--- apiVersion: v1 kind: Namespace metadata: name: dynk8s labels: kubernetes.io/metadata.name: dynk8s app.kubernetes.io/instance: dynk8s-provisioner --- apiVersion: v1 kind: ServiceAccount metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner automountServiceAccountToken: true --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - secrets verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dynk8s-provisioner namespace: kube-system labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - secrets verbs: - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dynk8s-provisioner namespace: kube-public labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - configmaps resourceNames: - cluster-info verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dynk8s-provisioner labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner rules: - apiGroups: - '' resources: - nodes verbs: - list - get - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dynk8s-provisioner namespace: kube-system labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner namespace: dynk8s --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: dynk8s-provisioner namespace: kube-public labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner namespace: dynk8s --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dynk8s-provisioner labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/part-of: dynk8s-provisioner roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: dynk8s-provisioner subjects: - kind: ServiceAccount name: dynk8s-provisioner namespace: dynk8s --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: dynk8s-provisioner-pvc namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner-pvc app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: storage app.kubernetes.io/part-of: dynk8s-provisioner spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- apiVersion: apps/v1 kind: StatefulSet metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner spec: serviceName: dynk8s-provisioner selector: matchLabels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api template: metadata: labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api spec: containers: - env: - name: ROCKET_ADDRESS value: 0.0.0.0 - name: ROCKET_LOG_LEVEL value: normal image: git.pyrocufflink.net/packages/dynk8s-provisioner:master imagePullPolicy: Always name: dynk8s-provisioner ports: - containerPort: 8000 name: http startupProbe: failureThreshold: 3 httpGet: path: / port: 8000 initialDelaySeconds: 1 periodSeconds: 2 successThreshold: 1 timeoutSeconds: 1 volumeMounts: - mountPath: /data name: dynk8s-provisioner workingDir: /data imagePullSecrets: - name: ocipull serviceAccountName: dynk8s-provisioner volumes: - name: dynk8s-provisioner persistentVolumeClaim: claimName: dynk8s-provisioner-pvc --- apiVersion: v1 kind: Service metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner spec: selector: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api ports: - port: 8000 name: http --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: dynk8s-provisioner namespace: dynk8s labels: app.kubernetes.io/name: dynk8s-provisioner app.kubernetes.io/instance: dynk8s-provisioner app.kubernetes.io/component: http-api app.kubernetes.io/part-of: dynk8s-provisioner spec: ingressClassName: nginx tls: - hosts: - dynk8s-provisioner.pyrocufflink.net rules: - host: dynk8s-provisioner.pyrocufflink.net http: paths: - path: / pathType: Prefix backend: service: name: dynk8s-provisioner port: name: http --- apiVersion: v1 kind: Secret metadata: name: wireguard-config-0 namespace: dynk8s labels: app.kubernetes.io/part-of: dynk8s-provisioner dynk8s.du5t1n.me/ec2-instance-id: '' type: dynk8s.du5t1n.me/wireguard-config stringData: wireguard-config: |+ [Interface] Address = 172.30.0.178/28 DNS = 172.30.0.1 PrivateKey = gGieVWS8SUQxC7L0NKmHlpvBTANNNaucsm9K1ioHPXU= [Peer] PublicKey = 85BW2bagvhOZnvFD6gmjnT+uUj5NaF4z+YFBV/br9BA= PresharedKey = bZgUN82zDW7Q+558omOyRrZ0rw3bUohmIjEaxgtZCv8= Endpoint = vpn.pyrocufflink.net:19998 AllowedIPs = 172.30.0.0/26, 172.30.0.160/28, 172.31.1.0/24