From 37cbcba66225cc57089bb32cf5c652bc5979f6ec Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Tue, 11 Oct 2022 21:49:18 -0500 Subject: [PATCH] examples: Add Kubernetes manifest The `dynk8s-provisioner.yaml` file contains an example of how to deploy the *dynk8s-provisioner* in Kubernetes using `kubectl`. --- examples/dynk8s-provisioner.yaml | 311 +++++++++++++++++++++++++++++++ 1 file changed, 311 insertions(+) create mode 100644 examples/dynk8s-provisioner.yaml diff --git a/examples/dynk8s-provisioner.yaml b/examples/dynk8s-provisioner.yaml new file mode 100644 index 0000000..7c34cff --- /dev/null +++ b/examples/dynk8s-provisioner.yaml @@ -0,0 +1,311 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: dynk8s + labels: + kubernetes.io/metadata.name: dynk8s + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +automountServiceAccountToken: true + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +rules: +- apiGroups: + - '' + resources: + - secrets + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynk8s-provisioner + namespace: kube-system + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +rules: +- apiGroups: + - '' + resources: + - secrets + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynk8s-provisioner + namespace: kube-public + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +rules: +- apiGroups: + - '' + resources: + - configmaps + resourceNames: + - cluster-info + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynk8s-provisioner + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +rules: +- apiGroups: + - '' + resources: + - nodes + verbs: + - list + - get + - delete + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: dynk8s-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dynk8s-provisioner +subjects: +- kind: ServiceAccount + name: dynk8s-provisioner + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynk8s-provisioner + namespace: kube-system + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: dynk8s-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dynk8s-provisioner +subjects: +- kind: ServiceAccount + name: dynk8s-provisioner + namespace: dynk8s + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynk8s-provisioner + namespace: kube-public + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: dynk8s-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dynk8s-provisioner +subjects: +- kind: ServiceAccount + name: dynk8s-provisioner + namespace: dynk8s + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynk8s-provisioner + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: dynk8s-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dynk8s-provisioner +subjects: +- kind: ServiceAccount + name: dynk8s-provisioner + namespace: dynk8s + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dynk8s-provisioner-pvc + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner-pvc + app.kubernetes.io/instance: default + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: dynk8s-provisioner +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +spec: + serviceName: dynk8s-provisioner + selector: + matchLabels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + template: + metadata: + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + spec: + containers: + - env: + - name: ROCKET_ADDRESS + value: 0.0.0.0 + - name: ROCKET_LOG_LEVEL + value: normal + image: git.pyrocufflink.net/packages/dynk8s-provisioner:master + imagePullPolicy: Always + name: dynk8s-provisioner + ports: + - containerPort: 8000 + name: http + startupProbe: + failureThreshold: 3 + httpGet: + path: / + port: 8000 + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /data + name: dynk8s-provisioner + workingDir: /data + serviceAccountName: dynk8s-provisioner + volumes: + - name: dynk8s-provisioner + persistentVolumeClaim: + claimName: dynk8s-provisioner-pvc + +--- +apiVersion: v1 +kind: Service +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +spec: + selector: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + ports: + - port: 8000 + name: http + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: default + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +spec: + ingressClassName: nginx + tls: + - hosts: + - dynk8s-provisioner.pyrocufflink.net + defaultBackend: + service: + name: dynk8s-provisioner + port: + number: 8000 + +--- +apiVersion: v1 +kind: Secret +metadata: + name: wireguard-config-0 + namespace: dynk8s + labels: + app.kubernetes.io/part-of: dynk8s-provisioner + dynk8s.du5t1n.me/ec2-instance-id: '' +type: dynk8s.du5t1n.me/wireguard-config +stringData: + wireguard-config: |+ + [Interface] + Address = 10.11.12.13/14 + PrivateKey = UEdAkIaF80zhlOpgacOYL2UckrfCAWXfsDDSAAzNH3g= + + [Peer] + PublicKey = zbeTpUFA014kvTezIEGBt4yi3BVocST9j1dBElp9liI= + PreSharedKey = V6hAm01dxv2ib8AML2dSyX68hlPZm8En+IXfsknK3Zc= + AllowedIPs = 0.0.0.0/0 + Endpoint = wireguard.example.org:24680