infrastructure/core-apps
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

netmaker stub

Browse Source
This commit is contained in:
William P
2025-10-22 22:02:07 -04:00
parent 604323e615
commit e6c0474bbb
7 changed files with 341 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
netmaker/mosquitto/certs-pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: shared-certs-pvc
spec:
storageClassName: weyma-shared
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi

19
netmaker/mosquitto/config.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
data:
mosquitto.conf: |
per_listener_settings false
listener 8883
protocol websockets
allow_anonymous false
listener 1883
protocol websockets
allow_anonymous false
plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/data/dynamic-security.json
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: mosquitto
app.kubernetes.io/name: mosquitto
name: mosquitto-config
namespace: netmaker

70
netmaker/mosquitto/deployment.yaml Normal file
View File

@@ -0,0 +1,70 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mosquitto
spec:
progressDeadlineSeconds: 600
replicas: 1
selector:
matchLabels:
app.kubernetes.io/instance: mosquitto
app.kubernetes.io/name: mosquitto
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/instance: mosquitto
app.kubernetes.io/name: mosquitto
spec:
containers:
- image: eclipse-mosquitto:2.0.22-openssl
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 8883
timeoutSeconds: 1
name: mosquitto
ports:
- containerPort: 1883
name: mqtt
protocol: TCP
- containerPort: 8883
name: mqtt2
protocol: TCP
readinessProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 8883
timeoutSeconds: 1
resources: {}
startupProbe:
failureThreshold: 30
periodSeconds: 5
successThreshold: 1
tcpSocket:
port: 8883
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /mosquitto/config/mosquitto.conf
name: mosquitto-config
subPath: mosquitto.conf
- mountPath: /mosquitto/certs
name: shared-certs
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 30
volumes:
- configMap:
name: mosquitto-config
name: mosquitto-config
- name: shared-certs
persistentVolumeClaim:
claimName: shared-certs-pvc

18
netmaker/mosquitto/ingress.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: mosquitto-ingress
labels:
app.kubernetes.io/name: mosquitto-ingress
spec:
rules:
- host: broker.netmaker-test.infra.dubyatp.xyz
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: mq
port:
number: 8883

36
netmaker/mosquitto/svc.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: v1
kind: Service
metadata:
name: mq
namespace: netmaker
spec:
ports:
- name: mqtt
port: 1883
protocol: TCP
targetPort: mqtt
- name: mqtt2
port: 8883
protocol: TCP
targetPort: mqtt2
selector:
app.kubernetes.io/instance: mosquitto
app.kubernetes.io/name: mosquitto
sessionAffinity: None
---
apiVersion: v1
kind: Service
metadata:
name: 'netmaker-mqtt'
spec:
externalTrafficPolicy: Cluster
type: NodePort
selector:
app.kubernetes.io/instance: mosquitto
app.kubernetes.io/name: mosquitto
ports:
- port: 31883
nodePort: 31883
protocol: TCP
targetPort: 8883
name: nm-mqtt

111
netmaker/statefulset.yaml Normal file
View File

@@ -0,0 +1,111 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: netmaker
name: netmaker
spec:
replicas: 3
serviceName: netmaker-headless
selector:
matchLabels:
app: netmaker
template:
metadata:
labels:
app: netmaker
spec:
initContainers:
- name: init-sysctl
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ["sysctl -w net.ipv4.ip_forward=1 && sysctl -w net.ipv4.conf.all.src_valid_mark=1 && sysctl -w net.ipv6.conf.all.disable_ipv6=0 && sysctl -w net.ipv6.conf.all.forwarding=1"]
securityContext:
privileged: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- env:
- name: NODE_ID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: SERVER_NAME
value: broker.netmaker-test.infra.dubyatp.xyz
- name: SERVER_API_CONN_STRING
value: api.netmaker-test.infra.dubyatp.xyz:443
- name: SERVER_HTTP_HOST
value: api.netmaker-test.infra.dubyatp.xyz
- name: API_PORT
value: "8081"
- name: WG_QUICK_USERSPACE_IMPLEMENTATION
value: wireguard-go
- name: DNS_MODE
value: "off"
- name: DISPLAY_KEYS
value: "on"
- name: DATABASE
value: postgres
- name: SQL_HOST
value: "DB_NAME-postgresql"
- name: SQL_PORT
value: "5432"
- name: SQL_DB
value: "postgres"
- name: SQL_USER
value: "postgres"
- name: SQL_PASS
value: "DB_PASS"
- name: MASTER_KEY
value: REPLACE_MASTER_KEY
- name: CORS_ALLOWED_ORIGIN
value: '*'
- name: SERVER_BROKER_ENDPOINT
value: "ws://mq:1883"
- name: BROKER_ENDPOINT
value: "wss://broker.NETMAKER_BASE_DOMAIN"
- name: PLATFORM
value: "Kubernetes"
- name: VERBOSITY
value: "3"
image: gravitl/netmaker:v1.1.0
imagePullPolicy: Always
name: netmaker
ports:
- containerPort: 8081
protocol: TCP
- containerPort: 31821
protocol: UDP
- containerPort: 31822
protocol: UDP
- containerPort: 31823
protocol: UDP
- containerPort: 31824
protocol: UDP
- containerPort: 31825
protocol: UDP
- containerPort: 31826
protocol: UDP
- containerPort: 31827
protocol: UDP
- containerPort: 31828
protocol: UDP
- containerPort: 31829
protocol: UDP
- containerPort: 31830
protocol: UDP
resources: {}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_MODULE
volumeMounts:
- mountPath: /etc/netmaker/
name: shared-certs
volumes:
- name: shared-certs
persistentVolumeClaim:
claimName: shared-certs-pvc

76
netmaker/svc.yaml Normal file
View File

@@ -0,0 +1,76 @@
apiVersion: v1
kind: Service
metadata:
name: 'netmaker-rest'
spec:
ports:
- name: rest
port: 8081
protocol: TCP
targetPort: 8081
selector:
app: 'netmaker'
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
name: 'netmaker-wireguard'
spec:
externalTrafficPolicy: Local
type: NodePort
ports:
- port: 31821
nodePort: 31821
protocol: UDP
targetPort: 31821
name: wg-iface-31821
- port: 31822
nodePort: 31822
protocol: UDP
targetPort: 31822
name: wg-iface-31822
- port: 31823
nodePort: 31823
protocol: UDP
targetPort: 31823
name: wg-iface-31823
- port: 31824
nodePort: 31824
protocol: UDP
targetPort: 31824
name: wg-iface-31824
- port: 31825
nodePort: 31825
protocol: UDP
targetPort: 31825
name: wg-iface-31825
- port: 31826
nodePort: 31826
protocol: UDP
targetPort: 31826
name: wg-iface-31826
- port: 31827
nodePort: 31827
protocol: UDP
targetPort: 31827
name: wg-iface-31827
- port: 31828
nodePort: 31828
protocol: UDP
targetPort: 31828
name: wg-iface-31828
- port: 31829
nodePort: 31829
protocol: UDP
targetPort: 31829
name: wg-iface-31829
- port: 31830
nodePort: 31830
protocol: UDP
targetPort: 31830
name: wg-iface-31830
selector:
app: 'netmaker'