-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(demo): add fancy demo for HA cluster with demo app
- Loading branch information
1 parent
23e1442
commit a150d16
Showing
15 changed files
with
277 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,3 +3,6 @@ bin/ | |
|
||
# Ignore Vagrant state. | ||
.vagrant/ | ||
|
||
# Ignore downloaded Helm charts. | ||
deploy/demo/**/charts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -51,3 +51,31 @@ docker: | |
.PHONY: clean | ||
clean: | ||
@rm -rvf bin | ||
|
||
.PHONY: demo-up | ||
demo-up: install | ||
@echo -n "\e[35m==>\e[0m " | ||
k3se up deploy/demo/k3se.yaml | ||
@echo -n "\e[35m==>\e[0m " | ||
kubectx [email protected] | ||
@echo -n "\e[35m==>\e[0m " | ||
kubectl create ns traefik --dry-run=client -o yaml | kubectl apply -f - | ||
@echo -n "\e[35m==>\e[0m " | ||
helm dependency update deploy/demo/traefik | ||
@echo -n "\e[35m==>\e[0m " | ||
helm upgrade --install traefik deploy/demo/traefik --namespace traefik | ||
@echo -n "\e[35m==>\e[0m " | ||
kubectl create ns cert-manager --dry-run=client -o yaml | kubectl apply -f - | ||
@echo -n "\e[35m==>\e[0m " | ||
helm dependency update deploy/demo/cert-manager | ||
@echo -n "\e[35m==>\e[0m " | ||
helm upgrade --install cert-manager deploy/demo/cert-manager --namespace cert-manager | ||
@echo -n "\e[35m==>\e[0m " | ||
kubectl apply -f deploy/demo/clusterissuers | ||
@echo -n "\e[35m==>\e[0m " | ||
kubectl apply -f deploy/demo/app | ||
|
||
.PHONY: demo-down | ||
demo-down: | ||
@echo -n "\e[35m==>\e[0m " | ||
k3se down deploy/demo/k3se.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: kuard | ||
spec: | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/name: kuard | ||
# I don't want to mess with anti-affinities so let's | ||
# just create enough pods to spread them across nodes. | ||
replicas: 9 | ||
template: | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: kuard | ||
spec: | ||
containers: | ||
- image: gcr.io/kuar-demo/kuard-amd64:1 | ||
imagePullPolicy: Always | ||
name: kuard | ||
ports: | ||
- containerPort: 8080 | ||
resources: | ||
requests: | ||
cpu: 128m | ||
memory: 128Mi | ||
# Limits are tricky, but I don't | ||
# want warnings here, so I added them. | ||
limits: | ||
cpu: 128m | ||
memory: 128Mi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
apiVersion: networking.k8s.io/v1 | ||
kind: Ingress | ||
metadata: | ||
name: kuard | ||
labels: | ||
app.kubernetes.io/name: kuard | ||
annotations: | ||
cert-manager.io/cluster-issuer: "letsencrypt-production" | ||
spec: | ||
ingressClassName: traefik | ||
tls: | ||
- hosts: | ||
- k3se.nicklasfrahm.xyz | ||
secretName: kuard-tls | ||
rules: | ||
- host: k3se.nicklasfrahm.xyz | ||
http: | ||
paths: | ||
- path: / | ||
pathType: Prefix | ||
backend: | ||
service: | ||
name: kuard | ||
port: | ||
name: http |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: kuard | ||
spec: | ||
ports: | ||
- name: http | ||
port: 80 | ||
targetPort: 8080 | ||
protocol: TCP | ||
selector: | ||
app.kubernetes.io/name: kuard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
dependencies: | ||
- name: cert-manager | ||
repository: https://charts.jetstack.io | ||
version: v1.9.1 | ||
digest: sha256:b3c1f49120842cf9da8e5e7c2102b73735c32eefcaacfcffe0bcd0ae85b2c9bc | ||
generated: "2022-08-16T20:03:04.998492102+02:00" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
apiVersion: v2 | ||
name: cert-manager | ||
description: An umbrella chart to configure cert-manager. | ||
version: 1.9.1 | ||
dependencies: | ||
- name: cert-manager | ||
version: 1.9.1 | ||
repository: https://charts.jetstack.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
cert-manager: | ||
installCRDs: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: cert-manager.io/v1 | ||
kind: ClusterIssuer | ||
metadata: | ||
name: letsencrypt-production | ||
spec: | ||
acme: | ||
server: https://acme-v02.api.letsencrypt.org/directory | ||
preferredChain: ISRG Root X1 | ||
email: [email protected] | ||
privateKeySecretRef: | ||
name: letsencrypt-production-clusterissuer-key | ||
solvers: | ||
- http01: | ||
ingress: | ||
class: traefik |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: cert-manager.io/v1 | ||
kind: ClusterIssuer | ||
metadata: | ||
name: letsencrypt-staging | ||
spec: | ||
acme: | ||
server: https://acme-staging-v02.api.letsencrypt.org/directory | ||
preferredChain: ISRG Root X1 | ||
email: [email protected] | ||
privateKeySecretRef: | ||
name: letsencrypt-staging-clusterissuer-key | ||
solvers: | ||
- http01: | ||
ingress: | ||
class: traefik |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
listen http | ||
bind *:80 | ||
mode tcp | ||
option tcplog | ||
balance leastconn | ||
server golf 10.0.11.241:32080 check inter 1s | ||
server hotel 10.0.11.242:32080 check inter 1s | ||
server india 10.0.11.243:32080 check inter 1s | ||
|
||
listen https | ||
bind *:443 | ||
mode tcp | ||
option tcplog | ||
balance leastconn | ||
server golf 10.0.11.241:32443 check inter 1s | ||
server hotel 10.0.11.242:32443 check inter 1s | ||
server india 10.0.11.243:32433 check inter 1s | ||
|
||
listen kubeapi | ||
bind *:6443 | ||
mode tcp | ||
option tcplog | ||
balance leastconn | ||
server golf 10.0.11.241:6443 check | ||
server hotel 10.0.11.242:6443 check | ||
server india 10.0.11.243:6443 check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
# Version may either be a specific k3s version or a release channel | ||
# as listed here: https://update.k3s.io/v1-release/channels | ||
version: stable | ||
|
||
# Cluster provides cluster-wide settings that should be applied | ||
# to all nodes in the cluster. All options are equivalent to the | ||
# commmand line options of the `k3s` command. | ||
cluster: | ||
server: | ||
# It is highly recommended to always specify this option as it | ||
# is used to determine the server URL of the cluster. | ||
tls-san: | ||
- k3se.nicklasfrahm.xyz | ||
disable: | ||
- traefik | ||
flannel-iface: eth0 | ||
cluster-cidr: | ||
- 10.254.0.0/16 | ||
service-cidr: | ||
- 10.255.0.0/16 | ||
cluster-dns: | ||
- 10.255.0.10 | ||
|
||
# A list of all nodes in the cluster and their connection information. | ||
nodes: | ||
- role: server | ||
ssh: | ||
host: 10.0.11.241 | ||
fingerprint: SHA256:t/bwWCelgcAEYmQW9XbM4p31e1Qq70ZPWOKK+FRxBCc | ||
user: nicklasfrahm | ||
key-file: ~/.ssh/id_ed25519 | ||
|
||
- role: server | ||
ssh: | ||
host: 10.0.11.242 | ||
fingerprint: SHA256:OkCD98O5RdzBYc8BIdSpPQkTeNTtYuaEGODThqi/4sk | ||
user: nicklasfrahm | ||
key-file: ~/.ssh/id_ed25519 | ||
|
||
- role: server | ||
ssh: | ||
host: 10.0.11.243 | ||
fingerprint: SHA256:GnIesLNIAwgJJX9s3M26mmkXlM90DJ0LS1ZyIoCa5V0 | ||
user: nicklasfrahm | ||
key-file: ~/.ssh/id_ed25519 | ||
|
||
# An SSH proxy, also known as jumpbox or a bastion host | ||
# can be used to access nodes in a private network. | ||
ssh-proxy: | ||
host: k3se.nicklasfrahm.xyz | ||
user: nicklasfrahm | ||
key-file: ~/.ssh/id_ed25519 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
dependencies: | ||
- name: traefik | ||
repository: https://helm.traefik.io/traefik | ||
version: 10.24.0 | ||
digest: sha256:92dfb96eee281fd2d1f301df59247c33ae1ecda50dd9ffa2bcb58a0669b0958c | ||
generated: "2022-07-27T20:44:44.075441754+02:00" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
apiVersion: v2 | ||
name: traefik | ||
description: An umbrella chart to configure the Traefik ingress controller. | ||
version: 10.24.0 | ||
dependencies: | ||
- name: traefik | ||
version: 10.24.0 | ||
repository: https://helm.traefik.io/traefik |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
traefik: | ||
ingressClass: | ||
enabled: yes | ||
isDefaultClass: yes | ||
|
||
service: | ||
enabled: yes | ||
type: LoadBalancer | ||
|
||
resources: | ||
requests: | ||
cpu: 250m | ||
memory: 256Mi | ||
|
||
ports: | ||
traefik: | ||
port: 9000 | ||
expose: no | ||
exposedPort: 9000 | ||
protocol: TCP | ||
web: | ||
port: 8080 | ||
expose: yes | ||
exposedPort: 80 | ||
nodePort: 32080 | ||
protocol: TCP | ||
redirectTo: websecure | ||
websecure: | ||
port: 8443 | ||
expose: yes | ||
exposedPort: 443 | ||
nodePort: 32443 | ||
protocol: TCP | ||
tls: | ||
enabled: yes | ||
|
||
providers: | ||
kubernetesIngress: | ||
publishedService: | ||
enabled: true |