K8s/HAProxy/Ingress: Difference between revisions

Latest revision as of 12:38, 30 March 2025

Namespace » Academia

kubectl get    ns|grep   academia
kubectl delete namespace academia
kubectl create namespace academia

Namespace » Academia » Ingress » Academia

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: academia
  namespace: academia
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/name: academia
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
spec:
  ingressClassName: nginx
  rules:
    - host: academia.chorke.org.local
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: haproxy
                port:
                  number: 80
YML

Namespace » Academia » Service » Academia

cat <<'YML'|kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
  name: academia
  namespace: academia
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/name: academia
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
spec:
  type: ExternalName
  externalName: host.minikube.internal
YML

Namespace » Academia » Service » HAProxy

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
  name: haproxy
  namespace: academia
  labels:
    app.kubernetes.io/name: haproxy
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
spec:
  type: ClusterIP
  ports:
    - name: http-haproxy
      targetPort: 80
      protocol: TCP
      port: 80
  selector:
    app: haproxy
YML

Namespace » Academia » ConfigMap » HAProxy

cat <<'CFG'| kubectl -n academia create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
global
   log             stdout format raw local0
   maxconn         3000

   # default ssl material locations
   ca-base         /etc/ssl/certs
   crt-base        /etc/ssl/private

   # see: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
   ssl-default-bind-ciphers      ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
   ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
   ssl-default-bind-options      ssl-min-ver TLSv1.2 no-tls-tickets


defaults
   log             global
   option          httplog
   option          dontlognull
   timeout         connect 5000
   timeout         client  50000
   timeout         server  50000
   errorfile       400 /usr/local/etc/haproxy/errors/400.http
   errorfile       403 /usr/local/etc/haproxy/errors/403.http
   errorfile       408 /usr/local/etc/haproxy/errors/408.http
   errorfile       500 /usr/local/etc/haproxy/errors/500.http
   errorfile       502 /usr/local/etc/haproxy/errors/502.http
   errorfile       503 /usr/local/etc/haproxy/errors/503.http
   errorfile       504 /usr/local/etc/haproxy/errors/504.http


# ##############################################################################
# http frontend config for *.group.local, *.biz.local, *.com.local, *.k8s.local
# *.org.local, *.bd.local, *.io.local, & *.my.local
# this config added by chorke academia, inc

frontend           fnt_academia_chorke_org
   bind            *:80
   mode            http

   acl             host-is-academia-chorke-org           hdr(host) -i academia.chorke.org.local
   acl             host-is-agronomy-chorke-org           hdr(host) -i agronomy.chorke.org.local
   acl             host-is-autonomy-chorke-org           hdr(host) -i autonomy.chorke.org.local
 
   acl             path-is-rest-api-policy               path_beg /api/policy/rest/
   acl             path-is-rest-api-quote                path_beg /api/quote/rest/
   acl             path-is-rest-api-audit                path_beg /api/audit/rest/
   acl             path-is-rest-api-rate                 path_beg /api/rate/rest/
   acl             path-is-rest-api-tds                  path_beg /api/tds/rest/

   use_backend     bck_academia_chorke_org_policy        if host-is-academia-chorke-org path-is-rest-api-policy
   use_backend     bck_academia_chorke_org_quote         if host-is-academia-chorke-org path-is-rest-api-quote
   use_backend     bck_academia_chorke_org_audit         if host-is-academia-chorke-org path-is-rest-api-audit
   use_backend     bck_academia_chorke_org_rate          if host-is-academia-chorke-org path-is-rest-api-rate
   use_backend     bck_academia_chorke_org_tds           if host-is-academia-chorke-org path-is-rest-api-tds
   default_backend bck_academia_chorke_org


backend            bck_academia_chorke_org_policy
   http-request    set-path "%[path,regsub(^/api/policy/rest/,/)]"
   server          academia_chorke_org_policy academia:9002 check
   mode            http

backend            bck_academia_chorke_org_quote
   http-request    set-path "%[path,regsub(^/api/quote/rest/,/)]"
   server          academia_chorke_org_qoute academia:9001 check
   mode            http

backend            bck_academia_chorke_org_audit
   http-request    set-path "%[path,regsub(^/api/audit/rest/,/)]"
   server          academia_chorke_org_audit academia:9003 check
   mode            http

backend            bck_academia_chorke_org_rate
   http-request    set-path "%[path,regsub(^/api/rate/rest/,/)]"
   server          academia_chorke_org_rate academia:9004 check
   mode            http

backend            bck_academia_chorke_org_tds
   http-request    set-path "%[path,regsub(^/api/tds/rest/,/)]"
   server          academia_chorke_org_tds academia:9000 check
   mode            http

backend            bck_academia_chorke_org
   server          academia_chorke_org academia:3000 check
   mode            http
CFG

Namespace » Academia » Deployment » HAProxy

cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: haproxy
  namespace: academia
  labels:
    app: haproxy
    app.kubernetes.io/name: haproxy
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: academia
    app.kubernetes.io/managed-by: kubectl
    app: haproxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: haproxy
  template:
    metadata:
      labels:
        app: haproxy
    spec:
      containers:
        - name: haproxy
          image: haproxy:2.8-alpine
          ports:
          - name: http-haproxy
            containerPort: 80
            protocol: TCP
          resources:
            requests:
              cpu: 50m
              memory: 64Mi
            limits:
              memory: 128Mi
              cpu: 100m
          volumeMounts:
            - mountPath: /usr/local/etc/haproxy/haproxy.cfg
              subPath: haproxy.cfg
              name: haproxy-cfg
      volumes:
        - name: haproxy-cfg
          configMap:
            name: haproxy
            items:
            - key: haproxy.cfg
              path: haproxy.cfg
YML

Namespace » Kube-System » ConfigMap » CoreDNS

cat <<'YML'|kubectl apply -n kube-system -f -
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: coredns
  namespace: kube-system
data:
  Corefile: |
    .:53 {
        log
        errors
        health {
           lameduck 5s
        }
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
           ttl 30
        }
        prometheus :9153
        hosts {
           192.168.49.1 host.minikube.internal
           fallthrough
        }
        forward . /etc/resolv.conf {
           max_concurrent 1000
        }
        cache 30 {
           disable success cluster.local
           disable denial cluster.local
        }
        loop
        reload
        loadbalance
    }
    group.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
    biz.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
    com.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
    org.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
    k8s.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
    bd.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
    io.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
    my.local:53 {
        errors
        cache 30
        forward . 192.168.49.2
    }
YML

Namespace » Academia » Clean-up

kubectl -n academia delete deploy    haproxy
kubectl -n academia delete service   haproxy
kubectl -n academia delete configmap haproxy

kubectl -n academia delete service   academia
kubectl -n academia delete ingress   academia
kubectl delete namespace academia

Namespace » Academia » Env.js

let token = localStorage.getItem('user') != null ? JSON.parse(localStorage.getItem('user')).token : ''

const policyUrl          = 'http://academia.chorke.org.local/api/policy/rest';
const auditUrl           = 'http://academia.chorke.org.local/api/audit/rest';
const quoteUrl           = 'http://academia.chorke.org.local/api/quote/rest';
const rateUrl            = 'http://academia.chorke.org.local/api/rate/rest';
const url                = 'http://academia.chorke.org.local/api/tds/rest';
const siteKey            = '6LfAm6MpBBBBBNf1A6fxnsKeH6UQ8lrKw7LarDXa';
const isEnabledReCaptcha = false;
export const env         = {
  apiURL       : url,
  apiVersion   : `${url}`,
  quotationUrl : quoteUrl,
  policyUrl    : policyUrl,
  productsUrl  : rateUrl,
  auditUrl,
  token,
  siteKey,
  isEnabledReCaptcha
};

References

K8s » Ingress » Connect to external service K8s » Ingress » Exposing TCP/UDP services K8s » Ingress » Exposing FastCGI Servers K8s » Ingress » Different namespaces K8s » Ingress » Custom Template K8s » Ingress » External Service K8s » Ingress » Path Matching K8s » Ingress » Annotations K8s » Ingress » ConfigMaps K8s » Ingress	K8s » Ingress » Expose TCP services K8s » Ingress » Disable HSTS K8s » Ingress » Ambassador K8s » Ingress » Annotations K8s » Ingress » CORS Rules K8s » Ingress » MetalLB K8s » Ingress » Traefik K8s » Swiss Knife K8s » Service K8s » Run	K8s » Configuring PgAdmin4 K8s » Ingress » CORS Rules K8s » CSI Hostpath Driver K8s » Nginx » Ingress

Linux Containers Kubernetes Multipass Minikube Podman Vagrant Docker Qemu K9s K8s	Nginx » Change The Default Port Minikube » Ingress » DNS Minikube » Systemd Minikube » Registry Minikube » Tunnel Kubectl Ansible CIDR Helm UFW	Apache » Change The Default Port

K8s/HAProxy/Ingress: Difference between revisions

Latest revision as of 12:38, 30 March 2025

Contents

Namespace » Academia

Namespace » Academia » Ingress » Academia

Namespace » Academia » Service » Academia

Namespace » Academia » Service » HAProxy

Namespace » Academia » ConfigMap » HAProxy

Namespace » Academia » Deployment » HAProxy

Namespace » Kube-System » ConfigMap » CoreDNS

Namespace » Academia » Clean-up

Namespace » Academia » Env.js

References

Navigation menu

K8s/HAProxy/Ingress: Difference between revisions

Latest revision as of 12:38, 30 March 2025

Namespace » Academia

Namespace » Academia » Ingress » Academia

Namespace » Academia » Service » Academia

Namespace » Academia » Service » HAProxy

Namespace » Academia » ConfigMap » HAProxy

Namespace » Academia » Deployment » HAProxy

Namespace » Kube-System » ConfigMap » CoreDNS

Namespace » Academia » Clean-up

Namespace » Academia » Env.js

References

Navigation menu

Search