amkartashov/gf-k8s
1
0
Fork 0
mirror of https://github.com/amkartashov/gf-k8s.git synced 2026-01-10 17:39:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
Andrey Kartashov 2018-01-08 18:03:36 +07:00
commit 4041acfa21
14 changed files with 1098 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
README.md Normal file
View file

@ -0,0 +1,22 @@
Kubernetes deployments and related
==================================
Collection of k8s resources for deployment of different applications on self-hosted k8s cluster.
* router-ingress.yaml
Proxy for router web ui
* mysql.yaml and postgres.yaml
Database resources
* confluence.yaml
* jira.yaml
* gitea.yaml
* Seafile
SeafileCT/ - common docker image ccnet, seafile and seahub
seafile.yaml - set of resources for seafile.
Pod consists of 4 containers: ccnet, seaf, seahub and seahubstatic (on nginx image).
One init container is used to install/upgrade.
* SSH service
Used as jump server, as development box (has golang an python, git), as management server for docker and k8s, etc
SSHct/ - docker image (from debian 9) for container with SSH service, which starts tmux
sshct.yaml - set of k8s resources for SSH service.

26
SSHct/Dockerfile Normal file
View file

@ -0,0 +1,26 @@
FROM debian:9
VOLUME /home
EXPOSE 22
ENTRYPOINT ["/bin/entrypoint"]
ENV CTUSER me
ENV CTUSERID 1000
ENV CTUSERPWD 123qweASD
ENV CTTIMEZONE Asia/Novosibirsk
ENV CTLOCALE ru_RU.UTF-8
ENV PUBKEY none
RUN apt-get update -y && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
openssh-server bash tmux curl sudo less vim \
dialog locales man bash-completion wget apt-file telnet \
dnsutils git pwgen python bc golang
ADD sshd_config /etc/ssh/sshd_config
ADD entrypoint.sh /bin/entrypoint
RUN chmod +x /bin/entrypoint
RUN mkdir /var/run/sshd
RUN echo '%sudo ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers

30
SSHct/entrypoint.sh Normal file
View file

@ -0,0 +1,30 @@
#!/bin/sh
echo $CTTIMEZONE > /etc/timezone
ln -sf /usr/share/zoneinfo/$CTTIMEZONE /etc/localtime
dpkg-reconfigure -f noninteractive tzdata
sed -i -e "s/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/" /etc/locale.gen
sed -i -e "s/# $CTLOCALE UTF-8/$CTLOCALE UTF-8/" /etc/locale.gen
dpkg-reconfigure --frontend=noninteractive locales
update-locale LANG=$CTLOCALE
echo "AllowUsers $CTUSER" >> /etc/ssh/sshd_config
useradd --uid $CTUSERID --user-group --shell /bin/bash $CTUSER
echo $CTUSER:"$CTUSERPWD" | chpasswd
passwd -u $CTUSER
usermod -a -G sudo $CTUSER
# Add pubkey
if [ "$PUBKEY" != "none" ]; then
echo "$PUBKEY" >> /home/$CTUSER/.ssh/authorized_keys
chmod 600 /home/$CTUSER/.ssh/authorized_keys
fi
# Install additional packages in background
if [ -f /home/.packages ]; then
tmux new-session -d -s aptget 'cat /home/.packages | xargs --max-args=1 apt-get install -y'
fi
# start ssh daemon
exec /usr/sbin/sshd -Def /etc/ssh/sshd_config

10
SSHct/sshd_config Normal file
View file

@ -0,0 +1,10 @@
Protocol 2
Port 22
PubkeyAuthentication yes
PasswordAuthentication no
AllowTcpForwarding yes
X11Forwarding yes
PrintMotd no
IgnoreUserKnownHosts yes
PermitRootLogin no
PermitEmptyPasswords no

34
SeafileCT/Dockerfile Normal file
View file

@ -0,0 +1,34 @@
FROM debian:9
VOLUME /seafile
# Seafile Web UI
EXPOSE 8000
# Seafile File server
EXPOSE 8082
ENV SEAFILE_VERSION 6.2.3
ENV SERVER_NAME seafile
ENV SERVER_HOSTNAME seafile.com
ENV MYSQL_HOST mysql
ENV MYSQL_USER root
ENV MYSQL_PASSWORD secret
ENV CCNETDB ccnet
ENV SEAFILEDB seafile
ENV SEAHUBDB seahub
ENV ADMINEMAIL admin@seafile.com
ENV ADMINASSWORD secret
ENTRYPOINT ["/bin/entrypoint"]
RUN apt-get update -y && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
python2.7 libpython2.7 python-setuptools \
python-imaging python-ldap python-urllib3 ffmpeg python-pip python-mysqldb python-memcache wget
RUN pip install pillow moviepy
RUN mkdir -p /seafile
ADD entrypoint.sh /bin/entrypoint
RUN chmod +x /bin/entrypoint

141
SeafileCT/entrypoint.sh Normal file
View file

@ -0,0 +1,141 @@
#!/bin/sh
set -o errexit
command=$1
upgrade () {
echo Upgrade ...
if [ ! -L /seafile/seafile-server-latest ]; then
echo No /seafile/seafile-server-latest!
exit 1
fi
curdir=$(readlink /seafile/seafile-server-latest) # like seafile-server-5.1.1
curver=${curdir##*-} # 5.1.1
curverm=${curver%.*} # 5.1
# download and unpack
cd /seafile
wget -c https://download.seadrive.org/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
tar xf seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
cd seafile-server-${SEAFILE_VERSION}
# run major (4.x -> 5.x) and minor (5.x -> 5.y) upgrade scripts
upgrade_sh=$(ls upgrade/upgrade_${curverm}* || true)
while [ -n "$upgrade_sh" ]; do
echo Upgrade from $curverm ...
yes | $upgrade_sh
# get next
curverm=${upgrade_sh##*_}
curverm=${curverm%.sh}
upgrade_sh=$(ls upgrade/upgrade_${curverm}* || true)
done
# run maintenance (5.x.y -> 5.x.z) upgrade script
echo Maintenance upgrade ...
yes | upgrade/minor-upgrade.sh
# seahub (gunicorn) to run in foreground
sed -i 's/daemon = True/daemon = False/' /seafile/seafile-server-latest/runtime/seahub.conf
}
init () {
echo Init ...
if [ -L /seafile/seafile-server-latest ]; then
echo /seafile/seafile-server-latest exists. Init was done already?
exit 0
fi
# download and unpack
cd /seafile
wget -c https://download.seadrive.org/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
tar xf seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
# this directory is used to exchange upload files between seahub and seaf-server
mkdir -p /seafile/tmp
# generate configuration files
env -i PYTHON=python2.7 python /seafile/seafile-server-${SEAFILE_VERSION}/setup-seafile-mysql.py auto \
--server-name ${SERVER_NAME} --server-ip ${SERVER_HOSTNAME} \
--seafile-dir /seafile/data \
--use-existing-db 1 \
--mysql-host ${MYSQL_HOST} \
--mysql-user ${MYSQL_USER} --mysql-user-passwd ${MYSQL_PASSWORD} \
--ccnet-db ${CCNETDB} --seafile-db ${SEAFILEDB} --seahub-db ${SEAHUBDB}
# put correct urls
sed -i 's|SERVICE_URL.*|SERVICE_URL = https://'$SERVER_HOSTNAME'|' /seafile/conf/ccnet.conf
echo "FILE_SERVER_ROOT = 'https://$SERVER_HOSTNAME/seafhttp'" >> /seafile/conf/seahub_settings.py
# seahub (gunicorn) to run in foreground
sed -i 's/daemon = True/daemon = False/' /seafile/seafile-server-latest/runtime/seahub.conf
# seahub to log to stdout
echo 'LOGGING = {}' >> /seafile/conf/seahub_settings.py
# put admin account creds into a file
echo "{ \"email\": \"$ADMINEMAIL\", \"password\": \"$ADMINPASSWORD\" }" > /seafile/conf/admin.txt
}
ccnet () {
echo Starting ccnet ...
exe=/seafile/seafile-server-latest/seafile/bin/ccnet-server
SEAFILE_LD_LIBRARY_PATH=/seafile/seafile-server-latest/seafile/lib/:/seafile/seafile-server-latest/seafile/lib64
exec env -i LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH \
$exe -F /seafile/conf -c /seafile/ccnet --logfile -
}
seaf () {
echo Starting seaf ...
exe=/seafile/seafile-server-latest/seafile/bin/seaf-server
SEAFILE_LD_LIBRARY_PATH=/seafile/seafile-server-latest/seafile/lib/:/seafile/seafile-server-latest/seafile/lib64
exec env -i LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH \
$exe -F /seafile/conf -c /seafile/ccnet --foreground --seafdir /seafile/data --log -
}
seahub () {
echo Starting seahub ...
gunicorn_conf=/seafile/seafile-server-latest/runtime/seahub.conf
gunicorn_exe=/seafile/seafile-server-latest/seahub/thirdpart/gunicorn
PYTHONPATH=/seafile/seafile-server-latest/seafile/lib/python2.7/site-packages:/seafile/seafile-server-latest/seafile/lib64/python2.7/site-packages:/seafile/seafile-server-latest/seahub:/seafile/seafile-server-latest/seahub/thirdpart
if [ -f /seafile/conf/admin.txt ]; then
# let's wait for ccnet and seaf
sleep 10
env -i PYTHONPATH=$PYTHONPATH CCNET_CONF_DIR=/seafile/ccnet SEAFILE_CENTRAL_CONF_DIR=/seafile/conf \
python /seafile/seafile-server-latest/check_init_admin.py
fi
exec env -i PYTHONPATH=$PYTHONPATH TMPDIR=/seafile/tmp \
SEAFILE_CONF_DIR=/seafile/data CCNET_CONF_DIR=/seafile/ccnet SEAFILE_CENTRAL_CONF_DIR=/seafile/conf \
python $gunicorn_exe seahub.wsgi:application -c "${gunicorn_conf}" -b "0.0.0.0:8000" --preload
}
case $command in
init) init ;;
upgrade) upgrade ;;
ccnet) ccnet ;;
seaf) seaf ;;
seahub) seahub ;;
*)
echo "specify command argument, one of: init ccnet seaf seahub"
exit 1
;;
esac

129
confluence.yaml Normal file
View file

@ -0,0 +1,129 @@
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: confluence
labels:
type: local
name: confluence
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/confluence
# mkdir -p /data/confluence
# chown 2.2 /data/confluence
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: confluence
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
selector:
matchLabels:
name: confluence
---
# TODO 1
# Add readiness probe
# https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
# https://confluence.atlassian.com/enterprise/jira-data-center-load-balancer-examples-781200827.html
# see Load Balancing Health Check URL
# TODO 2
# Add non-persistent volume for logs ?
# TODO 3
# increase nginx timeout
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: confluence
labels:
app: confluence
spec:
replicas: 1
selector:
matchLabels:
app: confluence
template:
metadata:
labels:
app: confluence
spec:
volumes:
- name: confluence
persistentVolumeClaim:
claimName: confluence
containers:
- name: confluence
image: atlassian/confluence-server:latest
ports:
- containerPort: 8090
name: http
- containerPort: 8091
name: synchrony
volumeMounts:
- mountPath: /var/atlassian/application-data/confluence
name: confluence
env:
- name: CATALINA_CONNECTOR_PROXYNAME
value: confluence.gorilych.ru
- name: CATALINA_CONNECTOR_PROXYPORT
value: "443"
- name: CATALINA_CONNECTOR_SCHEME
value: https
- name: CATALINA_CONNECTOR_SECURE
value: "true"
---
kind: Service
apiVersion: v1
metadata:
name: confluence
spec:
selector:
app: confluence
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
- name: synchrony
protocol: TCP
port: 81
targetPort: synchrony
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: confluence
annotations:
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 32m
spec:
tls:
- secretName: gorilych-ru-tls
hosts:
- gorilych.ru
- router.gorilych.ru
- confluence.gorilych.ru
- jira.gorilych.ru
- git.gorilych.ru
- seafile.gorilych.ru
rules:
- host: confluence.gorilych.ru
http:
paths:
- backend:
serviceName: confluence
servicePort: 80
- path: /synchrony
backend:
serviceName: confluence
servicePort: 81

122
gitea.yaml Normal file
View file

@ -0,0 +1,122 @@
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: gitea
labels:
type: local
name: gitea
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/gitea
# chown 200.200 /data/gitea
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: gitea
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
selector:
matchLabels:
name: gitea
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: gitea
labels:
app: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea
template:
metadata:
labels:
app: gitea
spec:
volumes:
- name: gitea
persistentVolumeClaim:
claimName: gitea
containers:
- name: gitea
image: gitea/gitea
ports:
- containerPort: 3000
name: http
- containerPort: 22
name: ssh
volumeMounts:
- mountPath: /data
name: gitea
env:
- name: USER_UID
value: "200"
- name: USER_GID
value: "200"
---
kind: Service
apiVersion: v1
metadata:
name: gitea
spec:
selector:
app: gitea
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: gitea
annotations:
kubernetes.io/tls-acme: "true"
spec:
tls:
- secretName: gorilych-ru-tls
hosts:
- gorilych.ru
- router.gorilych.ru
- confluence.gorilych.ru
- jira.gorilych.ru
- git.gorilych.ru
- seafile.gorilych.ru
rules:
- host: git.gorilych.ru
http:
paths:
- backend:
serviceName: gitea
servicePort: 80
---
kind: Service
apiVersion: v1
metadata:
name: sshgitea
spec:
selector:
app: gitea
ports:
- name: ssh
protocol: TCP
port: 22
targetPort: ssh
nodePort: 31022
type: NodePort

116
jira.yaml Normal file
View file

@ -0,0 +1,116 @@
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: jira
labels:
type: local
name: jira
spec:
storageClassName: manual
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/jira
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: jira
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
selector:
matchLabels:
name: jira
---
# TODO 1
# Add readiness probe
# https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
# https://jira.atlassian.com/enterprise/jira-data-center-load-balancer-examples-781200827.html
# see Load Balancing Health Check URL
# TODO 2
# Add non-persistent volume for logs ?
# TODO 3
# increase nginx timeout
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: jira
labels:
app: jira
spec:
replicas: 1
selector:
matchLabels:
app: jira
template:
metadata:
labels:
app: jira
spec:
volumes:
- name: jira
persistentVolumeClaim:
claimName: jira
containers:
- name: jira
image: cptactionhank/atlassian-jira:latest
ports:
- containerPort: 8080
name: http
volumeMounts:
- mountPath: /var/atlassian/jira
name: jira
env:
- name: X_PROXY_NAME
value: jira.gorilych.ru
- name: X_PROXY_PORT
value: "443"
- name: X_PROXY_SCHEME
value: https
- name: X_PROXY_SECURE
value: "true"
---
kind: Service
apiVersion: v1
metadata:
name: jira
spec:
selector:
app: jira
ports:
- name: http
protocol: TCP
port: 80
targetPort: http
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: jira
annotations:
kubernetes.io/tls-acme: "true"
spec:
tls:
- secretName: gorilych-ru-tls
hosts:
- gorilych.ru
- router.gorilych.ru
- confluence.gorilych.ru
- jira.gorilych.ru
- git.gorilych.ru
- seafile.gorilych.ru
rules:
- host: jira.gorilych.ru
http:
paths:
- backend:
serviceName: jira
servicePort: 80

76
mysql.yaml Normal file
View file

@ -0,0 +1,76 @@
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: mariadb
labels:
type: local
name: mariadb
spec:
storageClassName: manual
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/mariadb
# mkdir -p /data/mariadb
# chown 999.999 /data/mariadb
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: mariadb
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: mariadb
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: mariadb
labels:
app: mariadb
spec:
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
volumes:
- name: mariadb
persistentVolumeClaim:
claimName: mariadb
containers:
- name: mariadb
image: mariadb
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- mountPath: /var/lib/mysql
name: mariadb
---
kind: Service
apiVersion: v1
metadata:
name: mysql
spec:
selector:
app: mariadb
ports:
- name: mysql
protocol: TCP
port: 3306
targetPort: mysql

76
postgres.yaml Normal file
View file

@ -0,0 +1,76 @@
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: postgres
labels:
type: local
name: postgres
spec:
storageClassName: manual
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/postgres
# mkdir -p /data/postgres
# chown 999.999 /data/postgres
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: postgres
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: postgres
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: postgres
labels:
app: postgres
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
volumes:
- name: postgres
persistentVolumeClaim:
claimName: postgres
containers:
- name: postgres
image: postgres
ports:
- containerPort: 5432
name: pgsql
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: postgres
---
kind: Service
apiVersion: v1
metadata:
name: pgsql
spec:
selector:
app: postgres
ports:
- name: pgsql
protocol: TCP
port: 5432
targetPort: pgsql

44
router-ingress.yaml Normal file
View file

@ -0,0 +1,44 @@
kind: Service
apiVersion: v1
metadata:
name: router-svc
spec:
ports:
- protocol: TCP
port: 443
targetPort: 443
---
kind: Endpoints
apiVersion: v1
metadata:
name: router-svc
subsets:
- addresses:
- ip: 192.168.1.1
ports:
- port: 44443
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-rules
annotations:
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
tls:
- secretName: gorilych-ru-tls
hosts:
- gorilych.ru
- router.gorilych.ru
- confluence.gorilych.ru
- jira.gorilych.ru
- git.gorilych.ru
- seafile.gorilych.ru
rules:
- host: router.gorilych.ru
http:
paths:
- backend:
serviceName: router-svc
servicePort: 443

179
seafile.yaml Normal file
View file

@ -0,0 +1,179 @@
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: seafile
labels:
type: local
name: seafile
spec:
storageClassName: manual
capacity:
storage: 200Gi
accessModes:
- ReadWriteMany
hostPath:
path: /data/seafile
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: seafile
spec:
storageClassName: manual
accessModes:
- ReadWriteMany
resources:
requests:
storage: 200Gi
selector:
matchLabels:
name: seafile
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: seafile
labels:
app: seafile
spec:
replicas: 1
selector:
matchLabels:
app: seafile
template:
metadata:
labels:
app: seafile
spec:
volumes:
- name: seafile
persistentVolumeClaim:
claimName: seafile
- name: seahubstatic
hostPath:
path: /data/seafile/seafile-server-latest/seahub/media
type:
- name: seahubavatars
hostPath:
path: /data/seafile/seahub-data/avatars
type:
containers:
- name: ccnet
image: seafile
imagePullPolicy: IfNotPresent
command: [ "/bin/entrypoint", "ccnet"]
volumeMounts:
- mountPath: /seafile
name: seafile
- name: seaf
image: seafile
imagePullPolicy: IfNotPresent
command: [ "/bin/entrypoint", "seaf"]
ports:
- containerPort: 8082
name: filesever
volumeMounts:
- mountPath: /seafile
name: seafile
- name: seahub
image: seafile
imagePullPolicy: IfNotPresent
command: [ "/bin/entrypoint", "seahub"]
ports:
- containerPort: 8000
name: seahub
volumeMounts:
- mountPath: /seafile
name: seafile
- name: seahubstatic
image: nginx:alpine
ports:
- containerPort: 80
name: seahubstatic
volumeMounts:
- mountPath: /usr/share/nginx/html
name: seahubstatic
- mountPath: /usr/share/nginx/html/avatars
name: seahubavatars
initContainers:
- name: init
image: seafile
imagePullPolicy: IfNotPresent
command: [ "/bin/entrypoint", "init"]
volumeMounts:
- mountPath: /seafile
name: seafile
env:
- name: SEAFILE_VERSION
value: "6.2.3"
- name: SERVER_NAME
value: gullfaxi
- name: SERVER_HOSTNAME
value: seafile.gorilych.ru
- name: MYSQL_HOST
value: mysql.default.svc.cluster.local
- name: MYSQL_USER
value: seafile
- name: MYSQL_PASSWORD
value: in9ceeC6ohs3
- name: ADMINEMAIL
value: gorilych@gmail.com
- name: ADMINASSWORD
value: in9ceeC6ohs3
---
kind: Service
apiVersion: v1
metadata:
name: seafile
spec:
selector:
app: seafile
ports:
- name: seahub
protocol: TCP
port: 80
targetPort: seahub
- name: seahubstatic
protocol: TCP
port: 81
targetPort: seahubstatic
- name: fileserver
protocol: TCP
port: 82
targetPort: filesever
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: seafile
annotations:
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
tls:
- secretName: gorilych-ru-tls
hosts:
- gorilych.ru
- router.gorilych.ru
- confluence.gorilych.ru
- jira.gorilych.ru
- git.gorilych.ru
- seafile.gorilych.ru
rules:
- host: seafile.gorilych.ru
http:
paths:
- backend:
serviceName: seafile
servicePort: 80
- path: /media
backend:
serviceName: seafile
servicePort: 81
- path: /seafhttp
backend:
serviceName: seafile
servicePort: 82

93
sshct.yaml Normal file
View file

@ -0,0 +1,93 @@
---
apiVersion: v1
kind: Secret
metadata:
name: sshct
type: Opaque
data:
password: OGJKYWtURER3amQ3SG4=
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: sshcthome
labels:
type: local
name: sshcthome
spec:
storageClassName: manual
capacity:
storage: 100Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data/home
# mkdir -p /data/home/me
# chown 1000.1000 /data/home/me
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: sshcthome
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi
selector:
matchLabels:
name: sshcthome
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: sshct
labels:
app: sshct
spec:
replicas: 1
selector:
matchLabels:
app: sshct
template:
metadata:
labels:
app: sshct
spec:
volumes:
- name: sshcthome
persistentVolumeClaim:
claimName: sshcthome
containers:
- name: sshct
image: sshct
imagePullPolicy: IfNotPresent
env:
- name: CTUSERPWD
valueFrom:
secretKeyRef:
name: sshct
key: password
ports:
- containerPort: 22
name: ssh
volumeMounts:
- mountPath: /home
name: sshcthome
---
kind: Service
apiVersion: v1
metadata:
name: sshct
spec:
selector:
app: sshct
ports:
- name: ssh
protocol: TCP
port: 22
targetPort: ssh
nodePort: 30810
type: NodePort