k8s - init work on parsing ingress rules, helpers to setup on k8s, basic examples

2021-07-27 17:15:39 +02:00
parent bc3c17a2f0
commit 0597074438
7 changed files with 310 additions and 104 deletions
--- a/examples/kubernetes/deploy.yml
+++ b/examples/kubernetes/deploy.yml
@@ -1,102 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: bunkerized-nginx-ingress-controller
-rules:
- apiGroups: [""]
-  resources: ["services"]
-  verbs: ["get", "watch", "list"]
- apiGroups: ["extensions"]
-  resources: ["ingresses"]
-  verbs: ["get", "watch", "list"]
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: bunkerized-nginx-ingress-controller
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: bunkerized-nginx-ingress-controller
-subjects:
- kind: ServiceAccount
-  name: bunkerized-nginx-ingress-controller
-  apiGroup: rbac.authorization.k8s.io
-roleRef:
-  kind: ClusterRole
-  name: bunkerized-nginx-ingress-controller
-  apiGroup: rbac.authorization.k8s.io
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: bunkerized-nginx-ingress-controller
-  labels:
-    app: bunkerized-nginx-autoconf
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: bunkerized-nginx-autoconf
-  template:
-    metadata:
-      labels:
-        app: bunkerized-nginx-autoconf
-    spec:
-      serviceAccountName: bunkerized-nginx-ingress-controller
-      containers:
-      - name: bunkerized-nginx-autoconf
-        image: bunkerity/bunkerized-nginx-autoconf:1.3.0
-        env:
-        - name: KUBERNETES_MODE
-          value: "yes"
-        - name: API_URI
-          value: "/ChangeMeToSomethingHardToGuess"
-        volumeMounts:
-        - name: config
-          mountPath: "/etc/nginx"
-        - name: certs
-          mountPath: "/etc/letsencrypt"
-        - name: challenges
-          mountPath: "/acme-challenge"
-        - name: cache
-          mountPath: "/cache"
-      volumes:
-      - name: config
-        hostPath:
-          path: /shared
-# TODO volumes : /etc/nginx, /etc/letsencrypt, /acme-challenge, /cache
---
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: bunkerized-nginx
-  labels:
-    app: bunkerized-nginx
-  annotations:
-    bunkerized-nginx.AUTOCONF: "yes"
-    bunkerized-nginx.MULTISITE: "yes"
-    bunkerized-nginx.SERVER_NAME: ""
-spec:
-  selector:
-    matchLabels:
-      name: bunkerized-nginx
-  template:
-    metadata:
-      labels:
-        name: bunkerized-nginx
-  spec:
-    hostNetwork: true
-    dnsPolicy: ClusterFirstWithHostNet
-    containers:
-    - name: bunkerized-nginx
-      image: bunkerity/bunkerized-nginx:1.3.0
-      env:
-      - name: KUBERNETES_MODE
-        value: "yes"
-      - name: USE_API
-        value: "yes"
-      - name: API_URI
-        value: "/ChangeMeToSomethingHardToGuess"
-# TODO volumes : /etc/nginx, /etc/letsencrypt, /acme-challenge
--- a/examples/kubernetes/php.yml
+++ b/examples/kubernetes/php.yml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: myapp
+  labels:
+    app: myapp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: myapp
+  template:
+    metadata:
+      labels:
+        app: myapp
+    spec:
+      containers:
+      - name: myapp
+        image: php:fpm
+        volumeMounts:
+          - name: www
+            mountPath: /var/www/html
+      volumes:
+        - name: www
+          hostPath:
+            path: /shared/www/myapp.example.com
+            type: Directory
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: myapp
+  annotations:
+    bunkerized-nginx.AUTOCONF: "yes"
+    bunkerized-nginx.SERVER_NAME: "myapp.example.com"
+    bunkerized-nginx.REMOTE_PHP: "myapp"
+    bunkerized-nginx.REMOTE_PHP_PATH: "/var/www/html"
+spec:
+  type: ClusterIP
+  selector:
+    app: myapp
+  ports:
+    - protocol: TCP
+      port: 9000
+      targetPort: 9000
--- a/examples/kubernetes/reverse-proxy.yml
+++ b/examples/kubernetes/reverse-proxy.yml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: myapp
+  labels:
+    app: myapp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: myapp
+  template:
+    metadata:
+      labels:
+        app: myapp
+    spec:
+      containers:
+      - name: myapp
+        image: containous/whoami
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: myapp
+  annotations:
+    bunkerized-nginx.AUTOCONF: "yes"
+    bunkerized-nginx.SERVER_NAME: "myapp.example.com"
+    bunkerized-nginx.USE_REVERSE_PROXY: "yes"
+    bunkerized-nginx.REVERSE_PROXY_URL: "/"
+    bunkerized-nginx.REVERSE_PROXY_HOST: "http://myapp"
+spec:
+  type: ClusterIP
+  selector:
+    app: myapp
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80