151 lines
3.8 KiB
YAML
151 lines
3.8 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bunkerized-nginx-ingress-controller
|
|
labels:
|
|
app: bunkerized-nginx-autoconf
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: bunkerized-nginx-autoconf
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bunkerized-nginx-autoconf
|
|
spec:
|
|
serviceAccountName: bunkerized-nginx-ingress-controller
|
|
containers:
|
|
- name: bunkerized-nginx-autoconf
|
|
image: bunkerity/bunkerized-nginx-autoconf:1.3.0
|
|
env:
|
|
- name: KUBERNETES_MODE
|
|
value: "yes"
|
|
- name: API_URI
|
|
value: "/ChangeMeToSomethingHardToGuess"
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/nginx
|
|
- name: certs
|
|
mountPath: /etc/letsencrypt
|
|
- name: challenges
|
|
mountPath: /acme-challenge
|
|
- name: cache
|
|
mountPath: /cache
|
|
- name: custom-modsec
|
|
mountPath: /modsec-confs
|
|
readOnly: true
|
|
- name: custom-modsec-crs
|
|
mountPath: /modsec-crs-confs
|
|
readOnly: true
|
|
volumes:
|
|
- name: config
|
|
hostPath:
|
|
path: /shared/config
|
|
type: Directory
|
|
- name: certs
|
|
hostPath:
|
|
path: /shared/certs
|
|
type: Directory
|
|
- name: challenges
|
|
hostPath:
|
|
path: /shared/challenges
|
|
type: Directory
|
|
- name: cache
|
|
hostPath:
|
|
path: /shared/cache
|
|
type: Directory
|
|
- name: custom-modsec
|
|
hostPath:
|
|
path: /shared/custom-modsec
|
|
type: Directory
|
|
- name: custom-modsec-crs
|
|
hostPath:
|
|
path: /shared/custom-modsec-crs
|
|
type: Directory
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: bunkerized-nginx
|
|
labels:
|
|
app: bunkerized-nginx
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
name: bunkerized-nginx
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: bunkerized-nginx
|
|
spec:
|
|
hostNetwork: true
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
containers:
|
|
- name: bunkerized-nginx
|
|
image: bunkerity/bunkerized-nginx:1.3.0
|
|
env:
|
|
- name: KUBERNETES_MODE
|
|
value: "yes"
|
|
- name: USE_API
|
|
value: "yes"
|
|
- name: API_URI
|
|
value: "/ChangeMeToSomethingHardToGuess"
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/nginx
|
|
readOnly: true
|
|
- name: certs
|
|
mountPath: /etc/letsencrypt
|
|
readOnly: true
|
|
- name: challenges
|
|
mountPath: /acme-challenge
|
|
readOnly: true
|
|
- name: www
|
|
mountPath: /www
|
|
readOnly: true
|
|
- name: custom-http
|
|
mountPath: /http-confs
|
|
readOnly: true
|
|
- name: custom-server
|
|
mountPath: /server-confs
|
|
readOnly: true
|
|
- name: custom-modsec
|
|
mountPath: /modsec-confs
|
|
readOnly: true
|
|
- name: custom-modsec-crs
|
|
mountPath: /modsec-crs-confs
|
|
readOnly: true
|
|
volumes:
|
|
- name: config
|
|
hostPath:
|
|
path: /shared/config
|
|
type: Directory
|
|
- name: certs
|
|
hostPath:
|
|
path: /shared/certs
|
|
type: Directory
|
|
- name: challenges
|
|
hostPath:
|
|
path: /shared/challenges
|
|
type: Directory
|
|
- name: www
|
|
hostPath:
|
|
path: /shared/www
|
|
type: Directory
|
|
- name: custom-http
|
|
hostPath:
|
|
path: /shared/custom-http
|
|
type: Directory
|
|
- name: custom-server
|
|
hostPath:
|
|
path: /shared/custom-server
|
|
type: Directory
|
|
- name: custom-modsec
|
|
hostPath:
|
|
path: /shared/custom-modsec
|
|
type: Directory
|
|
- name: custom-modsec-crs
|
|
hostPath:
|
|
path: /shared/custom-modsec-crs
|
|
type: Directory |