From 3f5c9bb26b3a404a22b4d7dcdce0c28316deed93 Mon Sep 17 00:00:00 2001 From: Mikael Frykholm Date: Tue, 3 Dec 2024 15:05:09 +0100 Subject: [PATCH] mitigate noexecute taint to allow ingress pods, add manifest for pgcluster. --- k8s/cnpg-cluster.yaml | 14 ++++++ k8s/ingress.yaml | 108 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+) create mode 100644 k8s/cnpg-cluster.yaml create mode 100644 k8s/ingress.yaml diff --git a/k8s/cnpg-cluster.yaml b/k8s/cnpg-cluster.yaml new file mode 100644 index 0000000..6df8646 --- /dev/null +++ b/k8s/cnpg-cluster.yaml @@ -0,0 +1,14 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: cluster-rut-test + namespace: sunet-cnpg +spec: + instances: 3 + storage: + size: 10Gi + affinity: + enablePodAntiAffinity: true + topologyKey: failure-domain.beta.kubernetes.io/zone + nodeSelector: + sunet.se/role: cnpg diff --git a/k8s/ingress.yaml b/k8s/ingress.yaml new file mode 100644 index 0000000..9bf02f3 --- /dev/null +++ b/k8s/ingress.yaml @@ -0,0 +1,108 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + annotations: + labels: + node.kubernetes.io/microk8s-controlplane: microk8s-controlplane + name: nginx-ingress-microk8s-controller + namespace: ingress + resourceVersion: "57362743" + uid: 6c9d633a-ea77-4120-9d63-71b12905fc52 +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + name: nginx-ingress-microk8s + template: + metadata: + creationTimestamp: null + labels: + name: nginx-ingress-microk8s + spec: + containers: + - args: + - /nginx-ingress-controller + - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf + - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf + - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf + - --ingress-class=public + - ' ' + - --publish-status-address=127.0.0.1 + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/controller:v1.8.0 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: nginx-ingress-microk8s + ports: + - containerPort: 80 + hostPort: 80 + name: http + protocol: TCP + - containerPort: 443 + hostPort: 443 + name: https + protocol: TCP + - containerPort: 10254 + hostPort: 10254 + name: health + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: nginx-ingress-microk8s-serviceaccount + serviceAccountName: nginx-ingress-microk8s-serviceaccount + terminationGracePeriodSeconds: 60 + tolerations: + - effect: NoExecute + key: cp-node + operator: Equal + value: "true" + updateStrategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate