Difference between revisions of "Kubernetes LXD"
Jump to navigation
Jump to search
| Line 36: | Line 36: | ||
clear | clear | ||
adc_nat | adc_nat | ||
| + | sudo restart snap # Will cause downtime but refreshes lxd iptables | ||
``` | ``` | ||
| Line 79: | Line 80: | ||
Use letsencrypt | Use letsencrypt | ||
``` | ``` | ||
| + | curl -k -H "Host: health.uvoo.io" https://$adcip # Make sure site is up (this can take several minutes on reboot | ||
sudo apt install -y certbot python3-certbot-nginx | sudo apt install -y certbot python3-certbot-nginx | ||
| − | sudo certbot --nginx -d health.uvoo.io | + | sudo certbot --no-redirect --nginx -d health.uvoo.io |
``` | ``` | ||
Revision as of 03:31, 2 February 2021
lxc launch ubuntu:focal adc lxc launch ubuntu:focal k0 --vm lxc config set m8s limits.cpu=8 limits.memory=16GB device override m8s root size=50GB lxc config device override m8s root size=50GB lxc exec k0 -- snap install microk8s
#!/usr/bin/env bash
set -e
ts=`date +%Y-%m-%d_%H-%M-%S`
clear(){
sudo iptables-save > /tmp/iptables-save.$ts.ipt
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -F
# sudo iptables -x
sudo iptables -X -t nat
}
adc_nat(){
adcip=$(lxc list adc -c 4 | awk '!/IPV4/{ if ( $2 != "" ) print $2}')
ip=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p')
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -d $ip -j DNAT --to-destination $adcip:80
sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -d $ip -j DNAT --to-destination $adcip:443
sudo iptables -L -n -t nat
}
clear
adc_nat
sudo restart snap # Will cause downtime but refreshes lxd iptables
Gen self signed cert
lxc exec adc -- sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt -subj "/C=US/ST=Utah/L=SLC/O=Example Corp/OU=Testing/CN=example.io"
adc:/etc/nginx/conf.d/health.conf
upstream kub-ingress {
least_conn;
server k0;
}
server {
server_name health.uvoo.io;
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location /hi {
default_type text/html;
return 200 "<!DOCTYPE html><h3>Hi!</h3>\n";
}
location / {
proxy_pass http://kub-ingress;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
Use letsencrypt
curl -k -H "Host: health.uvoo.io" https://$adcip # Make sure site is up (this can take several minutes on reboot sudo apt install -y certbot python3-certbot-nginx sudo certbot --no-redirect --nginx -d health.uvoo.io