commit f9330715153835172061901ee4c4bc861aa588ca Author: celoman Date: Tue Apr 1 11:59:20 2025 +0200 primer commit diff --git a/cluster-config.yaml b/cluster-config.yaml new file mode 100644 index 0000000..752e993 --- /dev/null +++ b/cluster-config.yaml @@ -0,0 +1,6 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: +- role: control-plane +- role: worker +- role: worker diff --git a/serveis/caddy/font b/serveis/caddy/font new file mode 100644 index 0000000..15c5ac3 --- /dev/null +++ b/serveis/caddy/font @@ -0,0 +1 @@ +https://github.com/caddyserver/ingress diff --git a/serveis/crypad/cryptpad-k8s b/serveis/crypad/cryptpad-k8s new file mode 160000 index 0000000..7208762 --- /dev/null +++ b/serveis/crypad/cryptpad-k8s @@ -0,0 +1 @@ +Subproject commit 720876278d1306fb81604f86a27a0efebabaca7d diff --git a/serveis/etherpad/estructura b/serveis/etherpad/estructura new file mode 100644 index 0000000..4227936 --- /dev/null +++ b/serveis/etherpad/estructura @@ -0,0 +1,256 @@ +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ tree +. +├── etherpad-lite-k8s +│   ├── configmap.yaml +│   ├── deployment.yaml +│   ├── kustomization.yaml +│   └── service.yaml +├── etherpad-lite-k8s-kubedb-mysql +│   ├── configmap.yaml +│   ├── deployment.yaml +│   ├── kustomization.yaml +│   └── name-prefix-transformer-config.yaml +├── kubedb-mysql-etherpad-lite +│   ├── etherpad-mysql.yaml +│   ├── kustomization.yaml +│   ├── README.md +│   └── transformer-config-kubedb.yaml +├── kubedb-mysql-etherpad-lite-with-init-script +│   ├── etherpad-mysql-init-configmap.yaml +│   ├── etherpad-mysql-with-init-script.yaml +│   └── kustomization.yaml +└── test-etherpad-lite-mysql-with-namePrefix + └── kustomization.yaml + +6 directories, 16 files +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat etherpad-lite-k8s/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: etherpad +data: + settings.json: | + { + "skinName":"colibris", + "title":"Etherpad on Kubernetes" + } +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat etherpad-lite-k8s/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: etherpad +spec: + replicas: 1 + selector: + matchLabels: + app: etherpad + template: + metadata: + labels: + app: etherpad + spec: + containers: + - name: etherpad + image: etherpad/etherpad:1.7.5 + ports: + - containerPort: 9001 + name: web + volumeMounts: + - name: "config" + mountPath: "/opt/etherpad/settings.json" + subPath: "settings.json" + volumes: + - name: config + configMap: + name: etherpad +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat etherpad-lite-k8s/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- configmap.yaml +- deployment.yaml +- service.yaml +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat etherpad-lite-k8s/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: etherpad +spec: + selector: + app: etherpad + ports: + - name: web + port: 80 + targetPort: web +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat etherpad-lite-k8s-kubedb-mysql/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: etherpad +data: + settings.json: | + { + "skinName":"colibris", + "title":"Etherpad on Kubernetes w/ MySQL", + "dbType": "${ETHERPAD_DB_TYPE:mysql}", + "dbSettings": { + "database": "${ETHERPAD_DB_DATABASE}", + "host": "${ETHERPAD_DB_HOST}", + "password": "${ETHERPAD_DB_PASSWORD}", + "user": "${ETHERPAD_DB_USER}" + } + } +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat etherpad-lite-k8s-kubedb-mysql/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: etherpad +spec: + template: + spec: + containers: + - name: etherpad + env: + - name: ETHERPAD_DB_TYPE + value: mysql + - name: ETHERPAD_DB_HOST + value: $(MYSQL_SERVICE) + - name: ETHERPAD_DB_DATABASE + value: etherpad_lite_db + - name: ETHERPAD_DB_USER + valueFrom: + secretKeyRef: + name: etherpad-mysql-auth + key: username + - name: ETHERPAD_DB_PASSWORD + valueFrom: + secretKeyRef: + name: etherpad-mysql-auth + key: password + volumeMounts: + - name: "config" + mountPath: "/opt/etherpad-lite/settings.json" + subPath: "settings.json" +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat etherpad-lite-k8s-kubedb-mysql/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../kubedb-mysql-etherpad-lite-with-init-script +- ../etherpad-lite-k8s +patchesStrategicMerge: +- configmap.yaml +- deployment.yaml +images: +- name: etherpad/etherpad + # This is required until etherpad-lite 1.8 comes out to be able to use env vars in settings.json + newTag: latest +configurations: +- name-prefix-transformer-config.yaml +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat etherpad-lite-k8s-kubedb-mysql/name-prefix-transformer-config.yaml +namePrefix: +- apiVersion: apps/v1 + kind: Deployment + path: spec/template/spec/containers/env/valueFrom/secretKeyRef/name +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat kubedb-mysql-etherpad-lite/etherpad-mysql.yaml +apiVersion: kubedb.com/v1alpha1 +kind: MySQL +metadata: + name: etherpad-mysql +spec: + version: "5.7.25" + storageType: Durable + terminationPolicy: WipeOut + storage: + storageClassName: "default" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat kubedb-mysql-etherpad-lite/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- etherpad-mysql.yaml +vars: +- name: MYSQL_SERVICE + objref: + apiVersion: kubedb.com/v1alpha1 + kind: MySQL + name: etherpad-mysql + fieldref: + fieldpath: metadata.name +configurations: +- transformer-config-kubedb.yaml +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat kubedb-mysql-etherpad-lite/README.md +# kubedb-mysql-etherpad-lite + +This is *just* the kubedb MySQL resource for etherpad-lite. Compose it with something like ../etherpad-lite-k8s to get a full setup. +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat kubedb-mysql-etherpad-lite/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- etherpad-mysql.yaml +vars: +- name: MYSQL_SERVICE + objref: + apiVersion: kubedb.com/v1alpha1 + kind: MySQL + name: etherpad-mysql + fieldref: + fieldpath: metadata.name +configurations: +- transformer-config-kubedb.yaml +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat kubedb-mysql-etherpad-lite/transformer-config-kubedb.yaml +namePrefix: +- apiVersion: kubedb.com/v1alpha1 + kind: MySQL + path: spec/init/scriptSource/configMap/name + +nameReference: +- version: v1 + kind: ConfigMap + fieldSpecs: + - version: kubedb.com/v1alpha1 + kind: MySQL + path: spec/init/scriptSource +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat kubedb-mysql-etherpad-lite-with-init-script/etherpad-mysql-init-configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: etherpad-mysql-init +data: + init.sql: | + create database `etherpad_lite_db`; + use `etherpad_lite_db`; + + CREATE TABLE `store` ( + `key` varchar(100) COLLATE utf8mb4_bin NOT NULL DEFAULT '', + `value` longtext COLLATE utf8mb4_bin NOT NULL, + PRIMARY KEY (`key`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin; +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat kubedb-mysql-etherpad-lite-with-init-script/etherpad-mysql-with-init-script.yaml +apiVersion: kubedb.com/v1alpha1 +kind: MySQL +metadata: + name: etherpad-mysql +spec: + init: + scriptSource: + configMap: + name: etherpad-mysql-init +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat kubedb-mysql-etherpad-lite-with-init-script/kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../kubedb-mysql-etherpad-lite +resources: +- etherpad-mysql-init-configmap.yaml +patchesStrategicMerge: +- etherpad-mysql-with-init-script.yaml +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ cat test-etherpad-lite-mysql-with-namePrefix/kustomization.yaml +bases: +- ../etherpad-lite-k8s-kubedb-mysql +namePrefix: test-namePrefix- +usuari@CASCA:~/Nextcloud/EC/Documents/fct/k9/serveis/etherpad/etherpad-lite/lib$ diff --git a/serveis/etherpad/etherpad-lite b/serveis/etherpad/etherpad-lite new file mode 160000 index 0000000..217d46b --- /dev/null +++ b/serveis/etherpad/etherpad-lite @@ -0,0 +1 @@ +Subproject commit 217d46b3c99aeb2506c3f30f9f78c37a8c50d60e diff --git a/serveis/example/deployment.yml b/serveis/example/deployment.yml new file mode 100644 index 0000000..ad875ee --- /dev/null +++ b/serveis/example/deployment.yml @@ -0,0 +1,20 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + selector: + matchLabels: + app: nginx + replicas: 3 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:alpine + ports: + - containerPort: 80 diff --git a/serveis/example/service.yml b/serveis/example/service.yml new file mode 100644 index 0000000..a309465 --- /dev/null +++ b/serveis/example/service.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx +spec: + ipFamilyPolicy: PreferDualStack + selector: + app: nginx + ports: + - port: 80 + targetPort: 80 + type: LoadBalancer diff --git a/serveis/example2/deployment.yml b/serveis/example2/deployment.yml new file mode 100644 index 0000000..ad875ee --- /dev/null +++ b/serveis/example2/deployment.yml @@ -0,0 +1,20 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + selector: + matchLabels: + app: nginx + replicas: 3 + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:alpine + ports: + - containerPort: 80 diff --git a/serveis/example2/service.yml b/serveis/example2/service.yml new file mode 100644 index 0000000..a309465 --- /dev/null +++ b/serveis/example2/service.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx +spec: + ipFamilyPolicy: PreferDualStack + selector: + app: nginx + ports: + - port: 80 + targetPort: 80 + type: LoadBalancer diff --git a/serveis/example3/nginx-deployment.yaml b/serveis/example3/nginx-deployment.yaml new file mode 100644 index 0000000..84d2853 --- /dev/null +++ b/serveis/example3/nginx-deployment.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx + namespace: default +spec: + ports: + - port: 8001 + targetPort: 80 + selector: + app: nginx diff --git a/serveis/example3/nginx-ingress.yaml b/serveis/example3/nginx-ingress.yaml new file mode 100644 index 0000000..205a33e --- /dev/null +++ b/serveis/example3/nginx-ingress.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx + namespace: default +spec: + ports: + - port: 80 # El puerto en el cual el servicio será accesible desde el clúster + targetPort: 80 # El puerto del contenedor al que se enviará el tráfico + selector: + app: nginx + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginx-ingress + namespace: default + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: nginx.local # El nombre del dominio que usarás para acceder al servicio + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginx + port: + number: 80 # El puerto donde el servicio está escuchando diff --git a/serveis/example3/nginx-ingress.yaml.2 b/serveis/example3/nginx-ingress.yaml.2 new file mode 100644 index 0000000..205a33e --- /dev/null +++ b/serveis/example3/nginx-ingress.yaml.2 @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx + namespace: default +spec: + ports: + - port: 80 # El puerto en el cual el servicio será accesible desde el clúster + targetPort: 80 # El puerto del contenedor al que se enviará el tráfico + selector: + app: nginx + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginx-ingress + namespace: default + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: nginx.local # El nombre del dominio que usarás para acceder al servicio + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginx + port: + number: 80 # El puerto donde el servicio está escuchando diff --git a/serveis/example3/nginx-ingress.yaml.ori b/serveis/example3/nginx-ingress.yaml.ori new file mode 100644 index 0000000..430f9aa --- /dev/null +++ b/serveis/example3/nginx-ingress.yaml.ori @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginx-ingress + namespace: default + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: nginx.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginx + port: + number: 8001 diff --git a/serveis/example3/nginxdos-deployment.yaml b/serveis/example3/nginxdos-deployment.yaml new file mode 100644 index 0000000..84d2853 --- /dev/null +++ b/serveis/example3/nginxdos-deployment.yaml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx + namespace: default +spec: + ports: + - port: 8001 + targetPort: 80 + selector: + app: nginx diff --git a/serveis/example3/port-forward.sh b/serveis/example3/port-forward.sh new file mode 100644 index 0000000..34b0c92 --- /dev/null +++ b/serveis/example3/port-forward.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sudo kubectl port-forward svc/nginx 80:8001 diff --git a/serveis/example3/radicale/radicale-deployment.yaml b/serveis/example3/radicale/radicale-deployment.yaml new file mode 100644 index 0000000..348dfc0 --- /dev/null +++ b/serveis/example3/radicale/radicale-deployment.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.35.0 (9532ceef3) + labels: + io.kompose.service: radicale + name: radicale +spec: + replicas: 1 + selector: + matchLabels: + io.kompose.service: radicale + strategy: + type: Recreate + template: + metadata: + annotations: + kompose.cmd: kompose convert -f docker-compose.yml + kompose.version: 1.35.0 (9532ceef3) + labels: + io.kompose.service: radicale + spec: + containers: + - image: tomsquest/docker-radicale + livenessProbe: + exec: + command: + - curl -f http://127.0.0.1:5232 || exit 1 + failureThreshold: 3 + periodSeconds: 30 + name: radicale + ports: + - containerPort: 5232 + protocol: TCP + resources: + limits: + memory: "268435456" + securityContext: + capabilities: + add: + - SETUID + - SETGID + - CHOWN + - KILL + drop: + - ALL + readOnlyRootFilesystem: true + restartPolicy: Always diff --git a/serveis/example3/radicale/radicale-pvc.yaml b/serveis/example3/radicale/radicale-pvc.yaml new file mode 100644 index 0000000..519a4b4 --- /dev/null +++ b/serveis/example3/radicale/radicale-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: radicale-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/serveis/example3/radicale/radicale-service.yaml b/serveis/example3/radicale/radicale-service.yaml new file mode 100644 index 0000000..67fa123 --- /dev/null +++ b/serveis/example3/radicale/radicale-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: radicale +spec: + selector: + app: radicale + ports: + - port: 80 + targetPort: 5232 + type: LoadBalancer diff --git a/serveis/example3/radicale0/radicale-deployment.yaml b/serveis/example3/radicale0/radicale-deployment.yaml new file mode 100644 index 0000000..d8986c0 --- /dev/null +++ b/serveis/example3/radicale0/radicale-deployment.yaml @@ -0,0 +1,42 @@ +kapiVersion: apps/v1 +kind: Deployment +metadata: + name: radicale + labels: + app: radicale +spec: + replicas: 1 + selector: + matchLabels: + app: radicale + template: + metadata: + labels: + app: radicale + spec: + containers: + - name: radicale + image: tomsquest/docker-radicale + ports: + - containerPort: 5232 + volumeMounts: + - mountPath: /data # Directorio donde se almacenan los datos persistentes + name: radicale-storage # El nombre del volumen que se define a continuación + livenessProbe: + exec: + command: + - curl + - -f + - http://127.0.0.1:5232 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + memory: "256Mi" + requests: + memory: "128Mi" + volumes: + - name: radicale-storage + persistentVolumeClaim: + claimName: radicale-pvc # Aquí se hace referencia al PVC previamente creado + diff --git a/serveis/example3/radicale0/radicale-pv.yaml b/serveis/example3/radicale0/radicale-pv.yaml new file mode 100644 index 0000000..aec2332 --- /dev/null +++ b/serveis/example3/radicale0/radicale-pv.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: radicale-pv +spec: + capacity: + storage: 1Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: standard + hostPath: + path: /mnt/data/radicale # Ruta del almacenamiento en el nodo de Kubernetes + diff --git a/serveis/example3/radicale0/radicale-pvc.yaml b/serveis/example3/radicale0/radicale-pvc.yaml new file mode 100644 index 0000000..bd20033 --- /dev/null +++ b/serveis/example3/radicale0/radicale-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: radicale-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: standard # Asegúrate de que esta clase de almacenamiento exista diff --git a/serveis/example3/radicale0/radicale-service.yaml b/serveis/example3/radicale0/radicale-service.yaml new file mode 100644 index 0000000..9a99c8a --- /dev/null +++ b/serveis/example3/radicale0/radicale-service.yaml @@ -0,0 +1,12 @@ +kapiVersion: v1 +kind: Service +metadata: + name: radicale +spec: + selector: + app: radicale + ports: + - port: 80 + targetPort: 5232 + type: ClusterIP # Si deseas que sea accesible solo dentro del clúster + diff --git a/serveis/example3/wp-ingress.yaml b/serveis/example3/wp-ingress.yaml new file mode 100644 index 0000000..15cea62 --- /dev/null +++ b/serveis/example3/wp-ingress.yaml @@ -0,0 +1,29 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nginx-wordpress-ingress + namespace: default + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: nginx.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginx + port: + number: 80 + - host: wordpress.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: wordpress + port: + number: 8080 # Asegúrate de que el puerto 8080 esté reflejado aquí diff --git a/serveis/example4/Caddyfile b/serveis/example4/Caddyfile new file mode 100644 index 0000000..4bdb17d --- /dev/null +++ b/serveis/example4/Caddyfile @@ -0,0 +1,15 @@ +{ + debug +} + +nginx1.local { + reverse_proxy nginx1-service.default.svc.cluster.local:80 +} + +nginx2.local { + reverse_proxy nginx2-service.default.svc.cluster.local:80 +} + +nginx3.local { + reverse_proxy nginx3-service.default.svc.cluster.local:80 +} diff --git a/serveis/example4/caddy-configmap.yaml b/serveis/example4/caddy-configmap.yaml new file mode 100644 index 0000000..f8b300a --- /dev/null +++ b/serveis/example4/caddy-configmap.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: caddy-config + namespace: default +data: + Caddyfile: | + { + debug + } + + nginx1.local { + reverse_proxy nginx1-service.default.svc.cluster.local:80 + } + + nginx2.local { + reverse_proxy nginx2-service.default.svc.cluster.local:80 + } + + nginx3.local { + reverse_proxy nginx3-service.default.svc.cluster.local:80 + } diff --git a/serveis/example4/caddy-deployment.yaml b/serveis/example4/caddy-deployment.yaml new file mode 100644 index 0000000..71a4ce0 --- /dev/null +++ b/serveis/example4/caddy-deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: caddy + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: caddy + template: + metadata: + labels: + app: caddy + spec: + containers: + - name: caddy + image: caddy + ports: + - containerPort: 80 + volumeMounts: + - name: caddy-config-volume + mountPath: /etc/caddy + volumes: + - name: caddy-config-volume + configMap: + name: caddy-config diff --git a/serveis/example4/caddy-service.yaml b/serveis/example4/caddy-service.yaml new file mode 100644 index 0000000..1a4d708 --- /dev/null +++ b/serveis/example4/caddy-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: caddy + namespace: default +spec: + selector: + app: caddy + ports: + - port: 80 # Este es el puerto interno que escucha Caddy + targetPort: 80 # Mapeamos el puerto interno + nodePort: 30080 # Este es el puerto de acceso fuera del clúster + type: NodePort diff --git a/serveis/example4/ingress.yam b/serveis/example4/ingress.yam new file mode 100644 index 0000000..cb865a7 --- /dev/null +++ b/serveis/example4/ingress.yam @@ -0,0 +1,39 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: caddy-ingress + namespace: default + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: nginx1.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: caddy + port: + number: 80 + - host: nginx2.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: caddy + port: + number: 80 + - host: nginx3.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: caddy + port: + number: 80 diff --git a/serveis/example4/nginx-deployment.yaml b/serveis/example4/nginx-deployment.yaml new file mode 100644 index 0000000..e980153 --- /dev/null +++ b/serveis/example4/nginx-deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx1 + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx1 + template: + metadata: + labels: + app: nginx1 + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx2 + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx2 + template: + metadata: + labels: + app: nginx2 + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx3 + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx3 + template: + metadata: + labels: + app: nginx3 + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 diff --git a/serveis/example4/nginx-service.yaml b/serveis/example4/nginx-service.yaml new file mode 100644 index 0000000..ddb670a --- /dev/null +++ b/serveis/example4/nginx-service.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx1 + namespace: default +spec: + selector: + app: nginx1 + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx2 + namespace: default +spec: + selector: + app: nginx2 + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx3 + namespace: default +spec: + selector: + app: nginx3 + ports: + - protocol: TCP + port: 80 + targetPort: 80 diff --git a/serveis/example4/nginx1-service.yaml b/serveis/example4/nginx1-service.yaml new file mode 100644 index 0000000..7a9b5c9 --- /dev/null +++ b/serveis/example4/nginx1-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx1-service + labels: + app: nginx1 +spec: + selector: + app: nginx1 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: LoadBalancer diff --git a/serveis/example4/nginx2-service.yaml b/serveis/example4/nginx2-service.yaml new file mode 100644 index 0000000..c520a11 --- /dev/null +++ b/serveis/example4/nginx2-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx2-service + labels: + app: nginx2 +spec: + selector: + app: nginx2 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: LoadBalancer diff --git a/serveis/example4/nginx3-service.yaml b/serveis/example4/nginx3-service.yaml new file mode 100644 index 0000000..47d1c75 --- /dev/null +++ b/serveis/example4/nginx3-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx3-service + labels: + app: nginx3 +spec: + selector: + app: nginx3 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: LoadBalancer diff --git a/serveis/example8880/Caddyfile b/serveis/example8880/Caddyfile new file mode 100644 index 0000000..9e26595 --- /dev/null +++ b/serveis/example8880/Caddyfile @@ -0,0 +1,15 @@ +{ + debug +} + +nginx1.local:8880 { + reverse_proxy nginx1-service.default.svc.cluster.local:80 +} + +nginx2.local:8880 { + reverse_proxy nginx2-service.default.svc.cluster.local:80 +} + +nginx3.local:8880 { + reverse_proxy nginx3-service.default.svc.cluster.local:80 +} diff --git a/serveis/example8880/caddy-configmap.yaml b/serveis/example8880/caddy-configmap.yaml new file mode 100644 index 0000000..4ef5891 --- /dev/null +++ b/serveis/example8880/caddy-configmap.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: caddy-config + namespace: default +data: + Caddyfile: | + { + debug + } + + nginx1.local:8880 { + reverse_proxy nginx1-service.default.svc.cluster.local:80 + } + + nginx2.local:8880 { + reverse_proxy nginx2-service.default.svc.cluster.local:80 + } + + nginx3.local:8880 { + reverse_proxy nginx3-service.default.svc.cluster.local:80 + } diff --git a/serveis/example8880/caddy-deployment.yaml b/serveis/example8880/caddy-deployment.yaml new file mode 100644 index 0000000..06eb7a0 --- /dev/null +++ b/serveis/example8880/caddy-deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: caddy + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: caddy + template: + metadata: + labels: + app: caddy + spec: + containers: + - name: caddy + image: caddy + ports: + - containerPort: 8880 + volumeMounts: + - name: caddy-config-volume + mountPath: /etc/caddy + volumes: + - name: caddy-config-volume + configMap: + name: caddy-config diff --git a/serveis/example8880/caddy-service.yaml b/serveis/example8880/caddy-service.yaml new file mode 100644 index 0000000..a6be840 --- /dev/null +++ b/serveis/example8880/caddy-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: caddy + namespace: default +spec: + selector: + app: caddy + ports: + - port: 8880 # Puerto en el cluster + targetPort: 8880 # Puerto en el contenedor + nodePort: 30080 # Puerto accesible externamente + type: NodePort + diff --git a/serveis/example8880/ingress.yam b/serveis/example8880/ingress.yam new file mode 100644 index 0000000..19be9a0 --- /dev/null +++ b/serveis/example8880/ingress.yam @@ -0,0 +1,39 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: caddy-ingress + namespace: default + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: nginx1.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: caddy + port: + number: 8880 + - host: nginx2.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: caddy + port: + number: 8880 + - host: nginx3.local + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: caddy + port: + number: 8880 diff --git a/serveis/example8880/nginx-deployment.yaml b/serveis/example8880/nginx-deployment.yaml new file mode 100644 index 0000000..e980153 --- /dev/null +++ b/serveis/example8880/nginx-deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx1 + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx1 + template: + metadata: + labels: + app: nginx1 + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx2 + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx2 + template: + metadata: + labels: + app: nginx2 + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx3 + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nginx3 + template: + metadata: + labels: + app: nginx3 + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 diff --git a/serveis/example8880/nginx-service.yaml b/serveis/example8880/nginx-service.yaml new file mode 100644 index 0000000..ddb670a --- /dev/null +++ b/serveis/example8880/nginx-service.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx1 + namespace: default +spec: + selector: + app: nginx1 + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx2 + namespace: default +spec: + selector: + app: nginx2 + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx3 + namespace: default +spec: + selector: + app: nginx3 + ports: + - protocol: TCP + port: 80 + targetPort: 80 diff --git a/serveis/example8880/nginx1-service.yaml b/serveis/example8880/nginx1-service.yaml new file mode 100644 index 0000000..720cf5f --- /dev/null +++ b/serveis/example8880/nginx1-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx1-service + labels: + app: nginx1 +spec: + selector: + app: nginx1 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/serveis/example8880/nginx2-service.yaml b/serveis/example8880/nginx2-service.yaml new file mode 100644 index 0000000..74423e1 --- /dev/null +++ b/serveis/example8880/nginx2-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx2-service + labels: + app: nginx2 +spec: + selector: + app: nginx2 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/serveis/example8880/nginx3-service.yaml b/serveis/example8880/nginx3-service.yaml new file mode 100644 index 0000000..7ac85eb --- /dev/null +++ b/serveis/example8880/nginx3-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx3-service + labels: + app: nginx3 +spec: + selector: + app: nginx3 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/serveis/metalb/example5/caddy.yaml b/serveis/metalb/example5/caddy.yaml new file mode 100644 index 0000000..10df349 --- /dev/null +++ b/serveis/metalb/example5/caddy.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: caddy + labels: + app: caddy +spec: + replicas: 1 + selector: + matchLabels: + app: caddy + template: + metadata: + labels: + app: caddy + spec: + containers: + - name: caddy + image: caddy:latest + ports: + - containerPort: 80 + name: http + volumeMounts: + - name: caddy-data + mountPath: /data + - name: caddy-config + mountPath: /config + - name: caddy-caddyfile + mountPath: /etc/caddy/Caddyfile + subPath: Caddyfile + volumes: + - name: caddy-data + emptyDir: {} + - name: caddy-config + emptyDir: {} + - name: caddy-caddyfile + configMap: + name: caddyfile-config +--- +apiVersion: v1 +kind: Service +metadata: + name: caddy +spec: + selector: + app: caddy + ports: + - protocol: TCP + port: 80 + targetPort: 80 + name: http + type: LoadBalancer diff --git a/serveis/metalb/example5/caddyfile-config.yaml b/serveis/metalb/example5/caddyfile-config.yaml new file mode 100644 index 0000000..0d8d1d0 --- /dev/null +++ b/serveis/metalb/example5/caddyfile-config.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: caddyfile-config + namespace: default +data: + Caddyfile: | + http://adala1.com { + reverse_proxy nginx1:80 + } + http://adala2.com { + reverse_proxy nginx2:80 + } + http://adala3.com { + reverse_proxy nginx3:80 + } + diff --git a/serveis/metalb/example5/nginx1.yaml b/serveis/metalb/example5/nginx1.yaml new file mode 100644 index 0000000..ed2b97a --- /dev/null +++ b/serveis/metalb/example5/nginx1.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx1 + labels: + app: nginx +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + component: nginx1 + template: + metadata: + labels: + app: nginx + component: nginx1 + spec: + containers: + - name: nginx1 + image: nginx:latest + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx1 +spec: + selector: + app: nginx + component: nginx1 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/serveis/metalb/example5/nginx2.yaml b/serveis/metalb/example5/nginx2.yaml new file mode 100644 index 0000000..2301103 --- /dev/null +++ b/serveis/metalb/example5/nginx2.yaml @@ -0,0 +1,37 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx2 + labels: + app: nginx +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + component: nginx2 + template: + metadata: + labels: + app: nginx + component: nginx2 + spec: + containers: + - name: nginx2 + image: nginx:latest + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx2 +spec: + selector: + app: nginx + component: nginx2 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP diff --git a/serveis/metalb/example5/nginx3.yaml b/serveis/metalb/example5/nginx3.yaml new file mode 100644 index 0000000..f8e9f04 --- /dev/null +++ b/serveis/metalb/example5/nginx3.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx3 + labels: + app: nginx +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + component: nginx3 + template: + metadata: + labels: + app: nginx + component: nginx3 + spec: + containers: + - name: nginx3 + image: nginx:latest + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: nginx3 +spec: + selector: + app: nginx + component: nginx3 + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: ClusterIP + diff --git a/serveis/metalb/metallb-config.yaml b/serveis/metalb/metallb-config.yaml new file mode 100644 index 0000000..16b31c8 --- /dev/null +++ b/serveis/metalb/metallb-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config + namespace: metallb-system +data: + config: | + address-pools: + - name: default + protocol: layer2 + addresses: + - 192.168.1.240-192.168.1.250 # Cambia este rango por uno válido en tu red diff --git a/serveis/metalb/metallb.yaml b/serveis/metalb/metallb.yaml new file mode 100644 index 0000000..b62f7ce --- /dev/null +++ b/serveis/metalb/metallb.yaml @@ -0,0 +1,365 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:controller +rules: +- apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - '' + resources: + - services/status + verbs: + - update +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - controller + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:speaker +rules: +- apiGroups: + - '' + resources: + - services + - endpoints + - nodes + verbs: + - get + - list + - watch +- apiGroups: ["discovery.k8s.io"] + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - speaker + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - pods + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - secrets + verbs: + - create +- apiGroups: + - '' + resources: + - secrets + resourceNames: + - memberlist + verbs: + - list +- apiGroups: + - apps + resources: + - deployments + resourceNames: + - controller + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:controller +subjects: +- kind: ServiceAccount + name: controller + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:speaker +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:speaker +subjects: +- kind: ServiceAccount + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: config-watcher +subjects: +- kind: ServiceAccount + name: controller +- kind: ServiceAccount + name: speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-lister +subjects: +- kind: ServiceAccount + name: speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: controller +subjects: +- kind: ServiceAccount + name: controller +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: metallb + component: speaker + name: speaker + namespace: metallb-system +spec: + selector: + matchLabels: + app: metallb + component: speaker + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: speaker + spec: + containers: + - args: + - --port=7472 + - --config=config + - --log-level=info + env: + - name: METALLB_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: METALLB_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: METALLB_ML_BIND_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + # needed when another software is also using memberlist / port 7946 + # when changing this default you also need to update the container ports definition + # and the PodSecurityPolicy hostPorts definition + #- name: METALLB_ML_BIND_PORT + # value: "7946" + - name: METALLB_ML_LABELS + value: "app=metallb,component=speaker" + - name: METALLB_ML_SECRET_KEY + valueFrom: + secretKeyRef: + name: memberlist + key: secretkey + image: quay.io/metallb/speaker:v0.11.0 + name: speaker + ports: + - containerPort: 7472 + name: monitoring + - containerPort: 7946 + name: memberlist-tcp + - containerPort: 7946 + name: memberlist-udp + protocol: UDP + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_RAW + drop: + - ALL + readOnlyRootFilesystem: true + hostNetwork: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: speaker + terminationGracePeriodSeconds: 2 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metallb + component: controller + name: controller + namespace: metallb-system +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app: metallb + component: controller + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: controller + spec: + containers: + - args: + - --port=7472 + - --config=config + - --log-level=info + env: + - name: METALLB_ML_SECRET_NAME + value: memberlist + - name: METALLB_DEPLOYMENT + value: controller + image: quay.io/metallb/controller:v0.11.0 + name: controller + ports: + - containerPort: 7472 + name: monitoring + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + runAsUser: 65534 + fsGroup: 65534 + serviceAccountName: controller + terminationGracePeriodSeconds: 0 diff --git a/serveis/metalb/metallb.yaml.ori b/serveis/metalb/metallb.yaml.ori new file mode 100644 index 0000000..39fbdb0 --- /dev/null +++ b/serveis/metalb/metallb.yaml.ori @@ -0,0 +1,446 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +spec: + allowPrivilegeEscalation: false + allowedCapabilities: [] + allowedHostPaths: [] + defaultAddCapabilities: [] + defaultAllowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + hostIPC: false + hostNetwork: false + hostPID: false + privileged: false + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL + runAsUser: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - secret + - emptyDir +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + labels: + app: metallb + name: speaker + namespace: metallb-system +spec: + allowPrivilegeEscalation: false + allowedCapabilities: + - NET_RAW + allowedHostPaths: [] + defaultAddCapabilities: [] + defaultAllowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: false + hostPorts: + - max: 7472 + min: 7472 + - max: 7946 + min: 7946 + privileged: true + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - secret + - emptyDir +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:controller +rules: +- apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - '' + resources: + - services/status + verbs: + - update +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - controller + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:speaker +rules: +- apiGroups: + - '' + resources: + - services + - endpoints + - nodes + verbs: + - get + - list + - watch +- apiGroups: ["discovery.k8s.io"] + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - speaker + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - pods + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - secrets + verbs: + - create +- apiGroups: + - '' + resources: + - secrets + resourceNames: + - memberlist + verbs: + - list +- apiGroups: + - apps + resources: + - deployments + resourceNames: + - controller + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:controller +subjects: +- kind: ServiceAccount + name: controller + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:speaker +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:speaker +subjects: +- kind: ServiceAccount + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: config-watcher +subjects: +- kind: ServiceAccount + name: controller +- kind: ServiceAccount + name: speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-lister +subjects: +- kind: ServiceAccount + name: speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: controller +subjects: +- kind: ServiceAccount + name: controller +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: metallb + component: speaker + name: speaker + namespace: metallb-system +spec: + selector: + matchLabels: + app: metallb + component: speaker + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: speaker + spec: + containers: + - args: + - --port=7472 + - --config=config + - --log-level=info + env: + - name: METALLB_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: METALLB_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: METALLB_ML_BIND_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + # needed when another software is also using memberlist / port 7946 + # when changing this default you also need to update the container ports definition + # and the PodSecurityPolicy hostPorts definition + #- name: METALLB_ML_BIND_PORT + # value: "7946" + - name: METALLB_ML_LABELS + value: "app=metallb,component=speaker" + - name: METALLB_ML_SECRET_KEY + valueFrom: + secretKeyRef: + name: memberlist + key: secretkey + image: quay.io/metallb/speaker:v0.11.0 + name: speaker + ports: + - containerPort: 7472 + name: monitoring + - containerPort: 7946 + name: memberlist-tcp + - containerPort: 7946 + name: memberlist-udp + protocol: UDP + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_RAW + drop: + - ALL + readOnlyRootFilesystem: true + hostNetwork: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: speaker + terminationGracePeriodSeconds: 2 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metallb + component: controller + name: controller + namespace: metallb-system +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app: metallb + component: controller + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: controller + spec: + containers: + - args: + - --port=7472 + - --config=config + - --log-level=info + env: + - name: METALLB_ML_SECRET_NAME + value: memberlist + - name: METALLB_DEPLOYMENT + value: controller + image: quay.io/metallb/controller:v0.11.0 + name: controller + ports: + - containerPort: 7472 + name: monitoring + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + runAsUser: 65534 + fsGroup: 65534 + serviceAccountName: controller + terminationGracePeriodSeconds: 0 diff --git a/serveis/metalb/my-service.yaml b/serveis/metalb/my-service.yaml new file mode 100644 index 0000000..a9a26fd --- /dev/null +++ b/serveis/metalb/my-service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: my-service + labels: + app: my-app +spec: + selector: + app: caddy # Ahora coincide con la etiqueta del pod Caddy + ports: + - protocol: TCP + port: 80 + targetPort: 8080 + type: LoadBalancer + diff --git a/serveis/metalb2/example5/caddy-service.yaml b/serveis/metalb2/example5/caddy-service.yaml new file mode 100644 index 0000000..21f9984 --- /dev/null +++ b/serveis/metalb2/example5/caddy-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: caddy-service +spec: + selector: + app: caddy + ports: + - protocol: TCP + port: 80 + targetPort: 80 + type: LoadBalancer diff --git a/serveis/metalb2/example5/caddy.yaml b/serveis/metalb2/example5/caddy.yaml new file mode 100644 index 0000000..a5a4f8c --- /dev/null +++ b/serveis/metalb2/example5/caddy.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: caddy + labels: + app: caddy +spec: + replicas: 1 + selector: + matchLabels: + app: caddy + template: + metadata: + labels: + app: caddy + spec: + containers: + - name: caddy + image: caddy:latest + ports: + - containerPort: 8880 # Cambié el puerto de contenedor a 8880 + volumeMounts: + - name: caddy-data + mountPath: /data + - name: caddy-config + mountPath: /config + - name: caddy-caddyfile + mountPath: /etc/caddy/Caddyfile + subPath: Caddyfile + volumes: + - name: caddy-data + emptyDir: {} + - name: caddy-config + emptyDir: {} + - name: caddy-caddyfile + configMap: + name: caddyfile-config + +--- +apiVersion: v1 +kind: Service +metadata: + name: caddy +spec: + selector: + app: caddy + ports: + - port: 80 + targetPort: 8880 # Aseguramos que el puerto de destino sea 8880 diff --git a/serveis/metalb2/example5/caddyfile-config.yaml b/serveis/metalb2/example5/caddyfile-config.yaml new file mode 100644 index 0000000..bcfc69d --- /dev/null +++ b/serveis/metalb2/example5/caddyfile-config.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: caddyfile-config + namespace: default +data: + Caddyfile: | + http://adala1.com { + reverse_proxy nginx1:8880 # Cambié el puerto a 8880 + } + http://adala2.com { + reverse_proxy nginx2:8880 # Cambié el puerto a 8880 + } + http://adala3.com { + reverse_proxy nginx3:8880 # Cambié el puerto a 8880 + } diff --git a/serveis/metalb2/example5/nginx1-service.yaml b/serveis/metalb2/example5/nginx1-service.yaml new file mode 100644 index 0000000..e6c649a --- /dev/null +++ b/serveis/metalb2/example5/nginx1-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx1-service +spec: + selector: + app: nginx + component: nginx1 + type: LoadBalancer + ports: + - protocol: TCP + port: 80 + targetPort: 8880 diff --git a/serveis/metalb2/example5/nginx1.yaml b/serveis/metalb2/example5/nginx1.yaml new file mode 100644 index 0000000..067d78f --- /dev/null +++ b/serveis/metalb2/example5/nginx1.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx1 +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + component: nginx1 + template: + metadata: + labels: + app: nginx + component: nginx1 + spec: + containers: + - name: nginx + image: nginx:latest + ports: + - containerPort: 8880 + volumeMounts: + - name: nginx-config + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf + volumes: + - name: nginx-config + configMap: + name: nginx-config diff --git a/serveis/metalb2/example5/nginx2.yaml b/serveis/metalb2/example5/nginx2.yaml new file mode 100644 index 0000000..573cbd6 --- /dev/null +++ b/serveis/metalb2/example5/nginx2.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config +data: + default.conf: | + server { + listen 8880; + listen [::]:8880; + server_name localhost; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } diff --git a/serveis/metalb2/example5/nginx3.yaml b/serveis/metalb2/example5/nginx3.yaml new file mode 100644 index 0000000..b9ca258 --- /dev/null +++ b/serveis/metalb2/example5/nginx3.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx3-service +spec: + selector: + app: nginx + component: nginx3 + ports: + - protocol: TCP + port: 80 + targetPort: 8880 + type: LoadBalancer diff --git a/serveis/metalb2/metallb-config.yaml b/serveis/metalb2/metallb-config.yaml new file mode 100644 index 0000000..16b31c8 --- /dev/null +++ b/serveis/metalb2/metallb-config.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config + namespace: metallb-system +data: + config: | + address-pools: + - name: default + protocol: layer2 + addresses: + - 192.168.1.240-192.168.1.250 # Cambia este rango por uno válido en tu red diff --git a/serveis/metalb2/metallb.yaml b/serveis/metalb2/metallb.yaml new file mode 100644 index 0000000..b62f7ce --- /dev/null +++ b/serveis/metalb2/metallb.yaml @@ -0,0 +1,365 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:controller +rules: +- apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - '' + resources: + - services/status + verbs: + - update +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - controller + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:speaker +rules: +- apiGroups: + - '' + resources: + - services + - endpoints + - nodes + verbs: + - get + - list + - watch +- apiGroups: ["discovery.k8s.io"] + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - speaker + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - pods + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - secrets + verbs: + - create +- apiGroups: + - '' + resources: + - secrets + resourceNames: + - memberlist + verbs: + - list +- apiGroups: + - apps + resources: + - deployments + resourceNames: + - controller + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:controller +subjects: +- kind: ServiceAccount + name: controller + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:speaker +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:speaker +subjects: +- kind: ServiceAccount + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: config-watcher +subjects: +- kind: ServiceAccount + name: controller +- kind: ServiceAccount + name: speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-lister +subjects: +- kind: ServiceAccount + name: speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: controller +subjects: +- kind: ServiceAccount + name: controller +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: metallb + component: speaker + name: speaker + namespace: metallb-system +spec: + selector: + matchLabels: + app: metallb + component: speaker + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: speaker + spec: + containers: + - args: + - --port=7472 + - --config=config + - --log-level=info + env: + - name: METALLB_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: METALLB_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: METALLB_ML_BIND_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + # needed when another software is also using memberlist / port 7946 + # when changing this default you also need to update the container ports definition + # and the PodSecurityPolicy hostPorts definition + #- name: METALLB_ML_BIND_PORT + # value: "7946" + - name: METALLB_ML_LABELS + value: "app=metallb,component=speaker" + - name: METALLB_ML_SECRET_KEY + valueFrom: + secretKeyRef: + name: memberlist + key: secretkey + image: quay.io/metallb/speaker:v0.11.0 + name: speaker + ports: + - containerPort: 7472 + name: monitoring + - containerPort: 7946 + name: memberlist-tcp + - containerPort: 7946 + name: memberlist-udp + protocol: UDP + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_RAW + drop: + - ALL + readOnlyRootFilesystem: true + hostNetwork: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: speaker + terminationGracePeriodSeconds: 2 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metallb + component: controller + name: controller + namespace: metallb-system +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app: metallb + component: controller + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: controller + spec: + containers: + - args: + - --port=7472 + - --config=config + - --log-level=info + env: + - name: METALLB_ML_SECRET_NAME + value: memberlist + - name: METALLB_DEPLOYMENT + value: controller + image: quay.io/metallb/controller:v0.11.0 + name: controller + ports: + - containerPort: 7472 + name: monitoring + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + runAsUser: 65534 + fsGroup: 65534 + serviceAccountName: controller + terminationGracePeriodSeconds: 0 diff --git a/serveis/metalb2/metallb.yaml.ori b/serveis/metalb2/metallb.yaml.ori new file mode 100644 index 0000000..39fbdb0 --- /dev/null +++ b/serveis/metalb2/metallb.yaml.ori @@ -0,0 +1,446 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +spec: + allowPrivilegeEscalation: false + allowedCapabilities: [] + allowedHostPaths: [] + defaultAddCapabilities: [] + defaultAllowPrivilegeEscalation: false + fsGroup: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + hostIPC: false + hostNetwork: false + hostPID: false + privileged: false + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL + runAsUser: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + seLinux: + rule: RunAsAny + supplementalGroups: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + volumes: + - configMap + - secret + - emptyDir +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + labels: + app: metallb + name: speaker + namespace: metallb-system +spec: + allowPrivilegeEscalation: false + allowedCapabilities: + - NET_RAW + allowedHostPaths: [] + defaultAddCapabilities: [] + defaultAllowPrivilegeEscalation: false + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: false + hostPorts: + - max: 7472 + min: 7472 + - max: 7946 + min: 7946 + privileged: true + readOnlyRootFilesystem: true + requiredDropCapabilities: + - ALL + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - secret + - emptyDir +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:controller +rules: +- apiGroups: + - '' + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - '' + resources: + - services/status + verbs: + - update +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - controller + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:speaker +rules: +- apiGroups: + - '' + resources: + - services + - endpoints + - nodes + verbs: + - get + - list + - watch +- apiGroups: ["discovery.k8s.io"] + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - speaker + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - configmaps + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - pods + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +rules: +- apiGroups: + - '' + resources: + - secrets + verbs: + - create +- apiGroups: + - '' + resources: + - secrets + resourceNames: + - memberlist + verbs: + - list +- apiGroups: + - apps + resources: + - deployments + resourceNames: + - controller + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:controller +subjects: +- kind: ServiceAccount + name: controller + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:speaker +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:speaker +subjects: +- kind: ServiceAccount + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: config-watcher + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: config-watcher +subjects: +- kind: ServiceAccount + name: controller +- kind: ServiceAccount + name: speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-lister +subjects: +- kind: ServiceAccount + name: speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: controller +subjects: +- kind: ServiceAccount + name: controller +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: metallb + component: speaker + name: speaker + namespace: metallb-system +spec: + selector: + matchLabels: + app: metallb + component: speaker + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: speaker + spec: + containers: + - args: + - --port=7472 + - --config=config + - --log-level=info + env: + - name: METALLB_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: METALLB_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: METALLB_ML_BIND_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + # needed when another software is also using memberlist / port 7946 + # when changing this default you also need to update the container ports definition + # and the PodSecurityPolicy hostPorts definition + #- name: METALLB_ML_BIND_PORT + # value: "7946" + - name: METALLB_ML_LABELS + value: "app=metallb,component=speaker" + - name: METALLB_ML_SECRET_KEY + valueFrom: + secretKeyRef: + name: memberlist + key: secretkey + image: quay.io/metallb/speaker:v0.11.0 + name: speaker + ports: + - containerPort: 7472 + name: monitoring + - containerPort: 7946 + name: memberlist-tcp + - containerPort: 7946 + name: memberlist-udp + protocol: UDP + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_RAW + drop: + - ALL + readOnlyRootFilesystem: true + hostNetwork: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: speaker + terminationGracePeriodSeconds: 2 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metallb + component: controller + name: controller + namespace: metallb-system +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app: metallb + component: controller + template: + metadata: + annotations: + prometheus.io/port: '7472' + prometheus.io/scrape: 'true' + labels: + app: metallb + component: controller + spec: + containers: + - args: + - --port=7472 + - --config=config + - --log-level=info + env: + - name: METALLB_ML_SECRET_NAME + value: memberlist + - name: METALLB_DEPLOYMENT + value: controller + image: quay.io/metallb/controller:v0.11.0 + name: controller + ports: + - containerPort: 7472 + name: monitoring + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + runAsUser: 65534 + fsGroup: 65534 + serviceAccountName: controller + terminationGracePeriodSeconds: 0 diff --git a/serveis/metalb2/my-service.yaml b/serveis/metalb2/my-service.yaml new file mode 100644 index 0000000..8943c2c --- /dev/null +++ b/serveis/metalb2/my-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: my-service + labels: + app: my-app +spec: + selector: + app: caddy # Ahora coincide con la etiqueta del pod Caddy + ports: + - protocol: TCP + port: 80 + targetPort: 8880 # Cambié el puerto destino a 8880 + type: LoadBalancer diff --git a/serveis/metalb3/caddy-configmap.yaml b/serveis/metalb3/caddy-configmap.yaml new file mode 100644 index 0000000..c8f63d1 --- /dev/null +++ b/serveis/metalb3/caddy-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: caddy-config +data: + Caddyfile: | + :8880 { + reverse_proxy nginx-service:80 # Si Nginx sigue en el puerto 80 + } diff --git a/serveis/metalb3/caddy-deployment.yaml b/serveis/metalb3/caddy-deployment.yaml new file mode 100644 index 0000000..2aeca27 --- /dev/null +++ b/serveis/metalb3/caddy-deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: caddy +spec: + replicas: 1 + selector: + matchLabels: + app: caddy + template: + metadata: + labels: + app: caddy + spec: + containers: + - name: caddy + image: caddy:latest + ports: + - containerPort: 8880 # Aquí Caddy expone el puerto 8880 diff --git a/serveis/metalb3/caddy-service.yaml b/serveis/metalb3/caddy-service.yaml new file mode 100644 index 0000000..a864906 --- /dev/null +++ b/serveis/metalb3/caddy-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: caddy-service +spec: + selector: + app: caddy + ports: + - name: http + protocol: TCP + port: 8880 # Este es el puerto expuesto por MetalLB + targetPort: 8880 # Este es el puerto dentro del contenedor + type: LoadBalancer diff --git a/serveis/metalb3/metallb-config.yaml b/serveis/metalb3/metallb-config.yaml new file mode 100644 index 0000000..3cdeb8e --- /dev/null +++ b/serveis/metalb3/metallb-config.yaml @@ -0,0 +1,8 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: default + namespace: metallb-system +spec: + addresses: + - 192.168.1.190-192.168.1.199 # Ajusta este rango según lo que necesites diff --git a/serveis/metalb3/nginx-configmap.yaml b/serveis/metalb3/nginx-configmap.yaml new file mode 100644 index 0000000..e9addae --- /dev/null +++ b/serveis/metalb3/nginx-configmap.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config +data: + default.conf: | + server { + listen 80; # Nginx escucha en el puerto 80 + server_name localhost; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } diff --git a/serveis/metalb3/nginx-deployment.yaml b/serveis/metalb3/nginx-deployment.yaml new file mode 100644 index 0000000..49e9b26 --- /dev/null +++ b/serveis/metalb3/nginx-deployment.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + replicas: 3 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:latest + ports: + - containerPort: 80 # Nginx escucha en el puerto 80 diff --git a/serveis/metalb3/nginx-service.yaml b/serveis/metalb3/nginx-service.yaml new file mode 100644 index 0000000..e47313f --- /dev/null +++ b/serveis/metalb3/nginx-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx-service +spec: + selector: + app: nginx + ports: + - protocol: TCP + port: 80 # Este es el puerto expuesto por MetalLB + targetPort: 80 # Este es el puerto dentro del contenedor Nginx + type: LoadBalancer diff --git a/serveis/nextcloud/nextcloud_cron.yml b/serveis/nextcloud/nextcloud_cron.yml new file mode 100644 index 0000000..c64b963 --- /dev/null +++ b/serveis/nextcloud/nextcloud_cron.yml @@ -0,0 +1,21 @@ +--- +apiVersion: batch/v1 +kind: CronJob +metadata: + name: nextcloud-cron + namespace: nextcloud +spec: + schedule: "*/5 * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: nextcloud + image: nextcloud:25.0.3-apache + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - curl https://your.nextcloud.domain/cron.php + restartPolicy: OnFailure diff --git a/serveis/nextcloud/nextcloud_deployment.yml b/serveis/nextcloud/nextcloud_deployment.yml new file mode 100644 index 0000000..9bef235 --- /dev/null +++ b/serveis/nextcloud/nextcloud_deployment.yml @@ -0,0 +1,117 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud + namespace: nextcloud + labels: + app: nextcloud +spec: + replicas: 1 + selector: + matchLabels: + app: nextcloud + strategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: nextcloud + spec: + containers: + - image: nextcloud:25.0.3-apache + name: nextcloud + ports: + - containerPort: 80 + protocol: TCP + env: + - name: REDIS_HOST + value: redis + - name: POSTGRES_HOST + value: postgresql + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: POSTGRES_DB + name: nextcloud-secrets + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: nextcloud-secrets + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: nextcloud-secrets + - name: NEXTCLOUD_ADMIN_USER + valueFrom: + secretKeyRef: + key: NEXTCLOUD_ADMIN_USER + name: nextcloud-secrets + - name: NEXTCLOUD_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: NEXTCLOUD_ADMIN_PASSWORD + name: nextcloud-secrets + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: your.nextcloud.domain + - name: NEXTCLOUD_DATA_DIR + value: /mnt/data + # - name: OBJECTSTORE_S3_HOST + # value: your.s3.host + # - name: OBJECTSTORE_S3_REGION + # value: gso-rack-1 + # - name: OBJECTSTORE_S3_BUCKET + # value: nextcloud + # - name: OBJECTSTORE_S3_PORT + # value: "9000" + # - name: OBJECTSTORE_S3_SSL + # value: "true" + # - name: OBJECTSTORE_S3_USEPATH_STYLE + # value: "true" + # - name: OBJECTSTORE_S3_KEY + # valueFrom: + # secretKeyRef: + # key: OBJECTSTORE_S3_KEY + # name: nextcloud-secrets + # - name: OBJECTSTORE_S3_SECRET + # valueFrom: + # secretKeyRef: + # key: OBJECTSTORE_S3_SECRET + # name: nextcloud-secrets + - name: TRUSTED_PROXIES + value: 192.168.4.0/24 10.0.0.0/16 # This includes my router IP address and the CIDR range of the cluster + - name: APACHE_DISABLE_REWRITE_IP + value: "1" + - name: OVERWRITEHOST + value: your.nextcloud.domain + - name: OVERWRITEPROTOCOL + value: https + - name: OVERWRITECLIURL + value: https://your.nextcloud.domain + - name: OVERWRITEWEBROOT + value: "/" + - name: PHP_MEMORY_LIMIT + value: 4G + - name: PHP_UPLOAD_LIMIT + value: 1G + - name: TZ + value: America/New_York + volumeMounts: + - mountPath: /var/www/html + name: nextcloud-storage + readOnly: false + - mountPath: /mnt/data + name: nextcloud-storage-nfs + readOnly: false + volumes: + - name: nextcloud-storage + persistentVolumeClaim: + claimName: nextcloud-pvc + - name: nextcloud-storage-nfs + persistentVolumeClaim: + claimName: nextcloud-pvc-nfs diff --git a/serveis/nextcloud/nextcloud_headers.yml b/serveis/nextcloud/nextcloud_headers.yml new file mode 100644 index 0000000..a440ef1 --- /dev/null +++ b/serveis/nextcloud/nextcloud_headers.yml @@ -0,0 +1,26 @@ +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: headers + namespace: nextcloud +spec: + headers: + frameDeny: true + browserXssFilter: true + customResponseHeaders: + Strict-Transport-Security: "15552000" + X-Frame-Options: SAMEORIGIN +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: redirects + namespace: nextcloud +spec: + redirectScheme: + permanent: true + scheme: https + redirectRegex: + regex: https://(.*)/.well-known/(card|cal)dav + replacement: https://$1/remote.php/dav/ diff --git a/serveis/nextcloud/nextcloud_ingress.yml b/serveis/nextcloud/nextcloud_ingress.yml new file mode 100644 index 0000000..b60eedc --- /dev/null +++ b/serveis/nextcloud/nextcloud_ingress.yml @@ -0,0 +1,26 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud-ingress + namespace: nextcloud + annotations: + traefik.ingress.kubernetes.io/router.middlewares: nextcloud-headers@kubernetescrd,nextcloud-redirects@kubernetescrd + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + cert-manager.io/cluster-issuer: letsencrypt-aws +spec: + rules: + - host: your.nextcloud.domain + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 80 + tls: + - secretName: ssl-cert + hosts: + - your.nextcloud.domain diff --git a/serveis/nextcloud/nextcloud_pvc.yml b/serveis/nextcloud/nextcloud_pvc.yml new file mode 100644 index 0000000..d31a607 --- /dev/null +++ b/serveis/nextcloud/nextcloud_pvc.yml @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-pvc + namespace: nextcloud +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-pvc-nfs + namespace: nextcloud +spec: + accessModes: + - ReadWriteOnce + storageClassName: nfs-client + resources: + requests: + storage: 100Gi diff --git a/serveis/nextcloud/nextcloud_service.yml b/serveis/nextcloud/nextcloud_service.yml new file mode 100644 index 0000000..ffc0a8a --- /dev/null +++ b/serveis/nextcloud/nextcloud_service.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: nextcloud + namespace: nextcloud + labels: + app: nextcloud +spec: + ports: + - port: 80 + selector: + app: nextcloud diff --git a/serveis/nextcloud/postgresql_deployment.yml b/serveis/nextcloud/postgresql_deployment.yml new file mode 100644 index 0000000..606104d --- /dev/null +++ b/serveis/nextcloud/postgresql_deployment.yml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgresql + namespace: nextcloud + labels: + app: postgresql +spec: + replicas: 1 + selector: + matchLabels: + app: postgresql + template: + metadata: + labels: + app: postgresql + spec: + containers: + - name: postgresql + image: postgres:15 + ports: + - containerPort: 5432 + env: + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + key: POSTGRES_DB + name: nextcloud-secrets + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + key: POSTGRES_USER + name: nextcloud-secrets + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: POSTGRES_PASSWORD + name: nextcloud-secrets + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + - name: TZ + value: America/New_York + volumeMounts: + - name: postgresql-data + mountPath: /var/lib/postgresql/data + volumes: + - name: postgresql-data + persistentVolumeClaim: + claimName: postgresql-pvc diff --git a/serveis/nextcloud/postgresql_pvc.yml b/serveis/nextcloud/postgresql_pvc.yml new file mode 100644 index 0000000..5d4131c --- /dev/null +++ b/serveis/nextcloud/postgresql_pvc.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: postgresql-pvc + namespace: nextcloud +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 2Gi diff --git a/serveis/nextcloud/postgresql_service.yml b/serveis/nextcloud/postgresql_service.yml new file mode 100644 index 0000000..8673be8 --- /dev/null +++ b/serveis/nextcloud/postgresql_service.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: postgresql + namespace: nextcloud + labels: + app: postgresql +spec: + ports: + - port: 5432 + selector: + app: postgresql diff --git a/serveis/nextcloud/redis_deployment.yml b/serveis/nextcloud/redis_deployment.yml new file mode 100644 index 0000000..e65ac55 --- /dev/null +++ b/serveis/nextcloud/redis_deployment.yml @@ -0,0 +1,27 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + namespace: nextcloud + labels: + app: redis +spec: + selector: + matchLabels: + app: redis + replicas: 1 + template: + metadata: + labels: + app: redis + spec: + containers: + - image: redis:alpine + name: redis + ports: + - containerPort: 6379 + env: + - name: TZ + value: America/New_York + restartPolicy: Always diff --git a/serveis/nextcloud/redis_service.yml b/serveis/nextcloud/redis_service.yml new file mode 100644 index 0000000..1938749 --- /dev/null +++ b/serveis/nextcloud/redis_service.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: nextcloud + labels: + app: redis +spec: + ports: + - port: 6379 + selector: + app: redis diff --git a/serveis/nextcloud/secrets.yml b/serveis/nextcloud/secrets.yml new file mode 100644 index 0000000..2272496 --- /dev/null +++ b/serveis/nextcloud/secrets.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: nextcloud-secrets + namespace: nextcloud +type: Opaque +stringData: + POSTGRES_DB: $DB + POSTGRES_USER: $DB_USER + POSTGRES_PASSWORD: $DB_NEXTCLOUD_PASSWORD + NEXTCLOUD_ADMIN_USER: $NEXTCLOUD_ADMIN_USER + NEXTCLOUD_ADMIN_PASSWORD: $NEXTCLOUD_ADMIN_PASSWORD diff --git a/serveis/wordpress/kustomization.yaml b/serveis/wordpress/kustomization.yaml new file mode 100644 index 0000000..55be286 --- /dev/null +++ b/serveis/wordpress/kustomization.yaml @@ -0,0 +1,8 @@ +secretGenerator: + - name: mysql-pass + literals: + - password=YOUR_PASSWORD + +resources: + - mysql-deployment.yaml + - wordpress-deployment.yaml diff --git a/serveis/wordpress/minikube b/serveis/wordpress/minikube new file mode 100755 index 0000000..af25bb2 Binary files /dev/null and b/serveis/wordpress/minikube differ diff --git a/serveis/wordpress/mysql-deployment.yaml b/serveis/wordpress/mysql-deployment.yaml new file mode 100644 index 0000000..9057448 --- /dev/null +++ b/serveis/wordpress/mysql-deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: v1 +kind: Service +metadata: + name: wordpress-mysql + labels: + app: wordpress +spec: + ports: + - port: 3306 + selector: + app: wordpress + tier: mysql + clusterIP: None +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim + labels: + app: wordpress +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress-mysql + labels: + app: wordpress +spec: + selector: + matchLabels: + app: wordpress + tier: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress + tier: mysql + spec: + containers: + - image: mysql:5.7 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: MYSQL_DATABASE + value: wordpress + - name: MYSQL_USER + value: wordpress + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: mysql-persistent-storage + mountPath: /var/lib/mysql + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/serveis/wordpress/mysql-pv.yaml b/serveis/wordpress/mysql-pv.yaml new file mode 100644 index 0000000..7e7a338 --- /dev/null +++ b/serveis/wordpress/mysql-pv.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mysql-pv +spec: + capacity: + storage: 20Gi # Ajusta el tamaño si es necesario + volumeMode: Filesystem + accessModes: + - ReadWriteOnce # Permite acceso de lectura/escritura por un solo pod + persistentVolumeReclaimPolicy: Retain # El volumen no se eliminará cuando se libere + storageClassName: local-path # Usamos 'local-path' ya que es un almacenamiento local en el nodo + hostPath: + path: /mnt/data/mysql # Ruta en el nodo donde se almacenarán los datos + type: DirectoryOrCreate # Crea el directorio si no existe diff --git a/serveis/wordpress/wordpress-deployment.yaml b/serveis/wordpress/wordpress-deployment.yaml new file mode 100644 index 0000000..43d9525 --- /dev/null +++ b/serveis/wordpress/wordpress-deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Service +metadata: + name: wordpress + labels: + app: wordpress +spec: + ports: + - port: 80 + selector: + app: wordpress + tier: frontend + type: LoadBalancer +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wp-pv-claim + labels: + app: wordpress +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress + labels: + app: wordpress +spec: + selector: + matchLabels: + app: wordpress + tier: frontend + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress + tier: frontend + spec: + containers: + - image: wordpress:6.2.1-apache + name: wordpress + env: + - name: WORDPRESS_DB_HOST + value: wordpress-mysql + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: WORDPRESS_DB_USER + value: wordpress + ports: + - containerPort: 80 + name: wordpress + volumeMounts: + - name: wordpress-persistent-storage + mountPath: /var/www/html + volumes: + - name: wordpress-persistent-storage + persistentVolumeClaim: + claimName: wp-pv-claim diff --git a/serveis/wordpress/wp-pv.yaml b/serveis/wordpress/wp-pv.yaml new file mode 100644 index 0000000..715e959 --- /dev/null +++ b/serveis/wordpress/wp-pv.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: wp-pv +spec: + capacity: + storage: 20Gi # Ajusta el tamaño si es necesario + volumeMode: Filesystem + accessModes: + - ReadWriteOnce # Permite acceso de lectura/escritura por un solo pod + persistentVolumeReclaimPolicy: Retain # El volumen no se eliminará cuando se libere + storageClassName: local-path # Usamos 'local-path' para almacenamiento local en el nodo + hostPath: + path: /mnt/data/wordpress # Ruta en el nodo donde se almacenarán los datos + type: DirectoryOrCreate # Crea el directorio si no existe diff --git a/serveis/wp/kustomization.yaml b/serveis/wp/kustomization.yaml new file mode 100644 index 0000000..9874c24 --- /dev/null +++ b/serveis/wp/kustomization.yaml @@ -0,0 +1,7 @@ +secretGenerator: +- name: mysql-pass + literals: + - password=YOUR_PASSWORD +resources: + - mysql-deployment.yaml + - wordpress-deployment.yaml diff --git a/serveis/wp/mysql-deployment.yaml b/serveis/wp/mysql-deployment.yaml new file mode 100644 index 0000000..9057448 --- /dev/null +++ b/serveis/wp/mysql-deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: v1 +kind: Service +metadata: + name: wordpress-mysql + labels: + app: wordpress +spec: + ports: + - port: 3306 + selector: + app: wordpress + tier: mysql + clusterIP: None +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim + labels: + app: wordpress +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress-mysql + labels: + app: wordpress +spec: + selector: + matchLabels: + app: wordpress + tier: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress + tier: mysql + spec: + containers: + - image: mysql:5.7 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: MYSQL_DATABASE + value: wordpress + - name: MYSQL_USER + value: wordpress + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: mysql-persistent-storage + mountPath: /var/lib/mysql + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/serveis/wp/wordpress-deployment.yaml b/serveis/wp/wordpress-deployment.yaml new file mode 100644 index 0000000..9e8749c --- /dev/null +++ b/serveis/wp/wordpress-deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Service +metadata: + name: wordpress + labels: + app: wordpress +spec: + ports: + - port: 8080 # Aquí cambiamos el puerto 80 por 8080 + selector: + app: wordpress + tier: frontend + type: LoadBalancer +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: wp-pv-claim + labels: + app: wordpress +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wordpress + labels: + app: wordpress +spec: + selector: + matchLabels: + app: wordpress + tier: frontend + strategy: + type: Recreate + template: + metadata: + labels: + app: wordpress + tier: frontend + spec: + containers: + - image: wordpress:6.2.1-apache + name: wordpress + env: + - name: WORDPRESS_DB_HOST + value: wordpress-mysql + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + - name: WORDPRESS_DB_USER + value: wordpress + ports: + - containerPort: 8080 # Cambiamos aquí el puerto del contenedor a 8080 + name: wordpress + volumeMounts: + - name: wordpress-persistent-storage + mountPath: /var/www/html + volumes: + - name: wordpress-persistent-storage + persistentVolumeClaim: + claimName: wp-pv-claim