Skip to content

Instantly share code, notes, and snippets.

@tomazzaman

tomazzaman/glusterfs-endpoints.yml

Last active June 19, 2017 10:57
Show Gist options
  • Save tomazzaman/5639efa1cf694f629008345e35a12baf to your computer and use it in GitHub Desktop.
Save tomazzaman/5639efa1cf694f629008345e35a12baf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
glusterfs-endpoints.yml
kind: Endpoints
apiVersion: v1
metadata:
name: glusterfs
subsets:
- addresses:
# Change the following to match your GlusterFS instance IPs
- ip: 10.132.0.5
- ip: 10.132.0.6
ports:
- port: 1
Raw
glusterfs-service.yml
kind: Service
apiVersion: v1
metadata:
name: glusterfs
spec:
ports:
- protocol: TCP
port: 1
Raw
lego-configmap.yml
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-lego
namespace: kube-system
data:
# modify this to specify your address
lego.email: "[email protected]"
# configre letsencrypt's production api, since default is staging
lego.url: "https://acme-v01.api.letsencrypt.org/directory"
Raw
lego-deployment.yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: kube-lego
namespace: kube-system
spec:
replicas: 1
template:
metadata:
labels:
# Required for the auto-create kube-lego-nginx service to work.
app: kube-lego
spec:
containers:
- name: kube-lego
image: jetstack/kube-lego:0.1.4
imagePullPolicy: Always
ports:
- containerPort: 8080
env:
- name: LEGO_LOG_LEVEL
value: debug
- name: LEGO_EMAIL
valueFrom:
configMapKeyRef:
name: kube-lego
key: lego.email
- name: LEGO_URL
valueFrom:
configMapKeyRef:
name: kube-lego
key: lego.url
- name: LEGO_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LEGO_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 1
Raw
wordpress-deployment.yml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: wordpress
spec:
replicas: 3
selector:
matchLabels:
app: wordpress
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: wordpress
spec:
containers:
- env:
- name: DB_HOST
# Set to localhost because we're connecting through the proxy in the same pod
value: 127.0.0.1:3306
- name: DB_NAME
value: wp_tutorial
- name: DB_USER
value: wp_user
- name: WP_DEBUG
value: "true"
# No password needed, just define a blank variable
- name: DB_PASSWORD
image: codeable/kubepress:4.7.5
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: 80
initialDelaySeconds: 10
periodSeconds: 3
readinessProbe:
httpGet:
path: /healthz
port: 80
initialDelaySeconds: 10
periodSeconds: 3
name: wordpress
ports:
- containerPort: 80
name: wordpress
protocol: TCP
volumeMounts:
- mountPath: /var/www/wordpress/wp-content
name: glusterfs
- mountPath: /etc/secrets
name: secrets
readOnly: true
- command:
- /cloud_sql_proxy
- --dir=/cloudsql
# connection name can be fetched by running
# gcloud beta sql instances list
# gcloud beta sql instances describe [your instance name]
# On the describe page, look for "connectionName"
- -instances=[MYSQL_CONNECTION_NAME]=tcp:3306
- -credential_file=/secrets/cloudsql/credentials.json
image: gcr.io/cloudsql-docker/gce-proxy:1.09
name: cloudsql-proxy
volumeMounts:
- mountPath: /secrets/cloudsql
name: cloudsql-instance-credentials
readOnly: true
- mountPath: /etc/ssl/certs
name: ssl-certs
- mountPath: /cloudsql
name: cloudsql
restartPolicy: Always
volumes:
- name: glusterfs
glusterfs:
endpoints: glusterfs
# path should match whatever you've named your volume with a prepending slash "/"
path: /wp-content-site1
readOnly: false
- name: cloudsql-instance-credentials
secret:
defaultMode: 420
secretName: cloudsql-instance-credentials
- hostPath:
path: /etc/ssl/certs
name: ssl-certs
- emptyDir: {}
name: cloudsql
- name: secrets
secret:
defaultMode: 420
secretName: wordpress-secrets
Raw
wordpress-ingress-tls.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: wordpress
annotations:
kubernetes.io/ingress.class: gce
kubernetes.io/tls-acme: "true"
spec:
tls:
- hosts:
# Change the host to whatever domain you want to use your WP on
- kube.codeable.co
secretName: kube-tls
rules:
# Change the host to whatever domain you want to use your WP on
- host: kube.codeable.co
http:
paths:
- backend:
serviceName: wordpress
servicePort: 80
Raw
wordpress-ingress.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: wordpress
spec:
rules:
# Change the host to whatever domain you want to use your WP on
- host: kube.codeable.co
http:
paths:
- backend:
serviceName: wordpress
servicePort: 80
Raw
wordpress-secrets.yml
# To generate these, visit: https://api.wordpress.org/secret-key/1.1/salt/
# and convert each one of those by copying just the value (single quotes included), so that this line:
# define('AUTH_KEY', '8Vz5tGgctpOrCj0ppx#_JBn7%/:e!(Z0_9e:z+/rH:e:.?!0L}7vuG1r(0CgE-*X');
# becomes (the following line is a shell command)
# echo '8Vz5tGgctpOrCj0ppx#_JBn7%/:e!(Z0_9e:z+/rH:e:.?!0L}7vuG1r(0CgE-*X' | base64
# This give us back:
# OFZ6NXRHZ2N0cE9yQ2owcHB4I19KQm43JS86ZSEoWjBfOWU6eisvckg6ZTouPyEwTH03dnVHMXIoMENnRS0qWAo=
# which we then paste as the AUTH_KEY value below (don't forget the tailing equals sign!)
apiVersion:
kind: Secret
metadata:
name: wordpress-secrets
type: Opaque
data:
AUTH_KEY:
SECURE_AUTH_KEY:
LOGGED_IN_KEY:
NONCE_KEY:
AUTH_SALT:
SECURE_AUTH_SALT:
LOGGED_IN_SALT:
NONCE_SALT:
Raw
wordpress-service.yml
apiVersion: v1
kind: Service
metadata:
labels:
app: wordpress
name: wordpress
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: wordpress
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment