summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2022-07-08 01:47:30 +0200
committerChristian Pointner <equinox@spreadspace.org>2022-07-08 01:47:30 +0200
commit8aa7fec1067f9ad9f955920d6bae00a80a42b0e3 (patch)
tree685272763d64125f471c9344ccbe0ecadb9fe65d
parentadd upstream ingress controller deploy file (diff)
k8s-emc: fix stream-site
Diffstat
-rw-r--r--contrib/k8s-emc/ingress.yml294
-rw-r--r--contrib/k8s-emc/stream-site-cm.yml4
-rw-r--r--contrib/k8s-emc/stream-site-deploy.yml9
-rw-r--r--contrib/k8s-emc/stream-site-ingress.yml17
4 files changed, 20 insertions, 304 deletions
diff --git a/contrib/k8s-emc/ingress.yml b/contrib/k8s-emc/ingress.yml
index f53f5c1..d6fd08f 100644
--- a/contrib/k8s-emc/ingress.yml
+++ b/contrib/k8s-emc/ingress.yml
@@ -19,18 +19,6 @@ metadata:
name: ingress-nginx
namespace: ingress-nginx
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
- namespace: ingress-nginx
----
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -114,26 +102,6 @@ rules:
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
- namespace: ingress-nginx
-rules:
-- apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - create
----
-apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
@@ -200,25 +168,6 @@ rules:
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
-rules:
-- apiGroups:
- - admissionregistration.k8s.io
- resources:
- - validatingwebhookconfigurations
- verbs:
- - get
- - update
----
-apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
@@ -239,26 +188,6 @@ subjects:
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
- namespace: ingress-nginx
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: ingress-nginx-admission
-subjects:
-- kind: ServiceAccount
- name: ingress-nginx-admission
- namespace: ingress-nginx
----
-apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
@@ -276,25 +205,6 @@ subjects:
name: ingress-nginx
namespace: ingress-nginx
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: ingress-nginx-admission
-subjects:
-- kind: ServiceAccount
- name: ingress-nginx-admission
- namespace: ingress-nginx
----
apiVersion: v1
data:
allow-snippet-annotations: "true"
@@ -309,60 +219,8 @@ metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
---
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-controller
- namespace: ingress-nginx
-spec:
- ports:
- - appProtocol: http
- name: http
- port: 80
- protocol: TCP
- targetPort: http
- - appProtocol: https
- name: https
- port: 443
- protocol: TCP
- targetPort: https
- selector:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- type: NodePort
----
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-controller-admission
- namespace: ingress-nginx
-spec:
- ports:
- - appProtocol: https
- name: https-webhook
- port: 443
- targetPort: webhook
- selector:
- app.kubernetes.io/component: controller
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- type: ClusterIP
----
apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
metadata:
labels:
app.kubernetes.io/component: controller
@@ -373,8 +231,6 @@ metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
- minReadySeconds: 0
- revisionHistoryLimit: 10
selector:
matchLabels:
app.kubernetes.io/component: controller
@@ -394,9 +250,6 @@ spec:
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- - --validating-webhook=:8443
- - --validating-webhook-certificate=/usr/local/certificates/cert
- - --validating-webhook-key=/usr/local/certificates/key
env:
- name: POD_NAME
valueFrom:
@@ -433,9 +286,6 @@ spec:
- containerPort: 443
name: https
protocol: TCP
- - containerPort: 8443
- name: webhook
- protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
@@ -458,115 +308,12 @@ spec:
drop:
- ALL
runAsUser: 101
- volumeMounts:
- - mountPath: /usr/local/certificates/
- name: webhook-cert
- readOnly: true
- dnsPolicy: ClusterFirst
+ hostNetwork: true
+ dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
- kubernetes.io/os: linux
+ streaming.spreadspace.org/zone: dist-lb
serviceAccountName: ingress-nginx
terminationGracePeriodSeconds: 300
- volumes:
- - name: webhook-cert
- secret:
- secretName: ingress-nginx-admission
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission-create
- namespace: ingress-nginx
-spec:
- template:
- metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission-create
- spec:
- containers:
- - args:
- - create
- - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- - --namespace=$(POD_NAMESPACE)
- - --secret-name=ingress-nginx-admission
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
- imagePullPolicy: IfNotPresent
- name: create
- securityContext:
- allowPrivilegeEscalation: false
- nodeSelector:
- kubernetes.io/os: linux
- restartPolicy: OnFailure
- securityContext:
- fsGroup: 2000
- runAsNonRoot: true
- runAsUser: 2000
- serviceAccountName: ingress-nginx-admission
----
-apiVersion: batch/v1
-kind: Job
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission-patch
- namespace: ingress-nginx
-spec:
- template:
- metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission-patch
- spec:
- containers:
- - args:
- - patch
- - --webhook-name=ingress-nginx-admission
- - --namespace=$(POD_NAMESPACE)
- - --patch-mutating=false
- - --secret-name=ingress-nginx-admission
- - --patch-failure-policy=Fail
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660
- imagePullPolicy: IfNotPresent
- name: patch
- securityContext:
- allowPrivilegeEscalation: false
- nodeSelector:
- kubernetes.io/os: linux
- restartPolicy: OnFailure
- securityContext:
- fsGroup: 2000
- runAsNonRoot: true
- runAsUser: 2000
- serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
@@ -580,36 +327,3 @@ metadata:
name: nginx
spec:
controller: k8s.io/ingress-nginx
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
- labels:
- app.kubernetes.io/component: admission-webhook
- app.kubernetes.io/instance: ingress-nginx
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- app.kubernetes.io/version: 1.2.1
- name: ingress-nginx-admission
-webhooks:
-- admissionReviewVersions:
- - v1
- clientConfig:
- service:
- name: ingress-nginx-controller-admission
- namespace: ingress-nginx
- path: /networking/v1/ingresses
- failurePolicy: Fail
- matchPolicy: Equivalent
- name: validate.nginx.ingress.kubernetes.io
- rules:
- - apiGroups:
- - networking.k8s.io
- apiVersions:
- - v1
- operations:
- - CREATE
- - UPDATE
- resources:
- - ingresses
- sideEffects: None
diff --git a/contrib/k8s-emc/stream-site-cm.yml b/contrib/k8s-emc/stream-site-cm.yml
index 2cecc8d..53816f3 100644
--- a/contrib/k8s-emc/stream-site-cm.yml
+++ b/contrib/k8s-emc/stream-site-cm.yml
@@ -10,8 +10,8 @@ metadata:
stream: public
data:
nginx.conf: |
- worker_processes 4;
- pid /srv/nginx.pid;
+ worker_processes 2;
+ pid /var/lib/nginx/nginx.pid;
error_log /dev/stderr notice;
events {
diff --git a/contrib/k8s-emc/stream-site-deploy.yml b/contrib/k8s-emc/stream-site-deploy.yml
index 3e7953c..dcc1bcb 100644
--- a/contrib/k8s-emc/stream-site-deploy.yml
+++ b/contrib/k8s-emc/stream-site-deploy.yml
@@ -33,7 +33,7 @@ spec:
fsGroup: 990
containers:
- name: nginx
- image: registry.gitlab.com/spreadspace/docker/nginx:2021-02-24.20
+ image: registry.gitlab.com/spreadspace/docker/nginx:2022-06-12.26
imagePullPolicy: Always
args:
- nginx
@@ -42,8 +42,6 @@ spec:
- -g
- "daemon off;"
volumeMounts:
- - name: home
- mountPath: /srv
- name: nginx-lib
mountPath: /var/lib/nginx
- name: nginx-config
@@ -51,9 +49,6 @@ spec:
- name: www
mountPath: /srv/www
volumes:
- - name: home
- emptyDir:
- medium: Memory
- name: nginx-lib
emptyDir:
medium: Memory
@@ -63,4 +58,4 @@ spec:
- name: www
hostPath:
type: Directory
- path: /srv/www/stream-site
+ path: /srv/www/stream-site-emc
diff --git a/contrib/k8s-emc/stream-site-ingress.yml b/contrib/k8s-emc/stream-site-ingress.yml
index a9f08e9..b6c8efa 100644
--- a/contrib/k8s-emc/stream-site-ingress.yml
+++ b/contrib/k8s-emc/stream-site-ingress.yml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: emc
@@ -9,6 +9,7 @@ metadata:
tier: live
stream: public
spec:
+ ingressClassName: nginx
tls:
- hosts:
- stream.elev8.at
@@ -21,13 +22,19 @@ spec:
http:
paths:
- path: /
+ pathType: Prefix
backend:
- serviceName: stream-site-public
- servicePort: 8080
+ service:
+ name: stream-site-public
+ port:
+ number: 8080
- host: stream.elevate.at
http:
paths:
- path: /
+ pathType: Prefix
backend:
- serviceName: stream-site-public
- servicePort: 8080
+ service:
+ name: stream-site-public
+ port:
+ number: 8080
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-08 02:25:29 +0000