Let's try something that needs a secret

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>
2023-10-26 21:35:43 +02:00 · 2023-10-26 21:35:43 +02:00 · 3aa733f1c3
parent 89ea6f65c9
commit 3aa733f1c3
4 changed files with 335 additions and 0 deletions
--- a/apps-helm/sshtunnel/.helmignore
+++ b/apps-helm/sshtunnel/.helmignore
@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/apps-helm/sshtunnel/Chart.yaml
+++ b/apps-helm/sshtunnel/Chart.yaml
@ -0,0 +1,24 @@
+apiVersion: v2
+name: sshtunnel
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "2.0.1"
--- a/apps-helm/sshtunnel/source.yaml
+++ b/apps-helm/sshtunnel/source.yaml
@ -0,0 +1,178 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    deployment.kubernetes.io/revision: "13"
+    kubectl.kubernetes.io/last-applied-configuration: |
+      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"autossh"},"name":"autossh","namespace":"cluster-ingress"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"autossh"}},"template":{"metadata":{"labels":{"app":"autossh"}},"spec":{"containers":[{"command":["/bin/sh","-c","cp /keyfile/autossh /tmp/; chmod 600 /tmp/autossh; autossh -M0 v4tov6@31.7.180.171 -R0.0.0.0:8080:192.168.1.11:80 -R0.0.0.0:8443:192.168.1.11:443 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -i /tmp/autossh -T -N"],"image":"jnovack/autossh","imagePullPolicy":"IfNotPresent","name":"autossh","volumeMounts":[{"mountPath":"/keyfile","name":"keyfile"}]}],"restartPolicy":"Always","volumes":[{"name":"keyfile","secret":{"defaultMode":256,"secretName":"autossh-keyfile"}}]}}}}
+  creationTimestamp: "2020-07-26T16:27:16Z"
+  generation: 61
+  labels:
+    app: autossh
+  managedFields:
+  - apiVersion: apps/v1
+    fieldsType: FieldsV1
+    fieldsV1:
+      f:metadata:
+        f:annotations:
+          .: {}
+          f:kubectl.kubernetes.io/last-applied-configuration: {}
+        f:labels:
+          .: {}
+          f:app: {}
+      f:spec:
+        f:progressDeadlineSeconds: {}
+        f:replicas: {}
+        f:revisionHistoryLimit: {}
+        f:selector:
+          f:matchLabels:
+            .: {}
+            f:app: {}
+        f:strategy:
+          f:rollingUpdate:
+            .: {}
+            f:maxSurge: {}
+            f:maxUnavailable: {}
+          f:type: {}
+        f:template:
+          f:metadata:
+            f:labels:
+              .: {}
+              f:app: {}
+          f:spec:
+            f:containers:
+              k:{"name":"autossh"}:
+                .: {}
+                f:command: {}
+                f:image: {}
+                f:imagePullPolicy: {}
+                f:name: {}
+                f:resources: {}
+                f:terminationMessagePath: {}
+                f:terminationMessagePolicy: {}
+                f:volumeMounts:
+                  .: {}
+                  k:{"mountPath":"/keyfile"}:
+                    .: {}
+                    f:mountPath: {}
+                    f:name: {}
+            f:dnsPolicy: {}
+            f:restartPolicy: {}
+            f:schedulerName: {}
+            f:securityContext: {}
+            f:terminationGracePeriodSeconds: {}
+            f:volumes:
+              .: {}
+              k:{"name":"keyfile"}:
+                .: {}
+                f:name: {}
+                f:secret:
+                  .: {}
+                  f:defaultMode: {}
+                  f:secretName: {}
+    manager: kubectl
+    operation: Update
+    time: "2021-07-04T17:59:23Z"
+  - apiVersion: apps/v1
+    fieldsType: FieldsV1
+    fieldsV1:
+      f:metadata:
+        f:annotations:
+          f:deployment.kubernetes.io/revision: {}
+      f:status:
+        f:availableReplicas: {}
+        f:conditions:
+          .: {}
+          k:{"type":"Available"}:
+            .: {}
+            f:lastTransitionTime: {}
+            f:lastUpdateTime: {}
+            f:message: {}
+            f:reason: {}
+            f:status: {}
+            f:type: {}
+          k:{"type":"Progressing"}:
+            .: {}
+            f:lastTransitionTime: {}
+            f:lastUpdateTime: {}
+            f:message: {}
+            f:reason: {}
+            f:status: {}
+            f:type: {}
+        f:observedGeneration: {}
+        f:readyReplicas: {}
+        f:replicas: {}
+        f:updatedReplicas: {}
+    manager: k3s
+    operation: Update
+    time: "2021-09-30T18:41:41Z"
+  name: autossh
+  namespace: cluster-ingress
+  resourceVersion: "235469131"
+  selfLink: /apis/apps/v1/namespaces/cluster-ingress/deployments/autossh
+  uid: d9661f02-0b6c-4d1f-9c34-3a5ff586af2b
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: autossh
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: autossh
+    spec:
+      containers:
+      - command:
+        - /bin/sh
+        - -c
+        - cp /keyfile/autossh /tmp/; chmod 600 /tmp/autossh; autossh -M0 v4tov6@31.7.180.171
+          -R0.0.0.0:8080:10.43.14.171:80 -R0.0.0.0:8443:10.43.14.171:443 -R0.0.0.0:2222:192.168.1.52:2222
+          -R0.0.0.0:4422:192.168.1.111:22 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
+          -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3
+          -i /tmp/autossh -T -N
+        image: jnovack/autossh
+        imagePullPolicy: IfNotPresent
+        name: autossh
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /keyfile
+          name: keyfile
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: keyfile
+        secret:
+          defaultMode: 256
+          secretName: autossh-keyfile
+status:
+  availableReplicas: 1
+  conditions:
+  - lastTransitionTime: "2020-07-26T16:27:16Z"
+    lastUpdateTime: "2021-07-04T17:59:25Z"
+    message: ReplicaSet "autossh-7969f78dd8" has successfully progressed.
+    reason: NewReplicaSetAvailable
+    status: "True"
+    type: Progressing
+  - lastTransitionTime: "2021-09-30T18:41:41Z"
+    lastUpdateTime: "2021-09-30T18:41:41Z"
+    message: Deployment has minimum availability.
+    reason: MinimumReplicasAvailable
+    status: "True"
+    type: Available
+  observedGeneration: 61
+  readyReplicas: 1
+  replicas: 1
+  updatedReplicas: 1
--- a/apps-helm/sshtunnel/values.yaml
+++ b/apps-helm/sshtunnel/values.yaml
@ -0,0 +1,110 @@
+# Default values for sshtunnel.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+tunnel:
+  user: v4tov6
+  sshHost: 31.7.180.171
+  sshOptions:
+  - -o UserKnownHostsFile=/dev/null
+  - -o StrictHostKeyChecking=no
+  - -o ServerAliveInterval=30
+  - -o ExitOnForwardFailure=yes
+  - -o ServerAliveCountMax=3
+  - -T
+  - -N
+  ports:
+  - name: http
+    source: 8081
+    dest: 80
+    bindIP: 82.199.134.158
+    destsvc: cluster-ingress-ingress-nginx-controller
+    destns: cluster-ingress
+  - name: https
+    source: 8444
+    dest: 443
+    bindIP: 82.199.134.158
+    destsvc: sslh
+    destns: cluster-ingress
+  - name: ovpn
+    source: 1194
+    dest: 1194
+    bindIP: 82.199.134.158
+    destsvc: ovpn-tcp
+    destns: ovpn
+  - name: syncthing
+    source: 22000
+    dest: 22000
+    bindIP: 82.199.134.158
+    destsvc: syncthing-listen
+    destns: syncthing
+  - name: ssh4git
+    source: 2222
+    dest: 2222
+    bindIP: 82.199.134.158
+    destsvc: gitea-ssh
+    destns: git
+  privateKey: |-
+    -----BEGIN RSA PRIVATE KEY-----
+    MIIJKQIBAAKCAgEA2H/xiNwdw2zVDhGg9tMioxcBxXvkpYy1x7LiLp8MiwKIbT2I
+    YEAHRIGHTIMGONNACOMMITAPRIVATEKEY
+    -----END RSA PRIVATE KEY-----
+
+image:
+  repository: jnovack/autossh
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}