netmaker: add API and UI

2025-10-23 19:38:35 -04:00
parent 8c878150d9
commit 65d8ddebb1
10 changed files with 178 additions and 74 deletions
--- a/netmaker/ingress.yaml
+++ b/netmaker/ingress.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netmaker-api-ingress
+spec:
+  rules:
+  - host: api.netmaker-test.infra.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: netmaker-rest
+            port: 
+              number: 8081
--- a/netmaker/mosquitto/config.yaml
+++ b/netmaker/mosquitto/config.yaml
@@ -8,8 +8,27 @@ data:
    listener 1883
    protocol websockets
    allow_anonymous false
-    plugin /usr/lib/mosquitto_dynamic_security.so
-    plugin_opt_config_file /mosquitto/data/dynamic-security.json
+    password_file /mosquitto/temp/password.txt
+  wait.sh: |
+    #!/bin/ash
+
+    encrypt_password() {
+      echo "${MQ_USERNAME}:${MQ_PASSWORD}" > /mosquitto/temp/password.txt
+      mosquitto_passwd -U /mosquitto/temp/password.txt
+      chmod 0700 /mosquitto/temp/password.txt
+    }
+
+    main(){
+
+     encrypt_password
+     echo "Starting MQ..."
+     # Run the main container command.
+     /docker-entrypoint.sh
+     /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf
+
+    }
+
+    main "${@}"
 kind: ConfigMap
 metadata:
  labels:
--- a/netmaker/mosquitto/deployment.yaml
+++ b/netmaker/mosquitto/deployment.yaml
@@ -20,6 +20,7 @@ spec:
      containers:
      - image: eclipse-mosquitto:2.0.22-openssl
        imagePullPolicy: IfNotPresent
+        command: ["/mosquitto/config/wait.sh"]
        livenessProbe:
          failureThreshold: 3
          periodSeconds: 10
@@ -28,6 +29,14 @@ spec:
            port: 8883
          timeoutSeconds: 1
        name: mosquitto
+        env:
+          - name: MQ_USERNAME
+            value: netmaker
+          - name: MQ_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: mq_password
+                name: netmaker-secrets
        ports:
        - containerPort: 1883        
          name: mqtt
@@ -53,18 +62,22 @@ spec:
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
-        - mountPath: /mosquitto/config/mosquitto.conf
+        - mountPath: /mosquitto/config
          name: mosquitto-config
-          subPath: mosquitto.conf
        - mountPath: /mosquitto/certs
          name: shared-certs
+        - mountPath: /mosquitto/temp
+          name: mosquitto-temp
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      volumes:
      - configMap:
          name: mosquitto-config
+          defaultMode: 0755
        name: mosquitto-config
+      - name: mosquitto-temp
+        emptyDir:
      - name: shared-certs
        persistentVolumeClaim:
          claimName: shared-certs-pvc
--- a/netmaker/postgres-auth.yaml
+++ b/netmaker/postgres-auth.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: postgres-pw
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: cloudnativepg
+      metadataPolicy: None
+      property: netmaker_pw
+    secretKey: password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: postgres-pw
--- a/netmaker/secrets.yaml
+++ b/netmaker/secrets.yaml
@@ -0,0 +1,35 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: netmaker-secrets
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: netmaker
+      metadataPolicy: None
+      property: master_key
+    secretKey: master_key
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: netmaker
+      metadataPolicy: None
+      property: mq_password
+    secretKey: mq_password
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: netmaker
+      metadataPolicy: None
+      property: turn_password
+    secretKey: turn_password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: netmaker-secrets
--- a/netmaker/statefulset.yaml
+++ b/netmaker/statefulset.yaml
@@ -48,23 +48,36 @@ spec:
        - name: DATABASE
          value: postgres
        - name: SQL_HOST
-          value: "DB_NAME-postgresql" 
+          value: "weyma-pgsql-rw.cloudnativepg.svc.cluster.local" 
        - name: SQL_PORT
          value: "5432"
        - name: SQL_DB
-          value: "postgres"
+          value: "netmaker"
        - name: SQL_USER
-          value: "postgres"
+          value: "netmaker"
        - name: SQL_PASS
-          value: "DB_PASS"
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: postgres-pw
        - name: MASTER_KEY
-          value: REPLACE_MASTER_KEY
+          valueFrom:
+            secretKeyRef:
+              key: master_key
+              name: netmaker-secrets
+        - name: MQ_USERNAME
+          value: netmaker
+        - name: MQ_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: mq_password
+              name: netmaker-secrets
        - name: CORS_ALLOWED_ORIGIN
          value: '*'
        - name: SERVER_BROKER_ENDPOINT
          value: "ws://mq:1883"
        - name: BROKER_ENDPOINT
-          value: "wss://broker.NETMAKER_BASE_DOMAIN"
+          value: "wss://broker.netmaker-test.infra.dubyatp.xyz"
        - name: PLATFORM
          value: "Kubernetes"
        - name: VERBOSITY
@@ -101,7 +114,6 @@ spec:
            add:
            - NET_ADMIN
            - NET_RAW
-            - SYS_MODULE
        volumeMounts:
        - mountPath: /etc/netmaker/
          name: shared-certs
--- a/netmaker/svc.yaml
+++ b/netmaker/svc.yaml
@@ -11,66 +11,4 @@ spec:
  selector:
    app: 'netmaker'
  sessionAffinity: None
-  type: ClusterIP
---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: 'netmaker-wireguard'
-spec:
-  externalTrafficPolicy: Local
-  type: NodePort
-  ports:
-  - port: 31821
-    nodePort: 31821
-    protocol: UDP
-    targetPort: 31821
-    name: wg-iface-31821
-  - port: 31822
-    nodePort: 31822
-    protocol: UDP
-    targetPort: 31822
-    name: wg-iface-31822
-  - port: 31823
-    nodePort: 31823
-    protocol: UDP
-    targetPort: 31823
-    name: wg-iface-31823
-  - port: 31824
-    nodePort: 31824
-    protocol: UDP
-    targetPort: 31824
-    name: wg-iface-31824
-  - port: 31825
-    nodePort: 31825
-    protocol: UDP
-    targetPort: 31825
-    name: wg-iface-31825
-  - port: 31826
-    nodePort: 31826
-    protocol: UDP
-    targetPort: 31826
-    name: wg-iface-31826
-  - port: 31827
-    nodePort: 31827
-    protocol: UDP
-    targetPort: 31827
-    name: wg-iface-31827
-  - port: 31828
-    nodePort: 31828
-    protocol: UDP
-    targetPort: 31828
-    name: wg-iface-31828
-  - port: 31829
-    nodePort: 31829
-    protocol: UDP
-    targetPort: 31829
-    name: wg-iface-31829
-  - port: 31830
-    nodePort: 31830
-    protocol: UDP
-    targetPort: 31830
-    name: wg-iface-31830
-  selector:
-    app: 'netmaker'
+  type: ClusterIP
--- a/netmaker/ui/deployment.yaml
+++ b/netmaker/ui/deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-ui
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: netmaker-ui
+  template:
+    metadata:
+      labels:
+        app: netmaker-ui
+    spec:
+      containers:
+      - name: netmaker-ui
+        image: gravitl/netmaker-ui:v1.1.0
+        env:
+        - name: BACKEND_URL
+          value: 'https://api.netmaker-test.infra.dubyatp.xyz'
+      terminationGracePeriodSeconds: 15
--- a/netmaker/ui/ingress.yaml
+++ b/netmaker/ui/ingress.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netmaker-ui-ingress
+spec:
+  rules:
+  - host: dashboard.netmaker-test.infra.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: netmaker-ui
+            port: 
+              number: 80
--- a/netmaker/ui/svc.yaml
+++ b/netmaker/ui/svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: 'netmaker-ui'
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: 'netmaker-ui'
+  sessionAffinity: None
+  type: 'ClusterIP'