Created
May 24, 2024 14:18
-
-
Save juztas/29e642b8e93cfedb77c74e79f83c743c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: cert-manager.io/v1 | |
| kind: Issuer | |
| metadata: | |
| name: letsencrypt | |
| namespace: opennsa | |
| spec: | |
| acme: | |
| email: juztas@gmail.com | |
| preferredChain: "" | |
| privateKeySecretRef: | |
| name: issuer-account-key | |
| server: https://acme-v02.api.letsencrypt.org/directory | |
| solvers: | |
| - http01: | |
| ingress: | |
| class: haproxy | |
| ingressTemplate: | |
| metadata: | |
| annotations: | |
| ingress.kubernetes.io/ssl-redirect: "false" | |
| serviceType: ClusterIP | |
| --- | |
| apiVersion: cert-manager.io/v1 | |
| kind: Certificate | |
| metadata: | |
| annotations: | |
| name: cert-echo-test | |
| namespace: opennsa | |
| spec: | |
| commonName: echo-test.nrp-nautilus.io | |
| dnsNames: | |
| - echo-test.nrp-nautilus.io | |
| issuerRef: | |
| kind: Issuer | |
| name: letsencrypt | |
| secretName: cert-echo-test | |
| --- | |
| apiVersion: v1 | |
| data: | |
| snmp-mon.yaml: | | |
| --- | |
| logParams: | |
| logFile: '/opt/snmpmon/logfile.log' | |
| logLevel: 'DEBUG' | |
| rotateTime: 'midnight' | |
| backupCount: 5 | |
| tmpdir: '/opt/snmpmon/output/' | |
| authorize_dns: | |
| - "/C=US/ST=California/L=Pasadena/O=Caltech/CN=sdn-sense.dev/C=US/ST=California/L=Pasadena/O=Caltech/CN=autogole-grafana-prometheus.ultralight.org" | |
| - "/C=US/O=Let's Encrypt/CN=R3/CN=echo-test.nrp-nautilus.io" | |
| - "/DC=ch/DC=cern/CN=CERN Grid Certification Authority/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=jbalcas/CN=751133/CN=Justas Balcas" | |
| snmpMon: | |
| edgecore_s0: | |
| network_os: sonic | |
| snmpParams: | |
| community: public | |
| hostname: 1.1.1.1 | |
| version: 2 | |
| kind: ConfigMap | |
| metadata: | |
| creationTimestamp: null | |
| name: echo-test | |
| namespace: opennsa | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| k8s-app: echo-test | |
| name: echo-test | |
| namespace: opennsa | |
| spec: | |
| progressDeadlineSeconds: 600 | |
| replicas: 1 | |
| revisionHistoryLimit: 10 | |
| selector: | |
| matchLabels: | |
| k8s-app: echo-test | |
| strategy: | |
| rollingUpdate: | |
| maxSurge: 1 | |
| maxUnavailable: 1 | |
| type: RollingUpdate | |
| template: | |
| metadata: | |
| labels: | |
| k8s-app: echo-test | |
| spec: | |
| affinity: | |
| nodeAffinity: | |
| requiredDuringSchedulingIgnoredDuringExecution: | |
| nodeSelectorTerms: | |
| - matchExpressions: | |
| - key: kubernetes.io/hostname | |
| operator: In | |
| values: | |
| - k8s-igrok-01.calit2.optiputer.net | |
| - k8s-igrok-02.calit2.optiputer.net | |
| - k8s-igrok-03.calit2.optiputer.net | |
| - k8s-igrok-04.calit2.optiputer.net | |
| - k8s-igrok-05.calit2.optiputer.net | |
| - k8s-igrok-06.calit2.optiputer.net | |
| containers: | |
| - image: sdnsense/nsi-snmpmon:dev | |
| imagePullPolicy: Always | |
| env: | |
| - name: LISTEN_SNMPMON_PORT | |
| value: "8443" | |
| name: echo-test | |
| ports: | |
| - containerPort: 8443 | |
| protocol: TCP | |
| resources: | |
| limits: | |
| cpu: "1" | |
| memory: 1Gi | |
| requests: | |
| cpu: "1" | |
| memory: 1Gi | |
| volumeMounts: | |
| - mountPath: /etc/snmp-mon.yaml | |
| name: echo-test | |
| subPath: snmp-mon.yaml | |
| - mountPath: /etc/httpd/certs/cert.pem | |
| name: cert-echo-test | |
| readOnly: true | |
| subPath: cert.pem | |
| - mountPath: /etc/httpd/certs/privkey.pem | |
| name: cert-echo-test | |
| readOnly: true | |
| subPath: privkey.pem | |
| terminationMessagePath: /dev/termination-log | |
| terminationMessagePolicy: File | |
| volumes: | |
| - name: echo-test | |
| configMap: | |
| name: snmpmon-prpdev | |
| defaultMode: 420 | |
| items: | |
| - key: snmp-mon.yaml | |
| path: snmp-mon.yaml | |
| - name: cert-echo-test | |
| secret: | |
| defaultMode: 420 | |
| items: | |
| - key: tls.crt | |
| path: cert.pem | |
| - key: tls.key | |
| path: privkey.pem | |
| secretName: cert-echo-test | |
| dnsPolicy: ClusterFirst | |
| restartPolicy: Always | |
| schedulerName: default-scheduler | |
| securityContext: {} | |
| terminationGracePeriodSeconds: 30 | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| namespace: opennsa | |
| labels: | |
| k8s-app: echo-test | |
| name: echo-test | |
| spec: | |
| ports: | |
| - port: 8443 | |
| protocol: TCP | |
| targetPort: 8443 | |
| name: https | |
| selector: | |
| k8s-app: echo-test | |
| type: ClusterIP | |
| --- | |
| apiVersion: networking.k8s.io/v1 | |
| kind: Ingress | |
| metadata: | |
| namespace: opennsa | |
| annotations: | |
| kubernetes.io/backend-protocol: HTTPS | |
| kubernetes.io/ingress.class: haproxy | |
| kubernetes.io/ssl-passthrough: "true" | |
| kubernetes.io/ssl-redirect: "true" | |
| name: echo-test | |
| spec: | |
| rules: | |
| - host: echo-test.nrp-nautilus.io | |
| http: | |
| paths: | |
| - path: / | |
| pathType: Prefix | |
| backend: | |
| service: | |
| name: echo-test | |
| port: | |
| number: 8443 | |
| tls: | |
| - hosts: | |
| - echo-test.nrp-nautilus.io | |
| secretName: cert-echo-test |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment