From cb7259fa199482ea681833acf4d2848b85a48eea Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 31 Jul 2021 03:52:05 +0200 Subject: move some old stuff into graveyard --- contrib/k8s-emc/_graveyard_/acme-hack/do.sh | 23 ++++++ .../_graveyard_/acme-hack/nginx-acme-cm.yml | 41 ++++++++++ .../_graveyard_/acme-hack/nginx-acme-deploy.yml | 66 +++++++++++++++ .../_graveyard_/acme-hack/nginx-acme-ingress.yml | 19 +++++ .../_graveyard_/acme-hack/nginx-acme-svc.yml | 20 +++++ contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh | 6 ++ .../_graveyard_/elasticsearch-statefulset.yml | 62 +++++++++++++++ contrib/k8s-emc/_graveyard_/elasticsearch-svc.yml | 16 ++++ contrib/k8s-emc/_graveyard_/kibana-deploy.yml | 48 +++++++++++ contrib/k8s-emc/_graveyard_/kibana-ingress.yml | 26 ++++++ contrib/k8s-emc/_graveyard_/kibana-svc.yml | 16 ++++ .../_graveyard_/onion-hack/stream-site-cm.yml | 61 ++++++++++++++ .../_graveyard_/onion-hack/stream-site-deploy.yml | 93 ++++++++++++++++++++++ .../_graveyard_/onion-hack/stream-site-secret.yml | 14 ++++ contrib/k8s-emc/acme-hack/do.sh | 23 ------ contrib/k8s-emc/acme-hack/nginx-acme-cm.yml | 41 ---------- contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml | 66 --------------- contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml | 19 ----- contrib/k8s-emc/acme-hack/nginx-acme-svc.yml | 20 ----- contrib/k8s-emc/acme-hack/wipe.sh | 6 -- contrib/k8s-emc/elasticsearch-statefulset.yml | 62 --------------- contrib/k8s-emc/elasticsearch-svc.yml | 16 ---- contrib/k8s-emc/import-acme-certs.sh | 9 +++ contrib/k8s-emc/kibana-deploy.yml | 48 ----------- contrib/k8s-emc/kibana-ingress.yml | 26 ------ contrib/k8s-emc/kibana-svc.yml | 16 ---- contrib/k8s-emc/onion-hack/stream-site-cm.yml | 61 -------------- contrib/k8s-emc/onion-hack/stream-site-deploy.yml | 93 ---------------------- contrib/k8s-emc/onion-hack/stream-site-secret.yml | 14 ---- 29 files changed, 520 insertions(+), 511 deletions(-) create mode 100755 contrib/k8s-emc/_graveyard_/acme-hack/do.sh create mode 100644 contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml create mode 100644 contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml create mode 100644 contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml create mode 100644 contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml create mode 100755 contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh create mode 100644 contrib/k8s-emc/_graveyard_/elasticsearch-statefulset.yml create mode 100644 contrib/k8s-emc/_graveyard_/elasticsearch-svc.yml create mode 100644 contrib/k8s-emc/_graveyard_/kibana-deploy.yml create mode 100644 contrib/k8s-emc/_graveyard_/kibana-ingress.yml create mode 100644 contrib/k8s-emc/_graveyard_/kibana-svc.yml create mode 100644 contrib/k8s-emc/_graveyard_/onion-hack/stream-site-cm.yml create mode 100644 contrib/k8s-emc/_graveyard_/onion-hack/stream-site-deploy.yml create mode 100644 contrib/k8s-emc/_graveyard_/onion-hack/stream-site-secret.yml delete mode 100755 contrib/k8s-emc/acme-hack/do.sh delete mode 100644 contrib/k8s-emc/acme-hack/nginx-acme-cm.yml delete mode 100644 contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml delete mode 100644 contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml delete mode 100644 contrib/k8s-emc/acme-hack/nginx-acme-svc.yml delete mode 100755 contrib/k8s-emc/acme-hack/wipe.sh delete mode 100644 contrib/k8s-emc/elasticsearch-statefulset.yml delete mode 100644 contrib/k8s-emc/elasticsearch-svc.yml create mode 100755 contrib/k8s-emc/import-acme-certs.sh delete mode 100644 contrib/k8s-emc/kibana-deploy.yml delete mode 100644 contrib/k8s-emc/kibana-ingress.yml delete mode 100644 contrib/k8s-emc/kibana-svc.yml delete mode 100644 contrib/k8s-emc/onion-hack/stream-site-cm.yml delete mode 100644 contrib/k8s-emc/onion-hack/stream-site-deploy.yml delete mode 100644 contrib/k8s-emc/onion-hack/stream-site-secret.yml diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/do.sh b/contrib/k8s-emc/_graveyard_/acme-hack/do.sh new file mode 100755 index 0000000..3c2b5e3 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/do.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +declare -A domains +domains[emc-live]="emc-live.elev8.at" +domains[emc-stats]="emc-stats.elev8.at" +domains[stream-elev8]="stream.elev8.at" +domains[stream-elevate]="stream.elevate.at" + +kubectl apply -f nginx-acme-cm.yml +kubectl apply -f nginx-acme-deploy.yml +kubectl apply -f nginx-acme-svc.yml +for name in "${!domains[@]}"; do + cat nginx-acme-ingress.yml | sed "s/<>/$name/g" | sed "s/<>/${domains[$name]}/g" | kubectl apply -f - +done + +### TODO: wait for all pods and then contiune the script +#exit 0 + +ssh emc-00 systemctl start acmetool + +for name in "${!domains[@]}"; do + ssh emc-00 kubectl -n emc create secret tls "$name\-tls" "--cert=/var/lib/acme/live/${domains[$name]}/fullchain" "--key=/var/lib/acme/live/${domains[$name]}/privkey" --dry-run -o json | kubectl apply -f - +done diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml new file mode 100644 index 0000000..9050c04 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-cm.yml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: emc + name: nginx-acme-hack + labels: + app: nginx + type: acme-challenge + tier: hack +data: + nginx.conf: | + worker_processes 1; + pid /srv/nginx.pid; + error_log /dev/stderr notice; + + events { + worker_connections 64; + # multi_accept on; + } + + http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/null; + + server { + listen 8080 default_server; + server_name _; + + root /srv/www; + } + } diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml new file mode 100644 index 0000000..3549f0d --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-deploy.yml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: emc + name: nginx-acme-hack-emc-00 + labels: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 + strategy: + type: Recreate + revisionHistoryLimit: 5 + template: + metadata: + labels: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 + spec: + nodeName: emc-00 + securityContext: + runAsUser: 998 + fsGroup: 998 + containers: + - name: nginx + image: spreadspace/nginx:4 + imagePullPolicy: Always + args: + - nginx + - -c + - /srv/config/nginx.conf + - -g + - "daemon off;" + volumeMounts: + - name: home + mountPath: /srv + - name: nginx-lib + mountPath: /var/lib/nginx + - name: nginx-config + mountPath: /srv/config + - name: acme-challenge + mountPath: /srv/www/.well-known/acme-challenge + volumes: + - name: home + emptyDir: + medium: Memory + - name: nginx-lib + emptyDir: + medium: Memory + - name: nginx-config + configMap: + name: nginx-acme-hack + - name: acme-challenge + hostPath: + type: DirectoryOrCreate + path: /var/run/acme/acme-challenge/ diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml new file mode 100644 index 0000000..c6c2b0b --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-ingress.yml @@ -0,0 +1,19 @@ +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + namespace: emc + name: nginx-acme-hack-<> + labels: + app: nginx + type: acme-challenge + tier: hack +spec: + rules: + - host: <> + http: + paths: + - path: /.well-known/acme-challenge/ + backend: + serviceName: nginx-acme-hack-emc-00 + servicePort: 8080 diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml new file mode 100644 index 0000000..7bc3540 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/nginx-acme-svc.yml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: emc + name: nginx-acme-hack-emc-00 + labels: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 +spec: + selector: + app: nginx + type: acme-challenge + tier: hack + worker: emc-00 + clusterIP: None + ports: + - name: http + port: 8080 diff --git a/contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh b/contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh new file mode 100755 index 0000000..6834aa6 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/acme-hack/wipe.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +kubectl --namespace emc delete ingress -l tier=hack -l type=acme-challenge +kubectl --namespace emc delete svc -l tier=hack -l type=acme-challenge +kubectl --namespace emc delete deploy -l tier=hack -l type=acme-challenge +kubectl --namespace emc delete cm -l tier=hack -l type=acme-challenge diff --git a/contrib/k8s-emc/_graveyard_/elasticsearch-statefulset.yml b/contrib/k8s-emc/_graveyard_/elasticsearch-statefulset.yml new file mode 100644 index 0000000..86edd8f --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/elasticsearch-statefulset.yml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + namespace: emc + name: stats-es + labels: + app: elasticsearch + tier: stats +spec: + serviceName: stats-es + replicas: 1 + selector: + matchLabels: + app: elasticsearch + tier: stats + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: elasticsearch + tier: stats + spec: + nodeName: emc-stats + securityContext: + runAsUser: 998 + fsGroup: 998 + initContainers: + - name: prepare-es-data + image: busybox + command: ['sh', '-c', 'chown 998:998 /srv/data && chmod 700 /srv/data'] + securityContext: + runAsUser: 0 + volumeMounts: + - name: es-data + mountPath: /srv/data + containers: + - name: elasticsearch + image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.2 + imagePullPolicy: Always + resources: + limits: + memory: 3072Mi + requests: + memory: 2048Mi + env: + - name: ES_JAVA_OPTS + value: "-Xms1536m -Xmx1536m" + - name: cluster.name + value: emc-stats + - name: node.name + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: es-data + mountPath: /usr/share/elasticsearch/data + volumes: + - name: es-data + hostPath: + type: DirectoryOrCreate + path: /srv/stats/elasticsearch diff --git a/contrib/k8s-emc/_graveyard_/elasticsearch-svc.yml b/contrib/k8s-emc/_graveyard_/elasticsearch-svc.yml new file mode 100644 index 0000000..d3451a8 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/elasticsearch-svc.yml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: emc + name: stats-es + labels: + app: elasticsearch + tier: stats +spec: + selector: + app: elasticsearch + tier: stats + clusterIP: 172.18.242.12 + ports: + - name: http + port: 9200 diff --git a/contrib/k8s-emc/_graveyard_/kibana-deploy.yml b/contrib/k8s-emc/_graveyard_/kibana-deploy.yml new file mode 100644 index 0000000..eabb003 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/kibana-deploy.yml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: emc + name: stats-kibana + labels: + app: kibana + tier: stats +spec: + replicas: 1 + selector: + matchLabels: + app: kibana + tier: stats + strategy: + type: Recreate + revisionHistoryLimit: 5 + template: + metadata: + labels: + app: kibana + tier: stats + spec: + nodeName: emc-stats + securityContext: + runAsUser: 998 + fsGroup: 998 + containers: + - name: kibana + image: docker.elastic.co/kibana/kibana-oss:6.2.1 + imagePullPolicy: Always + resources: + limits: + memory: 3072Mi + requests: + memory: 2048Mi + env: + - name: ELASTICSEARCH_URL + value: http://stats-es:9200/ + - name: SERVER_BASEPATH + value: "/kibana" + volumeMounts: + - name: optimize + mountPath: /usr/share/kibana/optimize + volumes: + - name: optimize + emptyDir: + medium: Memory diff --git a/contrib/k8s-emc/_graveyard_/kibana-ingress.yml b/contrib/k8s-emc/_graveyard_/kibana-ingress.yml new file mode 100644 index 0000000..572a012 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/kibana-ingress.yml @@ -0,0 +1,26 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + namespace: emc + name: stats-kibana + labels: + app: kibana + tier: stats + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: stats-auth + nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - Elevate Mediachannel Stats" +spec: + tls: + - secretName: stream-stats-tls + hosts: + - elevate-stats.spreadspace.org + rules: + - host: elevate-stats.spreadspace.org + http: + paths: + - path: /kibana + backend: + serviceName: stats-kibana + servicePort: 5601 diff --git a/contrib/k8s-emc/_graveyard_/kibana-svc.yml b/contrib/k8s-emc/_graveyard_/kibana-svc.yml new file mode 100644 index 0000000..1dd9250 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/kibana-svc.yml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: emc + name: stats-kibana + labels: + app: kibana + tier: stats +spec: + selector: + app: kibana + tier: stats + clusterIP: 172.18.242.13 + ports: + - name: http + port: 5601 diff --git a/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-cm.yml b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-cm.yml new file mode 100644 index 0000000..556bfe3 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-cm.yml @@ -0,0 +1,61 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: emc + name: stream-site-public-onion + labels: + app: nginx + type: stream-site + stream: public-onion +data: + torrc: | + ## Set DataDirectory + DataDirectory /var/lib/tor + + ## Do not act as a SOCKS proxy + SOCKSPort 0 + + ## Publish a hidden service + HiddenServiceDir /srv/onion_service/ + HiddenServicePort 80 127.0.0.1:8080 + + HiddenServiceNonAnonymousMode 1 + HiddenServiceSingleHopMode 1 + nginx.conf: | + worker_processes 4; + pid /srv/nginx.pid; + error_log /dev/stderr notice; + + events { + worker_connections 768; + # multi_accept on; + } + + http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/null; + + server { + listen 127.0.0.1:8080 default_server; + + server_name _; + + root /srv/www; + + location /js/config.js { + alias /srv/config/config.js; + } + } + } + config.js: | + var config = {"resolutions": {"1080p25": {"width": 1920, "height": 1080, "rate": "25/1"}, "720p25": {"width": 1280, "height": 720, "rate": "25/1"}, "480p25": {"width": 854, "height": 480, "rate": "25/1"}, "360p25": {"width": 640, "height": 360, "rate": "25/1"}, "240p25": {"width": 426, "height": 240, "rate": "25/1"}}, "profiles": {"full": {"video": "1080p25", "audio": 160}, "high": {"video": "720p25", "audio": 160}, "medium": {"video": "480p25", "audio": 128}, "low": {"video": "360p25", "audio": 96}, "mini": {"video": "240p25", "audio": 64}, "rec": {"video": "1080p25", "audio": 0}}, "muxes": {"av-orig": {"video": "sdi-orig:video", "audio": "sdi-orig:audio", "formats": {"flash": ["high", "medium", "low", "mini"], "webm": ["high", "medium", "low", "mini"]}}, "audio-orig": {"audio": "sdi-orig:audio", "formats": {"ogg": ["high", "medium", "low", "mini"], "mp3": ["high", "medium", "low", "mini"]}}}, "streamBaseUrl": "http://elevatexfonbiisp.onion:8000"}; diff --git a/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-deploy.yml b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-deploy.yml new file mode 100644 index 0000000..8ae9b14 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-deploy.yml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: emc + name: stream-site-public-onion + labels: + app: nginx + type: stream-site + stream: public-onion +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + type: stream-site + stream: public-onion + strategy: + type: Recreate + revisionHistoryLimit: 5 + template: + metadata: + labels: + app: nginx + type: stream-site + stream: public-onion + spec: + nodeName: emc-00 + securityContext: + runAsUser: 998 + fsGroup: 998 + initContainers: + - name: prepare-onion + image: busybox + command: ['sh', '-c', 'mkdir /srv/onion_service && cp /secrets/onion_service/* /srv/onion_service && chown -R 998:998 /var/lib/tor /srv/onion_service && chmod 0750 /var/lib/tor && chmod 0700 /srv/onion_service'] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /srv + - name: onion-lib + mountPath: /var/lib/tor + - name: onion-service + mountPath: /secrets/onion_service/ + containers: + - name: nginx + image: spreadspace/nginx-streaming:4 + imagePullPolicy: Always + args: + - nginx + - -c + - /srv/config/nginx.conf + - -g + - "daemon off;" + volumeMounts: + - name: home + mountPath: /srv + - name: nginx-lib + mountPath: /var/lib/nginx + - name: config + mountPath: /srv/config + - name: www + mountPath: /srv/www + - name: onion-service + image: spreadspace/onion-service:master-23 + imagePullPolicy: Always + args: [ '/usr/bin/tor', '-f', '/srv/config/torrc', '--RunAsDaemon', '0' ] + volumeMounts: + - name: home + mountPath: /srv + - name: onion-lib + mountPath: /var/lib/tor + - name: config + mountPath: /srv/config + volumes: + - name: home + emptyDir: + medium: Memory + - name: onion-lib + emptyDir: + medium: Memory + - name: nginx-lib + emptyDir: + medium: Memory + - name: config + configMap: + name: stream-site-public-onion + - name: www + hostPath: + type: Directory + path: /srv/www/emc18 + - name: onion-service + secret: + secretName: stream-site-public-onion diff --git a/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-secret.yml b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-secret.yml new file mode 100644 index 0000000..00ca264 --- /dev/null +++ b/contrib/k8s-emc/_graveyard_/onion-hack/stream-site-secret.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: emc + name: stream-site-public-onion + labels: + app: nginx + type: stream-site + stream: public-onion +type: Opaque +data: + hostname: "" + private_key: "" + onion_service_non_anonymous: "" diff --git a/contrib/k8s-emc/acme-hack/do.sh b/contrib/k8s-emc/acme-hack/do.sh deleted file mode 100755 index 3c2b5e3..0000000 --- a/contrib/k8s-emc/acme-hack/do.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -declare -A domains -domains[emc-live]="emc-live.elev8.at" -domains[emc-stats]="emc-stats.elev8.at" -domains[stream-elev8]="stream.elev8.at" -domains[stream-elevate]="stream.elevate.at" - -kubectl apply -f nginx-acme-cm.yml -kubectl apply -f nginx-acme-deploy.yml -kubectl apply -f nginx-acme-svc.yml -for name in "${!domains[@]}"; do - cat nginx-acme-ingress.yml | sed "s/<>/$name/g" | sed "s/<>/${domains[$name]}/g" | kubectl apply -f - -done - -### TODO: wait for all pods and then contiune the script -#exit 0 - -ssh emc-00 systemctl start acmetool - -for name in "${!domains[@]}"; do - ssh emc-00 kubectl -n emc create secret tls "$name\-tls" "--cert=/var/lib/acme/live/${domains[$name]}/fullchain" "--key=/var/lib/acme/live/${domains[$name]}/privkey" --dry-run -o json | kubectl apply -f - -done diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-cm.yml b/contrib/k8s-emc/acme-hack/nginx-acme-cm.yml deleted file mode 100644 index 9050c04..0000000 --- a/contrib/k8s-emc/acme-hack/nginx-acme-cm.yml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: emc - name: nginx-acme-hack - labels: - app: nginx - type: acme-challenge - tier: hack -data: - nginx.conf: | - worker_processes 1; - pid /srv/nginx.pid; - error_log /dev/stderr notice; - - events { - worker_connections 64; - # multi_accept on; - } - - http { - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - server_names_hash_bucket_size 64; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - access_log /dev/null; - - server { - listen 8080 default_server; - server_name _; - - root /srv/www; - } - } diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml b/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml deleted file mode 100644 index 3549f0d..0000000 --- a/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: emc - name: nginx-acme-hack-emc-00 - labels: - app: nginx - type: acme-challenge - tier: hack - worker: emc-00 -spec: - replicas: 1 - selector: - matchLabels: - app: nginx - type: acme-challenge - tier: hack - worker: emc-00 - strategy: - type: Recreate - revisionHistoryLimit: 5 - template: - metadata: - labels: - app: nginx - type: acme-challenge - tier: hack - worker: emc-00 - spec: - nodeName: emc-00 - securityContext: - runAsUser: 998 - fsGroup: 998 - containers: - - name: nginx - image: spreadspace/nginx:4 - imagePullPolicy: Always - args: - - nginx - - -c - - /srv/config/nginx.conf - - -g - - "daemon off;" - volumeMounts: - - name: home - mountPath: /srv - - name: nginx-lib - mountPath: /var/lib/nginx - - name: nginx-config - mountPath: /srv/config - - name: acme-challenge - mountPath: /srv/www/.well-known/acme-challenge - volumes: - - name: home - emptyDir: - medium: Memory - - name: nginx-lib - emptyDir: - medium: Memory - - name: nginx-config - configMap: - name: nginx-acme-hack - - name: acme-challenge - hostPath: - type: DirectoryOrCreate - path: /var/run/acme/acme-challenge/ diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml b/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml deleted file mode 100644 index c6c2b0b..0000000 --- a/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - namespace: emc - name: nginx-acme-hack-<> - labels: - app: nginx - type: acme-challenge - tier: hack -spec: - rules: - - host: <> - http: - paths: - - path: /.well-known/acme-challenge/ - backend: - serviceName: nginx-acme-hack-emc-00 - servicePort: 8080 diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml b/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml deleted file mode 100644 index 7bc3540..0000000 --- a/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: emc - name: nginx-acme-hack-emc-00 - labels: - app: nginx - type: acme-challenge - tier: hack - worker: emc-00 -spec: - selector: - app: nginx - type: acme-challenge - tier: hack - worker: emc-00 - clusterIP: None - ports: - - name: http - port: 8080 diff --git a/contrib/k8s-emc/acme-hack/wipe.sh b/contrib/k8s-emc/acme-hack/wipe.sh deleted file mode 100755 index 6834aa6..0000000 --- a/contrib/k8s-emc/acme-hack/wipe.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -kubectl --namespace emc delete ingress -l tier=hack -l type=acme-challenge -kubectl --namespace emc delete svc -l tier=hack -l type=acme-challenge -kubectl --namespace emc delete deploy -l tier=hack -l type=acme-challenge -kubectl --namespace emc delete cm -l tier=hack -l type=acme-challenge diff --git a/contrib/k8s-emc/elasticsearch-statefulset.yml b/contrib/k8s-emc/elasticsearch-statefulset.yml deleted file mode 100644 index 86edd8f..0000000 --- a/contrib/k8s-emc/elasticsearch-statefulset.yml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - namespace: emc - name: stats-es - labels: - app: elasticsearch - tier: stats -spec: - serviceName: stats-es - replicas: 1 - selector: - matchLabels: - app: elasticsearch - tier: stats - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app: elasticsearch - tier: stats - spec: - nodeName: emc-stats - securityContext: - runAsUser: 998 - fsGroup: 998 - initContainers: - - name: prepare-es-data - image: busybox - command: ['sh', '-c', 'chown 998:998 /srv/data && chmod 700 /srv/data'] - securityContext: - runAsUser: 0 - volumeMounts: - - name: es-data - mountPath: /srv/data - containers: - - name: elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.2 - imagePullPolicy: Always - resources: - limits: - memory: 3072Mi - requests: - memory: 2048Mi - env: - - name: ES_JAVA_OPTS - value: "-Xms1536m -Xmx1536m" - - name: cluster.name - value: emc-stats - - name: node.name - valueFrom: - fieldRef: - fieldPath: metadata.name - volumeMounts: - - name: es-data - mountPath: /usr/share/elasticsearch/data - volumes: - - name: es-data - hostPath: - type: DirectoryOrCreate - path: /srv/stats/elasticsearch diff --git a/contrib/k8s-emc/elasticsearch-svc.yml b/contrib/k8s-emc/elasticsearch-svc.yml deleted file mode 100644 index d3451a8..0000000 --- a/contrib/k8s-emc/elasticsearch-svc.yml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: emc - name: stats-es - labels: - app: elasticsearch - tier: stats -spec: - selector: - app: elasticsearch - tier: stats - clusterIP: 172.18.242.12 - ports: - - name: http - port: 9200 diff --git a/contrib/k8s-emc/import-acme-certs.sh b/contrib/k8s-emc/import-acme-certs.sh new file mode 100755 index 0000000..b85fa42 --- /dev/null +++ b/contrib/k8s-emc/import-acme-certs.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +declare -A domains +domains[emc-stats]="emc-stats.elev8.at" +domains[stream-elev8]="stream.elev8.at" +domains[stream-elevate]="stream.elevate.at" +for name in "${!domains[@]}"; do + ssh emc-00 kubectl -n emc create secret tls "$name\-tls" "--cert=/var/lib/acme/live/${domains[$name]}/fullchain" "--key=/var/lib/acme/live/${domains[$name]}/privkey" --dry-run=client -o json | kubectl apply -f - +done diff --git a/contrib/k8s-emc/kibana-deploy.yml b/contrib/k8s-emc/kibana-deploy.yml deleted file mode 100644 index eabb003..0000000 --- a/contrib/k8s-emc/kibana-deploy.yml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: emc - name: stats-kibana - labels: - app: kibana - tier: stats -spec: - replicas: 1 - selector: - matchLabels: - app: kibana - tier: stats - strategy: - type: Recreate - revisionHistoryLimit: 5 - template: - metadata: - labels: - app: kibana - tier: stats - spec: - nodeName: emc-stats - securityContext: - runAsUser: 998 - fsGroup: 998 - containers: - - name: kibana - image: docker.elastic.co/kibana/kibana-oss:6.2.1 - imagePullPolicy: Always - resources: - limits: - memory: 3072Mi - requests: - memory: 2048Mi - env: - - name: ELASTICSEARCH_URL - value: http://stats-es:9200/ - - name: SERVER_BASEPATH - value: "/kibana" - volumeMounts: - - name: optimize - mountPath: /usr/share/kibana/optimize - volumes: - - name: optimize - emptyDir: - medium: Memory diff --git a/contrib/k8s-emc/kibana-ingress.yml b/contrib/k8s-emc/kibana-ingress.yml deleted file mode 100644 index 572a012..0000000 --- a/contrib/k8s-emc/kibana-ingress.yml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - namespace: emc - name: stats-kibana - labels: - app: kibana - tier: stats - annotations: - nginx.ingress.kubernetes.io/rewrite-target: / - nginx.ingress.kubernetes.io/auth-type: basic - nginx.ingress.kubernetes.io/auth-secret: stats-auth - nginx.ingress.kubernetes.io/auth-realm: "Authentication Required - Elevate Mediachannel Stats" -spec: - tls: - - secretName: stream-stats-tls - hosts: - - elevate-stats.spreadspace.org - rules: - - host: elevate-stats.spreadspace.org - http: - paths: - - path: /kibana - backend: - serviceName: stats-kibana - servicePort: 5601 diff --git a/contrib/k8s-emc/kibana-svc.yml b/contrib/k8s-emc/kibana-svc.yml deleted file mode 100644 index 1dd9250..0000000 --- a/contrib/k8s-emc/kibana-svc.yml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: emc - name: stats-kibana - labels: - app: kibana - tier: stats -spec: - selector: - app: kibana - tier: stats - clusterIP: 172.18.242.13 - ports: - - name: http - port: 5601 diff --git a/contrib/k8s-emc/onion-hack/stream-site-cm.yml b/contrib/k8s-emc/onion-hack/stream-site-cm.yml deleted file mode 100644 index 556bfe3..0000000 --- a/contrib/k8s-emc/onion-hack/stream-site-cm.yml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: emc - name: stream-site-public-onion - labels: - app: nginx - type: stream-site - stream: public-onion -data: - torrc: | - ## Set DataDirectory - DataDirectory /var/lib/tor - - ## Do not act as a SOCKS proxy - SOCKSPort 0 - - ## Publish a hidden service - HiddenServiceDir /srv/onion_service/ - HiddenServicePort 80 127.0.0.1:8080 - - HiddenServiceNonAnonymousMode 1 - HiddenServiceSingleHopMode 1 - nginx.conf: | - worker_processes 4; - pid /srv/nginx.pid; - error_log /dev/stderr notice; - - events { - worker_connections 768; - # multi_accept on; - } - - http { - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - server_names_hash_bucket_size 64; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - access_log /dev/null; - - server { - listen 127.0.0.1:8080 default_server; - - server_name _; - - root /srv/www; - - location /js/config.js { - alias /srv/config/config.js; - } - } - } - config.js: | - var config = {"resolutions": {"1080p25": {"width": 1920, "height": 1080, "rate": "25/1"}, "720p25": {"width": 1280, "height": 720, "rate": "25/1"}, "480p25": {"width": 854, "height": 480, "rate": "25/1"}, "360p25": {"width": 640, "height": 360, "rate": "25/1"}, "240p25": {"width": 426, "height": 240, "rate": "25/1"}}, "profiles": {"full": {"video": "1080p25", "audio": 160}, "high": {"video": "720p25", "audio": 160}, "medium": {"video": "480p25", "audio": 128}, "low": {"video": "360p25", "audio": 96}, "mini": {"video": "240p25", "audio": 64}, "rec": {"video": "1080p25", "audio": 0}}, "muxes": {"av-orig": {"video": "sdi-orig:video", "audio": "sdi-orig:audio", "formats": {"flash": ["high", "medium", "low", "mini"], "webm": ["high", "medium", "low", "mini"]}}, "audio-orig": {"audio": "sdi-orig:audio", "formats": {"ogg": ["high", "medium", "low", "mini"], "mp3": ["high", "medium", "low", "mini"]}}}, "streamBaseUrl": "http://elevatexfonbiisp.onion:8000"}; diff --git a/contrib/k8s-emc/onion-hack/stream-site-deploy.yml b/contrib/k8s-emc/onion-hack/stream-site-deploy.yml deleted file mode 100644 index 8ae9b14..0000000 --- a/contrib/k8s-emc/onion-hack/stream-site-deploy.yml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: emc - name: stream-site-public-onion - labels: - app: nginx - type: stream-site - stream: public-onion -spec: - replicas: 1 - selector: - matchLabels: - app: nginx - type: stream-site - stream: public-onion - strategy: - type: Recreate - revisionHistoryLimit: 5 - template: - metadata: - labels: - app: nginx - type: stream-site - stream: public-onion - spec: - nodeName: emc-00 - securityContext: - runAsUser: 998 - fsGroup: 998 - initContainers: - - name: prepare-onion - image: busybox - command: ['sh', '-c', 'mkdir /srv/onion_service && cp /secrets/onion_service/* /srv/onion_service && chown -R 998:998 /var/lib/tor /srv/onion_service && chmod 0750 /var/lib/tor && chmod 0700 /srv/onion_service'] - securityContext: - runAsUser: 0 - volumeMounts: - - name: home - mountPath: /srv - - name: onion-lib - mountPath: /var/lib/tor - - name: onion-service - mountPath: /secrets/onion_service/ - containers: - - name: nginx - image: spreadspace/nginx-streaming:4 - imagePullPolicy: Always - args: - - nginx - - -c - - /srv/config/nginx.conf - - -g - - "daemon off;" - volumeMounts: - - name: home - mountPath: /srv - - name: nginx-lib - mountPath: /var/lib/nginx - - name: config - mountPath: /srv/config - - name: www - mountPath: /srv/www - - name: onion-service - image: spreadspace/onion-service:master-23 - imagePullPolicy: Always - args: [ '/usr/bin/tor', '-f', '/srv/config/torrc', '--RunAsDaemon', '0' ] - volumeMounts: - - name: home - mountPath: /srv - - name: onion-lib - mountPath: /var/lib/tor - - name: config - mountPath: /srv/config - volumes: - - name: home - emptyDir: - medium: Memory - - name: onion-lib - emptyDir: - medium: Memory - - name: nginx-lib - emptyDir: - medium: Memory - - name: config - configMap: - name: stream-site-public-onion - - name: www - hostPath: - type: Directory - path: /srv/www/emc18 - - name: onion-service - secret: - secretName: stream-site-public-onion diff --git a/contrib/k8s-emc/onion-hack/stream-site-secret.yml b/contrib/k8s-emc/onion-hack/stream-site-secret.yml deleted file mode 100644 index 00ca264..0000000 --- a/contrib/k8s-emc/onion-hack/stream-site-secret.yml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - namespace: emc - name: stream-site-public-onion - labels: - app: nginx - type: stream-site - stream: public-onion -type: Opaque -data: - hostname: "" - private_key: "" - onion_service_non_anonymous: "" -- cgit v1.2.3