From 8c7055050db228a0c5d1c9d316db2b283b65052c Mon Sep 17 00:00:00 2001 From: Nicolas Trangez Date: Mon, 9 Nov 2020 13:12:22 +0000 Subject: [PATCH] deploy/kubernetes: import generated files Generated files should be part of a release. --- deploy/kubernetes/base/service-headless.yml | 62 +++++ deploy/kubernetes/base/service.yml | 62 +++++ deploy/kubernetes/base/statefulset.yml | 232 ++++++++++++++++++ .../overlays/local/kustomization.yml | 27 ++ 4 files changed, 383 insertions(+) create mode 100644 deploy/kubernetes/base/service-headless.yml create mode 100644 deploy/kubernetes/base/service.yml create mode 100644 deploy/kubernetes/base/statefulset.yml create mode 100644 deploy/kubernetes/overlays/local/kustomization.yml diff --git a/deploy/kubernetes/base/service-headless.yml b/deploy/kubernetes/base/service-headless.yml new file mode 100644 index 0000000..3026076 --- /dev/null +++ b/deploy/kubernetes/base/service-headless.yml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: Service +metadata: + name: nfs-ganesha-headless + labels: + app: contained-ganesha + component: nfs-ganesha +spec: + selector: + app: contained-ganesha + component: nfs-ganesha + clusterIP: None + sessionAffinity: ClientIP + ports: + - name: portmapper-tcp + port: 111 + protocol: TCP + targetPort: portmapper-tcp + - name: portmapper-udp + port: 111 + protocol: UDP + targetPort: portmapper-udp + - name: status-tcp + port: 865 + protocol: TCP + targetPort: status-tcp + - name: status-udp + port: 865 + protocol: UDP + targetPort: status-udp + - name: nlockmgr-tcp + port: 866 + protocol: TCP + targetPort: nlockmgr-tcp + - name: nlockmgr-udp + port: 866 + protocol: UDP + targetPort: nlockmgr-udp + - name: rquotad-tcp + port: 875 + protocol: TCP + targetPort: rquotad-tcp + - name: rquotad-udp + port: 875 + protocol: UDP + targetPort: rquotad-udp + - name: nfs-tcp + port: 2049 + protocol: TCP + targetPort: nfs-tcp + - name: nfs-udp + port: 2049 + protocol: UDP + targetPort: nfs-udp + - name: mountd-tcp + port: 20048 + protocol: TCP + targetPort: mountd-tcp + - name: mountd-udp + port: 20048 + protocol: UDP + targetPort: mountd-udp diff --git a/deploy/kubernetes/base/service.yml b/deploy/kubernetes/base/service.yml new file mode 100644 index 0000000..f638be5 --- /dev/null +++ b/deploy/kubernetes/base/service.yml @@ -0,0 +1,62 @@ +apiVersion: v1 +kind: Service +metadata: + name: nfs-ganesha + labels: + app: contained-ganesha + component: nfs-ganesha +spec: + selector: + app: contained-ganesha + component: nfs-ganesha + + sessionAffinity: ClientIP + ports: + - name: portmapper-tcp + port: 111 + protocol: TCP + targetPort: portmapper-tcp + - name: portmapper-udp + port: 111 + protocol: UDP + targetPort: portmapper-udp + - name: status-tcp + port: 865 + protocol: TCP + targetPort: status-tcp + - name: status-udp + port: 865 + protocol: UDP + targetPort: status-udp + - name: nlockmgr-tcp + port: 866 + protocol: TCP + targetPort: nlockmgr-tcp + - name: nlockmgr-udp + port: 866 + protocol: UDP + targetPort: nlockmgr-udp + - name: rquotad-tcp + port: 875 + protocol: TCP + targetPort: rquotad-tcp + - name: rquotad-udp + port: 875 + protocol: UDP + targetPort: rquotad-udp + - name: nfs-tcp + port: 2049 + protocol: TCP + targetPort: nfs-tcp + - name: nfs-udp + port: 2049 + protocol: UDP + targetPort: nfs-udp + - name: mountd-tcp + port: 20048 + protocol: TCP + targetPort: mountd-tcp + - name: mountd-udp + port: 20048 + protocol: UDP + targetPort: mountd-udp diff --git a/deploy/kubernetes/base/statefulset.yml b/deploy/kubernetes/base/statefulset.yml new file mode 100644 index 0000000..39528ef --- /dev/null +++ b/deploy/kubernetes/base/statefulset.yml @@ -0,0 +1,232 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: nfs-ganesha + labels: + app: contained-ganesha + component: nfs-ganesha +spec: + selector: + matchLabels: + app: contained-ganesha + component: nfs-ganesha + serviceName: nfs-ganesha-headless + replicas: 1 + template: + metadata: + labels: + app: contained-ganesha + component: nfs-ganesha + spec: + automountServiceAccountToken: false + shareProcessNamespace: true + + containers: + - name: nfs-ganesha + image: docker.pkg.github.com/nicolast/contained-ganesha/nfs-ganesha:latest + env: + - name: NLOCKMGR_PORT + value: "866" + - name: RQUOTAD_PORT + value: "875" + - name: NFS_PORT + value: "2049" + - name: MOUNTD_PORT + value: "20048" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + add: + - CHOWN + - DAC_OVERRIDE + - DAC_READ_SEARCH + - FOWNER + - FSETID + - NET_BIND_SERVICE + - SETGID + - SETUID + ports: + - name: nlockmgr-tcp + containerPort: 866 + protocol: TCP + - name: nlockmgr-udp + containerPort: 866 + protocol: UDP + - name: rquotad-tcp + containerPort: 875 + protocol: TCP + - name: rquotad-udp + containerPort: 875 + protocol: UDP + - name: nfs-tcp + containerPort: 2049 + protocol: TCP + - name: nfs-udp + containerPort: 2049 + protocol: UDP + - name: mountd-tcp + containerPort: 20048 + protocol: TCP + - name: mountd-udp + containerPort: 20048 + protocol: UDP + livenessProbe: + tcpSocket: + port: nfs-tcp + readinessProbe: + exec: + command: ["/healthcheck.sh"] + timeoutSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: run + mountPath: /run + - name: dbus-daemon-run + mountPath: /run/dbus + readOnly: true + - name: nfs-ganesha-lib + mountPath: /var/lib/nfs/ganesha + - name: nfs-ganesha-tmp + mountPath: /tmp + - name: nfs-ganesha-config + mountPath: /etc/ganesha/ganesha.conf.d + readOnly: true + + - name: ganesha-config-reload + image: docker.pkg.github.com/nicolast/contained-ganesha/ganesha-config-reload:latest + args: + - -mode=configmap + - -pid=/run/ganesha/ganesha.pid + - /etc/ganesha/ganesha.conf.d + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: run + mountPath: /run + readOnly: true + - name: nfs-ganesha-config + mountPath: /etc/ganesha/ganesha.conf.d + readOnly: true + + - name: rpcbind + image: docker.pkg.github.com/nicolast/contained-ganesha/rpcbind:latest + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + add: + - DAC_OVERRIDE + - CHOWN + - NET_BIND_SERVICE + - SETGID + - SETUID + ports: + - name: portmapper-tcp + containerPort: 111 + protocol: TCP + - name: portmapper-udp + containerPort: 111 + protocol: UDP + livenessProbe: + tcpSocket: + port: portmapper-tcp + readinessProbe: + exec: + command: ["/healthcheck.sh"] + timeoutSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: run + mountPath: /run + + - name: rpc-statd + image: docker.pkg.github.com/nicolast/contained-ganesha/rpc.statd:latest + env: + - name: STATUS_PORT + value: "865" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + add: + - DAC_OVERRIDE + - CHOWN + - NET_BIND_SERVICE + - SETGID + - SETPCAP + - SETUID + ports: + - name: status-tcp + containerPort: 865 + protocol: TCP + - name: status-udp + containerPort: 865 + protocol: UDP + livenessProbe: + tcpSocket: + port: status-tcp + readinessProbe: + exec: + command: ["/healthcheck.sh"] + timeoutSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: run + mountPath: /run + - name: rpc-statd-lib + mountPath: /var/lib/nfs + + - name: dbus-daemon + image: docker.pkg.github.com/nicolast/contained-ganesha/dbus-daemon:latest + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + add: + - SETGID + - SETPCAP + - SETUID + livenessProbe: + exec: + command: ["/healthcheck.sh"] + timeoutSeconds: 10 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: dbus-daemon-run + mountPath: /run/dbus + - name: dbus-daemon-lib + mountPath: /var/lib/dbus + + volumes: + - name: nfs-ganesha-lib + emptyDir: + - name: nfs-ganesha-tmp + emptyDir: + medium: Memory + - name: nfs-ganesha-config + configMap: + name: nfs-ganesha + - name: run + emptyDir: + medium: Memory + - name: rpc-statd-lib + emptyDir: + - name: dbus-daemon-run + emptyDir: + medium: Memory + - name: dbus-daemon-lib + emptyDir: diff --git a/deploy/kubernetes/overlays/local/kustomization.yml b/deploy/kubernetes/overlays/local/kustomization.yml new file mode 100644 index 0000000..15ad09c --- /dev/null +++ b/deploy/kubernetes/overlays/local/kustomization.yml @@ -0,0 +1,27 @@ +bases: + - ../../base + +images: + - name: docker.pkg.github.com/nicolast/contained-ganesha/rpcbind + newName: contained-ganesha/rpcbind + newTag: latest + - name: docker.pkg.github.com/nicolast/contained-ganesha/rpc.statd + newName: contained-ganesha/rpc.statd + newTag: latest + - name: docker.pkg.github.com/nicolast/contained-ganesha/dbus-daemon + newName: contained-ganesha/dbus-daemon + newTag: latest + - name: docker.pkg.github.com/nicolast/contained-ganesha/nfs-ganesha + newName: contained-ganesha/nfs-ganesha + newTag: latest + - name: docker.pkg.github.com/nicolast/contained-ganesha/ganesha-config-reload + newName: contained-ganesha/ganesha-config-reload + newTag: latest + +patchesJson6902: +- target: + group: apps + version: v1 + kind: StatefulSet + name: nfs-ganesha + path: image-pull-policy-patch.yml