You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
148 lines
3.4 KiB
148 lines
3.4 KiB
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: kilosubspace
|
|
name: kilosubspace
|
|
spec:
|
|
clusterIP: None
|
|
ports:
|
|
- name: http
|
|
port: 8080
|
|
targetPort: 8080
|
|
selector:
|
|
app.kubernetes.io/name: kilosubspace
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: kilosubspace
|
|
labels:
|
|
app.kubernetes.io/name: kilosubspace
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: kilosubspace
|
|
serviceName: kilosubspace
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: kilosubspace
|
|
spec:
|
|
nodeSelector:
|
|
sapian-k3s-role: server
|
|
containers:
|
|
- image: squat/kilosubspace
|
|
name: kilosubspace
|
|
command:
|
|
- /bin/bash
|
|
- -c
|
|
- export SUBSPACE_IPV4_GW=$(cat /etc/resolv.conf | grep nameserver | head -n 1 | awk '{print $2}') && mkdir -p /data/wireguard/{clients,peers} && kilosubspace findkey $SUBSPACE_HTTP_HOST:$SUBSPACE_LISTENPORT > /data/wireguard/server.public && subspace --http-addr=$SUBSPACE_HTTP_ADDR --http-host=$SUBSPACE_HTTP_HOST --http-insecure=$SUBSPACE_HTTP_INSECURE --letsencrypt=$SUBSPACE_LETSENCRYPT --debug
|
|
env:
|
|
- name: SUBSPACE_HTTP_ADDR
|
|
value: :8080
|
|
- name: SUBSPACE_HTTP_HOST
|
|
value: k3s-02-ssd-ny.dialbox.cloud
|
|
- name: SUBSPACE_HTTP_INSECURE
|
|
value: "true"
|
|
- name: SUBSPACE_LETSENCRYPT
|
|
value: "false"
|
|
- name: SUBSPACE_LISTENPORT
|
|
value: "51820"
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
serviceAccountName: kilosubspace
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
labels:
|
|
app.kubernetes.io/name: kilosubspace
|
|
name: data
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: kilosubspace
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kilosubspace
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- kilo.squat.ai
|
|
resources:
|
|
- peers
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- update
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: kilosubspace
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: kilosubspace
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kilosubspace
|
|
namespace: kilosubspace
|
|
---
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production-issuer
|
|
kubernetes.io/ingress.class: traefik
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
traefik.ingress.kubernetes.io/router.middlewares: kilosubspace-kilosubspace-basicauth@kubernetescrd
|
|
labels:
|
|
app.kubernetes.io/name: kilosubspace
|
|
name: kilosubspace
|
|
namespace: kilosubspace
|
|
spec:
|
|
rules:
|
|
- host: k3s-02-ssd-ny.dialbox.cloud
|
|
http:
|
|
paths:
|
|
- backend:
|
|
service:
|
|
name: kilosubspace
|
|
port:
|
|
number: 8080
|
|
path: /
|
|
pathType: Prefix
|
|
tls:
|
|
- hosts:
|
|
- k3s-02-ssd-ny.dialbox.cloud
|
|
secretName: k3s-02-ssd-ny-dialbox-cloud-le-tls
|
|
---
|
|
apiVersion: traefik.containo.us/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: kilosubspace-basicauth
|
|
spec:
|
|
basicAuth:
|
|
secret: subspace-basicauth-htpasswd
|