K8s/HAProxy/Ingress
Jump to navigation
Jump to search
Namespace » Academia
kubectl get ns|grep academia
kubectl delete namespace academia
kubectl create namespace academia
Namespace » Academia » Ingress » Academia
cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: academia
namespace: academia
labels:
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: academia
app.kubernetes.io/instance: academia
app.kubernetes.io/managed-by: kubectl
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: '0'
spec:
ingressClassName: nginx
rules:
- host: academia.chorke.org.local
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: haproxy
port:
number: 80
YML
Namespace » Academia » Service » Academia
cat <<'YML'|kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
name: academia
namespace: academia
labels:
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/name: academia
app.kubernetes.io/instance: academia
app.kubernetes.io/managed-by: kubectl
spec:
type: ExternalName
externalName: host.minikube.internal
YML
Namespace » Academia » Service » HAProxy
cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: v1
kind: Service
metadata:
name: haproxy
namespace: academia
labels:
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: academia
app.kubernetes.io/managed-by: kubectl
spec:
type: ClusterIP
ports:
- name: http-haproxy
targetPort: 80
protocol: TCP
port: 80
selector:
app: haproxy
YML
Namespace » Academia » ConfigMap » HAProxy
cat <<'CFG'| kubectl -n academia create configmap haproxy --from-file=haproxy.cfg=/dev/stdin
global
log stdout format raw local0
maxconn 3000
# default ssl material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# see: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
defaults
log global
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /usr/local/etc/haproxy/errors/400.http
errorfile 403 /usr/local/etc/haproxy/errors/403.http
errorfile 408 /usr/local/etc/haproxy/errors/408.http
errorfile 500 /usr/local/etc/haproxy/errors/500.http
errorfile 502 /usr/local/etc/haproxy/errors/502.http
errorfile 503 /usr/local/etc/haproxy/errors/503.http
errorfile 504 /usr/local/etc/haproxy/errors/504.http
# ##############################################################################
# http frontend config for *.group.local, *.biz.local, *.com.local, *.k8s.local
# *.org.local, *.bd.local, *.io.local, & *.my.local
# this config added by chorke academia, inc
frontend fnt_academia_chorke_org
bind *:80
mode http
acl host-is-academia-chorke-org hdr(host) -i academia.chorke.org.local
acl host-is-agronomy-chorke-org hdr(host) -i agronomy.chorke.org.local
acl host-is-autonomy-chorke-org hdr(host) -i autonomy.chorke.org.local
acl path-is-rest-api-policy path_beg /api/policy/rest/
acl path-is-rest-api-quote path_beg /api/quote/rest/
acl path-is-rest-api-audit path_beg /api/audit/rest/
acl path-is-rest-api-rate path_beg /api/rate/rest/
acl path-is-rest-api-tds path_beg /api/tds/rest/
use_backend bck_academia_chorke_org_policy if host-is-academia-chorke-org path-is-rest-api-policy
use_backend bck_academia_chorke_org_quote if host-is-academia-chorke-org path-is-rest-api-quote
use_backend bck_academia_chorke_org_audit if host-is-academia-chorke-org path-is-rest-api-audit
use_backend bck_academia_chorke_org_rate if host-is-academia-chorke-org path-is-rest-api-rate
use_backend bck_academia_chorke_org_tds if host-is-academia-chorke-org path-is-rest-api-tds
default_backend bck_academia_chorke_org
backend bck_academia_chorke_org_policy
http-request set-path "%[path,regsub(^/api/policy/rest/,/)]"
server academia_chorke_org_policy academia:9002 check
mode http
backend bck_academia_chorke_org_quote
http-request set-path "%[path,regsub(^/api/quote/rest/,/)]"
server academia_chorke_org_qoute academia:9001 check
mode http
backend bck_academia_chorke_org_audit
http-request set-path "%[path,regsub(^/api/audit/rest/,/)]"
server academia_chorke_org_audit academia:9003 check
mode http
backend bck_academia_chorke_org_rate
http-request set-path "%[path,regsub(^/api/rate/rest/,/)]"
server academia_chorke_org_rate academia:9004 check
mode http
backend bck_academia_chorke_org_tds
http-request set-path "%[path,regsub(^/api/tds/rest/,/)]"
server academia_chorke_org_tds academia:9000 check
mode http
backend bck_academia_chorke_org
server academia_chorke_org academia:3000 check
mode http
CFG
Namespace » Academia » Deployment » HAProxy
cat <<'YML'| kubectl apply -n academia -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: haproxy
namespace: academia
labels:
app: haproxy
app.kubernetes.io/name: haproxy
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: academia
app.kubernetes.io/managed-by: kubectl
app: haproxy
spec:
replicas: 1
selector:
matchLabels:
app: haproxy
template:
metadata:
labels:
app: haproxy
spec:
containers:
- name: haproxy
image: haproxy:2.8-alpine
ports:
- name: http-haproxy
containerPort: 80
protocol: TCP
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
memory: 128Mi
cpu: 100m
volumeMounts:
- mountPath: /usr/local/etc/haproxy/haproxy.cfg
subPath: haproxy.cfg
name: haproxy-cfg
volumes:
- name: haproxy-cfg
configMap:
name: haproxy
items:
- key: haproxy.cfg
path: haproxy.cfg
YML
Namespace » Kube-System » ConfigMap » CoreDNS
cat <<'YML'|kubectl apply -n kube-system -f -
---
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
log
errors
health {
lameduck 5s
}
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
ttl 30
}
prometheus :9153
hosts {
192.168.49.1 host.minikube.internal
fallthrough
}
forward . /etc/resolv.conf {
max_concurrent 1000
}
cache 30 {
disable success cluster.local
disable denial cluster.local
}
loop
reload
loadbalance
}
group.local:53 {
errors
cache 30
forward . 192.168.49.2
}
biz.local:53 {
errors
cache 30
forward . 192.168.49.2
}
com.local:53 {
errors
cache 30
forward . 192.168.49.2
}
org.local:53 {
errors
cache 30
forward . 192.168.49.2
}
k8s.local:53 {
errors
cache 30
forward . 192.168.49.2
}
bd.local:53 {
errors
cache 30
forward . 192.168.49.2
}
io.local:53 {
errors
cache 30
forward . 192.168.49.2
}
my.local:53 {
errors
cache 30
forward . 192.168.49.2
}
YML
Namespace » Academia » Clean-up
kubectl -n academia delete deploy haproxy
kubectl -n academia delete service haproxy
kubectl -n academia delete configmap haproxy
kubectl -n academia delete service academia
kubectl -n academia delete ingress academia
kubectl delete namespace academia
Namespace » Academia » Env.js
let token = localStorage.getItem('user') != null ? JSON.parse(localStorage.getItem('user')).token : ''
const policyUrl = 'http://academia.chorke.org.local/api/policy/rest';
const auditUrl = 'http://academia.chorke.org.local/api/audit/rest';
const quoteUrl = 'http://academia.chorke.org.local/api/quote/rest';
const rateUrl = 'http://academia.chorke.org.local/api/rate/rest';
const url = 'http://academia.chorke.org.local/api/tds/rest';
const siteKey = '6LfAm6MpBBBBBNf1A6fxnsKeH6UQ8lrKw7LarDXa';
const isEnabledReCaptcha = false;
export const env = {
apiURL : url,
apiVersion : `${url}`,
quotationUrl : quoteUrl,
policyUrl : policyUrl,
productsUrl : rateUrl,
auditUrl,
token,
siteKey,
isEnabledReCaptcha
};