commit 4041acfa21c35268de1f4964b79ca9096067f568 Author: Andrey Kartashov Date: Mon Jan 8 18:03:36 2018 +0700 Initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..704e3d0 --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +Kubernetes deployments and related +================================== + +Collection of k8s resources for deployment of different applications on self-hosted k8s cluster. + +* router-ingress.yaml + Proxy for router web ui +* mysql.yaml and postgres.yaml + Database resources +* confluence.yaml +* jira.yaml +* gitea.yaml +* Seafile + SeafileCT/ - common docker image ccnet, seafile and seahub + seafile.yaml - set of resources for seafile. + Pod consists of 4 containers: ccnet, seaf, seahub and seahubstatic (on nginx image). + One init container is used to install/upgrade. +* SSH service + Used as jump server, as development box (has golang an python, git), as management server for docker and k8s, etc + SSHct/ - docker image (from debian 9) for container with SSH service, which starts tmux + sshct.yaml - set of k8s resources for SSH service. + diff --git a/SSHct/Dockerfile b/SSHct/Dockerfile new file mode 100644 index 0000000..201c8e4 --- /dev/null +++ b/SSHct/Dockerfile @@ -0,0 +1,26 @@ +FROM debian:9 + +VOLUME /home +EXPOSE 22 +ENTRYPOINT ["/bin/entrypoint"] + +ENV CTUSER me +ENV CTUSERID 1000 +ENV CTUSERPWD 123qweASD +ENV CTTIMEZONE Asia/Novosibirsk +ENV CTLOCALE ru_RU.UTF-8 +ENV PUBKEY none + +RUN apt-get update -y && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y \ + openssh-server bash tmux curl sudo less vim \ + dialog locales man bash-completion wget apt-file telnet \ + dnsutils git pwgen python bc golang + +ADD sshd_config /etc/ssh/sshd_config +ADD entrypoint.sh /bin/entrypoint +RUN chmod +x /bin/entrypoint + +RUN mkdir /var/run/sshd +RUN echo '%sudo ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers + diff --git a/SSHct/entrypoint.sh b/SSHct/entrypoint.sh new file mode 100644 index 0000000..4a6aa79 --- /dev/null +++ b/SSHct/entrypoint.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +echo $CTTIMEZONE > /etc/timezone +ln -sf /usr/share/zoneinfo/$CTTIMEZONE /etc/localtime +dpkg-reconfigure -f noninteractive tzdata + +sed -i -e "s/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/" /etc/locale.gen +sed -i -e "s/# $CTLOCALE UTF-8/$CTLOCALE UTF-8/" /etc/locale.gen +dpkg-reconfigure --frontend=noninteractive locales +update-locale LANG=$CTLOCALE + +echo "AllowUsers $CTUSER" >> /etc/ssh/sshd_config +useradd --uid $CTUSERID --user-group --shell /bin/bash $CTUSER +echo $CTUSER:"$CTUSERPWD" | chpasswd +passwd -u $CTUSER +usermod -a -G sudo $CTUSER + +# Add pubkey +if [ "$PUBKEY" != "none" ]; then + echo "$PUBKEY" >> /home/$CTUSER/.ssh/authorized_keys + chmod 600 /home/$CTUSER/.ssh/authorized_keys +fi + +# Install additional packages in background +if [ -f /home/.packages ]; then + tmux new-session -d -s aptget 'cat /home/.packages | xargs --max-args=1 apt-get install -y' +fi + +# start ssh daemon +exec /usr/sbin/sshd -Def /etc/ssh/sshd_config diff --git a/SSHct/sshd_config b/SSHct/sshd_config new file mode 100644 index 0000000..937ecbd --- /dev/null +++ b/SSHct/sshd_config @@ -0,0 +1,10 @@ +Protocol 2 +Port 22 +PubkeyAuthentication yes +PasswordAuthentication no +AllowTcpForwarding yes +X11Forwarding yes +PrintMotd no +IgnoreUserKnownHosts yes +PermitRootLogin no +PermitEmptyPasswords no diff --git a/SeafileCT/Dockerfile b/SeafileCT/Dockerfile new file mode 100644 index 0000000..be1302a --- /dev/null +++ b/SeafileCT/Dockerfile @@ -0,0 +1,34 @@ +FROM debian:9 + +VOLUME /seafile +# Seafile Web UI +EXPOSE 8000 +# Seafile File server +EXPOSE 8082 + +ENV SEAFILE_VERSION 6.2.3 +ENV SERVER_NAME seafile +ENV SERVER_HOSTNAME seafile.com +ENV MYSQL_HOST mysql +ENV MYSQL_USER root +ENV MYSQL_PASSWORD secret +ENV CCNETDB ccnet +ENV SEAFILEDB seafile +ENV SEAHUBDB seahub +ENV ADMINEMAIL admin@seafile.com +ENV ADMINASSWORD secret + +ENTRYPOINT ["/bin/entrypoint"] + +RUN apt-get update -y && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y \ + python2.7 libpython2.7 python-setuptools \ + python-imaging python-ldap python-urllib3 ffmpeg python-pip python-mysqldb python-memcache wget + +RUN pip install pillow moviepy + +RUN mkdir -p /seafile + +ADD entrypoint.sh /bin/entrypoint +RUN chmod +x /bin/entrypoint + diff --git a/SeafileCT/entrypoint.sh b/SeafileCT/entrypoint.sh new file mode 100644 index 0000000..7f7bbe4 --- /dev/null +++ b/SeafileCT/entrypoint.sh @@ -0,0 +1,141 @@ +#!/bin/sh + +set -o errexit + +command=$1 + +upgrade () { + + echo Upgrade ... + + if [ ! -L /seafile/seafile-server-latest ]; then + echo No /seafile/seafile-server-latest! + exit 1 + fi + + curdir=$(readlink /seafile/seafile-server-latest) # like seafile-server-5.1.1 + curver=${curdir##*-} # 5.1.1 + curverm=${curver%.*} # 5.1 + + # download and unpack + cd /seafile + wget -c https://download.seadrive.org/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz + tar xf seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz + + cd seafile-server-${SEAFILE_VERSION} + + # run major (4.x -> 5.x) and minor (5.x -> 5.y) upgrade scripts + upgrade_sh=$(ls upgrade/upgrade_${curverm}* || true) + while [ -n "$upgrade_sh" ]; do + echo Upgrade from $curverm ... + yes | $upgrade_sh + # get next + curverm=${upgrade_sh##*_} + curverm=${curverm%.sh} + upgrade_sh=$(ls upgrade/upgrade_${curverm}* || true) + done + + # run maintenance (5.x.y -> 5.x.z) upgrade script + echo Maintenance upgrade ... + yes | upgrade/minor-upgrade.sh + + # seahub (gunicorn) to run in foreground + sed -i 's/daemon = True/daemon = False/' /seafile/seafile-server-latest/runtime/seahub.conf + +} + + +init () { + + echo Init ... + if [ -L /seafile/seafile-server-latest ]; then + echo /seafile/seafile-server-latest exists. Init was done already? + exit 0 + fi + + # download and unpack + cd /seafile + wget -c https://download.seadrive.org/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz + tar xf seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz + + # this directory is used to exchange upload files between seahub and seaf-server + mkdir -p /seafile/tmp + + # generate configuration files + env -i PYTHON=python2.7 python /seafile/seafile-server-${SEAFILE_VERSION}/setup-seafile-mysql.py auto \ + --server-name ${SERVER_NAME} --server-ip ${SERVER_HOSTNAME} \ + --seafile-dir /seafile/data \ + --use-existing-db 1 \ + --mysql-host ${MYSQL_HOST} \ + --mysql-user ${MYSQL_USER} --mysql-user-passwd ${MYSQL_PASSWORD} \ + --ccnet-db ${CCNETDB} --seafile-db ${SEAFILEDB} --seahub-db ${SEAHUBDB} + + # put correct urls + sed -i 's|SERVICE_URL.*|SERVICE_URL = https://'$SERVER_HOSTNAME'|' /seafile/conf/ccnet.conf + echo "FILE_SERVER_ROOT = 'https://$SERVER_HOSTNAME/seafhttp'" >> /seafile/conf/seahub_settings.py + + # seahub (gunicorn) to run in foreground + sed -i 's/daemon = True/daemon = False/' /seafile/seafile-server-latest/runtime/seahub.conf + # seahub to log to stdout + echo 'LOGGING = {}' >> /seafile/conf/seahub_settings.py + + # put admin account creds into a file + echo "{ \"email\": \"$ADMINEMAIL\", \"password\": \"$ADMINPASSWORD\" }" > /seafile/conf/admin.txt + +} + + +ccnet () { + + echo Starting ccnet ... + exe=/seafile/seafile-server-latest/seafile/bin/ccnet-server + SEAFILE_LD_LIBRARY_PATH=/seafile/seafile-server-latest/seafile/lib/:/seafile/seafile-server-latest/seafile/lib64 + exec env -i LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH \ + $exe -F /seafile/conf -c /seafile/ccnet --logfile - + +} + + +seaf () { + + echo Starting seaf ... + exe=/seafile/seafile-server-latest/seafile/bin/seaf-server + SEAFILE_LD_LIBRARY_PATH=/seafile/seafile-server-latest/seafile/lib/:/seafile/seafile-server-latest/seafile/lib64 + exec env -i LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH \ + $exe -F /seafile/conf -c /seafile/ccnet --foreground --seafdir /seafile/data --log - + +} + + +seahub () { + + echo Starting seahub ... + gunicorn_conf=/seafile/seafile-server-latest/runtime/seahub.conf + gunicorn_exe=/seafile/seafile-server-latest/seahub/thirdpart/gunicorn + PYTHONPATH=/seafile/seafile-server-latest/seafile/lib/python2.7/site-packages:/seafile/seafile-server-latest/seafile/lib64/python2.7/site-packages:/seafile/seafile-server-latest/seahub:/seafile/seafile-server-latest/seahub/thirdpart + if [ -f /seafile/conf/admin.txt ]; then + # let's wait for ccnet and seaf + sleep 10 + env -i PYTHONPATH=$PYTHONPATH CCNET_CONF_DIR=/seafile/ccnet SEAFILE_CENTRAL_CONF_DIR=/seafile/conf \ + python /seafile/seafile-server-latest/check_init_admin.py + fi + exec env -i PYTHONPATH=$PYTHONPATH TMPDIR=/seafile/tmp \ + SEAFILE_CONF_DIR=/seafile/data CCNET_CONF_DIR=/seafile/ccnet SEAFILE_CENTRAL_CONF_DIR=/seafile/conf \ + python $gunicorn_exe seahub.wsgi:application -c "${gunicorn_conf}" -b "0.0.0.0:8000" --preload +} + + +case $command in + init) init ;; + upgrade) upgrade ;; + ccnet) ccnet ;; + seaf) seaf ;; + seahub) seahub ;; + *) + echo "specify command argument, one of: init ccnet seaf seahub" + exit 1 + ;; +esac + + + diff --git a/confluence.yaml b/confluence.yaml new file mode 100644 index 0000000..3149321 --- /dev/null +++ b/confluence.yaml @@ -0,0 +1,129 @@ +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: confluence + labels: + type: local + name: confluence +spec: + storageClassName: manual + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /data/confluence + # mkdir -p /data/confluence + # chown 2.2 /data/confluence +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: confluence +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + selector: + matchLabels: + name: confluence +--- +# TODO 1 +# Add readiness probe +# https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +# https://confluence.atlassian.com/enterprise/jira-data-center-load-balancer-examples-781200827.html +# see Load Balancing Health Check URL +# TODO 2 +# Add non-persistent volume for logs ? +# TODO 3 +# increase nginx timeout +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: confluence + labels: + app: confluence +spec: + replicas: 1 + selector: + matchLabels: + app: confluence + template: + metadata: + labels: + app: confluence + spec: + volumes: + - name: confluence + persistentVolumeClaim: + claimName: confluence + containers: + - name: confluence + image: atlassian/confluence-server:latest + ports: + - containerPort: 8090 + name: http + - containerPort: 8091 + name: synchrony + volumeMounts: + - mountPath: /var/atlassian/application-data/confluence + name: confluence + env: + - name: CATALINA_CONNECTOR_PROXYNAME + value: confluence.gorilych.ru + - name: CATALINA_CONNECTOR_PROXYPORT + value: "443" + - name: CATALINA_CONNECTOR_SCHEME + value: https + - name: CATALINA_CONNECTOR_SECURE + value: "true" +--- +kind: Service +apiVersion: v1 +metadata: + name: confluence +spec: + selector: + app: confluence + ports: + - name: http + protocol: TCP + port: 80 + targetPort: http + - name: synchrony + protocol: TCP + port: 81 + targetPort: synchrony +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: confluence + annotations: + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 32m +spec: + tls: + - secretName: gorilych-ru-tls + hosts: + - gorilych.ru + - router.gorilych.ru + - confluence.gorilych.ru + - jira.gorilych.ru + - git.gorilych.ru + - seafile.gorilych.ru + rules: + - host: confluence.gorilych.ru + http: + paths: + - backend: + serviceName: confluence + servicePort: 80 + - path: /synchrony + backend: + serviceName: confluence + servicePort: 81 diff --git a/gitea.yaml b/gitea.yaml new file mode 100644 index 0000000..5a111eb --- /dev/null +++ b/gitea.yaml @@ -0,0 +1,122 @@ +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: gitea + labels: + type: local + name: gitea +spec: + storageClassName: manual + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /data/gitea + # chown 200.200 /data/gitea +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: gitea +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + selector: + matchLabels: + name: gitea +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: gitea + labels: + app: gitea +spec: + replicas: 1 + selector: + matchLabels: + app: gitea + template: + metadata: + labels: + app: gitea + spec: + volumes: + - name: gitea + persistentVolumeClaim: + claimName: gitea + containers: + - name: gitea + image: gitea/gitea + ports: + - containerPort: 3000 + name: http + - containerPort: 22 + name: ssh + volumeMounts: + - mountPath: /data + name: gitea + env: + - name: USER_UID + value: "200" + - name: USER_GID + value: "200" +--- +kind: Service +apiVersion: v1 +metadata: + name: gitea +spec: + selector: + app: gitea + ports: + - name: http + protocol: TCP + port: 80 + targetPort: http +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: gitea + annotations: + kubernetes.io/tls-acme: "true" +spec: + tls: + - secretName: gorilych-ru-tls + hosts: + - gorilych.ru + - router.gorilych.ru + - confluence.gorilych.ru + - jira.gorilych.ru + - git.gorilych.ru + - seafile.gorilych.ru + rules: + - host: git.gorilych.ru + http: + paths: + - backend: + serviceName: gitea + servicePort: 80 +--- +kind: Service +apiVersion: v1 +metadata: + name: sshgitea +spec: + selector: + app: gitea + ports: + - name: ssh + protocol: TCP + port: 22 + targetPort: ssh + nodePort: 31022 + type: NodePort + diff --git a/jira.yaml b/jira.yaml new file mode 100644 index 0000000..23ebc75 --- /dev/null +++ b/jira.yaml @@ -0,0 +1,116 @@ +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: jira + labels: + type: local + name: jira +spec: + storageClassName: manual + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /data/jira +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: jira +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + selector: + matchLabels: + name: jira +--- +# TODO 1 +# Add readiness probe +# https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +# https://jira.atlassian.com/enterprise/jira-data-center-load-balancer-examples-781200827.html +# see Load Balancing Health Check URL +# TODO 2 +# Add non-persistent volume for logs ? +# TODO 3 +# increase nginx timeout +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: jira + labels: + app: jira +spec: + replicas: 1 + selector: + matchLabels: + app: jira + template: + metadata: + labels: + app: jira + spec: + volumes: + - name: jira + persistentVolumeClaim: + claimName: jira + containers: + - name: jira + image: cptactionhank/atlassian-jira:latest + ports: + - containerPort: 8080 + name: http + volumeMounts: + - mountPath: /var/atlassian/jira + name: jira + env: + - name: X_PROXY_NAME + value: jira.gorilych.ru + - name: X_PROXY_PORT + value: "443" + - name: X_PROXY_SCHEME + value: https + - name: X_PROXY_SECURE + value: "true" +--- +kind: Service +apiVersion: v1 +metadata: + name: jira +spec: + selector: + app: jira + ports: + - name: http + protocol: TCP + port: 80 + targetPort: http +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: jira + annotations: + kubernetes.io/tls-acme: "true" +spec: + tls: + - secretName: gorilych-ru-tls + hosts: + - gorilych.ru + - router.gorilych.ru + - confluence.gorilych.ru + - jira.gorilych.ru + - git.gorilych.ru + - seafile.gorilych.ru + rules: + - host: jira.gorilych.ru + http: + paths: + - backend: + serviceName: jira + servicePort: 80 diff --git a/mysql.yaml b/mysql.yaml new file mode 100644 index 0000000..8a6e58d --- /dev/null +++ b/mysql.yaml @@ -0,0 +1,76 @@ +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: mariadb + labels: + type: local + name: mariadb +spec: + storageClassName: manual + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /data/mariadb + # mkdir -p /data/mariadb + # chown 999.999 /data/mariadb +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: mariadb +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + selector: + matchLabels: + name: mariadb +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: mariadb + labels: + app: mariadb +spec: + replicas: 1 + selector: + matchLabels: + app: mariadb + template: + metadata: + labels: + app: mariadb + spec: + volumes: + - name: mariadb + persistentVolumeClaim: + claimName: mariadb + containers: + - name: mariadb + image: mariadb + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mariadb +--- +kind: Service +apiVersion: v1 +metadata: + name: mysql +spec: + selector: + app: mariadb + ports: + - name: mysql + protocol: TCP + port: 3306 + targetPort: mysql diff --git a/postgres.yaml b/postgres.yaml new file mode 100644 index 0000000..622ce93 --- /dev/null +++ b/postgres.yaml @@ -0,0 +1,76 @@ +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: postgres + labels: + type: local + name: postgres +spec: + storageClassName: manual + capacity: + storage: 5Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /data/postgres + # mkdir -p /data/postgres + # chown 999.999 /data/postgres +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: postgres +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + selector: + matchLabels: + name: postgres +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: postgres + labels: + app: postgres +spec: + replicas: 1 + selector: + matchLabels: + app: postgres + template: + metadata: + labels: + app: postgres + spec: + volumes: + - name: postgres + persistentVolumeClaim: + claimName: postgres + containers: + - name: postgres + image: postgres + ports: + - containerPort: 5432 + name: pgsql + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: postgres +--- +kind: Service +apiVersion: v1 +metadata: + name: pgsql +spec: + selector: + app: postgres + ports: + - name: pgsql + protocol: TCP + port: 5432 + targetPort: pgsql diff --git a/router-ingress.yaml b/router-ingress.yaml new file mode 100644 index 0000000..7b1343e --- /dev/null +++ b/router-ingress.yaml @@ -0,0 +1,44 @@ +kind: Service +apiVersion: v1 +metadata: + name: router-svc +spec: + ports: + - protocol: TCP + port: 443 + targetPort: 443 +--- +kind: Endpoints +apiVersion: v1 +metadata: + name: router-svc +subsets: + - addresses: + - ip: 192.168.1.1 + ports: + - port: 44443 +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: ingress-rules + annotations: + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/secure-backends: "true" +spec: + tls: + - secretName: gorilych-ru-tls + hosts: + - gorilych.ru + - router.gorilych.ru + - confluence.gorilych.ru + - jira.gorilych.ru + - git.gorilych.ru + - seafile.gorilych.ru + rules: + - host: router.gorilych.ru + http: + paths: + - backend: + serviceName: router-svc + servicePort: 443 diff --git a/seafile.yaml b/seafile.yaml new file mode 100644 index 0000000..ce6964b --- /dev/null +++ b/seafile.yaml @@ -0,0 +1,179 @@ +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: seafile + labels: + type: local + name: seafile +spec: + storageClassName: manual + capacity: + storage: 200Gi + accessModes: + - ReadWriteMany + hostPath: + path: /data/seafile +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: seafile +spec: + storageClassName: manual + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Gi + selector: + matchLabels: + name: seafile +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: seafile + labels: + app: seafile +spec: + replicas: 1 + selector: + matchLabels: + app: seafile + template: + metadata: + labels: + app: seafile + spec: + volumes: + - name: seafile + persistentVolumeClaim: + claimName: seafile + - name: seahubstatic + hostPath: + path: /data/seafile/seafile-server-latest/seahub/media + type: + - name: seahubavatars + hostPath: + path: /data/seafile/seahub-data/avatars + type: + containers: + - name: ccnet + image: seafile + imagePullPolicy: IfNotPresent + command: [ "/bin/entrypoint", "ccnet"] + volumeMounts: + - mountPath: /seafile + name: seafile + - name: seaf + image: seafile + imagePullPolicy: IfNotPresent + command: [ "/bin/entrypoint", "seaf"] + ports: + - containerPort: 8082 + name: filesever + volumeMounts: + - mountPath: /seafile + name: seafile + - name: seahub + image: seafile + imagePullPolicy: IfNotPresent + command: [ "/bin/entrypoint", "seahub"] + ports: + - containerPort: 8000 + name: seahub + volumeMounts: + - mountPath: /seafile + name: seafile + - name: seahubstatic + image: nginx:alpine + ports: + - containerPort: 80 + name: seahubstatic + volumeMounts: + - mountPath: /usr/share/nginx/html + name: seahubstatic + - mountPath: /usr/share/nginx/html/avatars + name: seahubavatars + initContainers: + - name: init + image: seafile + imagePullPolicy: IfNotPresent + command: [ "/bin/entrypoint", "init"] + volumeMounts: + - mountPath: /seafile + name: seafile + env: + - name: SEAFILE_VERSION + value: "6.2.3" + - name: SERVER_NAME + value: gullfaxi + - name: SERVER_HOSTNAME + value: seafile.gorilych.ru + - name: MYSQL_HOST + value: mysql.default.svc.cluster.local + - name: MYSQL_USER + value: seafile + - name: MYSQL_PASSWORD + value: in9ceeC6ohs3 + - name: ADMINEMAIL + value: gorilych@gmail.com + - name: ADMINASSWORD + value: in9ceeC6ohs3 +--- +kind: Service +apiVersion: v1 +metadata: + name: seafile +spec: + selector: + app: seafile + ports: + - name: seahub + protocol: TCP + port: 80 + targetPort: seahub + - name: seahubstatic + protocol: TCP + port: 81 + targetPort: seahubstatic + - name: fileserver + protocol: TCP + port: 82 + targetPort: filesever +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: seafile + annotations: + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-body-size: "0" +spec: + tls: + - secretName: gorilych-ru-tls + hosts: + - gorilych.ru + - router.gorilych.ru + - confluence.gorilych.ru + - jira.gorilych.ru + - git.gorilych.ru + - seafile.gorilych.ru + rules: + - host: seafile.gorilych.ru + http: + paths: + - backend: + serviceName: seafile + servicePort: 80 + - path: /media + backend: + serviceName: seafile + servicePort: 81 + - path: /seafhttp + backend: + serviceName: seafile + servicePort: 82 + diff --git a/sshct.yaml b/sshct.yaml new file mode 100644 index 0000000..1f405f9 --- /dev/null +++ b/sshct.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: sshct +type: Opaque +data: + password: OGJKYWtURER3amQ3SG4= +--- +kind: PersistentVolume +apiVersion: v1 +metadata: + name: sshcthome + labels: + type: local + name: sshcthome +spec: + storageClassName: manual + capacity: + storage: 100Gi + accessModes: + - ReadWriteOnce + hostPath: + path: /data/home + # mkdir -p /data/home/me + # chown 1000.1000 /data/home/me +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: sshcthome +spec: + storageClassName: manual + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi + selector: + matchLabels: + name: sshcthome +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: sshct + labels: + app: sshct +spec: + replicas: 1 + selector: + matchLabels: + app: sshct + template: + metadata: + labels: + app: sshct + spec: + volumes: + - name: sshcthome + persistentVolumeClaim: + claimName: sshcthome + containers: + - name: sshct + image: sshct + imagePullPolicy: IfNotPresent + env: + - name: CTUSERPWD + valueFrom: + secretKeyRef: + name: sshct + key: password + ports: + - containerPort: 22 + name: ssh + volumeMounts: + - mountPath: /home + name: sshcthome +--- +kind: Service +apiVersion: v1 +metadata: + name: sshct +spec: + selector: + app: sshct + ports: + - name: ssh + protocol: TCP + port: 22 + targetPort: ssh + nodePort: 30810 + type: NodePort