examples: Add Kubernetes manifest

The `dynk8s-provisioner.yaml` file contains an example of how to deploy the *dynk8s-provisioner* in Kubernetes using `kubectl`.
2022-10-11 21:49:18 -05:00 · 2022-10-11 21:49:18 -05:00 · 37cbcba662
parent e11f98b430
commit 37cbcba662
1 changed files with 311 additions and 0 deletions
--- a/examples/dynk8s-provisioner.yaml
+++ b/examples/dynk8s-provisioner.yaml
@ -0,0 +1,311 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dynk8s
+  labels:
+    kubernetes.io/metadata.name: dynk8s
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: dynk8s-provisioner
+  namespace: dynk8s
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: http-api
+    app.kubernetes.io/part-of: dynk8s-provisioner
+automountServiceAccountToken: true
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: dynk8s-provisioner
+  namespace: dynk8s
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: http-api
+    app.kubernetes.io/part-of: dynk8s-provisioner
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: dynk8s-provisioner
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: http-api
+    app.kubernetes.io/part-of: dynk8s-provisioner
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: dynk8s-provisioner
+  namespace: kube-public
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: http-api
+    app.kubernetes.io/part-of: dynk8s-provisioner
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  resourceNames:
+  - cluster-info
+  verbs:
+  - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: dynk8s-provisioner
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: http-api
+    app.kubernetes.io/part-of: dynk8s-provisioner
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - nodes
+  verbs:
+  - list
+  - get
+  - delete
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: dynk8s-provisioner
+  namespace: dynk8s
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: dynk8s-provisioner
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: dynk8s-provisioner
+subjects:
+- kind: ServiceAccount
+  name: dynk8s-provisioner
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: dynk8s-provisioner
+  namespace: kube-system
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: dynk8s-provisioner
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: dynk8s-provisioner
+subjects:
+- kind: ServiceAccount
+  name: dynk8s-provisioner
+  namespace: dynk8s
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: dynk8s-provisioner
+  namespace: kube-public
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: dynk8s-provisioner
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: dynk8s-provisioner
+subjects:
+- kind: ServiceAccount
+  name: dynk8s-provisioner
+  namespace: dynk8s
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: dynk8s-provisioner
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: dynk8s-provisioner
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: dynk8s-provisioner
+subjects:
+- kind: ServiceAccount
+  name: dynk8s-provisioner
+  namespace: dynk8s
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dynk8s-provisioner-pvc
+  namespace: dynk8s
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner-pvc
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: storage
+    app.kubernetes.io/part-of: dynk8s-provisioner
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: dynk8s-provisioner
+  namespace: dynk8s
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: http-api
+    app.kubernetes.io/part-of: dynk8s-provisioner
+spec:
+  serviceName: dynk8s-provisioner
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: dynk8s-provisioner
+      app.kubernetes.io/instance: default
+      app.kubernetes.io/component: http-api
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: dynk8s-provisioner
+        app.kubernetes.io/instance: default
+        app.kubernetes.io/component: http-api
+    spec:
+      containers:
+      - env:
+        - name: ROCKET_ADDRESS
+          value: 0.0.0.0
+        - name: ROCKET_LOG_LEVEL
+          value: normal
+        image: git.pyrocufflink.net/packages/dynk8s-provisioner:master
+        imagePullPolicy: Always
+        name: dynk8s-provisioner
+        ports:
+        - containerPort: 8000
+          name: http
+        startupProbe:
+          failureThreshold: 3
+          httpGet:
+            path: /
+            port: 8000
+          initialDelaySeconds: 1
+          periodSeconds: 2
+          successThreshold: 1
+          timeoutSeconds: 1
+        volumeMounts:
+        - mountPath: /data
+          name: dynk8s-provisioner
+        workingDir: /data
+      serviceAccountName: dynk8s-provisioner
+      volumes:
+      - name: dynk8s-provisioner
+        persistentVolumeClaim:
+          claimName: dynk8s-provisioner-pvc
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: dynk8s-provisioner
+  namespace: dynk8s
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: http-api
+    app.kubernetes.io/part-of: dynk8s-provisioner
+spec:
+  selector:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: http-api
+  ports:
+  - port: 8000
+    name: http
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dynk8s-provisioner
+  namespace: dynk8s
+  labels:
+    app.kubernetes.io/name: dynk8s-provisioner
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/component: http-api
+    app.kubernetes.io/part-of: dynk8s-provisioner
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - dynk8s-provisioner.pyrocufflink.net
+  defaultBackend:
+    service:
+      name: dynk8s-provisioner
+      port:
+        number: 8000
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wireguard-config-0
+  namespace: dynk8s
+  labels:
+    app.kubernetes.io/part-of: dynk8s-provisioner
+    dynk8s.du5t1n.me/ec2-instance-id: ''
+type: dynk8s.du5t1n.me/wireguard-config
+stringData:
+  wireguard-config: |+
+    [Interface]
+    Address = 10.11.12.13/14
+    PrivateKey = UEdAkIaF80zhlOpgacOYL2UckrfCAWXfsDDSAAzNH3g=
+
+    [Peer]
+    PublicKey = zbeTpUFA014kvTezIEGBt4yi3BVocST9j1dBElp9liI=
+    PreSharedKey = V6hAm01dxv2ib8AML2dSyX68hlPZm8En+IXfsknK3Zc=
+    AllowedIPs = 0.0.0.0/0
+    Endpoint = wireguard.example.org:24680