LE Tests

k8s-tests/ame-dns/acme-dns.yml

@@ -0,0 +1,194 @@
+#{
+# "infoklinika.ru": {
+#    "username":"8aeaadb6-1dcc-495a-899b-00519a76aacf",
+#    "password":"8HLvFMfIA1b6pz8FiiKPRjzZ-1rzxwpLml9S_ENt",
+#    "fulldomain":"d3747323-b9d9-4112-8db4-90b4f7bd62ed.auth.infoklinika.ru",
+#    "subdomain":"d3747323-b9d9-4112-8db4-90b4f7bd62ed",
+#    "allowfrom":[]
+# }
+#}
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: acme-cfg
+data:
+  config.cfg: |
+    [general]
+    listen = ":53"
+    protocol = "both"
+    domain = "auth.infoklinika.ru"
+    nsname = "nsauth.infoklinika.ru"
+    nsadmin = "admin.infoklinika.ru"
+    records = [
+      "nsauth.infoklinika.ru. A 95.131.180.106",
+      "auth.infoklinika.ru. NS nsauth.infoklinika.ru.",
+    ]
+    debug = true
+    [database]
+    engine = "sqlite3"
+    connection = "/var/lib/acme-dns/acme-dns.db"
+    [api]
+    api_domain = ""
+    disable_registration = false
+    #autocert_port = "80"
+    ip = ""
+    port = "80"
+    tls = "none"
+    corsorigins = [
+      "*"
+    ]
+    use_header = false
+    header_name = "X-Forwarded-For"
+    [logconfig]
+    loglevel = "debug"
+    logtype = "stdout"
+    logformat = "text"
+
+---
+
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: acme-db
+  labels:
+    purpose: acme-db
+spec:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 100Mi
+  local:
+    path: /dev/shared-iscsi/acme-dns
+    fsType: xfs
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/os
+          operator: In
+          values:
+            - linux
+  persistentVolumeReclaimPolicy: Delete
+  storageClassName: local-storage
+  volumeMode: Filesystem
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: acme-db
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Mi
+  selector:
+    matchLabels:
+      purpose: acme-db
+  storageClassName: local-storage
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: acme-dns
+spec:
+  selector:
+    matchLabels:
+      app: acme-dns
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: acme-dns
+    spec:
+      containers:
+      - name: acme-dns
+        image: joohoi/acme-dns:latest
+        ports:
+        - containerPort: 80
+        - containerPort: 53
+        - containerPort: 53
+          protocol: UDP
+        volumeMounts:
+          - mountPath: /etc/acme-dns
+            name: acme-cfg
+          - mountPath: /var/lib/acme-dns
+            name: acme-db
+      volumes:
+        - name: acme-cfg
+          configMap:
+            name: acme-cfg
+        - name: acme-db
+          persistentVolumeClaim:
+            claimName: acme-db
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: acme-http
+spec:
+  ports:
+  - port: 80
+  selector:
+    app: acme-dns
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: acme-dns
+  annotations:
+    metallb.universe.tf/allow-shared-ip: nginx-ingress
+spec:
+  ports:
+  - name: dns-tcp
+    port: 53
+  selector:
+    app: acme-dns
+  type: LoadBalancer
+  loadBalancerIP: 192.168.201.130
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: acme-dns-udp
+  annotations:
+    metallb.universe.tf/allow-shared-ip: nginx-ingress
+spec:
+  ports:
+  - name: dns-udp
+    port: 53
+    protocol: UDP
+  selector:
+    app: acme-dns
+  type: LoadBalancer
+  loadBalancerIP: 192.168.201.130
+
+---
+
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: nginx-ingress
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+spec:
+  rules:
+  - host: nsauth.infoklinika.ru
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: acme-http
+          servicePort: 80
+

k8s-tests/ame-dns/acmecred.json

@@ -0,0 +1,9 @@
+{
+ "infoklinika.ru": { 
+    "username":"8aeaadb6-1dcc-495a-899b-00519a76aacf",
+    "password":"8HLvFMfIA1b6pz8FiiKPRjzZ-1rzxwpLml9S_ENt",
+    "fulldomain":"d3747323-b9d9-4112-8db4-90b4f7bd62ed.auth.infoklinika.ru",
+    "subdomain":"d3747323-b9d9-4112-8db4-90b4f7bd62ed",
+    "allowfrom":[]
+ }
+}

k8s-tests/ame-dns/cert.yml

@@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: wildcard-infoklinika
+spec:
+  secretName: wildcard-infoklinika-tls
+  issuerRef:
+    name: acme-issuer
+  dnsNames:
+  - '*.infoklinika.ru'
+  - infoklinika.ru

k8s-tests/ame-dns/issuer.yml

@@ -0,0 +1,21 @@
+#kubectl create secret generic acme-dns --from-file ./acmecred.json
+
+apiVersion: cert-manager.io/v1alpha2
+kind: Issuer
+metadata:
+  name: acme-issuer
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: admin@sdsys.ru
+    privateKeySecretRef:
+      name: acme-account
+    solvers:
+    - selector: {}
+      dns01:
+        acmedns:
+          host: http://nsauth.infoklinika.ru
+          accountSecretRef:
+            name: acme-dns
+            key: acmecred.json

k8s-tests/ame-dns/nginx.yml

@@ -0,0 +1,73 @@
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-acme
+data:
+  index.html: |
+    ACME-DNS
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.19.0
+        ports:
+        - containerPort: 80
+        volumeMounts:
+          - mountPath: /usr/share/nginx/html
+            name: homepage
+      volumes:
+        - name: homepage
+          configMap:
+            name: nginx-acme
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-svc
+spec:
+  ports:
+  - port: 80
+  selector:
+    app: nginx
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: nginx-ingress
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+#    cert-manager.io/issuer: "letest-issuer"
+spec:
+  tls:
+  - hosts:
+    - "*.infoklinika.ru"
+    secretName: wildcard-infoklinika-tls
+  rules:
+  - host: "*.infoklinika.ru"
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: nginx-svc
+          servicePort: 80
+

k8s-tests/http01/cert.yml

@@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: letest-infoclinica-ru-cert
+spec:
+  secretName: letest-infoclinica-ru-tls
+  issuerRef:
+    name: letest-issuer
+  commonName: letest.infoclinica.ru
+  dnsNames:
+  - letest.infoclinica.ru

k8s-tests/http01/issuer.yml

@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: Issuer
+metadata:
+  name: letest-issuer
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: admin@sdsys.ru
+    privateKeySecretRef:
+      name: letest-account
+    solvers:
+    - selector: {}
+      http01:
+        ingress:
+          class: nginx

k8s-tests/http01/nginx.yml

@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.19.0
+        ports:
+        - containerPort: 80
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-svc
+spec:
+  ports:
+  - port: 80
+  selector:
+    app: nginx
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: nginx-ingress
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    cert-manager.io/issuer: "letest-issuer"
+spec:
+  tls:
+  - hosts:
+    - letest.infoclinica.ru
+    secretName: letest-tls
+  rules:
+  - host: letest.infoclinica.ru
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: nginx-svc
+          servicePort: 80
+