K8s/HAProxy/Ingress: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
 
(25 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Namespace » Kube-System » CoreDNS==
==Namespace » Academia==
<syntaxhighlight lang="yaml">
{|class='wikitable mw-collapsible'
cat << YML|kubectl apply -n kube-system -f -
!scope='col' colspan='2' style='width:1100px'|
---
Namespace » Academia
apiVersion: v1
|-
kind: ConfigMap
|valign='top' colspan='2'|
metadata:
<syntaxhighlight lang="bash">
  name: coredns
cat << EXE | sudo bash
  namespace: kube-system
ufw        allow from 192.168.49.2/32 to any port 9000:9010 proto tcp
data:
ufw        allow from 192.168.49.2/32 to any port      3000 proto tcp
  Corefile: |
ufw status numbered
    .:53 {
EXE
        log
</syntaxhighlight>
        errors
----
        health {
<syntaxhighlight lang="bash">
          lameduck 5s
cat << EXE | sudo bash
        }
ufw delete allow from 192.168.49.2/32 to any port 9000:9010 proto tcp
        ready
ufw delete allow from 192.168.49.2/32 to any port      3000 proto tcp
        kubernetes cluster.local in-addr.arpa ip6.arpa {
ufw status numbered
          pods insecure
EXE
          fallthrough in-addr.arpa ip6.arpa
</syntaxhighlight>
          ttl 30
|-
        }
|valign='top' style='width:544px'|
        prometheus :9153
<syntaxhighlight lang="bash">
        hosts {
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
          192.168.49.1 host.minikube.internal
kubectl config get-contexts
          fallthrough
kubectl config view
        }
        forward . /etc/resolv.conf {
          max_concurrent 1000
        }
        cache 30 {
          disable success cluster.local
          disable denial cluster.local
        }
        loop
        reload
        loadbalance
    }
    chorke.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
    shahed.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
    k8s.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
YML
</syntaxhighlight>
</syntaxhighlight>


==Namespace » Academia==
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
kubectl get    ns|grep  academia
kubectl get    ns|grep  academia
Line 62: Line 34:
kubectl create namespace academia
kubectl create namespace academia
</syntaxhighlight>
</syntaxhighlight>
|}
==Namespace » Academia » Ingress » Academia==
{|class='wikitable mw-collapsible'
!scope='col' style='width:1100px'|
Namespace » Academia » Ingress » Academia
|-
|valign='top'|
<syntaxhighlight lang="yaml">
cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: academia
  namespace: academia
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/name: academia
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
spec:
  ingressClassName: nginx
  rules:
    - host: academia.chorke.org.local
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: haproxy
                port:
                  number: 80
YML
</syntaxhighlight>
|}


==Namespace » Academia » Service » Academia==
==Namespace » Academia » Service » Academia==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Namespace » Academia » Service » Academia
|-
|valign='top'|
<syntaxhighlight lang="yaml">
<syntaxhighlight lang="yaml">
cat << YML|kubectl apply -n academia -f -
cat <<'YML'|kubectl apply -n academia -f -
---
---
apiVersion: v1
apiVersion: v1
Line 82: Line 98:
YML
YML
</syntaxhighlight>
</syntaxhighlight>
|}
==Namespace » Academia » Service » HAProxy==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Namespace » Academia » Service » HAProxy
|-
|valign='top'|
<syntaxhighlight lang="yaml">
cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
  name: haproxy
  namespace: academia
  labels:
    app.kubernetes.io/name: haproxy
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
spec:
  type: ClusterIP
  ports:
    - name: http-haproxy
      targetPort: 80
      protocol: TCP
      port: 80
  selector:
    app: haproxy
YML
</syntaxhighlight>
|}
==Namespace » Academia » ConfigMap » HAProxy==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Namespace » Academia » ConfigMap » HAProxy
|-
|valign='top'|
<syntaxhighlight lang="bash" line>
cat <<'CFG'| kubectl -n academia create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
global
  log            stdout format raw local0
  maxconn        3000
  # default ssl material locations
  ca-base        /etc/ssl/certs
  crt-base        /etc/ssl/private
  # see: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
  ssl-default-bind-ciphers      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
  ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
  ssl-default-bind-options      ssl-min-ver TLSv1.2 no-tls-tickets
defaults
  log            global
  option          httplog
  option          dontlognull
  timeout        connect 5000
  timeout        client  50000
  timeout        server  50000
  errorfile      400 /usr/local/etc/haproxy/errors/400.http
  errorfile      403 /usr/local/etc/haproxy/errors/403.http
  errorfile      408 /usr/local/etc/haproxy/errors/408.http
  errorfile      500 /usr/local/etc/haproxy/errors/500.http
  errorfile      502 /usr/local/etc/haproxy/errors/502.http
  errorfile      503 /usr/local/etc/haproxy/errors/503.http
  errorfile      504 /usr/local/etc/haproxy/errors/504.http
# ##############################################################################
# http frontend config for *.group.local, *.biz.local, *.com.local, *.k8s.local
# *.org.local, *.bd.local, *.io.local, & *.my.local
# this config added by chorke academia, inc
frontend          fnt_academia_chorke_org
  bind            *:80
  mode            http
  acl            host-is-academia-chorke-org          hdr(host) -i academia.chorke.org.local
  acl            host-is-agronomy-chorke-org          hdr(host) -i agronomy.chorke.org.local
  acl            host-is-autonomy-chorke-org          hdr(host) -i autonomy.chorke.org.local
  acl            path-is-rest-api-policy              path_beg /api/policy/rest/
  acl            path-is-rest-api-quote                path_beg /api/quote/rest/
  acl            path-is-rest-api-audit                path_beg /api/audit/rest/
  acl            path-is-rest-api-rate                path_beg /api/rate/rest/
  acl            path-is-rest-api-tds                  path_beg /api/tds/rest/
  use_backend    bck_academia_chorke_org_policy        if host-is-academia-chorke-org path-is-rest-api-policy
  use_backend    bck_academia_chorke_org_quote        if host-is-academia-chorke-org path-is-rest-api-quote
  use_backend    bck_academia_chorke_org_audit        if host-is-academia-chorke-org path-is-rest-api-audit
  use_backend    bck_academia_chorke_org_rate          if host-is-academia-chorke-org path-is-rest-api-rate
  use_backend    bck_academia_chorke_org_tds          if host-is-academia-chorke-org path-is-rest-api-tds
  default_backend bck_academia_chorke_org
backend            bck_academia_chorke_org_policy
  http-request    set-path "%[path,regsub(^/api/policy/rest/,/)]"
  server          academia_chorke_org_policy academia:9002 check
  mode            http
backend            bck_academia_chorke_org_quote
  http-request    set-path "%[path,regsub(^/api/quote/rest/,/)]"
  server          academia_chorke_org_qoute academia:9001 check
  mode            http
backend            bck_academia_chorke_org_audit
  http-request    set-path "%[path,regsub(^/api/audit/rest/,/)]"
  server          academia_chorke_org_audit academia:9003 check
  mode            http
backend            bck_academia_chorke_org_rate
  http-request    set-path "%[path,regsub(^/api/rate/rest/,/)]"
  server          academia_chorke_org_rate academia:9004 check
  mode            http
backend            bck_academia_chorke_org_tds
  http-request    set-path "%[path,regsub(^/api/tds/rest/,/)]"
  server          academia_chorke_org_tds academia:9000 check
  mode            http
backend            bck_academia_chorke_org
  server          academia_chorke_org academia:3000 check
  mode            http
CFG
</syntaxhighlight>
|}
==Namespace » Academia » Deployment » HAProxy==
{|class='wikitable mw-collapsible'
!scope='col' style='width:1100px'|
Namespace » Academia » Deployment » HAProxy
|-
|valign='top'|
<syntaxhighlight lang="yaml">
cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: haproxy
  namespace: academia
  labels:
    app: haproxy
    app.kubernetes.io/name: haproxy
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
    app: haproxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: haproxy
  template:
    metadata:
      labels:
        app: haproxy
    spec:
      containers:
        - name: haproxy
          image: haproxy:2.8-alpine
          ports:
          - name: http-haproxy
            containerPort: 80
            protocol: TCP
          resources:
            requests:
              cpu: 50m
              memory: 64Mi
            limits:
              memory: 128Mi
              cpu: 100m
          volumeMounts:
            - mountPath: /usr/local/etc/haproxy/haproxy.cfg
              subPath: haproxy.cfg
              name: haproxy-cfg
      volumes:
        - name: haproxy-cfg
          configMap:
            name: haproxy
            items:
            - key: haproxy.cfg
              path: haproxy.cfg
YML
</syntaxhighlight>
|}
==Namespace » Kube-System » ConfigMap » CoreDNS==
{|class='wikitable mw-collapsible'
!scope='col' style='width:1100px'|
Namespace » Kube-System » ConfigMap » CoreDNS
|-
|valign='top'|
[[K8s/Ingress#CoreDNS|Skipped » Find More » 👈]]
|}
==Namespace » Academia » Clean-up==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Namespace » Academia » Clean-up
|-
|valign='top'|
<syntaxhighlight lang="bash">
kubectl -n academia delete deploy    haproxy
kubectl -n academia delete service  haproxy
kubectl -n academia delete configmap haproxy
kubectl -n academia delete service  academia
kubectl -n academia delete ingress  academia
kubectl delete namespace academia
</syntaxhighlight>
|}
==Namespace » Academia » Env.js==
{|class='wikitable mw-collapsible'
!scope='col' colspan='3' style='width:1100px'|
Namespace » Academia » Env.js
|-
|valign='top'|
<syntaxhighlight lang="js">
let token = localStorage.getItem('user') != null ? JSON.parse(localStorage.getItem('user')).token : ''
const policyUrl          = 'http://academia.chorke.org.local/api/policy/rest';
const auditUrl          = 'http://academia.chorke.org.local/api/audit/rest';
const quoteUrl          = 'http://academia.chorke.org.local/api/quote/rest';
const rateUrl            = 'http://academia.chorke.org.local/api/rate/rest';
const url                = 'http://academia.chorke.org.local/api/tds/rest';
const siteKey            = '6LfAm6MpBBBBBNf1A6fxnsKeH6UQ8lrKw7LarDXa';
const isEnabledReCaptcha = false;
export const env        = {
  apiURL      : url,
  apiVersion  : `${url}`,
  quotationUrl : quoteUrl,
  policyUrl    : policyUrl,
  productsUrl  : rateUrl,
  auditUrl,
  token,
  siteKey,
  isEnabledReCaptcha
};
</syntaxhighlight>
|}


==References==
==References==
Line 113: Line 375:
* [https://stackoverflow.com/questions/51744536/ K8s » Ingress » CORS Rules]
* [https://stackoverflow.com/questions/51744536/ K8s » Ingress » CORS Rules]
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]]
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]]
 
* [[K8s/Apache/Ingress|K8s » Apache » Ingress]]
* [[K8s/Nginx/Ingress|K8s » Nginx » Ingress]]
|-
|-
|colspan='3'|
|colspan='3'|

Latest revision as of 00:46, 12 July 2025

Namespace » Academia

Namespace » Academia 

cat << EXE | sudo bash
ufw        allow from 192.168.49.2/32 to any port 9000:9010 proto tcp
ufw        allow from 192.168.49.2/32 to any port      3000 proto tcp
ufw status numbered
EXE

cat << EXE | sudo bash
ufw delete allow from 192.168.49.2/32 to any port 9000:9010 proto tcp
ufw delete allow from 192.168.49.2/32 to any port      3000 proto tcp
ufw status numbered
EXE

export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
kubectl config get-contexts
kubectl config view

kubectl get    ns|grep   academia
kubectl delete namespace academia
kubectl create namespace academia

Namespace » Academia » Ingress » Academia

Namespace » Academia » Ingress » Academia 

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: academia
  namespace: academia
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/name: academia
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
spec:
  ingressClassName: nginx
  rules:
    - host: academia.chorke.org.local
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: haproxy
                port:
                  number: 80
YML

Namespace » Academia » Service » Academia

Namespace » Academia » Service » Academia 

cat <<'YML'|kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
  name: academia
  namespace: academia
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/name: academia
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
spec:
  type: ExternalName
  externalName: host.minikube.internal
YML

Namespace » Academia » Service » HAProxy

Namespace » Academia » Service » HAProxy 

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
  name: haproxy
  namespace: academia
  labels:
    app.kubernetes.io/name: haproxy
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
spec:
  type: ClusterIP
  ports:
    - name: http-haproxy
      targetPort: 80
      protocol: TCP
      port: 80
  selector:
    app: haproxy
YML

Namespace » Academia » ConfigMap » HAProxy

Namespace » Academia » ConfigMap » HAProxy 

cat <<'CFG'| kubectl -n academia create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
global
   log             stdout format raw local0
   maxconn         3000

   # default ssl material locations
   ca-base         /etc/ssl/certs
   crt-base        /etc/ssl/private

   # see: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
   ssl-default-bind-ciphers      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
   ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
   ssl-default-bind-options      ssl-min-ver TLSv1.2 no-tls-tickets


defaults
   log             global
   option          httplog
   option          dontlognull
   timeout         connect 5000
   timeout         client  50000
   timeout         server  50000
   errorfile       400 /usr/local/etc/haproxy/errors/400.http
   errorfile       403 /usr/local/etc/haproxy/errors/403.http
   errorfile       408 /usr/local/etc/haproxy/errors/408.http
   errorfile       500 /usr/local/etc/haproxy/errors/500.http
   errorfile       502 /usr/local/etc/haproxy/errors/502.http
   errorfile       503 /usr/local/etc/haproxy/errors/503.http
   errorfile       504 /usr/local/etc/haproxy/errors/504.http


# ##############################################################################
# http frontend config for *.group.local, *.biz.local, *.com.local, *.k8s.local
# *.org.local, *.bd.local, *.io.local, & *.my.local
# this config added by chorke academia, inc

frontend           fnt_academia_chorke_org
   bind            *:80
   mode            http

   acl             host-is-academia-chorke-org           hdr(host) -i academia.chorke.org.local
   acl             host-is-agronomy-chorke-org           hdr(host) -i agronomy.chorke.org.local
   acl             host-is-autonomy-chorke-org           hdr(host) -i autonomy.chorke.org.local
 
   acl             path-is-rest-api-policy               path_beg /api/policy/rest/
   acl             path-is-rest-api-quote                path_beg /api/quote/rest/
   acl             path-is-rest-api-audit                path_beg /api/audit/rest/
   acl             path-is-rest-api-rate                 path_beg /api/rate/rest/
   acl             path-is-rest-api-tds                  path_beg /api/tds/rest/

   use_backend     bck_academia_chorke_org_policy        if host-is-academia-chorke-org path-is-rest-api-policy
   use_backend     bck_academia_chorke_org_quote         if host-is-academia-chorke-org path-is-rest-api-quote
   use_backend     bck_academia_chorke_org_audit         if host-is-academia-chorke-org path-is-rest-api-audit
   use_backend     bck_academia_chorke_org_rate          if host-is-academia-chorke-org path-is-rest-api-rate
   use_backend     bck_academia_chorke_org_tds           if host-is-academia-chorke-org path-is-rest-api-tds
   default_backend bck_academia_chorke_org


backend            bck_academia_chorke_org_policy
   http-request    set-path "%[path,regsub(^/api/policy/rest/,/)]"
   server          academia_chorke_org_policy academia:9002 check
   mode            http

backend            bck_academia_chorke_org_quote
   http-request    set-path "%[path,regsub(^/api/quote/rest/,/)]"
   server          academia_chorke_org_qoute academia:9001 check
   mode            http

backend            bck_academia_chorke_org_audit
   http-request    set-path "%[path,regsub(^/api/audit/rest/,/)]"
   server          academia_chorke_org_audit academia:9003 check
   mode            http

backend            bck_academia_chorke_org_rate
   http-request    set-path "%[path,regsub(^/api/rate/rest/,/)]"
   server          academia_chorke_org_rate academia:9004 check
   mode            http

backend            bck_academia_chorke_org_tds
   http-request    set-path "%[path,regsub(^/api/tds/rest/,/)]"
   server          academia_chorke_org_tds academia:9000 check
   mode            http

backend            bck_academia_chorke_org
   server          academia_chorke_org academia:3000 check
   mode            http
CFG

Namespace » Academia » Deployment » HAProxy

Namespace » Academia » Deployment » HAProxy 

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: haproxy
  namespace: academia
  labels:
    app: haproxy
    app.kubernetes.io/name: haproxy
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
    app: haproxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: haproxy
  template:
    metadata:
      labels:
        app: haproxy
    spec:
      containers:
        - name: haproxy
          image: haproxy:2.8-alpine
          ports:
          - name: http-haproxy
            containerPort: 80
            protocol: TCP
          resources:
            requests:
              cpu: 50m
              memory: 64Mi
            limits:
              memory: 128Mi
              cpu: 100m
          volumeMounts:
            - mountPath: /usr/local/etc/haproxy/haproxy.cfg
              subPath: haproxy.cfg
              name: haproxy-cfg
      volumes:
        - name: haproxy-cfg
          configMap:
            name: haproxy
            items:
            - key: haproxy.cfg
              path: haproxy.cfg
YML

Namespace » Kube-System » ConfigMap » CoreDNS

Namespace » Kube-System » ConfigMap » CoreDNS

Skipped » Find More » 👈

Namespace » Academia » Clean-up

Namespace » Academia » Clean-up 

kubectl -n academia delete deploy    haproxy
kubectl -n academia delete service   haproxy
kubectl -n academia delete configmap haproxy

kubectl -n academia delete service   academia
kubectl -n academia delete ingress   academia
kubectl delete namespace academia

Namespace » Academia » Env.js

Namespace » Academia » Env.js 

let token = localStorage.getItem('user') != null ? JSON.parse(localStorage.getItem('user')).token : ''

const policyUrl          = 'http://academia.chorke.org.local/api/policy/rest';
const auditUrl           = 'http://academia.chorke.org.local/api/audit/rest';
const quoteUrl           = 'http://academia.chorke.org.local/api/quote/rest';
const rateUrl            = 'http://academia.chorke.org.local/api/rate/rest';
const url                = 'http://academia.chorke.org.local/api/tds/rest';
const siteKey            = '6LfAm6MpBBBBBNf1A6fxnsKeH6UQ8lrKw7LarDXa';
const isEnabledReCaptcha = false;
export const env         = {
  apiURL       : url,
  apiVersion   : `${url}`,
  quotationUrl : quoteUrl,
  policyUrl    : policyUrl,
  productsUrl  : rateUrl,
  auditUrl,
  token,
  siteKey,
  isEnabledReCaptcha
};

References

Retrieved from "https://wiki.chorke.org/index.php?title=K8s/HAProxy/Ingress&oldid=15385"