golang
/
netmaker
mirror of https://github.com/gravitl/netmaker


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224
							apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    app: netmaker
  name: netmaker
spec:
  replicas: 3
  serviceName: netmaker-headless
  selector:
    matchLabels:
      app: netmaker
  template:
    metadata:
      labels:
        app: netmaker
    spec:
      initContainers:
      - name: init-sysctl
        image: busybox
        imagePullPolicy: IfNotPresent
        command: ["/bin/sh", "-c"]
        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
        securityContext:
          privileged: true
      dnsPolicy: ClusterFirstWithHostNet
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: app
                operator: In
                values:
                - netmaker
            topologyKey: "kubernetes.io/hostname"
      containers:
      - env:
        - name: NODE_ID
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: SERVER_NAME
          value: broker.NETMAKER_SUBDOMAIN
        - name: SERVER_API_CONN_STRING
          value: api.NETMAKER_SUBDOMAIN:443
        - name: SERVER_HTTP_HOST
          value: api.NETMAKER_SUBDOMAIN
        - name: API_PORT
          value: "8081"
        - name: WG_QUICK_USERSPACE_IMPLEMENTATION
          value: wireguard-go
        - name: DNS_MODE
          value: "off"
        - name: DISPLAY_KEYS
          value: "on"
        - name: DATABASE
          value: postgres
        - name: SQL_HOST
          value: "DB_NAME-postgresql" 
        - name: SQL_PORT
          value: "5432"
        - name: SQL_DB
          value: "postgres"
        - name: SQL_USER
          value: "postgres"
        - name: SQL_PASS
          value: "DB_PASS"
        - name: MASTER_KEY
          value: REPLACE_MASTER_KEY
        - name: CORS_ALLOWED_ORIGIN
          value: '*'
        - name: SERVER_BROKER_ENDPOINT
          value: "ws://mq:1883"
        - name: BROKER_ENDPOINT
          value: "wss://broker.NETMAKER_BASE_DOMAIN"
        - name: PLATFORM
          value: "Kubernetes"
        - name: VERBOSITY
          value: "3"
        image: gravitl/netmaker:v0.18.1
        imagePullPolicy: Always
        name: netmaker
        ports:
        - containerPort: 8081
          protocol: TCP
        - containerPort: 31821
          protocol: UDP
        - containerPort: 31822
          protocol: UDP
        - containerPort: 31823
          protocol: UDP
        - containerPort: 31824
          protocol: UDP
        - containerPort: 31825
          protocol: UDP
        - containerPort: 31826
          protocol: UDP
        - containerPort: 31827
          protocol: UDP
        - containerPort: 31828
          protocol: UDP
        - containerPort: 31829
          protocol: UDP
        - containerPort: 31830
          protocol: UDP
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
            - NET_RAW
            - SYS_MODULE
        volumeMounts:
        - mountPath: /etc/netmaker/
          name: shared-certs
      volumes:
      - name: shared-certs
        persistentVolumeClaim:
          claimName: shared-certs-pvc
---
apiVersion: v1
kind: Service
metadata:
  labels:
    name: 'netmaker-wireguard'
spec:
  externalTrafficPolicy: Local
  type: NodePort
  ports:
  - port: 31821
    nodePort: 31821
    protocol: UDP
    targetPort: 31821
    name: wg-iface-31821
  - port: 31822
    nodePort: 31822
    protocol: UDP
    targetPort: 31822
    name: wg-iface-31822
  - port: 31823
    nodePort: 31823
    protocol: UDP
    targetPort: 31823
    name: wg-iface-31823
  - port: 31824
    nodePort: 31824
    protocol: UDP
    targetPort: 31824
    name: wg-iface-31824
  - port: 31825
    nodePort: 31825
    protocol: UDP
    targetPort: 31825
    name: wg-iface-31825
  - port: 31826
    nodePort: 31826
    protocol: UDP
    targetPort: 31826
    name: wg-iface-31826
  - port: 31827
    nodePort: 31827
    protocol: UDP
    targetPort: 31827
    name: wg-iface-31827
  - port: 31828
    nodePort: 31828
    protocol: UDP
    targetPort: 31828
    name: wg-iface-31828
  - port: 31829
    nodePort: 31829
    protocol: UDP
    targetPort: 31829
    name: wg-iface-31829
  - port: 31830
    nodePort: 31830
    protocol: UDP
    targetPort: 31830
    name: wg-iface-31830
  selector:
    app: 'netmaker'
---
apiVersion: v1
kind: Service
metadata:
  name: 'netmaker-rest'
spec:
  ports:
  - name: rest
    port: 8081
    protocol: TCP
    targetPort: 8081
  selector:
    app: 'netmaker'
  sessionAffinity: None
  type: ClusterIP
# ---
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
#   name: nm-api-ingress-nginx
#   annotations:
#     nginx.ingress.kubernetes.io/rewrite-target: /
#     cert-manager.io/cluster-issuer: "letsencrypt-nginx"
#     nginx.ingress.kubernetes.io/ssl-redirect: 'true'
# spec:
#   ingressClassName: nginx
#   tls:
#   - hosts:
#     - api.NETMAKER_SUBDOMAIN
#     secretName: nm-api-tls
#   rules:
#   - host: api.NETMAKER_SUBDOMAIN
#     http:
#       paths:
#       - path: /
#         pathType: Prefix
#         backend:
#           service:
#             name: netmaker-rest
#             port:
#               number: 8081