job's done

2022-01-13 00:24:56 +00:00 · 2022-01-13 00:24:56 +00:00 · dac0c5b0af
commit dac0c5b0af
8 changed files with 293 additions and 0 deletions
--- a/000-namespace.yml
+++ b/000-namespace.yml
@ -0,0 +1,6 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
  name: feladat
--- a/001-configmap.yml
+++ b/001-configmap.yml
@ -0,0 +1,10 @@
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: feladat-config
  namespace: feladat
 data:
  index.html: |
    HELLO TAB!
--- a/002-deployment.yml
+++ b/002-deployment.yml
@ -0,0 +1,41 @@
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: feladat
  namespace: feladat
  labels:
    app: feladat
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: feladat
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: feladat
    spec:
      containers:
      - name: feladat-apache
        image: httpd:2
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        volumeMounts:
        - name: config-volume
          mountPath: /usr/local/apache2/htdocs/
        resources:
          requests:
            memory: "128Mi"
            cpu: "250m"
          limits:
            memory: "256Mi"
            cpu: "500m"
      volumes:
      - name: config-volume
        configMap:
          name: feladat-config
--- a/003-service.yml
+++ b/003-service.yml
@ -0,0 +1,18 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: feladat-service
  namespace: feladat
  labels:
    app: feladat
 spec:
  ports:
  - name: httpd
    port: 80
    targetPort: 80
    protocol: TCP
  selector:
    app: feladat
  type: ClusterIP
--- a/004-clusterissuer.yml
+++ b/004-clusterissuer.yml
@ -0,0 +1,18 @@
 ---
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-prod
  namespace: cert-manager
 spec:
  acme:
    email: tormakristof@tormakristof.eu
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: nginx-letsencrypt-secret
    solvers:
    - selector: {}
      http01:
        ingress:
          class: nginx
--- a/005-ingress.yml
+++ b/005-ingress.yml
@ -0,0 +1,26 @@
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: feladat-ingress
  namespace: feladat
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
 spec:
  tls:
  - hosts:
    - test01.botoffice.net
    secretName: feladat-cert-secret
  rules:
  - host: "test01.botoffice.net"
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: feladat-service
            port:
              number: 80
--- a/haproxy-template.cfg
+++ b/haproxy-template.cfg
@ -0,0 +1,58 @@
 global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private
        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
 defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http
 frontend http
  bind 0.0.0.0:80
  mode tcp
  use_backend kube-insec
 backend kube-insec
  balance leastconn
  mode tcp
  backlog 10000
  option  contstats
  server self 192.168.49.2:##INSECSERVERPORT## check
 frontend hube-https
  bind 0.0.0.0:443
  mode tcp
  use_backend kube
 backend kube
  balance leastconn
  mode tcp
  backlog 10000
  option  contstats
  server self 192.168.49.2:##SERVERPORT## check
--- a/job-test.sh
+++ b/job-test.sh
@ -0,0 +1,116 @@
 #!/usr/bin/env bash
 function installFavApps() {
  sudo apt update
  # Install my favorite applications and required packages
  sudo apt install htop tmux docker.io conntrack haproxy kubectl
  # Install helm
  curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
  sudo apt-get install apt-transport-https --yes
  echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
  sudo apt-get update
  sudo apt-get install helm
  sudo usermod -aG docker $USER
  echo "Please log out and log back in"
 }
 function installMinikube() {
  # Download and install minikube
  curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube_latest_amd64.deb
  sudo dpkg -i minikube_latest_amd64.deb
 }
 function startMinikube() {
  # Start minikube with Docker driver
  minikube start --driver=docker
 }
 function stopMinikube() {
  minikube tunnel --cleanup
  minikube stop
 }
 function installHelmApps() {
  helm repo add nginx-stable https://helm.nginx.com/stable
  helm repo add jetstack https://charts.jetstack.io
  helm repo update
  # Install ingress-nginx See: https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
  helm install ingress-nginx nginx-stable/nginx-ingress --namespace ingress-nginx --create-namespace --set controller.service.type="NodePort"
  # Install cert-manager See: https://artifacthub.io/packages/helm/cert-manager/cert-manager
  helm install ert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true
 }
 function configureHaproxy(){
  # This is required to emulate a LoadBalancer..
  minikube service -n=ingress-nginx ingress-nginx-nginx-ingress
  # Get ip of loadbalancer
  # This is a Go template that extracts the ports corresponding to the nginx controller service's 80 and 443 ports
  # For more information see: https://stackoverflow.com/questions/37648553/is-there-anyway-to-get-the-external-ports-of-the-kubernetes-cluster
  # This is then passed to the prepared template haproxy configuration and the service is restarted
  NGINXPORTS=( $(kubectl get svc -n=ingress-nginx -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{"\n"}}{{end}}{{end}}{{end}}') )
  echo "${NGINXPORTS[0]}"
  sed -i "s|##INSECSERVERPORT##|${NGINXPORTS[0]}|" haproxy-template.cfg
  echo "${NGINXPORTS[1]}"
  sed -i "s|##SERVERPORT##|${NGINXPORTS[1]}|" haproxy-template.cfg
  sudo cp haproxy-template.cfg /etc/haproxy/haproxy.cfg
  sudo systemctl restart haproxy
 }
 function applyyaml(){
  kubectl apply -f 000-namespace.yml
  kubectl apply -f 001-configmap.yml
  kubectl apply -f 002-deployment.yml
  kubectl apply -f 003-service.yml
  kubectl apply -f 004-cluserissuer.yml
  kubectl apply -f 005-ingress.yml
 }
 function listCommands() {
 cat << EOT
 Available commands:
 prepare
 install
 start
 stop
 reconfigurehaproxy
 reapplyyaml
 help
 EOT
 }
 # Commands
 case $1 in
    "prepare")
        installFavApps
        ;;
    "install")
        installMinikube
        startMinikube
        installHelmApps
        configureHaproxy
        applyyaml
        ;;
    "start")
        startMinikube
        ;;
    "stop")
        stopMinikube
        ;;
    "reconfigurehaproxy")
        configureHaproxy
        ;;
    "reapplyyaml")
        applyyaml
        ;;
    "help")
        listCommands
        ;;
    *)
        echo "No command found."
        echo
        listCommands
 esac