initial commit on new k8s templates

k8s/netmaker-ha/kustomization.yml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: netmaker
+resources:
+  - database/
+  - server/
+  - mq/
+  - ui/
+  - netmaker-deploy.yml
+  - netmaker-ing.yml
+  - netmaker-pvc.yml
+  - netmaker-sa.yml
+  - netmaker-ns.yml

k8s/netmaker-ha/netmaker-ing.yml

@@ -0,0 +1,76 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: &app "netmaker"
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/secure-backends: "true"
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+  - host: netmaker.<path:apps-kv/data/general#DN>
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: *app
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - netmaker.<path:apps-kv/data/general#DN>
+    secretName: netmaker-tls
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netmaker-api
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+  - host: api.netmaker.<path:apps-kv/data/general#DN>
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-api
+            port:
+              number: 8081
+  tls:
+  - hosts:
+    - api.netmaker.<path:apps-kv/data/general#DN>
+    secretName: netmaker-tls
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netmaker-grpc
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+spec:
+  rules:
+  - host: grpc.netmaker.<path:apps-kv/data/general#DN>
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-grpc
+            port:
+              number: 443
+  tls:
+  - hosts:
+    - grpc.netmaker.<path:apps-kv/data/general#DN>
+    secretName: netmaker-tls

k8s/netmaker-ha/netmaker-ns.yml

@@ -0,0 +1,4 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: netmaker

k8s/netmaker-ha/netmaker-pvc.yml

@@ -0,0 +1,26 @@
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: netmaker
+spec:
+  storageClassName: managed-nfs-storage
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: netmaker-rqlite
+  annotations:
+    nfs.io/storage-path: "data01/netmaker/rqlite"
+spec:
+  storageClassName: managed-nfs-storage
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi

k8s/netmaker-ha/netmaker-sa.yml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: netmaker

k8s/netmaker-ha/server/kustomization.yml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: netmaker
+resources:
+  - netmaker-deploy.yml
+  - netmaker-svc.yml

k8s/netmaker-ha/server/netmaker-backend-deploy.yml

@@ -0,0 +1,115 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: netmaker
+  name: netmaker
+spec:
+  replicas: 1
+  serviceName: netmaker-headless
+  selector:
+    matchLabels:
+      app: netmaker
+  template:
+    metadata:
+      labels:
+        app: netmaker
+    spec:
+      initContainers:
+      - name: init-sysctl
+        image: busybox
+        imagePullPolicy: IfNotPresent
+        command: ["/bin/sh", "-c"]
+        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
+        securityContext:
+          privileged: true
+      dnsPolicy: ClusterFirstWithHostNet
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - netmaker
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+      - env:
+        - name: SERVER_NAME
+          value: broker.nm.k8s.clustercat.com
+        - name: SERVER_API_CONN_STRING
+          value: api.nm.k8s.clustercat.com:443
+        - name: SERVER_HTTP_HOST
+          value: api.nm.k8s.clustercat.com
+        - name: API_PORT
+          value: "8081"
+        - name: WG_QUICK_USERSPACE_IMPLEMENTATION
+          value: wireguard-go
+        - name: DNS_MODE
+          value: "off"
+        - name: CLIENT_MODE
+          value: "on"
+        - name: DISPLAY_KEYS
+          value: "on"
+        - name: DATABASE
+          value: sqlite
+        - name: MASTER_KEY
+          value: cqYXwQGWiLKj
+        - name: PLATFORM
+          value: Kubernetes
+        - name: CORS_ALLOWED_ORIGIN
+          value: '*'
+        - name: MQ_HOST
+          value: "mq"
+        - name: MQ_PORT
+          value: "31883"
+        - name: PLATFORM
+          value: "Kubernetes"
+        - name: VERBOSITY
+          value: "3"
+        image: gravitl/netmaker:v0.14.3
+        imagePullPolicy: Always
+        name: netmaker
+        ports:
+        - containerPort: 8081
+          protocol: TCP
+        - containerPort: 31821
+          protocol: UDP
+        - containerPort: 31822
+          protocol: UDP
+        - containerPort: 31823
+          protocol: UDP
+        - containerPort: 31824
+          protocol: UDP
+        - containerPort: 31825
+          protocol: UDP
+        - containerPort: 31826
+          protocol: UDP
+        - containerPort: 31827
+          protocol: UDP
+        - containerPort: 31828
+          protocol: UDP
+        - containerPort: 31829
+          protocol: UDP
+        - containerPort: 31830
+          protocol: UDP
+        resources: {}
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+            - SYS_MODULE
+        volumeMounts:
+        - mountPath: /etc/netmaker/
+          name: shared-certs
+        - mountPath: /root/data
+          name: netmaker-data
+      volumes:
+      - name: shared-certs
+        persistentVolumeClaim:
+          claimName: shared-certs-pvc
+      - name: netmaker-data
+        persistentVolumeClaim:
+          claimName: netmaker-data-pvc

k8s/netmaker-ha/server/netmaker-backend-svc.yml

@@ -0,0 +1,32 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels: &labels
+    app: netmaker-backend
+    part-of: netmaker
+  name: netmaker-api
+spec:
+  ports:
+  - port: 8081
+    protocol: TCP
+    targetPort: backend
+  selector: *labels
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels: &labels
+    app: netmaker-backend
+    part-of: netmaker
+  name: netmaker-grpc
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: backend-grpc
+  selector: *labels
+  sessionAffinity: None
+  type: ClusterIP

k8s/netmaker-singlenode/01-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: netmaker

k8s/netmaker-singlenode/02-pvc.yaml

@@ -0,0 +1,26 @@
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: nm-sqldata
+  namespace: netmaker
+spec:
+  accessModes:
+  - ReadWriteOnce
+  storageClassName: STORAGE_CLASS_RWO
+  resources:
+    requests:
+      storage: 500Mi
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: nm-mq-certs
+  namespace: netmaker
+spec:
+  accessModes:
+  - ReadWriteMany
+  storageClassName: STORAGE_CLASS_RWX
+  resources:
+    requests:
+      storage: 50Mi

k8s/netmaker-singlenode/03-svc.yaml

@@ -0,0 +1,107 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+  name: 'netmaker-wireguard'
+spec:
+  externalTrafficPolicy: Local
+  type: NodePort
+  ports:
+  - port: 31821
+    nodePort: 31821
+    protocol: UDP
+    targetPort: 31821
+    name: wg-iface-31821
+  - port: 31822
+    nodePort: 31822
+    protocol: UDP
+    targetPort: 31822
+    name: wg-iface-31822
+  - port: 31823
+    nodePort: 31823
+    protocol: UDP
+    targetPort: 31823
+    name: wg-iface-31823
+  - port: 31824
+    nodePort: 31824
+    protocol: UDP
+    targetPort: 31824
+    name: wg-iface-31824
+  - port: 31825
+    nodePort: 31825
+    protocol: UDP
+    targetPort: 31825
+    name: wg-iface-31825
+  selector:
+    app: 'netmaker'
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: 'netmaker-rest'
+spec:
+  ports:
+  - name: rest
+    port: 8081
+    protocol: TCP
+    targetPort: 8081
+  selector:
+    app: 'netmaker'
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: netmaker
+  labels:
+    app: netmaker
+  name: netmaker-ui
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: netmaker
+  sessionAffinity: None
+  type: ClusterIP
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+#   name: mq
+#   namespace: netmaker
+# spec:
+#   ports:
+#   - name: mqtt
+#     port: 1883
+#     protocol: TCP
+#     targetPort: mqtt
+#   - name: mqtt2
+#     port: 8883
+#     protocol: TCP
+#     targetPort: mqtt2    
+#   selector:
+#     app.kubernetes.io/instance: mosquitto
+#     app.kubernetes.io/name: mosquitto
+#   sessionAffinity: None
+# ---
+# apiVersion: v1
+# kind: Service
+# metadata:
+#   labels:
+#   name: 'netmaker-mqtt'
+# spec:
+#   externalTrafficPolicy: Local
+#   type: NodePort
+#   selector:
+#     app.kubernetes.io/instance: mosquitto
+#     app.kubernetes.io/name: mosquitto
+#   ports:
+#   - port: 31883
+#     nodePort: 31883
+#     protocol: TCP
+#     targetPort: 8883
+#     name: nm-mqtt

k8s/netmaker-singlenode/04-configmap.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+data:
+  mosquitto.conf: |
+    per_listener_settings true
+    listener 8883
+    allow_anonymous false
+    require_certificate true
+    use_identity_as_username true
+    cafile /mosquitto/certs/root.pem
+    certfile /mosquitto/certs/server.pem
+    keyfile /mosquitto/certs/server.key
+    listener 1883 
+    allow_anonymous true  
+kind: ConfigMap
+metadata:
+  name: mosquitto-config
+  namespace: netmaker

k8s/netmaker-singlenode/05-ingress-nginx.yaml

@@ -0,0 +1,52 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-api-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-nginx"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - api.BASE_DOMAIN
+    secretName: nm-api-tls
+  rules:
+  - host: api.BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-rest
+            port:
+              number: 8081
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-ui-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-nginx"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - dashboard.BASE_DOMAIN
+    secretName: nm-ui-tls
+  rules:
+  - host: dashboard.BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-ui
+            port:
+              number: 80

k8s/netmaker-singlenode/05-ingress-traefik.yaml

@@ -0,0 +1,75 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: secheaders
+  namespace: netmaker
+spec:
+  headers:
+    stsIncludeSubdomains: true
+    stsPreload: true
+    stsSeconds: 31536000
+    forceSTSHeader: true
+    sslRedirect: true
+    referrerPolicy: "same-origin"
+    frameDeny: true
+    contentTypeNosniff: true
+    browserXssFilter: true
+    accessControlAllowMethods: ["GET", "OPTIONS", "PUT"]
+    accessControlMaxAge: 100
+    customFrameOptionsValue: SAMEORIGIN
+    contentSecurityPolicy: frame-ancestors 'self'
+    permissionsPolicy: geolocation=(), microphone=()
+    referrerPolicy: no-referrer
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nm-api-ingress-tls
+  namespace: netmaker
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`api.BASE_DOMAIN`)
+    kind: Rule
+    services:
+    - name: netmaker-api
+      port: 8081
+  tls:
+    certResolver: CERT_PROVIDER
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nm-ui-ingress-tls
+  namespace: netmaker
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`dashboard.BASE_DOMAIN`)
+    kind: Rule
+    services:
+    - name: netmaker-ui
+      port: 80
+    middlewares:
+    - name: secheaders
+  tls:
+    certResolver:  CERT_PROVIDER
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  namespace: netmaker
+  name: nm-mq-ingress-tls
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: HostSNI(`broker.BASE_DOMAIN`)
+    services:
+      - name: netmaker-mq
+        port: 8883
+  tls:
+    passthrough: true

k8s/netmaker-singlenode/06-deployment.yaml

@@ -0,0 +1,156 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker
+  namespace: netmaker
+  labels:
+    app: netmaker
+spec:
+  selector:
+    matchLabels:
+      app: netmaker
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: netmaker
+    spec:
+      initContainers:
+      - name: init-sysctl
+        image: busybox
+        imagePullPolicy: IfNotPresent
+        command: ["/bin/sh", "-c"]
+        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
+        securityContext:
+          privileged: true
+      dnsPolicy: ClusterFirstWithHostNet
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - netmaker
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+      - env:
+        - name: SERVER_NAME
+          value: broker.BASE_DOMAIN
+        - name: SERVER_API_CONN_STRING
+          value: api.BASE_DOMAIN:443
+        - name: SERVER_HTTP_HOST
+          value: api.BASE_DOMAIN
+        - name: API_PORT
+          value: "8081"
+        - name: WG_QUICK_USERSPACE_IMPLEMENTATION
+          value: wireguard-go
+        - name: DNS_MODE
+          value: "off"
+        - name: CLIENT_MODE
+          value: "on"
+        - name: DISPLAY_KEYS
+          value: "on"
+        - name: DATABASE
+          value: sqlite
+        - name: MASTER_KEY
+          value: REPLACE_MASTER_KEY
+        - name: PLATFORM
+          value: Kubernetes
+        - name: CORS_ALLOWED_ORIGIN
+          value: '*'
+        - name: MQ_HOST
+          value: "127.0.0.1"          
+#        Uncomment this section if using the Nginx config
+#        - name: MQ_PORT
+#          value: "31883"
+        - name: PLATFORM
+          value: "Kubernetes"
+        - name: VERBOSITY
+          value: "3"
+        image: gravitl/netmaker:v0.14.3
+        imagePullPolicy: Always
+        name: netmaker
+        ports:
+        - containerPort: 8081
+          protocol: TCP
+        - containerPort: 31821
+          protocol: UDP
+        - containerPort: 31822
+          protocol: UDP
+        - containerPort: 31823
+          protocol: UDP
+        - containerPort: 31824
+          protocol: UDP
+        - containerPort: 31825
+          protocol: d
+        resources: {}
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+            - SYS_MODULE
+        volumeMounts:
+        - mountPath: /etc/netmaker/
+          name: shared-certs
+        - mountPath: /root/data
+          name: netmaker-data
+      - name: netmaker-ui
+        image: gravitl/netmaker-ui:v0.14.3
+        ports:
+        - containerPort: 80
+        env:
+        - name: BACKEND_URL
+          value: "https://api.netmaker.NETMAKER_BASE_DOMAIN"
+      - image: eclipse-mosquitto:2.0.11-openssl
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 3
+          periodSeconds: 10
+          successThreshold: 1
+          tcpSocket:
+            port: 8883
+          timeoutSeconds: 1
+        name: mosquitto
+        ports:
+        - containerPort: 1883        
+          name: mqtt
+          protocol: TCP
+        - containerPort: 8883        
+          name: mqtt2
+          protocol: TCP
+        readinessProbe:
+          failureThreshold: 3
+          periodSeconds: 10
+          successThreshold: 1
+          tcpSocket:
+            port: 8883
+          timeoutSeconds: 1
+        resources: {}
+        startupProbe:
+          failureThreshold: 30
+          periodSeconds: 5
+          successThreshold: 1
+          tcpSocket:
+            port: 8883
+          timeoutSeconds: 1
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /mosquitto/config/mosquitto.conf
+          name: mosquitto-config
+          subPath: mosquitto.conf
+        - mountPath: /mosquitto/certs
+          name: shared-certs
+      volumes:
+      - name: nm-sqldata
+        persistentVolumeClaim:
+          claimName: nm-pvc-sqldata
+      - name: netmaker-mq-configmap
+        configMap:
+          name: netmaker-mq-configmap

kube/components/mongo-statefulset.yaml

@@ -1,59 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: mongo
-  labels:
-    name: mongo
-spec:
-  ports:
-    - port: 27017
-      targetPort: 27017
-  clusterIP: None
-  selector:
-    role: mongo
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: mongo
-spec:
-  serviceName: "mongo"
-  replicas: 1
-  selector:
-    matchLabels:
-      role: mongo
-  template:
-    metadata:
-      labels:
-        app: mongo
-        role: mongo
-    spec:
-      containers:
-      - name: mongo
-        image: mongo
-        env:
-          - name: MONGO_INITDB_ROOT_USERNAME
-            value: mongoadmin
-          - name: MONGO_INITDB_ROOT_PASSWORD
-            value: mongopass
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: mongovol
-          mountPath: /data/db
-      volumes:
-      - name: mongovol
-        persistentVolumeClaim:
-          claimName: mongodb-pvc
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: mongodb-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 7Gi
-  storageClassName: microk8s-hostpath

kube/components/netclient-template.yaml.backup

@@ -1,62 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: netclient
-  labels:
-    app: netclient
-spec:
-  selector:
-    matchLabels:
-      app: netclient
-  template:
-    metadata:
-      labels:
-        app: netclient
-    spec:
-      hostNetwork: true
-      containers:
-      - name: netclient
-        image: gravitl/netclient:v0.5.8
-        command: ['bash', '-c', "/root/netclient join -t $ACCESS_TOKEN --daemon off --name $(echo $NODE_NAME| sed -e s/.$NETWORK//); while true; do /root/netclient checkin -n $NETWORK; sleep $SLEEP; done"]
-        env:
-        - name: ACCESS_TOKEN
-          value: "ACCESS_TOKEN_VALUE"
-        - name: NETWORK
-          value: "microk8s"
-        - name: SLEEP
-          value: "30"
-        - name: NODE_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-        volumeMounts:
-        - mountPath: /etc/netclient
-          name: etc-netclient
-        - mountPath: /usr/bin/wg
-          name: wg
-        - mountPath: /var/run/dbus/system_bus_socket
-          name: systemd-bus-socket
-        securityContext:
-          privileged: true
-          #capabilities:
-          #  add:
-          #  - ["NET_ADMIN","SYS_ADMIN","SYS_MODULE"]
-      volumes:
-      - hostPath:
-          path: /etc/netclient
-          type: DirectoryOrCreate
-        name: etc-netclient
-      - hostPath:
-          path: /usr/bin/wg
-          type: File
-        name: wg 
-      - hostPath:
-          path: /usr/bin/resolvectl
-          type: File
-        name: resolvectl
-      - hostPath:
-          path: /var/run/dbus/system_bus_socket
-          type: ""
-        name: systemd-bus-socket
-
-

kube/components/netmaker-api.yaml

@@ -1,87 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-api
-  labels:
-    app: netmaker-api
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-api
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-api
-    spec:
-      containers:
-      - name: netmaker-api
-        image: gravitl/netmaker:v0.5.7
-        ports:
-        - containerPort: 8081
-        volumeMounts:
-        - name: nm-pvc
-          mountPath: /root/config/dnsconfig
-        env:
-        - name: SERVER_API_CONN_STRING
-          value: "api.nm.k8s.gravitl.com:443"
-        - name: COREDNS_ADDR
-          value: "netmaker-dns"
-        - name: SERVER_HTTP_HOST
-          value: "api.nm.k8s.gravitl.com"
-        - name: API_PORT
-          value: "8081"
-        - name: AGENT_BACKEND
-          value: "off"
-        - name: CLIENT_MODE
-          value: "off"
-        - name: DNS_MODE
-          value: "on"
-        - name: MASTER_KEY
-          value: "Unkn0wn!"
-        - name: MASTER_KEY
-          value: "secretkey"
-        - name: CORS_ALLOWED_ORIGIN
-          value: "*"
-        - name: DISABLE_REMOTE_IP_CHECK
-          value: "on"
-        - name: MONGO_ADMIN
-          value: "mongoadmin"
-        - name: MONGO_PASS
-          value: "mongopass"
-        - name: MONGO_HOST
-          value: "mongo-0.mongo"
-        - name: MONGO_OPTS
-          value: "/?authSource=admin"
-      volumes:
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nm-pvc
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 128Mi
-  storageClassName: microk8s-hostpath
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-api
-  name: netmaker-api
-spec:
-  ports:
-  - port: 8081
-    protocol: TCP
-    targetPort: 8081
-  selector:
-    app: netmaker-api
-  sessionAffinity: None
-  type: ClusterIP

kube/components/netmaker-backend.yaml

@@ -1,98 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-backend
-  labels:
-    app: netmaker-backend
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-backend
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-backend
-    spec:
-      containers:
-      - name: netmaker-backend
-        image: gravitl/netmaker:v0.5.7
-        ports:
-        - containerPort: 8081
-        volumeMounts:
-        - name: nm-pvc
-          mountPath: /root/config/dnsconfig
-        env:
-        - name: SERVER_API_CONN_STRING
-          value: "api.nm.k8s.gravitl.com:443"
-        - name: COREDNS_ADDR
-          value: "10.152.183.53"
-        - name: SERVER_HTTP_HOST
-          value: "api.k8s.gravitl.com"
-        - name: API_PORT
-          value: "8081"
-        - name: CLIENT_MODE
-          value: "off"
-        - name: MASTER_KEY
-          value: "Unkn0wn!"
-        - name: MASTER_KEY
-          value: "secretkey"
-        - name: CORS_ALLOWED_ORIGIN
-          value: "*"
-        - name: DISABLE_REMOTE_IP_CHECK
-          value: "on"
-        - name: MONGO_ADMIN
-          value: "mongoadmin"
-        - name: MONGO_PASS
-          value: "mongopass"
-        - name: MONGO_HOST
-          value: "mongo-0.mongo"
-        - name: MONGO_OPTS
-          value: "/?authSource=admin"
-      volumes:
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nm-pvc
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 128Mi
-  storageClassName: microk8s-hostpath
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-backend
-  name: netmaker-api
-spec:
-  ports:
-  - port: 8081
-    protocol: TCP
-    targetPort: 8081
-  selector:
-    app: netmaker-backend
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-backend
-spec:
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 443
-  selector:
-    app: netmaker-backend
-  sessionAffinity: None
-  type: ClusterIP

kube/components/netmaker-dns.yaml

@@ -1,71 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-dns
-  labels:
-    app: netmaker-dns
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-dns
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-dns
-    spec:
-      containers:
-      - args:
-        - -conf
-        - /root/dnsconfig/Corefile
-        image: coredns/coredns
-        imagePullPolicy: Always
-        name: netmaker-dns
-        ports:
-        - containerPort: 53
-          name: dns
-          protocol: UDP
-        - containerPort: 53
-          name: dns-tcp
-          protocol: TCP
-        volumeMounts:
-        - mountPath: /root/dnsconfig
-          name: nm-pvc
-          readOnly: true
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-            drop:
-            - all
-      dnsPolicy: "None"
-      dnsConfig:
-        nameservers:
-          - 127.0.0.1
-      volumes:
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-dns
-  name: netmaker-dns
-spec:
-  ports:
-  - port: 53
-    protocol: UDP
-    targetPort: 53
-    name: udp
-  - port: 53
-    protocol: TCP
-    targetPort: 53
-    name: tcp
-  selector:
-    app: netmaker-dns
-  sessionAffinity: None
-  type: ClusterIP
-  clusterIP: 10.152.183.53

kube/components/netmaker-grpc.yaml

@@ -1,82 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-grpc
-  labels:
-    app: netmaker-grpc
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-grpc
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-grpc
-    spec:
-      containers:
-      - name: netmaker-grpc
-        image: gravitl/netmaker:v0.5.7
-        ports:
-        - containerPort: 443
-        volumeMounts:
-        - name: nm-pvc
-          mountPath: /root/dnsconfig
-        env:
-        - name: SERVER_API_CONN_STRING
-          value: "api.nm.k8s.gravitl.com:443"
-        - name: SERVER_GRPC_CONN_STRING
-          value: "grpc.nm.k8s.gravitl.com:443"
-        - name: COREDNS_ADDR
-          value: "netmaker-dns"
-        - name: GRPC_SSL
-          value: "on"
-        - name: CLIENT_MODE
-          value: "off"
-        - name: DNS_MODE
-          value: "on"
-        - name: MASTER_KEY
-          value: "Unkn0wn!"
-        - name: SERVER_GRPC_WIREGUARD
-          value: "off"
-        - name: MASTER_KEY
-          value: "secretkey"
-        - name: CORS_ALLOWED_ORIGIN
-          value: "*"
-        - name: DISABLE_REMOTE_IP_CHECK
-          value: "on"
-        - name: MONGO_ADMIN
-          value: "mongoadmin"
-        - name: MONGO_PASS
-          value: "mongopass"
-        - name: MONGO_HOST
-          value: "mongo-0.mongo"
-        - name: MONGO_OPTS
-          value: "/?authSource=admin"
-        - name: SERVER_GRPC_HOST
-          value: "0.0.0.0"
-        - name: GRPC_PORT
-          value: "443"
-        - name: REST_BACKEND
-          value: "off"
-      volumes:
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-grpc
-  name: netmaker-grpc
-spec:
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 443
-  selector:
-    app: netmaker-grpc
-  sessionAffinity: None
-  type: ClusterIP
-

kube/components/netmaker-ingress-api.yaml

@@ -1,25 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  annotations:
-    kubernetes.io/ingress.class: "traefik"
-    kubernetes.io/ingress.allow-http: "false"    
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
-    traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
-    cert-manager.io/cluster-issuer: wildcard-issuer
-  name: nm-api-ingress
-  namespace: netmaker
-spec:
-  rules:
-  - host: api.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: netmaker
-          servicePort: 8081
-  tls:
-  - hosts: 
-    - api.NETMAKER_BASE_DOMAIN
-    secretName: cert-nm-api

kube/components/netmaker-ingress-frontend.yaml

@@ -1,25 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  annotations:
-    kubernetes.io/ingress.class: "traefik"
-    kubernetes.io/ingress.allow-http: "false"    
-    traefik.ingress.kubernetes.io/redirect-entry-point: https
-    traefik.ingress.kubernetes.io/redirect-permanent: "true"
-    traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
-    cert-manager.io/cluster-issuer: wildcard-issuer
-  name: nm-ui-ingress
-  namespace: netmaker
-spec:
-  rules:
-  - host: dashboard.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: netmaker-ui
-          servicePort: 80
-  tls:
-  - hosts: 
-    - dashboard.NETMAKER_BASE_DOMAIN
-    secretName: cert-nm-ui

kube/components/netmaker-ingress-grpc.yaml

@@ -1,17 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  annotations:
-    kubernetes.io/ingress.class: "traefik"
-    ingress.kubernetes.io/protocol: "h2c"
-  name: nm-grpc-ingress
-  namespace: netmaker
-spec:
-  rules:
-  - host: grpc.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: netmaker-grpc
-          servicePort: 50051

kube/components/netmaker-template.yaml.backup

@@ -1,345 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: mongo
-  labels:
-    name: mongo
-spec:
-  ports:
-    - port: 27017
-      targetPort: 27017
-  clusterIP: None
-  selector:
-    role: mongo
----
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: mongo
-spec:
-  serviceName: "mongo"
-  replicas: 1
-  selector:
-    matchLabels:
-      role: mongo
-  template:
-    metadata:
-      labels:
-        app: mongo
-        role: mongo
-    spec:
-      containers:
-      - name: mongo
-        image: mongo
-        env:
-          - name: MONGO_INITDB_ROOT_USERNAME
-            value: mongoadmin
-          - name: MONGO_INITDB_ROOT_PASSWORD
-            value: mongopass
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: mongovol
-          mountPath: /data/db
-      volumes:
-      - name: mongovol
-        persistentVolumeClaim:
-          claimName: mongodb-pvc
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: mongodb-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 7Gi
-  storageClassName: microk8s-hostpath
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-backend
-  labels:
-    app: netmaker-backend
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-backend
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-backend
-    spec:
-      containers:
-      - name: netmaker-backend
-        image: gravitl/netmaker:v0.5.7
-        ports:
-        - containerPort: 8081
-        volumeMounts:
-        - name: nm-pvc
-          mountPath: /root/config/dnsconfig
-        env:
-        - name: SERVER_API_CONN_STRING
-          value: "api.NETMAKER_BASE_DOMAIN:443"
-        - name: COREDNS_ADDR
-          value: "10.152.183.53"
-        - name: SERVER_HTTP_HOST
-          value: "api.NETMAKER_BASE_DOMAIN"
-        - name: API_PORT
-          value: "8081"
-        - name: CLIENT_MODE
-          value: "off"
-        - name: MASTER_KEY
-          value: "Unkn0wn!"
-        - name: MASTER_KEY
-          value: "secretkey"
-        - name: CORS_ALLOWED_ORIGIN
-          value: "*"
-        - name: DISABLE_REMOTE_IP_CHECK
-          value: "on"
-        - name: MONGO_ADMIN
-          value: "mongoadmin"
-        - name: MONGO_PASS
-          value: "mongopass"
-        - name: MONGO_HOST
-          value: "mongo-0.mongo"
-        - name: MONGO_OPTS
-          value: "/?authSource=admin"
-      volumes:
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nm-pvc
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 128Mi
-  storageClassName: microk8s-hostpath
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-backend
-  name: netmaker-api
-spec:
-  ports:
-  - port: 8081
-    protocol: TCP
-    targetPort: 8081
-  selector:
-    app: netmaker-backend
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-backend
-  name: netmaker-grpc
-spec:
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 443
-  selector:
-    app: netmaker-backend
-  sessionAffinity: None
-  type: ClusterIP
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-dns
-  labels:
-    app: netmaker-dns
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-dns
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-dns
-    spec:
-      containers:
-      - args:
-        - -conf
-        - /root/dnsconfig/Corefile
-        image: coredns/coredns
-        imagePullPolicy: Always
-        name: netmaker-dns
-        ports:
-        - containerPort: 53
-          name: dns
-          protocol: UDP
-        - containerPort: 53
-          name: dns-tcp
-          protocol: TCP
-        volumeMounts:
-        - mountPath: /root/dnsconfig
-          name: nm-pvc
-          readOnly: true
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-            drop:
-            - all
-      dnsPolicy: "None"
-      dnsConfig:
-        nameservers:
-          - 127.0.0.1
-      volumes:
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-dns
-  name: netmaker-dns
-spec:
-  ports:
-  - port: 53
-    protocol: UDP
-    targetPort: 53
-    name: udp
-  - port: 53
-    protocol: TCP
-    targetPort: 53
-    name: tcp
-  selector:
-    app: netmaker-dns
-  sessionAffinity: None
-  type: ClusterIP
-  clusterIP: 10.152.183.53
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-ui
-  labels:
-    app: netmaker-ui
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-ui
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-ui
-    spec:
-      containers:
-      - name: netmaker-ui
-        image: gravitl/netmaker-ui:v0.5
-        ports:
-        - containerPort: 80
-        env:
-        - name: BACKEND_URL
-          value: "https://api.NETMAKER_BASE_DOMAIN"
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-ui
-  name: netmaker-ui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: netmaker-ui
-  sessionAffinity: None
-  type: ClusterIP
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-api-ingress-nginx
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: public
-  tls:
-  - hosts:
-    - api.NETMAKER_BASE_DOMAIN
-    secretName: nm-api-tls
-  rules:
-  - host: api.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-api
-            port:
-              number: 8081
-
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-grpc-ingress-nginx
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
-spec:
-  ingressClassName: public
-  tls:
-  - hosts:
-    - grpc.NETMAKER_BASE_DOMAIN
-    secretName: nm-grpc-tls
-  rules:
-  - host: grpc.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-grpc
-            port:
-              number: 443
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-ui-ingress-nginx
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: public
-  tls:
-  - hosts:
-    - dashboard.NETMAKER_BASE_DOMAIN
-    secretName: nm-ui-tls
-  rules:
-  - host: dashboard.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-ui
-            port:
-              number: 80

kube/components/netmaker-ui.yaml

@@ -1,40 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-ui
-  labels:
-    app: netmaker-ui
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-ui
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-ui
-    spec:
-      containers:
-      - name: netmaker-ui
-        image: gravitl/netmaker-ui:v0.5
-        ports:
-        - containerPort: 80
-        env:
-        - name: BACKEND_URL
-          value: "https://api.nm.k8s.gravitl.com"
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-ui
-  name: netmaker-ui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: netmaker-ui
-  sessionAffinity: None
-  type: ClusterIP

kube/components/nm-ingress-api-nginx.yaml

@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-api-ingress-nginx
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: public
-  tls:
-  - hosts:
-    - api.NETMAKER_BASE_DOMAIN
-    secretName: nm-api-tls
-  rules:
-  - host: api.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-api
-            port:
-              number: 8081
-

kube/components/nm-ingress-grpc-nginx.yaml

@@ -1,25 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-grpc-ingress-nginx
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
-spec:
-  ingressClassName: public
-  tls:
-  - hosts:
-    - grpc.NETMAKER_BASE_DOMAIN
-    secretName: nm-grpc-tls-2
-  rules:
-  - host: grpc.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-grpc
-            port:
-              number: 443

kube/components/nm-ingress-ui-nginx.yaml

@@ -1,26 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-ui-ingress-nginx
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: public
-  tls:
-  - hosts:
-    - dashboard.NETMAKER_BASE_DOMAIN
-    secretName: nm-ui-tls
-  rules:
-  - host: dashboard.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-ui
-            port:
-              number: 80
-

kube/netmaker-template-udp.yaml

@@ -1,353 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: rqlite-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-backend
-  labels:
-    app: netmaker-backend
-spec:
-  nodeSelector:
-    netmaker-server: true
-  selector:
-    matchLabels:
-      app: netmaker-backend
-  replicas: 1
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: netmaker-backend
-    spec:
-      containers:
-      - name: netmaker-backend
-        image: gravitl/netmaker:0.7.2
-        imagePullPolicy: Always
-        ports:
-        - containerPort: 8081
-        volumeMounts:
-        - name: nm-pvc
-          mountPath: /root/config/dnsconfig
-        - mountPath: /etc/netclient
-          name: etc-netclient
-        - mountPath: /usr/bin/wg
-          name: wg
-        - mountPath: /var/run/dbus/system_bus_socket
-          name: systemd-bus-socket
-        - mountPath: /sys/fs/cgroup
-          name: cgroup
-        - mountPath: /run/systemd/system
-          name: run-systemd
-        - mountPath: /etc/systemd/system
-          name: etc-systemd
-        securityContext:
-          privileged: true
-        env:
-        - name: SERVER_API_CONN_STRING
-          value: "api.NETMAKER_BASE_DOMAIN:443"
-        - name: COREDNS_ADDR
-          value: "10.152.183.53"
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        - name: SERVER_HTTP_HOST
-          value: "api.NETMAKER_BASE_DOMAIN:443"
-        - name: API_PORT
-          value: "8081"
-        - name: CLIENT_MODE
-          value: "off"
-        - name: MASTER_KEY
-          value: "Unkn0wn!"
-        - name: PLATFORM
-          value: "Kubernetes"
-        - name: CORS_ALLOWED_ORIGIN
-          value: "*"
-      - name: rqlite
-        image: rqlite/rqlite
-        ports:
-        - containerPort: 4001
-        - containerPort: 4002
-        volumeMounts:
-        - name: rqlitevol
-          mountPath: /rqlite/file/data
-      volumes:
-      - name: rqlitevol
-        persistentVolumeClaim:
-          claimName: rqlite-pvc
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
-      - hostPath:
-          path: /etc/netclient
-          type: DirectoryOrCreate
-        name: etc-netclient
-      - hostPath:
-          path: /usr/bin/wg
-          type: File
-        name: wg
-      - hostPath:
-          path: /usr/bin/resolvectl
-          type: File
-        name: resolvectl
-      - hostPath:
-          path: /var/run/dbus/system_bus_socket
-          type: ""
-        name: systemd-bus-socket
-      - hostPath:
-          path: /etc/systemd/system
-          type: ""
-        name: etc-systemd
-      - hostPath:
-          path: /run/systemd/system
-          type: ""
-        name: run-systemd
-      - hostPath:
-          path: /sys/fs/cgroup
-          type: ""
-        name: cgroup
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nm-pvc
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 128Mi
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-backend
-  name: netmaker-api
-spec:
-  ports:
-  - port: 8081
-    protocol: TCP
-    targetPort: 8081
-  selector:
-    app: netmaker-backend
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-backend
-  name: netmaker-grpc
-spec:
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 443
-  selector:
-    app: netmaker-backend
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-dns
-  labels:
-    app: netmaker-dns
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-dns
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-dns
-    spec:
-      containers:
-      - args:
-        - -conf
-        - /root/dnsconfig/Corefile
-        image: coredns/coredns
-        imagePullPolicy: Always
-        name: netmaker-dns
-        ports:
-        - containerPort: 53
-          name: dns
-          protocol: UDP
-        - containerPort: 53
-          name: dns-tcp
-          protocol: TCP
-        volumeMounts:
-        - mountPath: /root/dnsconfig
-          name: nm-pvc
-          readOnly: true
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-            drop:
-            - all
-      dnsPolicy: "None"
-      dnsConfig:
-        nameservers:
-          - 127.0.0.1
-      volumes:
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-dns
-  name: netmaker-dns
-spec:
-  ports:
-  - port: 53
-    protocol: UDP
-    targetPort: 53
-    name: udp
-  - port: 53
-    protocol: TCP
-    targetPort: 53
-    name: tcp
-  selector:
-    app: netmaker-dns
-  sessionAffinity: None
-  type: ClusterIP
-  clusterIP: 10.152.183.53
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-ui
-  labels:
-    app: netmaker-ui
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-ui
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-ui
-    spec:
-      containers:
-      - name: netmaker-ui
-        image: gravitl/netmaker-ui:v0.7
-        ports:
-        - containerPort: 80
-        env:
-        - name: BACKEND_URL
-          value: "https://api.NETMAKER_BASE_DOMAIN"
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-ui
-  name: netmaker-ui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: netmaker-ui
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-api-ingress-nginx
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - api.NETMAKER_BASE_DOMAIN
-    secretName: nm-api-tls
-  rules:
-  - host: api.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-api
-            port:
-              number: 8081
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-grpc-ingress-nginx
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - grpc.NETMAKER_BASE_DOMAIN
-    secretName: nm-grpc-tls
-  rules:
-  - host: grpc.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-grpc
-            port:
-              number: 443
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-ui-ingress-nginx
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - dashboard.NETMAKER_BASE_DOMAIN
-    secretName: nm-ui-tls
-  rules:
-  - host: dashboard.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-ui
-            port:
-              number: 80

kube/netmaker-template.yaml

@@ -1,311 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: rqlite-pvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-backend
-  labels:
-    app: netmaker-backend
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-backend
-  replicas: 1
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: netmaker-backend
-    spec:
-      containers:
-      - name: netmaker-backend
-        image: gravitl/netmaker:v0.7
-        imagePullPolicy: Always
-        ports:
-        - containerPort: 8081
-        securityContext:
-          privileged: true
-        env:
-        - name: SERVER_API_CONN_STRING
-          value: "api.NETMAKER_BASE_DOMAIN:443"
-        - name: COREDNS_ADDR
-          value: "10.152.183.53"
-        - name: POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        - name: SERVER_HTTP_HOST
-          value: "api.NETMAKER_BASE_DOMAIN"
-        - name: API_PORT
-          value: "8081"
-        - name: CLIENT_MODE
-          value: "off"
-        - name: MASTER_KEY
-          value: "Unkn0wn!"
-        - name: PLATFORM
-          value: "Kubernetes"
-        - name: CORS_ALLOWED_ORIGIN
-          value: "*"
-        volumeMounts:
-        - name: nm-pvc
-          mountPath: /root/config/dnsconfig
-      - name: rqlite
-        image: rqlite/rqlite
-        ports:
-        - containerPort: 4001
-        - containerPort: 4002
-        volumeMounts:
-        - name: rqlitevol
-          mountPath: /rqlite/file/data
-      volumes:
-      - name: rqlitevol
-        persistentVolumeClaim:
-          claimName: rqlite-pvc
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: nm-pvc
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 128Mi
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-backend
-  name: netmaker-api
-spec:
-  ports:
-  - port: 8081
-    protocol: TCP
-    targetPort: 8081
-  selector:
-    app: netmaker-backend
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-backend
-  name: netmaker-grpc
-spec:
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 443
-  selector:
-    app: netmaker-backend
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-dns
-  labels:
-    app: netmaker-dns
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-dns
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-dns
-    spec:
-      containers:
-      - args:
-        - -conf
-        - /root/dnsconfig/Corefile
-        image: coredns/coredns
-        imagePullPolicy: Always
-        name: netmaker-dns
-        ports:
-        - containerPort: 53
-          name: dns
-          protocol: UDP
-        - containerPort: 53
-          name: dns-tcp
-          protocol: TCP
-        volumeMounts:
-        - mountPath: /root/dnsconfig
-          name: nm-pvc
-          readOnly: true
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-            drop:
-            - all
-      dnsPolicy: "None"
-      dnsConfig:
-        nameservers:
-          - 127.0.0.1
-      volumes:
-      - name: nm-pvc
-        persistentVolumeClaim:
-          claimName: nm-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-dns
-  name: netmaker-dns
-spec:
-  ports:
-  - port: 53
-    protocol: UDP
-    targetPort: 53
-    name: udp
-  - port: 53
-    protocol: TCP
-    targetPort: 53
-    name: tcp
-  selector:
-    app: netmaker-dns
-  sessionAffinity: None
-  type: ClusterIP
-  clusterIP: 10.152.183.53
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker-ui
-  labels:
-    app: netmaker-ui
-spec:
-  selector:
-    matchLabels:
-      app: netmaker-ui
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: netmaker-ui
-    spec:
-      containers:
-      - name: netmaker-ui
-        image: gravitl/netmaker-ui:v0.7
-        ports:
-        - containerPort: 80
-        env:
-        - name: BACKEND_URL
-          value: "https://api.NETMAKER_BASE_DOMAIN"
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: netmaker-ui
-  name: netmaker-ui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: netmaker-ui
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-api-ingress-nginx
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - api.NETMAKER_BASE_DOMAIN
-    secretName: nm-api-tls
-  rules:
-  - host: api.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-api
-            port:
-              number: 8081
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-grpc-ingress-nginx
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - grpc.NETMAKER_BASE_DOMAIN
-    secretName: nm-grpc-tls
-  rules:
-  - host: grpc.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-grpc
-            port:
-              number: 443
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-ui-ingress-nginx
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - dashboard.NETMAKER_BASE_DOMAIN
-    secretName: nm-ui-tls
-  rules:
-  - host: dashboard.NETMAKER_BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-ui
-            port:
-              number: 80