From dac7e8affa38b5adec9d5f6ed8c1388289d93061 Mon Sep 17 00:00:00 2001 From: Jakub Kaniecki Date: Thu, 17 Oct 2024 14:41:35 +0200 Subject: [PATCH] init kubernetes konfiguracja --- ingress-wp-prod.yaml | 24 +++++++ ingress-www-wp-prod.yaml | 24 +++++++ ingress_wp.yaml | 24 +++++++ izaac-backend.yaml | 43 ++++++++++++ izaac-frontend.yaml | 59 ++++++++++++++++ media-pvc.yaml | 10 +++ mysql_lb.yaml | 79 +++++++++++++++++++++ nginx.yaml | 148 +++++++++++++++++++++++++++++++++++++++ postgres.yaml | 64 +++++++++++++++++ static-pvc.yaml | 10 +++ wp_mysql.yaml | 137 ++++++++++++++++++++++++++++++++++++ wp_mysql_prod.yaml | 137 ++++++++++++++++++++++++++++++++++++ wp_new.yaml | 58 +++++++++++++++ 13 files changed, 817 insertions(+) create mode 100644 ingress-wp-prod.yaml create mode 100644 ingress-www-wp-prod.yaml create mode 100644 ingress_wp.yaml create mode 100644 izaac-backend.yaml create mode 100644 izaac-frontend.yaml create mode 100644 media-pvc.yaml create mode 100644 mysql_lb.yaml create mode 100644 nginx.yaml create mode 100644 postgres.yaml create mode 100644 static-pvc.yaml create mode 100644 wp_mysql.yaml create mode 100644 wp_mysql_prod.yaml create mode 100644 wp_new.yaml diff --git a/ingress-wp-prod.yaml b/ingress-wp-prod.yaml new file mode 100644 index 0000000..eae3d9d --- /dev/null +++ b/ingress-wp-prod.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: wp-izaac-ingress-prod + annotations: + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + tls: + - hosts: + - "izaac.pl" + secretName: tls-izaac.pl + rules: + - host: izaac.pl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wordpress-prod + port: + number: 80 diff --git a/ingress-www-wp-prod.yaml b/ingress-www-wp-prod.yaml new file mode 100644 index 0000000..0785fe9 --- /dev/null +++ b/ingress-www-wp-prod.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: wp-izaac-ingress-prod-www + annotations: + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + ingressClassName: traefik + tls: + - hosts: + - "www.izaac.pl" + secretName: tls-izaac.pl + rules: + - host: www.izaac.pl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wordpress-prod + port: + number: 80 diff --git a/ingress_wp.yaml b/ingress_wp.yaml new file mode 100644 index 0000000..7e89893 --- /dev/null +++ b/ingress_wp.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: wp-izaac-ingress + annotations: + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + ingressClassName: traefik + tls: + - hosts: + - "*.knck.pl" + - "izaac-wp.knck.pl" + secretName: tls-secret + rules: + - host: izaac-wp.knck.pl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wordpress + port: + number: 80 diff --git a/izaac-backend.yaml b/izaac-backend.yaml new file mode 100644 index 0000000..031fb96 --- /dev/null +++ b/izaac-backend.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: izaac-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: izaac-backend + template: + metadata: + labels: + app: izaac-backend + spec: + containers: + - name: izaac-backend + image: registry.knck.pl:5000/izaac-master:latest + ports: + - containerPort: 8000 + volumeMounts: + - name: static-storage + mountPath: /usr/scr/app/staticfiles + - name: static-media + mountPath: /usr/scr/app/media + volumes: + - name: static-storage + persistentVolumeClaim: + claimName: static-pvc + - name: static-media + persistentVolumeClaim: + claimName: media-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: izaac-backend +spec: + selector: + app: izaac-backend + ports: + - protocol: TCP + port: 8000 + targetPort: 8000 diff --git a/izaac-frontend.yaml b/izaac-frontend.yaml new file mode 100644 index 0000000..c8a372a --- /dev/null +++ b/izaac-frontend.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config-frontend +data: + default.conf: | + server { + listen 80; + server_name _; + root /usr/share/nginx/html; + index index.html; + + location / { + try_files $uri $uri/ /index.html; + } + } +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: izaac-frontend +spec: + replicas: 1 + selector: + matchLabels: + app: izaac-frontend + template: + metadata: + labels: + app: izaac-frontend + spec: + containers: + - name: izaac-frontend + image: registry.knck.pl:5000/izaac-frontend-master:latest + ports: + - containerPort: 80 + volumeMounts: + - name: config-volume + mountPath: /etc/nginx/conf.d + readOnly: true + volumes: + - name: config-volume + configMap: + name: nginx-config-frontend + items: + - key: default.conf + path: default.conf +--- +apiVersion: v1 +kind: Service +metadata: + name: izaac-frontend +spec: + selector: + app: izaac-frontend + ports: + - protocol: TCP + port: 80 + targetPort: 80 diff --git a/media-pvc.yaml b/media-pvc.yaml new file mode 100644 index 0000000..ff6fa68 --- /dev/null +++ b/media-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: media-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/mysql_lb.yaml b/mysql_lb.yaml new file mode 100644 index 0000000..b6c6102 --- /dev/null +++ b/mysql_lb.yaml @@ -0,0 +1,79 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + selector: + app: mysql + type: LoadBalancer +--- +apiVersion: v1 +kind: Secret +metadata: + name: mysql-pass +type: Opaque +data: + password: U1sxRVZvZkI2XXddM345NDNsIzQwXSM0 + username: Z3RucW9udW10cl93cDM= + rootpassword: d1MtQnltXE9jcTxRQV1OTDt3IyFbJS0zbg== +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql +spec: + selector: + matchLabels: + app: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + spec: + containers: + - image: mariadb:10.6 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: rootpassword + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mysql-pass + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: MYSQL_DATABASE + value: "gtnqonumtr_wp3" + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: mysql-persistent-storage + mountPath: /var/lib/mysql + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- diff --git a/nginx.yaml b/nginx.yaml new file mode 100644 index 0000000..65724a3 --- /dev/null +++ b/nginx.yaml @@ -0,0 +1,148 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: izaac + template: + metadata: + labels: + app: izaac + spec: + containers: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 + volumeMounts: + - name: nginx-conf-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: static-volume + mountPath: /usr/share/nginx/html + - name: static-media + mountPath: /usr/share/nginx/media + volumes: + - name: nginx-conf-volume + configMap: + name: nginx-config + - name: static-volume + persistentVolumeClaim: + claimName: static-pvc + - name: static-media + persistentVolumeClaim: + claimName: media-pvc +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config +data: + nginx.conf: | + user nginx; + worker_processes auto; + + error_log /var/log/nginx/error.log warn; + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + server { + listen 80; + server_name localhost; + + location /static { + alias /usr/share/nginx/html; # Upewnij się, że ta ścieżka jest zgodna z `mountPath` w Twoim konfigu Deploymentu Nginx + expires 30d; + add_header Pragma public; + add_header Cache-Control "public"; + try_files $uri =404; + } + location /media { + alias /usr/share/nginx/media; + expires 30d; + add_header Pragma public; + add_header Cache-Control "public"; + try_files $uri =404; + } + location /api { + proxy_pass http://izaac-backend:8000; # Upewnij się, że ta nazwa jest zgodna z nazwą serwisu Twojej aplikacji Django + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location /admin { + proxy_pass http://izaac-backend:8000; # Upewnij się, że ta nazwa jest zgodna z nazwą serwisu Twojej aplikacji Django + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + location / { + proxy_pass http://izaac-frontend:80; # Upewnij się, że ta nazwa jest zgodna z nazwą serwisu Twojej aplikacji Django + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + } +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: izaac-ingress + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + tls: + - hosts: + - "*.knck.pl" + - "izaac.knck.pl" + secretName: tls-secret + rules: + - host: izaac.knck.pl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: izaac + port: + number: 80 + +--- +apiVersion: v1 +kind: Service +metadata: + name: izaac +spec: + selector: + app: izaac + ports: + - protocol: TCP + port: 80 + targetPort: 80 diff --git a/postgres.yaml b/postgres.yaml new file mode 100644 index 0000000..680ed9f --- /dev/null +++ b/postgres.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres-deployment + labels: + app: postgres +spec: + replicas: 1 + selector: + matchLabels: + app: postgres + template: + metadata: + labels: + app: postgres + spec: + containers: + - name: postgres + image: postgres:latest + ports: + - containerPort: 5432 + env: + - name: POSTGRES_DB + value: izaac + - name: POSTGRES_USER + value: izaac + - name: POSTGRES_PASSWORD + value: iz@@cPWD@$5 + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgres-storage + volumes: + - name: postgres-storage + persistentVolumeClaim: + claimName: postgres-pvc + +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgres-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + # Jeśli używasz specyficznego StorageClass, dodaj 'storageClassName: your-storage-class-name' + +--- + +apiVersion: v1 +kind: Service +metadata: + name: postgres-service +spec: + ports: + - port: 10452 + targetPort: 5432 + protocol: TCP + selector: + app: postgres + type: ClusterIP diff --git a/static-pvc.yaml b/static-pvc.yaml new file mode 100644 index 0000000..b327812 --- /dev/null +++ b/static-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: static-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/wp_mysql.yaml b/wp_mysql.yaml new file mode 100644 index 0000000..cdefb84 --- /dev/null +++ b/wp_mysql.yaml @@ -0,0 +1,137 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mysql-pass +type: Opaque +data: + password: U1sxRVZvZkI2XXddM345NDNsIzQwXSM0 + username: Z3RucW9udW10cl93cDM= + rootpassword: d1MtQnltXE9jcTxRQV1OTDt3IyFbJS0zbg== +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql +spec: + selector: + matchLabels: + app: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + spec: + containers: + - image: mariadb:10.6 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: rootpassword + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mysql-pass + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: MYSQL_DATABASE + value: "gtnqonumtr_wp3" + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: mysql-persistent-storage + mountPath: /var/lib/mysql + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress +spec: + selector: + matchLabels: + app: wordpress + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress + spec: + containers: + - image: wordpress:latest + name: wordpress + env: + - name: WORDPRESS_DB_HOST + value: mysql:3306 + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + ports: + - containerPort: 80 + name: wordpress + volumeMounts: + - name: wordpress-persistent-storage + mountPath: /var/www/html + volumes: + - name: wordpress-persistent-storage + persistentVolumeClaim: + claimName: wordpress-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wordpress-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: wordpress +spec: + type: ClusterIP + ports: + - port: 80 + selector: + app: wordpress +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + selector: + app: mysql +--- diff --git a/wp_mysql_prod.yaml b/wp_mysql_prod.yaml new file mode 100644 index 0000000..748363a --- /dev/null +++ b/wp_mysql_prod.yaml @@ -0,0 +1,137 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql-prod +spec: + ports: + - port: 3306 + selector: + app: mysql-prod + type: ClusterIP +--- +apiVersion: v1 +kind: Secret +metadata: + name: mysql-pass +type: Opaque +data: + password: U1sxRVZvZkI2XXddM345NDNsIzQwXSM0 + username: Z3RucW9udW10cl93cDM= + rootpassword: d1MtQnltXE9jcTxRQV1OTDt3IyFbJS0zbg== +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql-prod +spec: + selector: + matchLabels: + app: mysql-prod + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql-prod + spec: + containers: + - image: mariadb:10.6 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: rootpassword + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: mysql-pass + key: username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: MYSQL_DATABASE + value: "gtnqonumtr_wp3" + ports: + - containerPort: 3306 + name: mysql-prod + volumeMounts: + - name: mysql-persistent-storage-prod + mountPath: /var/lib/mysql + volumes: + - name: mysql-persistent-storage-prod + persistentVolumeClaim: + claimName: mysql-pv-claim-prod +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim-prod +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress-prod +spec: + selector: + matchLabels: + app: wordpress-prod + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress-prod + spec: + containers: + - image: registry.knck.pl:5000/wordpress-modsec:latest + name: wordpress-prod + env: + - name: WORDPRESS_DB_HOST + value: mysql:3306 + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + ports: + - containerPort: 80 + name: wordpress-prod + volumeMounts: + - name: wordpress-persistent-prod + mountPath: /var/www/html + volumes: + - name: wordpress-persistent-prod + persistentVolumeClaim: + claimName: wordpress-pv-claim-prod +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wordpress-pv-claim-prod +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: wordpress-prod +spec: + type: ClusterIP + ports: + - port: 80 + selector: + app: wordpress-prod diff --git a/wp_new.yaml b/wp_new.yaml new file mode 100644 index 0000000..6c69d79 --- /dev/null +++ b/wp_new.yaml @@ -0,0 +1,58 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress +spec: + selector: + matchLabels: + app: wordpress + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress + spec: + containers: + - image: registry.knck.pl:5000/wordpress-modsec:latest + name: wordpress + env: + - name: WORDPRESS_DB_HOST + value: mysql:3306 + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + ports: + - containerPort: 80 + name: wordpress + volumeMounts: + - name: wordpress-persistent-storage + mountPath: /var/www/html + volumes: + - name: wordpress-persistent-storage + persistentVolumeClaim: + claimName: wordpress-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wordpress-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: wordpress +spec: + type: ClusterIP + ports: + - port: 80 + selector: + app: wordpress