mirror of https://github.com/k3s-io/k3s
129 lines
2.7 KiB
YAML
129 lines
2.7 KiB
YAML
|
apiVersion: apps/v1
|
||
|
kind: DaemonSet
|
||
|
metadata:
|
||
|
name: example
|
||
|
namespace: default
|
||
|
labels:
|
||
|
app.kubernetes.io: example
|
||
|
spec:
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app.kubernetes.io/name: example
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
app.kubernetes.io/name: example
|
||
|
spec:
|
||
|
automountServiceAccountToken: false
|
||
|
securityContext:
|
||
|
runAsUser: 405
|
||
|
runAsGroup: 100
|
||
|
containers:
|
||
|
- name: socat
|
||
|
image: docker.io/alpine/socat:1.7.4.3-r1
|
||
|
args:
|
||
|
- "TCP-LISTEN:8080,reuseaddr,fork"
|
||
|
- "EXEC:echo -e 'HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n$(NODE_IP) $(POD_NAMESPACE)/$(POD_NAME)\r\n'"
|
||
|
ports:
|
||
|
- containerPort: 8080
|
||
|
name: http
|
||
|
env:
|
||
|
- name: NODE_IP
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: status.hostIP
|
||
|
- name: POD_NAMESPACE
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.namespace
|
||
|
- name: POD_NAME
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.name
|
||
|
readinessProbe:
|
||
|
initialDelaySeconds: 2
|
||
|
periodSeconds: 10
|
||
|
httpGet:
|
||
|
path: /
|
||
|
port: 8080
|
||
|
---
|
||
|
apiVersion: v1
|
||
|
kind: Service
|
||
|
metadata:
|
||
|
name: example
|
||
|
namespace: default
|
||
|
spec:
|
||
|
type: NodePort
|
||
|
selector:
|
||
|
app.kubernetes.io/name: example
|
||
|
ports:
|
||
|
- name: http
|
||
|
protocol: TCP
|
||
|
port: 80
|
||
|
nodePort: 30096
|
||
|
targetPort: http
|
||
|
---
|
||
|
apiVersion: networking.k8s.io/v1
|
||
|
kind: Ingress
|
||
|
metadata:
|
||
|
name: example
|
||
|
spec:
|
||
|
rules:
|
||
|
- host: "example.com"
|
||
|
http:
|
||
|
paths:
|
||
|
- pathType: Prefix
|
||
|
path: "/"
|
||
|
backend:
|
||
|
service:
|
||
|
name: example
|
||
|
port:
|
||
|
name: http
|
||
|
---
|
||
|
# Allow access to example backend from traefik ingress
|
||
|
apiVersion: networking.k8s.io/v1
|
||
|
kind: NetworkPolicy
|
||
|
metadata:
|
||
|
name: ingress-to-backend-example
|
||
|
namespace: default
|
||
|
spec:
|
||
|
podSelector:
|
||
|
matchLabels:
|
||
|
app.kubernetes.io/name: example
|
||
|
ingress:
|
||
|
- ports:
|
||
|
- port: 8080
|
||
|
protocol: TCP
|
||
|
- from:
|
||
|
- namespaceSelector:
|
||
|
matchLabels:
|
||
|
kubernetes.io/metadata.name: kube-system
|
||
|
podSelector:
|
||
|
matchLabels:
|
||
|
app.kubernetes.io/name: traefik
|
||
|
policyTypes:
|
||
|
- Ingress
|
||
|
---
|
||
|
# Allow access to example backend from outside the cluster via nodeport service
|
||
|
apiVersion: networking.k8s.io/v1
|
||
|
kind: NetworkPolicy
|
||
|
metadata:
|
||
|
name: nodeport-to-backend-example
|
||
|
namespace: default
|
||
|
spec:
|
||
|
podSelector:
|
||
|
matchLabels:
|
||
|
app.kubernetes.io/name: example
|
||
|
ingress:
|
||
|
- ports:
|
||
|
- port: 8080
|
||
|
protocol: TCP
|
||
|
- from:
|
||
|
- ipBlock:
|
||
|
cidr: 0.0.0.0/0
|
||
|
except:
|
||
|
- 10.42.0.0/16
|
||
|
- 10.43.0.0/16
|
||
|
policyTypes:
|
||
|
- Ingress
|