AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allard
2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
lp/quay/README.md Executable file
View File

@@ -0,0 +1,88 @@
#Installatie
#eigen namespace:
kubectl create ns quay
#Redis:
is al geinstalleeerd op de odroid, 192.168.2.239:6379 password: Redis01@
#Postgress13:
is al geinstalleerd op de odroid. 192.168.2.235:5432 password: quay
installeren van extensies:
- inloggen incontainer:
kubectl exec -it postgres13-0 -n postgres
- inloggen op dadabase quay:
psql -U quay --dbname=quay
- sql uitvoeren:
create extension if not exists pg_trgm;
#quay
kubectl apply -f quay.yaml -n quay
#SSL configureren:
Mounten van een certificaat is helaas niet mogelijk omdat dit dezelfde directory in de container
is waar je ook al config.yaml mount vanaf de nfs-share.
daarom:
- eerst op pisvrwsv01 letsencrypt-certificaat laten maken via certmanager:
kubectl apply -f certificate.yaml
Er ontstaat dan een secret: "quay.alldcs.nl-tls"
dan de ssl-cert en ssl.key extraheren:
kubectl get secret quay.alldcs.nl-tls -o json -o=jsonpath="{.data.tls\.crt}" | base64 -d > ssl.cert
kubectl get secret quay.alldcs.nl-tls -o json -o=jsonpath="{.data.tls\.key}" | base64 -d > ssl.key
Vervolgens deze twee bestandjes kopieren naar /mnt/nfs-share/quay/conf op de NFS-server.
NIET VERGETEN ZE LEESBAAR TE MAKEN: chmod 777....
#verdere configuratie:
stop quay:
kubectl delete -f quay.yaml
start quay in config mode:
kubectl apply -f quay-config.yaml
op een of andere manier werkt de ingressroute nu niet meer, daarom moet je nodeport
gebruiken:
ga naar:
localhost:<nodeport>
LET OP: dit moet!! LOCALHOST zijn.
log in met quay config enhet password uit de yamlfile: config01
configureer quay
download de config.yaml (die komt in /home/ubuntu/Downloads
untar de config.yaml
tar -zxf
kopieer de config.yaml naar de /mnt/nfs_share/quay/conf directory
start de gewone quay weer op.
kubectl apply -f quay.yaml
#autorisaties
je kunt FEATURE_USER_CREATION: true zetten in de config.yaml en dan gebruiker opvoeren.
vervolgens met pgadmin voor dit account "verified" op "true" zetten (via mail werkt nog niet).
Deze gebruiker kun je dan in de config.yaml bij SUPER_USER opvoeren.
Dan quay opnieuw opstarten en je bent administrator!
#integratie met Clair:
Quay starten in config mode:
kubectl run --rm -it --name quay_config -p 8080:8080 \
-v /home/ubuntu:/conf/stack \
quay.io/projectquay/quay:v3.10.0 config Quay01@@

11
lp/quay/catalog-info.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
name: lp-quay
title: Quay (lp)
spec:
type: service
lifecycle: production
owner: platform-team
partOf:
- ../catalog-info.yaml

16
lp/quay/certificate/certificate.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: quay.alldcs.nl-tls
namespace: quay
spec:
dnsNames:
- quay-lp.alldcs.nl
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: letsencrypt
secretName: quay-lp.alldcs.nl-tls
usages:
- digital signature
- key encipherment

2
lp/quay/credentials/create-quay-credentials Executable file
View File

@@ -0,0 +1,2 @@
cd ~/
microk8s kubectl create secret generic quay-credentials --from-file=.dockerconfigjson=.docker/config.json --type=kubernetes.io/dockerconfigjson

7
lp/quay/credentials/quay-credentials.yaml Executable file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: Secret
metadata:
name: quay-credentials
data:
.dockerconfigjson: ewogICJhdXRocyI6IHsKICAgICJxdWF5LmFsbGRjcy5ubCI6IHsKICAgICAgImF1dGgiOiAiWVd4c1lYSmtLM0p2WW05ME9raE1VVXBFVlZNMlNGSTNSMHRPVkVvMlJVNDFWVW8xT0VkS1FURXlOVkpMU0VOSU1FbzNVRkJPVGtGRlFVczJRMFpCVkRVNFNVdEVOalZhUTBsQ05qWT0iLAogICAgICAiZW1haWwiOiAiIgogICAgfQogIH0KfQ==
type: kubernetes.io/dockerconfigjson

14
lp/quay/ingressroute-http.yaml Executable file
View File

@@ -0,0 +1,14 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: quay-http
namespace: quay
spec:
entryPoints:
- web
routes:
- match: Host(`quay-lp.allarddcs.nl`)
kind: Rule
services:
- name: quay
port: 8080

16
lp/quay/ingressroute-tls.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: quay-tls
namespace: quay
spec:
entryPoints:
- websecure
routes:
- match: Host(`quay-lp.allarddcs.nl`)
kind: Rule
services:
- name: quay
port: 443
tls:
certResolver: letsencrypt

16
lp/quay/ingressrouteTCP.yaml Executable file
View File

@@ -0,0 +1,16 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: quay-tcp
namespace: quay
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`quay-lp.alldcs.nl`)
services:
- name: quay
port: 443
tls:
passthrough: true

94
lp/quay/quay-config.yaml Executable file
View File

@@ -0,0 +1,94 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: quay
namespace: quay
labels:
app: quay
spec:
replicas: 1
selector:
matchLabels:
app: quay
template:
metadata:
labels:
app: quay
spec:
containers:
- name: quay
image: quay.io/projectquay/quay:latest
args:
- config
env:
- name: CONFIG_APP_PASSWORD
value: config01
ports:
- containerPort: 8080
name: web
- containerPort: 8443
name: websecure
volumeMounts:
- mountPath: /quay-registry/conf/stack/
name: quay
subPath: conf
- mountPath: /quay-registry/datastorage/
name: quay
subPath: data
nodeSelector:
kubernetes.io/arch: amd64
volumes:
- name: quay
persistentVolumeClaim:
claimName: quay-pvc
---
apiVersion: v1
kind: Service
metadata:
name: quay
namespace: quay
spec:
ports:
- name: http
targetPort: 8080
port: 8080
- name: https
targetPort: 8443
port: 443
selector:
app: quay
type: NodePort
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: quay-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/quay
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: quay-pvc
namespace: quay
spec:
storageClassName: ""
volumeName: quay-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi

89
lp/quay/quay.yaml Executable file
View File

@@ -0,0 +1,89 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: quay
namespace: quay
labels:
app: quay
spec:
replicas: 1
selector:
matchLabels:
app: quay
template:
metadata:
labels:
app: quay
spec:
containers:
- name: quay
image: quay.io/projectquay/quay:latest
ports:
- containerPort: 8080
name: web
- containerPort: 8443
name: websecure
volumeMounts:
- mountPath: /quay-registry/conf/stack/
name: quay
subPath: conf
- mountPath: /quay-registry/datastorage/
name: quay
subPath: data
nodeSelector:
kubernetes.io/arch: amd64
volumes:
- name: quay
persistentVolumeClaim:
claimName: quay-pvc
---
apiVersion: v1
kind: Service
metadata:
name: quay
namespace: quay
spec:
ports:
- name: http
targetPort: 8080
port: 8080
- name: https
targetPort: 8443
port: 443
selector:
app: quay
type: NodePort
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: quay-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/quay
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: quay-pvc
namespace: quay
spec:
storageClassName: ""
volumeName: quay-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi