Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
e670a7bb
Commit
e670a7bb
authored
Apr 16, 2020
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update the Pod template example for new deployments supporting TLS.
WIP: undeployment currently not working correctly.
parent
beb79350
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
164 additions
and
10 deletions
+164
-10
cli-args.yaml
examples/varnish_pod_template/cli-args.yaml
+41
-2
deploy_env.sh
examples/varnish_pod_template/deploy_env.sh
+7
-0
env.yaml
examples/varnish_pod_template/env.yaml
+71
-6
proxy.yaml
examples/varnish_pod_template/proxy.yaml
+41
-2
undeploy.sh
examples/varnish_pod_template/undeploy.sh
+4
-0
No files found.
examples/varnish_pod_template/cli-args.yaml
View file @
e670a7bb
...
...
@@ -13,6 +13,8 @@ spec:
app
:
varnish-ingress
example
:
cli-args
spec
:
securityContext
:
fsGroup
:
998
containers
:
-
image
:
varnish-ingress/varnish
imagePullPolicy
:
IfNotPresent
...
...
@@ -22,14 +24,14 @@ spec:
containerPort
:
80
-
name
:
k8s
containerPort
:
8080
-
name
:
varnishadm
containerPort
:
6081
volumeMounts
:
-
name
:
adm-secret
mountPath
:
"
/var/run/varnish"
readOnly
:
true
-
name
:
varnish-home
mountPath
:
"
/var/run/varnish-home"
-
name
:
offload
mountPath
:
"
/var/run/offload"
livenessProbe
:
exec
:
command
:
...
...
@@ -54,6 +56,37 @@ spec:
-
"
900"
-
-p
-
workspace_client=256k
-
image
:
varnish-ingress/haproxy
imagePullPolicy
:
IfNotPresent
name
:
varnish-ingress-offloader
ports
:
-
name
:
tls
containerPort
:
443
-
name
:
k8s
containerPort
:
8443
volumeMounts
:
-
name
:
tls-cert
mountPath
:
"
/etc/ssl/private"
readOnly
:
true
-
name
:
offload
mountPath
:
"
/var/run/offload"
env
:
-
name
:
SECRET_DATAPLANEAPI
valueFrom
:
secretKeyRef
:
name
:
adm-secret
key
:
dataplaneapi
livenessProbe
:
exec
:
command
:
-
/usr/bin/pgrep
-
-P
-
"
0"
-
haproxy
readinessProbe
:
httpGet
:
path
:
/healthz
port
:
k8s
volumes
:
-
name
:
adm-secret
secret
:
...
...
@@ -61,6 +94,12 @@ spec:
items
:
-
key
:
admin
path
:
_.secret
-
name
:
tls-cert
secret
:
secretName
:
tls-cert
defaultMode
:
0440
-
name
:
varnish-home
emptyDir
:
medium
:
"
Memory"
-
name
:
offload
emptyDir
:
{}
examples/varnish_pod_template/deploy_env.sh
View file @
e670a7bb
...
...
@@ -4,4 +4,11 @@ kubectl apply -f ../hello/cafe.yaml
kubectl apply
-f
../hello/cafe-ingress.yaml
kubectl delete
-f
../../deploy/admin-svc.yaml
kubectl delete deploy varnish
echo
Waiting
until
example varnish-ingress Pods are deleted
kubectl
wait
--timeout
=
2m pod
-l
app
=
varnish-ingress
--for
=
delete
kubectl apply
-f
env.yaml
examples/varnish_pod_template/env.yaml
View file @
e670a7bb
...
...
@@ -13,6 +13,8 @@ spec:
app
:
varnish-ingress
example
:
env
spec
:
securityContext
:
fsGroup
:
998
containers
:
-
image
:
varnish-ingress/varnish
imagePullPolicy
:
IfNotPresent
...
...
@@ -22,14 +24,14 @@ spec:
containerPort
:
80
-
name
:
k8s
containerPort
:
8000
-
name
:
varnishadm
containerPort
:
7000
volumeMounts
:
-
name
:
adm-secret
mountPath
:
"
/var/secret"
readOnly
:
true
-
name
:
varnish-home
mountPath
:
"
/var/run/varnish-home"
-
name
:
offload
mountPath
:
"
/var/run/offload"
livenessProbe
:
exec
:
command
:
...
...
@@ -76,6 +78,39 @@ spec:
-
name
:
SECRET_FILE
value
:
adm.secret
-
image
:
varnish-ingress/haproxy
imagePullPolicy
:
IfNotPresent
name
:
varnish-ingress-offloader
ports
:
-
name
:
tls
containerPort
:
443
-
name
:
k8s
containerPort
:
8443
volumeMounts
:
-
name
:
tls-cert
mountPath
:
"
/etc/ssl/private"
readOnly
:
true
-
name
:
offload
mountPath
:
"
/var/run/offload"
env
:
-
name
:
SECRET_DATAPLANEAPI
valueFrom
:
secretKeyRef
:
name
:
adm-secret
key
:
dataplaneapi
-
name
:
VARNISH_READY_PORT
value
:
"
8000"
livenessProbe
:
exec
:
command
:
-
/usr/bin/pgrep
-
-P
-
"
0"
-
haproxy
readinessProbe
:
httpGet
:
path
:
/healthz
port
:
k8s
volumes
:
-
name
:
adm-secret
secret
:
...
...
@@ -83,9 +118,15 @@ spec:
items
:
-
key
:
admin
path
:
adm.secret
-
name
:
tls-cert
secret
:
secretName
:
tls-cert
defaultMode
:
0440
-
name
:
varnish-home
emptyDir
:
medium
:
"
Memory"
-
name
:
offload
emptyDir
:
{}
---
apiVersion
:
v1
kind
:
Service
...
...
@@ -98,10 +139,6 @@ metadata:
spec
:
type
:
NodePort
ports
:
-
port
:
7000
targetPort
:
7000
protocol
:
TCP
name
:
varnishadm
-
port
:
81
targetPort
:
81
protocol
:
TCP
...
...
@@ -109,3 +146,31 @@ spec:
selector
:
app
:
varnish-ingress
publishNotReadyAddresses
:
true
---
apiVersion
:
v1
kind
:
Service
metadata
:
name
:
varnish-ingress-env-admin
labels
:
app
:
varnish-ingress
spec
:
clusterIP
:
None
ports
:
-
port
:
7000
targetPort
:
7000
protocol
:
TCP
name
:
varnishadm
-
port
:
5555
targetPort
:
5555
protocol
:
TCP
name
:
dataplane
-
port
:
5556
targetPort
:
5556
protocol
:
TCP
name
:
faccess
-
port
:
9443
targetPort
:
9443
protocol
:
TCP
name
:
stats
selector
:
app
:
varnish-ingress
examples/varnish_pod_template/proxy.yaml
View file @
e670a7bb
...
...
@@ -13,6 +13,8 @@ spec:
app
:
varnish-ingress
example
:
proxy
spec
:
securityContext
:
fsGroup
:
998
containers
:
-
image
:
varnish-ingress/varnish
imagePullPolicy
:
IfNotPresent
...
...
@@ -22,14 +24,14 @@ spec:
containerPort
:
80
-
name
:
k8s
containerPort
:
8080
-
name
:
varnishadm
containerPort
:
6081
volumeMounts
:
-
name
:
adm-secret
mountPath
:
"
/var/run/varnish"
readOnly
:
true
-
name
:
varnish-home
mountPath
:
"
/var/run/varnish-home"
-
name
:
offload
mountPath
:
"
/var/run/offload"
livenessProbe
:
exec
:
command
:
...
...
@@ -50,6 +52,37 @@ spec:
# see: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
-
name
:
PROTO
value
:
PROXY
-
image
:
varnish-ingress/haproxy
imagePullPolicy
:
IfNotPresent
name
:
varnish-ingress-offloader
ports
:
-
name
:
tls
containerPort
:
443
-
name
:
k8s
containerPort
:
8443
volumeMounts
:
-
name
:
tls-cert
mountPath
:
"
/etc/ssl/private"
readOnly
:
true
-
name
:
offload
mountPath
:
"
/var/run/offload"
env
:
-
name
:
SECRET_DATAPLANEAPI
valueFrom
:
secretKeyRef
:
name
:
adm-secret
key
:
dataplaneapi
livenessProbe
:
exec
:
command
:
-
/usr/bin/pgrep
-
-P
-
"
0"
-
haproxy
readinessProbe
:
httpGet
:
path
:
/healthz
port
:
k8s
volumes
:
-
name
:
adm-secret
secret
:
...
...
@@ -57,6 +90,12 @@ spec:
items
:
-
key
:
admin
path
:
_.secret
-
name
:
tls-cert
secret
:
secretName
:
tls-cert
defaultMode
:
0440
-
name
:
varnish-home
emptyDir
:
medium
:
"
Memory"
-
name
:
offload
emptyDir
:
{}
examples/varnish_pod_template/undeploy.sh
View file @
e670a7bb
#! /bin/bash -ex
kubectl delete svc varnish-ingress-env-admin
kubectl delete svc varnish-ingress
kubectl delete deploy varnish
...
...
@@ -15,5 +17,7 @@ kubectl apply -f ../../deploy/varnish.yaml
kubectl apply
-f
../../deploy/nodeport.yaml
kubectl apply
-f
../../deploy/admin-svc.yaml
echo
Waiting
until
varnish-ingress Pods are running
kubectl
wait
--timeout
=
2m pod
-l
app
=
varnish-ingress
--for
=
condition
=
Initialized
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment