From bc3c17a2f0230ff943d96adb336cbd6906edd36b Mon Sep 17 00:00:00 2001
From: bunkerity <contact@bunkerity.com>
Date: Tue, 27 Jul 2021 12:03:31 +0200
Subject: [PATCH] examples - init k8s example

---
 examples/kubernetes/deploy.yml | 102 +++++++++++++++++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 examples/kubernetes/deploy.yml

diff --git a/examples/kubernetes/deploy.yml b/examples/kubernetes/deploy.yml
new file mode 100644
index 0000000..59eb15c
--- /dev/null
+++ b/examples/kubernetes/deploy.yml
@@ -0,0 +1,102 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: bunkerized-nginx-ingress-controller
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["extensions"]
+  resources: ["ingresses"]
+  verbs: ["get", "watch", "list"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: bunkerized-nginx-ingress-controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: bunkerized-nginx-ingress-controller
+subjects:
+- kind: ServiceAccount
+  name: bunkerized-nginx-ingress-controller
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: bunkerized-nginx-ingress-controller
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bunkerized-nginx-ingress-controller
+  labels:
+    app: bunkerized-nginx-autoconf
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bunkerized-nginx-autoconf
+  template:
+    metadata:
+      labels:
+        app: bunkerized-nginx-autoconf
+    spec:
+      serviceAccountName: bunkerized-nginx-ingress-controller
+      containers:
+      - name: bunkerized-nginx-autoconf
+        image: bunkerity/bunkerized-nginx-autoconf:1.3.0
+        env:
+        - name: KUBERNETES_MODE
+          value: "yes"
+        - name: API_URI
+          value: "/ChangeMeToSomethingHardToGuess"
+        volumeMounts:
+        - name: config
+          mountPath: "/etc/nginx"
+        - name: certs
+          mountPath: "/etc/letsencrypt"
+        - name: challenges
+          mountPath: "/acme-challenge"
+        - name: cache
+          mountPath: "/cache"
+      volumes:
+      - name: config
+        hostPath:
+          path: /shared
+# TODO volumes : /etc/nginx, /etc/letsencrypt, /acme-challenge, /cache
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: bunkerized-nginx
+  labels:
+    app: bunkerized-nginx
+  annotations:
+    bunkerized-nginx.AUTOCONF: "yes"
+    bunkerized-nginx.MULTISITE: "yes"
+    bunkerized-nginx.SERVER_NAME: ""
+spec:
+  selector:
+    matchLabels:
+      name: bunkerized-nginx
+  template:
+    metadata:
+      labels:
+        name: bunkerized-nginx
+  spec:
+    hostNetwork: true
+    dnsPolicy: ClusterFirstWithHostNet
+    containers:
+    - name: bunkerized-nginx
+      image: bunkerity/bunkerized-nginx:1.3.0
+      env:
+      - name: KUBERNETES_MODE
+        value: "yes"
+      - name: USE_API
+        value: "yes"
+      - name: API_URI
+        value: "/ChangeMeToSomethingHardToGuess"
+# TODO volumes : /etc/nginx, /etc/letsencrypt, /acme-challenge