Merge pull request #866 from TrekkieCoder/main

loxilb-io/kube-loxilb#34 Converted ingress cicd to use kube-loxilb https loxiurl
loxilb-io · Nov 5, 2024 · 49f2955 · 49f2955
2 parents 5518f7f + b422c6d
commit 49f2955
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 9 deletions.
diff --git a/cicd/k3s-flannel-loxilb-ingress/kube-loxilb.yml b/cicd/k3s-flannel-loxilb-ingress/kube-loxilb.yml
@@ -112,7 +112,7 @@ spec:
         command:
         - /bin/kube-loxilb
         args:
-        - --loxiURL=http://192.168.80.9:11111
+        - --loxiURL=https://192.168.80.9:8091
         - --cidrPools=defaultPool=192.168.80.9/32
         #- --zone=aws
         #- --setBGP=64512
@@ -121,14 +121,16 @@ spec:
         #- --monitor
         #- --setLBMode=1
         #- --config=/opt/loxilb/agent/kube-loxilb.conf
-        resources:
-          requests:
-            cpu: "100m"
-            memory: "50Mi"
-          limits:
-            cpu: "100m"
-            memory: "50Mi"
+        volumeMounts:
+        - mountPath: /etc/ssl/certs/loxilbCA.pem
+          name: loxilb-cacert
+          subPath: loxilbCA.pem
         securityContext:
           privileged: true
           capabilities:
             add: ["NET_ADMIN", "NET_RAW"]
+      volumes:
+        - name: loxilb-cacert
+          configMap:
+            defaultMode: 420
+            name: loxilb-cacert
diff --git a/cicd/k3s-flannel-loxilb-ingress/loxilb.sh b/cicd/k3s-flannel-loxilb-ingress/loxilb.sh
@@ -6,7 +6,23 @@ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu  $(lsb_release -cs)  stable"
 apt-get update
 apt-get install -y docker-ce
-docker run -u root --cap-add SYS_ADMIN   --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --net=host --name loxilb ghcr.io/loxilb-io/loxilb:latest
+
+mkdir cert
+cd cert
+wget --retry-connrefused --waitretry=1 --read-timeout=20 --timeout=15 -t 3  https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64
+chmod +x mkcert-v1.4.3-linux-amd64
+mv mkcert-v1.4.3-linux-amd64 mkcert
+mkdir loxilb.io
+export CAROOT=`pwd`/loxilb
+./mkcert -install
+./mkcert 192.168.80.9
+cp loxilb/rootCA.pem ./rootCA.crt
+cp loxilb/rootCA.pem /vagrant/loxilbCA.pem
+mv 192.168.80.9.pem ./server.crt
+mv 192.168.80.9-key.pem ./server.key
+cd -
+
+docker run -u root --cap-add SYS_ADMIN   --restart unless-stopped --privileged -dit -v /dev/log:/dev/log -v `pwd`/cert:/opt/loxilb/cert/ --net=host --name loxilb ghcr.io/loxilb-io/loxilb:latest --tls
 echo alias loxicmd=\"sudo docker exec -it loxilb loxicmd\" >> ~/.bashrc
 echo alias loxilb=\"sudo docker exec -it loxilb \" >> ~/.bashrc
 

diff --git a/cicd/k3s-flannel-loxilb-ingress/master.sh b/cicd/k3s-flannel-loxilb-ingress/master.sh
@@ -25,6 +25,8 @@ sudo kubectl create secret tls loxilb-ssl --cert server.crt --key server.key -n
 sed -i -e 's/tls.key/server.key/g' ./loxilb-secret.yml
 sed -i -e 's/tls.crt/server.crt/g' ./loxilb-secret.yml
 sed -i -e 's/kubernetes.io\/tls/Opaque/g' ./loxilb-secret.yml
+cp /vagrant/loxilbCA.pem .
+sudo kubectl -n kube-system create configmap loxilb-cacert --from-file=`pwd`/loxilbCA.pem
 sudo kubectl apply -f /vagrant/kube-loxilb.yml
 sudo kubectl apply -f loxilb-secret.yml
 sudo kubectl apply -f /vagrant/ingress/loxilb-ingress-deploy.yml