job's done

000-namespace.yml

@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: feladat
+

001-configmap.yml

@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: feladat-config
+  namespace: feladat
+data:
+  index.html: |
+    HELLO TAB!
+

002-deployment.yml

@@ -0,0 +1,41 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: feladat
+  namespace: feladat
+  labels:
+    app: feladat
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: feladat
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: feladat
+    spec:
+      containers:
+      - name: feladat-apache
+        image: httpd:2
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: config-volume
+          mountPath: /usr/local/apache2/htdocs/
+        resources:
+          requests:
+            memory: "128Mi"
+            cpu: "250m"
+          limits:
+            memory: "256Mi"
+            cpu: "500m"
+      volumes:
+      - name: config-volume
+        configMap:
+          name: feladat-config
+

003-service.yml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: feladat-service
+  namespace: feladat
+  labels:
+    app: feladat
+spec:
+  ports:
+  - name: httpd
+    port: 80
+    targetPort: 80
+    protocol: TCP
+  selector:
+    app: feladat
+  type: ClusterIP
+

004-clusterissuer.yml

@@ -0,0 +1,18 @@
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  namespace: cert-manager
+spec:
+  acme:
+    email: tormakristof@tormakristof.eu
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: nginx-letsencrypt-secret
+    solvers:
+    - selector: {}
+      http01:
+        ingress:
+          class: nginx
+

005-ingress.yml

@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: feladat-ingress
+  namespace: feladat
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+spec:
+  tls:
+  - hosts:
+    - test01.botoffice.net
+    secretName: feladat-cert-secret
+  rules:
+  - host: "test01.botoffice.net"
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: feladat-service
+            port:
+              number: 80
+

haproxy-template.cfg

@@ -0,0 +1,58 @@
+global
+        log /dev/log    local0
+        log /dev/log    local1 notice
+        chroot /var/lib/haproxy
+        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+        stats timeout 30s
+        user haproxy
+        group haproxy
+        daemon
+
+        # Default SSL material locations
+        ca-base /etc/ssl/certs
+        crt-base /etc/ssl/private
+
+        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
+        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
+
+defaults
+        log     global
+        mode    http
+        option  httplog
+        option  dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+        errorfile 400 /etc/haproxy/errors/400.http
+        errorfile 403 /etc/haproxy/errors/403.http
+        errorfile 408 /etc/haproxy/errors/408.http
+        errorfile 500 /etc/haproxy/errors/500.http
+        errorfile 502 /etc/haproxy/errors/502.http
+        errorfile 503 /etc/haproxy/errors/503.http
+        errorfile 504 /etc/haproxy/errors/504.http
+
+frontend http
+  bind 0.0.0.0:80
+  mode tcp
+  use_backend kube-insec
+
+backend kube-insec
+  balance leastconn
+  mode tcp
+  backlog 10000
+  option  contstats
+  server self 192.168.49.2:##INSECSERVERPORT## check
+
+frontend hube-https
+  bind 0.0.0.0:443
+  mode tcp
+  use_backend kube
+
+backend kube
+  balance leastconn
+  mode tcp
+  backlog 10000
+  option  contstats
+  server self 192.168.49.2:##SERVERPORT## check

job-test.sh

@@ -0,0 +1,116 @@
+#!/usr/bin/env bash
+
+function installFavApps() {
+  sudo apt update
+  # Install my favorite applications and required packages
+  sudo apt install htop tmux docker.io conntrack haproxy kubectl
+  # Install helm
+  curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
+  sudo apt-get install apt-transport-https --yes
+  echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+  sudo apt-get update
+  sudo apt-get install helm
+  sudo usermod -aG docker $USER
+  echo "Please log out and log back in"
+}
+
+function installMinikube() {
+  # Download and install minikube
+  curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb
+  sudo dpkg -i minikube_latest_amd64.deb
+}
+
+function startMinikube() {
+  # Start minikube with Docker driver
+  minikube start --driver=docker
+}
+
+function stopMinikube() {
+  minikube tunnel --cleanup
+  minikube stop
+}
+
+function installHelmApps() {
+  helm repo add nginx-stable https://helm.nginx.com/stable
+  helm repo add jetstack https://charts.jetstack.io
+  helm repo update
+  # Install ingress-nginx See: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
+  helm install ingress-nginx nginx-stable/nginx-ingress --namespace ingress-nginx --create-namespace --set controller.service.type="NodePort"
+  # Install cert-manager See: https://artifacthub.io/packages/helm/cert-manager/cert-manager
+  helm install ert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
+}
+
+function configureHaproxy(){
+  # This is required to emulate a LoadBalancer..
+  minikube service -n=ingress-nginx ingress-nginx-nginx-ingress
+  # Get ip of loadbalancer
+  # This is a Go template that extracts the ports corresponding to the nginx controller service's 80 and 443 ports
+  # For more information see: https://stackoverflow.com/questions/37648553/is-there-anyway-to-get-the-external-ports-of-the-kubernetes-cluster
+  # This is then passed to the prepared template haproxy configuration and the service is restarted
+  NGINXPORTS=( $(kubectl get svc -n=ingress-nginx -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{"\n"}}{{end}}{{end}}{{end}}') )
+  echo "${NGINXPORTS[0]}"
+  sed -i "s|##INSECSERVERPORT##|${NGINXPORTS[0]}|" haproxy-template.cfg
+  echo "${NGINXPORTS[1]}"
+  sed -i "s|##SERVERPORT##|${NGINXPORTS[1]}|" haproxy-template.cfg
+  sudo cp haproxy-template.cfg /etc/haproxy/haproxy.cfg
+  sudo systemctl restart haproxy
+}
+
+function applyyaml(){
+  kubectl apply -f 000-namespace.yml
+  kubectl apply -f 001-configmap.yml
+  kubectl apply -f 002-deployment.yml
+  kubectl apply -f 003-service.yml
+  kubectl apply -f 004-cluserissuer.yml
+  kubectl apply -f 005-ingress.yml
+}
+
+function listCommands() {
+cat << EOT
+Available commands:
+
+prepare
+install
+start
+stop
+reconfigurehaproxy
+reapplyyaml
+help
+
+
+EOT
+}
+
+# Commands
+
+case $1 in
+    "prepare")
+        installFavApps
+        ;;
+    "install")
+        installMinikube
+        startMinikube
+        installHelmApps
+        configureHaproxy
+        applyyaml
+        ;;
+    "start")
+        startMinikube
+        ;;
+    "stop")
+        stopMinikube
+        ;;
+    "reconfigurehaproxy")
+        configureHaproxy
+        ;;
+    "reapplyyaml")
+        applyyaml
+        ;;
+    "help")
+        listCommands
+        ;;
+    *)
+        echo "No command found."
+        echo
+        listCommands
+esac