From c96f8729e5aac6225742b7fef23a91fb1e0f063a Mon Sep 17 00:00:00 2001 From: Tanguy Herbron Date: Wed, 30 Mar 2022 19:11:15 +0200 Subject: [PATCH] Add configuration folder for nginx sample, adguard and kubernetes dashboard --- README.md | 4 + adguard/deployment.yaml | 24 +++ adguard/ingress.yaml | 38 ++++ adguard/service.yaml | 18 ++ certificate.yaml | 13 -- dashboard.admin-user-role.yaml | 12 -- dashboard.admin-user.yaml | 5 - dashboard/app.yaml | 288 ++++++++++++++++++++++++++++ dashboard/cluster-role-binding.yaml | 12 ++ dashboard/ingress.yaml | 32 ++++ dashboard/service-account.yaml | 5 + ingress.yaml | 28 --- letsencrypt.yaml | 15 -- nginx/deployment.yaml | 19 ++ nginx/ingress.yaml | 29 +++ nginx/service.yaml | 10 + 16 files changed, 479 insertions(+), 73 deletions(-) create mode 100644 adguard/deployment.yaml create mode 100644 adguard/ingress.yaml create mode 100644 adguard/service.yaml delete mode 100644 certificate.yaml delete mode 100644 dashboard.admin-user-role.yaml delete mode 100644 dashboard.admin-user.yaml create mode 100644 dashboard/app.yaml create mode 100644 dashboard/cluster-role-binding.yaml create mode 100644 dashboard/ingress.yaml create mode 100644 dashboard/service-account.yaml delete mode 100644 ingress.yaml delete mode 100644 letsencrypt.yaml create mode 100644 nginx/deployment.yaml create mode 100644 nginx/ingress.yaml create mode 100644 nginx/service.yaml diff --git a/README.md b/README.md index 289936a..5d1dd05 100644 --- a/README.md +++ b/README.md @@ -18,3 +18,7 @@ | Radarr | Movie collection manager | Private | Plato |
?
| | Jackett | Torrent indexer | Private | Plato |
?
| | Deluge | Torrent client | Private | Plato |
?
| + +## Notes +Add node to the list of available load balancer +`kubectl label node svccontroller.k3s.cattle.io/enablelb=true` diff --git a/adguard/deployment.yaml b/adguard/deployment.yaml new file mode 100644 index 0000000..5a6e8bc --- /dev/null +++ b/adguard/deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: adguard +spec: + replicas: 1 + selector: + matchLabels: + app: adguard + template: + metadata: + labels: + app: adguard + spec: + containers: + - name: adguard + image: adguard/adguardhome + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + - containerPort: 3000 + protocol: TCP diff --git a/adguard/ingress.yaml b/adguard/ingress.yaml new file mode 100644 index 0000000..e8fef29 --- /dev/null +++ b/adguard/ingress.yaml @@ -0,0 +1,38 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: stripprefix-adguard +spec: + stripPrefix: + prefixes: + - / + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: adguard-ingress + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/router.middlewares: "default-stripprefix-adguard@kubernetescrd" +spec: + rules: + - host: adguard.localhost + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: adguard-svc + port: + number: 80 + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: adguard-dns + port: + number: 53 diff --git a/adguard/service.yaml b/adguard/service.yaml new file mode 100644 index 0000000..7a0539a --- /dev/null +++ b/adguard/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: adguard-svc +spec: + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 3000 + - name: dns + protocol: UDP + port: 53 + selector: + app: adguard + externalIPs: + # Node's physical IP / Internet accessible IP / Wireguard accessible IP + - 192.168.43.161 diff --git a/certificate.yaml b/certificate.yaml deleted file mode 100644 index cfb3585..0000000 --- a/certificate.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: kubernetes-dashboard - namespace: kubernetes-dashboard -spec: - secretName: certificate-test-dashboard - dnsNames: - - test-cluser-dashboard.localhost - issuerRef: - name: clusterissuer-le - kind: ClusterIssuer - diff --git a/dashboard.admin-user-role.yaml b/dashboard.admin-user-role.yaml deleted file mode 100644 index d2f7e37..0000000 --- a/dashboard.admin-user-role.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: admin-user -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: admin-user - namespace: kubernetes-dashboard diff --git a/dashboard.admin-user.yaml b/dashboard.admin-user.yaml deleted file mode 100644 index 8372765..0000000 --- a/dashboard.admin-user.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: admin-user - namespace: kubernetes-dashboard diff --git a/dashboard/app.yaml b/dashboard/app.yaml new file mode 100644 index 0000000..96dc144 --- /dev/null +++ b/dashboard/app.yaml @@ -0,0 +1,288 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + ports: + - port: 80 + targetPort: 9090 + selector: + k8s-app: kubernetes-dashboard + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-csrf + namespace: kubernetes-dashboard +type: Opaque +data: + csrf: "" + +--- + +apiVersion: v1 +kind: Secret +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-key-holder + namespace: kubernetes-dashboard +type: Opaque + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard-settings + namespace: kubernetes-dashboard + +--- + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +rules: + # Allow Dashboard to get, update and delete Dashboard exclusive secrets. + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] + verbs: ["get", "update", "delete"] + # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["kubernetes-dashboard-settings"] + verbs: ["get", "update"] + # Allow Dashboard to get metrics. + - apiGroups: [""] + resources: ["services"] + resourceNames: ["heapster", "dashboard-metrics-scraper"] + verbs: ["proxy"] + - apiGroups: [""] + resources: ["services/proxy"] + resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] + verbs: ["get"] + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard +rules: + # Allow Metrics Scraper to get metrics from the Metrics server + - apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list", "watch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubernetes-dashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubernetes-dashboard +subjects: + - kind: ServiceAccount + name: kubernetes-dashboard + namespace: kubernetes-dashboard + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: kubernetes-dashboard + name: kubernetes-dashboard + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: kubernetes-dashboard + template: + metadata: + labels: + k8s-app: kubernetes-dashboard + spec: + securityContext: + seccompProfile: + type: RuntimeDefault + containers: + - name: kubernetes-dashboard + image: kubernetesui/dashboard:v2.5.1 + ports: + - containerPort: 9090 + protocol: TCP + args: + - --namespace=kubernetes-dashboard + - --enable-insecure-login + # Uncomment the following line to manually specify Kubernetes API server Host + # If not specified, Dashboard will attempt to auto discover the API server and connect + # to it. Uncomment only if the default does not work. + # - --apiserver-host=http://my-address:port + volumeMounts: + # Create on-disk volume to store exec logs + - mountPath: /tmp + name: tmp-volume + livenessProbe: + httpGet: + path: / + port: 9090 + initialDelaySeconds: 30 + timeoutSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + volumes: + - name: tmp-volume + emptyDir: {} + serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + +--- + +kind: Service +apiVersion: v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + ports: + - port: 8000 + targetPort: 8000 + selector: + k8s-app: dashboard-metrics-scraper + +--- + +kind: Deployment +apiVersion: apps/v1 +metadata: + labels: + k8s-app: dashboard-metrics-scraper + name: dashboard-metrics-scraper + namespace: kubernetes-dashboard +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + k8s-app: dashboard-metrics-scraper + template: + metadata: + labels: + k8s-app: dashboard-metrics-scraper + spec: + securityContext: + seccompProfile: + type: RuntimeDefault + containers: + - name: dashboard-metrics-scraper + image: kubernetesui/metrics-scraper:v1.0.7 + ports: + - containerPort: 8000 + protocol: TCP + livenessProbe: + httpGet: + scheme: HTTP + path: / + port: 8000 + initialDelaySeconds: 30 + timeoutSeconds: 30 + volumeMounts: + - mountPath: /tmp + name: tmp-volume + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 + serviceAccountName: kubernetes-dashboard + nodeSelector: + "kubernetes.io/os": linux + # Comment the following tolerations if Dashboard must not be deployed on master + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + volumes: + - name: tmp-volume + emptyDir: {} diff --git a/dashboard/cluster-role-binding.yaml b/dashboard/cluster-role-binding.yaml new file mode 100644 index 0000000..6db3be5 --- /dev/null +++ b/dashboard/cluster-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: admin-user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: admin-user + namespace: kubernetes-dashboard diff --git a/dashboard/ingress.yaml b/dashboard/ingress.yaml new file mode 100644 index 0000000..34967e5 --- /dev/null +++ b/dashboard/ingress.yaml @@ -0,0 +1,32 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: stripprefix + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + stripPrefix: + prefixes: + - /dashboard + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: kubernetes-dashboard-ingress + namespace: kubernetes-dashboard + annotations: + kubernetes.io/ingress.class: "traefik" + "traefik.ingress.kubernetes.io/router.middlewares": default-stripprefix@kubernetescrd +spec: + rules: + - host: dashboard.localhost + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: kubernetes-dashboard + port: + number: 80 diff --git a/dashboard/service-account.yaml b/dashboard/service-account.yaml new file mode 100644 index 0000000..54cabb7 --- /dev/null +++ b/dashboard/service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admin-user + namespace: kubernetes-dashboard diff --git a/ingress.yaml b/ingress.yaml deleted file mode 100644 index 432f604..0000000 --- a/ingress.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: kubernetes-dashboard - namespace: kubernetes-dashboard - labels: - k3s-app: kubernetes-dashboard - annotations: - nginx.ingress.kubernetes.io/backend-protocol: "https" - nginx.ingress.kubernetes.io/rewrite-target: / - cert-manager.io/issuer: clusterissuer-le -spec: - ingressClassName: nginx - tls: - - hosts: - - test-cluster-dashboard.localhost - secretName: certificate-test-dashboard - rules: - - host: test-cluster-dashboard.localhost - http: - paths: - - pathType: Prefix - path: / - backend: - service: - name: kubernetes-dashboard - port: - number: 443 diff --git a/letsencrypt.yaml b/letsencrypt.yaml deleted file mode 100644 index 69f02e5..0000000 --- a/letsencrypt.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: cluserissuer-le - namespace: kubernetes-dashboard -spec: - acme: - server: https://acme-v02.api.letsencrypt.org/directory - email: tanguy.herbron@outlook.com - privateKeySecretRef: - name: letsencrypt-test - solvers: - - http01: - ingress: - class: traefik diff --git a/nginx/deployment.yaml b/nginx/deployment.yaml new file mode 100644 index 0000000..697b02d --- /dev/null +++ b/nginx/deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 diff --git a/nginx/ingress.yaml b/nginx/ingress.yaml new file mode 100644 index 0000000..2dee392 --- /dev/null +++ b/nginx/ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: stripprefix +spec: + stripPrefix: + prefixes: + - /nginx + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginx-ingress + annotations: + kubernetes.io/ingress.class: "traefik" + "traefik.ingress.kubernetes.io/router.middlewares": default-stripprefix@kubernetescrd +spec: + rules: + - host: nginx.localhost + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginx-svc + port: + number: 80 diff --git a/nginx/service.yaml b/nginx/service.yaml new file mode 100644 index 0000000..1d973e2 --- /dev/null +++ b/nginx/service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx-svc +spec: + ports: + - name: http + port: 80 + selector: + app: nginx