From 318d7020bb0e482106af665ee28f6d7348204908 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 25 Feb 2018 18:32:07 +0100 Subject: added hack for acmetool handling --- contrib/k8s-emc/acme-hack/do.sh | 19 +++++++ contrib/k8s-emc/acme-hack/nginx-acme-cm.yml | 41 +++++++++++++++ contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml | 66 ++++++++++++++++++++++++ contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml | 19 +++++++ contrib/k8s-emc/acme-hack/nginx-acme-svc.yml | 20 +++++++ contrib/k8s-emc/acme-hack/wipe.sh | 6 +++ 6 files changed, 171 insertions(+) create mode 100755 contrib/k8s-emc/acme-hack/do.sh create mode 100644 contrib/k8s-emc/acme-hack/nginx-acme-cm.yml create mode 100644 contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml create mode 100644 contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml create mode 100644 contrib/k8s-emc/acme-hack/nginx-acme-svc.yml create mode 100755 contrib/k8s-emc/acme-hack/wipe.sh (limited to 'contrib') diff --git a/contrib/k8s-emc/acme-hack/do.sh b/contrib/k8s-emc/acme-hack/do.sh new file mode 100755 index 0000000..70750e6 --- /dev/null +++ b/contrib/k8s-emc/acme-hack/do.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "usage: $0 (create|replace)" + exit 1 +fi + +kubectl "$1" -f nginx-acme-cm.yml +for node in emc-00 emc-01 emc-02 emc-03 emc-04 helene; do + cat nginx-acme-deploy.yml | sed "s/<>/$node/g" | kubectl "$1" -f - + cat nginx-acme-svc.yml | sed "s/<>/$node/g" | kubectl "$1" -f - + cat nginx-acme-ingress.yml | sed "s/<>/$node/g" | sed "s/<>/$node/g" | sed "s/<>/$node.spreadspace.org/g" | kubectl "$1" -f - +done + +cat nginx-acme-ingress.yml | sed "s/<>/elevate-live/g" | sed "s/<>/emc-00/g" | sed "s/<>/elevate-live.spreadspace.org/g" | kubectl "$1" -f - +cat nginx-acme-ingress.yml | sed "s/<>/elevate-stats/g" | sed "s/<>/emc-00/g" | sed "s/<>/elevate-stats.spreadspace.org/g" | kubectl "$1" -f - +cat nginx-acme-ingress.yml | sed "s/<>/elevate-stream/g" | sed "s/<>/emc-00/g" | sed "s/<>/stream.elevate.at/g" | kubectl "$1" -f - + +cat nginx-acme-ingress.yml | sed "s/<>/elevate-feed/g" | sed "s/<>/helene/g" | sed "s/<>/elevate-feed.spreadspace.org/g" | kubectl "$1" -f - diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-cm.yml b/contrib/k8s-emc/acme-hack/nginx-acme-cm.yml new file mode 100644 index 0000000..9050c04 --- /dev/null +++ b/contrib/k8s-emc/acme-hack/nginx-acme-cm.yml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: emc + name: nginx-acme-hack + labels: + app: nginx + type: acme-challenge + tier: hack +data: + nginx.conf: | + worker_processes 1; + pid /srv/nginx.pid; + error_log /dev/stderr notice; + + events { + worker_connections 64; + # multi_accept on; + } + + http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/null; + + server { + listen 8080 default_server; + server_name _; + + root /srv/www; + } + } diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml b/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml new file mode 100644 index 0000000..7800b32 --- /dev/null +++ b/contrib/k8s-emc/acme-hack/nginx-acme-deploy.yml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: emc + name: nginx-acme-hack-<> + labels: + app: nginx + type: acme-challenge + tier: hack + worker: <> +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + type: acme-challenge + tier: hack + worker: <> + strategy: + type: Recreate + revisionHistoryLimit: 5 + template: + metadata: + labels: + app: nginx + type: acme-challenge + tier: hack + worker: <> + spec: + nodeName: <> + securityContext: + runAsUser: 998 + fsGroup: 998 + containers: + - name: nginx + image: spreadspace/nginx:4 + imagePullPolicy: Always + args: + - nginx + - -c + - /srv/config/nginx.conf + - -g + - "daemon off;" + volumeMounts: + - name: home + mountPath: /srv + - name: nginx-lib + mountPath: /var/lib/nginx + - name: nginx-config + mountPath: /srv/config + - name: acme-challenge + mountPath: /srv/www/.well-known/acme-challenge + volumes: + - name: home + emptyDir: + medium: Memory + - name: nginx-lib + emptyDir: + medium: Memory + - name: nginx-config + configMap: + name: nginx-acme-hack + - name: acme-challenge + hostPath: + type: DirectoryOrCreate + path: /var/run/acme/acme-challenge/ diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml b/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml new file mode 100644 index 0000000..4e47cf2 --- /dev/null +++ b/contrib/k8s-emc/acme-hack/nginx-acme-ingress.yml @@ -0,0 +1,19 @@ +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + namespace: emc + name: nginx-acme-hack-<> + labels: + app: nginx + type: acme-challenge + tier: hack +spec: + rules: + - host: <> + http: + paths: + - path: /.well-known/acme-challenge/ + backend: + serviceName: nginx-acme-hack-<> + servicePort: 8080 diff --git a/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml b/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml new file mode 100644 index 0000000..318d1ca --- /dev/null +++ b/contrib/k8s-emc/acme-hack/nginx-acme-svc.yml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: emc + name: nginx-acme-hack-<> + labels: + app: nginx + type: acme-challenge + tier: hack + worker: <> +spec: + selector: + app: nginx + type: acme-challenge + tier: hack + worker: <> + clusterIP: None + ports: + - name: http + port: 8080 diff --git a/contrib/k8s-emc/acme-hack/wipe.sh b/contrib/k8s-emc/acme-hack/wipe.sh new file mode 100755 index 0000000..6834aa6 --- /dev/null +++ b/contrib/k8s-emc/acme-hack/wipe.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +kubectl --namespace emc delete ingress -l tier=hack -l type=acme-challenge +kubectl --namespace emc delete svc -l tier=hack -l type=acme-challenge +kubectl --namespace emc delete deploy -l tier=hack -l type=acme-challenge +kubectl --namespace emc delete cm -l tier=hack -l type=acme-challenge -- cgit v1.2.3