summaryrefslogtreecommitdiff
path: root/contrib/k8s-emc/_graveyard_
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/k8s-emc/_graveyard_')
-rwxr-xr-xcontrib/k8s-emc/_graveyard_/acme-hack/do.sh23
-rw-r--r--contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml41
-rw-r--r--contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml66
-rw-r--r--contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml19
-rw-r--r--contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml20
-rwxr-xr-xcontrib/k8s-emc/_graveyard_/acme-hack/wipe.sh6
-rw-r--r--contrib/k8s-emc/_graveyard_/elasticsearch-statefulset.yml62
-rw-r--r--contrib/k8s-emc/_graveyard_/elasticsearch-svc.yml16
-rw-r--r--contrib/k8s-emc/_graveyard_/kibana-deploy.yml48
-rw-r--r--contrib/k8s-emc/_graveyard_/kibana-ingress.yml26
-rw-r--r--contrib/k8s-emc/_graveyard_/kibana-svc.yml16
-rw-r--r--contrib/k8s-emc/_graveyard_/onion-hack/stream-site-cm.yml61
-rw-r--r--contrib/k8s-emc/_graveyard_/onion-hack/stream-site-deploy.yml93
-rw-r--r--contrib/k8s-emc/_graveyard_/onion-hack/stream-site-secret.yml14
14 files changed, 511 insertions, 0 deletions
diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/do.sh b/contrib/k8s-emc/_graveyard_/acme-hack/do.sh
new file mode 100755
index 0000000..3c2b5e3
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/acme-hack/do.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+declare -A domains
+domains[emc-live]="emc-live.elev8.at"
+domains[emc-stats]="emc-stats.elev8.at"
+domains[stream-elev8]="stream.elev8.at"
+domains[stream-elevate]="stream.elevate.at"
+
+kubectl apply -f nginx-acme-cm.yml
+kubectl apply -f nginx-acme-deploy.yml
+kubectl apply -f nginx-acme-svc.yml
+for name in "${!domains[@]}"; do
+ cat nginx-acme-ingress.yml | sed "s/<<name>>/$name/g" | sed "s/<<hostname>>/${domains[$name]}/g" | kubectl apply -f -
+done
+
+### TODO: wait for all pods and then contiune the script
+#exit 0
+
+ssh emc-00 systemctl start acmetool
+
+for name in "${!domains[@]}"; do
+ ssh emc-00 kubectl -n emc create secret tls "$name\-tls" "--cert=/var/lib/acme/live/${domains[$name]}/fullchain" "--key=/var/lib/acme/live/${domains[$name]}/privkey" --dry-run -o json | kubectl apply -f -
+done
diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml
new file mode 100644
index 0000000..9050c04
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: emc
+ name: nginx-acme-hack
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+data:
+ nginx.conf: |
+ worker_processes 1;
+ pid /srv/nginx.pid;
+ error_log /dev/stderr notice;
+
+ events {
+ worker_connections 64;
+ # multi_accept on;
+ }
+
+ http {
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+
+ server_names_hash_bucket_size 64;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ access_log /dev/null;
+
+ server {
+ listen 8080 default_server;
+ server_name _;
+
+ root /srv/www;
+ }
+ }
diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml
new file mode 100644
index 0000000..3549f0d
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml
@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: emc
+ name: nginx-acme-hack-emc-00
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: emc-00
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: emc-00
+ strategy:
+ type: Recreate
+ revisionHistoryLimit: 5
+ template:
+ metadata:
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: emc-00
+ spec:
+ nodeName: emc-00
+ securityContext:
+ runAsUser: 998
+ fsGroup: 998
+ containers:
+ - name: nginx
+ image: spreadspace/nginx:4
+ imagePullPolicy: Always
+ args:
+ - nginx
+ - -c
+ - /srv/config/nginx.conf
+ - -g
+ - "daemon off;"
+ volumeMounts:
+ - name: home
+ mountPath: /srv
+ - name: nginx-lib
+ mountPath: /var/lib/nginx
+ - name: nginx-config
+ mountPath: /srv/config
+ - name: acme-challenge
+ mountPath: /srv/www/.well-known/acme-challenge
+ volumes:
+ - name: home
+ emptyDir:
+ medium: Memory
+ - name: nginx-lib
+ emptyDir:
+ medium: Memory
+ - name: nginx-config
+ configMap:
+ name: nginx-acme-hack
+ - name: acme-challenge
+ hostPath:
+ type: DirectoryOrCreate
+ path: /var/run/acme/acme-challenge/
diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml
new file mode 100644
index 0000000..c6c2b0b
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml
@@ -0,0 +1,19 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: emc
+ name: nginx-acme-hack-<<name>>
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+spec:
+ rules:
+ - host: <<hostname>>
+ http:
+ paths:
+ - path: /.well-known/acme-challenge/
+ backend:
+ serviceName: nginx-acme-hack-emc-00
+ servicePort: 8080
diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml
new file mode 100644
index 0000000..7bc3540
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: emc
+ name: nginx-acme-hack-emc-00
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: emc-00
+spec:
+ selector:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: emc-00
+ clusterIP: None
+ ports:
+ - name: http
+ port: 8080
diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh b/contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh
new file mode 100755
index 0000000..6834aa6
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+kubectl --namespace emc delete ingress -l tier=hack -l type=acme-challenge
+kubectl --namespace emc delete svc -l tier=hack -l type=acme-challenge
+kubectl --namespace emc delete deploy -l tier=hack -l type=acme-challenge
+kubectl --namespace emc delete cm -l tier=hack -l type=acme-challenge
diff --git a/contrib/k8s-emc/_graveyard_/elasticsearch-statefulset.yml b/contrib/k8s-emc/_graveyard_/elasticsearch-statefulset.yml
new file mode 100644
index 0000000..86edd8f
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/elasticsearch-statefulset.yml
@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ namespace: emc
+ name: stats-es
+ labels:
+ app: elasticsearch
+ tier: stats
+spec:
+ serviceName: stats-es
+ replicas: 1
+ selector:
+ matchLabels:
+ app: elasticsearch
+ tier: stats
+ updateStrategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app: elasticsearch
+ tier: stats
+ spec:
+ nodeName: emc-stats
+ securityContext:
+ runAsUser: 998
+ fsGroup: 998
+ initContainers:
+ - name: prepare-es-data
+ image: busybox
+ command: ['sh', '-c', 'chown 998:998 /srv/data && chmod 700 /srv/data']
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: es-data
+ mountPath: /srv/data
+ containers:
+ - name: elasticsearch
+ image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.2
+ imagePullPolicy: Always
+ resources:
+ limits:
+ memory: 3072Mi
+ requests:
+ memory: 2048Mi
+ env:
+ - name: ES_JAVA_OPTS
+ value: "-Xms1536m -Xmx1536m"
+ - name: cluster.name
+ value: emc-stats
+ - name: node.name
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ volumeMounts:
+ - name: es-data
+ mountPath: /usr/share/elasticsearch/data
+ volumes:
+ - name: es-data
+ hostPath:
+ type: DirectoryOrCreate
+ path: /srv/stats/elasticsearch
diff --git a/contrib/k8s-emc/_graveyard_/elasticsearch-svc.yml b/contrib/k8s-emc/_graveyard_/elasticsearch-svc.yml
new file mode 100644
index 0000000..d3451a8
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/elasticsearch-svc.yml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: emc
+ name: stats-es
+ labels:
+ app: elasticsearch
+ tier: stats
+spec:
+ selector:
+ app: elasticsearch
+ tier: stats
+ clusterIP: 172.18.242.12
+ ports:
+ - name: http
+ port: 9200
diff --git a/contrib/k8s-emc/_graveyard_/kibana-deploy.yml b/contrib/k8s-emc/_graveyard_/kibana-deploy.yml
new file mode 100644
index 0000000..eabb003
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/kibana-deploy.yml
@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: emc
+ name: stats-kibana
+ labels:
+ app: kibana
+ tier: stats
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: kibana
+ tier: stats
+ strategy:
+ type: Recreate
+ revisionHistoryLimit: 5
+ template:
+ metadata:
+ labels:
+ app: kibana
+ tier: stats
+ spec:
+ nodeName: emc-stats
+ securityContext:
+ runAsUser: 998
+ fsGroup: 998
+ containers:
+ - name: kibana
+ image: docker.elastic.co/kibana/kibana-oss:6.2.1
+ imagePullPolicy: Always
+ resources:
+ limits:
+ memory: 3072Mi
+ requests:
+ memory: 2048Mi
+ env:
+ - name: ELASTICSEARCH_URL
+ value: http://stats-es:9200/
+ - name: SERVER_BASEPATH
+ value: "/kibana"
+ volumeMounts:
+ - name: optimize
+ mountPath: /usr/share/kibana/optimize
+ volumes:
+ - name: optimize
+ emptyDir:
+ medium: Memory
diff --git a/contrib/k8s-emc/_graveyard_/kibana-ingress.yml b/contrib/k8s-emc/_graveyard_/kibana-ingress.yml
new file mode 100644
index 0000000..572a012
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/kibana-ingress.yml
@@ -0,0 +1,26 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: emc
+ name: stats-kibana
+ labels:
+ app: kibana
+ tier: stats
+ annotations:
+ nginx.ingress.kubernetes.io/rewrite-target: /
+ nginx.ingress.kubernetes.io/auth-type: basic
+ nginx.ingress.kubernetes.io/auth-secret: stats-auth
+ nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - Elevate Mediachannel Stats"
+spec:
+ tls:
+ - secretName: stream-stats-tls
+ hosts:
+ - elevate-stats.spreadspace.org
+ rules:
+ - host: elevate-stats.spreadspace.org
+ http:
+ paths:
+ - path: /kibana
+ backend:
+ serviceName: stats-kibana
+ servicePort: 5601
diff --git a/contrib/k8s-emc/_graveyard_/kibana-svc.yml b/contrib/k8s-emc/_graveyard_/kibana-svc.yml
new file mode 100644
index 0000000..1dd9250
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/kibana-svc.yml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: emc
+ name: stats-kibana
+ labels:
+ app: kibana
+ tier: stats
+spec:
+ selector:
+ app: kibana
+ tier: stats
+ clusterIP: 172.18.242.13
+ ports:
+ - name: http
+ port: 5601
diff --git a/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-cm.yml b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-cm.yml
new file mode 100644
index 0000000..556bfe3
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-cm.yml
@@ -0,0 +1,61 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: emc
+ name: stream-site-public-onion
+ labels:
+ app: nginx
+ type: stream-site
+ stream: public-onion
+data:
+ torrc: |
+ ## Set DataDirectory
+ DataDirectory /var/lib/tor
+
+ ## Do not act as a SOCKS proxy
+ SOCKSPort 0
+
+ ## Publish a hidden service
+ HiddenServiceDir /srv/onion_service/
+ HiddenServicePort 80 127.0.0.1:8080
+
+ HiddenServiceNonAnonymousMode 1
+ HiddenServiceSingleHopMode 1
+ nginx.conf: |
+ worker_processes 4;
+ pid /srv/nginx.pid;
+ error_log /dev/stderr notice;
+
+ events {
+ worker_connections 768;
+ # multi_accept on;
+ }
+
+ http {
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+
+ server_names_hash_bucket_size 64;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ access_log /dev/null;
+
+ server {
+ listen 127.0.0.1:8080 default_server;
+
+ server_name _;
+
+ root /srv/www;
+
+ location /js/config.js {
+ alias /srv/config/config.js;
+ }
+ }
+ }
+ config.js: |
+ var config = {"resolutions": {"1080p25": {"width": 1920, "height": 1080, "rate": "25/1"}, "720p25": {"width": 1280, "height": 720, "rate": "25/1"}, "480p25": {"width": 854, "height": 480, "rate": "25/1"}, "360p25": {"width": 640, "height": 360, "rate": "25/1"}, "240p25": {"width": 426, "height": 240, "rate": "25/1"}}, "profiles": {"full": {"video": "1080p25", "audio": 160}, "high": {"video": "720p25", "audio": 160}, "medium": {"video": "480p25", "audio": 128}, "low": {"video": "360p25", "audio": 96}, "mini": {"video": "240p25", "audio": 64}, "rec": {"video": "1080p25", "audio": 0}}, "muxes": {"av-orig": {"video": "sdi-orig:video", "audio": "sdi-orig:audio", "formats": {"flash": ["high", "medium", "low", "mini"], "webm": ["high", "medium", "low", "mini"]}}, "audio-orig": {"audio": "sdi-orig:audio", "formats": {"ogg": ["high", "medium", "low", "mini"], "mp3": ["high", "medium", "low", "mini"]}}}, "streamBaseUrl": "http://elevatexfonbiisp.onion:8000"};
diff --git a/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-deploy.yml b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-deploy.yml
new file mode 100644
index 0000000..8ae9b14
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-deploy.yml
@@ -0,0 +1,93 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: emc
+ name: stream-site-public-onion
+ labels:
+ app: nginx
+ type: stream-site
+ stream: public-onion
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: nginx
+ type: stream-site
+ stream: public-onion
+ strategy:
+ type: Recreate
+ revisionHistoryLimit: 5
+ template:
+ metadata:
+ labels:
+ app: nginx
+ type: stream-site
+ stream: public-onion
+ spec:
+ nodeName: emc-00
+ securityContext:
+ runAsUser: 998
+ fsGroup: 998
+ initContainers:
+ - name: prepare-onion
+ image: busybox
+ command: ['sh', '-c', 'mkdir /srv/onion_service && cp /secrets/onion_service/* /srv/onion_service && chown -R 998:998 /var/lib/tor /srv/onion_service && chmod 0750 /var/lib/tor && chmod 0700 /srv/onion_service']
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: home
+ mountPath: /srv
+ - name: onion-lib
+ mountPath: /var/lib/tor
+ - name: onion-service
+ mountPath: /secrets/onion_service/
+ containers:
+ - name: nginx
+ image: spreadspace/nginx-streaming:4
+ imagePullPolicy: Always
+ args:
+ - nginx
+ - -c
+ - /srv/config/nginx.conf
+ - -g
+ - "daemon off;"
+ volumeMounts:
+ - name: home
+ mountPath: /srv
+ - name: nginx-lib
+ mountPath: /var/lib/nginx
+ - name: config
+ mountPath: /srv/config
+ - name: www
+ mountPath: /srv/www
+ - name: onion-service
+ image: spreadspace/onion-service:master-23
+ imagePullPolicy: Always
+ args: [ '/usr/bin/tor', '-f', '/srv/config/torrc', '--RunAsDaemon', '0' ]
+ volumeMounts:
+ - name: home
+ mountPath: /srv
+ - name: onion-lib
+ mountPath: /var/lib/tor
+ - name: config
+ mountPath: /srv/config
+ volumes:
+ - name: home
+ emptyDir:
+ medium: Memory
+ - name: onion-lib
+ emptyDir:
+ medium: Memory
+ - name: nginx-lib
+ emptyDir:
+ medium: Memory
+ - name: config
+ configMap:
+ name: stream-site-public-onion
+ - name: www
+ hostPath:
+ type: Directory
+ path: /srv/www/emc18
+ - name: onion-service
+ secret:
+ secretName: stream-site-public-onion
diff --git a/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-secret.yml b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-secret.yml
new file mode 100644
index 0000000..00ca264
--- /dev/null
+++ b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-secret.yml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: emc
+ name: stream-site-public-onion
+ labels:
+ app: nginx
+ type: stream-site
+ stream: public-onion
+type: Opaque
+data:
+ hostname: ""
+ private_key: ""
+ onion_service_non_anonymous: ""
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-30 00:47:41 +0000