martyn
/
infra4talos
1
0
Fork 0
Code Issues Pull Requests 3 Packages Projects Releases Wiki Activity

Let's try something that needs a secret 

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
This commit is contained in:
Martyn 2023-10-26 21:35:43 +02:00
parent 89ea6f65c9
commit 3aa733f1c3
4 changed files with 335 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
apps-helm/sshtunnel/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
apps-helm/sshtunnel/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: v2
name: sshtunnel
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "2.0.1"

178
apps-helm/sshtunnel/source.yaml Normal file
View File

@ -0,0 +1,178 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "13"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"autossh"},"name":"autossh","namespace":"cluster-ingress"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"autossh"}},"template":{"metadata":{"labels":{"app":"autossh"}},"spec":{"containers":[{"command":["/bin/sh","-c","cp /keyfile/autossh /tmp/; chmod 600 /tmp/autossh; autossh -M0 v4tov6@31.7.180.171 -R0.0.0.0:8080:192.168.1.11:80 -R0.0.0.0:8443:192.168.1.11:443 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -i /tmp/autossh -T -N"],"image":"jnovack/autossh","imagePullPolicy":"IfNotPresent","name":"autossh","volumeMounts":[{"mountPath":"/keyfile","name":"keyfile"}]}],"restartPolicy":"Always","volumes":[{"name":"keyfile","secret":{"defaultMode":256,"secretName":"autossh-keyfile"}}]}}}}
creationTimestamp: "2020-07-26T16:27:16Z"
generation: 61
labels:
app: autossh
managedFields:
- apiVersion: apps/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:labels:
.: {}
f:app: {}
f:spec:
f:progressDeadlineSeconds: {}
f:replicas: {}
f:revisionHistoryLimit: {}
f:selector:
f:matchLabels:
.: {}
f:app: {}
f:strategy:
f:rollingUpdate:
.: {}
f:maxSurge: {}
f:maxUnavailable: {}
f:type: {}
f:template:
f:metadata:
f:labels:
.: {}
f:app: {}
f:spec:
f:containers:
k:{"name":"autossh"}:
.: {}
f:command: {}
f:image: {}
f:imagePullPolicy: {}
f:name: {}
f:resources: {}
f:terminationMessagePath: {}
f:terminationMessagePolicy: {}
f:volumeMounts:
.: {}
k:{"mountPath":"/keyfile"}:
.: {}
f:mountPath: {}
f:name: {}
f:dnsPolicy: {}
f:restartPolicy: {}
f:schedulerName: {}
f:securityContext: {}
f:terminationGracePeriodSeconds: {}
f:volumes:
.: {}
k:{"name":"keyfile"}:
.: {}
f:name: {}
f:secret:
.: {}
f:defaultMode: {}
f:secretName: {}
manager: kubectl
operation: Update
time: "2021-07-04T17:59:23Z"
- apiVersion: apps/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
f:deployment.kubernetes.io/revision: {}
f:status:
f:availableReplicas: {}
f:conditions:
.: {}
k:{"type":"Available"}:
.: {}
f:lastTransitionTime: {}
f:lastUpdateTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
k:{"type":"Progressing"}:
.: {}
f:lastTransitionTime: {}
f:lastUpdateTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
f:observedGeneration: {}
f:readyReplicas: {}
f:replicas: {}
f:updatedReplicas: {}
manager: k3s
operation: Update
time: "2021-09-30T18:41:41Z"
name: autossh
namespace: cluster-ingress
resourceVersion: "235469131"
selfLink: /apis/apps/v1/namespaces/cluster-ingress/deployments/autossh
uid: d9661f02-0b6c-4d1f-9c34-3a5ff586af2b
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: autossh
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: autossh
spec:
containers:
- command:
- /bin/sh
- -c
- cp /keyfile/autossh /tmp/; chmod 600 /tmp/autossh; autossh -M0 v4tov6@31.7.180.171
-R0.0.0.0:8080:10.43.14.171:80 -R0.0.0.0:8443:10.43.14.171:443 -R0.0.0.0:2222:192.168.1.52:2222
-R0.0.0.0:4422:192.168.1.111:22 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
-o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3
-i /tmp/autossh -T -N
image: jnovack/autossh
imagePullPolicy: IfNotPresent
name: autossh
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /keyfile
name: keyfile
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: keyfile
secret:
defaultMode: 256
secretName: autossh-keyfile
status:
availableReplicas: 1
conditions:
- lastTransitionTime: "2020-07-26T16:27:16Z"
lastUpdateTime: "2021-07-04T17:59:25Z"
message: ReplicaSet "autossh-7969f78dd8" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
- lastTransitionTime: "2021-09-30T18:41:41Z"
lastUpdateTime: "2021-09-30T18:41:41Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
observedGeneration: 61
readyReplicas: 1
replicas: 1
updatedReplicas: 1

110
apps-helm/sshtunnel/values.yaml Normal file
View File

@ -0,0 +1,110 @@
# Default values for sshtunnel.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
tunnel:
user: v4tov6
sshHost: 31.7.180.171
sshOptions:
- -o UserKnownHostsFile=/dev/null
- -o StrictHostKeyChecking=no
- -o ServerAliveInterval=30
- -o ExitOnForwardFailure=yes
- -o ServerAliveCountMax=3
- -T
- -N
ports:
- name: http
source: 8081
dest: 80
bindIP: 82.199.134.158
destsvc: cluster-ingress-ingress-nginx-controller
destns: cluster-ingress
- name: https
source: 8444
dest: 443
bindIP: 82.199.134.158
destsvc: sslh
destns: cluster-ingress
- name: ovpn
source: 1194
dest: 1194
bindIP: 82.199.134.158
destsvc: ovpn-tcp
destns: ovpn
- name: syncthing
source: 22000
dest: 22000
bindIP: 82.199.134.158
destsvc: syncthing-listen
destns: syncthing
- name: ssh4git
source: 2222
dest: 2222
bindIP: 82.199.134.158
destsvc: gitea-ssh
destns: git
privateKey: |-
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA2H/xiNwdw2zVDhGg9tMioxcBxXvkpYy1x7LiLp8MiwKIbT2I
YEAHRIGHTIMGONNACOMMITAPRIVATEKEY
-----END RSA PRIVATE KEY-----
image:
repository: jnovack/autossh
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}