[feature] support cloudflare dns challenge
This commit is contained in:
Klesh Wong
parent
30dd648dba
commit
97625f5560
20
devel/k3s.sh
20
devel/k3s.sh
|
|
@ -1,8 +1,8 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if [ "$#" -lt 3 ]; then
|
if [ "$#" -lt 3 ] || [ "$#" -eq 4 ]; then
|
||||||
echo "This script will try to setup k3s on a remote server which unfortunately located in YOUR COUNTRY!"
|
echo "This script will try to setup k3s on a remote server which unfortunately located in YOUR COUNTRY!"
|
||||||
echo " Usage: $0 <user@host> <external-ip> <email>"
|
echo " Usage: $0 <user@host> <external-ip> <email> [cloudflare-api-email] [cloudflare-api-key]"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -13,6 +13,8 @@ DIR=$(dirname "$(readlink -f "$0")")
|
||||||
SSH=$1
|
SSH=$1
|
||||||
IP=$2
|
IP=$2
|
||||||
EMAIL=$3
|
EMAIL=$3
|
||||||
|
CF_API_EMAIL=$4
|
||||||
|
CF_API_KEY=$5
|
||||||
|
|
||||||
# install ks3
|
# install ks3
|
||||||
ssh "$SSH" '
|
ssh "$SSH" '
|
||||||
|
|
@ -46,10 +48,20 @@ sudo systemctl restart k3s
|
||||||
'
|
'
|
||||||
|
|
||||||
# setup https traefik
|
# setup https traefik
|
||||||
scp "$DIR"/k3s/*.yaml "$SSH:"
|
scp "$DIR/k3s/traefik-crd.yaml" "$SSH:"
|
||||||
|
if [ -n "$CF_API_EMAIL" ] ; then
|
||||||
|
scp "$DIR/k3s/traefik-dpy-cf.yaml" "$SSH:traefik-dpy.yaml"
|
||||||
|
else
|
||||||
|
scp "$DIR/k3s/traefik-dpy.yaml" "$SSH:traefik-dpy.yaml"
|
||||||
|
fi
|
||||||
|
|
||||||
ssh "$SSH" '
|
ssh "$SSH" '
|
||||||
sudo kubectl apply -f traefik-crd.yaml
|
sudo kubectl apply -f traefik-crd.yaml
|
||||||
sed -i "s/EMAIL/'"$EMAIL"'/" traefik-dpy.yaml
|
sed -i "
|
||||||
|
s/{EMAIL}/'"$EMAIL"'/g;
|
||||||
|
s/{CF_API_EMAIL}/'"$CF_API_EMAIL"'/g;
|
||||||
|
s/{CF_API_KEY}/'"$CF_API_KEY"'/g
|
||||||
|
" traefik-dpy.yaml
|
||||||
sudo kubectl apply -f traefik-dpy.yaml
|
sudo kubectl apply -f traefik-dpy.yaml
|
||||||
sudo kubectl wait --for=condition=available --timeout=600s deployment/traefik -n default
|
sudo kubectl wait --for=condition=available --timeout=600s deployment/traefik -n default
|
||||||
'
|
'
|
||||||
|
|
|
||||||
70
devel/k3s/traefik-dpy-cf.yaml
Normal file
70
devel/k3s/traefik-dpy-cf.yaml
Normal file
|
|
@ -0,0 +1,70 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: traefik
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
#- protocol: TCP
|
||||||
|
#name: web
|
||||||
|
#port: 80
|
||||||
|
#- protocol: TCP
|
||||||
|
#name: admin
|
||||||
|
#port: 8080
|
||||||
|
- protocol: TCP
|
||||||
|
name: websecure
|
||||||
|
port: 8443
|
||||||
|
type: LoadBalancer
|
||||||
|
selector:
|
||||||
|
app: traefik
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
namespace: default
|
||||||
|
name: traefik-ingress-controller
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
namespace: default
|
||||||
|
name: traefik
|
||||||
|
labels:
|
||||||
|
app: traefik
|
||||||
|
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: traefik
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: traefik
|
||||||
|
spec:
|
||||||
|
serviceAccountName: traefik-ingress-controller
|
||||||
|
containers:
|
||||||
|
- name: traefik
|
||||||
|
image: traefik:v2.3.6
|
||||||
|
args:
|
||||||
|
- --api.insecure
|
||||||
|
- --accesslog
|
||||||
|
- --entrypoints.web.Address=:80
|
||||||
|
- --entrypoints.websecure.Address=:443
|
||||||
|
- --providers.kubernetescrd
|
||||||
|
- --certificatesresolvers.myresolver.acme.dnschallenge=true
|
||||||
|
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare
|
||||||
|
- --certificatesresolvers.myresolver.acme.email={EMAIL}
|
||||||
|
- --certificatesresolvers.myresolver.acme.storage=acme.json
|
||||||
|
env:
|
||||||
|
- name: CF_API_EMAIL
|
||||||
|
value: {CF_API_EMAIL}
|
||||||
|
- name: CF_API_Key
|
||||||
|
value: {CF_API_KEY}
|
||||||
|
ports:
|
||||||
|
- name: web
|
||||||
|
containerPort: 80
|
||||||
|
- name: websecure
|
||||||
|
containerPort: 443
|
||||||
|
- name: admin
|
||||||
|
containerPort: 8080
|
||||||
|
|
@ -45,7 +45,7 @@ spec:
|
||||||
serviceAccountName: traefik-ingress-controller
|
serviceAccountName: traefik-ingress-controller
|
||||||
containers:
|
containers:
|
||||||
- name: traefik
|
- name: traefik
|
||||||
image: traefik:v2.2
|
image: traefik:v2.3.6
|
||||||
args:
|
args:
|
||||||
- --api.insecure
|
- --api.insecure
|
||||||
- --accesslog
|
- --accesslog
|
||||||
|
|
|
||||||
52
devel/k3s/whomai.yaml
Normal file
52
devel/k3s/whomai.yaml
Normal file
|
|
@ -0,0 +1,52 @@
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: simpleingressroute
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- web
|
||||||
|
routes:
|
||||||
|
- match: Host(`172.16.0.10`)
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
- name: whoami
|
||||||
|
port: 80
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: whoami
|
||||||
|
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
name: web
|
||||||
|
port: 80
|
||||||
|
selector:
|
||||||
|
app: whoami
|
||||||
|
---
|
||||||
|
kind: Deployment
|
||||||
|
apiVersion: apps/v1
|
||||||
|
metadata:
|
||||||
|
namespace: default
|
||||||
|
name: whoami
|
||||||
|
labels:
|
||||||
|
app: whoami
|
||||||
|
|
||||||
|
spec:
|
||||||
|
replicas: 2
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: whoami
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: whoami
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: whoami
|
||||||
|
image: traefik/whoami
|
||||||
|
ports:
|
||||||
|
- name: web
|
||||||
|
containerPort: 80
|
||||||
Loading…
Reference in New Issue
Block a user