diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-07-31 03:52:05 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-07-31 03:52:05 +0200 |
commit | cb7259fa199482ea681833acf4d2848b85a48eea (patch) | |
tree | 567671a732958621a971f43f1418f3ed237f35a8 /contrib/k8s-emc/_graveyard_/acme-hack | |
parent | add new node to lw cluster (diff) |
move some old stuff into graveyard
Diffstat (limited to 'contrib/k8s-emc/_graveyard_/acme-hack')
6 files changed, 175 insertions, 0 deletions
diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/do.sh b/contrib/k8s-emc/_graveyard_/acme-hack/do.sh new file mode 100755 index 0000000..3c2b5e3 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/do.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +declare -A domains +domains[emc-live]="emc-live.elev8.at" +domains[emc-stats]="emc-stats.elev8.at" +domains[stream-elev8]="stream.elev8.at" +domains[stream-elevate]="stream.elevate.at" + +kubectl apply -f nginx-acme-cm.yml +kubectl apply -f nginx-acme-deploy.yml +kubectl apply -f nginx-acme-svc.yml +for name in "${!domains[@]}"; do + cat nginx-acme-ingress.yml | sed "s/<<name>>/$name/g" | sed "s/<<hostname>>/${domains[$name]}/g" | kubectl apply -f - +done + +### TODO: wait for all pods and then contiune the script +#exit 0 + +ssh emc-00 systemctl start acmetool + +for name in "${!domains[@]}"; do + ssh emc-00 kubectl -n emc create secret tls "$name\-tls" "--cert=/var/lib/acme/live/${domains[$name]}/fullchain" "--key=/var/lib/acme/live/${domains[$name]}/privkey" --dry-run -o json | kubectl apply -f - +done diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml new file mode 100644 index 0000000..9050c04 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: emc + name: nginx-acme-hack + labels: + app: nginx + type: acme-challenge + tier: hack +data: + nginx.conf: | + worker_processes 1; + pid /srv/nginx.pid; + error_log /dev/stderr notice; + + events { + worker_connections 64; + # multi_accept on; + } + + http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/null; + + server { + listen 8080 default_server; + server_name _; + + root /srv/www; + } + } diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml new file mode 100644 index 0000000..3549f0d --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: emc + name: nginx-acme-hack-emc-00 + labels: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 + strategy: + type: Recreate + revisionHistoryLimit: 5 + template: + metadata: + labels: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 + spec: + nodeName: emc-00 + securityContext: + runAsUser: 998 + fsGroup: 998 + containers: + - name: nginx + image: spreadspace/nginx:4 + imagePullPolicy: Always + args: + - nginx + - -c + - /srv/config/nginx.conf + - -g + - "daemon off;" + volumeMounts: + - name: home + mountPath: /srv + - name: nginx-lib + mountPath: /var/lib/nginx + - name: nginx-config + mountPath: /srv/config + - name: acme-challenge + mountPath: /srv/www/.well-known/acme-challenge + volumes: + - name: home + emptyDir: + medium: Memory + - name: nginx-lib + emptyDir: + medium: Memory + - name: nginx-config + configMap: + name: nginx-acme-hack + - name: acme-challenge + hostPath: + type: DirectoryOrCreate + path: /var/run/acme/acme-challenge/ diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml new file mode 100644 index 0000000..c6c2b0b --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml @@ -0,0 +1,19 @@ +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + namespace: emc + name: nginx-acme-hack-<<name>> + labels: + app: nginx + type: acme-challenge + tier: hack +spec: + rules: + - host: <<hostname>> + http: + paths: + - path: /.well-known/acme-challenge/ + backend: + serviceName: nginx-acme-hack-emc-00 + servicePort: 8080 diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml new file mode 100644 index 0000000..7bc3540 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: emc + name: nginx-acme-hack-emc-00 + labels: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 +spec: + selector: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 + clusterIP: None + ports: + - name: http + port: 8080 diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh b/contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh new file mode 100755 index 0000000..6834aa6 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +kubectl --namespace emc delete ingress -l tier=hack -l type=acme-challenge +kubectl --namespace emc delete svc -l tier=hack -l type=acme-challenge +kubectl --namespace emc delete deploy -l tier=hack -l type=acme-challenge +kubectl --namespace emc delete cm -l tier=hack -l type=acme-challenge |