infrastructure/core-apps
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

netmaker: add API and UI

Browse Source
This commit is contained in:
William P
2025-10-23 19:38:35 -04:00
parent 8c878150d9
commit 65d8ddebb1
10 changed files with 178 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
netmaker/ingress.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: netmaker-api-ingress
spec:
rules:
- host: api.netmaker-test.infra.dubyatp.xyz
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: netmaker-rest
port:
number: 8081

23
netmaker/mosquitto/config.yaml
View File

@@ -8,8 +8,27 @@ data:
listener 1883 listener 1883
protocol websockets protocol websockets
allow_anonymous false allow_anonymous false
plugin /usr/lib/mosquitto_dynamic_security.so password_file /mosquitto/temp/password.txt
plugin_opt_config_file /mosquitto/data/dynamic-security.json wait.sh: |
#!/bin/ash
encrypt_password() {
echo "${MQ_USERNAME}:${MQ_PASSWORD}" > /mosquitto/temp/password.txt
mosquitto_passwd -U /mosquitto/temp/password.txt
chmod 0700 /mosquitto/temp/password.txt
}
main(){
encrypt_password
echo "Starting MQ..."
# Run the main container command.
/docker-entrypoint.sh
/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf
}
main "${@}"
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels: labels:

17
netmaker/mosquitto/deployment.yaml
View File

@@ -20,6 +20,7 @@ spec:
containers: containers:
- image: eclipse-mosquitto:2.0.22-openssl - image: eclipse-mosquitto:2.0.22-openssl
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/mosquitto/config/wait.sh"]
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
periodSeconds: 10 periodSeconds: 10
@@ -28,6 +29,14 @@ spec:
port: 8883 port: 8883
timeoutSeconds: 1 timeoutSeconds: 1
name: mosquitto name: mosquitto
env:
- name: MQ_USERNAME
value: netmaker
- name: MQ_PASSWORD
valueFrom:
secretKeyRef:
key: mq_password
name: netmaker-secrets
ports: ports:
- containerPort: 1883 - containerPort: 1883
name: mqtt name: mqtt
@@ -53,18 +62,22 @@ spec:
terminationMessagePath: /dev/termination-log terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File terminationMessagePolicy: File
volumeMounts: volumeMounts:
- mountPath: /mosquitto/config/mosquitto.conf - mountPath: /mosquitto/config
name: mosquitto-config name: mosquitto-config
subPath: mosquitto.conf
- mountPath: /mosquitto/certs - mountPath: /mosquitto/certs
name: shared-certs name: shared-certs
- mountPath: /mosquitto/temp
name: mosquitto-temp
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
restartPolicy: Always restartPolicy: Always
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
volumes: volumes:
- configMap: - configMap:
name: mosquitto-config name: mosquitto-config
defaultMode: 0755
name: mosquitto-config name: mosquitto-config
- name: mosquitto-temp
emptyDir:
- name: shared-certs - name: shared-certs
persistentVolumeClaim: persistentVolumeClaim:
claimName: shared-certs-pvc claimName: shared-certs-pvc

21
netmaker/postgres-auth.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: postgres-pw
spec:
data:
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: cloudnativepg
metadataPolicy: None
property: netmaker_pw
secretKey: password
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: weyma-vault
target:
creationPolicy: Owner
deletionPolicy: Retain
name: postgres-pw

35
netmaker/secrets.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: netmaker-secrets
spec:
data:
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: netmaker
metadataPolicy: None
property: master_key
secretKey: master_key
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: netmaker
metadataPolicy: None
property: mq_password
secretKey: mq_password
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: netmaker
metadataPolicy: None
property: turn_password
secretKey: turn_password
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: weyma-vault
target:
creationPolicy: Owner
deletionPolicy: Retain
name: netmaker-secrets

26
netmaker/statefulset.yaml
View File

@@ -48,23 +48,36 @@ spec:
- name: DATABASE - name: DATABASE
value: postgres value: postgres
- name: SQL_HOST - name: SQL_HOST
value: "DB_NAME-postgresql" value: "weyma-pgsql-rw.cloudnativepg.svc.cluster.local"
- name: SQL_PORT - name: SQL_PORT
value: "5432" value: "5432"
- name: SQL_DB - name: SQL_DB
value: "postgres" value: "netmaker"
- name: SQL_USER - name: SQL_USER
value: "postgres" value: "netmaker"
- name: SQL_PASS - name: SQL_PASS
value: "DB_PASS" valueFrom:
secretKeyRef:
key: password
name: postgres-pw
- name: MASTER_KEY - name: MASTER_KEY
value: REPLACE_MASTER_KEY valueFrom:
secretKeyRef:
key: master_key
name: netmaker-secrets
- name: MQ_USERNAME
value: netmaker
- name: MQ_PASSWORD
valueFrom:
secretKeyRef:
key: mq_password
name: netmaker-secrets
- name: CORS_ALLOWED_ORIGIN - name: CORS_ALLOWED_ORIGIN
value: '*' value: '*'
- name: SERVER_BROKER_ENDPOINT - name: SERVER_BROKER_ENDPOINT
value: "ws://mq:1883" value: "ws://mq:1883"
- name: BROKER_ENDPOINT - name: BROKER_ENDPOINT
value: "wss://broker.NETMAKER_BASE_DOMAIN" value: "wss://broker.netmaker-test.infra.dubyatp.xyz"
- name: PLATFORM - name: PLATFORM
value: "Kubernetes" value: "Kubernetes"
- name: VERBOSITY - name: VERBOSITY
@@ -101,7 +114,6 @@ spec:
add: add:
- NET_ADMIN - NET_ADMIN
- NET_RAW - NET_RAW
- SYS_MODULE
volumeMounts: volumeMounts:
- mountPath: /etc/netmaker/ - mountPath: /etc/netmaker/
name: shared-certs name: shared-certs

62
netmaker/svc.yaml
View File

@@ -12,65 +12,3 @@ spec:
app: 'netmaker' app: 'netmaker'
sessionAffinity: None sessionAffinity: None
type: ClusterIP type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
name: 'netmaker-wireguard'
spec:
externalTrafficPolicy: Local
type: NodePort
ports:
- port: 31821
nodePort: 31821
protocol: UDP
targetPort: 31821
name: wg-iface-31821
- port: 31822
nodePort: 31822
protocol: UDP
targetPort: 31822
name: wg-iface-31822
- port: 31823
nodePort: 31823
protocol: UDP
targetPort: 31823
name: wg-iface-31823
- port: 31824
nodePort: 31824
protocol: UDP
targetPort: 31824
name: wg-iface-31824
- port: 31825
nodePort: 31825
protocol: UDP
targetPort: 31825
name: wg-iface-31825
- port: 31826
nodePort: 31826
protocol: UDP
targetPort: 31826
name: wg-iface-31826
- port: 31827
nodePort: 31827
protocol: UDP
targetPort: 31827
name: wg-iface-31827
- port: 31828
nodePort: 31828
protocol: UDP
targetPort: 31828
name: wg-iface-31828
- port: 31829
nodePort: 31829
protocol: UDP
targetPort: 31829
name: wg-iface-31829
- port: 31830
nodePort: 31830
protocol: UDP
targetPort: 31830
name: wg-iface-31830
selector:
app: 'netmaker'

21
netmaker/ui/deployment.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: netmaker-ui
spec:
replicas: 2
selector:
matchLabels:
app: netmaker-ui
template:
metadata:
labels:
app: netmaker-ui
spec:
containers:
- name: netmaker-ui
image: gravitl/netmaker-ui:v1.1.0
env:
- name: BACKEND_URL
value: 'https://api.netmaker-test.infra.dubyatp.xyz'
terminationGracePeriodSeconds: 15

16
netmaker/ui/ingress.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: netmaker-ui-ingress
spec:
rules:
- host: dashboard.netmaker-test.infra.dubyatp.xyz
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: netmaker-ui
port:
number: 80

13
netmaker/ui/svc.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: 'netmaker-ui'
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: 'netmaker-ui'
sessionAffinity: None
type: 'ClusterIP'