adding updated k8s yaml

k8s/netmaker-ha/kustomization.yml

@@ -1,13 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: netmaker
-resources:
-  - database/
-  - server/
-  - mq/
-  - ui/
-  - netmaker-deploy.yml
-  - netmaker-ing.yml
-  - netmaker-pvc.yml
-  - netmaker-sa.yml
-  - netmaker-ns.yml

k8s/netmaker-ha/netmaker-ing.yml

@@ -1,76 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: &app "netmaker"
-  annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    nginx.ingress.kubernetes.io/secure-backends: "true"
-    kubernetes.io/ingress.class: "nginx"
-spec:
-  rules:
-  - host: netmaker.<path:apps-kv/data/general#DN>
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: *app
-            port:
-              number: 80
-  tls:
-  - hosts:
-    - netmaker.<path:apps-kv/data/general#DN>
-    secretName: netmaker-tls
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: netmaker-api
-  annotations:
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    kubernetes.io/ingress.class: "nginx"
-spec:
-  rules:
-  - host: api.netmaker.<path:apps-kv/data/general#DN>
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-api
-            port:
-              number: 8081
-  tls:
-  - hosts:
-    - api.netmaker.<path:apps-kv/data/general#DN>
-    secretName: netmaker-tls
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: netmaker-grpc
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
-spec:
-  rules:
-  - host: grpc.netmaker.<path:apps-kv/data/general#DN>
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-grpc
-            port:
-              number: 443
-  tls:
-  - hosts:
-    - grpc.netmaker.<path:apps-kv/data/general#DN>
-    secretName: netmaker-tls

k8s/netmaker-ha/netmaker-ns.yml

@@ -1,4 +0,0 @@
-kind: Namespace
-apiVersion: v1
-metadata:
-  name: netmaker

k8s/netmaker-ha/netmaker-pvc.yml

@@ -1,26 +0,0 @@
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: netmaker
-spec:
-  storageClassName: managed-nfs-storage
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 5Gi
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: netmaker-rqlite
-  annotations:
-    nfs.io/storage-path: "data01/netmaker/rqlite"
-spec:
-  storageClassName: managed-nfs-storage
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 5Gi

k8s/netmaker-ha/netmaker-sa.yml

@@ -1,5 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: netmaker

k8s/netmaker-ha/server/kustomization.yml

@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: netmaker
-resources:
-  - netmaker-deploy.yml
-  - netmaker-svc.yml

k8s/netmaker-ha/server/netmaker-backend-deploy.yml

@@ -1,115 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  labels:
-    app: netmaker
-  name: netmaker
-spec:
-  replicas: 1
-  serviceName: netmaker-headless
-  selector:
-    matchLabels:
-      app: netmaker
-  template:
-    metadata:
-      labels:
-        app: netmaker
-    spec:
-      initContainers:
-      - name: init-sysctl
-        image: busybox
-        imagePullPolicy: IfNotPresent
-        command: ["/bin/sh", "-c"]
-        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
-        securityContext:
-          privileged: true
-      dnsPolicy: ClusterFirstWithHostNet
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - labelSelector:
-              matchExpressions:
-              - key: app
-                operator: In
-                values:
-                - netmaker
-            topologyKey: "kubernetes.io/hostname"
-      containers:
-      - env:
-        - name: SERVER_NAME
-          value: broker.nm.k8s.clustercat.com
-        - name: SERVER_API_CONN_STRING
-          value: api.nm.k8s.clustercat.com:443
-        - name: SERVER_HTTP_HOST
-          value: api.nm.k8s.clustercat.com
-        - name: API_PORT
-          value: "8081"
-        - name: WG_QUICK_USERSPACE_IMPLEMENTATION
-          value: wireguard-go
-        - name: DNS_MODE
-          value: "off"
-        - name: CLIENT_MODE
-          value: "on"
-        - name: DISPLAY_KEYS
-          value: "on"
-        - name: DATABASE
-          value: sqlite
-        - name: MASTER_KEY
-          value: cqYXwQGWiLKj
-        - name: PLATFORM
-          value: Kubernetes
-        - name: CORS_ALLOWED_ORIGIN
-          value: '*'
-        - name: MQ_HOST
-          value: "mq"
-        - name: MQ_PORT
-          value: "31883"
-        - name: PLATFORM
-          value: "Kubernetes"
-        - name: VERBOSITY
-          value: "3"
-        image: gravitl/netmaker:v0.14.3
-        imagePullPolicy: Always
-        name: netmaker
-        ports:
-        - containerPort: 8081
-          protocol: TCP
-        - containerPort: 31821
-          protocol: UDP
-        - containerPort: 31822
-          protocol: UDP
-        - containerPort: 31823
-          protocol: UDP
-        - containerPort: 31824
-          protocol: UDP
-        - containerPort: 31825
-          protocol: UDP
-        - containerPort: 31826
-          protocol: UDP
-        - containerPort: 31827
-          protocol: UDP
-        - containerPort: 31828
-          protocol: UDP
-        - containerPort: 31829
-          protocol: UDP
-        - containerPort: 31830
-          protocol: UDP
-        resources: {}
-        securityContext:
-          capabilities:
-            add:
-            - NET_ADMIN
-            - NET_RAW
-            - SYS_MODULE
-        volumeMounts:
-        - mountPath: /etc/netmaker/
-          name: shared-certs
-        - mountPath: /root/data
-          name: netmaker-data
-      volumes:
-      - name: shared-certs
-        persistentVolumeClaim:
-          claimName: shared-certs-pvc
-      - name: netmaker-data
-        persistentVolumeClaim:
-          claimName: netmaker-data-pvc

k8s/netmaker-ha/server/netmaker-backend-svc.yml

@@ -1,32 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: &labels
-    app: netmaker-backend
-    part-of: netmaker
-  name: netmaker-api
-spec:
-  ports:
-  - port: 8081
-    protocol: TCP
-    targetPort: backend
-  selector: *labels
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels: &labels
-    app: netmaker-backend
-    part-of: netmaker
-  name: netmaker-grpc
-spec:
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: backend-grpc
-  selector: *labels
-  sessionAffinity: None
-  type: ClusterIP

k8s/netmaker-server.yaml

@@ -0,0 +1,228 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: netmaker
+  name: netmaker
+spec:
+  replicas: 3
+  serviceName: netmaker-headless
+  selector:
+    matchLabels:
+      app: netmaker
+  template:
+    metadata:
+      labels:
+        app: netmaker
+    spec:
+      initContainers:
+      - name: init-sysctl
+        image: busybox
+        imagePullPolicy: IfNotPresent
+        command: ["/bin/sh", "-c"]
+        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
+        securityContext:
+          privileged: true
+      dnsPolicy: ClusterFirstWithHostNet
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - netmaker
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+      - env:
+        - name: NODE_ID
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: SERVER_NAME
+          value: broker.NETMAKER_SUBDOMAIN
+        - name: SERVER_API_CONN_STRING
+          value: api.NETMAKER_SUBDOMAIN:443
+        - name: SERVER_HTTP_HOST
+          value: api.NETMAKER_SUBDOMAIN
+        - name: API_PORT
+          value: "8081"
+        - name: WG_QUICK_USERSPACE_IMPLEMENTATION
+          value: wireguard-go
+        - name: DNS_MODE
+          value: "off"
+        - name: CLIENT_MODE
+          value: "on"
+        - name: DISPLAY_KEYS
+          value: "on"
+        - name: DATABASE
+          value: postgres
+        - name: SQL_HOST
+          value: "DB_NAME-postgresql" 
+        - name: SQL_PORT
+          value: "5432"
+        - name: SQL_DB
+          value: "postgres"
+        - name: SQL_USER
+          value: "postgres"
+        - name: SQL_PASS
+          value: "DB_PASS"
+        - name: MASTER_KEY
+          value: REPLACE_MASTER_KEY
+        - name: CORS_ALLOWED_ORIGIN
+          value: '*'
+        - name: MQ_HOST
+          value: "mq"
+        - name: MQ_PORT
+          value: "31883"
+        - name: MQ_SERVER_PORT
+          value: "8883"
+        - name: PLATFORM
+          value: "Kubernetes"
+        - name: VERBOSITY
+          value: "3"
+        image: gravitl/netmaker:v0.14.5
+        imagePullPolicy: Always
+        name: netmaker
+        ports:
+        - containerPort: 8081
+          protocol: TCP
+        - containerPort: 31821
+          protocol: UDP
+        - containerPort: 31822
+          protocol: UDP
+        - containerPort: 31823
+          protocol: UDP
+        - containerPort: 31824
+          protocol: UDP
+        - containerPort: 31825
+          protocol: UDP
+        - containerPort: 31826
+          protocol: UDP
+        - containerPort: 31827
+          protocol: UDP
+        - containerPort: 31828
+          protocol: UDP
+        - containerPort: 31829
+          protocol: UDP
+        - containerPort: 31830
+          protocol: UDP
+        resources: {}
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+            - SYS_MODULE
+        volumeMounts:
+        - mountPath: /etc/netmaker/
+          name: shared-certs
+      volumes:
+      - name: shared-certs
+        persistentVolumeClaim:
+          claimName: shared-certs-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+  name: 'netmaker-wireguard'
+spec:
+  externalTrafficPolicy: Local
+  type: NodePort
+  ports:
+  - port: 31821
+    nodePort: 31821
+    protocol: UDP
+    targetPort: 31821
+    name: wg-iface-31821
+  - port: 31822
+    nodePort: 31822
+    protocol: UDP
+    targetPort: 31822
+    name: wg-iface-31822
+  - port: 31823
+    nodePort: 31823
+    protocol: UDP
+    targetPort: 31823
+    name: wg-iface-31823
+  - port: 31824
+    nodePort: 31824
+    protocol: UDP
+    targetPort: 31824
+    name: wg-iface-31824
+  - port: 31825
+    nodePort: 31825
+    protocol: UDP
+    targetPort: 31825
+    name: wg-iface-31825
+  - port: 31826
+    nodePort: 31826
+    protocol: UDP
+    targetPort: 31826
+    name: wg-iface-31826
+  - port: 31827
+    nodePort: 31827
+    protocol: UDP
+    targetPort: 31827
+    name: wg-iface-31827
+  - port: 31828
+    nodePort: 31828
+    protocol: UDP
+    targetPort: 31828
+    name: wg-iface-31828
+  - port: 31829
+    nodePort: 31829
+    protocol: UDP
+    targetPort: 31829
+    name: wg-iface-31829
+  - port: 31830
+    nodePort: 31830
+    protocol: UDP
+    targetPort: 31830
+    name: wg-iface-31830
+  selector:
+    app: 'netmaker'
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: 'netmaker-rest'
+spec:
+  ports:
+  - name: rest
+    port: 8081
+    protocol: TCP
+    targetPort: 8081
+  selector:
+    app: 'netmaker'
+  sessionAffinity: None
+  type: ClusterIP
+# ---
+# apiVersion: networking.k8s.io/v1
+# kind: Ingress
+# metadata:
+#   name: nm-api-ingress-nginx
+#   annotations:
+#     nginx.ingress.kubernetes.io/rewrite-target: /
+#     cert-manager.io/cluster-issuer: "letsencrypt-nginx"
+#     nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+# spec:
+#   ingressClassName: nginx
+#   tls:
+#   - hosts:
+#     - api.NETMAKER_SUBDOMAIN
+#     secretName: nm-api-tls
+#   rules:
+#   - host: api.NETMAKER_SUBDOMAIN
+#     http:
+#       paths:
+#       - path: /
+#         pathType: Prefix
+#         backend:
+#           service:
+#             name: netmaker-rest
+#             port:
+#               number: 8081

k8s/netmaker-singlenode/01-namespace.yaml

@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: netmaker

k8s/netmaker-singlenode/02-pvc.yaml

@@ -1,26 +0,0 @@
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: nm-sqldata
-  namespace: netmaker
-spec:
-  accessModes:
-  - ReadWriteOnce
-  storageClassName: STORAGE_CLASS_RWO
-  resources:
-    requests:
-      storage: 500Mi
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: nm-mq-certs
-  namespace: netmaker
-spec:
-  accessModes:
-  - ReadWriteMany
-  storageClassName: STORAGE_CLASS_RWX
-  resources:
-    requests:
-      storage: 50Mi

k8s/netmaker-singlenode/03-svc.yaml

@@ -1,107 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-  name: 'netmaker-wireguard'
-spec:
-  externalTrafficPolicy: Local
-  type: NodePort
-  ports:
-  - port: 31821
-    nodePort: 31821
-    protocol: UDP
-    targetPort: 31821
-    name: wg-iface-31821
-  - port: 31822
-    nodePort: 31822
-    protocol: UDP
-    targetPort: 31822
-    name: wg-iface-31822
-  - port: 31823
-    nodePort: 31823
-    protocol: UDP
-    targetPort: 31823
-    name: wg-iface-31823
-  - port: 31824
-    nodePort: 31824
-    protocol: UDP
-    targetPort: 31824
-    name: wg-iface-31824
-  - port: 31825
-    nodePort: 31825
-    protocol: UDP
-    targetPort: 31825
-    name: wg-iface-31825
-  selector:
-    app: 'netmaker'
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: 'netmaker-rest'
-spec:
-  ports:
-  - name: rest
-    port: 8081
-    protocol: TCP
-    targetPort: 8081
-  selector:
-    app: 'netmaker'
-  sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  namespace: netmaker
-  labels:
-    app: netmaker
-  name: netmaker-ui
-spec:
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 80
-  selector:
-    app: netmaker
-  sessionAffinity: None
-  type: ClusterIP
-# ---
-# apiVersion: v1
-# kind: Service
-# metadata:
-#   name: mq
-#   namespace: netmaker
-# spec:
-#   ports:
-#   - name: mqtt
-#     port: 1883
-#     protocol: TCP
-#     targetPort: mqtt
-#   - name: mqtt2
-#     port: 8883
-#     protocol: TCP
-#     targetPort: mqtt2    
-#   selector:
-#     app.kubernetes.io/instance: mosquitto
-#     app.kubernetes.io/name: mosquitto
-#   sessionAffinity: None
-# ---
-# apiVersion: v1
-# kind: Service
-# metadata:
-#   labels:
-#   name: 'netmaker-mqtt'
-# spec:
-#   externalTrafficPolicy: Local
-#   type: NodePort
-#   selector:
-#     app.kubernetes.io/instance: mosquitto
-#     app.kubernetes.io/name: mosquitto
-#   ports:
-#   - port: 31883
-#     nodePort: 31883
-#     protocol: TCP
-#     targetPort: 8883
-#     name: nm-mqtt

k8s/netmaker-singlenode/04-configmap.yaml

@@ -1,18 +0,0 @@
----
-apiVersion: v1
-data:
-  mosquitto.conf: |
-    per_listener_settings true
-    listener 8883
-    allow_anonymous false
-    require_certificate true
-    use_identity_as_username true
-    cafile /mosquitto/certs/root.pem
-    certfile /mosquitto/certs/server.pem
-    keyfile /mosquitto/certs/server.key
-    listener 1883 
-    allow_anonymous true  
-kind: ConfigMap
-metadata:
-  name: mosquitto-config
-  namespace: netmaker

k8s/netmaker-singlenode/05-ingress-nginx.yaml

@@ -1,52 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-api-ingress
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-nginx"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - api.BASE_DOMAIN
-    secretName: nm-api-tls
-  rules:
-  - host: api.BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-rest
-            port:
-              number: 8081
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: nm-ui-ingress
-  annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
-    cert-manager.io/cluster-issuer: "letsencrypt-nginx"
-    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
-spec:
-  ingressClassName: nginx
-  tls:
-  - hosts:
-    - dashboard.BASE_DOMAIN
-    secretName: nm-ui-tls
-  rules:
-  - host: dashboard.BASE_DOMAIN
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: netmaker-ui
-            port:
-              number: 80

k8s/netmaker-singlenode/05-ingress-traefik.yaml

@@ -1,75 +0,0 @@
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: secheaders
-  namespace: netmaker
-spec:
-  headers:
-    stsIncludeSubdomains: true
-    stsPreload: true
-    stsSeconds: 31536000
-    forceSTSHeader: true
-    sslRedirect: true
-    referrerPolicy: "same-origin"
-    frameDeny: true
-    contentTypeNosniff: true
-    browserXssFilter: true
-    accessControlAllowMethods: ["GET", "OPTIONS", "PUT"]
-    accessControlMaxAge: 100
-    customFrameOptionsValue: SAMEORIGIN
-    contentSecurityPolicy: frame-ancestors 'self'
-    permissionsPolicy: geolocation=(), microphone=()
-    referrerPolicy: no-referrer
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: nm-api-ingress-tls
-  namespace: netmaker
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`api.BASE_DOMAIN`)
-    kind: Rule
-    services:
-    - name: netmaker-api
-      port: 8081
-  tls:
-    certResolver: CERT_PROVIDER
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: nm-ui-ingress-tls
-  namespace: netmaker
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`dashboard.BASE_DOMAIN`)
-    kind: Rule
-    services:
-    - name: netmaker-ui
-      port: 80
-    middlewares:
-    - name: secheaders
-  tls:
-    certResolver:  CERT_PROVIDER
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRouteTCP
-metadata:
-  namespace: netmaker
-  name: nm-mq-ingress-tls
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: HostSNI(`broker.BASE_DOMAIN`)
-    services:
-      - name: netmaker-mq
-        port: 8883
-  tls:
-    passthrough: true

k8s/netmaker-singlenode/06-deployment.yaml

@@ -1,156 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: netmaker
-  namespace: netmaker
-  labels:
-    app: netmaker
-spec:
-  selector:
-    matchLabels:
-      app: netmaker
-  replicas: 1
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: netmaker
-    spec:
-      initContainers:
-      - name: init-sysctl
-        image: busybox
-        imagePullPolicy: IfNotPresent
-        command: ["/bin/sh", "-c"]
-        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
-        securityContext:
-          privileged: true
-      dnsPolicy: ClusterFirstWithHostNet
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - labelSelector:
-              matchExpressions:
-              - key: app
-                operator: In
-                values:
-                - netmaker
-            topologyKey: "kubernetes.io/hostname"
-      containers:
-      - env:
-        - name: SERVER_NAME
-          value: broker.BASE_DOMAIN
-        - name: SERVER_API_CONN_STRING
-          value: api.BASE_DOMAIN:443
-        - name: SERVER_HTTP_HOST
-          value: api.BASE_DOMAIN
-        - name: API_PORT
-          value: "8081"
-        - name: WG_QUICK_USERSPACE_IMPLEMENTATION
-          value: wireguard-go
-        - name: DNS_MODE
-          value: "off"
-        - name: CLIENT_MODE
-          value: "on"
-        - name: DISPLAY_KEYS
-          value: "on"
-        - name: DATABASE
-          value: sqlite
-        - name: MASTER_KEY
-          value: REPLACE_MASTER_KEY
-        - name: PLATFORM
-          value: Kubernetes
-        - name: CORS_ALLOWED_ORIGIN
-          value: '*'
-        - name: MQ_HOST
-          value: "127.0.0.1"          
-#        Uncomment this section if using the Nginx config
-#        - name: MQ_PORT
-#          value: "31883"
-        - name: PLATFORM
-          value: "Kubernetes"
-        - name: VERBOSITY
-          value: "3"
-        image: gravitl/netmaker:v0.14.3
-        imagePullPolicy: Always
-        name: netmaker
-        ports:
-        - containerPort: 8081
-          protocol: TCP
-        - containerPort: 31821
-          protocol: UDP
-        - containerPort: 31822
-          protocol: UDP
-        - containerPort: 31823
-          protocol: UDP
-        - containerPort: 31824
-          protocol: UDP
-        - containerPort: 31825
-          protocol: d
-        resources: {}
-        securityContext:
-          capabilities:
-            add:
-            - NET_ADMIN
-            - NET_RAW
-            - SYS_MODULE
-        volumeMounts:
-        - mountPath: /etc/netmaker/
-          name: shared-certs
-        - mountPath: /root/data
-          name: netmaker-data
-      - name: netmaker-ui
-        image: gravitl/netmaker-ui:v0.14.3
-        ports:
-        - containerPort: 80
-        env:
-        - name: BACKEND_URL
-          value: "https://api.netmaker.NETMAKER_BASE_DOMAIN"
-      - image: eclipse-mosquitto:2.0.11-openssl
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          failureThreshold: 3
-          periodSeconds: 10
-          successThreshold: 1
-          tcpSocket:
-            port: 8883
-          timeoutSeconds: 1
-        name: mosquitto
-        ports:
-        - containerPort: 1883        
-          name: mqtt
-          protocol: TCP
-        - containerPort: 8883        
-          name: mqtt2
-          protocol: TCP
-        readinessProbe:
-          failureThreshold: 3
-          periodSeconds: 10
-          successThreshold: 1
-          tcpSocket:
-            port: 8883
-          timeoutSeconds: 1
-        resources: {}
-        startupProbe:
-          failureThreshold: 30
-          periodSeconds: 5
-          successThreshold: 1
-          tcpSocket:
-            port: 8883
-          timeoutSeconds: 1
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        volumeMounts:
-        - mountPath: /mosquitto/config/mosquitto.conf
-          name: mosquitto-config
-          subPath: mosquitto.conf
-        - mountPath: /mosquitto/certs
-          name: shared-certs
-      volumes:
-      - name: nm-sqldata
-        persistentVolumeClaim:
-          claimName: nm-pvc-sqldata
-      - name: netmaker-mq-configmap
-        configMap:
-          name: netmaker-mq-configmap

k8s/netmaker-ui.yaml

@@ -0,0 +1,64 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-ui
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: netmaker-ui
+  template:
+    metadata:
+      labels:
+        app: netmaker-ui
+    spec:
+      containers:
+      - name: netmaker-ui
+        image: gravitl/netmaker-ui:v0.14.5
+        ports:
+        - containerPort: 443
+        env:
+        - name: BACKEND_URL
+          value: 'https://api.NETMAKER_SUBDOMAIN'
+      terminationGracePeriodSeconds: 15
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: 'netmaker-ui'
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: 'netmaker-ui'
+  sessionAffinity: None
+  type: 'ClusterIP'
+# ---
+# apiVersion: networking.k8s.io/v1
+# kind: Ingress
+# metadata:
+#   name: nm-ui-ingress-nginx
+#   annotations:
+#     nginx.ingress.kubernetes.io/rewrite-target: /
+#     cert-manager.io/cluster-issuer: "letsencrypt-nginx"
+#     nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+# spec:
+#   ingressClassName: nginx
+#   tls:
+#   - hosts:
+#     - dashboard.NETMAKER_SUBDOMAIN
+#     secretName: nm-ui-tls
+#   rules:
+#   - host: dashboard.NETMAKER_SUBDOMAIN
+#     http:
+#       paths:
+#       - path: /
+#         pathType: Prefix
+#         backend:
+#           service:
+#             name: netmaker-ui
+#             port:
+#               number: 80