diff --git a/dynk8s-provisioner/dynk8s-provisioner.yaml b/dynk8s-provisioner/dynk8s-provisioner.yaml index 16ae834..883a8ae 100644 --- a/dynk8s-provisioner/dynk8s-provisioner.yaml +++ b/dynk8s-provisioner/dynk8s-provisioner.yaml @@ -1,179 +1,3 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: dynk8s - labels: - kubernetes.io/metadata.name: dynk8s - app.kubernetes.io/instance: dynk8s-provisioner - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: dynk8s-provisioner - namespace: dynk8s - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/component: http-api - app.kubernetes.io/part-of: dynk8s-provisioner -automountServiceAccountToken: true - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: dynk8s-provisioner - namespace: dynk8s - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/component: http-api - app.kubernetes.io/part-of: dynk8s-provisioner -rules: -- apiGroups: - - '' - resources: - - secrets - verbs: - - '*' - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: dynk8s-provisioner - namespace: kube-system - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/component: http-api - app.kubernetes.io/part-of: dynk8s-provisioner -rules: -- apiGroups: - - '' - resources: - - secrets - verbs: - - '*' - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: dynk8s-provisioner - namespace: kube-public - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/component: http-api - app.kubernetes.io/part-of: dynk8s-provisioner -rules: -- apiGroups: - - '' - resources: - - configmaps - resourceNames: - - cluster-info - verbs: - - get - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dynk8s-provisioner - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/component: http-api - app.kubernetes.io/part-of: dynk8s-provisioner -rules: -- apiGroups: - - '' - resources: - - nodes - verbs: - - list - - get - - delete - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: dynk8s-provisioner - namespace: dynk8s - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/part-of: dynk8s-provisioner -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: dynk8s-provisioner -subjects: -- kind: ServiceAccount - name: dynk8s-provisioner - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: dynk8s-provisioner - namespace: kube-system - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/part-of: dynk8s-provisioner -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: dynk8s-provisioner -subjects: -- kind: ServiceAccount - name: dynk8s-provisioner - namespace: dynk8s - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: dynk8s-provisioner - namespace: kube-public - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/part-of: dynk8s-provisioner -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: dynk8s-provisioner -subjects: -- kind: ServiceAccount - name: dynk8s-provisioner - namespace: dynk8s - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: dynk8s-provisioner - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/part-of: dynk8s-provisioner -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dynk8s-provisioner -subjects: -- kind: ServiceAccount - name: dynk8s-provisioner - namespace: dynk8s - ---- apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -268,54 +92,3 @@ spec: ports: - port: 8000 name: http - ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: dynk8s-provisioner - namespace: dynk8s - labels: - app.kubernetes.io/name: dynk8s-provisioner - app.kubernetes.io/instance: dynk8s-provisioner - app.kubernetes.io/component: http-api - app.kubernetes.io/part-of: dynk8s-provisioner -spec: - ingressClassName: nginx - tls: - - hosts: - - dynk8s-provisioner.pyrocufflink.net - rules: - - host: dynk8s-provisioner.pyrocufflink.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: dynk8s-provisioner - port: - name: http - ---- -apiVersion: v1 -kind: Secret -metadata: - name: wireguard-config-0 - namespace: dynk8s - labels: - app.kubernetes.io/part-of: dynk8s-provisioner - dynk8s.du5t1n.me/ec2-instance-id: '' -type: dynk8s.du5t1n.me/wireguard-config -stringData: - wireguard-config: |+ - [Interface] - Address = 172.30.0.178/28 - DNS = 172.30.0.1 - PrivateKey = gGieVWS8SUQxC7L0NKmHlpvBTANNNaucsm9K1ioHPXU= - - [Peer] - PublicKey = 85BW2bagvhOZnvFD6gmjnT+uUj5NaF4z+YFBV/br9BA= - PresharedKey = bZgUN82zDW7Q+558omOyRrZ0rw3bUohmIjEaxgtZCv8= - Endpoint = vpn.pyrocufflink.net:19998 - AllowedIPs = 172.30.0.0/26, 172.30.0.160/28, 172.31.1.0/24 diff --git a/dynk8s-provisioner/ingress.yaml b/dynk8s-provisioner/ingress.yaml new file mode 100644 index 0000000..aadbb2a --- /dev/null +++ b/dynk8s-provisioner/ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +spec: + ingressClassName: nginx + tls: + - hosts: + - dynk8s-provisioner.pyrocufflink.net + rules: + - host: dynk8s-provisioner.pyrocufflink.net + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: dynk8s-provisioner + port: + name: http diff --git a/dynk8s-provisioner/kustomization.yaml b/dynk8s-provisioner/kustomization.yaml new file mode 100644 index 0000000..b1f225a --- /dev/null +++ b/dynk8s-provisioner/kustomization.yaml @@ -0,0 +1,24 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +labels: +- pairs: + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/part-of: dynk8s-provisioner + +resources: +- namespace.yaml +- rbac.yaml +- dynk8s-provisioner.yaml +- ingress.yaml + +secretGenerator: +- name: wireguard-config-0 + namespace: dynk8s + type: dynk8s.du5t1n.me/wireguard-config + files: + - wireguard-config + options: + disableNameSuffixHash: true + labels: + dynk8s.du5t1n.me/ec2-instance-id: '' diff --git a/dynk8s-provisioner/namespace.yaml b/dynk8s-provisioner/namespace.yaml new file mode 100644 index 0000000..b17ca85 --- /dev/null +++ b/dynk8s-provisioner/namespace.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: dynk8s + labels: + kubernetes.io/metadata.name: dynk8s + app.kubernetes.io/instance: dynk8s-provisioner diff --git a/dynk8s-provisioner/rbac.yaml b/dynk8s-provisioner/rbac.yaml new file mode 100644 index 0000000..02da11a --- /dev/null +++ b/dynk8s-provisioner/rbac.yaml @@ -0,0 +1,164 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +automountServiceAccountToken: true + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +rules: +- apiGroups: + - '' + resources: + - secrets + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynk8s-provisioner + namespace: kube-system + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +rules: +- apiGroups: + - '' + resources: + - secrets + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynk8s-provisioner + namespace: kube-public + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +rules: +- apiGroups: + - '' + resources: + - configmaps + resourceNames: + - cluster-info + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynk8s-provisioner + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/component: http-api + app.kubernetes.io/part-of: dynk8s-provisioner +rules: +- apiGroups: + - '' + resources: + - nodes + verbs: + - list + - get + - delete + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynk8s-provisioner + namespace: dynk8s + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/part-of: dynk8s-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dynk8s-provisioner +subjects: +- kind: ServiceAccount + name: dynk8s-provisioner + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynk8s-provisioner + namespace: kube-system + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/part-of: dynk8s-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dynk8s-provisioner +subjects: +- kind: ServiceAccount + name: dynk8s-provisioner + namespace: dynk8s + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynk8s-provisioner + namespace: kube-public + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/part-of: dynk8s-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dynk8s-provisioner +subjects: +- kind: ServiceAccount + name: dynk8s-provisioner + namespace: dynk8s + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynk8s-provisioner + labels: + app.kubernetes.io/name: dynk8s-provisioner + app.kubernetes.io/instance: dynk8s-provisioner + app.kubernetes.io/part-of: dynk8s-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dynk8s-provisioner +subjects: +- kind: ServiceAccount + name: dynk8s-provisioner + namespace: dynk8s diff --git a/dynk8s-provisioner/wireguard-config b/dynk8s-provisioner/wireguard-config new file mode 100644 index 0000000..8436987 --- /dev/null +++ b/dynk8s-provisioner/wireguard-config @@ -0,0 +1,10 @@ +[Interface] +Address = 172.30.0.178/28 +DNS = 172.30.0.1 +PrivateKey = gGieVWS8SUQxC7L0NKmHlpvBTANNNaucsm9K1ioHPXU= + +[Peer] +PublicKey = 85BW2bagvhOZnvFD6gmjnT+uUj5NaF4z+YFBV/br9BA= +PresharedKey = bZgUN82zDW7Q+558omOyRrZ0rw3bUohmIjEaxgtZCv8= +Endpoint = vpn.pyrocufflink.net:19998 +AllowedIPs = 172.30.0.0/26, 172.30.0.160/28, 172.31.1.0/24 diff --git a/dynk8s-provisioner/wireguard-config.new b/dynk8s-provisioner/wireguard-config.new new file mode 100644 index 0000000..6505099 --- /dev/null +++ b/dynk8s-provisioner/wireguard-config.new @@ -0,0 +1,11 @@ +# vim: set ft=dosini : +[Interface] +Address = 172.30.0.194/29 +DNS = 172.30.0.1 +PrivateKey = WJb4G0EL5xc0VMHZeiqJE3G0OlFhe1Q5CEJkMg8hTkE= + +[Peer] +PublicKey = 85BW2bagvhOZnvFD6gmjnT+uUj5NaF4z+YFBV/br9BA= +PresharedKey = gVRSPVLZMx1maIfecFIcAeesrireopaKqs0jDj9muS0= +Endpoint = vpn.pyrocufflink.net:19998 +AllowedIPs = 172.30.0.0/26, 172.30.0.160/28, 172.31.1.0/24