commit 3de2526e63446cb12679938ed532ffb7759c30fc Author: Vassiliy Yegorov Date: Thu Aug 12 08:54:37 2021 +0700 init diff --git a/deploy.yaml b/deploy.yaml new file mode 100644 index 0000000..1737a81 --- /dev/null +++ b/deploy.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx + namespace: test2 +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + nodeName: node1 + containers: + - image: nginx + name: nginx + ports: + - containerPort: 80 +--- + +apiVersion: v1 +kind: Service +metadata: + name: nginx-service + namespace: test2 +spec: + selector: + app: nginx + type: NodePort + ports: + - protocol: TCP + port: 80 + targetPort: 80 + nodePort: 31080 +--- + +apiVersion: v1 +kind: Service +metadata: + name: nginx-endpoint + namespace: test2 + annotations: + traefik.ingress.kubernetes.io/service.serversscheme: "http" + traefik.ingress.kubernetes.io/service.passhostheader: "true" +spec: + type: ClusterIP + clusterIP: None + ports: + - protocol: TCP + port: 80 + targetPort: 80 + +--- + +kind: Endpoints +apiVersion: v1 +metadata: + name: nginx-endpoint + namespace: test2 +subsets: +- addresses: + - ip: 192.168.9.201 + ports: + - port: 31080 +- addresses: + - ip: 192.168.9.202 + ports: + - port: 31080 +- addresses: + - ip: 192.168.9.203 + ports: + - port: 31080 +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + labels: + baremetal-ingress: traefik-nsk + annotations: + kubernetes.io/ingress.class: traefik-lb + external-dns.alpha.kubernetes.io/hostname: lb.k8s-nsk.tk + traefik.ingress.kubernetes.io/router.entrypoints: https + traefik.ingress.kubernetes.io/router.tls: "true" + traefik.ingress.kubernetes.io/router.tls.certresolver: letsEncrypt + name: nginx-ingress + namespace: test2 +spec: + rules: + - host: lb.k8s-nsk.tk + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: nginx-endpoint + port: + number: 80 +--- diff --git a/external-dns.yaml b/external-dns.yaml new file mode 100644 index 0000000..1cad8d3 --- /dev/null +++ b/external-dns.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: external-dns + namespace: external-dns +spec: + replicas: 1 + selector: + matchLabels: + app: external-dns + strategy: + type: Recreate + template: + metadata: + labels: + app: external-dns + spec: + serviceAccountName: external-dns + containers: + - name: external-dns + image: k8s.gcr.io/external-dns/external-dns:v0.7.6 + args: + - --source=ingress # ingress is also possible, or service + - --domain-filter=k8s-nsk.tk # (optional) limit to only example.com domains; change to match the zone created above. + - --provider=hetzner # [link](https://github.com/kubernetes-sigs/external-dns) + - --txt-owner-id=bttrm-eks-dev-1-external-dns # Key from you mind + - --log-level=info + - --interval=30s + env: + - name: HETZNER_TOKEN + value: "" # real token from API Dashboard +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: external-dns + namespace: external-dns +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-dns +rules: +- apiGroups: [""] + resources: ["services","endpoints","pods"] + verbs: ["get","watch","list"] +- apiGroups: ["extensions","networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get","watch","list"] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "update", "patch"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get","watch","list"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: external-dns-viewer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-dns +subjects: +- kind: ServiceAccount + name: external-dns + namespace: external-dns diff --git a/ingress-controller.yaml b/ingress-controller.yaml new file mode 100644 index 0000000..c627ca2 --- /dev/null +++ b/ingress-controller.yaml @@ -0,0 +1,6 @@ +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: traefik-lb +spec: + controller: traefik.io/ingress-controller