect: 'true'
# spec:
# ingressClassName: nginx
# tls:
# - hosts:
# - api.NETMAKER_SUBDOMAIN
# secretName: nm-api-tls
# rules:
# - host: api.NETMAKER_SUBDOMAIN
# http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: netmaker-rest
# port:
# number: 8081