From 38d99ba6d78d4c1193e0be1f348c01d4f80e151f Mon Sep 17 00:00:00 2001 From: Andrei Kartashov Date: Mon, 4 Sep 2023 22:38:06 +0700 Subject: [PATCH] websites --- README.rst | 7 ++ state/gullfaxi/apps/websites/application.yaml | 19 ++++++ .../apps/websites/manifests/a.ioot.xyz.yaml | 68 +++++++++++++++++++ .../apps/websites/manifests/certificate.yaml | 17 +++++ .../websites/manifests/router-ingress.yaml | 42 ++++++++++++ 5 files changed, 153 insertions(+) create mode 100644 state/gullfaxi/apps/websites/application.yaml create mode 100644 state/gullfaxi/apps/websites/manifests/a.ioot.xyz.yaml create mode 100644 state/gullfaxi/apps/websites/manifests/certificate.yaml create mode 100644 state/gullfaxi/apps/websites/manifests/router-ingress.yaml diff --git a/README.rst b/README.rst index 8532d84..3a5fabc 100644 --- a/README.rst +++ b/README.rst @@ -32,6 +32,9 @@ Applications & Projects +------------------------------+----------------------------------------------------------------+-------------------------+ | Oauth2-proxy_ | `Oauth2 Proxy`_ | |oauth2-proxy_status| | +------------------------------+----------------------------------------------------------------+-------------------------+ +| Websites_ | * https://a.ioot.xyz | |websites_status| | +| | * https://router.ioot.xyz | | ++------------------------------+----------------------------------------------------------------+-------------------------+ .. _`Default Project`: https://argocd.ioot.xyz/applications?proj=default @@ -69,6 +72,10 @@ Applications & Projects .. _Oauth2 Proxy: https://github.com/oauth2-proxy/oauth2-proxy .. |oauth2-proxy_status| image:: https://argocd.ioot.xyz/api/badge?name=oauth2-proxy&revision=true +.. _Websites: https://argocd.ioot.xyz/applications/argocd/websites +.. |websites_status| image:: https://argocd.ioot.xyz/api/badge?name=websites&revision=true + + Cluster initialization =============================================================================== diff --git a/state/gullfaxi/apps/websites/application.yaml b/state/gullfaxi/apps/websites/application.yaml new file mode 100644 index 0000000..0247215 --- /dev/null +++ b/state/gullfaxi/apps/websites/application.yaml @@ -0,0 +1,19 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: websites +spec: + destination: + server: https://kubernetes.default.svc + namespace: websites + project: apps + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + source: + repoURL: git@github.com:amkartashov/gf-k8s.git + targetRevision: main + path: state/gullfaxi/apps/websites/manifests/ diff --git a/state/gullfaxi/apps/websites/manifests/a.ioot.xyz.yaml b/state/gullfaxi/apps/websites/manifests/a.ioot.xyz.yaml new file mode 100644 index 0000000..538ba39 --- /dev/null +++ b/state/gullfaxi/apps/websites/manifests/a.ioot.xyz.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: aiootxyz + labels: + app: aiootxyz +spec: + replicas: 1 + selector: + matchLabels: + app: aiootxyz + template: + metadata: + labels: + app: aiootxyz + spec: + volumes: + - name: aiootxyz + hostPath: + path: /home/www/a.ioot.xyz + type: Directory + containers: + - name: aiootxyz + image: nginx:alpine + ports: + - containerPort: 80 + name: http + volumeMounts: + - mountPath: /usr/share/nginx/html + name: aiootxyz +--- +kind: Service +apiVersion: v1 +metadata: + name: aiootxyz +spec: + selector: + app: aiootxyz + ports: + - name: http + protocol: TCP + port: 80 + targetPort: http +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: aiootxyz + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" +spec: + ingressClassName: nginx + tls: + - secretName: san-ioot-xyz + hosts: + - a.ioot.xyz + rules: + - host: a.ioot.xyz + http: + paths: + - pathType: ImplementationSpecific + backend: + service: + name: aiootxyz + port: + number: 80 + diff --git a/state/gullfaxi/apps/websites/manifests/certificate.yaml b/state/gullfaxi/apps/websites/manifests/certificate.yaml new file mode 100644 index 0000000..d6fea7e --- /dev/null +++ b/state/gullfaxi/apps/websites/manifests/certificate.yaml @@ -0,0 +1,17 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: san-ioot-xyz +spec: + secretName: san-ioot-xyz + issuerRef: + name: letsencrypt + kind: ClusterIssuer + commonName: ioot.xyz + dnsNames: + - ioot.xyz + - a.ioot.xyz + - router.ioot.xyz + # to be deleted someday + - gorilych.ru + - router.gorilych.ru diff --git a/state/gullfaxi/apps/websites/manifests/router-ingress.yaml b/state/gullfaxi/apps/websites/manifests/router-ingress.yaml new file mode 100644 index 0000000..92a64df --- /dev/null +++ b/state/gullfaxi/apps/websites/manifests/router-ingress.yaml @@ -0,0 +1,42 @@ +kind: Service +apiVersion: v1 +metadata: + name: router-svc +spec: + ports: + - protocol: TCP + port: 443 + targetPort: 443 +--- +kind: Endpoints +apiVersion: v1 +metadata: + name: router-svc +subsets: + - addresses: + - ip: 192.168.1.1 + ports: + - port: 443 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-rules + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS +spec: + ingressClassName: nginx + tls: + - secretName: san-ioot-xyz + hosts: + - router.ioot.xyz + rules: + - host: router.ioot.xyz + http: + paths: + - pathType: ImplementationSpecific + backend: + service: + name: router-svc + port: + number: 443