From af0737d23f2aae5d71b584e2a6ee3467a5a9a50b Mon Sep 17 00:00:00 2001 From: Alexandre Peixoto Ferreira Date: Thu, 23 Mar 2023 15:25:04 -0500 Subject: [PATCH] Change smarter-k3s-edge to 0.0.7 Signed-off-by: Alexandre Peixoto Ferreira --- charts/smarter-k3s-edge/Chart.yaml | 2 +- charts/smarter-k3s-edge/templates/common.yaml | 35 +++++++++++++------ .../templates/k3s-edge-ingress.yaml | 25 +++++++++++++ .../smarter-k3s-edge/templates/service.yaml | 5 +++ charts/smarter-k3s-edge/values.yaml | 9 +++-- 5 files changed, 62 insertions(+), 14 deletions(-) create mode 100644 charts/smarter-k3s-edge/templates/k3s-edge-ingress.yaml diff --git a/charts/smarter-k3s-edge/Chart.yaml b/charts/smarter-k3s-edge/Chart.yaml index db2d068..81578d1 100644 --- a/charts/smarter-k3s-edge/Chart.yaml +++ b/charts/smarter-k3s-edge/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: smarter-k3s-edge -version: 0.0.6 +version: 0.0.7 type: application appVersion: v1.25.3-k3s1 description: K3s server on kubernetes diff --git a/charts/smarter-k3s-edge/templates/common.yaml b/charts/smarter-k3s-edge/templates/common.yaml index 4830279..0ea1434 100644 --- a/charts/smarter-k3s-edge/templates/common.yaml +++ b/charts/smarter-k3s-edge/templates/common.yaml @@ -1,4 +1,4 @@ -{{- if .Values.configuration.portHTTPS }} +{{- if or .Values.configuration.portHTTP .Values.configuration.portHTTPS }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -46,14 +46,14 @@ data: #gzip on; - server { - listen 80 default_server; - listen [::]:80 default_server; - server_name server_domain_or_IP; - return 302 https://$server_name$request_uri; - } server { disable_symlinks off; + {{- if .Values.configuration.portHTTP }} + listen {{ .Values.configuration.portHTTP }} default_server; + listen [::]:{{ .Values.configuration.portHTTP }} default_server; + server_name server_domain_or_IP; + {{- end }} + {{- if .Values.configuration.portHTTPS }} i # SSL configuration listen {{ .Values.configuration.portHTTPS }} ssl http2 default_server; listen [::]:{{ .Values.configuration.portHTTPS }} ssl http2 default_server; @@ -71,13 +71,14 @@ data: ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + {{- end }} # Disable preloading HSTS for now. You can use the commented out header line that includes # the "preload" directive if you understand the implications. #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; - ssl_dhparam /etc/ssl/certs/dhparam.pem; root /var/www/html; server_name _; location / { @@ -112,8 +113,13 @@ data: k3s-start.sh: | #!/bin/bash # + {{- if .Values.configuration.traefik }} + curl -sflkO https://{{ .Values.configuration.host }}.{{ .Values.configuration.domain }}/token.{{ .Values.configuration.id }} + curl -sflkO https://{{ .Values.configuration.host }}.{{ .Values.configuration.domain }}/k3s.yaml.{{ .Values.configuration.id }} + {{- else }} curl -sflkO https://{{ default .Values.configuration.hostIP .Values.configuration.externalHostIP}}:{{ .Values.configuration.portHTTPS }}/token.{{ .Values.configuration.id }} curl -sflkO https://{{ default .Values.configuration.hostIP .Values.configuration.externalHostIP}}:{{ .Values.configuration.portHTTPS }}/k3s.yaml.{{ .Values.configuration.id }} + {{- end }} export INSTALL_K3S_VERSION=$(echo "{{ default .Chart.AppVersion .Values.image.tag }}" | sed -e "s/-k3/+k3/") export K3S_TOKEN=$(cat token.{{ .Values.configuration.id }}) export K3S_URL=$(grep server: k3s.yaml.{{ .Values.configuration.id }} | sed -e "s/^ *.server: *//") @@ -140,8 +146,10 @@ data: # apk update apk add openssl + {{- if .Values.configuration.portHTTPS }} i echo -e "US\n\n\nSmarter\n\n"{{ default .Values.configuration.hostIP .Values.configuration.externalHostIP }}"\n\n" | openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 + {{- end }} mkdir -p /var/www/html until [ -f /etc/rancher/k3s/k3s.yaml ] do @@ -185,7 +193,7 @@ spec: "--disable","coredns", "--disable","local-storage", "--flannel-backend=none" ] - {{- if .Values.configuration.portHTTPS }} + {{- if or .Values.configuration.portHTTP .Values.configuration.portHTTPS }} volumeMounts: - name: k3s-data mountPath: /var/lib/rancher/k3s @@ -194,7 +202,7 @@ spec: {{- end }} ports: - containerPort: {{ .Values.configuration.port }} - {{- if .Values.configuration.portHTTPS }} + {{- if or .Values.configuration.portHTTP .Values.configuration.portHTTPS }} - name: {{ .Values.application.appName }}-nginx image: nginx:1.23.2-alpine command: [ "/bin/sh", @@ -207,10 +215,15 @@ spec: - name: config mountPath: /etc/nginx/conf.d ports: + {{- if .Values.configuration.portHTTP }} + - containerPort: {{ .Values.configuration.portHTTP }} + {{- end }} + {{- if .Values.configuration.portHTTPS }} - containerPort: {{ .Values.configuration.portHTTPS }} + {{- end }} {{- end }} volumes: - {{- if .Values.configuration.portHTTPS }} + {{- if or .Values.configuration.portHTTP .Values.configuration.portHTTPS }} - name: k3s-data persistentVolumeClaim: claimName: {{ .Values.application.appName }}-data diff --git a/charts/smarter-k3s-edge/templates/k3s-edge-ingress.yaml b/charts/smarter-k3s-edge/templates/k3s-edge-ingress.yaml new file mode 100644 index 0000000..f278954 --- /dev/null +++ b/charts/smarter-k3s-edge/templates/k3s-edge-ingress.yaml @@ -0,0 +1,25 @@ +{{- if .Values.configuration.traefik }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-k3s-edge-ingress + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: cert-manager-acme-issuer +spec: + rules: + - host: {{ .Values.configuration.host }}.{{ .Values.configuration.domain }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Values.application.appName }} + port: + number: {{ .Values.configuration.portHTTP }} + tls: + - secretName: {{ .Release.Name }}-k3s-edge-tls + hosts: + - {{ .Values.configuration.host }}.{{ .Values.configuration.domain }} +{{- end }} diff --git a/charts/smarter-k3s-edge/templates/service.yaml b/charts/smarter-k3s-edge/templates/service.yaml index 8094fbe..9504afe 100644 --- a/charts/smarter-k3s-edge/templates/service.yaml +++ b/charts/smarter-k3s-edge/templates/service.yaml @@ -11,6 +11,11 @@ spec: - protocol: TCP port: {{ .Values.configuration.port }} name: {{ .Values.application.appName }} + {{- if .Values.configuration.portHTTP }} + - protocol: TCP + port: {{ .Values.configuration.portHTTP }} + name: {{ .Values.application.appName }}-http + {{- end }} {{- if .Values.configuration.portHTTPS }} - protocol: TCP port: {{ .Values.configuration.portHTTPS }} diff --git a/charts/smarter-k3s-edge/values.yaml b/charts/smarter-k3s-edge/values.yaml index 508ee9c..497124e 100644 --- a/charts/smarter-k3s-edge/values.yaml +++ b/charts/smarter-k3s-edge/values.yaml @@ -10,11 +10,16 @@ image: pullPolicy: IfNotPresent configuration: + host: k3s-edge + domain: example.com hostIP: 192.168.2.222 # Use this in case of NATed AWS - #externalHostIP: 192.168.2.222 + externalHostIP: 192.168.2.222 port: 6443 # Comment to remove NGINX - portHTTPS: 6453 + portHTTP: 80 + #portHTTPS: 6453 + # Uncomment to enable traefik ingress + #traefik: True # Uncomment to enable labeling for smarter-demo #smarter_demo_labels: true