diff options
-rw-r--r-- | src/examples/elevate2018.yml | 2 | ||||
-rwxr-xr-x | src/flufigut.py | 24 | ||||
-rw-r--r-- | templates/default/kubernetes/stream-lb-cm.yml.j2 | 76 | ||||
-rw-r--r-- | templates/default/kubernetes/stream-lb-deploy.yml.j2 | 87 | ||||
-rw-r--r-- | templates/default/kubernetes/stream-lb-svc.yml.j2 | 16 |
5 files changed, 202 insertions, 3 deletions
diff --git a/src/examples/elevate2018.yml b/src/examples/elevate2018.yml index 20b1eb0..8dfc7c4 100644 --- a/src/examples/elevate2018.yml +++ b/src/examples/elevate2018.yml @@ -109,7 +109,9 @@ streams: burst-on-connect: 5 hostname: "emc-%02i.spreadspace.org" repeater: True + lb-hostname: "elevate-live.spreadspace.org" onion-service: "elevateh7tpoo7eg.onion" + site-hostname: "stream.elevate.at" records: av: mux: avr diff --git a/src/flufigut.py b/src/flufigut.py index ada1813..638075d 100755 --- a/src/flufigut.py +++ b/src/flufigut.py @@ -782,6 +782,20 @@ class K8sDeployment: cm = self.__generate_object(tmpl_env, 'onion-service-cm.yml', deploy) v1.create_namespaced_config_map(self._namespace, cm) + def _deploy_stream_loadbalancer(self, template_dir, tmpl_env, v1, appsV1, stream_name, stream): + streamers = [] + for idx in range(stream['count']): + streamers.append(stream['hostname'] % (idx + 1)) + + cm = self.__generate_object(tmpl_env, 'stream-lb-cm.yml', {'stream': stream_name, 'streamers': streamers}) + v1.create_namespaced_config_map(self._namespace, cm) + + svc = self.__generate_object(tmpl_env, 'stream-lb-svc.yml', {'stream': stream_name, 'streamers': streamers}) + v1.create_namespaced_service(self._namespace, svc) + + deploy = self.__generate_object(tmpl_env, 'stream-lb-deploy.yml', {'stream': stream_name, 'streamers': streamers}) + appsV1.create_namespaced_deployment(self._namespace, deploy) + def _deploy_stream_website(self, template_dir, tmpl_env, v1, appsV1, stream_name, stream): # TODO: add me pass @@ -820,17 +834,21 @@ class K8sDeployment: for _, worker in self._planet.workers.items(): if not len(worker['subs']): worker['subs']['worker'] = { - 'fullname': worker['name'], - 'flags': worker['flags'] + 'fullname': + worker['name'], + 'flags': + worker['flags'] } self._deploy_flumotion_worker(template_dir, tmpl_env, v1, appsV1, worker) self._deploy_nginx_worker(template_dir, tmpl_env, v1, appsV1, worker) self._deploy_sfive_worker(template_dir, tmpl_env, v1, appsV1, worker) for stream_name, stream in self._desc.streams.items(): - self._deploy_stream_website(template_dir, tmpl_env, v1, appsV1, stream_name, stream) + if 'lb-hostname' in stream: + self._deploy_stream_loadbalancer(template_dir, tmpl_env, v1, appsV1, stream_name, stream) if 'onion-service' in stream: self._deploy_onion_service_config(template_dir, tmpl_env, v1, stream_name, stream) + self._deploy_stream_website(template_dir, tmpl_env, v1, appsV1, stream_name, stream) if self.__has_onion_service: role = self.__generate_object(tmpl_env, 'onion-service-role.yml') diff --git a/templates/default/kubernetes/stream-lb-cm.yml.j2 b/templates/default/kubernetes/stream-lb-cm.yml.j2 new file mode 100644 index 0000000..6e1e40d --- /dev/null +++ b/templates/default/kubernetes/stream-lb-cm.yml.j2 @@ -0,0 +1,76 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ deploy.namespace }} + name: stream-lb-{{ deploy.stream }} + labels: + app: nginx + type: stream-lb + stream: {{ deploy.stream }} +data: + nginx.conf: | + worker_processes 4; + pid /srv/nginx.pid; + error_log /dev/stderr notice; + + events { + worker_connections 768; + # multi_accept on; + } + + http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/null; + + upstream streamers { +{% for streamer in deploy.streamers %} + server localhost:{{ 10000 + loop.index }}; +{% endfor %} + } + + server { + listen {{ desc.streams[deploy.stream].port }} ssl default_server; + listen [::]:{{ desc.streams[deploy.stream].port }} ssl default_server; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5; + ssl_prefer_server_ciphers on; + + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + ssl_session_tickets off; + + ssl_certificate /srv/acme/fullchain; + ssl_certificate_key /srv/acme/privkey; + + server_name _; + + root /srv/www; + + location / { + proxy_pass http://streamers; + } + } + +{% for streamer in deploy.streamers %} + server { + listen localhost:{{ 10000 + loop.index }}; + + expires -1s; + add_header Cache-Control "no-store,must-revalidate,max-age=0"; + location / { + return 302 https://{{ streamer }}:{{ desc.streams[deploy.stream].port }}$request_uri; + } + } +{% endfor %} + } diff --git a/templates/default/kubernetes/stream-lb-deploy.yml.j2 b/templates/default/kubernetes/stream-lb-deploy.yml.j2 new file mode 100644 index 0000000..33c8467 --- /dev/null +++ b/templates/default/kubernetes/stream-lb-deploy.yml.j2 @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ deploy.namespace }} + name: stream-lb-{{ deploy.stream }} + labels: + app: nginx + type: stream-lb + stream: {{ deploy.stream }} +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + type: stream-lb + stream: {{ deploy.stream }} + strategy: + type: Recreate + revisionHistoryLimit: 5 + template: + metadata: + labels: + app: nginx + type: stream-lb + stream: {{ deploy.stream }} + spec: + nodeName: emc-00 ## TODO: hardcoded value + securityContext: + runAsUser: 998 + fsGroup: 998 + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + initContainers: + - name: copy-certificates + image: busybox + command: ['sh', '-c', 'chmod 0750 /srv/acme && cp /var/lib/acme/live/{{ desc.streams[deploy.stream]['lb-hostname'] }}/* /srv/acme && chown -R 998 /srv/acme'] + securityContext: + runAsUser: 0 + volumeMounts: + - name: nginx-cert + mountPath: /srv/acme + - name: acme-lib + mountPath: /var/lib/acme + containers: + - name: nginx + image: spreadspace/nginx-streaming:{{ desc.globals.deployment.parameter.nginx_image_version }} + imagePullPolicy: Always + args: + - nginx + - -c + - /srv/config/nginx.conf + - -g + - "daemon off;" + volumeMounts: + - name: home + mountPath: /srv + - name: nginx-lib + mountPath: /var/lib/nginx + - name: nginx-config + mountPath: /srv/config + - name: www + mountPath: /srv/www + - name: nginx-cert + mountPath: /srv/acme + - name: acme-lib + mountPath: /var/lib/acme + volumes: + - name: home + emptyDir: + medium: Memory + - name: nginx-lib + emptyDir: + medium: Memory + - name: nginx-config + configMap: + name: stream-lb-{{ deploy.stream }} + - name: www + emptyDir: + medium: Memory + - name: nginx-cert + emptyDir: + medium: Memory + - name: acme-lib + hostPath: + type: Directory + path: /var/lib/acme + readOnly: yes diff --git a/templates/default/kubernetes/stream-lb-svc.yml.j2 b/templates/default/kubernetes/stream-lb-svc.yml.j2 new file mode 100644 index 0000000..fcab5bd --- /dev/null +++ b/templates/default/kubernetes/stream-lb-svc.yml.j2 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: {{ deploy.namespace }} + name: stream-lb-{{ deploy.stream }} + labels: + app: nginx + type: stream-lb + stream: {{ deploy.stream }} +spec: + selector: + app: nginx + type: stream-lb + stream: {{ deploy.stream }} + ports: + - port: {{ desc.streams[deploy.stream].port }} |