klesh/dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[feature] support cloudflare dns challenge

Browse Source
This commit is contained in:
Klesh Wong 2021-01-14 17:10:32 +08:00
parent 30dd648dba
commit 97625f5560
4 changed files with 139 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
devel/k3s.sh
View File

@ -1,8 +1,8 @@
#!/bin/sh
if [ "$#" -lt 3 ]; then
if [ "$#" -lt 3 ] || [ "$#" -eq 4 ]; then
echo "This script will try to setup k3s on a remote server which unfortunately located in YOUR COUNTRY!"
echo " Usage: $0 <user@host> <external-ip> <email>"
echo " Usage: $0 <user@host> <external-ip> <email> [cloudflare-api-email] [cloudflare-api-key]"
exit 0
fi
@ -13,6 +13,8 @@ DIR=$(dirname "$(readlink -f "$0")")
SSH=$1
IP=$2
EMAIL=$3
CF_API_EMAIL=$4
CF_API_KEY=$5
# install ks3
ssh "$SSH" '
@ -46,10 +48,20 @@ sudo systemctl restart k3s
'
# setup https traefik
scp "$DIR"/k3s/*.yaml "$SSH:"
scp "$DIR/k3s/traefik-crd.yaml" "$SSH:"
if [ -n "$CF_API_EMAIL" ] ; then
scp "$DIR/k3s/traefik-dpy-cf.yaml" "$SSH:traefik-dpy.yaml"
else
scp "$DIR/k3s/traefik-dpy.yaml" "$SSH:traefik-dpy.yaml"
fi
ssh "$SSH" '
sudo kubectl apply -f traefik-crd.yaml
sed -i "s/EMAIL/'"$EMAIL"'/" traefik-dpy.yaml
sed -i "
s/{EMAIL}/'"$EMAIL"'/g;
s/{CF_API_EMAIL}/'"$CF_API_EMAIL"'/g;
s/{CF_API_KEY}/'"$CF_API_KEY"'/g
" traefik-dpy.yaml
sudo kubectl apply -f traefik-dpy.yaml
sudo kubectl wait --for=condition=available --timeout=600s deployment/traefik -n default
'

70
devel/k3s/traefik-dpy-cf.yaml Normal file
View File

@ -0,0 +1,70 @@
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
ports:
#- protocol: TCP
#name: web
#port: 80
#- protocol: TCP
#name: admin
#port: 8080
- protocol: TCP
name: websecure
port: 8443
type: LoadBalancer
selector:
app: traefik
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: default
name: traefik-ingress-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.3.6
args:
- --api.insecure
- --accesslog
- --entrypoints.web.Address=:80
- --entrypoints.websecure.Address=:443
- --providers.kubernetescrd
- --certificatesresolvers.myresolver.acme.dnschallenge=true
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare
- --certificatesresolvers.myresolver.acme.email={EMAIL}
- --certificatesresolvers.myresolver.acme.storage=acme.json
env:
- name: CF_API_EMAIL
value: {CF_API_EMAIL}
- name: CF_API_Key
value: {CF_API_KEY}
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
- name: admin
containerPort: 8080

2
devel/k3s/traefik-dpy.yaml
View File

@ -45,7 +45,7 @@ spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.2
image: traefik:v2.3.6
args:
- --api.insecure
- --accesslog

52
devel/k3s/whomai.yaml Normal file
View File

@ -0,0 +1,52 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: simpleingressroute
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`172.16.0.10`)
kind: Rule
services:
- name: whoami
port: 80
---
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
ports:
- protocol: TCP
name: web
port: 80
selector:
app: whoami
---
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: default
name: whoami
labels:
app: whoami
spec:
replicas: 2
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: traefik/whoami
ports:
- name: web
containerPort: 80