add nbit website pod

2022-12-06 16:55:09 +00:00 · 2022-12-06 16:55:09 +00:00 · a4b1548d80
parent 1f8106cb44
commit a4b1548d80
3 changed files with 63 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -46,6 +46,7 @@ enable EPEL Repo:
 edit /etc/fail2ban/jail.local:
 enabled = true  => below [sshd]

+# systemctl enable fail2ban
 # systemctl restart fail2ban

 command to check who is banned:
@ -244,4 +245,16 @@ containers$ systemctl --user start container-traefik.service
 containers$ escaped=$(systemd-escape ~/onyx_pods/traefik/traefik.yaml)
 containers$ systemctl --user start podman-kube@$escaped.service
 containers$ systemctl --user enable podman-kube@$escaped.service
+
+
+Hack until Podman supports network in Play YAML:
+
+[containers@onyx default.target.wants]$ pwd
+/home/containers/.config/systemd/user/default.target.wants
+[containers@onyx default.target.wants]$ ls -l
+total 0
+lrwxrwxrwx. 1 containers containers 42 Dec  5 19:16 podman-kube@-home-containers-onyx_pods-nbit_websites-nbit_websites.yaml.service -> /usr/lib/systemd/user/podman-kube@.service
+lrwxrwxrwx. 1 containers containers 42 Dec  3 16:06 podman-kube@-home-containers-onyx_pods-traefik-traefik.yaml.service -> /usr/lib/systemd/user/podman-kube@.service
+
+
 ```
--- a/nbit_websites/nbit_websites.yaml
+++ b/nbit_websites/nbit_websites.yaml
@ -0,0 +1,41 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options:/data/nbit-website/document_root: z
+    io.kubernetes.cri-o.TTY/nbit_websites: "false"
+    io.podman.annotations.autoremove/nbit_websites: "FALSE"
+    io.podman.annotations.init/nbit_websites: "FALSE"
+    io.podman.annotations.label/nbit_websites: type:container_runtime_t
+    io.podman.annotations.privileged/nbit_websites: "FALSE"
+    io.podman.annotations.publish-all/nbit_websites: "FALSE"
+  labels:
+    app: nbit_websites-pod
+    traefik.enable: true
+    traefik.http.services.nbitwebsite.loadbalancer.server.port: 80
+    traefik.http.routers.nbitwebsite.rule: "Host(`linux-freelancer.ch`,`www.linux-freelancer.ch`)"
+    traefik.http.routers.nbitwebsite.entrypoints: websecure
+    traefik.http.routers.nbitwebsite.tls.certresolver: myresolver
+    traefik.http.routers.nbitwebsite.tls.domains[0].main: www.linux-freelancer.ch
+    traefik.http.routers.nbitwebsite.tls.domains[0].sans: linux-freelancer.ch
+  name: nbit_websites-pod
+spec:
+  containers:
+  - image: docker.io/library/nginx:latest
+    name: nginx
+    securityContext:
+      capabilities:
+        drop:
+        - CAP_MKNOD
+        - CAP_AUDIT_WRITE
+      seLinuxOptions:
+        type: container_runtime_t
+    volumeMounts:
+    - mountPath: /usr/share/nginx/html
+      name: data-nbit-website-host-0
+  volumes:
+  - hostPath:
+      path: /data/nbit-website/document_root
+      type: Directory
+    name: data-nbit-website-host-0
--- a/traefik/traefik.yaml
+++ b/traefik/traefik.yaml
@ -17,7 +17,6 @@ metadata:
    app: traefik-pod
  name: traefik-pod
 spec:
-  hostNetwork: true
  containers:
  - args:
    - --entrypoints.web.address=:80
@ -32,8 +31,17 @@ spec:
    - --providers.file.directory=/configuration/
    - --providers.file.watch=true
    - --accesslog=true
+    #- --api.dashboard=true
+    #- --api.insecure=true
    image: docker.io/library/traefik:latest
    name: traefik
+    ports:
+    - containerPort: 80
+      hostPort: 80
+    - containerPort: 443
+      hostPort: 443
+    #- containerPort: 8080
+    #  hostPort: 8080
    securityContext:
      capabilities:
        drop: