diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2018-02-25 03:42:41 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2018-02-25 03:42:41 +0100 |
| commit | 7af215c3cb888419aea56d5c509fed5c002550c5 (patch) | |
| tree | 237ac163254386e15f55079c0ed1c253093a8cd1 | |
| parent | ommit hls base url since this would break the onion-service (diff) | |
added nginx ingress controller
| -rw-r--r-- | contrib/k8s-emc/ingress-cm.yml | 8 | ||||
| -rw-r--r-- | contrib/k8s-emc/ingress-default-backend.yml | 57 | ||||
| -rw-r--r-- | contrib/k8s-emc/ingress-ds.yml | 70 | ||||
| -rw-r--r-- | contrib/k8s-emc/ingress-rbac.yml | 133 | ||||
| -rw-r--r-- | contrib/k8s-emc/ingress-tcp-cm.yml | 8 | ||||
| -rw-r--r-- | contrib/k8s-emc/ingress-udp-cm.yml | 8 | ||||
| -rw-r--r-- | contrib/k8s-emc/kibana-deploy.yml | 2 | ||||
| -rw-r--r-- | contrib/k8s-emc/kibana-ingress.yml | 16 |
8 files changed, 302 insertions, 0 deletions
diff --git a/contrib/k8s-emc/ingress-cm.yml b/contrib/k8s-emc/ingress-cm.yml new file mode 100644 index 0000000..e88d22c --- /dev/null +++ b/contrib/k8s-emc/ingress-cm.yml @@ -0,0 +1,8 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + namespace: emc + name: ingress-nginx-config + labels: + app: nginx + tier: ingress diff --git a/contrib/k8s-emc/ingress-default-backend.yml b/contrib/k8s-emc/ingress-default-backend.yml new file mode 100644 index 0000000..b914748 --- /dev/null +++ b/contrib/k8s-emc/ingress-default-backend.yml @@ -0,0 +1,57 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: emc + name: ingress-default-http-backend + labels: + app: default-http-backend + tier: ingress +spec: + replicas: 1 + selector: + matchLabels: + app: default-http-backend + tier: ingress + template: + metadata: + labels: + app: default-http-backend + tier: ingress + spec: + terminationGracePeriodSeconds: 60 + containers: + - name: backend + image: gcr.io/google_containers/defaultbackend:1.4 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + initialDelaySeconds: 30 + timeoutSeconds: 5 + ports: + - containerPort: 8080 + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi +--- + +apiVersion: v1 +kind: Service +metadata: + namespace: emc + name: ingress-default-http-backend + labels: + app: default-http-backend + tier: ingress +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: default-http-backend + tier: ingress diff --git a/contrib/k8s-emc/ingress-ds.yml b/contrib/k8s-emc/ingress-ds.yml new file mode 100644 index 0000000..a1bd94f --- /dev/null +++ b/contrib/k8s-emc/ingress-ds.yml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: ingress-nginx-controller + namespace: emc + labels: + app: nginx + tier: ingress +spec: + selector: + matchLabels: + app: nginx + tier: ingress + template: + metadata: + labels: + app: nginx + tier: ingress + annotations: + prometheus.io/port: '10254' + prometheus.io/scrape: 'true' + spec: + serviceAccountName: ingress-nginx + nodeSelector: + ingress: "true" + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: nginx-controller + image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.11.0 + args: + - /nginx-ingress-controller + - --default-backend-service=$(POD_NAMESPACE)/ingress-default-http-backend + - --configmap=$(POD_NAMESPACE)/ingress-nginx-config + - --tcp-services-configmap=$(POD_NAMESPACE)/ingress-tcp-config + - --udp-services-configmap=$(POD_NAMESPACE)/ingress-udp-config + - --annotations-prefix=nginx.ingress.kubernetes.io + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - name: http + containerPort: 80 + - name: https + containerPort: 443 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 diff --git a/contrib/k8s-emc/ingress-rbac.yml b/contrib/k8s-emc/ingress-rbac.yml new file mode 100644 index 0000000..82247c7 --- /dev/null +++ b/contrib/k8s-emc/ingress-rbac.yml @@ -0,0 +1,133 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: emc + name: ingress-nginx + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "extensions" + resources: + - ingresses/status + verbs: + - update + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: emc + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: emc + name: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + # Defaults to "<election-id>-<ingress-class>" + # Here: "<ingress-controller-leader>-<nginx>" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. + - "ingress-controller-leader-nginx" + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: emc + name: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx +subjects: + - kind: ServiceAccount + name: ingress-nginx + namespace: emc diff --git a/contrib/k8s-emc/ingress-tcp-cm.yml b/contrib/k8s-emc/ingress-tcp-cm.yml new file mode 100644 index 0000000..425057f --- /dev/null +++ b/contrib/k8s-emc/ingress-tcp-cm.yml @@ -0,0 +1,8 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + namespace: emc + name: ingress-tcp-config + labels: + app: tcp-services + tier: ingress diff --git a/contrib/k8s-emc/ingress-udp-cm.yml b/contrib/k8s-emc/ingress-udp-cm.yml new file mode 100644 index 0000000..7667661 --- /dev/null +++ b/contrib/k8s-emc/ingress-udp-cm.yml @@ -0,0 +1,8 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + namespace: emc + name: ingress-udp-config + labels: + app: udp-services + tier: ingress diff --git a/contrib/k8s-emc/kibana-deploy.yml b/contrib/k8s-emc/kibana-deploy.yml index ae9e52d..eabb003 100644 --- a/contrib/k8s-emc/kibana-deploy.yml +++ b/contrib/k8s-emc/kibana-deploy.yml @@ -37,6 +37,8 @@ spec: env: - name: ELASTICSEARCH_URL value: http://stats-es:9200/ + - name: SERVER_BASEPATH + value: "/kibana" volumeMounts: - name: optimize mountPath: /usr/share/kibana/optimize diff --git a/contrib/k8s-emc/kibana-ingress.yml b/contrib/k8s-emc/kibana-ingress.yml new file mode 100644 index 0000000..524aafd --- /dev/null +++ b/contrib/k8s-emc/kibana-ingress.yml @@ -0,0 +1,16 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + namespace: emc + name: stats-kibana + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: elevate-stats.spreadspace.org + http: + paths: + - path: /kibana + backend: + serviceName: stats-kibana + servicePort: 5601 |