K8s/HAProxy/Ingress: Difference between revisions
Jump to navigation
Jump to search
| Line 132: | Line 132: | ||
app: haproxy | app: haproxy | ||
YML | YML | ||
</syntaxhighlight> | |||
==Namespace » Academia » ConfigMap » HAProxy== | |||
<syntaxhighlight lang="bash"> | |||
cat <<'CFG'| kubectl -n academia create configmap haproxy --from-file=haproxy.cfg=/dev/stdin | |||
global | |||
log stdout format raw local0 | |||
maxconn 3000 | |||
# default ssl material locations | |||
ca-base /etc/ssl/certs | |||
crt-base /etc/ssl/private | |||
# see: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate | |||
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 | |||
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 | |||
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets | |||
defaults | |||
log global | |||
option httplog | |||
option dontlognull | |||
timeout connect 5000 | |||
timeout client 50000 | |||
timeout server 50000 | |||
errorfile 400 /usr/local/etc/haproxy/errors/400.http | |||
errorfile 403 /usr/local/etc/haproxy/errors/403.http | |||
errorfile 408 /usr/local/etc/haproxy/errors/408.http | |||
errorfile 500 /usr/local/etc/haproxy/errors/500.http | |||
errorfile 502 /usr/local/etc/haproxy/errors/502.http | |||
errorfile 503 /usr/local/etc/haproxy/errors/503.http | |||
errorfile 504 /usr/local/etc/haproxy/errors/504.http | |||
# ############################################################################## | |||
# http frontend config for *.group.local, *.biz.local, *.com.local, *.k8s.local | |||
# *.org.local, *.bd.local, *.io.local, & *.my.local | |||
# this config added by chorke academia, inc | |||
frontend fnt_academia_chorke_org | |||
bind *:80 | |||
mode http | |||
acl host-is-academia-chorke-org hdr(host) -i academia.chorke.org.local | |||
acl host-is-agronomy-chorke-org hdr(host) -i agronomy.chorke.org.local | |||
acl host-is-autonomy-chorke-org hdr(host) -i autonomy.chorke.org.local | |||
acl path-is-rest-api-policy path_beg /api/policy/rest/ | |||
acl path-is-rest-api-quote path_beg /api/quote/rest/ | |||
acl path-is-rest-api-audit path_beg /api/audit/rest/ | |||
acl path-is-rest-api-rate path_beg /api/rate/rest/ | |||
acl path-is-rest-api-tds path_beg /api/tds/rest/ | |||
use_backend bck_academia_chorke_org_policy if host-is-academia-chorke-org path-is-rest-api-policy | |||
use_backend bck_academia_chorke_org_quote if host-is-academia-chorke-org path-is-rest-api-quote | |||
use_backend bck_academia_chorke_org_audit if host-is-academia-chorke-org path-is-rest-api-audit | |||
use_backend bck_academia_chorke_org_rate if host-is-academia-chorke-org path-is-rest-api-rate | |||
use_backend bck_academia_chorke_org_tds if host-is-academia-chorke-org path-is-rest-api-tds | |||
default_backend bck_academia_chorke_org | |||
backend bck_academia_chorke_org_policy | |||
http-request set-path "%[path,regsub(^/api/policy/rest/,/)]" | |||
server academia_chorke_org_policy academia:9002 check | |||
mode http | |||
backend bck_academia_chorke_org_quote | |||
http-request set-path "%[path,regsub(^/api/quote/rest/,/)]" | |||
server academia_chorke_org_qoute academia:9001 check | |||
mode http | |||
backend bck_academia_chorke_org_audit | |||
http-request set-path "%[path,regsub(^/api/audit/rest/,/)]" | |||
server academia_chorke_org_audit academia:9003 check | |||
mode http | |||
backend bck_academia_chorke_org_rate | |||
http-request set-path "%[path,regsub(^/api/rate/rest/,/)]" | |||
server academia_chorke_org_rate academia:9003 check | |||
mode http | |||
backend bck_academia_chorke_org_tds | |||
http-request set-path "%[path,regsub(^/api/tds/rest/,/)]" | |||
server academia_chorke_org_tds academia:9000 check | |||
mode http | |||
backend bck_academia_chorke_org | |||
server academia_chorke_org academia:3000 check | |||
mode http | |||
CFG | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 12:01, 27 March 2025
Namespace » Kube-System » CoreDNS
cat << YML|kubectl apply -n kube-system -f -
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
log
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
hosts {
192.168.49.1 host.minikube.internal
fallthrough
}
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30 {
disable success cluster.local
disable denial cluster.local
}
loop
reload
loadbalance
}
group.local:53 {
errors
cache 30
forward . 192.168.49.2
}
biz.local:53 {
errors
cache 30
forward . 192.168.49.2
}
com.local:53 {
errors
cache 30
forward . 192.168.49.2
}
org.local:53 {
errors
cache 30
forward . 192.168.49.2
}
k8s.local:53 {
errors
cache 30
forward . 192.168.49.2
}
bd.local:53 {
errors
cache 30
forward . 192.168.49.2
}
io.local:53 {
errors
cache 30
forward . 192.168.49.2
}
my.local:53 {
errors
cache 30
forward . 192.168.49.2
}
YML
Namespace » Academia
kubectl get ns|grep academia
kubectl delete namespace academia
kubectl create namespace academia
Namespace » Academia » Service » Academia
cat << YML|kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
name: academia
namespace: academia
labels:
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: academia
app.kubernetes.io/instance: academia
app.kubernetes.io/managed-by: kubectl
spec:
type: ExternalName
externalName: host.minikube.internal
YML
Namespace » Academia » Service » HAProxy
cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
name: haproxy
namespace: academia
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: academia
app.kubernetes.io/managed-by: kubectl
spec:
type: ClusterIP
ports:
- name: http-haproxy
targetPort: 80
protocol: TCP
port: 80
selector:
app: haproxy
YML
Namespace » Academia » ConfigMap » HAProxy
cat <<'CFG'| kubectl -n academia create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
global
log stdout format raw local0
maxconn 3000
# default ssl material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# see: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /usr/local/etc/haproxy/errors/400.http
errorfile 403 /usr/local/etc/haproxy/errors/403.http
errorfile 408 /usr/local/etc/haproxy/errors/408.http
errorfile 500 /usr/local/etc/haproxy/errors/500.http
errorfile 502 /usr/local/etc/haproxy/errors/502.http
errorfile 503 /usr/local/etc/haproxy/errors/503.http
errorfile 504 /usr/local/etc/haproxy/errors/504.http
# ##############################################################################
# http frontend config for *.group.local, *.biz.local, *.com.local, *.k8s.local
# *.org.local, *.bd.local, *.io.local, & *.my.local
# this config added by chorke academia, inc
frontend fnt_academia_chorke_org
bind *:80
mode http
acl host-is-academia-chorke-org hdr(host) -i academia.chorke.org.local
acl host-is-agronomy-chorke-org hdr(host) -i agronomy.chorke.org.local
acl host-is-autonomy-chorke-org hdr(host) -i autonomy.chorke.org.local
acl path-is-rest-api-policy path_beg /api/policy/rest/
acl path-is-rest-api-quote path_beg /api/quote/rest/
acl path-is-rest-api-audit path_beg /api/audit/rest/
acl path-is-rest-api-rate path_beg /api/rate/rest/
acl path-is-rest-api-tds path_beg /api/tds/rest/
use_backend bck_academia_chorke_org_policy if host-is-academia-chorke-org path-is-rest-api-policy
use_backend bck_academia_chorke_org_quote if host-is-academia-chorke-org path-is-rest-api-quote
use_backend bck_academia_chorke_org_audit if host-is-academia-chorke-org path-is-rest-api-audit
use_backend bck_academia_chorke_org_rate if host-is-academia-chorke-org path-is-rest-api-rate
use_backend bck_academia_chorke_org_tds if host-is-academia-chorke-org path-is-rest-api-tds
default_backend bck_academia_chorke_org
backend bck_academia_chorke_org_policy
http-request set-path "%[path,regsub(^/api/policy/rest/,/)]"
server academia_chorke_org_policy academia:9002 check
mode http
backend bck_academia_chorke_org_quote
http-request set-path "%[path,regsub(^/api/quote/rest/,/)]"
server academia_chorke_org_qoute academia:9001 check
mode http
backend bck_academia_chorke_org_audit
http-request set-path "%[path,regsub(^/api/audit/rest/,/)]"
server academia_chorke_org_audit academia:9003 check
mode http
backend bck_academia_chorke_org_rate
http-request set-path "%[path,regsub(^/api/rate/rest/,/)]"
server academia_chorke_org_rate academia:9003 check
mode http
backend bck_academia_chorke_org_tds
http-request set-path "%[path,regsub(^/api/tds/rest/,/)]"
server academia_chorke_org_tds academia:9000 check
mode http
backend bck_academia_chorke_org
server academia_chorke_org academia:3000 check
mode http
CFG