adding kubernetes templates

kube/mongo-statefulset.yaml → kube/components/mongo-statefulset.yaml

@@ -44,16 +44,16 @@ spec:
       volumes:
       - name: mongovol
         persistentVolumeClaim:
-          claimName: mongo-pvc
+          claimName: mongodb-pvc
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: mongo-pvc
+  name: mongodb-pvc
 spec:
   accessModes:
     - ReadWriteOnce
   resources:
     requests:
       storage: 7Gi
-  storageClassName: longhorn
+  storageClassName: microk8s-hostpath

kube/components/netclient-template.yaml.backup

@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: netclient
+  labels:
+    app: netclient
+spec:
+  selector:
+    matchLabels:
+      app: netclient
+  template:
+    metadata:
+      labels:
+        app: netclient
+    spec:
+      hostNetwork: true
+      containers:
+      - name: netclient
+        image: gravitl/netclient:v0.5.8
+        command: ['bash', '-c', "/root/netclient join -t $ACCESS_TOKEN --daemon off --name $(echo $NODE_NAME| sed -e s/.$NETWORK//); while true; do /root/netclient checkin -n $NETWORK; sleep $SLEEP; done"]
+        env:
+        - name: ACCESS_TOKEN
+          value: "ACCESS_TOKEN_VALUE"
+        - name: NETWORK
+          value: "microk8s"
+        - name: SLEEP
+          value: "30"
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        volumeMounts:
+        - mountPath: /etc/netclient
+          name: etc-netclient
+        - mountPath: /usr/bin/wg
+          name: wg
+        - mountPath: /var/run/dbus/system_bus_socket
+          name: systemd-bus-socket
+        securityContext:
+          privileged: true
+          #capabilities:
+          #  add:
+          #  - ["NET_ADMIN","SYS_ADMIN","SYS_MODULE"]
+      volumes:
+      - hostPath:
+          path: /etc/netclient
+          type: DirectoryOrCreate
+        name: etc-netclient
+      - hostPath:
+          path: /usr/bin/wg
+          type: File
+        name: wg 
+      - hostPath:
+          path: /usr/bin/resolvectl
+          type: File
+        name: resolvectl
+      - hostPath:
+          path: /var/run/dbus/system_bus_socket
+          type: ""
+        name: systemd-bus-socket
+
+

kube/netmaker-api.yaml → kube/components/netmaker-api.yaml

@@ -1,35 +1,50 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: netmaker
+  name: netmaker-api
   labels:
-    app: netmaker
+    app: netmaker-api
 spec:
   selector:
     matchLabels:
-      app: netmaker
+      app: netmaker-api
   replicas: 1
   template:
     metadata:
       labels:
-        app: netmaker
+        app: netmaker-api
     spec:
       containers:
-      - name: netmaker
-        image: gravitl/netmaker:v0.5
+      - name: netmaker-api
+        image: gravitl/netmaker:v0.5.7
         ports:
         - containerPort: 8081
+        volumeMounts:
+        - name: nm-pvc
+          mountPath: /root/config/dnsconfig
         env:
-        - name: SERVER_HOST
-          value: "api.test.netmaker.org"
+        - name: SERVER_API_CONN_STRING
+          value: "api.nm.k8s.gravitl.com:443"
+        - name: SERVER_GRPC_CONN_STRING
+          value: "grpc.nm.k8s.gravitl.com:443"
+        - name: COREDNS_ADDR
+          value: "netmaker-dns"
+        - name: GRPC_SSL
+          value: "on"
+        - name: SERVER_HTTP_HOST
+          value: "api.nm.k8s.gravitl.com"
+        - name: SERVER_GRPC_HOST
+          value: "grpc.nm.k8s.gravitl.com"
         - name: API_PORT
           value: "8081"
+        - name: GRPC_PORT
+          value: "50051"
         - name: AGENT_BACKEND
           value: "off"
         - name: CLIENT_MODE
           value: "off"
         - name: DNS_MODE
-          value: "off"
+          value: "on"
         - name: MASTER_KEY
           value: "Unkn0wn!"
         - name: SERVER_GRPC_WIREGUARD
@@ -48,19 +63,35 @@ spec:
           value: "mongo-0.mongo"
         - name: MONGO_OPTS
           value: "/?authSource=admin"
+      volumes:
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nm-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 128Mi
+  storageClassName: microk8s-hostpath
 ---
 apiVersion: v1
 kind: Service
 metadata:
   labels:
-    app: netmaker
-  name: netmaker
+    app: netmaker-api
+  name: netmaker-api
 spec:
   ports:
   - port: 8081
     protocol: TCP
     targetPort: 8081
   selector:
-    app: netmaker
+    app: netmaker-api
   sessionAffinity: None
   type: ClusterIP

kube/components/netmaker-backend.yaml

@@ -0,0 +1,109 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-backend
+  labels:
+    app: netmaker-backend
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-backend
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-backend
+    spec:
+      containers:
+      - name: netmaker-backend
+        image: gravitl/netmaker:v0.5.7
+        ports:
+        - containerPort: 8081
+        volumeMounts:
+        - name: nm-pvc
+          mountPath: /root/config/dnsconfig
+        env:
+        - name: SERVER_API_CONN_STRING
+          value: "api.nm.k8s.gravitl.com:443"
+        - name: SERVER_GRPC_CONN_STRING
+          value: "grpc.nm.k8s.gravitl.com:443"
+        - name: COREDNS_ADDR
+          value: "10.152.183.53"
+        - name: GRPC_SSL
+          value: "on"
+        - name: SERVER_HTTP_HOST
+          value: "api.k8s.gravitl.com"
+        - name: SERVER_GRPC_HOST
+          value: "grpc.k8s.gravitl.com"
+        - name: API_PORT
+          value: "8081"
+        - name: GRPC_PORT
+          value: "443"
+        - name: CLIENT_MODE
+          value: "off"
+        - name: MASTER_KEY
+          value: "Unkn0wn!"
+        - name: SERVER_GRPC_WIREGUARD
+          value: "off"
+        - name: MASTER_KEY
+          value: "secretkey"
+        - name: CORS_ALLOWED_ORIGIN
+          value: "*"
+        - name: DISABLE_REMOTE_IP_CHECK
+          value: "on"
+        - name: MONGO_ADMIN
+          value: "mongoadmin"
+        - name: MONGO_PASS
+          value: "mongopass"
+        - name: MONGO_HOST
+          value: "mongo-0.mongo"
+        - name: MONGO_OPTS
+          value: "/?authSource=admin"
+      volumes:
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nm-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 128Mi
+  storageClassName: microk8s-hostpath
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-backend
+  name: netmaker-api
+spec:
+  ports:
+  - port: 8081
+    protocol: TCP
+    targetPort: 8081
+  selector:
+    app: netmaker-backend
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-backend
+  name: netmaker-grpc
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    app: netmaker-backend
+  sessionAffinity: None
+  type: ClusterIP

kube/components/netmaker-dns.yaml

@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-dns
+  labels:
+    app: netmaker-dns
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-dns
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-dns
+    spec:
+      containers:
+      - args:
+        - -conf
+        - /root/dnsconfig/Corefile
+        image: coredns/coredns
+        imagePullPolicy: Always
+        name: netmaker-dns
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /root/dnsconfig
+          name: nm-pvc
+          readOnly: true
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+      dnsPolicy: "None"
+      dnsConfig:
+        nameservers:
+          - 127.0.0.1
+      volumes:
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-dns
+  name: netmaker-dns
+spec:
+  ports:
+  - port: 53
+    protocol: UDP
+    targetPort: 53
+    name: udp
+  - port: 53
+    protocol: TCP
+    targetPort: 53
+    name: tcp
+  selector:
+    app: netmaker-dns
+  sessionAffinity: None
+  type: ClusterIP
+  clusterIP: 10.152.183.53

kube/netmaker-grpc.yaml → kube/components/netmaker-grpc.yaml

@@ -16,16 +16,25 @@ spec:
     spec:
       containers:
       - name: netmaker-grpc
-        image: gravitl/netmaker:v0.5
+        image: gravitl/netmaker:v0.5.7
         ports:
-        - containerPort: 50051
+        - containerPort: 443
+        volumeMounts:
+        - name: nm-pvc
+          mountPath: /root/dnsconfig
         env:
-        - name: SERVER_HOST
-          value: "grpc.test.netmaker.org"
+        - name: SERVER_API_CONN_STRING
+          value: "api.nm.k8s.gravitl.com:443"
+        - name: SERVER_GRPC_CONN_STRING
+          value: "grpc.nm.k8s.gravitl.com:443"
+        - name: COREDNS_ADDR
+          value: "netmaker-dns"
+        - name: GRPC_SSL
+          value: "on"
         - name: CLIENT_MODE
           value: "off"
         - name: DNS_MODE
-          value: "off"
+          value: "on"
         - name: MASTER_KEY
           value: "Unkn0wn!"
         - name: SERVER_GRPC_WIREGUARD
@@ -47,9 +56,13 @@ spec:
         - name: SERVER_GRPC_HOST
           value: "0.0.0.0"
         - name: GRPC_PORT
-          value: "50051"
+          value: "443"
         - name: REST_BACKEND
           value: "off"
+      volumes:
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
 ---
 apiVersion: v1
 kind: Service
@@ -59,10 +72,11 @@ metadata:
   name: netmaker-grpc
 spec:
   ports:
-  - port: 50051
+  - port: 443
     protocol: TCP
-    targetPort: 50051
+    targetPort: 443
   selector:
     app: netmaker-grpc
   sessionAffinity: None
   type: ClusterIP
+

kube/netmaker-ingress-api.yaml → kube/components/netmaker-ingress-api.yaml

@@ -12,7 +12,7 @@ metadata:
   namespace: netmaker
 spec:
   rules:
-  - host: api.test.netmaker.org
+  - host: api.NETMAKER_BASE_DOMAIN
     http:
       paths:
       - path: /
@@ -21,5 +21,5 @@ spec:
           servicePort: 8081
   tls:
   - hosts: 
-    - api.test.netmaker.org
+    - api.NETMAKER_BASE_DOMAIN
     secretName: cert-nm-api

kube/netmaker-ingress-frontend.yaml → kube/components/netmaker-ingress-frontend.yaml

@@ -12,7 +12,7 @@ metadata:
   namespace: netmaker
 spec:
   rules:
-  - host: nm.test.netmaker.org
+  - host: dashboard.NETMAKER_BASE_DOMAIN
     http:
       paths:
       - path: /
@@ -21,5 +21,5 @@ spec:
           servicePort: 80
   tls:
   - hosts: 
-    - nm.test.netmaker.org
+    - dashboard.NETMAKER_BASE_DOMAIN
     secretName: cert-nm-ui

kube/netmaker-ingress-grpc.yaml → kube/components/netmaker-ingress-grpc.yaml

@@ -8,7 +8,7 @@ metadata:
   namespace: netmaker
 spec:
   rules:
-  - host: grpc.test.netmaker.org
+  - host: grpc.NETMAKER_BASE_DOMAIN
     http:
       paths:
       - path: /

kube/components/netmaker-template.yaml.backup

@@ -0,0 +1,355 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongo
+  labels:
+    name: mongo
+spec:
+  ports:
+    - port: 27017
+      targetPort: 27017
+  clusterIP: None
+  selector:
+    role: mongo
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongo
+spec:
+  serviceName: "mongo"
+  replicas: 1
+  selector:
+    matchLabels:
+      role: mongo
+  template:
+    metadata:
+      labels:
+        app: mongo
+        role: mongo
+    spec:
+      containers:
+      - name: mongo
+        image: mongo
+        env:
+          - name: MONGO_INITDB_ROOT_USERNAME
+            value: mongoadmin
+          - name: MONGO_INITDB_ROOT_PASSWORD
+            value: mongopass
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: mongovol
+          mountPath: /data/db
+      volumes:
+      - name: mongovol
+        persistentVolumeClaim:
+          claimName: mongodb-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mongodb-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 7Gi
+  storageClassName: microk8s-hostpath
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-backend
+  labels:
+    app: netmaker-backend
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-backend
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-backend
+    spec:
+      containers:
+      - name: netmaker-backend
+        image: gravitl/netmaker:v0.5.7
+        ports:
+        - containerPort: 8081
+        volumeMounts:
+        - name: nm-pvc
+          mountPath: /root/config/dnsconfig
+        env:
+        - name: SERVER_API_CONN_STRING
+          value: "api.NETMAKER_BASE_DOMAIN:443"
+        - name: SERVER_GRPC_CONN_STRING
+          value: "grpc.NETMAKER_BASE_DOMAIN:443"
+        - name: COREDNS_ADDR
+          value: "10.152.183.53"
+        - name: GRPC_SSL
+          value: "on"
+        - name: SERVER_HTTP_HOST
+          value: "api.NETMAKER_BASE_DOMAIN"
+        - name: SERVER_GRPC_HOST
+          value: "grpc.NETMAKER_BASE_DOMAIN"
+        - name: API_PORT
+          value: "8081"
+        - name: GRPC_PORT
+          value: "443"
+        - name: CLIENT_MODE
+          value: "off"
+        - name: MASTER_KEY
+          value: "Unkn0wn!"
+        - name: SERVER_GRPC_WIREGUARD
+          value: "off"
+        - name: MASTER_KEY
+          value: "secretkey"
+        - name: CORS_ALLOWED_ORIGIN
+          value: "*"
+        - name: DISABLE_REMOTE_IP_CHECK
+          value: "on"
+        - name: MONGO_ADMIN
+          value: "mongoadmin"
+        - name: MONGO_PASS
+          value: "mongopass"
+        - name: MONGO_HOST
+          value: "mongo-0.mongo"
+        - name: MONGO_OPTS
+          value: "/?authSource=admin"
+      volumes:
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nm-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 128Mi
+  storageClassName: microk8s-hostpath
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-backend
+  name: netmaker-api
+spec:
+  ports:
+  - port: 8081
+    protocol: TCP
+    targetPort: 8081
+  selector:
+    app: netmaker-backend
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-backend
+  name: netmaker-grpc
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    app: netmaker-backend
+  sessionAffinity: None
+  type: ClusterIP
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-dns
+  labels:
+    app: netmaker-dns
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-dns
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-dns
+    spec:
+      containers:
+      - args:
+        - -conf
+        - /root/dnsconfig/Corefile
+        image: coredns/coredns
+        imagePullPolicy: Always
+        name: netmaker-dns
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /root/dnsconfig
+          name: nm-pvc
+          readOnly: true
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+      dnsPolicy: "None"
+      dnsConfig:
+        nameservers:
+          - 127.0.0.1
+      volumes:
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-dns
+  name: netmaker-dns
+spec:
+  ports:
+  - port: 53
+    protocol: UDP
+    targetPort: 53
+    name: udp
+  - port: 53
+    protocol: TCP
+    targetPort: 53
+    name: tcp
+  selector:
+    app: netmaker-dns
+  sessionAffinity: None
+  type: ClusterIP
+  clusterIP: 10.152.183.53
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-ui
+  labels:
+    app: netmaker-ui
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-ui
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-ui
+    spec:
+      containers:
+      - name: netmaker-ui
+        image: gravitl/netmaker-ui:v0.5
+        ports:
+        - containerPort: 80
+        env:
+        - name: BACKEND_URL
+          value: "https://api.NETMAKER_BASE_DOMAIN"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-ui
+  name: netmaker-ui
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: netmaker-ui
+  sessionAffinity: None
+  type: ClusterIP
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-api-ingress-nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - api.NETMAKER_BASE_DOMAIN
+    secretName: nm-api-tls
+  rules:
+  - host: api.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-api
+            port:
+              number: 8081
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-grpc-ingress-nginx
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - grpc.NETMAKER_BASE_DOMAIN
+    secretName: nm-grpc-tls
+  rules:
+  - host: grpc.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-grpc
+            port:
+              number: 443
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-ui-ingress-nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - dashboard.NETMAKER_BASE_DOMAIN
+    secretName: nm-ui-tls
+  rules:
+  - host: dashboard.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-ui
+            port:
+              number: 80

kube/netmaker-ui.yaml → kube/components/netmaker-ui.yaml

@@ -21,7 +21,7 @@ spec:
         - containerPort: 80
         env:
         - name: BACKEND_URL
-          value: "https://api.test.netmaker.org"
+          value: "https://api.nm.k8s.gravitl.com"
 ---
 apiVersion: v1
 kind: Service

kube/components/nm-ingress-api-nginx.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-api-ingress-nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - api.NETMAKER_BASE_DOMAIN
+    secretName: nm-api-tls
+  rules:
+  - host: api.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-api
+            port:
+              number: 8081
+

kube/components/nm-ingress-grpc-nginx.yaml

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-grpc-ingress-nginx
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - grpc.NETMAKER_BASE_DOMAIN
+    secretName: nm-grpc-tls-2
+  rules:
+  - host: grpc.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-grpc
+            port:
+              number: 443

kube/components/nm-ingress-ui-nginx.yaml

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-ui-ingress-nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - dashboard.NETMAKER_BASE_DOMAIN
+    secretName: nm-ui-tls
+  rules:
+  - host: dashboard.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-ui
+            port:
+              number: 80
+

kube/example/clusterissuer.yaml

@@ -0,0 +1,20 @@
+# before applying, run the following: microk8s kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.4.0/cert-manager.yaml
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+  namespace: cert-manager
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: YOUR_EMAIL
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: public

kube/example/dnsutils.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: dnsutils
+spec:
+  containers:
+  - name: dnsutils
+    image: gcr.io/kubernetes-e2e-test-images/dnsutils:1.3
+    command:
+      - sleep
+      - "3600"
+    imagePullPolicy: IfNotPresent
+  restartPolicy: Always

kube/example/nginx-example.yaml

@@ -0,0 +1,73 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 5 # Update the replicas from 2 to 4
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 1
+            preference:
+              matchExpressions:
+              - key: location
+                operator: In
+                values:
+                - onprem
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: nginx
+  name: nginx-service
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: nginx
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nginx-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - nginx.BASE_DOMAIN
+    secretName: nginx-tls
+  rules:
+  - host: nginx.BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-service
+            port:
+              number: 80
+
+

kube/example/pingtest.yaml

@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pingtest
+spec:
+  selector:
+    matchLabels:
+      app: pingtest
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: pingtest
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - pingtest
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+      - name: busybox
+        image: busybox
+        command: ["/bin/sh", "-ec", "sleep 10000"]

kube/netclient-template.yaml

@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: netclient
+  labels:
+    app: netclient
+spec:
+  selector:
+    matchLabels:
+      app: netclient
+  template:
+    metadata:
+      labels:
+        app: netclient
+    spec:
+      hostNetwork: true
+      containers:
+      - name: netclient
+        image: gravitl/netclient:v0.5.8
+        command: ['bash', '-c', "/root/netclient join -t $ACCESS_TOKEN --daemon off --name $(echo $NODE_NAME| sed -e s/.$NETWORK//); while true; do /root/netclient checkin -n $NETWORK; sleep $SLEEP; done"]
+        env:
+        - name: ACCESS_TOKEN
+          value: "ACCESS_TOKEN_VALUE"
+        - name: NETWORK
+          value: "microk8s"
+        - name: SLEEP
+          value: "30"
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        volumeMounts:
+        - mountPath: /etc/netclient
+          name: etc-netclient
+        - mountPath: /usr/bin/wg
+          name: wg
+        - mountPath: /var/run/dbus/system_bus_socket
+          name: systemd-bus-socket
+        securityContext:
+          privileged: true
+          #capabilities:
+          #  add:
+          #  - ["NET_ADMIN","SYS_ADMIN","SYS_MODULE"]
+      volumes:
+      - hostPath:
+          path: /etc/netclient
+          type: DirectoryOrCreate
+        name: etc-netclient
+      - hostPath:
+          path: /usr/bin/wg
+          type: File
+        name: wg 
+      - hostPath:
+          path: /usr/bin/resolvectl
+          type: File
+        name: resolvectl
+      - hostPath:
+          path: /var/run/dbus/system_bus_socket
+          type: ""
+        name: systemd-bus-socket
+
+

kube/netmaker-template.yaml

@@ -0,0 +1,360 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongo
+  labels:
+    name: mongo
+spec:
+  ports:
+    - port: 27017
+      targetPort: 27017
+  clusterIP: None
+  selector:
+    role: mongo
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongo
+spec:
+  serviceName: "mongo"
+  replicas: 1
+  selector:
+    matchLabels:
+      role: mongo
+  template:
+    metadata:
+      labels:
+        app: mongo
+        role: mongo
+    spec:
+      containers:
+      - name: mongo
+        image: mongo
+        env:
+          - name: MONGO_INITDB_ROOT_USERNAME
+            value: mongoadmin
+          - name: MONGO_INITDB_ROOT_PASSWORD
+            value: mongopass
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: mongovol
+          mountPath: /data/db
+      volumes:
+      - name: mongovol
+        persistentVolumeClaim:
+          claimName: mongodb-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mongodb-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 7Gi
+  storageClassName: microk8s-hostpath
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-backend
+  labels:
+    app: netmaker-backend
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-backend
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-backend
+    spec:
+      containers:
+      - name: netmaker-backend
+        image: gravitl/netmaker:v0.5.8
+        ports:
+        - containerPort: 8081
+        volumeMounts:
+        - name: nm-pvc
+          mountPath: /root/config/dnsconfig
+        env:
+        - name: SERVER_API_CONN_STRING
+          value: "api.NETMAKER_BASE_DOMAIN:443"
+        - name: SERVER_GRPC_CONN_STRING
+          value: "grpc.NETMAKER_BASE_DOMAIN:443"
+        - name: COREDNS_ADDR
+          value: "10.152.183.53"
+        - name: GRPC_SSL
+          value: "on"
+        - name: SERVER_HTTP_HOST
+          value: "api.NETMAKER_BASE_DOMAIN"
+        - name: SERVER_GRPC_HOST
+          value: "grpc.NETMAKER_BASE_DOMAIN"
+        - name: API_PORT
+          value: "8081"
+        - name: GRPC_PORT
+          value: "443"
+        - name: CLIENT_MODE
+          value: "off"
+        - name: MASTER_KEY
+          value: "Unkn0wn!"
+        - name: SERVER_GRPC_WIREGUARD
+          value: "off"
+        - name: MASTER_KEY
+          value: "secretkey"
+        - name: CORS_ALLOWED_ORIGIN
+          value: "*"
+        - name: DISABLE_REMOTE_IP_CHECK
+          value: "on"
+        - name: MONGO_ADMIN
+          value: "mongoadmin"
+        - name: MONGO_PASS
+          value: "mongopass"
+        - name: MONGO_HOST
+          value: "mongo-0.mongo"
+        - name: MONGO_OPTS
+          value: "/?authSource=admin"
+      volumes:
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nm-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 128Mi
+  storageClassName: microk8s-hostpath
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-backend
+  name: netmaker-api
+spec:
+  ports:
+  - port: 8081
+    protocol: TCP
+    targetPort: 8081
+  selector:
+    app: netmaker-backend
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-backend
+  name: netmaker-grpc
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    app: netmaker-backend
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-dns
+  labels:
+    app: netmaker-dns
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-dns
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-dns
+    spec:
+      containers:
+      - args:
+        - -conf
+        - /root/dnsconfig/Corefile
+        image: coredns/coredns
+        imagePullPolicy: Always
+        name: netmaker-dns
+        ports:
+        - containerPort: 53
+          name: dns
+          protocol: UDP
+        - containerPort: 53
+          name: dns-tcp
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /root/dnsconfig
+          name: nm-pvc
+          readOnly: true
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+      dnsPolicy: "None"
+      dnsConfig:
+        nameservers:
+          - 127.0.0.1
+      volumes:
+      - name: nm-pvc
+        persistentVolumeClaim:
+          claimName: nm-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-dns
+  name: netmaker-dns
+spec:
+  ports:
+  - port: 53
+    protocol: UDP
+    targetPort: 53
+    name: udp
+  - port: 53
+    protocol: TCP
+    targetPort: 53
+    name: tcp
+  selector:
+    app: netmaker-dns
+  sessionAffinity: None
+  type: ClusterIP
+  clusterIP: 10.152.183.53
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-ui
+  labels:
+    app: netmaker-ui
+spec:
+  selector:
+    matchLabels:
+      app: netmaker-ui
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netmaker-ui
+    spec:
+      containers:
+      - name: netmaker-ui
+        image: gravitl/netmaker-ui:v0.5
+        ports:
+        - containerPort: 80
+        env:
+        - name: BACKEND_URL
+          value: "https://api.NETMAKER_BASE_DOMAIN"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: netmaker-ui
+  name: netmaker-ui
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: netmaker-ui
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-api-ingress-nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - api.NETMAKER_BASE_DOMAIN
+    secretName: nm-api-tls
+  rules:
+  - host: api.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-api
+            port:
+              number: 8081
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-grpc-ingress-nginx
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+    nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - grpc.NETMAKER_BASE_DOMAIN
+    secretName: nm-grpc-tls
+  rules:
+  - host: grpc.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-grpc
+            port:
+              number: 443
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nm-ui-ingress-nginx
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+spec:
+  ingressClassName: public
+  tls:
+  - hosts:
+    - dashboard.NETMAKER_BASE_DOMAIN
+    secretName: nm-ui-tls
+  rules:
+  - host: dashboard.NETMAKER_BASE_DOMAIN
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: netmaker-ui
+            port:
+              number: 80