imfreedom/k8s-cluster

Add hgkeeper and clean some stuff up on the ingress controller (like antiaffinity)

2019-09-25, Gary Kramlich
a4f1885a042a
Parents f38ab2afb8eb
Children 02c6a2ff1647
Add hgkeeper and clean some stuff up on the ingress controller (like antiaffinity)
2 files changed, 173 insertions(+), 0 deletions(-)
  • +149 -0
    50-keep.imfreedom.org.yaml
  • +24 -0
    90-ingress.yaml
    • --- /dev/null Thu Jan 01 00:00:00 1970 +0000
    +++ b/50-keep.imfreedom.org.yaml Wed Sep 25 02:14:22 2019 -0500
    @@ -0,0 +1,149 @@
    +---
    +apiVersion: v1
    +kind: Service
    +metadata:
    + namespace: imfreedom
    + labels:
    + app: hgkeeper
    + name: keep
    +spec:
    + ports:
    + - port: 22222
    + protocol: TCP
    + selector:
    + app: hgkeeper
    +---
    +apiVersion: v1
    +kind: ConfigMap
    +metadata:
    + name: keep-configmap
    + namespace: imfreedom
    +data:
    + admin-pubkey: |
    + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/mCAuMfKq4ukgGufiERyddsPIj2/KNXzB+gDTjHBGl grim@spectre
    +---
    +apiVersion: networking.k8s.io/v1
    +kind: NetworkPolicy
    +metadata:
    + namespace: imfreedom
    + name: keep
    + labels:
    + app: hgkeeper
    +spec:
    + podSelector:
    + matchLabels:
    + app: hgkeeper
    + ingress:
    + - from:
    + - namespaceSelector:
    + matchLabels:
    + name: kube-public
    + podSelector:
    + matchLabels:
    + app: ingress
    + role: controller
    + ports:
    + - port: 22222
    + protocol: TCP
    +---
    +apiVersion: apps/v1
    +kind: Deployment
    +metadata:
    + namespace: imfreedom
    + name: keep
    + labels:
    + app: hgkeeper
    +spec:
    + replicas: 1
    + selector:
    + matchLabels:
    + app: hgkeeper
    + strategy:
    + type: Recreate
    + template:
    + metadata:
    + labels:
    + app: hgkeeper
    + spec:
    + initContainers:
    + - name: setup
    + image: docker.io/rwgrim/hgkeeper:latest
    + command: ["sh", "-c", "test -d /repos/hgkeeper || hgkeeper setup"]
    + env:
    + - name: HGK_ADMIN_USERNAME
    + value: grim
    + - name: HGK_ADMIN_PUBKEY
    + value: /config/admin-pubkey
    + - name: HGK_REPOS_PATH
    + value: /repos
    + volumeMounts:
    + - mountPath: /repos
    + name: keep
    + readOnly: false
    + subPath: repos
    + - mountPath: /config
    + name: keep-configmap
    + readOnly: true
    + containers:
    + - name: hgkeeper
    + image: docker.io/rwgrim/hgkeeper:latest
    + imagePullPolicy: Always
    + command: ["hgkeeper", "serve"]
    + env:
    + - name: TMPDIR
    + value: /tmp
    + - name: HGK_REPOS_PATH
    + value: /repos
    + - name: HGK_SSH_HOST_KEYS_PATH
    + value: /host-keys
    + ports:
    + - containerPort: 22222
    + resources:
    + limits:
    + cpu: 1000m
    + memory: 512Mi
    + requests:
    + cpu: 500m
    + memory: 128Mi
    + volumeMounts:
    + - mountPath: /repos
    + name: keep
    + readOnly: false
    + subPath: repos
    + - mountPath: /host-keys
    + name: keep-ssh-host-keys
    + readOnly: true
    + - mountPath: /tmp
    + name: keep-tmp
    + readOnly: false
    + securityContext:
    + fsGroup: 22271
    + runAsUser: 22271
    + volumes:
    + - name: keep
    + persistentVolumeClaim:
    + claimName: keep
    + - name: keep-configmap
    + configMap:
    + name: keep-configmap
    + - name: keep-ssh-host-keys
    + secret:
    + secretName: keep
    + - name: keep-tmp
    + emptyDir: {}
    +---
    +apiVersion: v1
    +kind: PersistentVolumeClaim
    +metadata:
    + namespace: imfreedom
    + name: keep
    + labels:
    + app: hgkeeper
    +spec:
    + accessModes:
    + - ReadWriteOnce
    + resources:
    + requests:
    + storage: 30Gi
    +---
    +
    --- a/90-ingress.yaml Wed Sep 25 02:03:25 2019 -0500
    +++ b/90-ingress.yaml Wed Sep 25 02:14:22 2019 -0500
    @@ -21,6 +21,7 @@
    app: ingress
    role: controller
    data:
    + 22: imfreedom/keep:22222
    54663: pidgin/bamboo-agent:54663
    ---
    apiVersion: v1
    @@ -191,10 +192,28 @@
    role: controller
    template:
    metadata:
    + annotations:
    + fluentbit.io/parser: ingress-nginx
    labels:
    app: ingress
    role: controller
    spec:
    + affinity:
    + podAntiAffinity:
    + preferredDuringSchedulingIgnoredDuringExecution:
    + - podAffinityTerm:
    + labelSelector:
    + matchExpressions:
    + - key: app
    + operator: In
    + values:
    + - ingress
    + - key: role
    + operator: In
    + values:
    + - controller
    + topologyKey: failure-domain.beta.kubernetes.io/region
    + weight: 100
    serviceAccountName: ingress-serviceaccount
    containers:
    - name: nginx-ingress-controller
    @@ -223,6 +242,8 @@
    fieldRef:
    fieldPath: metadata.namespace
    ports:
    + - name: keep-ssh
    + containerPort: 22
    - name: http
    containerPort: 80
    - name: https
    @@ -263,6 +284,9 @@
    app: ingress
    role: controller
    ports:
    + - name: hgkeeper
    + port: 22
    + targetPort: keep-ssh
    - name: http
    port: 80
    targetPort: http