mirror of
https://github.com/ChristianLempa/boilerplates.git
synced 2024-11-24 17:24:25 +01:00
Merge pull request #502 from ChristianLempa/456-enhance-kubernetes-templates
Big update to Kubernetes and Helm templates
This commit is contained in:
commit
3a976e8612
19
helm/cert-manager/values.yaml
Normal file
19
helm/cert-manager/values.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
image:
|
||||
repository: quay.io/jetstack/cert-manager-controller
|
||||
tag: v1.16.0
|
||||
webhook:
|
||||
image:
|
||||
repository: quay.io/jetstack/cert-manager-webhook
|
||||
tag: v1.16.0
|
||||
cainjector:
|
||||
image:
|
||||
repository: quay.io/jetstack/cert-manager-cainjector
|
||||
tag: v1.16.0
|
||||
|
||||
crds:
|
||||
enabled: true
|
||||
|
||||
extraArgs:
|
||||
- --dns01-recursive-nameservers-only
|
||||
- --dns01-recursive-nameservers=1.1.1.1:53,1.0.0.1:53
|
53
helm/longhorn/values.yaml
Normal file
53
helm/longhorn/values.yaml
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
image:
|
||||
longhorn:
|
||||
engine:
|
||||
repository: "longhornio/longhorn-engine"
|
||||
tag: "v1.7.2"
|
||||
manager:
|
||||
repository: "longhornio/longhorn-manager"
|
||||
tag: "v1.7.2"
|
||||
ui:
|
||||
repository: "longhornio/longhorn-ui"
|
||||
tag: "v1.7.2"
|
||||
instanceManager:
|
||||
repository: "longhornio/longhorn-instance-manager"
|
||||
tag: "v1.7.2"
|
||||
shareManager:
|
||||
repository: "longhornio/longhorn-share-manager"
|
||||
tag: "v1.7.2"
|
||||
backingImageManager:
|
||||
repository: "longhornio/backing-image-manager"
|
||||
tag: "v1.7.2"
|
||||
supportBundleKit:
|
||||
repository: "longhornio/support-bundle-kit"
|
||||
tag: "v0.0.45"
|
||||
csi:
|
||||
attacher:
|
||||
repository: "longhornio/csi-attacher"
|
||||
tag: "v4.7.0"
|
||||
provisioner:
|
||||
repository: "longhornio/csi-provisioner"
|
||||
tag: "v5.1.0"
|
||||
nodeDriverRegistrar:
|
||||
repository: "longhornio/csi-node-driver-registrar"
|
||||
tag: "v2.12.0"
|
||||
resizer:
|
||||
repository: "longhornio/csi-resizer"
|
||||
tag: "v1.12.0"
|
||||
snapshotter:
|
||||
repository: "longhornio/csi-snapshotter"
|
||||
tag: "v8.1.0"
|
||||
livenessProbe:
|
||||
repository: "longhornio/livenessprobe"
|
||||
tag: "v2.14.0"
|
||||
|
||||
# --> (Optional) Reduce the number of replicas of Longhorn UI
|
||||
# longhornUI:
|
||||
# replicas: 1
|
||||
# <--
|
||||
|
||||
# --> (Optional) Change the default settings, like Backup Target here...
|
||||
# defaultSettings:
|
||||
# backupTarget: "your-backup-target" # <-- Replace with your backup target
|
||||
# <--
|
27
helm/portainer/values.yaml
Normal file
27
helm/portainer/values.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
image:
|
||||
repository: portainer/portainer-ce
|
||||
tag: 2.22.0
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
service:
|
||||
type: ClusterIP
|
||||
|
||||
# --> (Optional) When you want to automatically create an Ingress
|
||||
# ingress:
|
||||
# enabled: true
|
||||
# hosts:
|
||||
# - host: "your-fqdn" # <-- Replace with your FQDN
|
||||
# paths:
|
||||
# - path: /
|
||||
# port: "9000"
|
||||
# tls:
|
||||
# - secretName: portainer-certificate-secret
|
||||
# hosts:
|
||||
# - "your-fqdn" # <-- Replace with your FQDN
|
||||
# <--
|
||||
|
||||
# --> (Optional) When using an existing PVC
|
||||
# persistence:
|
||||
# existingClaim: "portainer"
|
||||
# <--
|
19
helm/traefik/values.yaml
Normal file
19
helm/traefik/values.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
image:
|
||||
repository: traefik
|
||||
version: v3.1.4
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# --> (Optional) Change log settings here...
|
||||
# logs:
|
||||
# general:
|
||||
# level: ERROR
|
||||
# access:
|
||||
# enabled: false
|
||||
# <--
|
||||
|
||||
# --> (Optional) Redirect HTTP to HTTPs by default
|
||||
# ports:
|
||||
# web:
|
||||
# redirectTo:
|
||||
# port: websecure
|
||||
# <--
|
13
kubernetes/cert-manager/certificate.yaml.example
Normal file
13
kubernetes/cert-manager/certificate.yaml.example
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: your-certificate # <-- Replace with your certificate name
|
||||
namespace: your-namespace # <-- Replace with your namespace
|
||||
spec:
|
||||
secretName: your-secret # <-- Replace with your secret name
|
||||
issuerRef:
|
||||
name: clusterissuer # <-- Replace with your issuer name
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- your-hostname # <-- Replace with your hostname
|
9
kubernetes/cert-manager/clusterissuer-secret.yaml
Normal file
9
kubernetes/cert-manager/clusterissuer-secret.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: cloudflare-api-token-secret
|
||||
namespace: cert-manager
|
||||
type: Opaque
|
||||
data:
|
||||
api-token: your-api-token # <-- Replace with your Cloudflare API token
|
17
kubernetes/cert-manager/clusterissuer.yaml
Normal file
17
kubernetes/cert-manager/clusterissuer.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: cloudflare-clusterissuer
|
||||
spec:
|
||||
acme:
|
||||
email: your-email@address # <-- Replace with your email address
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: cloudflare-clusterissuer-account-key
|
||||
solvers:
|
||||
- dns01:
|
||||
cloudflare:
|
||||
apiTokenSecretRef:
|
||||
name: cloudflare-api-token-secret
|
||||
key: api-token
|
@ -1,32 +0,0 @@
|
||||
# Kubernetes Cert-Manager Installation Guide
|
||||
|
||||
Here is the installation guide for Cert-Manager and the complete configuration.
|
||||
|
||||
## Deployment
|
||||
|
||||
### 1. Add the Helm Repository & Update
|
||||
|
||||
```bash
|
||||
helm repo add jetstack https://charts.jetstack.io
|
||||
helm repo update
|
||||
```
|
||||
|
||||
### 2. Install Cert-Manager with Helm & CRDs
|
||||
|
||||
```bash
|
||||
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
Add your Issuer or ClusterIssuer Objects, Credentails and Certificates.
|
||||
|
||||
_For more info visit:_ [Official Cert-Manager Documentation](https://cert-manager.io/docs/)
|
||||
|
||||
## Best-Practices & Post-Installation
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
You can troubleshoot issues and inspect log entries for the Certificate Objects with the `kubectl describe` command.
|
||||
|
||||
_For more info visit:_ [Official Cert-Manager Troubleshooting Guide](https://cert-manager.io/docs/faq/troubleshooting/)
|
@ -1,516 +0,0 @@
|
||||
# Default values for cert-manager.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
global:
|
||||
## Reference to one or more secrets to be used when pulling images
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
##
|
||||
imagePullSecrets: []
|
||||
# - name: "image-pull-secret"
|
||||
|
||||
# Optional priority class to be used for the cert-manager pods
|
||||
priorityClassName: ""
|
||||
rbac:
|
||||
create: true
|
||||
|
||||
podSecurityPolicy:
|
||||
enabled: false
|
||||
useAppArmor: true
|
||||
|
||||
# Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose.
|
||||
logLevel: 2
|
||||
|
||||
leaderElection:
|
||||
# Override the namespace used to store the ConfigMap for leader election
|
||||
namespace: "kube-system"
|
||||
|
||||
# The duration that non-leader candidates will wait after observing a
|
||||
# leadership renewal until attempting to acquire leadership of a led but
|
||||
# unrenewed leader slot. This is effectively the maximum duration that a
|
||||
# leader can be stopped before it is replaced by another candidate.
|
||||
# leaseDuration: 60s
|
||||
|
||||
# The interval between attempts by the acting master to renew a leadership
|
||||
# slot before it stops leading. This must be less than or equal to the
|
||||
# lease duration.
|
||||
# renewDeadline: 40s
|
||||
|
||||
# The duration the clients should wait between attempting acquisition and
|
||||
# renewal of a leadership.
|
||||
# retryPeriod: 15s
|
||||
|
||||
installCRDs: false
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
strategy: {}
|
||||
# type: RollingUpdate
|
||||
# rollingUpdate:
|
||||
# maxSurge: 0
|
||||
# maxUnavailable: 1
|
||||
|
||||
# Comma separated list of feature gates that should be enabled on the
|
||||
# controller pod.
|
||||
featureGates: ""
|
||||
|
||||
image:
|
||||
repository: quay.io/jetstack/cert-manager-controller
|
||||
# You can manage a registry with
|
||||
# registry: quay.io
|
||||
# repository: jetstack/cert-manager-controller
|
||||
|
||||
# Override the image tag to deploy by setting this variable.
|
||||
# If no value is set, the chart's appVersion will be used.
|
||||
# tag: canary
|
||||
|
||||
# Setting a digest will override any tag
|
||||
# digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# Override the namespace used to store DNS provider credentials etc. for ClusterIssuer
|
||||
# resources. By default, the same namespace as cert-manager is deployed within is
|
||||
# used. This namespace will not be automatically created by the Helm chart.
|
||||
clusterResourceNamespace: ""
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a service account should be created
|
||||
create: true
|
||||
# The name of the service account to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
# name: ""
|
||||
# Optional additional annotations to add to the controller's ServiceAccount
|
||||
# annotations: {}
|
||||
# Automount API credentials for a Service Account.
|
||||
automountServiceAccountToken: true
|
||||
|
||||
# Additional command line flags to pass to cert-manager controller binary.
|
||||
# To see all available flags run docker run quay.io/jetstack/cert-manager-controller:<version> --help
|
||||
extraArgs: []
|
||||
# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted
|
||||
# - --enable-certificate-owner-ref=true
|
||||
# Use this flag to enabled or disable arbitrary controllers, for example, disable the CertificiateRequests approver
|
||||
# - --controllers=*,-certificaterequests-approver
|
||||
|
||||
extraEnv: []
|
||||
# - name: SOME_VAR
|
||||
# value: 'some value'
|
||||
|
||||
resources: {}
|
||||
# requests:
|
||||
# cpu: 10m
|
||||
# memory: 32Mi
|
||||
|
||||
# Pod Security Context
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
# legacy securityContext parameter format: if enabled is set to true, only fsGroup and runAsUser are supported
|
||||
# securityContext:
|
||||
# enabled: false
|
||||
# fsGroup: 1001
|
||||
# runAsUser: 1001
|
||||
# to support additional securityContext parameters, omit the `enabled` parameter and simply specify the parameters
|
||||
# you want to set, e.g.
|
||||
# securityContext:
|
||||
# fsGroup: 1000
|
||||
# runAsUser: 1000
|
||||
# runAsNonRoot: true
|
||||
|
||||
# Container Security Context to be set on the controller component container
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
containerSecurityContext: {}
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
|
||||
|
||||
volumes: []
|
||||
|
||||
volumeMounts: []
|
||||
|
||||
# Optional additional annotations to add to the controller Deployment
|
||||
# deploymentAnnotations: {}
|
||||
|
||||
# Optional additional annotations to add to the controller Pods
|
||||
# podAnnotations: {}
|
||||
|
||||
podLabels: {}
|
||||
|
||||
# Optional annotations to add to the controller Service
|
||||
# serviceAnnotations: {}
|
||||
|
||||
# Optional additional labels to add to the controller Service
|
||||
# serviceLabels: {}
|
||||
|
||||
# Optional DNS settings, useful if you have a public and private DNS zone for
|
||||
# the same domain on Route 53. What follows is an example of ensuring
|
||||
# cert-manager can access an ingress or DNS TXT records at all times.
|
||||
# NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for
|
||||
# the cluster to work.
|
||||
# podDnsPolicy: "None"
|
||||
# podDnsConfig:
|
||||
# nameservers:
|
||||
# - "1.1.1.1"
|
||||
# - "8.8.8.8"
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
ingressShim: {}
|
||||
# defaultIssuerName: ""
|
||||
# defaultIssuerKind: ""
|
||||
# defaultIssuerGroup: ""
|
||||
|
||||
prometheus:
|
||||
enabled: true
|
||||
servicemonitor:
|
||||
enabled: false
|
||||
prometheusInstance: default
|
||||
targetPort: 9402
|
||||
path: /metrics
|
||||
interval: 60s
|
||||
scrapeTimeout: 30s
|
||||
labels: {}
|
||||
honorLabels: false
|
||||
|
||||
# Use these variables to configure the HTTP_PROXY environment variables
|
||||
# http_proxy: "http://proxy:8080"
|
||||
# https_proxy: "https://proxy:8080"
|
||||
# no_proxy: 127.0.0.1,localhost
|
||||
|
||||
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
|
||||
# for example:
|
||||
# affinity:
|
||||
# nodeAffinity:
|
||||
# requiredDuringSchedulingIgnoredDuringExecution:
|
||||
# nodeSelectorTerms:
|
||||
# - matchExpressions:
|
||||
# - key: foo.bar.com/role
|
||||
# operator: In
|
||||
# values:
|
||||
# - master
|
||||
affinity: {}
|
||||
|
||||
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
|
||||
# for example:
|
||||
# tolerations:
|
||||
# - key: foo.bar.com/role
|
||||
# operator: Equal
|
||||
# value: master
|
||||
# effect: NoSchedule
|
||||
tolerations: []
|
||||
|
||||
webhook:
|
||||
replicaCount: 1
|
||||
timeoutSeconds: 10
|
||||
|
||||
# Used to configure options for the webhook pod.
|
||||
# This allows setting options that'd usually be provided via flags.
|
||||
# An APIVersion and Kind must be specified in your values.yaml file.
|
||||
# Flags will override options that are set here.
|
||||
config:
|
||||
# apiVersion: webhook.config.cert-manager.io/v1alpha1
|
||||
# kind: WebhookConfiguration
|
||||
|
||||
# The port that the webhook should listen on for requests.
|
||||
# In GKE private clusters, by default kubernetes apiservers are allowed to
|
||||
# talk to the cluster nodes only on 443 and 10250. so configuring
|
||||
# securePort: 10250, will work out of the box without needing to add firewall
|
||||
# rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000.
|
||||
# This should be uncommented and set as a default by the chart once we graduate
|
||||
# the apiVersion of WebhookConfiguration past v1alpha1.
|
||||
# securePort: 10250
|
||||
|
||||
strategy: {}
|
||||
# type: RollingUpdate
|
||||
# rollingUpdate:
|
||||
# maxSurge: 0
|
||||
# maxUnavailable: 1
|
||||
|
||||
# Pod Security Context to be set on the webhook component Pod
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
|
||||
# Container Security Context to be set on the webhook component container
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
containerSecurityContext: {}
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
|
||||
# Optional additional annotations to add to the webhook Deployment
|
||||
# deploymentAnnotations: {}
|
||||
|
||||
# Optional additional annotations to add to the webhook Pods
|
||||
# podAnnotations: {}
|
||||
|
||||
# Optional additional annotations to add to the webhook Service
|
||||
# serviceAnnotations: {}
|
||||
|
||||
# Optional additional annotations to add to the webhook MutatingWebhookConfiguration
|
||||
# mutatingWebhookConfigurationAnnotations: {}
|
||||
|
||||
# Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
|
||||
# validatingWebhookConfigurationAnnotations: {}
|
||||
|
||||
# Additional command line flags to pass to cert-manager webhook binary.
|
||||
# To see all available flags run docker run quay.io/jetstack/cert-manager-webhook:<version> --help
|
||||
extraArgs: []
|
||||
# Path to a file containing a WebhookConfiguration object used to configure the webhook
|
||||
# - --config=<path-to-config-file>
|
||||
|
||||
resources: {}
|
||||
# requests:
|
||||
# cpu: 10m
|
||||
# memory: 32Mi
|
||||
|
||||
## Liveness and readiness probe values
|
||||
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
||||
##
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
affinity: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
# Optional additional labels to add to the Webhook Pods
|
||||
podLabels: {}
|
||||
|
||||
# Optional additional labels to add to the Webhook Service
|
||||
serviceLabels: {}
|
||||
|
||||
image:
|
||||
repository: quay.io/jetstack/cert-manager-webhook
|
||||
# You can manage a registry with
|
||||
# registry: quay.io
|
||||
# repository: jetstack/cert-manager-webhook
|
||||
|
||||
# Override the image tag to deploy by setting this variable.
|
||||
# If no value is set, the chart's appVersion will be used.
|
||||
# tag: canary
|
||||
|
||||
# Setting a digest will override any tag
|
||||
# digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
|
||||
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a service account should be created
|
||||
create: true
|
||||
# The name of the service account to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
# name: ""
|
||||
# Optional additional annotations to add to the controller's ServiceAccount
|
||||
# annotations: {}
|
||||
# Automount API credentials for a Service Account.
|
||||
automountServiceAccountToken: true
|
||||
|
||||
# The port that the webhook should listen on for requests.
|
||||
# In GKE private clusters, by default kubernetes apiservers are allowed to
|
||||
# talk to the cluster nodes only on 443 and 10250. so configuring
|
||||
# securePort: 10250, will work out of the box without needing to add firewall
|
||||
# rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000
|
||||
securePort: 10250
|
||||
|
||||
# Specifies if the webhook should be started in hostNetwork mode.
|
||||
#
|
||||
# Required for use in some managed kubernetes clusters (such as AWS EKS) with custom
|
||||
# CNI (such as calico), because control-plane managed by AWS cannot communicate
|
||||
# with pods' IP CIDR and admission webhooks are not working
|
||||
#
|
||||
# Since the default port for the webhook conflicts with kubelet on the host
|
||||
# network, `webhook.securePort` should be changed to an available port if
|
||||
# running in hostNetwork mode.
|
||||
hostNetwork: false
|
||||
|
||||
# Specifies how the service should be handled. Useful if you want to expose the
|
||||
# webhook to outside of the cluster. In some cases, the control plane cannot
|
||||
# reach internal services.
|
||||
serviceType: ClusterIP
|
||||
# loadBalancerIP:
|
||||
|
||||
# Overrides the mutating webhook and validating webhook so they reach the webhook
|
||||
# service using the `url` field instead of a service.
|
||||
url: {}
|
||||
# host:
|
||||
|
||||
cainjector:
|
||||
enabled: true
|
||||
replicaCount: 1
|
||||
|
||||
strategy: {}
|
||||
# type: RollingUpdate
|
||||
# rollingUpdate:
|
||||
# maxSurge: 0
|
||||
# maxUnavailable: 1
|
||||
|
||||
# Pod Security Context to be set on the cainjector component Pod
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
|
||||
# Container Security Context to be set on the cainjector component container
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
containerSecurityContext: {}
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
|
||||
|
||||
# Optional additional annotations to add to the cainjector Deployment
|
||||
# deploymentAnnotations: {}
|
||||
|
||||
# Optional additional annotations to add to the cainjector Pods
|
||||
# podAnnotations: {}
|
||||
|
||||
# Additional command line flags to pass to cert-manager cainjector binary.
|
||||
# To see all available flags run docker run quay.io/jetstack/cert-manager-cainjector:<version> --help
|
||||
extraArgs: []
|
||||
# Enable profiling for cainjector
|
||||
# - --enable-profiling=true
|
||||
|
||||
resources: {}
|
||||
# requests:
|
||||
# cpu: 10m
|
||||
# memory: 32Mi
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
affinity: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
# Optional additional labels to add to the CA Injector Pods
|
||||
podLabels: {}
|
||||
|
||||
image:
|
||||
repository: quay.io/jetstack/cert-manager-cainjector
|
||||
# You can manage a registry with
|
||||
# registry: quay.io
|
||||
# repository: jetstack/cert-manager-cainjector
|
||||
|
||||
# Override the image tag to deploy by setting this variable.
|
||||
# If no value is set, the chart's appVersion will be used.
|
||||
# tag: canary
|
||||
|
||||
# Setting a digest will override any tag
|
||||
# digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
|
||||
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a service account should be created
|
||||
create: true
|
||||
# The name of the service account to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
# name: ""
|
||||
# Optional additional annotations to add to the controller's ServiceAccount
|
||||
# annotations: {}
|
||||
# Automount API credentials for a Service Account.
|
||||
automountServiceAccountToken: true
|
||||
|
||||
# This startupapicheck is a Helm post-install hook that waits for the webhook
|
||||
# endpoints to become available.
|
||||
# The check is implemented using a Kubernetes Job- if you are injecting mesh
|
||||
# sidecar proxies into cert-manager pods, you probably want to ensure that they
|
||||
# are not injected into this Job's pod. Otherwise the installation may time out
|
||||
# due to the Job never being completed because the sidecar proxy does not exit.
|
||||
# See https://github.com/jetstack/cert-manager/pull/4414 for context.
|
||||
startupapicheck:
|
||||
enabled: true
|
||||
|
||||
# Pod Security Context to be set on the startupapicheck component Pod
|
||||
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
|
||||
# Timeout for 'kubectl check api' command
|
||||
timeout: 1m
|
||||
|
||||
# Job backoffLimit
|
||||
backoffLimit: 4
|
||||
|
||||
# Optional additional annotations to add to the startupapicheck Job
|
||||
jobAnnotations:
|
||||
helm.sh/hook: post-install
|
||||
helm.sh/hook-weight: "1"
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
|
||||
# Optional additional annotations to add to the startupapicheck Pods
|
||||
# podAnnotations: {}
|
||||
|
||||
# Additional command line flags to pass to startupapicheck binary.
|
||||
# To see all available flags run docker run quay.io/jetstack/cert-manager-ctl:<version> --help
|
||||
extraArgs: []
|
||||
|
||||
resources: {}
|
||||
# requests:
|
||||
# cpu: 10m
|
||||
# memory: 32Mi
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
affinity: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
# Optional additional labels to add to the startupapicheck Pods
|
||||
podLabels: {}
|
||||
|
||||
image:
|
||||
repository: quay.io/jetstack/cert-manager-ctl
|
||||
# You can manage a registry with
|
||||
# registry: quay.io
|
||||
# repository: jetstack/cert-manager-ctl
|
||||
|
||||
# Override the image tag to deploy by setting this variable.
|
||||
# If no value is set, the chart's appVersion will be used.
|
||||
# tag: canary
|
||||
|
||||
# Setting a digest will override any tag
|
||||
# digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20
|
||||
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
rbac:
|
||||
# annotations for the startup API Check job RBAC and PSP resources
|
||||
annotations:
|
||||
helm.sh/hook: post-install
|
||||
helm.sh/hook-weight: "-5"
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a service account should be created
|
||||
create: true
|
||||
|
||||
# The name of the service account to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
# name: ""
|
||||
|
||||
# Optional additional annotations to add to the Job's ServiceAccount
|
||||
annotations:
|
||||
helm.sh/hook: post-install
|
||||
helm.sh/hook-weight: "-5"
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
|
||||
# Automount API credentials for a Service Account.
|
||||
automountServiceAccountToken: true
|
@ -1,12 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: your-certificate
|
||||
namespace: your-namespace
|
||||
spec:
|
||||
secretName: your-secret
|
||||
issuerRef:
|
||||
name: ssl-issuer
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- your-hostname
|
@ -1,48 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: acme-issuer
|
||||
spec:
|
||||
acme:
|
||||
# Configure your email here...
|
||||
# ---
|
||||
# email: your-email@address
|
||||
|
||||
# Configure your server here...
|
||||
# ---
|
||||
# Letsencrypt Production
|
||||
# server: https://acme-v02.api.letsencrypt.org/directory
|
||||
# - or -
|
||||
# Letsencrypt Staging
|
||||
# server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
|
||||
privateKeySecretRef:
|
||||
name: example-issuer-account-key
|
||||
solvers:
|
||||
# Configure DNS or HTTP Challenge here...
|
||||
# ---
|
||||
# DNS Challenge:
|
||||
# - dns01:
|
||||
# Configure your DNS Provider here...
|
||||
# ---
|
||||
# cloudflare:
|
||||
# email: your-email@address
|
||||
# API Key:
|
||||
# apiKeySecretRef:
|
||||
# name: cloudflare-api-key-secret
|
||||
# key: api-key
|
||||
# - or -
|
||||
# API Token:
|
||||
# apiTokenSecretRef:
|
||||
# name: cloudflare-api-token-secret
|
||||
# key: api-token
|
||||
# (Optional) Add DNS selectors
|
||||
# ---
|
||||
# selector:
|
||||
# dnsZones:
|
||||
# - 'your-domain'
|
||||
|
||||
# HTTP Challenge:
|
||||
# - http01:
|
||||
# ingress:
|
||||
# class: traefik
|
@ -1,6 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: selfsigned-issuer
|
||||
spec:
|
||||
selfSigned: {}
|
@ -1,51 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: acme-issuer
|
||||
# (Optional) Metadata
|
||||
# ---
|
||||
# namespace: your-namespace
|
||||
spec:
|
||||
acme:
|
||||
# Configure your email here...
|
||||
# ---
|
||||
# email: your-email@address
|
||||
|
||||
# Configure your server here...
|
||||
# ---
|
||||
# Letsencrypt Production
|
||||
# server: https://acme-v02.api.letsencrypt.org/directory
|
||||
# - or -
|
||||
# Letsencrypt Staging
|
||||
# server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
|
||||
privateKeySecretRef:
|
||||
name: example-issuer-account-key
|
||||
solvers:
|
||||
# Configure DNS or HTTP Challenge here...
|
||||
# ---
|
||||
# DNS Challenge:
|
||||
# - dns01:
|
||||
# Configure your DNS Provider here...
|
||||
# ---
|
||||
# cloudflare:
|
||||
# email: your-email@address
|
||||
# API Key:
|
||||
# apiKeySecretRef:
|
||||
# name: cloudflare-api-key-secret
|
||||
# key: api-key
|
||||
# - or -
|
||||
# API Token:
|
||||
# apiTokenSecretRef:
|
||||
# name: cloudflare-api-token-secret
|
||||
# key: api-token
|
||||
# (Optional) Add DNS selectors
|
||||
# ---
|
||||
# selector:
|
||||
# dnsZones:
|
||||
# - 'your-domain'
|
||||
|
||||
# HTTP Challenge:
|
||||
# - http01:
|
||||
# ingress:
|
||||
# class: traefik
|
@ -1,9 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: selfsigned-issuer
|
||||
# (Optional) Metadata
|
||||
# ---
|
||||
# namespace: your-namespace
|
||||
spec:
|
||||
selfSigned: {}
|
@ -1,14 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: cloudflare-api-key-secret
|
||||
namespace: cert-manager
|
||||
type: Opaque
|
||||
stringData:
|
||||
# Configure your API Key or Credentials here...
|
||||
# ---
|
||||
# API Key:
|
||||
# api-key: your-api-key
|
||||
# - or -
|
||||
# Token:
|
||||
# api-token: your-api-token
|
13
kubernetes/longhorn/certificate.yaml
Normal file
13
kubernetes/longhorn/certificate.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: longhorn-certificate
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
secretName: longhorn-certificate-secret
|
||||
dnsNames:
|
||||
- your-fqdn # <-- Replace with your FQDN
|
||||
issuerRef:
|
||||
name: cloudflare-clusterissuer
|
||||
kind: ClusterIssuer
|
17
kubernetes/longhorn/ingressroute.yaml
Normal file
17
kubernetes/longhorn/ingressroute.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: longhorn-ingressroute
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`your-fqdn`) # <-- Replace with your FQDN
|
||||
kind: Rule
|
||||
services:
|
||||
- name: longhorn-frontend
|
||||
port: 80
|
||||
tls:
|
||||
secretName: longhorn-certificate-secret
|
@ -1,28 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-http-cm
|
||||
data:
|
||||
# key: value
|
||||
# file: |
|
||||
# content
|
||||
# ---
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
worker_processes 1;
|
||||
events {
|
||||
worker_connections 10240;
|
||||
}
|
||||
http {
|
||||
server {
|
||||
listen 80;
|
||||
server_name _;
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /test {
|
||||
return 401;
|
||||
}
|
||||
}
|
||||
}
|
@ -1,32 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-http
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx-http
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx-http
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx-http
|
||||
image: nginx:1.27.2
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 80
|
||||
volumeMounts:
|
||||
- name: nginx-http-cm
|
||||
mountPath: /etc/nginx
|
||||
- name: nginx-http-vol
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumes:
|
||||
- name: nginx-http-cm
|
||||
configMap:
|
||||
name: nginx-http-cm
|
||||
- name: nginx-http-vol
|
||||
hostPath:
|
||||
path: /var/nginxserver
|
@ -1,15 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nginx-http-svc
|
||||
labels:
|
||||
app: nginx-http
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- port: 30080
|
||||
targetPort: 80
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app: nginx-http
|
@ -1,3 +0,0 @@
|
||||
# Kubernetes Portainer
|
||||
|
||||
You can add an additional description here.
|
13
kubernetes/portainer/certificate.yaml
Normal file
13
kubernetes/portainer/certificate.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: portainer-ingressroute-certificate
|
||||
namespace: portainer
|
||||
spec:
|
||||
secretName: portainer-certificate-secret
|
||||
issuerRef:
|
||||
name: cloudflare-clusterissuer
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- your-fqdn # <-- Replace with your FQDN
|
17
kubernetes/portainer/ingressroute.yaml
Normal file
17
kubernetes/portainer/ingressroute.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: portainer-ingressroute
|
||||
namespace: portainer
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`your-fqdn`) # <-- Replace with your FQDN
|
||||
kind: Rule
|
||||
services:
|
||||
- name: portainer
|
||||
port: 9000
|
||||
tls:
|
||||
secretName: portainer-certificate-secret
|
@ -1,17 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: nginx
|
||||
namespace: wp-clcreative
|
||||
spec:
|
||||
rules:
|
||||
- host: portainer.your-domain.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: portainer
|
||||
port:
|
||||
number: 9000
|
@ -1 +0,0 @@
|
||||
|
@ -1,12 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: your-certificate
|
||||
namespace: your-namespace
|
||||
spec:
|
||||
secretName: your-secret
|
||||
issuerRef:
|
||||
name: ssl-issuer
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- your-hostname
|
@ -1,33 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mysql
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: mysql
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mysql
|
||||
spec:
|
||||
containers:
|
||||
- image: mysql:5.7
|
||||
name: mysql
|
||||
env:
|
||||
- name: MYSQL_ROOT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mysql-secret
|
||||
key: root-pass
|
||||
ports:
|
||||
- name: mysql
|
||||
containerPort: 3306
|
||||
# volumeMounts:
|
||||
# - name: mysql-vol
|
||||
# mountPath: /var/lib/mysql
|
||||
# volumes:
|
||||
# - name: mysql-vol
|
||||
# hostPath:
|
||||
# path: /var/mysql-data
|
@ -1,7 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mysql-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
root-pass: test123
|
@ -1,28 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-http-cm
|
||||
data:
|
||||
# key: value
|
||||
# file: |
|
||||
# content
|
||||
# ---
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
worker_processes 1;
|
||||
events {
|
||||
worker_connections 10240;
|
||||
}
|
||||
http {
|
||||
server {
|
||||
listen 80;
|
||||
server_name _;
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
location /test {
|
||||
return 401;
|
||||
}
|
||||
}
|
||||
}
|
@ -1,32 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-http
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx-http
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx-http
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx-http
|
||||
image: nginx
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 80
|
||||
volumeMounts:
|
||||
- name: nginx-http-cm
|
||||
mountPath: /etc/nginx
|
||||
- name: nginx-http-vol
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumes:
|
||||
- name: nginx-http-cm
|
||||
configMap:
|
||||
name: nginx-http-cm
|
||||
- name: nginx-http-vol
|
||||
hostPath:
|
||||
path: /var/nginxserver
|
@ -1,15 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nginx-http-svc
|
||||
labels:
|
||||
app: nginx-http
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- port: 30080
|
||||
targetPort: 80
|
||||
protocol: TCP
|
||||
name: http
|
||||
selector:
|
||||
app: nginx-http
|
@ -1,27 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-https-cm
|
||||
data:
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
worker_processes 1;
|
||||
events {
|
||||
worker_connections 10240;
|
||||
}
|
||||
http {
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl;
|
||||
|
||||
server_name _;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/server-cert.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/server-key.pem;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
}
|
||||
}
|
@ -1,68 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nginx-https
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx-https
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx-https
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx-https
|
||||
image: nginx
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 80
|
||||
- name: secureweb
|
||||
containerPort: 443
|
||||
volumeMounts:
|
||||
- name: nginx-https-cm
|
||||
mountPath: /etc/nginx
|
||||
- name: nginx-https-secret
|
||||
mountPath: /etc/nginx/ssl
|
||||
readOnly: true
|
||||
- name: nginx-https-vol
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumes:
|
||||
- name: nginx-https-cm
|
||||
configMap:
|
||||
name: nginx-https-cm
|
||||
- name: nginx-https-secret
|
||||
secret:
|
||||
secretName: nginx-https-secret
|
||||
- name: nginx-https-vol
|
||||
hostPath:
|
||||
path: /var/nginxserver
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nginx-https-cm
|
||||
data:
|
||||
nginx.conf: |
|
||||
user nginx;
|
||||
worker_processes 1;
|
||||
events {
|
||||
worker_connections 10240;
|
||||
}
|
||||
http {
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl;
|
||||
|
||||
server_name _;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/server-cert.pem;
|
||||
ssl_certificate_key /etc/nginx/ssl/server-key.pem;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
}
|
||||
}
|
@ -1,12 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: nginx-https-secret
|
||||
type: Opaque
|
||||
stringData:
|
||||
server-cert.pem: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
...
|
||||
-----END CERTIFICATE-----
|
||||
server-key.pem: |
|
||||
|
@ -1,19 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nginx-https-svc
|
||||
labels:
|
||||
app: nginx-https
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- port: 31080
|
||||
targetPort: 80
|
||||
protocol: TCP
|
||||
name: http
|
||||
- port: 31443
|
||||
targetPort: 443
|
||||
protocol: TCP
|
||||
name: https
|
||||
selector:
|
||||
app: nginx-https
|
@ -1,41 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: appname # Name of the deployment
|
||||
namespace: namespace # Name of the namespace
|
||||
labels:
|
||||
app: appname # Name of your application
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: appname # Name of your application
|
||||
replicas: 1 # Number of replicas
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: appname # Name of your application
|
||||
spec:
|
||||
containers:
|
||||
# Containers are the individual pieces of your application that you want
|
||||
# to run.
|
||||
- name: helloworld # Name of the container
|
||||
image: helloworld:latest # The image you want to run
|
||||
# resources:
|
||||
# limits:
|
||||
# memory: 512Mi
|
||||
# cpu: "1"
|
||||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: "0.2"
|
||||
ports:
|
||||
# Ports are the ports that your application uses.
|
||||
- containerPort: 8080 # The port that your application uses
|
||||
volumeMounts:
|
||||
# VolumeMounts are the volumes that your application uses.
|
||||
- mountPath: /var/www/html # The path that your application uses
|
||||
name: vol0 # Name of the volume
|
||||
volumes:
|
||||
# Volumes are the persistent storage that your application uses.
|
||||
- name: vol0 # Name of the volume
|
||||
persistentVolumeClaim:
|
||||
claimName: pvc0 # Name of the persistent volume claim
|
@ -1,18 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: ingress # Name of the ingress object
|
||||
namespace: namespace # Name of the namespace
|
||||
spec:
|
||||
rules:
|
||||
- host: "your-hostname.com" # Your hostname
|
||||
http:
|
||||
paths:
|
||||
# Path-based routing settings:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: your-service-name # The name of the service
|
||||
port:
|
||||
number: 80 # Service Portnumber
|
@ -1,4 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: your-namespace
|
@ -1,29 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: pvc0
|
||||
namespace: namespace
|
||||
labels:
|
||||
app: namespace
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 20Gi
|
||||
# ---
|
||||
# Digital Ocean
|
||||
# storageClassName: do-block-storage
|
||||
# ---
|
||||
# AWS
|
||||
# storageClassName: aws-ebs
|
||||
# ---
|
||||
# Azure
|
||||
# storageClassName: azure-disk
|
||||
# ---
|
||||
# GCE PD
|
||||
# storageClassName: gce-pd
|
||||
# ---
|
||||
# CIVO
|
||||
# storageClassName: civo-volume
|
||||
# ---
|
@ -1,11 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: civo
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: civo-volume
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
@ -1,27 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: civo-web
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: civo-web
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: civo-web
|
||||
spec:
|
||||
containers:
|
||||
- name: civo-web
|
||||
image: nginx
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 80
|
||||
volumeMounts:
|
||||
- name: civo
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumes:
|
||||
- name: civo
|
||||
persistentVolumeClaim:
|
||||
claimName: civo
|
@ -1,27 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: local-web
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: local-web
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: local-web
|
||||
spec:
|
||||
containers:
|
||||
- name: local-web
|
||||
image: nginx
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 80
|
||||
volumeMounts:
|
||||
- name: local
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumes:
|
||||
- name: local
|
||||
hostPath:
|
||||
path: /var/nginxserver
|
@ -1,13 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: nfs
|
||||
spec:
|
||||
capacity:
|
||||
storage: 500Mi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: nfs
|
||||
nfs:
|
||||
server: 192.168.1.7
|
||||
path: "/srv/nfs"
|
@ -1,11 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nfs
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: nfs
|
||||
resources:
|
||||
requests:
|
||||
storage: 100Mi
|
@ -1,27 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: nfs-web
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nfs-web
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nfs-web
|
||||
spec:
|
||||
containers:
|
||||
- name: nfs-web
|
||||
image: nginx
|
||||
ports:
|
||||
- name: web
|
||||
containerPort: 80
|
||||
volumeMounts:
|
||||
- name: nfs
|
||||
mountPath: /usr/share/nginx/html
|
||||
volumes:
|
||||
- name: nfs
|
||||
persistentVolumeClaim:
|
||||
claimName: nfs
|
@ -1,32 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: servicename
|
||||
namespace: namespace
|
||||
spec:
|
||||
selector:
|
||||
app: appname
|
||||
# ---
|
||||
# type: ClusterIP
|
||||
# ClusterIP means this service can be accessed by any pod in the cluster
|
||||
# ports:
|
||||
# - name: http
|
||||
# port: 8080
|
||||
# targetPort: 80
|
||||
# protocol: TCP # optional protocol
|
||||
# ---
|
||||
# type: NodePort
|
||||
# NodePort means this service is only accessible by pods in the same namespace
|
||||
# ports:
|
||||
# - name: http
|
||||
# port: 80
|
||||
# nodePort: 30001
|
||||
# protocol: TCP # optional protocol
|
||||
# ---
|
||||
# type: LoadBalancer
|
||||
# LoadBalancer means this service is load-balanced across all nodes in the cluster
|
||||
# ports:
|
||||
# - name: http
|
||||
# port: 80
|
||||
# targetPort: 30001
|
||||
# protocol: TCP # optional protocol
|
@ -1,5 +0,0 @@
|
||||
# Kubernetes Traefik Helm Deployment
|
||||
|
||||
This Deployment uses the official Helm Chart from [traefik](https://github.com/traefik/traefik-helm-chart) repository.
|
||||
|
||||
These are templates to modify the deployment.
|
19
kubernetes/traefik/ingressroute.yaml.example
Normal file
19
kubernetes/traefik/ingressroute.yaml.example
Normal file
@ -0,0 +1,19 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: your-ingressroute # <-- Replace with your IngressRoute name
|
||||
namespace: your-namespace # <-- Replace with your namespace
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`your-fqdn`) # <-- Replace with your FQDN
|
||||
kind: Rule
|
||||
services:
|
||||
- name: your-service # <-- Replace with your service name
|
||||
port: 80
|
||||
# --> (Optional) Add certificate secret
|
||||
# tls:
|
||||
# secretName: your-certificate-secret
|
||||
# <--
|
19
kubernetes/traefik/ingressroutetcp.yaml.example
Normal file
19
kubernetes/traefik/ingressroutetcp.yaml.example
Normal file
@ -0,0 +1,19 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name
|
||||
namespace: your-namespace # <-- Replace with your namespace
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
- websecure
|
||||
routes:
|
||||
- match: HostSNI(`your-sni`) # <-- Replace with your SNI
|
||||
priority: 10 # <-- (Optional) change rule priority
|
||||
services:
|
||||
- name: your-service # <-- Replace with your service name
|
||||
port: 80
|
||||
# --> (Optional) Enable TLS Passthrough
|
||||
# tls:
|
||||
# passthrough: true
|
||||
# <--
|
@ -1,35 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: wp-clcreative
|
||||
namespace: wp-clcreative
|
||||
annotations:
|
||||
# (Optional): Annotations for the Ingress Controller
|
||||
# -- ingress class is needed when traefik is not the default
|
||||
# kubernetes.io/ingress.class: traefik
|
||||
# ---
|
||||
# -- entrypoint and tls configurations
|
||||
# traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
|
||||
# traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
# ---
|
||||
# -- optional middlewares
|
||||
# traefik.ingress.kubernetes.io/router.middlewares:your-middleware@kubernetescrd
|
||||
# ---
|
||||
spec:
|
||||
rules:
|
||||
- host: "your-hostname"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: your-service-name
|
||||
port:
|
||||
number: 80
|
||||
# (Optional) TLS settings
|
||||
# tls:
|
||||
# - hosts:
|
||||
# - your-hostname.com # Your hostname
|
||||
# secretName: your-secret # Your TLS Secret
|
||||
# ---
|
@ -1,21 +0,0 @@
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRouteTCP
|
||||
metadata:
|
||||
name: ingressroutetcp
|
||||
# (Optional) Namespace
|
||||
# namespace: your-namespace
|
||||
# ---
|
||||
spec:
|
||||
entryPoints:
|
||||
- web
|
||||
- websecure
|
||||
routes:
|
||||
- match: HostSNI(`your-hostname-sni`)
|
||||
priority: 10
|
||||
services:
|
||||
- name: your-service
|
||||
port: 80
|
||||
# (Optional) TLS Passthrough
|
||||
# tls:
|
||||
# passthrough: true
|
||||
# ---
|
@ -1,97 +0,0 @@
|
||||
additionalArguments:
|
||||
# Configure your CertificateResolver here...
|
||||
#
|
||||
# HTTP Challenge
|
||||
# ---
|
||||
# Generic Example:
|
||||
# - --certificatesresolvers.generic.acme.email=your-email@example.com
|
||||
# - --certificatesresolvers.generic.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
|
||||
# - --certificatesresolvers.generic.acme.httpChallenge.entryPoint=web
|
||||
# - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json
|
||||
#
|
||||
# Prod / Staging Example:
|
||||
# - --certificatesresolvers.staging.acme.email=your-email@example.com
|
||||
# - --certificatesresolvers.staging.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
# - --certificatesresolvers.staging.acme.httpChallenge.entryPoint=web
|
||||
# - --certificatesresolvers.staging.acme.storage=/ssl-certs/acme-staging.json
|
||||
# - --certificatesresolvers.production.acme.email=your-email@example.com
|
||||
# - --certificatesresolvers.production.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
|
||||
# - --certificatesresolvers.production.acme.httpChallenge.entryPoint=web
|
||||
# - --certificatesresolvers.production.acme.storage=/ssl-certs/acme-production.json
|
||||
#
|
||||
# DNS Challenge
|
||||
# ---
|
||||
# Cloudflare Example:
|
||||
# - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
|
||||
# - --certificatesresolvers.cloudflare.acme.email=your-email@example.com
|
||||
# - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1
|
||||
# - --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json
|
||||
#
|
||||
# Generic (replace with your DNS provider):
|
||||
# - --certificatesresolvers.generic.acme.dnschallenge.provider=generic
|
||||
# - --certificatesresolvers.generic.acme.email=your-email@example.com
|
||||
# - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json
|
||||
|
||||
logs:
|
||||
# Configure log settings here...
|
||||
general:
|
||||
level: ERROR
|
||||
|
||||
ports:
|
||||
# Configure your entrypoints here...
|
||||
web:
|
||||
# (optional) Permanent Redirect to HTTPS
|
||||
# redirectTo:
|
||||
# port: websecure
|
||||
websecure:
|
||||
tls:
|
||||
enabled: true
|
||||
# (optional) Set a Default CertResolver
|
||||
# certResolver: cloudflare
|
||||
|
||||
|
||||
env:
|
||||
# Set your environment variables here...
|
||||
#
|
||||
# DNS Challenge Credentials
|
||||
# ---
|
||||
# Cloudflare Example:
|
||||
# - name: CF_API_EMAIL
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# key: email
|
||||
# name: cloudflare-credentials
|
||||
# - name: CF_API_KEY
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# key: apiKey
|
||||
# name: cloudflare-credentials
|
||||
|
||||
# Disable Dashboard
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: false
|
||||
|
||||
# Persistent Storage
|
||||
persistence:
|
||||
enabled: true
|
||||
name: ssl-certs
|
||||
size: 1Gi
|
||||
path: /ssl-certs
|
||||
|
||||
deployment:
|
||||
initContainers:
|
||||
# The "volume-permissions" init container is required if you run into permission issues.
|
||||
# Related issue: https://github.com/containous/traefik/issues/6972
|
||||
- name: volume-permissions
|
||||
image: busybox:1.37.0
|
||||
command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"]
|
||||
volumeMounts:
|
||||
- name: ssl-certs
|
||||
mountPath: /ssl-certs
|
||||
|
||||
# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
|
||||
ingressClass:
|
||||
enabled: true
|
||||
isDefaultClass: true
|
||||
|
@ -110,6 +110,29 @@
|
||||
"allowedVersions": "!/^v?2\\.19\\.10$/"
|
||||
}
|
||||
],
|
||||
"customManagers": [
|
||||
{
|
||||
"customType": "regex",
|
||||
"description": "Update Longhorn images in Helm",
|
||||
"fileMatch": ["(^|/)helm/longhorn/.+\\.yaml$"],
|
||||
"matchStrings": [
|
||||
"engine:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"manager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"ui:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"instanceManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"shareManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"backingImageManager:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"supportBundleKit:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"attacher:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"provisioner:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"nodeDriverRegistrar:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"resizer:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"snapshotter:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?",
|
||||
"livenessProbe:\\s*repository:\\s*\"?(?<depName>[^\"]+)\"?\\s*tag:\\s*\"?(?<currentValue>[^\"]+)\"?"
|
||||
],
|
||||
"datasourceTemplate": "docker"
|
||||
}
|
||||
],
|
||||
"separateMinorPatch": true,
|
||||
"stopUpdatingLabel": "renovate/stop_updating"
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user