summaryrefslogtreecommitdiff
path: root/contrib/k8s-lwl/acme-hack
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/k8s-lwl/acme-hack')
-rw-r--r--contrib/k8s-lwl/acme-hack/acmetool-desired.yml3
-rwxr-xr-xcontrib/k8s-lwl/acme-hack/do.sh26
-rw-r--r--contrib/k8s-lwl/acme-hack/nginx-acme-cm.yml41
-rw-r--r--contrib/k8s-lwl/acme-hack/nginx-acme-deploy.yml66
-rw-r--r--contrib/k8s-lwl/acme-hack/nginx-acme-ingress.yml19
-rw-r--r--contrib/k8s-lwl/acme-hack/nginx-acme-svc.yml20
-rwxr-xr-xcontrib/k8s-lwl/acme-hack/wipe.sh6
7 files changed, 181 insertions, 0 deletions
diff --git a/contrib/k8s-lwl/acme-hack/acmetool-desired.yml b/contrib/k8s-lwl/acme-hack/acmetool-desired.yml
new file mode 100644
index 0000000..d8a67e2
--- /dev/null
+++ b/contrib/k8s-lwl/acme-hack/acmetool-desired.yml
@@ -0,0 +1,3 @@
+satisfy:
+ names:
+ - <<hostname>>
diff --git a/contrib/k8s-lwl/acme-hack/do.sh b/contrib/k8s-lwl/acme-hack/do.sh
new file mode 100755
index 0000000..f4c71ce
--- /dev/null
+++ b/contrib/k8s-lwl/acme-hack/do.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+declare -A domains
+domains[cdn]="cdn.lndwrbl.live"
+domains[stats]="stats.lndwrbl.live"
+domains[stream]="stream.lndwrbl.live"
+
+kubectl apply -f nginx-acme-cm.yml
+kubectl apply -f nginx-acme-deploy.yml
+kubectl apply -f nginx-acme-svc.yml
+for name in "${!domains[@]}"; do
+ cat nginx-acme-ingress.yml | sed "s/<<name>>/$name/g" | sed "s/<<hostname>>/${domains[$name]}/g" | kubectl apply -f -
+done
+
+for name in "${!domains[@]}"; do
+ cat acmetool-desired.yml | sed "s/<<hostname>>/${domains[$name]}/g" | ssh lw-live-00 "cat > /var/lib/acme/desired/${domains[$name]}"
+done
+
+### TODO: wait for all pods and then contiune the script
+#exit 0
+
+ssh lw-live-00 systemctl start acmetool
+
+for name in "${!domains[@]}"; do
+ ssh lw-live-00 kubectl -n lwl create secret tls "$name\-tls" "--cert=/var/lib/acme/live/${domains[$name]}/fullchain" "--key=/var/lib/acme/live/${domains[$name]}/privkey" --dry-run -o json | kubectl apply -f -
+done
diff --git a/contrib/k8s-lwl/acme-hack/nginx-acme-cm.yml b/contrib/k8s-lwl/acme-hack/nginx-acme-cm.yml
new file mode 100644
index 0000000..7599d3c
--- /dev/null
+++ b/contrib/k8s-lwl/acme-hack/nginx-acme-cm.yml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: lwl
+ name: nginx-acme-hack
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+data:
+ nginx.conf: |
+ worker_processes 1;
+ pid /srv/nginx.pid;
+ error_log /dev/stderr notice;
+
+ events {
+ worker_connections 64;
+ # multi_accept on;
+ }
+
+ http {
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+
+ server_names_hash_bucket_size 64;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ access_log /dev/null;
+
+ server {
+ listen 8080 default_server;
+ server_name _;
+
+ root /srv/www;
+ }
+ }
diff --git a/contrib/k8s-lwl/acme-hack/nginx-acme-deploy.yml b/contrib/k8s-lwl/acme-hack/nginx-acme-deploy.yml
new file mode 100644
index 0000000..7d52f55
--- /dev/null
+++ b/contrib/k8s-lwl/acme-hack/nginx-acme-deploy.yml
@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: lwl
+ name: nginx-acme-hack-lw-live-00
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: lw-live-00
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: lw-live-00
+ strategy:
+ type: Recreate
+ revisionHistoryLimit: 5
+ template:
+ metadata:
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: lw-live-00
+ spec:
+ nodeName: lw-live-00
+ securityContext:
+ runAsUser: 998
+ fsGroup: 998
+ containers:
+ - name: nginx
+ image: spreadspace/nginx:4
+ imagePullPolicy: Always
+ args:
+ - nginx
+ - -c
+ - /srv/config/nginx.conf
+ - -g
+ - "daemon off;"
+ volumeMounts:
+ - name: home
+ mountPath: /srv
+ - name: nginx-lib
+ mountPath: /var/lib/nginx
+ - name: nginx-config
+ mountPath: /srv/config
+ - name: acme-challenge
+ mountPath: /srv/www/.well-known/acme-challenge
+ volumes:
+ - name: home
+ emptyDir:
+ medium: Memory
+ - name: nginx-lib
+ emptyDir:
+ medium: Memory
+ - name: nginx-config
+ configMap:
+ name: nginx-acme-hack
+ - name: acme-challenge
+ hostPath:
+ type: DirectoryOrCreate
+ path: /var/run/acme/acme-challenge/
diff --git a/contrib/k8s-lwl/acme-hack/nginx-acme-ingress.yml b/contrib/k8s-lwl/acme-hack/nginx-acme-ingress.yml
new file mode 100644
index 0000000..e7a3e0e
--- /dev/null
+++ b/contrib/k8s-lwl/acme-hack/nginx-acme-ingress.yml
@@ -0,0 +1,19 @@
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ namespace: lwl
+ name: nginx-acme-hack-<<name>>
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+spec:
+ rules:
+ - host: <<hostname>>
+ http:
+ paths:
+ - path: /.well-known/acme-challenge/
+ backend:
+ serviceName: nginx-acme-hack-lw-live-00
+ servicePort: 8080
diff --git a/contrib/k8s-lwl/acme-hack/nginx-acme-svc.yml b/contrib/k8s-lwl/acme-hack/nginx-acme-svc.yml
new file mode 100644
index 0000000..198a16c
--- /dev/null
+++ b/contrib/k8s-lwl/acme-hack/nginx-acme-svc.yml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: lwl
+ name: nginx-acme-hack-lw-live-00
+ labels:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: lw-live-00
+spec:
+ selector:
+ app: nginx
+ type: acme-challenge
+ tier: hack
+ worker: lw-live-00
+ clusterIP: None
+ ports:
+ - name: http
+ port: 8080
diff --git a/contrib/k8s-lwl/acme-hack/wipe.sh b/contrib/k8s-lwl/acme-hack/wipe.sh
new file mode 100755
index 0000000..5791f7b
--- /dev/null
+++ b/contrib/k8s-lwl/acme-hack/wipe.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+kubectl --namespace lwl delete ingress -l tier=hack -l type=acme-challenge
+kubectl --namespace lwl delete svc -l tier=hack -l type=acme-challenge
+kubectl --namespace lwl delete deploy -l tier=hack -l type=acme-challenge
+kubectl --namespace lwl delete cm -l tier=hack -l type=acme-challenge
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 06:53:20 +0000