K8s/HAProxy/Ingress: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Namespace » Academia==
==Namespace » Academia==
{|class='wikitable mw-collapsible mw-collapsed'
{|class='wikitable mw-collapsible'
!scope='col' colspan='3' style='width:1100px'|
!scope='col' colspan='2' style='width:1100px'|
Namespace » Academia
Namespace » Academia
|-
|-
|valign='top'|
|valign='top' colspan='2'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
cat << EXE | sudo bash
cat << EXE | sudo bash
ufw allow 9000:9010/tcp
ufw       allow from 192.168.49.2/32 to any port 9000:9010 proto tcp
ufw allow 3000/tcp
ufw       allow from 192.168.49.2/32 to any port      3000 proto tcp
ufw status numbered
ufw status numbered
EXE
EXE
</syntaxhighlight>
</syntaxhighlight>
 
----
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
cat << EXE | sudo bash
cat << EXE | sudo bash
ufw delete allow 9000:9010/tcp
ufw delete allow from 192.168.49.2/32 to any port 9000:9010 proto tcp
ufw delete allow 3000/tcp
ufw delete allow from 192.168.49.2/32 to any port      3000 proto tcp
ufw status numbered
ufw status numbered
EXE
EXE
</syntaxhighlight>
|-
|valign='top' style='width:544px'|
<syntaxhighlight lang="bash">
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
kubectl config get-contexts
kubectl config view
</syntaxhighlight>
</syntaxhighlight>


|valign='top'|
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
kubectl config get-contexts
kubectl config view
kubectl get    ns|grep  academia
kubectl get    ns|grep  academia
kubectl delete namespace academia
kubectl delete namespace academia
Line 33: Line 37:


==Namespace » Academia » Ingress » Academia==
==Namespace » Academia » Ingress » Academia==
{|class='wikitable mw-collapsible'
!scope='col' style='width:1100px'|
Namespace » Academia » Ingress » Academia
|-
|valign='top'|
<syntaxhighlight lang="yaml">
<syntaxhighlight lang="yaml">
cat <<'YML'| kubectl apply -n academia -f -
cat <<'YML'| kubectl apply -n academia -f -
Line 63: Line 72:
YML
YML
</syntaxhighlight>
</syntaxhighlight>
|}


==Namespace » Academia » Service » Academia==
==Namespace » Academia » Service » Academia==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Namespace » Academia » Service » Academia
|-
|valign='top'|
<syntaxhighlight lang="yaml">
<syntaxhighlight lang="yaml">
cat <<'YML'|kubectl apply -n academia -f -
cat <<'YML'|kubectl apply -n academia -f -
Line 83: Line 98:
YML
YML
</syntaxhighlight>
</syntaxhighlight>
|}


==Namespace » Academia » Service » HAProxy==
==Namespace » Academia » Service » HAProxy==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Namespace » Academia » Service » HAProxy
|-
|valign='top'|
<syntaxhighlight lang="yaml">
<syntaxhighlight lang="yaml">
cat <<'YML'| kubectl apply -n academia -f -
cat <<'YML'| kubectl apply -n academia -f -
Line 109: Line 130:
YML
YML
</syntaxhighlight>
</syntaxhighlight>
|}


==Namespace » Academia » ConfigMap » HAProxy==
==Namespace » Academia » ConfigMap » HAProxy==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Namespace » Academia » ConfigMap » HAProxy
|-
|valign='top'|
<syntaxhighlight lang="bash" line>
<syntaxhighlight lang="bash" line>
cat <<'CFG'| kubectl -n academia create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
cat <<'CFG'| kubectl -n academia create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
Line 200: Line 227:
CFG
CFG
</syntaxhighlight>
</syntaxhighlight>
|}


==Namespace » Academia » Deployment » HAProxy==
==Namespace » Academia » Deployment » HAProxy==
{|class='wikitable mw-collapsible'
!scope='col' style='width:1100px'|
Namespace » Academia » Deployment » HAProxy
|-
|valign='top'|
<syntaxhighlight lang="yaml">
<syntaxhighlight lang="yaml">
cat <<'YML'| kubectl apply -n academia -f -
cat <<'YML'| kubectl apply -n academia -f -
Line 254: Line 287:
YML
YML
</syntaxhighlight>
</syntaxhighlight>
|}


==Namespace » Kube-System » ConfigMap » CoreDNS==
==Namespace » Kube-System » ConfigMap » CoreDNS==
{|class='wikitable mw-collapsible'
!scope='col' style='width:1100px'|
Namespace » Kube-System » ConfigMap » CoreDNS
|-
|valign='top'|
[[K8s/Ingress#CoreDNS|Skipped » Find More » 👈]]
[[K8s/Ingress#CoreDNS|Skipped » Find More » 👈]]
|}


==Namespace » Academia » Clean-up ==
==Namespace » Academia » Clean-up==
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='width:1100px'|
Namespace » Academia » Clean-up
|-
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
kubectl -n academia delete deploy    haproxy
kubectl -n academia delete deploy    haproxy
Line 268: Line 313:
kubectl delete namespace academia
kubectl delete namespace academia
</syntaxhighlight>
</syntaxhighlight>
|}


==Namespace » Academia » Env.js ==
==Namespace » Academia » Env.js==
{|class='wikitable mw-collapsible'
!scope='col' colspan='3' style='width:1100px'|
Namespace » Academia » Env.js
|-
|valign='top'|
<syntaxhighlight lang="js">
<syntaxhighlight lang="js">
let token = localStorage.getItem('user') != null ? JSON.parse(localStorage.getItem('user')).token : ''
let token = localStorage.getItem('user') != null ? JSON.parse(localStorage.getItem('user')).token : ''
Line 292: Line 343:
};
};
</syntaxhighlight>
</syntaxhighlight>
|}


==References==
==References==

Latest revision as of 00:46, 12 July 2025

Namespace » Academia

Namespace » Academia 

cat << EXE | sudo bash
ufw        allow from 192.168.49.2/32 to any port 9000:9010 proto tcp
ufw        allow from 192.168.49.2/32 to any port      3000 proto tcp
ufw status numbered
EXE

cat << EXE | sudo bash
ufw delete allow from 192.168.49.2/32 to any port 9000:9010 proto tcp
ufw delete allow from 192.168.49.2/32 to any port      3000 proto tcp
ufw status numbered
EXE

export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
kubectl config get-contexts
kubectl config view

kubectl get    ns|grep   academia
kubectl delete namespace academia
kubectl create namespace academia

Namespace » Academia » Ingress » Academia

Namespace » Academia » Ingress » Academia 

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: academia
  namespace: academia
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/name: academia
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
spec:
  ingressClassName: nginx
  rules:
    - host: academia.chorke.org.local
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: haproxy
                port:
                  number: 80
YML

Namespace » Academia » Service » Academia

Namespace » Academia » Service » Academia 

cat <<'YML'|kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
  name: academia
  namespace: academia
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/name: academia
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
spec:
  type: ExternalName
  externalName: host.minikube.internal
YML

Namespace » Academia » Service » HAProxy

Namespace » Academia » Service » HAProxy 

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
  name: haproxy
  namespace: academia
  labels:
    app.kubernetes.io/name: haproxy
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
spec:
  type: ClusterIP
  ports:
    - name: http-haproxy
      targetPort: 80
      protocol: TCP
      port: 80
  selector:
    app: haproxy
YML

Namespace » Academia » ConfigMap » HAProxy

Namespace » Academia » ConfigMap » HAProxy 

cat <<'CFG'| kubectl -n academia create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
global
   log             stdout format raw local0
   maxconn         3000

   # default ssl material locations
   ca-base         /etc/ssl/certs
   crt-base        /etc/ssl/private

   # see: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
   ssl-default-bind-ciphers      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
   ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
   ssl-default-bind-options      ssl-min-ver TLSv1.2 no-tls-tickets


defaults
   log             global
   option          httplog
   option          dontlognull
   timeout         connect 5000
   timeout         client  50000
   timeout         server  50000
   errorfile       400 /usr/local/etc/haproxy/errors/400.http
   errorfile       403 /usr/local/etc/haproxy/errors/403.http
   errorfile       408 /usr/local/etc/haproxy/errors/408.http
   errorfile       500 /usr/local/etc/haproxy/errors/500.http
   errorfile       502 /usr/local/etc/haproxy/errors/502.http
   errorfile       503 /usr/local/etc/haproxy/errors/503.http
   errorfile       504 /usr/local/etc/haproxy/errors/504.http


# ##############################################################################
# http frontend config for *.group.local, *.biz.local, *.com.local, *.k8s.local
# *.org.local, *.bd.local, *.io.local, & *.my.local
# this config added by chorke academia, inc

frontend           fnt_academia_chorke_org
   bind            *:80
   mode            http

   acl             host-is-academia-chorke-org           hdr(host) -i academia.chorke.org.local
   acl             host-is-agronomy-chorke-org           hdr(host) -i agronomy.chorke.org.local
   acl             host-is-autonomy-chorke-org           hdr(host) -i autonomy.chorke.org.local
 
   acl             path-is-rest-api-policy               path_beg /api/policy/rest/
   acl             path-is-rest-api-quote                path_beg /api/quote/rest/
   acl             path-is-rest-api-audit                path_beg /api/audit/rest/
   acl             path-is-rest-api-rate                 path_beg /api/rate/rest/
   acl             path-is-rest-api-tds                  path_beg /api/tds/rest/

   use_backend     bck_academia_chorke_org_policy        if host-is-academia-chorke-org path-is-rest-api-policy
   use_backend     bck_academia_chorke_org_quote         if host-is-academia-chorke-org path-is-rest-api-quote
   use_backend     bck_academia_chorke_org_audit         if host-is-academia-chorke-org path-is-rest-api-audit
   use_backend     bck_academia_chorke_org_rate          if host-is-academia-chorke-org path-is-rest-api-rate
   use_backend     bck_academia_chorke_org_tds           if host-is-academia-chorke-org path-is-rest-api-tds
   default_backend bck_academia_chorke_org


backend            bck_academia_chorke_org_policy
   http-request    set-path "%[path,regsub(^/api/policy/rest/,/)]"
   server          academia_chorke_org_policy academia:9002 check
   mode            http

backend            bck_academia_chorke_org_quote
   http-request    set-path "%[path,regsub(^/api/quote/rest/,/)]"
   server          academia_chorke_org_qoute academia:9001 check
   mode            http

backend            bck_academia_chorke_org_audit
   http-request    set-path "%[path,regsub(^/api/audit/rest/,/)]"
   server          academia_chorke_org_audit academia:9003 check
   mode            http

backend            bck_academia_chorke_org_rate
   http-request    set-path "%[path,regsub(^/api/rate/rest/,/)]"
   server          academia_chorke_org_rate academia:9004 check
   mode            http

backend            bck_academia_chorke_org_tds
   http-request    set-path "%[path,regsub(^/api/tds/rest/,/)]"
   server          academia_chorke_org_tds academia:9000 check
   mode            http

backend            bck_academia_chorke_org
   server          academia_chorke_org academia:3000 check
   mode            http
CFG

Namespace » Academia » Deployment » HAProxy

Namespace » Academia » Deployment » HAProxy 

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: haproxy
  namespace: academia
  labels:
    app: haproxy
    app.kubernetes.io/name: haproxy
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
    app: haproxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: haproxy
  template:
    metadata:
      labels:
        app: haproxy
    spec:
      containers:
        - name: haproxy
          image: haproxy:2.8-alpine
          ports:
          - name: http-haproxy
            containerPort: 80
            protocol: TCP
          resources:
            requests:
              cpu: 50m
              memory: 64Mi
            limits:
              memory: 128Mi
              cpu: 100m
          volumeMounts:
            - mountPath: /usr/local/etc/haproxy/haproxy.cfg
              subPath: haproxy.cfg
              name: haproxy-cfg
      volumes:
        - name: haproxy-cfg
          configMap:
            name: haproxy
            items:
            - key: haproxy.cfg
              path: haproxy.cfg
YML

Namespace » Kube-System » ConfigMap » CoreDNS

Namespace » Kube-System » ConfigMap » CoreDNS

Skipped » Find More » 👈

Namespace » Academia » Clean-up

Namespace » Academia » Clean-up 

kubectl -n academia delete deploy    haproxy
kubectl -n academia delete service   haproxy
kubectl -n academia delete configmap haproxy

kubectl -n academia delete service   academia
kubectl -n academia delete ingress   academia
kubectl delete namespace academia

Namespace » Academia » Env.js

Namespace » Academia » Env.js 

let token = localStorage.getItem('user') != null ? JSON.parse(localStorage.getItem('user')).token : ''

const policyUrl          = 'http://academia.chorke.org.local/api/policy/rest';
const auditUrl           = 'http://academia.chorke.org.local/api/audit/rest';
const quoteUrl           = 'http://academia.chorke.org.local/api/quote/rest';
const rateUrl            = 'http://academia.chorke.org.local/api/rate/rest';
const url                = 'http://academia.chorke.org.local/api/tds/rest';
const siteKey            = '6LfAm6MpBBBBBNf1A6fxnsKeH6UQ8lrKw7LarDXa';
const isEnabledReCaptcha = false;
export const env         = {
  apiURL       : url,
  apiVersion   : `${url}`,
  quotationUrl : quoteUrl,
  policyUrl    : policyUrl,
  productsUrl  : rateUrl,
  auditUrl,
  token,
  siteKey,
  isEnabledReCaptcha
};

References

Retrieved from "https://wiki.chorke.org/index.php?title=K8s/HAProxy/Ingress&oldid=15385"