ab/homelab
1
0
Fork 1
Code Pull Requests Actions Packages Wiki Activity

Reworked pasarguard nodes daemonset.
Some checks failed
Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 10s
Details
Check with kubeconform / lint (push) Has been cancelled
Details
Auto-update README / Generate README and Create MR (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Ultradesu
2025-12-08 18:30:34 +02:00
parent bb9ce21bb4
commit 4241c81fc0
2 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
k8s/apps/pasarguard/configmap-scripts-ingress.yaml
View File

@@ -13,11 +13,11 @@ data:
# NODE_NAME is already set via environment variable # NODE_NAME is already set via environment variable
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
# Get DNS name from node label xray-node-address # Get DNS name from node label xray-public-address
DNS_NAME=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.xray-node-address}') DNS_NAME=$(kubectl get node "${NODE_NAME}" -o jsonpath='{.metadata.labels.xray-public-address}')
if [ -z "${DNS_NAME}" ]; then if [ -z "${DNS_NAME}" ]; then
echo "ERROR: Node ${NODE_NAME} does not have label 'xray-node-address'" echo "ERROR: Node ${NODE_NAME} does not have label 'xray-public-address'"
exit 1 exit 1
fi fi
@@ -112,7 +112,7 @@ data:
echo "Creating Service: ${SERVICE_NAME} for node ${NODE_NAME} (short: ${NODE_SHORT_NAME})" echo "Creating Service: ${SERVICE_NAME} for node ${NODE_NAME} (short: ${NODE_SHORT_NAME})"
# Create Service with pod selector # Create Service with pod selector including node name
cat <<EOF | kubectl apply -f - cat <<EOF | kubectl apply -f -
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@@ -126,6 +126,7 @@ data:
type: ClusterIP type: ClusterIP
selector: selector:
app: pasarguard-node-ingress app: pasarguard-node-ingress
node-name: ${NODE_SHORT_NAME}
ports: ports:
- name: proxy - name: proxy
port: 443 port: 443

29
k8s/apps/pasarguard/daemonset-ingress.yaml
View File

@@ -28,6 +28,9 @@ rules:
- apiGroups: ["traefik.io", "traefik.containo.us"] - apiGroups: ["traefik.io", "traefik.containo.us"]
resources: ["ingressroutetcps"] resources: ["ingressroutetcps"]
verbs: ["get", "list", "create", "update", "patch", "delete"] verbs: ["get", "list", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "patch", "update"]
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
@@ -88,12 +91,36 @@ spec:
app: pasarguard-node-ingress app: pasarguard-node-ingress
spec: spec:
serviceAccountName: pasarguard-node-ingress serviceAccountName: pasarguard-node-ingress
# Add node name as annotation for service selector creation
initContainers:
- name: label-pod
image: bitnami/kubectl:latest
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
command:
- /bin/bash
- -c
- |
# Add node label to pod
NODE_SHORT=$(echo ${NODE_NAME} | cut -d. -f1)
kubectl label pod ${POD_NAME} -n ${POD_NAMESPACE} node-name=${NODE_SHORT} --overwrite
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: xray-node-address - key: xray-public-address
operator: Exists operator: Exists
initContainers: initContainers:
- name: init-uuid - name: init-uuid