-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathprovision-example-daemonset.sh
141 lines (137 loc) · 4.15 KB
/
provision-example-daemonset.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/bin/bash
source /vagrant/lib.sh
domain="$(hostname --domain)"
kubectl apply -f - <<EOF
---
# see https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.Certificate
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-daemonset
spec:
subject:
organizations:
- Example
organizationalUnits:
- Kubernetes
commonName: example-daemonset
dnsNames:
- example-daemonset.$domain
duration: 1h # NB this is so low for testing purposes.
privateKey:
algorithm: ECDSA # NB Ed25519 is not yet supported by chrome 93 or firefox 91.
size: 256
secretName: example-daemonset-tls
issuerRef:
kind: ClusterIssuer
name: ingress
---
# see https://kubernetes.io/docs/concepts/services-networking/ingress/
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#ingress-v1-networking-k8s-io
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-daemonset
spec:
tls:
- secretName: example-daemonset-tls
rules:
# NB due to the external-dns controller this will automatically configure
# the external DNS server (installed in the pandora box) based on this
# ingress rule.
# see https://github.com/kubernetes-incubator/external-dns
- host: example-daemonset.$domain
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: example-daemonset
port:
name: web
---
# see https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#service-v1-core
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#serviceport-v1-core
apiVersion: v1
kind: Service
metadata:
name: example-daemonset
spec:
type: ClusterIP
selector:
app: example-daemonset
ports:
- name: web
port: 80
protocol: TCP
targetPort: web
---
# see https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#daemonset-v1-apps
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#podtemplatespec-v1-core
# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#container-v1-core
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: example-daemonset
spec:
selector:
matchLabels:
app: example-daemonset
template:
metadata:
labels:
app: example-daemonset
spec:
enableServiceLinks: false
containers:
# see https://github.com/rgl/example-docker-buildx-go
- name: example-daemonset
image: ruilopes/example-docker-buildx-go:v1.10.0
args:
- -listen=0.0.0.0:9000
env:
# see https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
# see https://github.com/kubernetes/kubernetes/blob/v1.26.5/test/e2e/common/node/downwardapi.go
- name: EXAMPLE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: EXAMPLE_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: EXAMPLE_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: EXAMPLE_POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: EXAMPLE_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
ports:
- name: web
containerPort: 9000
resources:
requests:
memory: 20Mi
cpu: 0.1
limits:
memory: 20Mi
cpu: 0.1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
EOF