commit dac0c5b0af2e59c1bba03c3ee0eecc2d428ac513 Author: Kristof Torma Date: Thu Jan 13 00:24:56 2022 +0000 job's done diff --git a/000-namespace.yml b/000-namespace.yml new file mode 100644 index 0000000..dda29ed --- /dev/null +++ b/000-namespace.yml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: feladat + diff --git a/001-configmap.yml b/001-configmap.yml new file mode 100644 index 0000000..ec331b1 --- /dev/null +++ b/001-configmap.yml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: feladat-config + namespace: feladat +data: + index.html: | + HELLO TAB! + diff --git a/002-deployment.yml b/002-deployment.yml new file mode 100644 index 0000000..99cbf5d --- /dev/null +++ b/002-deployment.yml @@ -0,0 +1,41 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: feladat + namespace: feladat + labels: + app: feladat +spec: + replicas: 1 + selector: + matchLabels: + app: feladat + strategy: + type: Recreate + template: + metadata: + labels: + app: feladat + spec: + containers: + - name: feladat-apache + image: httpd:2 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 80 + volumeMounts: + - name: config-volume + mountPath: /usr/local/apache2/htdocs/ + resources: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "256Mi" + cpu: "500m" + volumes: + - name: config-volume + configMap: + name: feladat-config + diff --git a/003-service.yml b/003-service.yml new file mode 100644 index 0000000..e931018 --- /dev/null +++ b/003-service.yml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: feladat-service + namespace: feladat + labels: + app: feladat +spec: + ports: + - name: httpd + port: 80 + targetPort: 80 + protocol: TCP + selector: + app: feladat + type: ClusterIP + diff --git a/004-clusterissuer.yml b/004-clusterissuer.yml new file mode 100644 index 0000000..8144443 --- /dev/null +++ b/004-clusterissuer.yml @@ -0,0 +1,18 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod + namespace: cert-manager +spec: + acme: + email: tormakristof@tormakristof.eu + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: nginx-letsencrypt-secret + solvers: + - selector: {} + http01: + ingress: + class: nginx + diff --git a/005-ingress.yml b/005-ingress.yml new file mode 100644 index 0000000..dea066a --- /dev/null +++ b/005-ingress.yml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: feladat-ingress + namespace: feladat + annotations: + kubernetes.io/ingress.class: "nginx" + cert-manager.io/cluster-issuer: "letsencrypt-prod" +spec: + tls: + - hosts: + - test01.botoffice.net + secretName: feladat-cert-secret + rules: + - host: "test01.botoffice.net" + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: feladat-service + port: + number: 80 + diff --git a/haproxy-template.cfg b/haproxy-template.cfg new file mode 100644 index 0000000..7ab5dbe --- /dev/null +++ b/haproxy-template.cfg @@ -0,0 +1,58 @@ +global + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners + stats timeout 30s + user haproxy + group haproxy + daemon + + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate + ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets + +defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + +frontend http + bind 0.0.0.0:80 + mode tcp + use_backend kube-insec + +backend kube-insec + balance leastconn + mode tcp + backlog 10000 + option contstats + server self 192.168.49.2:##INSECSERVERPORT## check + +frontend hube-https + bind 0.0.0.0:443 + mode tcp + use_backend kube + +backend kube + balance leastconn + mode tcp + backlog 10000 + option contstats + server self 192.168.49.2:##SERVERPORT## check diff --git a/job-test.sh b/job-test.sh new file mode 100755 index 0000000..2bd9673 --- /dev/null +++ b/job-test.sh @@ -0,0 +1,116 @@ +#!/usr/bin/env bash + +function installFavApps() { + sudo apt update + # Install my favorite applications and required packages + sudo apt install htop tmux docker.io conntrack haproxy kubectl + # Install helm + curl https://baltocdn.com/helm/signing.asc | sudo apt-key add - + sudo apt-get install apt-transport-https --yes + echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list + sudo apt-get update + sudo apt-get install helm + sudo usermod -aG docker $USER + echo "Please log out and log back in" +} + +function installMinikube() { + # Download and install minikube + curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb + sudo dpkg -i minikube_latest_amd64.deb +} + +function startMinikube() { + # Start minikube with Docker driver + minikube start --driver=docker +} + +function stopMinikube() { + minikube tunnel --cleanup + minikube stop +} + +function installHelmApps() { + helm repo add nginx-stable https://helm.nginx.com/stable + helm repo add jetstack https://charts.jetstack.io + helm repo update + # Install ingress-nginx See: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx + helm install ingress-nginx nginx-stable/nginx-ingress --namespace ingress-nginx --create-namespace --set controller.service.type="NodePort" + # Install cert-manager See: https://artifacthub.io/packages/helm/cert-manager/cert-manager + helm install ert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true +} + +function configureHaproxy(){ + # This is required to emulate a LoadBalancer.. + minikube service -n=ingress-nginx ingress-nginx-nginx-ingress + # Get ip of loadbalancer + # This is a Go template that extracts the ports corresponding to the nginx controller service's 80 and 443 ports + # For more information see: https://stackoverflow.com/questions/37648553/is-there-anyway-to-get-the-external-ports-of-the-kubernetes-cluster + # This is then passed to the prepared template haproxy configuration and the service is restarted + NGINXPORTS=( $(kubectl get svc -n=ingress-nginx -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{"\n"}}{{end}}{{end}}{{end}}') ) + echo "${NGINXPORTS[0]}" + sed -i "s|##INSECSERVERPORT##|${NGINXPORTS[0]}|" haproxy-template.cfg + echo "${NGINXPORTS[1]}" + sed -i "s|##SERVERPORT##|${NGINXPORTS[1]}|" haproxy-template.cfg + sudo cp haproxy-template.cfg /etc/haproxy/haproxy.cfg + sudo systemctl restart haproxy +} + +function applyyaml(){ + kubectl apply -f 000-namespace.yml + kubectl apply -f 001-configmap.yml + kubectl apply -f 002-deployment.yml + kubectl apply -f 003-service.yml + kubectl apply -f 004-cluserissuer.yml + kubectl apply -f 005-ingress.yml +} + +function listCommands() { +cat << EOT +Available commands: + +prepare +install +start +stop +reconfigurehaproxy +reapplyyaml +help + + +EOT +} + +# Commands + +case $1 in + "prepare") + installFavApps + ;; + "install") + installMinikube + startMinikube + installHelmApps + configureHaproxy + applyyaml + ;; + "start") + startMinikube + ;; + "stop") + stopMinikube + ;; + "reconfigurehaproxy") + configureHaproxy + ;; + "reapplyyaml") + applyyaml + ;; + "help") + listCommands + ;; + *) + echo "No command found." + echo + listCommands +esac