Compare commits
4 commits
Author | SHA1 | Date | |
---|---|---|---|
2e3bcfac2d | |||
fd31ce7eed | |||
f22d7423e8 | |||
3bcf42e94a |
3 changed files with 66 additions and 0 deletions
30
generate_kubeconfig.sh
Normal file
30
generate_kubeconfig.sh
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Erstellt ein Token
|
||||||
|
TOKEN=$(kubectl -n kube-system create token haproxy-sa)
|
||||||
|
|
||||||
|
# Get Cluster Info
|
||||||
|
CLUSTER_NAME=$(kubectl config view -o jsonpath='{.clusters[0].name}')
|
||||||
|
CLUSTER_SERVER=$(kubectl config view -o jsonpath="{.clusters[0].cluster.server}")
|
||||||
|
CA_DATA=$(kubectl config view --raw -o jsonpath="{.clusters[0].cluster.certificate-authority-data}")
|
||||||
|
|
||||||
|
# Erstelle kubeconfig
|
||||||
|
cat <<EOF > haproxy-kubeconfig.yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Config
|
||||||
|
clusters:
|
||||||
|
- cluster:
|
||||||
|
certificate-authority-data: ${CA_DATA}
|
||||||
|
server: ${CLUSTER_SERVER}
|
||||||
|
name: ${CLUSTER_NAME}
|
||||||
|
contexts:
|
||||||
|
- context:
|
||||||
|
cluster: ${CLUSTER_NAME}
|
||||||
|
user: haproxy-sa
|
||||||
|
name: haproxy-context
|
||||||
|
current-context: haproxy-context
|
||||||
|
users:
|
||||||
|
- name: haproxy-sa
|
||||||
|
user:
|
||||||
|
token: ${TOKEN}
|
||||||
|
EOF
|
9
haproxy-ingress-configmap.yaml
Normal file
9
haproxy-ingress-configmap.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: haproxy-config
|
||||||
|
namespace: kube-system
|
||||||
|
data:
|
||||||
|
ssl-redirect: "true"
|
||||||
|
timeout-http-request: "5s"
|
||||||
|
use-forwarded-headers: "true"
|
27
haproxy-ingress-rbac.yaml
Normal file
27
haproxy-ingress-rbac.yaml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: gateway
|
||||||
|
namespace: kube-system
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: gateway
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["endpoints", "services", "namespaces", "nodes"]
|
||||||
|
verbs: ["get", "list", "watch"]
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: gateway
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: gateway
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: gateway
|
||||||
|
namespace: kube-system
|
Loading…
Add table
Reference in a new issue