Examples

Deployment examples

Create Namespace namespace.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: cloudresource-io

Create Env env.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-env
  namespace: cloudresource-io
data:
  TZ: Europe/Riga

Create Nginx config map nginx.conf.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-conf
  namespace: cloudresource-io
data:
  nginx.conf: |-
    user  nginx;
    worker_processes  auto;

    pid        /var/run/nginx.pid;

    events {
        worker_connections  1024;
    }

    http {
        include       /etc/nginx/mime.types;
        default_type  application/octet-stream;

        map "$time_iso8601:xOx:$msec" $time_iso8601_ms { ~(^\S+)([+\-]\S+):xOx:\d+\.(\d+)$ $1.$3$2; }
        log_format logstash '[$time_iso8601_ms] $remote_addr $host $upstream_addr "$request" $status $upstream_status $upstream_cache_status $request_time $upstream_response_time $request_length $bytes_sent $body_bytes_sent $connection_requests $scheme $ssl_protocol $ssl_cipher "$http_referer" "$http_user_agent" $remote_port "nginx-pod" "$HOSTNAME"';
        access_log /var/log/nginx/access.log logstash;
        error_log /var/log/nginx/error.log notice;

        sendfile        on;
        #tcp_nopush     on;

        keepalive_timeout  65;

        #gzip  on;
        # Gzip Settings
        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 6;
        gzip_buffers 32 16k;
        gzip_http_version 1.1;
        gzip_min_length 250;
        gzip_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
        
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

        include /etc/nginx/conf.d/*.conf;

        #Cloudflare ip addresses

        # - IPv4
        set_real_ip_from 173.245.48.0/20;
        set_real_ip_from 103.21.244.0/22;
        set_real_ip_from 103.22.200.0/22;
        set_real_ip_from 103.31.4.0/22;
        set_real_ip_from 141.101.64.0/18;
        set_real_ip_from 108.162.192.0/18;
        set_real_ip_from 190.93.240.0/20;
        set_real_ip_from 188.114.96.0/20;
        set_real_ip_from 197.234.240.0/22;
        set_real_ip_from 198.41.128.0/17;
        set_real_ip_from 162.158.0.0/15;
        set_real_ip_from 104.16.0.0/13;
        set_real_ip_from 104.24.0.0/14;
        set_real_ip_from 172.64.0.0/13;
        set_real_ip_from 131.0.72.0/22;

        # - IPv6
        set_real_ip_from 2400:cb00::/32;
        set_real_ip_from 2606:4700::/32;
        set_real_ip_from 2803:f800::/32;
        set_real_ip_from 2405:b500::/32;
        set_real_ip_from 2405:8100::/32;
        set_real_ip_from 2a06:98c0::/29;
        set_real_ip_from 2c0f:f248::/32;

        real_ip_header CF-Connecting-IP;

    }

Create Nginx config map virtual host nginx-cloudresource-conf.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: cloudresource-conf
  namespace: cloudresource-io
data:
  default.conf: |-
    server {
        listen 80;
        server_name cloudresource.io;

        location / {
            root /usr/share/nginx/html;
            index index.html index.htm;
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;
        }
    }

Create CEPH Persistent Volume Claim pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cephfs-pvc
  namespace: cloudresource-io
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
  storageClassName: rook-cephfs

Create Nginx Deployment

kind: Deployment
apiVersion: apps/v1
metadata:
  name: nginx-app
  namespace: cloudresource-io
  labels:
    app: nginx-app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-app
  template:
    metadata:
      labels:
        app: nginx-app
    spec:
      containers:
      - name: nginx
        image: "nginx:1.22.1"
        envFrom:
          - configMapRef:
              name: nginx-env
        resources:
          limits:
            cpu: "1"
            memory: 1Gi
        volumeMounts:
        - name: mypvc
          mountPath: /usr/share/nginx/html
        - name: nginx-conf
          mountPath: /etc/nginx/nginx.conf
          subPath: nginx.conf
          readOnly: true
        - name: cloudresource-conf
          mountPath: /etc/nginx/conf.d/default.conf
          subPath: default.conf
          readOnly: true
      volumes:
      - name: mypvc
        persistentVolumeClaim:
          claimName: cephfs-pvc
          readOnly: false
      - name: nginx-conf
        configMap:
          name: nginx-conf
          items:
            - key: nginx.conf
              path: nginx.conf
      - name: cloudresource-conf
        configMap:
          name: cloudresource-conf
          items:
            - key: default.conf
              path: default.conf

Create App service

apiVersion: v1
kind: Service
metadata:
  name: nginx-app
  namespace: cloudresource-io
spec:
  selector:
    app: nginx-app
  ports:
  - name: http
    targetPort: 80
    port: 80

Create Ingress for App service cloudresource-io

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cloudresource-ingress
  namespace: cloudresource-io
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  rules:
  - host: cloudresource.io
    http:
      paths:
      - backend:
          service:
            name: nginx-app
            port:
              number: 80
        path: /
        pathType: Prefix