yolokube/core-deployments
3
2
Fork 0
Code Issues 6 Pull requests Projects Wiki Activity

further trim down the ingress ressource to the bare minimum

Browse source
This commit is contained in:
Aaron Riedel 2023-06-19 00:50:20 +02:00
parent ca710e2013
commit 115c128c60
Signed by: aaron
GPG key ID: 643004654D40D577
10 changed files with 8 additions and 181 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
argo/cm.yaml
View file

@ -14,3 +14,10 @@ data:
hs = {}
hs.status = "Healthy"
return hs
resource.exclusions: |
- apiGroups:
- "*"
kinds:
- "CiliumIdentity"
clusters:
- https://kubernetes.default.svc

2
argo/ingress.yaml
View file

@ -5,8 +5,6 @@ metadata:
name: argocd-ingress
namespace: argocd
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
nginx.org/ssl-services: "argocd-server"
spec:
rules:

4
examples/example-deployment.yaml
View file

@ -67,9 +67,7 @@ kind: Ingress
metadata:
name: example-ingress
namespace: example
annotations:
spec.ingressClassName: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
#annotations:
# Use for Basic auth:
#nginx.org/basic-auth-secret: example-basic-auth-secret
# Use the following annotation if the backend only speaks HTTPS (fill out the service name accordingly):

4
grafana/ingress.yaml
View file

@ -4,10 +4,6 @@ kind: Ingress
metadata:
name: grafana-ingress
namespace: grafana
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
#nginx.org/ssl-services: "grafana"
spec:
rules:
- host: "grafana.apps.yolokube.de"

6
prometheus/ingress.yaml
View file

@ -5,10 +5,7 @@ metadata:
name: prometheus-ingress
namespace: prometheus
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
#nginx.org/ssl-services: "prometheus-server"
spec:
rules:
- host: "prometheus.apps.yolokube.de"
@ -28,10 +25,7 @@ metadata:
name: alertmanager-ingress
namespace: prometheus
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
nginx.org/basic-auth-secret: prometheus-basic-auth-secret
#nginx.org/ssl-services: "prometheus-server"
spec:
rules:
- host: "alertmanager.apps.yolokube.de"

21
storage/dashboard.yaml
View file

@ -1,21 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: rook-dashboard-ingress
namespace: rook-ceph
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: "rook.apps.yolokube.de"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: rook-ceph-mgr-dashboard
port:
number: 80

126
storage/storageclass.yaml
View file

@ -1,126 +0,0 @@
### Create Block Storage
---
apiVersion: ceph.rook.io/v1
kind: CephBlockPool
metadata:
name: replicapool
namespace: rook-ceph
spec:
failureDomain: host
replicated:
size: 3
quotas:
maxSize: "10Gi"
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: rook-ceph-block
annotations:
storageclass.kubernetes.io/is-default-class: "true"
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
provisioner: rook-ceph.rbd.csi.ceph.com
parameters:
# clusterID is the namespace where the rook cluster is running
clusterID: rook-ceph
# Ceph pool into which the RBD image shall be created
pool: replicapool
# (optional) mapOptions is a comma-separated list of map options.
# For krbd options refer
# https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
# For nbd options refer
# https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
# mapOptions: lock_on_read,queue_depth=1024
# (optional) unmapOptions is a comma-separated list of unmap options.
# For krbd options refer
# https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options
# For nbd options refer
# https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options
# unmapOptions: force
# RBD image format. Defaults to "2".
imageFormat: "2"
# RBD image features
# Available for imageFormat: "2". Older releases of CSI RBD
# support only the `layering` feature. The Linux kernel (KRBD) supports the
# full complement of features as of 5.4
# `layering` alone corresponds to Ceph's bitfield value of "2" ;
# `layering` + `fast-diff` + `object-map` + `deep-flatten` + `exclusive-lock` together
# correspond to Ceph's OR'd bitfield value of "63". Here we use
# a symbolic, comma-separated format:
# For 5.4 or later kernels:
#imageFeatures: layering,fast-diff,object-map,deep-flatten,exclusive-lock
# For 5.3 or earlier kernels:
imageFeatures: layering
# The secrets contain Ceph admin credentials.
csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
# Specify the filesystem type of the volume. If not specified, csi-provisioner
# will set default as `ext4`. Note that `xfs` is not recommended due to potential deadlock
# in hyperconverged settings where the volume is mounted on the same node as the osds.
csi.storage.k8s.io/fstype: ext4
# Delete the rbd volume when a PVC is deleted
reclaimPolicy: Delete
# Optional, if you want to add dynamic resize for PVC.
# For now only ext3, ext4, xfs resize support provided, like in Kubernetes itself.
allowVolumeExpansion: true
---
### Create Shared Filesystem
apiVersion: ceph.rook.io/v1
kind: CephFilesystem
metadata:
name: rook-ceph-fs
namespace: rook-ceph
spec:
metadataPool:
replicated:
size: 3
dataPools:
- name: cephfs-pool
replicated:
size: 3
preserveFilesystemOnDelete: true
metadataServer:
activeCount: 1
activeStandby: true
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: rook-cephfs
# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
provisioner: rook-ceph.cephfs.csi.ceph.com
parameters:
# clusterID is the namespace where the rook cluster is running
# If you change this namespace, also change the namespace below where the secret namespaces are defined
clusterID: rook-ceph
# CephFS filesystem name into which the volume shall be created
fsName: rook-ceph-fs
# Ceph pool into which the volume shall be created
# Required for provisionVolume: "true"
pool: cephfs-pool
# The secrets contain Ceph admin credentials. These are generated automatically by the operator
# in the same namespace as the cluster.
csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
reclaimPolicy: Delete

7
storage/values.yaml
View file

@ -1,7 +0,0 @@
toolbox:
enabled: true
cephClusterSpec:
dashboard:
port: 80
ssl: false
removeOSDsIfOutAndSafeToRemove: true

9
tests/test-ingress.yaml
View file

@ -37,9 +37,6 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: helloworld-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: "lb1.yolokube.de"
@ -100,9 +97,6 @@ kind: Ingress
metadata:
name: test1-ingress
namespace: aaron-test
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: "test1.apps.yolokube.de"
@ -157,9 +151,6 @@ kind: Ingress
metadata:
name: test2-ingress
namespace: aaron-test
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: "test2.apps.yolokube.de"

3
tests/test-storage.yaml
View file

@ -68,9 +68,6 @@ kind: Ingress
metadata:
name: paste-ingress
namespace: paste
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- host: "paste.apps.yolokube.de"