Refactor Docker and Kubernetes configurations to update Redis volume mapping and constraints for Docmost service

2024-08-05 08:29:06 +08:00
parent db36090358
commit ef3cdf6f62
25 changed files with 601 additions and 7 deletions
@@ -101,6 +101,8 @@ kubectl get pods \
 --watch
 kubectl -n longhorn-system get pod
 kubectl get svc
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
 helm repo add traefik https://traefik.github.io/charts
 helm install traefik traefik/traefik --create-namespace -n 'traefik' -f traefik.yaml
 helm list -n traefik
@@ -8,13 +8,18 @@ providers:
  kubernetesGateway:
    enabled: true
 # Allow the Gateway to expose HTTPRoute from all namespaces
+# Allow the Gateway to expose HTTPRoute from all namespaces
 gateway:
-  enabled: true
-  namespacePolicy: All
-  annotations:
-    cert-manager.io/issuer: selfsigned-issuer
  listeners:
+    web:
+      namespacePolicy: All
    websecure:
-      hostname: whoami.docker.localhost
-      certificateRefs:
-        - name: whoami-tls
+      namespacePolicy: All
+
+  # annotations:
+  #   cert-manager.io/issuer: selfsigned-issuer
+  # listeners:
+  #   websecure:
+  #     hostname: whoami.localhost
+  #     certificateRefs:
+  #       - name: whoami-tls
@@ -0,0 +1,9 @@
+frontend http_front
+  bind *:80
+  stats uri /haproxy?stats
+  default_backend http_back
+
+backend http_back
+  balance roundrobin
+  server kube <worker-node1-ip>:80
+  server kube <worker-node2-ip>:80
@@ -0,0 +1,17 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-resource-1
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: nginx.example.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-deploy-main
+            port: 
+              number: 80
@@ -0,0 +1,37 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-resource-2
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: nginx.example.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-deploy-main
+            port:
+              number: 80
+  - host: blue.nginx.example.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-deploy-blue
+            port:
+              number: 80
+  - host: green.nginx.example.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-deploy-green
+            port:
+              number: 80
@@ -0,0 +1,33 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+  name: ingress-resource-3
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: nginx.example.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-deploy-main
+            port:
+              number: 80
+      - path: /blue
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-deploy-blue
+            port:
+              number: 80
+      - path: /green
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-deploy-green
+            port:
+              number: 80
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    run: nginx
+  name: nginx-deploy-blue
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: nginx-blue
+  template:
+    metadata:
+      labels:
+        run: nginx-blue
+    spec:
+      volumes:
+      - name: webdata
+        emptyDir: {}
+      initContainers:
+      - name: web-content
+        image: busybox
+        volumeMounts:
+        - name: webdata
+          mountPath: "/webdata"
+        command: ["/bin/sh", "-c", 'echo "<h1>I am <font color=blue>BLUE</font></h1>" > /webdata/index.html']
+      containers:
+      - image: nginx
+        name: nginx
+        volumeMounts:
+        - name: webdata
+          mountPath: "/usr/share/nginx/html"
@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    run: nginx
+  name: nginx-deploy-green
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: nginx-green
+  template:
+    metadata:
+      labels:
+        run: nginx-green
+    spec:
+      volumes:
+      - name: webdata
+        emptyDir: {}
+      initContainers:
+      - name: web-content
+        image: busybox
+        volumeMounts:
+        - name: webdata
+          mountPath: "/webdata"
+        command: ["/bin/sh", "-c", 'echo "<h1>I am <font color=green>GREEN</font></h1>" > /webdata/index.html']
+      containers:
+      - image: nginx
+        name: nginx
+        volumeMounts:
+        - name: webdata
+          mountPath: "/usr/share/nginx/html"
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    run: nginx
+  name: nginx-deploy-main
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: nginx-main
+  template:
+    metadata:
+      labels:
+        run: nginx-main
+    spec:
+      containers:
+      - image: nginx
+        name: nginx
@@ -0,0 +1,70 @@
+# ingress demo
+
+```bash
+k create -f nginx-deploy-main.yaml -f nginx-deploy-blue.yaml -f nginx-deploy-green.yaml
+k get all
+```
+NAME                                      READY   STATUS    RESTARTS   AGE
+pod/nginx-deploy-blue-5cf4dbd98b-kzxp7    1/1     Running   0          23s
+pod/nginx-deploy-green-64879cd747-7lrkh   1/1     Running   0          23s
+pod/nginx-deploy-main-59657668d9-4qgdh    1/1     Running   0          23s
+
+NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
+service/kubernetes   ClusterIP   10.43.0.1    <none>        443/TCP   17h
+
+NAME                                 READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/nginx-deploy-blue    1/1     1            1           23s
+deployment.apps/nginx-deploy-green   1/1     1            1           23s
+deployment.apps/nginx-deploy-main    1/1     1            1           23s
+
+NAME                                            DESIRED   CURRENT   READY   AGE
+replicaset.apps/nginx-deploy-blue-5cf4dbd98b    1         1         1       23s
+replicaset.apps/nginx-deploy-green-64879cd747   1         1         1       23s
+replicaset.apps/nginx-deploy-main-59657668d9    1         1         1       23s
+
+```bash
+k expose deploy nginx-deploy-green --port 80
+k expose deploy nginx-deploy-main --port 80
+```
+
+NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
+kubernetes           ClusterIP   10.43.0.1      <none>        443/TCP   17h
+nginx-deploy-green   ClusterIP   10.43.47.11    <none>        80/TCP    62s
+nginx-deploy-main    ClusterIP   10.43.148.11   <none>        80/TCP    46s
+
+hosts
+```
+##
+# Host Database
+#
+# localhost is used to configure the loopback interface
+# when the system is booting.  Do not change this entry.
+##
+127.0.0.1       localhost
+255.255.255.255 broadcasthost
+::1             localhost
+# Added by Docker Desktop
+# To allow the same kube context to work on the host and the container:
+127.0.0.1 kubernetes.docker.internal
+# End of section
+
+127.0.0.1       www.local.test
+127.0.0.1       api.local.test
+
+192.168.50.190  rancher.local
+192.168.50.191  traefik.local nginx.traefik.local
+```
+
+```bash
+k get ingressroutes
+k create -f 1-ingressroute.yaml
+# http://traefik.local/
+k delete -f 1-ingressroute.yaml
+k apply -f 2-ingressroute.yaml
+# http://traefik.local/
+# http://nginx.traefik.local/
+k delete -f 2-ingressroute.yaml
+k apply -f 3-ingressroute.yaml
+# http://green.traefik.local/
+k delete -f 3-ingressroute.yaml
+```
@@ -0,0 +1,32 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: nginx-wrr
+  namespace: default
+spec:
+  weighted:
+    services:
+      - name: nginx-deploy-main
+        port: 80
+        weight: 1
+      - name: nginx-deploy-blue
+        port: 80
+        weight: 1
+      - name: nginx-deploy-green
+        port: 80
+        weight: 1
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+  - match: Host(`nginx.example.com`)
+    kind: Rule
+    services:
+    - name: nginx-wrr
+      kind: TraefikService
@@ -0,0 +1,15 @@
+
+additionalArguments:
+  - --certificatesresolvers.letsencrypt.acme.tlschallenge=true
+  - --certificatesresolvers.letsencrypt.acme.email=test@hello.com
+  - --certificatesresolvers.letsencrypt.acme.storage=/data/acme.json
+  - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+
+
+# Lets Encrypt servers
+
+# Staging
+# https://acme-staging-v02.api.letsencrypt.org/directory
+
+# Production Lets Encrypt
+# https://acme-v02.api.letsencrypt.org/directory
@@ -0,0 +1,31 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: nginx-add-prefix
+spec:
+  addPrefix:
+    prefix: /hello
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.example.com`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
+    - match: Host(`nginx.example.org`)
+      kind: Rule
+      middlewares:
+        - name: nginx-add-prefix
+      services:
+        - name: nginx-deploy-main
+          port: 80
@@ -0,0 +1,40 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: nginx-strip-path-prefix
+spec:
+  stripPrefix:
+    prefixes:
+      - /blue
+      - /green
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.example.com`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
+    - match: Host(`nginx.example.com`) && Path(`/blue`)
+      kind: Rule
+      middlewares:
+        - name: nginx-strip-path-prefix
+      services:
+        - name: nginx-deploy-blue
+          port: 80
+    - match: Host(`nginx.example.com`) && Path(`/green`)
+      kind: Rule
+      middlewares:
+        - name: nginx-strip-path-prefix
+      services:
+        - name: nginx-deploy-green
+          port: 80
@@ -0,0 +1,46 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: nginx-redirect-scheme
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+    port: "443"
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx-http
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.example.com`)
+      kind: Rule
+      middlewares:
+        - name: nginx-redirect-scheme      
+      services:
+        - name: nginx-deploy-main
+          port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx-https
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`nginx.example.com`)
+      kind: Rule     
+      services:
+        - name: nginx-deploy-main
+          port: 80
+  tls:
+    certResolver: letsencrypt
@@ -0,0 +1,39 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: nginx-basic-auth
+spec:
+  basicAuth:
+    secret: authsecret
+
+---
+# Example:
+#   htpasswd -nb venkat hello | base64
+#   dmVua2F0OiRhcHIxJE52L0lPTDZlJDRqdFlwckpjUk1aWU5aeG45M0xCNi8KCg==
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: authsecret
+
+data:
+  users: |
+    dmVua2F0OiRhcHIxJE52L0lPTDZlJDRqdFlwckpjUk1aWU5aeG45M0xCNi8KCg==
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.example.com`)
+      kind: Rule
+      middlewares:
+        - name: nginx-basic-auth
+      services:
+        - name: nginx-deploy-main
+          port: 80
@@ -0,0 +1,16 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.traefik.local`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
+
@@ -0,0 +1,15 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.traefik.local`) || Host(`traefik.local`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
@@ -0,0 +1,25 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.traefik.local`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
+    - match: Host(`blue.traefik.local`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-blue
+          port: 80
+    - match: Host(`green.traefik.local`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-green
+          port: 80
@@ -0,0 +1,15 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.example.com`) && Headers(`From`, `test@example.com`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
@@ -0,0 +1,15 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.example.com`) && HeadersRegexp(`From`, `.*example.*`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
@@ -0,0 +1,15 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`nginx.example.com`) || (Host(`nginx.example.org`) && Headers(`From`, `main@example.com`))
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
@@ -0,0 +1,17 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`nginx.example.com`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
+  tls:
+    certResolver: letsencrypt
@@ -0,0 +1,17 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nginx
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`nginx.example.com`, `nginx.example.org`)
+      kind: Rule
+      services:
+        - name: nginx-deploy-main
+          port: 80
+  tls:
+    certResolver: letsencrypt