Difference between revisions of "Kubernetes LXD"

From UVOO Tech Wiki
Jump to navigation Jump to search
(Created page with "``` lxc launch ubuntu:focal adc lxc launch ubuntu:focal k0 --vm lxc config set m8s limits.cpu=8 limits.memory=16GB device override m8s root size=50GB lxc config device overri...")
 
Line 36: Line 36:
 
clear
 
clear
 
adc_nat
 
adc_nat
 +
```
 +
 +
# Gen self signed cert
 +
```
 +
lxc exec adc -- sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt -subj "/C=US/ST=Utah/L=SLC/O=Example Corp/OU=Testing/CN=example.io"
 +
```
 +
 +
adc:/etc/nginx/conf.d/health.conf
 +
```
 +
upstream kub-ingress {
 +
    least_conn;
 +
    server k0;
 +
}
 +
 +
server {
 +
    server_name  health.uvoo.io;
 +
    listen  80;
 +
    listen  [::]:80;
 +
    listen 443 ssl;
 +
    listen [::]:443 ssl;
 +
    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
 +
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
 +
 +
    location /hi {
 +
      default_type text/html;
 +
      return 200 "<!DOCTYPE html><h3>Hi!</h3>\n";
 +
    }
 +
 +
    location / {
 +
        proxy_pass  http://kub-ingress;
 +
        proxy_set_header Host $http_host;
 +
        proxy_set_header X-Real-IP $remote_addr;
 +
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +
        proxy_set_header X-Forwarded-Proto $scheme;
 +
    }
 +
    if ($scheme != "https") {
 +
        return 301 https://$host$request_uri;
 +
    }
 +
}
 
```
 
```

Revision as of 03:17, 2 February 2021

lxc launch ubuntu:focal adc

lxc launch ubuntu:focal k0 --vm
lxc config set m8s limits.cpu=8 limits.memory=16GB device override m8s root size=50GB
lxc config device override m8s root size=50GB
lxc exec k0 -- snap install microk8s

#!/usr/bin/env bash
set -e

ts=`date +%Y-%m-%d_%H-%M-%S`

clear(){
  sudo iptables-save > /tmp/iptables-save.$ts.ipt
  sudo iptables -P INPUT ACCEPT
  sudo iptables -P FORWARD ACCEPT
  sudo iptables -P OUTPUT ACCEPT
  sudo iptables -t nat -F
  sudo iptables -t mangle -F
  sudo iptables -F
  # sudo iptables -x
  sudo iptables -X -t nat
}

adc_nat(){
  adcip=$(lxc list adc -c 4 | awk '!/IPV4/{ if ( $2 != "" ) print $2}')
  ip=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
  sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -d $ip -j DNAT --to-destination $adcip:80
  sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -d $ip -j DNAT --to-destination $adcip:443
  sudo iptables -L -n -t nat
}

clear
adc_nat

Gen self signed cert

lxc exec adc -- sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt -subj "/C=US/ST=Utah/L=SLC/O=Example Corp/OU=Testing/CN=example.io"

adc:/etc/nginx/conf.d/health.conf 

upstream kub-ingress {
    least_conn;
    server k0;
}

server {
    server_name  health.uvoo.io;
    listen  80;
    listen  [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

    location /hi {
       default_type text/html;
       return 200 "<!DOCTYPE html><h3>Hi!</h3>\n";
    }

    location / {
        proxy_pass  http://kub-ingress;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
}
Retrieved from "https://tech.uvoo.io/index.php?title=Kubernetes_LXD&oldid=1172"