Izaac/Kubernetes-Konfiguracja
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init kubernetes konfiguracja

Browse Source
This commit is contained in:
Jakub Kaniecki 2024-10-17 14:41:35 +02:00
commit dac7e8affa
13 changed files with 817 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
ingress-wp-prod.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wp-izaac-ingress-prod
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- "izaac.pl"
secretName: tls-izaac.pl
rules:
- host: izaac.pl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress-prod
port:
number: 80

24
ingress-www-wp-prod.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wp-izaac-ingress-prod-www
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
tls:
- hosts:
- "www.izaac.pl"
secretName: tls-izaac.pl
rules:
- host: www.izaac.pl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress-prod
port:
number: 80

24
ingress_wp.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wp-izaac-ingress
annotations:
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
ingressClassName: traefik
tls:
- hosts:
- "*.knck.pl"
- "izaac-wp.knck.pl"
secretName: tls-secret
rules:
- host: izaac-wp.knck.pl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: wordpress
port:
number: 80

43
izaac-backend.yaml Normal file
View File

@ -0,0 +1,43 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: izaac-deployment
spec:
replicas: 1
selector:
matchLabels:
app: izaac-backend
template:
metadata:
labels:
app: izaac-backend
spec:
containers:
- name: izaac-backend
image: registry.knck.pl:5000/izaac-master:latest
ports:
- containerPort: 8000
volumeMounts:
- name: static-storage
mountPath: /usr/scr/app/staticfiles
- name: static-media
mountPath: /usr/scr/app/media
volumes:
- name: static-storage
persistentVolumeClaim:
claimName: static-pvc
- name: static-media
persistentVolumeClaim:
claimName: media-pvc
---
apiVersion: v1
kind: Service
metadata:
name: izaac-backend
spec:
selector:
app: izaac-backend
ports:
- protocol: TCP
port: 8000
targetPort: 8000

59
izaac-frontend.yaml Normal file
View File

@ -0,0 +1,59 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config-frontend
data:
default.conf: |
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: izaac-frontend
spec:
replicas: 1
selector:
matchLabels:
app: izaac-frontend
template:
metadata:
labels:
app: izaac-frontend
spec:
containers:
- name: izaac-frontend
image: registry.knck.pl:5000/izaac-frontend-master:latest
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /etc/nginx/conf.d
readOnly: true
volumes:
- name: config-volume
configMap:
name: nginx-config-frontend
items:
- key: default.conf
path: default.conf
---
apiVersion: v1
kind: Service
metadata:
name: izaac-frontend
spec:
selector:
app: izaac-frontend
ports:
- protocol: TCP
port: 80
targetPort: 80

10
media-pvc.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: media-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

79
mysql_lb.yaml Normal file
View File

@ -0,0 +1,79 @@
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
ports:
- port: 3306
selector:
app: mysql
type: LoadBalancer
---
apiVersion: v1
kind: Secret
metadata:
name: mysql-pass
type: Opaque
data:
password: U1sxRVZvZkI2XXddM345NDNsIzQwXSM0
username: Z3RucW9udW10cl93cDM=
rootpassword: d1MtQnltXE9jcTxRQV1OTDt3IyFbJS0zbg==
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
selector:
matchLabels:
app: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql
spec:
containers:
- image: mariadb:10.6
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: rootpassword
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mysql-pass
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
- name: MYSQL_DATABASE
value: "gtnqonumtr_wp3"
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pv-claim
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---

148
nginx.yaml Normal file
View File

@ -0,0 +1,148 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 1
selector:
matchLabels:
app: izaac
template:
metadata:
labels:
app: izaac
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
volumeMounts:
- name: nginx-conf-volume
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: static-volume
mountPath: /usr/share/nginx/html
- name: static-media
mountPath: /usr/share/nginx/media
volumes:
- name: nginx-conf-volume
configMap:
name: nginx-config
- name: static-volume
persistentVolumeClaim:
claimName: static-pvc
- name: static-media
persistentVolumeClaim:
claimName: media-pvc
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
data:
nginx.conf: |
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
location /static {
alias /usr/share/nginx/html; # Upewnij się, że ta ścieżka jest zgodna z `mountPath` w Twoim konfigu Deploymentu Nginx
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
try_files $uri =404;
}
location /media {
alias /usr/share/nginx/media;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
try_files $uri =404;
}
location /api {
proxy_pass http://izaac-backend:8000; # Upewnij się, że ta nazwa jest zgodna z nazwą serwisu Twojej aplikacji Django
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /admin {
proxy_pass http://izaac-backend:8000; # Upewnij się, że ta nazwa jest zgodna z nazwą serwisu Twojej aplikacji Django
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass http://izaac-frontend:80; # Upewnij się, że ta nazwa jest zgodna z nazwą serwisu Twojej aplikacji Django
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: izaac-ingress
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
tls:
- hosts:
- "*.knck.pl"
- "izaac.knck.pl"
secretName: tls-secret
rules:
- host: izaac.knck.pl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: izaac
port:
number: 80
---
apiVersion: v1
kind: Service
metadata:
name: izaac
spec:
selector:
app: izaac
ports:
- protocol: TCP
port: 80
targetPort: 80

64
postgres.yaml Normal file
View File

@ -0,0 +1,64 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-deployment
labels:
app: postgres
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:latest
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: izaac
- name: POSTGRES_USER
value: izaac
- name: POSTGRES_PASSWORD
value: iz@@cPWD@$5
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres-storage
volumes:
- name: postgres-storage
persistentVolumeClaim:
claimName: postgres-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
# Jeśli używasz specyficznego StorageClass, dodaj 'storageClassName: your-storage-class-name'
---
apiVersion: v1
kind: Service
metadata:
name: postgres-service
spec:
ports:
- port: 10452
targetPort: 5432
protocol: TCP
selector:
app: postgres
type: ClusterIP

10
static-pvc.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: static-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

137
wp_mysql.yaml Normal file
View File

@ -0,0 +1,137 @@
apiVersion: v1
kind: Secret
metadata:
name: mysql-pass
type: Opaque
data:
password: U1sxRVZvZkI2XXddM345NDNsIzQwXSM0
username: Z3RucW9udW10cl93cDM=
rootpassword: d1MtQnltXE9jcTxRQV1OTDt3IyFbJS0zbg==
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
selector:
matchLabels:
app: mysql
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql
spec:
containers:
- image: mariadb:10.6
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: rootpassword
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mysql-pass
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
- name: MYSQL_DATABASE
value: "gtnqonumtr_wp3"
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: mysql-persistent-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage
persistentVolumeClaim:
claimName: mysql-pv-claim
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
spec:
selector:
matchLabels:
app: wordpress
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
spec:
containers:
- image: wordpress:latest
name: wordpress
env:
- name: WORDPRESS_DB_HOST
value: mysql:3306
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
ports:
- containerPort: 80
name: wordpress
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: wordpress-pv-claim
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wordpress-pv-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: wordpress
---
apiVersion: v1
kind: Service
metadata:
name: mysql
spec:
ports:
- port: 3306
selector:
app: mysql
---

137
wp_mysql_prod.yaml Normal file
View File

@ -0,0 +1,137 @@
apiVersion: v1
kind: Service
metadata:
name: mysql-prod
spec:
ports:
- port: 3306
selector:
app: mysql-prod
type: ClusterIP
---
apiVersion: v1
kind: Secret
metadata:
name: mysql-pass
type: Opaque
data:
password: U1sxRVZvZkI2XXddM345NDNsIzQwXSM0
username: Z3RucW9udW10cl93cDM=
rootpassword: d1MtQnltXE9jcTxRQV1OTDt3IyFbJS0zbg==
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql-prod
spec:
selector:
matchLabels:
app: mysql-prod
strategy:
type: Recreate
template:
metadata:
labels:
app: mysql-prod
spec:
containers:
- image: mariadb:10.6
name: mysql
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: rootpassword
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: mysql-pass
key: username
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
- name: MYSQL_DATABASE
value: "gtnqonumtr_wp3"
ports:
- containerPort: 3306
name: mysql-prod
volumeMounts:
- name: mysql-persistent-storage-prod
mountPath: /var/lib/mysql
volumes:
- name: mysql-persistent-storage-prod
persistentVolumeClaim:
claimName: mysql-pv-claim-prod
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pv-claim-prod
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress-prod
spec:
selector:
matchLabels:
app: wordpress-prod
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress-prod
spec:
containers:
- image: registry.knck.pl:5000/wordpress-modsec:latest
name: wordpress-prod
env:
- name: WORDPRESS_DB_HOST
value: mysql:3306
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
ports:
- containerPort: 80
name: wordpress-prod
volumeMounts:
- name: wordpress-persistent-prod
mountPath: /var/www/html
volumes:
- name: wordpress-persistent-prod
persistentVolumeClaim:
claimName: wordpress-pv-claim-prod
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wordpress-pv-claim-prod
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
---
apiVersion: v1
kind: Service
metadata:
name: wordpress-prod
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: wordpress-prod

58
wp_new.yaml Normal file
View File

@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
spec:
selector:
matchLabels:
app: wordpress
strategy:
type: Recreate
template:
metadata:
labels:
app: wordpress
spec:
containers:
- image: registry.knck.pl:5000/wordpress-modsec:latest
name: wordpress
env:
- name: WORDPRESS_DB_HOST
value: mysql:3306
- name: WORDPRESS_DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-pass
key: password
ports:
- containerPort: 80
name: wordpress
volumeMounts:
- name: wordpress-persistent-storage
mountPath: /var/www/html
volumes:
- name: wordpress-persistent-storage
persistentVolumeClaim:
claimName: wordpress-pv-claim
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wordpress-pv-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
spec:
type: ClusterIP
ports:
- port: 80
selector:
app: wordpress