Skip to content

Commit

Permalink
feat(demo): add fancy demo for HA cluster with demo app
Browse files Browse the repository at this point in the history
  • Loading branch information
nicklasfrahm committed Aug 17, 2022
1 parent 23e1442 commit a150d16
Show file tree
Hide file tree
Showing 15 changed files with 277 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,6 @@ bin/

# Ignore Vagrant state.
.vagrant/

# Ignore downloaded Helm charts.
deploy/demo/**/charts
28 changes: 28 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,31 @@ docker:
.PHONY: clean
clean:
@rm -rvf bin

.PHONY: demo-up
demo-up: install
@echo -n "\e[35m==>\e[0m "
k3se up deploy/demo/k3se.yaml
@echo -n "\e[35m==>\e[0m "
kubectx admin@k3se.nicklasfrahm.xyz
@echo -n "\e[35m==>\e[0m "
kubectl create ns traefik --dry-run=client -o yaml | kubectl apply -f -
@echo -n "\e[35m==>\e[0m "
helm dependency update deploy/demo/traefik
@echo -n "\e[35m==>\e[0m "
helm upgrade --install traefik deploy/demo/traefik --namespace traefik
@echo -n "\e[35m==>\e[0m "
kubectl create ns cert-manager --dry-run=client -o yaml | kubectl apply -f -
@echo -n "\e[35m==>\e[0m "
helm dependency update deploy/demo/cert-manager
@echo -n "\e[35m==>\e[0m "
helm upgrade --install cert-manager deploy/demo/cert-manager --namespace cert-manager
@echo -n "\e[35m==>\e[0m "
kubectl apply -f deploy/demo/clusterissuers
@echo -n "\e[35m==>\e[0m "
kubectl apply -f deploy/demo/app

.PHONY: demo-down
demo-down:
@echo -n "\e[35m==>\e[0m "
k3se down deploy/demo/k3se.yaml
31 changes: 31 additions & 0 deletions deploy/demo/app/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: kuard
spec:
selector:
matchLabels:
app.kubernetes.io/name: kuard
# I don't want to mess with anti-affinities so let's
# just create enough pods to spread them across nodes.
replicas: 9
template:
metadata:
labels:
app.kubernetes.io/name: kuard
spec:
containers:
- image: gcr.io/kuar-demo/kuard-amd64:1
imagePullPolicy: Always
name: kuard
ports:
- containerPort: 8080
resources:
requests:
cpu: 128m
memory: 128Mi
# Limits are tricky, but I don't
# want warnings here, so I added them.
limits:
cpu: 128m
memory: 128Mi
25 changes: 25 additions & 0 deletions deploy/demo/app/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kuard
labels:
app.kubernetes.io/name: kuard
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-production"
spec:
ingressClassName: traefik
tls:
- hosts:
- k3se.nicklasfrahm.xyz
secretName: kuard-tls
rules:
- host: k3se.nicklasfrahm.xyz
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kuard
port:
name: http
12 changes: 12 additions & 0 deletions deploy/demo/app/service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: kuard
spec:
ports:
- name: http
port: 80
targetPort: 8080
protocol: TCP
selector:
app.kubernetes.io/name: kuard
6 changes: 6 additions & 0 deletions deploy/demo/cert-manager/Chart.lock
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.9.1
digest: sha256:b3c1f49120842cf9da8e5e7c2102b73735c32eefcaacfcffe0bcd0ae85b2c9bc
generated: "2022-08-16T20:03:04.998492102+02:00"
8 changes: 8 additions & 0 deletions deploy/demo/cert-manager/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v2
name: cert-manager
description: An umbrella chart to configure cert-manager.
version: 1.9.1
dependencies:
- name: cert-manager
version: 1.9.1
repository: https://charts.jetstack.io
2 changes: 2 additions & 0 deletions deploy/demo/cert-manager/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
cert-manager:
installCRDs: true
15 changes: 15 additions & 0 deletions deploy/demo/clusterissuers/letsencrypt-production.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
preferredChain: ISRG Root X1
email: nicklas.frahm@gmail.com
privateKeySecretRef:
name: letsencrypt-production-clusterissuer-key
solvers:
- http01:
ingress:
class: traefik
15 changes: 15 additions & 0 deletions deploy/demo/clusterissuers/letsencrypt-staging.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
preferredChain: ISRG Root X1
email: nicklas.frahm@gmail.com
privateKeySecretRef:
name: letsencrypt-staging-clusterissuer-key
solvers:
- http01:
ingress:
class: traefik
26 changes: 26 additions & 0 deletions deploy/demo/haproxy.cfg
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
listen http
bind *:80
mode tcp
option tcplog
balance leastconn
server golf 10.0.11.241:32080 check inter 1s
server hotel 10.0.11.242:32080 check inter 1s
server india 10.0.11.243:32080 check inter 1s

listen https
bind *:443
mode tcp
option tcplog
balance leastconn
server golf 10.0.11.241:32443 check inter 1s
server hotel 10.0.11.242:32443 check inter 1s
server india 10.0.11.243:32433 check inter 1s

listen kubeapi
bind *:6443
mode tcp
option tcplog
balance leastconn
server golf 10.0.11.241:6443 check
server hotel 10.0.11.242:6443 check
server india 10.0.11.243:6443 check
52 changes: 52 additions & 0 deletions deploy/demo/k3se.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Version may either be a specific k3s version or a release channel
# as listed here: https://update.k3s.io/v1-release/channels
version: stable

# Cluster provides cluster-wide settings that should be applied
# to all nodes in the cluster. All options are equivalent to the
# commmand line options of the `k3s` command.
cluster:
server:
# It is highly recommended to always specify this option as it
# is used to determine the server URL of the cluster.
tls-san:
- k3se.nicklasfrahm.xyz
disable:
- traefik
flannel-iface: eth0
cluster-cidr:
- 10.254.0.0/16
service-cidr:
- 10.255.0.0/16
cluster-dns:
- 10.255.0.10

# A list of all nodes in the cluster and their connection information.
nodes:
- role: server
ssh:
host: 10.0.11.241
fingerprint: SHA256:t/bwWCelgcAEYmQW9XbM4p31e1Qq70ZPWOKK+FRxBCc
user: nicklasfrahm
key-file: ~/.ssh/id_ed25519

- role: server
ssh:
host: 10.0.11.242
fingerprint: SHA256:OkCD98O5RdzBYc8BIdSpPQkTeNTtYuaEGODThqi/4sk
user: nicklasfrahm
key-file: ~/.ssh/id_ed25519

- role: server
ssh:
host: 10.0.11.243
fingerprint: SHA256:GnIesLNIAwgJJX9s3M26mmkXlM90DJ0LS1ZyIoCa5V0
user: nicklasfrahm
key-file: ~/.ssh/id_ed25519

# An SSH proxy, also known as jumpbox or a bastion host
# can be used to access nodes in a private network.
ssh-proxy:
host: k3se.nicklasfrahm.xyz
user: nicklasfrahm
key-file: ~/.ssh/id_ed25519
6 changes: 6 additions & 0 deletions deploy/demo/traefik/Chart.lock
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
dependencies:
- name: traefik
repository: https://helm.traefik.io/traefik
version: 10.24.0
digest: sha256:92dfb96eee281fd2d1f301df59247c33ae1ecda50dd9ffa2bcb58a0669b0958c
generated: "2022-07-27T20:44:44.075441754+02:00"
8 changes: 8 additions & 0 deletions deploy/demo/traefik/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v2
name: traefik
description: An umbrella chart to configure the Traefik ingress controller.
version: 10.24.0
dependencies:
- name: traefik
version: 10.24.0
repository: https://helm.traefik.io/traefik
40 changes: 40 additions & 0 deletions deploy/demo/traefik/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
traefik:
ingressClass:
enabled: yes
isDefaultClass: yes

service:
enabled: yes
type: LoadBalancer

resources:
requests:
cpu: 250m
memory: 256Mi

ports:
traefik:
port: 9000
expose: no
exposedPort: 9000
protocol: TCP
web:
port: 8080
expose: yes
exposedPort: 80
nodePort: 32080
protocol: TCP
redirectTo: websecure
websecure:
port: 8443
expose: yes
exposedPort: 443
nodePort: 32443
protocol: TCP
tls:
enabled: yes

providers:
kubernetesIngress:
publishedService:
enabled: true

0 comments on commit a150d16

Please sign in to comment.