176 lines
4.3 KiB
YAML
176 lines
4.3 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: bunkerized-nginx-ingress-controller
|
|
labels:
|
|
app: bunkerized-nginx-autoconf
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: bunkerized-nginx-autoconf
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: bunkerized-nginx-autoconf
|
|
spec:
|
|
serviceAccountName: bunkerized-nginx-ingress-controller
|
|
containers:
|
|
- name: bunkerized-nginx-autoconf
|
|
image: bunkerity/bunkerized-nginx-autoconf:testing
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: KUBERNETES_MODE
|
|
value: "yes"
|
|
- name: API_URI
|
|
value: "/ChangeMeToSomethingHardToGuess"
|
|
- name: SERVER_NAME
|
|
value: ""
|
|
- name: MULTISITE
|
|
value: "yes"
|
|
volumeMounts:
|
|
- name: confs
|
|
mountPath: /etc/nginx
|
|
- name: letsencrypt
|
|
mountPath: /etc/letsencrypt
|
|
- name: acme-challenge
|
|
mountPath: /acme-challenge
|
|
- name: cache
|
|
mountPath: /cache
|
|
- name: modsec-confs
|
|
mountPath: /modsec-confs
|
|
readOnly: true
|
|
- name: modsec-crs-confs
|
|
mountPath: /modsec-crs-confs
|
|
readOnly: true
|
|
volumes:
|
|
- name: confs
|
|
hostPath:
|
|
path: /shared/confs
|
|
type: Directory
|
|
- name: letsencrypt
|
|
hostPath:
|
|
path: /shared/letsencrypt
|
|
type: Directory
|
|
- name: acme-challenge
|
|
hostPath:
|
|
path: /shared/acme-challenge
|
|
type: Directory
|
|
- name: cache
|
|
hostPath:
|
|
path: /shared/cache
|
|
type: Directory
|
|
- name: modsec-confs
|
|
hostPath:
|
|
path: /shared/modsec-confs
|
|
type: Directory
|
|
- name: modsec-crs-confs
|
|
hostPath:
|
|
path: /shared/modsec-crs-confs
|
|
type: Directory
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: bunkerized-nginx
|
|
labels:
|
|
app: bunkerized-nginx
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
name: bunkerized-nginx
|
|
template:
|
|
metadata:
|
|
labels:
|
|
name: bunkerized-nginx
|
|
bunkerized-nginx: "yes"
|
|
spec:
|
|
hostNetwork: true
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
containers:
|
|
- name: bunkerized-nginx
|
|
image: bunkerity/bunkerized-nginx:testing
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: KUBERNETES_MODE
|
|
value: "yes"
|
|
- name: USE_API
|
|
value: "yes"
|
|
- name: API_URI
|
|
value: "/ChangeMeToSomethingHardToGuess"
|
|
- name: SERVER_NAME
|
|
value: ""
|
|
- name: MULTISITE
|
|
value: "yes"
|
|
volumeMounts:
|
|
- name: confs
|
|
mountPath: /etc/nginx
|
|
readOnly: true
|
|
- name: letsencrypt
|
|
mountPath: /etc/letsencrypt
|
|
readOnly: true
|
|
- name: acme-challenge
|
|
mountPath: /acme-challenge
|
|
readOnly: true
|
|
- name: www
|
|
mountPath: /www
|
|
readOnly: true
|
|
- name: http-confs
|
|
mountPath: /http-confs
|
|
readOnly: true
|
|
- name: server-confs
|
|
mountPath: /server-confs
|
|
readOnly: true
|
|
- name: modsec-confs
|
|
mountPath: /modsec-confs
|
|
readOnly: true
|
|
- name: modsec-crs-confs
|
|
mountPath: /modsec-crs-confs
|
|
readOnly: true
|
|
volumes:
|
|
- name: confs
|
|
hostPath:
|
|
path: /shared/confs
|
|
type: Directory
|
|
- name: letsencrypt
|
|
hostPath:
|
|
path: /shared/letsencrypt
|
|
type: Directory
|
|
- name: acme-challenge
|
|
hostPath:
|
|
path: /shared/acme-challenge
|
|
type: Directory
|
|
- name: www
|
|
hostPath:
|
|
path: /shared/www
|
|
type: Directory
|
|
- name: http-confs
|
|
hostPath:
|
|
path: /shared/http-confs
|
|
type: Directory
|
|
- name: server-confs
|
|
hostPath:
|
|
path: /shared/server-confs
|
|
type: Directory
|
|
- name: modsec-confs
|
|
hostPath:
|
|
path: /shared/modsec-confs
|
|
type: Directory
|
|
- name: modsec-crs-confs
|
|
hostPath:
|
|
path: /shared/modsec-crs-confs
|
|
type: Directory
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: bunkerized-nginx-service
|
|
labels:
|
|
bunkerized-nginx: "yes"
|
|
annotations:
|
|
bunkerized-nginx.AUTOCONF: "yes"
|
|
spec:
|
|
clusterIP: None
|
|
selector:
|
|
name: bunkerized-nginx
|