diff --git a/src/main/resources/website/nginx-configmap.yaml b/src/main/resources/website/nginx-configmap.yaml index a5fb9dd..34441a2 100644 --- a/src/main/resources/website/nginx-configmap.yaml +++ b/src/main/resources/website/nginx-configmap.yaml @@ -1,12 +1,3 @@ -# ToDo: -# Roadmap aufsetzen -# Minigoal: run nginx server, serving a simple static site -# get correct config for static website -# security -# paths to rootfolder correctly defined -# volumes correctly defined -# nginx can access volumes -# apiVersion: v1 kind: ConfigMap metadata: @@ -20,7 +11,7 @@ data: error_log /var/log/nginx/error.log; - pid logs/nginx.pid; + pid /var/log/nginx/nginx.pid; worker_rlimit_nofile 8192; @@ -28,10 +19,11 @@ data: worker_connections 4096; ## Default: 1024 } - daemon off; # run in foreground + # daemon off; # run in foreground http { - include conf/mime.types; + + include /etc/nginx/mime.types; # should be replaced by c4k default_type application/octet-stream; @@ -39,7 +31,7 @@ data: '"$request" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - access_log logs/access.log main; + access_log /var/log/nginx/access.log main; sendfile on; @@ -52,7 +44,7 @@ data: # it might be a good idea to set a common reverse proxy # which points to the ingress? - include /etc/nginx/conf.d/FQDN.conf # should be replaced by c4k + include /etc/nginx/conf.d/repo.test.meissa.de.conf; # should be replaced by c4k } mime.types: | @@ -104,14 +96,14 @@ data: video/x-ms-asf asx asf; video/x-mng mng; } - FQDN.conf: | + repo.test.meissa.de.conf: | server { listen 80 default_server; listen [::]:80 default_server; - server_name FQDN www.FQDN; + server_name repo.test.meissa.de www.repo.test.meissa.de; # security headers add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; @@ -123,11 +115,10 @@ data: # maybe need to add: # add_header Permissions-Policy "permissions here"; - root WEBSITECONTENTPATH; + root /var/www/html/repo.test.meissa.de; index index.html; try_files $uri /index.html; - } - + } \ No newline at end of file diff --git a/src/main/resources/website/nginx-deployment.yaml b/src/main/resources/website/nginx-deployment.yaml index 9ffd062..17f7c45 100644 --- a/src/main/resources/website/nginx-deployment.yaml +++ b/src/main/resources/website/nginx-deployment.yaml @@ -15,7 +15,7 @@ spec: containers: - name: nginx image: nginx:latest - imagePullPolicy: IfNotPresent + imagePullPolicy: "Always" ports: - containerPort: 80 volumeMounts: @@ -24,7 +24,7 @@ spec: name: nginx-conf - mountPath: /var/log/nginx name: log - - mountPath: /var/www/html/FQDN + - mountPath: /var/www/html/repo.test.meissa.de name: website-content-volume volumes: - name: nginx-conf @@ -32,14 +32,14 @@ spec: name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx items: - key: nginx.conf - path: conf.d/nginx.conf - - key: FQDN.conf - path: conf.d/nginx.conf + path: nginx.conf + - key: repo.test.meissa.de.conf + path: conf.d/repo.test.meissa.de.conf - key: mime.types - path: mime.d/mime.types # dig directory + path: mime.types # dig directory - name: log emptyDir: {} - name: website-content-volume persistentVolumeClaim: claimName: website-content-pvc - +--- \ No newline at end of file diff --git a/src/main/resources/website/nginx-service.yaml b/src/main/resources/website/nginx-service.yaml index 1422aea..b2e8aba 100644 --- a/src/main/resources/website/nginx-service.yaml +++ b/src/main/resources/website/nginx-service.yaml @@ -3,14 +3,10 @@ apiVersion: v1 metadata: name: nginx-service namespace: default - annotations: - metallb.universe.tf/allow-shared-ip: "shared-ip-service-group" spec: type: LoadBalancer selector: app: nginx ports: - - port: 80 - targetPort: 80 - protocol: TCP - + - name: website + port: 80 diff --git a/src/main/resources/website/testconfig.yaml b/src/main/resources/website/testconfig.yaml index 0a92778..6c38757 100644 --- a/src/main/resources/website/testconfig.yaml +++ b/src/main/resources/website/testconfig.yaml @@ -1,16 +1,52 @@ -# ToDo: -# Roadmap aufsetzen -# Minigoal: run nginx server, serving a simple static site -# get correct config for static website -# security -# paths to rootfolder correctly defined -# volumes correctly defined -# nginx can access volumes -# +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:latest + imagePullPolicy: "Always" + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /etc/nginx # mount nginx volume to /etc/nginx + readOnly: true + name: nginx-conf + - mountPath: /var/log/nginx + name: log + - mountPath: /var/www/html/repo.test.meissa.de + name: website-content-volume + volumes: + - name: nginx-conf + configMap: + name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx + items: + - key: nginx.conf + path: nginx.conf + - key: repo.test.meissa.de.conf + path: conf.d/repo.test.meissa.de.conf + - key: mime.types + path: mime.types # dig directory + - name: log + emptyDir: {} + - name: website-content-volume + persistentVolumeClaim: + claimName: website-content-pvc +--- apiVersion: v1 kind: ConfigMap metadata: - name: nginx-env + name: nginx-conf namespace: default data: nginx.conf: | @@ -20,7 +56,7 @@ data: error_log /var/log/nginx/error.log; - pid logs/nginx.pid; + pid /var/log/nginx/nginx.pid; worker_rlimit_nofile 8192; @@ -28,10 +64,11 @@ data: worker_connections 4096; ## Default: 1024 } - daemon off; # run in foreground + # daemon off; # run in foreground http { - include conf/mime.types; + + include /etc/nginx/mime.types; # should be replaced by c4k default_type application/octet-stream; @@ -39,7 +76,7 @@ data: '"$request" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - access_log logs/access.log main; + access_log /var/log/nginx/access.log main; sendfile on; @@ -52,7 +89,7 @@ data: # it might be a good idea to set a common reverse proxy # which points to the ingress? - include /etc/nginx/conf.d/repo.test.meissa.de.conf # should be replaced by c4k + include /etc/nginx/conf.d/repo.test.meissa.de.conf; # should be replaced by c4k } mime.types: | @@ -131,75 +168,6 @@ data: } --- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx -spec: - replicas: 1 - selector: - matchLabels: - app: nginx - template: - metadata: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginx:latest - ports: - - containerPort: 80 - volumeMounts: - - mountPath: /etc/nginx # mount nginx volume to /etc/nginx - readOnly: true - name: nginx-conf - - mountPath: /var/log/nginx - name: log - - mountPath: /var/www/html/repo.test.meissa.de - name: website-content-volume - volumes: - - name: nginx-conf - configMap: - name: nginx-conf # place ConfigMap `nginx-conf` on /etc/nginx - items: - - key: nginx.conf - path: conf.d/nginx.conf - - key: repo.test.meissa.de.conf - path: conf.d/repo.test.meissa.de.conf - - key: mime.types - path: mime.d/mime.types # dig directory - - name: log - emptyDir: {} - - name: website-content-volume - persistentVolumeClaim: - claimName: website-content-pvc ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: nginx-ingress - namespace: default - annotations: - ingress.kubernetes.io/ssl-redirect: "true" - traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd -spec: - tls: - - hosts: - - repo.test.meissa.de - secretName: website-cert - rules: - - host: repo.test.meissa.de - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: nginx-service - port: - number: 3000 ---- kind: Service apiVersion: v1 metadata: @@ -210,6 +178,20 @@ spec: selector: app: nginx ports: - - port: 80 - targetPort: 80 - protocol: TCP \ No newline at end of file + - name: websie + port: 80 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: website-content-pvc + namespace: default + labels: + app: nginx +spec: + storageClassName: local-path + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi \ No newline at end of file diff --git a/src/main/resources/website/datavolume.yaml b/src/main/resources/website/website-content-volume.yaml similarity index 72% rename from src/main/resources/website/datavolume.yaml rename to src/main/resources/website/website-content-volume.yaml index ba7749f..fea6297 100644 --- a/src/main/resources/website/datavolume.yaml +++ b/src/main/resources/website/website-content-volume.yaml @@ -4,12 +4,11 @@ metadata: name: website-content-pvc namespace: default labels: - app: website + app: nginx spec: storageClassName: local-path accessModes: - ReadWriteOnce resources: - requests: - storage: DATASTORAGESIZE - \ No newline at end of file + requests: + storage: DATASTORAGESIZE \ No newline at end of file