| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228 | apiVersion: apps/v1kind: StatefulSetmetadata:  labels:    app: netmaker  name: netmakerspec:  replicas: 3  serviceName: netmaker-headless  selector:    matchLabels:      app: netmaker  template:    metadata:      labels:        app: netmaker    spec:      initContainers:      - name: init-sysctl        image: busybox        imagePullPolicy: IfNotPresent        command: ["/bin/sh", "-c"]        args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]        securityContext:          privileged: true      dnsPolicy: ClusterFirstWithHostNet      affinity:        podAntiAffinity:          requiredDuringSchedulingIgnoredDuringExecution:          - labelSelector:              matchExpressions:              - key: app                operator: In                values:                - netmaker            topologyKey: "kubernetes.io/hostname"      containers:      - env:        - name: NODE_ID          valueFrom:            fieldRef:              apiVersion: v1              fieldPath: metadata.name        - name: SERVER_NAME          value: broker.NETMAKER_SUBDOMAIN        - name: SERVER_API_CONN_STRING          value: api.NETMAKER_SUBDOMAIN:443        - name: SERVER_HTTP_HOST          value: api.NETMAKER_SUBDOMAIN        - name: API_PORT          value: "8081"        - name: WG_QUICK_USERSPACE_IMPLEMENTATION          value: wireguard-go        - name: DNS_MODE          value: "off"        - name: CLIENT_MODE          value: "on"        - name: DISPLAY_KEYS          value: "on"        - name: DATABASE          value: postgres        - name: SQL_HOST          value: "DB_NAME-postgresql"         - name: SQL_PORT          value: "5432"        - name: SQL_DB          value: "postgres"        - name: SQL_USER          value: "postgres"        - name: SQL_PASS          value: "DB_PASS"        - name: MASTER_KEY          value: REPLACE_MASTER_KEY        - name: CORS_ALLOWED_ORIGIN          value: '*'        - name: MQ_HOST          value: "mq"        - name: MQ_PORT          value: "31883"        - name: MQ_SERVER_PORT          value: "1883"        - name: PLATFORM          value: "Kubernetes"        - name: VERBOSITY          value: "3"        image: gravitl/netmaker:v0.16.2        imagePullPolicy: Always        name: netmaker        ports:        - containerPort: 8081          protocol: TCP        - containerPort: 31821          protocol: UDP        - containerPort: 31822          protocol: UDP        - containerPort: 31823          protocol: UDP        - containerPort: 31824          protocol: UDP        - containerPort: 31825          protocol: UDP        - containerPort: 31826          protocol: UDP        - containerPort: 31827          protocol: UDP        - containerPort: 31828          protocol: UDP        - containerPort: 31829          protocol: UDP        - containerPort: 31830          protocol: UDP        resources: {}        securityContext:          capabilities:            add:            - NET_ADMIN            - NET_RAW            - SYS_MODULE        volumeMounts:        - mountPath: /etc/netmaker/          name: shared-certs      volumes:      - name: shared-certs        persistentVolumeClaim:          claimName: shared-certs-pvc---apiVersion: v1kind: Servicemetadata:  labels:  name: 'netmaker-wireguard'spec:  externalTrafficPolicy: Local  type: NodePort  ports:  - port: 31821    nodePort: 31821    protocol: UDP    targetPort: 31821    name: wg-iface-31821  - port: 31822    nodePort: 31822    protocol: UDP    targetPort: 31822    name: wg-iface-31822  - port: 31823    nodePort: 31823    protocol: UDP    targetPort: 31823    name: wg-iface-31823  - port: 31824    nodePort: 31824    protocol: UDP    targetPort: 31824    name: wg-iface-31824  - port: 31825    nodePort: 31825    protocol: UDP    targetPort: 31825    name: wg-iface-31825  - port: 31826    nodePort: 31826    protocol: UDP    targetPort: 31826    name: wg-iface-31826  - port: 31827    nodePort: 31827    protocol: UDP    targetPort: 31827    name: wg-iface-31827  - port: 31828    nodePort: 31828    protocol: UDP    targetPort: 31828    name: wg-iface-31828  - port: 31829    nodePort: 31829    protocol: UDP    targetPort: 31829    name: wg-iface-31829  - port: 31830    nodePort: 31830    protocol: UDP    targetPort: 31830    name: wg-iface-31830  selector:    app: 'netmaker'---apiVersion: v1kind: Servicemetadata:  name: 'netmaker-rest'spec:  ports:  - name: rest    port: 8081    protocol: TCP    targetPort: 8081  selector:    app: 'netmaker'  sessionAffinity: None  type: ClusterIP# ---# apiVersion: networking.k8s.io/v1# kind: Ingress# metadata:#   name: nm-api-ingress-nginx#   annotations:#     nginx.ingress.kubernetes.io/rewrite-target: /#     cert-manager.io/cluster-issuer: "letsencrypt-nginx"#     nginx.ingress.kubernetes.io/ssl-redirect: 'true'# spec:#   ingressClassName: nginx#   tls:#   - hosts:#     - api.NETMAKER_SUBDOMAIN#     secretName: nm-api-tls#   rules:#   - host: api.NETMAKER_SUBDOMAIN#     http:#       paths:#       - path: /#         pathType: Prefix#         backend:#           service:#             name: netmaker-rest#             port:#               number: 8081
 |