Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

autoconf - basic ingress controller support for kubernetes

Browse Source
This commit is contained in:
bunkerity
2021-08-03 16:39:39 +02:00
parent 021147f9d9
commit 4e178b474c
10 changed files with 227 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
helpers/kubernetes-ingress.yml
View File

@@ -2,11 +2,10 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: bunkerized-nginx-ingress
labels:
bunkerized-nginx: "yes"
annotations:
# mandatory, keep this annotation
bunkerized-nginx.AUTOCONF: "yes"
# add any global and default environment variables here as annotations with the "bunkerized-nginx." prefix
# if the scope is "multisite", they will be applied to all services unless overriden by the service
# examples :
#bunkerized-nginx.AUTO_LETS_ENCRYPT: "yes"
#bunkerized-nginx.USE_ANTIBOT: "javascript"
@@ -25,7 +24,39 @@ spec:
path: "/"
backend:
service:
name: app-service
name: myapp
port:
number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
labels:
app: myapp
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: containous/whoami
---
apiVersion: v1
kind: Service
metadata:
name: myapp
spec:
type: ClusterIP
selector:
app: myapp
ports:
- protocol: TCP
port: 80
targetPort: 80

102
helpers/kubernetes-nginx.yml
View File

@@ -17,51 +17,56 @@ spec:
serviceAccountName: bunkerized-nginx-ingress-controller
containers:
- name: bunkerized-nginx-autoconf
image: bunkerity/bunkerized-nginx-autoconf:1.3.0
image: bunkerity/bunkerized-nginx-autoconf:testing
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
- name: API_URI
value: "/ChangeMeToSomethingHardToGuess"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
volumeMounts:
- name: config
- name: confs
mountPath: /etc/nginx
- name: certs
- name: letsencrypt
mountPath: /etc/letsencrypt
- name: challenges
- name: acme-challenge
mountPath: /acme-challenge
- name: cache
mountPath: /cache
- name: custom-modsec
- name: modsec-confs
mountPath: /modsec-confs
readOnly: true
- name: custom-modsec-crs
- name: modsec-crs-confs
mountPath: /modsec-crs-confs
readOnly: true
volumes:
- name: config
- name: confs
hostPath:
path: /shared/config
path: /shared/confs
type: Directory
- name: certs
- name: letsencrypt
hostPath:
path: /shared/certs
path: /shared/letsencrypt
type: Directory
- name: challenges
- name: acme-challenge
hostPath:
path: /shared/challenges
path: /shared/acme-challenge
type: Directory
- name: cache
hostPath:
path: /shared/cache
type: Directory
- name: custom-modsec
- name: modsec-confs
hostPath:
path: /shared/custom-modsec
path: /shared/modsec-confs
type: Directory
- name: custom-modsec-crs
- name: modsec-crs-confs
hostPath:
path: /shared/custom-modsec-crs
path: /shared/modsec-crs-confs
type: Directory
---
apiVersion: apps/v1
@@ -78,12 +83,14 @@ spec:
metadata:
labels:
name: bunkerized-nginx
bunkerized-nginx: "yes"
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: bunkerized-nginx
image: bunkerity/bunkerized-nginx:1.3.0
image: bunkerity/bunkerized-nginx:testing
imagePullPolicy: Always
env:
- name: KUBERNETES_MODE
value: "yes"
@@ -91,61 +98,78 @@ spec:
value: "yes"
- name: API_URI
value: "/ChangeMeToSomethingHardToGuess"
- name: SERVER_NAME
value: ""
- name: MULTISITE
value: "yes"
volumeMounts:
- name: config
- name: confs
mountPath: /etc/nginx
readOnly: true
- name: certs
- name: letsencrypt
mountPath: /etc/letsencrypt
readOnly: true
- name: challenges
- name: acme-challenge
mountPath: /acme-challenge
readOnly: true
- name: www
mountPath: /www
readOnly: true
- name: custom-http
- name: http-confs
mountPath: /http-confs
readOnly: true
- name: custom-server
- name: server-confs
mountPath: /server-confs
readOnly: true
- name: custom-modsec
- name: modsec-confs
mountPath: /modsec-confs
readOnly: true
- name: custom-modsec-crs
- name: modsec-crs-confs
mountPath: /modsec-crs-confs
readOnly: true
volumes:
- name: config
- name: confs
hostPath:
path: /shared/config
path: /shared/confs
type: Directory
- name: certs
- name: letsencrypt
hostPath:
path: /shared/certs
path: /shared/letsencrypt
type: Directory
- name: challenges
- name: acme-challenge
hostPath:
path: /shared/challenges
path: /shared/acme-challenge
type: Directory
- name: www
hostPath:
path: /shared/www
type: Directory
- name: custom-http
- name: http-confs
hostPath:
path: /shared/custom-http
path: /shared/http-confs
type: Directory
- name: custom-server
- name: server-confs
hostPath:
path: /shared/custom-server
path: /shared/server-confs
type: Directory
- name: custom-modsec
- name: modsec-confs
hostPath:
path: /shared/custom-modsec
path: /shared/modsec-confs
type: Directory
- name: custom-modsec-crs
- name: modsec-crs-confs
hostPath:
path: /shared/custom-modsec-crs
type: Directory
path: /shared/modsec-crs-confs
type: Directory
---
apiVersion: v1
kind: Service
metadata:
name: bunkerized-nginx-service
labels:
bunkerized-nginx: "yes"
annotations:
bunkerized-nginx.AUTOCONF: "yes"
spec:
clusterIP: None
selector:
name: bunkerized-nginx

4
helpers/kubernetes-rbac.yml
View File

@@ -4,7 +4,7 @@ metadata:
name: bunkerized-nginx-ingress-controller
rules:
- apiGroups: [""]
resources: ["services"]
resources: ["services", "pods"]
verbs: ["get", "watch", "list"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
@@ -27,4 +27,4 @@ subjects:
roleRef:
kind: ClusterRole
name: bunkerized-nginx-ingress-controller
apiGroup: rbac.authorization.k8s.io
apiGroup: rbac.authorization.k8s.io