infrastructure/kubernetes
2
0
Fork 0
mirror of https://github.com/nofusscomputing/kubernetes.git synced 2025-08-02 04:22:42 +00:00
Code Issues Activity

feat(nginx): Add manifests

Browse Source
This commit is contained in:
Jon Lockwood
2025-06-10 19:42:42 +09:30
parent 29500cbb8d
commit 76f0490afc
10 changed files with 268 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
manifests/nginx/base/configmap-nginx.yaml Normal file
View File

@ -0,0 +1,25 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: webserver
app.kubernetes.io/name: nginx
app.kubernetes.io/part-of: nginx
name: nginx
data:
default.conf: |
server {
listen 80;
access_log /var/log/nginx/access-default.log main;
error_log /var/log/nginx/error-default.log;
error_page 500 502 503 504 /50x.html;
location / {
root /usr/share/nginx/html/;
}
}

47
manifests/nginx/base/deployment-nginx.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: webserver
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: webserver
template:
metadata:
labels:
app.kubernetes.io/component: webserver
spec:
containers:
- name: backend
image: docker.io/nginx:alpine
imagePullPolicy: Always
ports:
- containerPort: 80
name: http
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 10m
memory: 20Mi
volumeMounts:
- name: http-root
mountPath: /usr/share/nginx/html
mountPropagation: HostToContainer
- name: nginx-config
mountPath: /etc/nginx/conf.d
tolerations: []
volumes:
- name: http-root
hostPath:
# Ensure the file directory is created.
path: /opt/webserver
type: DirectoryOrCreate
- name: nginx-config
configMap:
name: nginx-config

19
manifests/nginx/base/kustomization.yaml Normal file
View File

@ -0,0 +1,19 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: website
commonLabels:
app.kubernetes.io/instance: cluster
app.kubernetes.io/name: nginx
app.kubernetes.io/part-of: nginx
resources:
- configmap-nginx.yaml
- service.yaml
- deployment-nginx.yaml

13
manifests/nginx/base/service.yaml Normal file
View File

@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: webserver
name: nginx
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80

23
manifests/nginx/components/gitlab_runner/kustomization.yaml Normal file
View File

@ -0,0 +1,23 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- runner-website.yaml
patches:
- target:
kind: Runner
name: gitlab-runner
patch: |-
# Runner Tags
# - op: add
# path: /spec/tags
# value: production,website
- op: add
path: /spec/runnerImage
value: registry.gitlab.com/gitlab-org/gitlab-runner:v17.6.0

19
manifests/nginx/components/gitlab_runner/runner-website.yaml Normal file
View File

@ -0,0 +1,19 @@
---
apiVersion: apps.gitlab.com/v1beta2
kind: Runner
metadata:
labels:
app.kubernetes.io/component: ci-cd-runner
app.kubernetes.io/name: gitlab
app.kubernetes.io/part-of: nginx
name: gitlab-runner
spec:
gitlabUrl: https://gitlab.com
podSpec:
- name: gitlab-runner
patchType: merge
patch: |
securityContext:
runAsNonRoot: false
token: token-secret-name

39
manifests/nginx/components/ingress/ingress.yaml Normal file
View File

@ -0,0 +1,39 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: "cluster"
cert-manager.io/common-name: "domain-name.tld"
cert-manager.io/duration: "2160h"
cert-manager.io/subject-organizations: "N/A"
cert-manager.io/subject-organizationalunits: "N/A"
cert-manager.io/subject-countries: "N/A"
cert-manager.io/subject-provinces: "N/A"
# cert-manager.io/subject-localities: "N/A"
cert-manager.io/private-key-algorithm: "ECDSA"
cert-manager.io/private-key-size: "384"
cert-manager.io/private-key-rotation-policy: "Always"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
labels:
app.kubernetes.io/component: ingress
app.kubernetes.io/name: nginx
app.kubernetes.io/part-of: nginx
name: nginx
spec:
rules:
- host: "domain-name.tld"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx
port:
name: http
tls:
- hosts:
- "domain-name.tld"
secretName: "certificate-tls-domain-name.tld"

35
manifests/nginx/components/ingress/kustomization.yaml Normal file
View File

@ -0,0 +1,35 @@
---
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ingress.yaml
patches:
- patch: |-
- op: replace
path: /metadata/annotations/cert-manager.io~1cluster-issuer
value: cluster
- op: replace
path: /metadata/annotations/cert-manager.io~1common-name
value: my-domain-name.tld
- op: replace
path: /spec/rules/0/host
value: my-domain-name.tld
- op: replace
path: /spec/tls/0/hosts/0
value: my-domain-name.tld
- op: replace
path: /spec/tls/0/secretName
value: certificate-tls-domain-name.tld
target:
kind: Ingress
name: nginx
version: v1

1
manifests/nginx/overlays/static-site-gitlab-built/gitlab-runner-registration-token.env Normal file
View File

@ -0,0 +1 @@
runner-registration-token=MY-GITLAB-REGISTRATION-TOKEN

47
manifests/nginx/overlays/static-site-gitlab-built/kustomization.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# namePrefix: nofusscomputing-
namespace: website
commonLabels:
app.kubernetes.io/instance: my-website
resources:
- ../../base/
components:
- ../../components/gitlab_runner/
- ../../components/ingress/
secretGenerator:
- name: gitlab-runner-token
envs:
- gitlab-runner-registration-token.env
type: Opaque
generatorOptions:
disableNameSuffixHash: true
replacements:
- source:
kind: Secret
name: gitlab-runner-token
fieldPath: metadata.name
targets:
- select:
kind: Runner
name: gitlab-runner
fieldPaths:
- spec.token