--- apiVersion: v1 kind: Namespace metadata: name: dynk8s labels: kubernetes.io/metadata.name: dynk8s --- apiVersion: v1 kind: ServiceAccount metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner automountServiceAccountToken: true --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - secrets verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dynk8s-provisioner namespace: kube-system labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - secrets verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dynk8s-provisioner namespace: kube-public labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - configmaps resourceNames: - cluster-info verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dynk8s-provisioner labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - nodes verbs: - list - get - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dynk8s-provisioner namespace: kube-system labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner namespace: dynk8s --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dynk8s-provisioner namespace: kube-public labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner namespace: dynk8s --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dynk8s-provisioner labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner namespace: dynk8s --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: dynk8s-provisioner-pvc namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner-pvc app.kubernetes.io/instance: default app.kubernetes.io/component: storage app.kubernetes.io/part-of: dynk8s-provisioner spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- apiVersion: apps/v1 kind: StatefulSet metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner spec: serviceName: dynk8s-provisioner selector: matchLabels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api template: metadata: labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api spec: containers: - env: - name: ROCKET_ADDRESS value: 0.0.0.0 - name: ROCKET_LOG_LEVEL value: normal image: git.pyrocufflink.net/packages/dynk8s-provisioner:master imagePullPolicy: Always name: dynk8s-provisioner ports: - containerPort: 8000 name: http startupProbe: failureThreshold: 3 httpGet: path: / port: 8000 initialDelaySeconds: 1 periodSeconds: 2 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - mountPath: /data name: dynk8s-provisioner workingDir: /data serviceAccountName: dynk8s-provisioner volumes: - name: dynk8s-provisioner persistentVolumeClaim: claimName: dynk8s-provisioner-pvc --- apiVersion: v1 kind: Service metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner spec: selector: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api ports: - port: 8000 name: http --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: default app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner spec: ingressClassName: nginx tls: - hosts: - dynk8s-provisioner.pyrocufflink.net defaultBackend: service: name: dynk8s-provisioner port: number: 8000 --- apiVersion: v1 kind: Secret metadata: name: wireguard-config-0 namespace: dynk8s labels: app.kubernetes.io/part-of: dynk8s-provisioner dynk8s.du5t1n.me/ec2-instance-id: '' type: dynk8s.du5t1n.me/wireguard-config stringData: wireguard-config: |+ [Interface] Address = 10.11.12.13/14 PrivateKey = UEdAkIaF80zhlOpgacOYL2UckrfCAWXfsDDSAAzNH3g= [Peer] PublicKey = zbeTpUFA014kvTezIEGBt4yi3BVocST9j1dBElp9liI= PreSharedKey = V6hAm01dxv2ib8AML2dSyX68hlPZm8En+IXfsknK3Zc= AllowedIPs = 0.0.0.0/0 Endpoint = wireguard.example.org:24680