From e6c0474bbb2a5aa41e68e783adc6573c301b5db4 Mon Sep 17 00:00:00 2001 From: William P Date: Wed, 22 Oct 2025 22:02:07 -0400 Subject: [PATCH] netmaker stub --- netmaker/mosquitto/certs-pvc.yaml | 11 +++ netmaker/mosquitto/config.yaml | 19 +++++ netmaker/mosquitto/deployment.yaml | 70 ++++++++++++++++++ netmaker/mosquitto/ingress.yaml | 18 +++++ netmaker/mosquitto/svc.yaml | 36 ++++++++++ netmaker/statefulset.yaml | 111 +++++++++++++++++++++++++++++ netmaker/svc.yaml | 76 ++++++++++++++++++++ 7 files changed, 341 insertions(+) create mode 100644 netmaker/mosquitto/certs-pvc.yaml create mode 100644 netmaker/mosquitto/config.yaml create mode 100644 netmaker/mosquitto/deployment.yaml create mode 100644 netmaker/mosquitto/ingress.yaml create mode 100644 netmaker/mosquitto/svc.yaml create mode 100644 netmaker/statefulset.yaml create mode 100644 netmaker/svc.yaml diff --git a/netmaker/mosquitto/certs-pvc.yaml b/netmaker/mosquitto/certs-pvc.yaml new file mode 100644 index 0000000..cfb2fb3 --- /dev/null +++ b/netmaker/mosquitto/certs-pvc.yaml @@ -0,0 +1,11 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: shared-certs-pvc +spec: + storageClassName: weyma-shared + accessModes: + - ReadWriteMany + resources: + requests: + storage: 100Mi \ No newline at end of file diff --git a/netmaker/mosquitto/config.yaml b/netmaker/mosquitto/config.yaml new file mode 100644 index 0000000..923b781 --- /dev/null +++ b/netmaker/mosquitto/config.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +data: + mosquitto.conf: | + per_listener_settings false + listener 8883 + protocol websockets + allow_anonymous false + listener 1883 + protocol websockets + allow_anonymous false + plugin /usr/lib/mosquitto_dynamic_security.so + plugin_opt_config_file /mosquitto/data/dynamic-security.json +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: mosquitto + app.kubernetes.io/name: mosquitto + name: mosquitto-config + namespace: netmaker \ No newline at end of file diff --git a/netmaker/mosquitto/deployment.yaml b/netmaker/mosquitto/deployment.yaml new file mode 100644 index 0000000..994a36d --- /dev/null +++ b/netmaker/mosquitto/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mosquitto +spec: + progressDeadlineSeconds: 600 + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: mosquitto + app.kubernetes.io/name: mosquitto + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/instance: mosquitto + app.kubernetes.io/name: mosquitto + spec: + containers: + - image: eclipse-mosquitto:2.0.22-openssl + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 8883 + timeoutSeconds: 1 + name: mosquitto + ports: + - containerPort: 1883 + name: mqtt + protocol: TCP + - containerPort: 8883 + name: mqtt2 + protocol: TCP + readinessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 8883 + timeoutSeconds: 1 + resources: {} + startupProbe: + failureThreshold: 30 + periodSeconds: 5 + successThreshold: 1 + tcpSocket: + port: 8883 + timeoutSeconds: 1 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /mosquitto/config/mosquitto.conf + name: mosquitto-config + subPath: mosquitto.conf + - mountPath: /mosquitto/certs + name: shared-certs + dnsPolicy: ClusterFirst + restartPolicy: Always + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + name: mosquitto-config + name: mosquitto-config + - name: shared-certs + persistentVolumeClaim: + claimName: shared-certs-pvc \ No newline at end of file diff --git a/netmaker/mosquitto/ingress.yaml b/netmaker/mosquitto/ingress.yaml new file mode 100644 index 0000000..89fc642 --- /dev/null +++ b/netmaker/mosquitto/ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: mosquitto-ingress + labels: + app.kubernetes.io/name: mosquitto-ingress +spec: + rules: + - host: broker.netmaker-test.infra.dubyatp.xyz + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: mq + port: + number: 8883 \ No newline at end of file diff --git a/netmaker/mosquitto/svc.yaml b/netmaker/mosquitto/svc.yaml new file mode 100644 index 0000000..97f804f --- /dev/null +++ b/netmaker/mosquitto/svc.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: mq + namespace: netmaker +spec: + ports: + - name: mqtt + port: 1883 + protocol: TCP + targetPort: mqtt + - name: mqtt2 + port: 8883 + protocol: TCP + targetPort: mqtt2 + selector: + app.kubernetes.io/instance: mosquitto + app.kubernetes.io/name: mosquitto + sessionAffinity: None +--- +apiVersion: v1 +kind: Service +metadata: + name: 'netmaker-mqtt' +spec: + externalTrafficPolicy: Cluster + type: NodePort + selector: + app.kubernetes.io/instance: mosquitto + app.kubernetes.io/name: mosquitto + ports: + - port: 31883 + nodePort: 31883 + protocol: TCP + targetPort: 8883 + name: nm-mqtt \ No newline at end of file diff --git a/netmaker/statefulset.yaml b/netmaker/statefulset.yaml new file mode 100644 index 0000000..1995d7d --- /dev/null +++ b/netmaker/statefulset.yaml @@ -0,0 +1,111 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: netmaker + name: netmaker +spec: + replicas: 3 + serviceName: netmaker-headless + selector: + matchLabels: + app: netmaker + template: + metadata: + labels: + app: netmaker + spec: + initContainers: + - name: init-sysctl + image: busybox + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"] + securityContext: + privileged: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - env: + - name: NODE_ID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: SERVER_NAME + value: broker.netmaker-test.infra.dubyatp.xyz + - name: SERVER_API_CONN_STRING + value: api.netmaker-test.infra.dubyatp.xyz:443 + - name: SERVER_HTTP_HOST + value: api.netmaker-test.infra.dubyatp.xyz + - name: API_PORT + value: "8081" + - name: WG_QUICK_USERSPACE_IMPLEMENTATION + value: wireguard-go + - name: DNS_MODE + value: "off" + - name: DISPLAY_KEYS + value: "on" + - name: DATABASE + value: postgres + - name: SQL_HOST + value: "DB_NAME-postgresql" + - name: SQL_PORT + value: "5432" + - name: SQL_DB + value: "postgres" + - name: SQL_USER + value: "postgres" + - name: SQL_PASS + value: "DB_PASS" + - name: MASTER_KEY + value: REPLACE_MASTER_KEY + - name: CORS_ALLOWED_ORIGIN + value: '*' + - name: SERVER_BROKER_ENDPOINT + value: "ws://mq:1883" + - name: BROKER_ENDPOINT + value: "wss://broker.NETMAKER_BASE_DOMAIN" + - name: PLATFORM + value: "Kubernetes" + - name: VERBOSITY + value: "3" + image: gravitl/netmaker:v1.1.0 + imagePullPolicy: Always + name: netmaker + ports: + - containerPort: 8081 + protocol: TCP + - containerPort: 31821 + protocol: UDP + - containerPort: 31822 + protocol: UDP + - containerPort: 31823 + protocol: UDP + - containerPort: 31824 + protocol: UDP + - containerPort: 31825 + protocol: UDP + - containerPort: 31826 + protocol: UDP + - containerPort: 31827 + protocol: UDP + - containerPort: 31828 + protocol: UDP + - containerPort: 31829 + protocol: UDP + - containerPort: 31830 + protocol: UDP + resources: {} + securityContext: + capabilities: + add: + - NET_ADMIN + - NET_RAW + - SYS_MODULE + volumeMounts: + - mountPath: /etc/netmaker/ + name: shared-certs + volumes: + - name: shared-certs + persistentVolumeClaim: + claimName: shared-certs-pvc \ No newline at end of file diff --git a/netmaker/svc.yaml b/netmaker/svc.yaml new file mode 100644 index 0000000..97bd080 --- /dev/null +++ b/netmaker/svc.yaml @@ -0,0 +1,76 @@ +apiVersion: v1 +kind: Service +metadata: + name: 'netmaker-rest' +spec: + ports: + - name: rest + port: 8081 + protocol: TCP + targetPort: 8081 + selector: + app: 'netmaker' + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + name: 'netmaker-wireguard' +spec: + externalTrafficPolicy: Local + type: NodePort + ports: + - port: 31821 + nodePort: 31821 + protocol: UDP + targetPort: 31821 + name: wg-iface-31821 + - port: 31822 + nodePort: 31822 + protocol: UDP + targetPort: 31822 + name: wg-iface-31822 + - port: 31823 + nodePort: 31823 + protocol: UDP + targetPort: 31823 + name: wg-iface-31823 + - port: 31824 + nodePort: 31824 + protocol: UDP + targetPort: 31824 + name: wg-iface-31824 + - port: 31825 + nodePort: 31825 + protocol: UDP + targetPort: 31825 + name: wg-iface-31825 + - port: 31826 + nodePort: 31826 + protocol: UDP + targetPort: 31826 + name: wg-iface-31826 + - port: 31827 + nodePort: 31827 + protocol: UDP + targetPort: 31827 + name: wg-iface-31827 + - port: 31828 + nodePort: 31828 + protocol: UDP + targetPort: 31828 + name: wg-iface-31828 + - port: 31829 + nodePort: 31829 + protocol: UDP + targetPort: 31829 + name: wg-iface-31829 + - port: 31830 + nodePort: 31830 + protocol: UDP + targetPort: 31830 + name: wg-iface-31830 + selector: + app: 'netmaker' \ No newline at end of file