added hack for acmetool handling

6 files changed, 171 insertions, 0 deletions

diff --git a/contrib/k8s-emc/acme-hack/do.sh b/contrib/k8s-emc/acme-hack/do.sh
new file mode 100755
index 0000000..70750e6
--- /dev/null
+++ b/contrib/k8s-emc/acme-hack/do.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+		echo "usage: $0 (create|replace)"
+		exit 1
+fi
+
+kubectl "$1" -f nginx-acme-cm.yml
+for node in emc-00 emc-01 emc-02 emc-03 emc-04 helene; do
+		cat nginx-acme-deploy.yml | sed "s/<<node>>/$node/g" | kubectl "$1" -f -
+    cat nginx-acme-svc.yml | sed "s/<<node>>/$node/g" | kubectl "$1" -f -
+    cat nginx-acme-ingress.yml | sed "s/<<name>>/$node/g" | sed "s/<<node>>/$node/g" | sed "s/<<hostname>>/$node.spreadspace.org/g" | kubectl "$1" -f -
+done
+
+cat nginx-acme-ingress.yml | sed "s/<<name>>/elevate-live/g" | sed "s/<<node>>/emc-00/g" | sed "s/<<hostname>>/elevate-live.spreadspace.org/g" | kubectl "$1" -f -
+cat nginx-acme-ingress.yml | sed "s/<<name>>/elevate-stats/g" | sed "s/<<node>>/emc-00/g" | sed "s/<<hostname>>/elevate-stats.spreadspace.org/g" | kubectl "$1" -f -
+cat nginx-acme-ingress.yml | sed "s/<<name>>/elevate-stream/g" | sed "s/<<node>>/emc-00/g" | sed "s/<<hostname>>/stream.elevate.at/g" | kubectl "$1" -f -
+
+cat nginx-acme-ingress.yml | sed "s/<<name>>/elevate-feed/g" | sed "s/<<node>>/helene/g" | sed "s/<<hostname>>/elevate-feed.spreadspace.org/g" | kubectl "$1" -f -
diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-cm.yml b/contrib/k8s-emc/acme-hack/nginx-acme-cm.yml
new file mode 100644
index 0000000..9050c04
--- /dev/null
+++ b/contrib/k8s-emc/acme-hack/nginx-acme-cm.yml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: emc
+  name: nginx-acme-hack
+  labels:
+    app: nginx
+    type: acme-challenge
+    tier: hack
+data:
+  nginx.conf: |
+    worker_processes 1;
+    pid /srv/nginx.pid;
+    error_log /dev/stderr notice;
+
+    events {
+      worker_connections 64;
+      # multi_accept on;
+    }
+
+    http {
+      sendfile on;
+      tcp_nopush on;
+      tcp_nodelay on;
+      keepalive_timeout 65;
+      types_hash_max_size 2048;
+
+      server_names_hash_bucket_size 64;
+
+      include /etc/nginx/mime.types;
+      default_type application/octet-stream;
+
+      access_log /dev/null;
+
+      server {
+        listen 8080 default_server;
+        server_name _;
+
+        root /srv/www;
+      }
+    }
diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml b/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml
new file mode 100644
index 0000000..7800b32
--- /dev/null
+++ b/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml
@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: emc
+  name: nginx-acme-hack-<<node>>
+  labels:
+    app: nginx
+    type: acme-challenge
+    tier: hack
+    worker: <<node>>
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+      type: acme-challenge
+      tier: hack
+      worker: <<node>>
+  strategy:
+    type: Recreate
+  revisionHistoryLimit: 5
+  template:
+    metadata:
+      labels:
+        app: nginx
+        type: acme-challenge
+        tier: hack
+        worker: <<node>>
+    spec:
+      nodeName: <<node>>
+      securityContext:
+        runAsUser: 998
+        fsGroup: 998
+      containers:
+      - name: nginx
+        image: spreadspace/nginx:4
+        imagePullPolicy: Always
+        args:
+        - nginx
+        - -c
+        - /srv/config/nginx.conf
+        - -g
+        - "daemon off;"
+        volumeMounts:
+        - name: home
+          mountPath: /srv
+        - name: nginx-lib
+          mountPath: /var/lib/nginx
+        - name: nginx-config
+          mountPath: /srv/config
+        - name: acme-challenge
+          mountPath: /srv/www/.well-known/acme-challenge
+      volumes:
+      - name: home
+        emptyDir:
+          medium: Memory
+      - name: nginx-lib
+        emptyDir:
+          medium: Memory
+      - name: nginx-config
+        configMap:
+          name: nginx-acme-hack
+      - name: acme-challenge
+        hostPath:
+          type: DirectoryOrCreate
+          path: /var/run/acme/acme-challenge/
diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml b/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml
new file mode 100644
index 0000000..4e47cf2
--- /dev/null
+++ b/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml
@@ -0,0 +1,19 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  namespace: emc
+  name: nginx-acme-hack-<<name>>
+  labels:
+    app: nginx
+    type: acme-challenge
+    tier: hack
+spec:
+  rules:
+  - host: <<hostname>>
+    http:
+      paths:
+      - path: /.well-known/acme-challenge/
+        backend:
+          serviceName: nginx-acme-hack-<<node>>
+          servicePort: 8080
diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml b/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml
new file mode 100644
index 0000000..318d1ca
--- /dev/null
+++ b/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: emc
+  name: nginx-acme-hack-<<node>>
+  labels:
+    app: nginx
+    type: acme-challenge
+    tier: hack
+    worker: <<node>>
+spec:
+  selector:
+    app: nginx
+    type: acme-challenge
+    tier: hack
+    worker: <<node>>
+  clusterIP: None
+  ports:
+  - name: http
+    port: 8080
diff --git a/contrib/k8s-emc/acme-hack/wipe.sh b/contrib/k8s-emc/acme-hack/wipe.sh
new file mode 100755
index 0000000..6834aa6
--- /dev/null
+++ b/contrib/k8s-emc/acme-hack/wipe.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+kubectl --namespace emc delete ingress -l tier=hack -l type=acme-challenge
+kubectl --namespace emc delete svc -l tier=hack -l type=acme-challenge
+kubectl --namespace emc delete deploy -l tier=hack -l type=acme-challenge
+kubectl --namespace emc delete cm -l tier=hack -l type=acme-challenge