mirror of
https://github.com/amidaware/trmm-awesome.git
synced 2024-12-11 17:00:49 +01:00
Merge pull request #1 from lcsnetworks/tactical-k8s
Add Kubernetes manifests for TRMM
This commit is contained in:
commit
b5f906830b
21
kubernetes/README.md
Normal file
21
kubernetes/README.md
Normal file
@ -0,0 +1,21 @@
|
||||
# TacticalRMM Kubernetes manifests
|
||||
**Author:** [Joel DeTeves](https://github.com/joeldeteves)
|
||||
|
||||
**Desription:** TacticalRMM Kubernetes manifests tested & working on Digital Ocean managed Kubernetes (DOKS).
|
||||
|
||||
**Disclaimer:** _These manifests rely on an experimental developer images and as such are NOT SUPPORTED, at least until the required changes are merged into the main image. I have done my best to make them as secure as possible them however I am NOT responsible for anything that happens to you or your data as a result of using these files. Please do your due dilligence security-wise and open a Github issue if you wish to report a problem. USE AT YOUR OWN RISK. By using these files you agree that you are the sole entity responsible for any damages that may arise as a result._
|
||||
|
||||
# Pre-requisites
|
||||
- A working Kubernetes cluster
|
||||
- Kubernetes [NFS provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner) or another storage provisioner that supports ```ReadWriteMany```
|
||||
- [cert-manager](https://github.com/jetstack/cert-manager) or a Lets Encrypt cert issuer of your choice. Alternatively, you can mount your own certs as secret volumes into the pods
|
||||
|
||||
# Deploying the files
|
||||
1. ```kubectl apply -f namespace.yaml```
|
||||
2. ```kubectl apply -f .```
|
||||
3. ```kubectl apply -f deployment/ -R```
|
||||
|
||||
# Questions / Concerns
|
||||
Please open an issue in Github or you can also check in the [Tactical RMM Discord Channel](https://discord.gg/upGTkWp).
|
||||
|
||||
**Note: I am not affiliated with TRMM or AmidaWare; I am a community contributor. Please direct TRMM-related issues to the appropriate channels.**
|
15
kubernetes/certs.yaml
Normal file
15
kubernetes/certs.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: rmm-mydomain-com
|
||||
namespace: tacticalrmm
|
||||
spec:
|
||||
secretName: rmm-mydomain-com-tls
|
||||
commonName: rmm.mydomain.com
|
||||
dnsNames:
|
||||
- rmm.mydomain.com
|
||||
- api.rmm.mydomain.com
|
||||
- mesh.rmm.mydomain.com
|
||||
issuerRef:
|
||||
name: letsencrypt
|
||||
kind: ClusterIssuer
|
66
kubernetes/deployment/tactical-backend.yaml
Normal file
66
kubernetes/deployment/tactical-backend.yaml
Normal file
@ -0,0 +1,66 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-backend
|
||||
name: tactical-backend
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
service: tactical-backend
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
network/api-db: "true"
|
||||
network/redis: "true"
|
||||
network/proxy: "true"
|
||||
service: tactical-backend
|
||||
spec:
|
||||
containers:
|
||||
- name: trmm-backend
|
||||
image: tacticalrmm/tactical:0.10.5-dev
|
||||
args:
|
||||
- tactical-backend
|
||||
resources: {}
|
||||
env:
|
||||
- name: CERT_PUB_PATH
|
||||
value: /etc/ssl/certs/custom/tls.crt
|
||||
- name: CERT_PRIV_PATH
|
||||
value: /etc/ssl/certs/custom/tls.key
|
||||
volumeMounts:
|
||||
- mountPath: /opt/tactical
|
||||
name: tactical-data
|
||||
- mountPath: /etc/ssl/certs/custom
|
||||
name: tactical-certs
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: tactical-data
|
||||
persistentVolumeClaim:
|
||||
claimName: tactical-data
|
||||
- name: tactical-certs
|
||||
secret:
|
||||
secretName: rmm-mydomain-com-tls
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-backend
|
||||
name: tactical-backend
|
||||
spec:
|
||||
ports:
|
||||
- name: "http"
|
||||
port: 80
|
||||
targetPort: 80
|
||||
- name: "https"
|
||||
port: 443
|
||||
targetPort: 443
|
||||
selector:
|
||||
service: tactical-backend
|
81
kubernetes/deployment/tactical-celery.yaml
Normal file
81
kubernetes/deployment/tactical-celery.yaml
Normal file
@ -0,0 +1,81 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-celery
|
||||
name: tactical-celery
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
service: tactical-celery
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
network/api-db: "true"
|
||||
network/redis: "true"
|
||||
service: tactical-celery
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
containers:
|
||||
- name: trmm-celery
|
||||
image: tacticalrmm/tactical:0.10.5-dev
|
||||
args:
|
||||
- tactical-celery
|
||||
resources: {}
|
||||
env:
|
||||
- name: CERT_PUB_PATH
|
||||
value: /etc/ssl/certs/custom/tls.crt
|
||||
- name: CERT_PRIV_PATH
|
||||
value: /etc/ssl/certs/custom/tls.key
|
||||
volumeMounts:
|
||||
- mountPath: /opt/tactical
|
||||
name: tactical-data
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: tactical-data
|
||||
persistentVolumeClaim:
|
||||
claimName: tactical-data
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-celerybeat
|
||||
name: tactical-celerybeat
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
service: tactical-celerybeat
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
network/api-db: "true"
|
||||
network/redis: "true"
|
||||
service: tactical-celerybeat
|
||||
spec:
|
||||
containers:
|
||||
- name: trmm-celerybeat
|
||||
image: tacticalrmm/tactical:latest
|
||||
args:
|
||||
- tactical-celerybeat
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /opt/tactical
|
||||
name: tactical-data
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: tactical-data
|
||||
persistentVolumeClaim:
|
||||
claimName: tactical-data
|
46
kubernetes/deployment/tactical-frontend.yaml
Normal file
46
kubernetes/deployment/tactical-frontend.yaml
Normal file
@ -0,0 +1,46 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-frontend
|
||||
name: tactical-frontend
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
service: tactical-frontend
|
||||
strategy: {}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
service: tactical-frontend
|
||||
spec:
|
||||
containers:
|
||||
- name: trmm-frontend
|
||||
image: tacticalrmm/tactical-frontend:latest
|
||||
resources: {}
|
||||
env:
|
||||
- name: API_HOST
|
||||
value: api.rmm.mydomain.com
|
||||
restartPolicy: Always
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-frontend
|
||||
name: tactical-frontend
|
||||
spec:
|
||||
ports:
|
||||
- name: "http"
|
||||
port: 80
|
||||
targetPort: 80
|
||||
- name: "https"
|
||||
port: 443
|
||||
targetPort: 443
|
||||
selector:
|
||||
service: tactical-frontend
|
64
kubernetes/deployment/tactical-init-pod.yaml
Normal file
64
kubernetes/deployment/tactical-init-pod.yaml
Normal file
@ -0,0 +1,64 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
network/api-db: "true"
|
||||
network/proxy: "true"
|
||||
service: tactical-init
|
||||
name: tactical-init
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- tactical-init
|
||||
image: tacticalrmm/tactical:0.10.5-dev
|
||||
name: trmm-init
|
||||
env:
|
||||
- name: API_HOST
|
||||
value: api.rmm.mydomain.com
|
||||
- name: APP_HOST
|
||||
value: rmm.mydomain.com
|
||||
- name: MESH_HOST
|
||||
value: mesh.rmm.mydomain.com
|
||||
- name: MESH_WS_URL
|
||||
value: ws://tactical-meshcentral:443
|
||||
- name: MESH_USER
|
||||
value: meshuser
|
||||
- name: POSTGRES_HOST
|
||||
value: 10.137.88.210
|
||||
- name: POSTGRES_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tactical-secrets
|
||||
key: postgres-password
|
||||
- name: POSTGRES_USER
|
||||
value: tacticalrmm
|
||||
- name: POSTGRES_DB
|
||||
value: tacticalrmm
|
||||
- name: TRMM_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tactical-secrets
|
||||
key: trmm-password
|
||||
- name: TRMM_USER
|
||||
value: tacticalrmm
|
||||
- name: CERT_PUB_PATH
|
||||
value: /etc/ssl/certs/custom/tls.crt
|
||||
- name: CERT_PRIV_PATH
|
||||
value: /etc/ssl/certs/custom/tls.key
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /opt/tactical
|
||||
name: tactical-data
|
||||
- mountPath: /etc/ssl/certs/custom
|
||||
name: tactical-certs
|
||||
restartPolicy: OnFailure
|
||||
volumes:
|
||||
- name: tactical-data
|
||||
persistentVolumeClaim:
|
||||
claimName: tactical-data
|
||||
- name: tactical-certs
|
||||
secret:
|
||||
secretName: rmm-mydomain-com-tls
|
||||
status: {}
|
81
kubernetes/deployment/tactical-meshcentral.yaml
Normal file
81
kubernetes/deployment/tactical-meshcentral.yaml
Normal file
@ -0,0 +1,81 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-meshcentral
|
||||
name: tactical-meshcentral
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
service: tactical-meshcentral
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
network/mesh-db: "true"
|
||||
network/proxy: "true"
|
||||
service: tactical-meshcentral
|
||||
spec:
|
||||
containers:
|
||||
- name: trmm-meshcentral
|
||||
image: tacticalrmm/tactical-meshcentral:0.10.5-dev
|
||||
resources: {}
|
||||
env:
|
||||
- name: MESH_HOST
|
||||
value: mesh.rmm.mydomain.com
|
||||
- name: MESH_USER
|
||||
value: meshuser
|
||||
- name: MESH_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tactical-secrets
|
||||
key: mesh-password
|
||||
- name: MESH_PERSISTENT_CONFIG
|
||||
value: "0"
|
||||
- name: MONGODB_USER
|
||||
value: mongodbuser
|
||||
- name: MONGODB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tactical-secrets
|
||||
key: mongodb-password
|
||||
- name: NGINX_HOST_IP # Point to NGINX service
|
||||
value: tactical-nlb
|
||||
- name: WS_MASK_OVERRIDE # Enable for Traefik compatibility
|
||||
value: "0"
|
||||
volumeMounts:
|
||||
- mountPath: /opt/tactical
|
||||
name: tactical-data
|
||||
- mountPath: /home/node/app/meshcentral-data
|
||||
name: mesh-data
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: tactical-data
|
||||
persistentVolumeClaim:
|
||||
claimName: tactical-data
|
||||
- name: mesh-data
|
||||
persistentVolumeClaim:
|
||||
claimName: mesh-data
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-meshcentral
|
||||
name: tactical-meshcentral
|
||||
spec:
|
||||
ports:
|
||||
- name: "http"
|
||||
port: 80
|
||||
targetPort: 80
|
||||
- name: "https"
|
||||
port: 443
|
||||
targetPort: 443
|
||||
selector:
|
||||
service: tactical-meshcentral
|
62
kubernetes/deployment/tactical-mongodb.yaml
Normal file
62
kubernetes/deployment/tactical-mongodb.yaml
Normal file
@ -0,0 +1,62 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-mongodb
|
||||
name: tactical-mongodb
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
service: tactical-mongodb
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
network/mesh-db: "true"
|
||||
service: tactical-mongodb
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 2000
|
||||
fsGroup: 2000
|
||||
containers:
|
||||
- name: trmm-mongodb
|
||||
image: mongo:4.4
|
||||
resources: {}
|
||||
env:
|
||||
- name: MONGO_INITDB_DATABASE
|
||||
value: meshcentral
|
||||
- name: MONGO_INITDB_ROOT_USERNAME
|
||||
value: mongodbuser
|
||||
- name: MONGO_INITDB_ROOT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: tactical-secrets
|
||||
key: mongodb-password
|
||||
volumeMounts:
|
||||
- mountPath: /data/db
|
||||
name: mongo-data
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: mongo-data
|
||||
persistentVolumeClaim:
|
||||
claimName: mongo-data
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-mongodb
|
||||
name: tactical-mongodb
|
||||
spec:
|
||||
ports:
|
||||
- name: "27017"
|
||||
port: 27017
|
||||
targetPort: 27017
|
||||
selector:
|
||||
service: tactical-mongodb
|
56
kubernetes/deployment/tactical-redis.yaml
Normal file
56
kubernetes/deployment/tactical-redis.yaml
Normal file
@ -0,0 +1,56 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-redis
|
||||
name: tactical-redis
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
service: tactical-redis
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
network/redis: "true"
|
||||
service: tactical-redis
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
containers:
|
||||
- name: trmm-redis
|
||||
image: redis:6.0-alpine
|
||||
args:
|
||||
- redis-server
|
||||
- --appendonly
|
||||
- "yes"
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: redis-data
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: redis-data
|
||||
persistentVolumeClaim:
|
||||
claimName: redis-data
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-redis
|
||||
name: tactical-redis
|
||||
spec:
|
||||
ports:
|
||||
- name: "6379"
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
selector:
|
||||
service: tactical-redis
|
16
kubernetes/deployment/tactical-secrets.yaml
Normal file
16
kubernetes/deployment/tactical-secrets.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
# CAUTION: THIS FILE IS FOR DEMONSTRATION PURPOSES ONLY
|
||||
# DO NOT UPLOAD SECRETS TO YOUR GIT REPOSITORY !!!!
|
||||
# Secrets must be encoded using base64 (ensure there is no newline at the end of the file):
|
||||
# echo -n 'mysupersecretpassword' | base64 -w0
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: tactical-secrets
|
||||
namespace: tacticalrmm
|
||||
data:
|
||||
# Default password: changeme
|
||||
trmm-password: Y2hhbmdlbWU=
|
||||
mesh-password: Y2hhbmdlbWU=
|
||||
mongodb-password: Y2hhbmdlbWU=
|
||||
postgres-password: Y2hhbmdlbWU=
|
76
kubernetes/deployment/tactical-web.yaml
Normal file
76
kubernetes/deployment/tactical-web.yaml
Normal file
@ -0,0 +1,76 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-nlb
|
||||
name: tactical-web
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
service: tactical-nlb
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
network/proxy: "true"
|
||||
service: tactical-nlb
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: tacticalrmm/tactical-nginx:0.10.5-dev
|
||||
resources: {}
|
||||
env:
|
||||
- name: API_HOST
|
||||
value: api.rmm.mydomain.com
|
||||
- name: APP_HOST
|
||||
value: rmm.mydomain.com
|
||||
- name: MESH_HOST
|
||||
value: mesh.rmm.mydomain.com
|
||||
- name: NGINX_RESOLVER
|
||||
value: kube-dns.kube-system.svc.cluster.local
|
||||
- name: BACKEND_SERVICE
|
||||
value: tactical-backend.tacticalrmm.svc.cluster.local
|
||||
- name: FRONTEND_SERVICE
|
||||
value: tactical-frontend.tacticalrmm.svc.cluster.local
|
||||
- name: MESH_SERVICE
|
||||
value: tactical-meshcentral.tacticalrmm.svc.cluster.local
|
||||
- name: WEBSOCKETS_SERVICE
|
||||
value: tactical-websockets.tacticalrmm.svc.cluster.local
|
||||
- name: CERT_PUB_PATH
|
||||
value: /etc/ssl/certs/custom/tls.crt
|
||||
- name: CERT_PRIV_PATH
|
||||
value: /etc/ssl/certs/custom/tls.key
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- containerPort: 443
|
||||
volumeMounts:
|
||||
- mountPath: /opt/tactical
|
||||
name: tactical-data
|
||||
- mountPath: /etc/ssl/certs/custom
|
||||
name: tactical-certs
|
||||
- name: trmm-nats
|
||||
image: tacticalrmm/tactical-nats:latest
|
||||
resources: {}
|
||||
env:
|
||||
- name: API_HOST
|
||||
value: api.rmm.mydomain.com
|
||||
ports:
|
||||
- containerPort: 4222
|
||||
volumeMounts:
|
||||
- mountPath: /opt/tactical
|
||||
name: tactical-data
|
||||
- mountPath: /etc/ssl/certs/custom
|
||||
name: tactical-certs
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: tactical-data
|
||||
persistentVolumeClaim:
|
||||
claimName: tactical-data
|
||||
- name: tactical-certs
|
||||
secret:
|
||||
secretName: rmm-mydomain-com-tls
|
||||
status: {}
|
62
kubernetes/deployment/tactical-websockets.yaml
Normal file
62
kubernetes/deployment/tactical-websockets.yaml
Normal file
@ -0,0 +1,62 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-websockets
|
||||
name: tactical-websockets
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
service: tactical-websockets
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
network/api-db: "true"
|
||||
network/redis: "true"
|
||||
network/proxy: "true"
|
||||
service: tactical-websockets
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
containers:
|
||||
- name: trmm-websockets
|
||||
image: tacticalrmm/tactical:latest
|
||||
args:
|
||||
- tactical-websockets
|
||||
resources: {}
|
||||
volumeMounts:
|
||||
- mountPath: /opt/tactical
|
||||
name: tactical-data
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: tactical-data
|
||||
persistentVolumeClaim:
|
||||
claimName: tactical-data
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-websockets
|
||||
name: tactical-websockets
|
||||
spec:
|
||||
ports:
|
||||
- name: "http"
|
||||
port: 80
|
||||
targetPort: 80
|
||||
- name: "https"
|
||||
port: 443
|
||||
targetPort: 443
|
||||
- name: "8383"
|
||||
port: 8383
|
||||
targetPort: 8383
|
||||
selector:
|
||||
service: tactical-websockets
|
7
kubernetes/namespace.yaml
Normal file
7
kubernetes/namespace.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
61
kubernetes/network-policy.yaml
Normal file
61
kubernetes/network-policy.yaml
Normal file
@ -0,0 +1,61 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: proxy
|
||||
spec:
|
||||
ingress:
|
||||
- {}
|
||||
podSelector:
|
||||
matchLabels:
|
||||
network/proxy: "true"
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: api-db
|
||||
namespace: tacticalrmm
|
||||
spec:
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
network/api-db: "true"
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
network/proxy: "true"
|
||||
podSelector:
|
||||
matchLabels:
|
||||
network/api-db: "true"
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: mesh-db
|
||||
namespace: tacticalrmm
|
||||
spec:
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
network/mesh-db: "true"
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
network/proxy: "true"
|
||||
podSelector:
|
||||
matchLabels:
|
||||
network/mesh-db: "true"
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: redis
|
||||
namespace: tacticalrmm
|
||||
spec:
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector:
|
||||
matchLabels:
|
||||
network/redis: "true"
|
||||
podSelector:
|
||||
matchLabels:
|
||||
network/redis: "true"
|
20
kubernetes/nlb.yaml
Normal file
20
kubernetes/nlb.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-nlb
|
||||
name: tactical-nlb
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
externalTrafficPolicy: Local
|
||||
ports:
|
||||
- name: "http"
|
||||
port: 80
|
||||
- name: "https"
|
||||
port: 443
|
||||
- name: "nats"
|
||||
port: 4222
|
||||
selector:
|
||||
service: tactical-nlb
|
69
kubernetes/pvc.yaml
Normal file
69
kubernetes/pvc.yaml
Normal file
@ -0,0 +1,69 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: tactical-data
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: tactical-data
|
||||
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
storageClassName: nfs-client
|
||||
resources:
|
||||
requests:
|
||||
storage: 200Mi
|
||||
status: {}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: mesh-data
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: mesh-data
|
||||
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
status: {}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: mongo-data
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: mongo-data
|
||||
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
status: {}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: redis-data
|
||||
namespace: tacticalrmm
|
||||
labels:
|
||||
app: tacticalrmm
|
||||
service: redis-data
|
||||
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
status: {}
|
Loading…
Reference in New Issue
Block a user