added amnezia-dellow
This commit is contained in:
@@ -0,0 +1,74 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: amnezia-fellow
|
||||
labels:
|
||||
app: amnezia-fellow
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: amnezia-fellow
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: amnezia-fellow
|
||||
spec:
|
||||
serviceAccountName: amnezia-fellow
|
||||
containers:
|
||||
- name: amnezia-fellow
|
||||
image: ultradesu/amnezia-fellow:latest
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- "--listen"
|
||||
- "0.0.0.0:8000"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8000
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: AMNEZIA_FELLOW_DATABASE_URL
|
||||
value: "sqlite:///data/amnezia-fellow.sqlite3?mode=rwc"
|
||||
- name: AMNEZIA_FELLOW_K8S_NAMESPACE
|
||||
value: "amnezia"
|
||||
- name: AMNEZIA_FELLOW_K8S_CLIENTS_SECRET
|
||||
value: "amneziawg-clients"
|
||||
- name: AMNEZIA_FELLOW_K8S_CLIENTS_SECRET_KEY
|
||||
value: "peers.conf"
|
||||
- name: AMNEZIA_FELLOW_K8S_SERVER_SECRET
|
||||
value: "amneziawg-server"
|
||||
- name: AMNEZIA_FELLOW_K8S_ENDPOINTS_SECRET
|
||||
value: "amneziawg-endpoints"
|
||||
- name: AMNEZIA_FELLOW_VPN_CLIENT_CIDR
|
||||
value: "10.8.0.0/16"
|
||||
- name: AMNEZIA_FELLOW_VPN_MTU
|
||||
value: "1376"
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: http
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 3
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: http
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 30
|
||||
timeoutSeconds: 5
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: "128Mi"
|
||||
limits:
|
||||
cpu: "500m"
|
||||
memory: "512Mi"
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: amnezia-fellow-data
|
||||
@@ -0,0 +1,26 @@
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: amnezia-fellow-tls-ingress
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
|
||||
acme.cert-manager.io/http01-edit-in-place: "true"
|
||||
spec:
|
||||
ingressClassName: traefik
|
||||
rules:
|
||||
- host: awg.hexor.cy
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: amnezia-fellow
|
||||
port:
|
||||
number: 8000
|
||||
tls:
|
||||
- secretName: amnezia-fellow-tls
|
||||
hosts:
|
||||
- awg.hexor.cy
|
||||
@@ -0,0 +1,35 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: amnezia-fellow
|
||||
labels:
|
||||
app: amnezia-fellow
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: amnezia-fellow
|
||||
labels:
|
||||
app: amnezia-fellow
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "create", "update", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods"]
|
||||
verbs: ["get", "list"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: amnezia-fellow
|
||||
labels:
|
||||
app: amnezia-fellow
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: amnezia-fellow
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: amnezia-fellow
|
||||
@@ -0,0 +1,16 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: amnezia-fellow
|
||||
labels:
|
||||
app: amnezia-fellow
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: amnezia-fellow
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 8000
|
||||
targetPort: 8000
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: amnezia-fellow-data
|
||||
labels:
|
||||
app: amnezia-fellow
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: longhorn
|
||||
resources:
|
||||
requests:
|
||||
storage: 3Gi
|
||||
@@ -7,4 +7,9 @@ resources:
|
||||
- external-secrets.yaml
|
||||
- configmap-scripts.yaml
|
||||
- rbac.yaml
|
||||
- fellow-rbac.yaml
|
||||
- fellow-storage.yaml
|
||||
- fellow-service.yaml
|
||||
- fellow-ingress.yaml
|
||||
- fellow-deployment.yaml
|
||||
- daemonset.yaml
|
||||
|
||||
Reference in New Issue
Block a user