shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

️ migrate k8s-gateway to app-template

Browse Source
This commit is contained in:
auricom
2022-12-01 23:43:09 +01:00
parent 936415b27a
commit 9815789d71
6 changed files with 143 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
kubernetes/cluster-0/apps/networking/k8s-gateway/Corefile Normal file
View File

@@ -0,0 +1,17 @@
.:1053 {
errors
log
health {
lameduck 5s
}
ready
k8s_gateway ${SECRET_CLUSTER_DOMAIN} {
apex k8s-gateway.network
resources Ingress Service
ttl 300
}
prometheus 0.0.0.0:9153
loop
reload
loadbalance
}

81
kubernetes/cluster-0/apps/networking/k8s-gateway/helm-release.yaml
View File

@@ -2,31 +2,90 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: k8s-gateway
name: &app k8s-gateway
namespace: default
spec:
interval: 15m
chart:
spec:
# renovate: registryUrl=https://ori-edge.github.io/k8s_gateway/
chart: k8s-gateway
version: 2.0.0
chart: app-template
version: 1.1.3
sourceRef:
kind: HelmRepository
name: k8s-gateway
name: bjw-s
namespace: flux-system
install:
createNamespace: true
crds: CreateReplace
remediation:
retries: 5
upgrade:
crds: CreateReplace
remediation:
retries: 5
values:
domain: "${SECRET_CLUSTER_DOMAIN}"
controller:
replicas: 2
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
image:
repository: quay.io/oriedge/k8s_gateway
tag: v0.3.2
args: ["-conf", "/etc/coredns/Corefile"]
service:
type: LoadBalancer
externalTrafficPolicy: Local
loadBalancerIP: ${CLUSTER_LB_K8SGATEWAY}
main:
type: LoadBalancer
loadBalancerIP: "${CLUSTER_LB_K8SGATEWAY}"
externalTrafficPolicy: Local
ports:
http:
enabled: false
metrics:
enabled: true
port: 9153
dns:
enabled: true
port: 53
targetPort: 1053
protocol: UDP
serviceMonitor:
main:
enabled: true
endpoints:
- port: metrics
scheme: http
path: /metrics
interval: 1m
scrapeTimeout: 10s
probes:
readiness:
custom: true
spec:
httpGet:
path: /ready
port: 8181
liveness:
custom: true
spec:
httpGet:
path: /health
port: 8080
startup:
enabled: false
serviceAccount:
create: true
name: *app
persistence:
config-file:
enabled: true
type: configMap
name: k8s-gateway-configmap
subPath: Corefile
mountPath: /etc/coredns/Corefile
readOnly: true
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: *app

8
kubernetes/cluster-0/apps/networking/k8s-gateway/kustomization.yaml
View File

@@ -1,4 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- rbac.yaml
- helm-release.yaml
configMapGenerator:
- name: k8s-gateway-configmap
files:
- Corefile
namespace: default
generatorOptions:
disableNameSuffixHash: true

48
kubernetes/cluster-0/apps/networking/k8s-gateway/rbac.yaml Normal file
View File

@@ -0,0 +1,48 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: k8s-gateway
namespace: default
labels:
app.kubernetes.io/instance: k8s-gateway
app.kubernetes.io/name: k8s-gateway
rules:
- apiGroups:
- ""
resources:
- services
- namespaces
verbs:
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- watch
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["*"]
verbs: ["watch", "list"]
- apiGroups: ["k8s.nginx.org"]
resources: ["*"]
verbs: ["watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: k8s-gateway
labels:
app.kubernetes.io/instance: k8s-gateway
app.kubernetes.io/name: k8s-gateway
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: k8s-gateway
subjects:
- kind: ServiceAccount
name: k8s-gateway
namespace: default