From c35e2c097ddbfd1a8d7e1cea0145a7a2271b1070 Mon Sep 17 00:00:00 2001 From: Sangmin Kim Date: Thu, 21 Mar 2024 20:27:25 +0900 Subject: [PATCH] init --- nginx/nginx-deployment.yml | 42 +++++++++++++++++++++++++++++++++ nginx/nginx-ext.yml | 12 ++++++++++ nginx/nginx-ingress.yml | 19 +++++++++++++++ nginx/nginx-route.yml | 14 +++++++++++ nginx/nginx-service.yml | 13 ++++++++++ nginx/pv.yml | 15 ++++++++++++ nginx/pvc.yml | 13 ++++++++++ traefik/00-account.yml | 4 ++++ traefik/00-role.yml | 33 ++++++++++++++++++++++++++ traefik/01-role-binding.yml | 13 ++++++++++ traefik/02-traefik-services.yml | 30 +++++++++++++++++++++++ traefik/02-traefik.yml | 42 +++++++++++++++++++++++++++++++++ 12 files changed, 250 insertions(+) create mode 100644 nginx/nginx-deployment.yml create mode 100644 nginx/nginx-ext.yml create mode 100644 nginx/nginx-ingress.yml create mode 100644 nginx/nginx-route.yml create mode 100644 nginx/nginx-service.yml create mode 100644 nginx/pv.yml create mode 100644 nginx/pvc.yml create mode 100644 traefik/00-account.yml create mode 100644 traefik/00-role.yml create mode 100644 traefik/01-role-binding.yml create mode 100644 traefik/02-traefik-services.yml create mode 100644 traefik/02-traefik.yml diff --git a/nginx/nginx-deployment.yml b/nginx/nginx-deployment.yml new file mode 100644 index 0000000..1a4cf63 --- /dev/null +++ b/nginx/nginx-deployment.yml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx + namespace: nginx +spec: + replicas: 3 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + imagePullPolicy: Always + resources: + limits: + cpu: "1" + memory: "1Gi" + requests: + cpu: "0.5" + memory: "200Mi" + ports: + - name: http + containerPort: 80 + livenessProbe: + httpGet: + path: / + port: 80 + initialDelaySeconds: 5 + periodSeconds: 10 + # volumeMounts: + # - name: vol0001 + # mountPath: /usr/share/nginx/html + # volumes: + # - name: vol0001 + # persistentVolumeClaim: + # claimName: pvc0001 diff --git a/nginx/nginx-ext.yml b/nginx/nginx-ext.yml new file mode 100644 index 0000000..0927463 --- /dev/null +++ b/nginx/nginx-ext.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx + namespace: juiceshop +spec: + type: ExternalName + externalName: nginx.nginx.svc.cluster.local + ports: + - name: http + port: 80 + protocol: TCP \ No newline at end of file diff --git a/nginx/nginx-ingress.yml b/nginx/nginx-ingress.yml new file mode 100644 index 0000000..4b096c7 --- /dev/null +++ b/nginx/nginx-ingress.yml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginx + namespace: juiceshop + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web +spec: + rules: + - host: whoami.172.233.166.227.nip.io + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginx + port: + number: 80 diff --git a/nginx/nginx-route.yml b/nginx/nginx-route.yml new file mode 100644 index 0000000..c6f4bd6 --- /dev/null +++ b/nginx/nginx-route.yml @@ -0,0 +1,14 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: nginxir + namespace: juiceshop +spec: + entryPoints: + - web + routes: + - match: Host(`whoami.172.233.166.227.nip.io`) && PathPrefix(`/`) + kind: Rule + services: + - name: nginx + port: 80 \ No newline at end of file diff --git a/nginx/nginx-service.yml b/nginx/nginx-service.yml new file mode 100644 index 0000000..859db99 --- /dev/null +++ b/nginx/nginx-service.yml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx + namespace: nginx +spec: + selector: + app: nginx + ports: + - protocol: TCP + port: 80 + targetPort: http + type: NodePort diff --git a/nginx/pv.yml b/nginx/pv.yml new file mode 100644 index 0000000..b568268 --- /dev/null +++ b/nginx/pv.yml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv0001 +spec: + capacity: + storage: 1Gi + volumeMode: Filesystem + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Recycle + storageClassName: "" + nfs: + path: /nfs/share/nginx + server: 10.0.0.5 diff --git a/nginx/pvc.yml b/nginx/pvc.yml new file mode 100644 index 0000000..57d8fe6 --- /dev/null +++ b/nginx/pvc.yml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pvc0001 +spec: + accessModes: + - ReadWriteMany + volumeMode: Filesystem + storageClassName: "" + resources: + requests: + storage: 1Gi + volumeName: pv0001 \ No newline at end of file diff --git a/traefik/00-account.yml b/traefik/00-account.yml new file mode 100644 index 0000000..566d892 --- /dev/null +++ b/traefik/00-account.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-account diff --git a/traefik/00-role.yml b/traefik/00-role.yml new file mode 100644 index 0000000..7e07e3f --- /dev/null +++ b/traefik/00-role.yml @@ -0,0 +1,33 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-role + +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update diff --git a/traefik/01-role-binding.yml b/traefik/01-role-binding.yml new file mode 100644 index 0000000..054cd11 --- /dev/null +++ b/traefik/01-role-binding.yml @@ -0,0 +1,13 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-role-binding + +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-role +subjects: + - kind: ServiceAccount + name: traefik-account + namespace: juiceshop diff --git a/traefik/02-traefik-services.yml b/traefik/02-traefik-services.yml new file mode 100644 index 0000000..76303c6 --- /dev/null +++ b/traefik/02-traefik-services.yml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: traefik-dashboard-service + +spec: + type: LoadBalancer + ports: + - port: 8080 + targetPort: dashboard + selector: + app: traefik +--- + +apiVersion: v1 +kind: Service +metadata: + name: traefik-web + +spec: + type: LoadBalancer + ports: + - name: http + targetPort: web + port: 80 + - name: https + targetPort: websecure + port: 443 + selector: + app: traefik \ No newline at end of file diff --git a/traefik/02-traefik.yml b/traefik/02-traefik.yml new file mode 100644 index 0000000..c9e9eae --- /dev/null +++ b/traefik/02-traefik.yml @@ -0,0 +1,42 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: traefik-deployment + labels: + app: traefik + +spec: + replicas: 1 + selector: + matchLabels: + app: traefik + template: + metadata: + labels: + app: traefik + spec: + serviceAccountName: traefik-account + containers: + - name: traefik + image: traefik:latest + args: + - --api.insecure + - --accesslog + - --log.level=DEBUG + - --providers.kubernetesingress + - --providers.kubernetesingress.allowexternalnameservices=true + # - --providers.kubernetescrd + # - --providers.kubernetescrd.allowCrossNamespace=true + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --certificatesresolvers.le.acme.email=learn@akamai.com + - --certificatesresolvers.le.acme.storage=acme.json + - --certificatesresolvers.le.acme.tlschallenge=true + - --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory + ports: + - name: web + containerPort: 80 + - name: websecure + containerPort: 443 + - name: dashboard + containerPort: 8080