From 7ae2c0a221dae2368844e32a5646e0d94b48c37a Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 18 Feb 2018 23:09:27 +0100
Subject: onionbalance should be working now

---
 .../default/kubernetes/onionbalance-deploy.yml.j2  | 63 ++++++++++++++++++++++
 .../default/kubernetes/onionbalance-role.yml.j2    | 14 +++++
 .../kubernetes/onionbalance-rolebinding.yml.j2     | 13 +++++
 .../default/kubernetes/onionbalance-sa.yml.j2      |  5 ++
 .../default/kubernetes/onionbalance-secret.yml.j2  |  9 ++++
 templates/default/kubernetes/sfive-deploy.yml.j2   |  2 +-
 6 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 templates/default/kubernetes/onionbalance-deploy.yml.j2
 create mode 100644 templates/default/kubernetes/onionbalance-role.yml.j2
 create mode 100644 templates/default/kubernetes/onionbalance-rolebinding.yml.j2
 create mode 100644 templates/default/kubernetes/onionbalance-sa.yml.j2
 create mode 100644 templates/default/kubernetes/onionbalance-secret.yml.j2

(limited to 'templates')

diff --git a/templates/default/kubernetes/onionbalance-deploy.yml.j2 b/templates/default/kubernetes/onionbalance-deploy.yml.j2
new file mode 100644
index 0000000..c63b247
--- /dev/null
+++ b/templates/default/kubernetes/onionbalance-deploy.yml.j2
@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ namespace }}
+  name: onionbalance
+  labels:
+    app: onionbalance
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: onionbalance
+  strategy:
+    type: Recreate
+  revisionHistoryLimit: 5
+  template:
+    metadata:
+      labels:
+        app: onionbalance
+    spec:
+      nodeName: {{ worker.name }}
+      serviceAccountName: onionbalance
+      securityContext:
+        runAsUser: 998
+        fsGroup: 998
+      containers:
+      - name: tor
+        image: spreadspace/onionbalance:{{ desc.globals.deployment.parameter.onionbalance_image_version }}
+        imagePullPolicy: Always
+        args:
+        - /run-tor.sh
+        volumeMounts:
+        - name: onion-run
+          mountPath: /var/run/tor
+        - name: onion-lib
+          mountPath: /var/lib/tor
+      - name: balance
+        image: spreadspace/onionbalance:{{ desc.globals.deployment.parameter.onionbalance_image_version }}
+        imagePullPolicy: Always
+        args:
+        - /run-balance.sh
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        volumeMounts:
+        - name: onion-run
+          mountPath: /var/run/tor
+        - name: onion-keys
+          readOnly: true
+          mountPath: /var/run/secrets/spreadspace.org/onionbalance
+      volumes:
+      - name: onion-run
+        emptyDir:
+          medium: Memory
+      - name: onion-lib
+        hostPath:
+          type: DirectoryOrCreate
+          path: /var/lib/tor/{{ desc.globals.name }}/_balance
+      - name: onion-keys
+        secret:
+          secretName: onionbalance
diff --git a/templates/default/kubernetes/onionbalance-role.yml.j2 b/templates/default/kubernetes/onionbalance-role.yml.j2
new file mode 100644
index 0000000..bd4f743
--- /dev/null
+++ b/templates/default/kubernetes/onionbalance-role.yml.j2
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ namespace }}
+  name: onionbalance
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/templates/default/kubernetes/onionbalance-rolebinding.yml.j2 b/templates/default/kubernetes/onionbalance-rolebinding.yml.j2
new file mode 100644
index 0000000..6623d6c
--- /dev/null
+++ b/templates/default/kubernetes/onionbalance-rolebinding.yml.j2
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: {{ namespace }}
+  name: onionbalance
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: onionbalance
+subjects:
+- kind: ServiceAccount
+  name: onionbalance
+  namespace: {{ namespace }}
diff --git a/templates/default/kubernetes/onionbalance-sa.yml.j2 b/templates/default/kubernetes/onionbalance-sa.yml.j2
new file mode 100644
index 0000000..d92b374
--- /dev/null
+++ b/templates/default/kubernetes/onionbalance-sa.yml.j2
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ namespace }}
+  name: onionbalance
diff --git a/templates/default/kubernetes/onionbalance-secret.yml.j2 b/templates/default/kubernetes/onionbalance-secret.yml.j2
new file mode 100644
index 0000000..73ee05e
--- /dev/null
+++ b/templates/default/kubernetes/onionbalance-secret.yml.j2
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  namespace: {{ namespace }}
+  name: onionbalance
+  labels:
+    app: onionbalance
+type: Opaque
+data:
diff --git a/templates/default/kubernetes/sfive-deploy.yml.j2 b/templates/default/kubernetes/sfive-deploy.yml.j2
index 4613a03..aafb468 100644
--- a/templates/default/kubernetes/sfive-deploy.yml.j2
+++ b/templates/default/kubernetes/sfive-deploy.yml.j2
@@ -106,7 +106,7 @@ spec:
       - name: onion-lib
         hostPath:
           type: DirectoryOrCreate
-          path: /var/lib/tor/{{ desc.globals.name }}
+          path: /var/lib/tor/{{ desc.globals.name }}/{{ worker.flags.stream }}
 {% endif %}
       - name: proxy-config
         configMap:
-- 
cgit v1.2.3