diff --git a/cicd/k3s-flannel-loxilb-ingress/kube-loxilb.yml b/cicd/k3s-flannel-loxilb-ingress/kube-loxilb.yml index e9dd3f9f5..fbe73fcda 100644 --- a/cicd/k3s-flannel-loxilb-ingress/kube-loxilb.yml +++ b/cicd/k3s-flannel-loxilb-ingress/kube-loxilb.yml @@ -112,7 +112,7 @@ spec: command: - /bin/kube-loxilb args: - - --loxiURL=http://192.168.80.9:11111 + - --loxiURL=https://192.168.80.9:8091 - --cidrPools=defaultPool=192.168.80.9/32 #- --zone=aws #- --setBGP=64512 @@ -121,14 +121,16 @@ spec: #- --monitor #- --setLBMode=1 #- --config=/opt/loxilb/agent/kube-loxilb.conf - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" + volumeMounts: + - mountPath: /etc/ssl/certs/loxilbCA.pem + name: loxilb-cacert + subPath: loxilbCA.pem securityContext: privileged: true capabilities: add: ["NET_ADMIN", "NET_RAW"] + volumes: + - name: loxilb-cacert + configMap: + defaultMode: 420 + name: loxilb-cacert diff --git a/cicd/k3s-flannel-loxilb-ingress/loxilb.sh b/cicd/k3s-flannel-loxilb-ingress/loxilb.sh index 74e66ae9b..fc1e0eedc 100644 --- a/cicd/k3s-flannel-loxilb-ingress/loxilb.sh +++ b/cicd/k3s-flannel-loxilb-ingress/loxilb.sh @@ -6,7 +6,23 @@ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" apt-get update apt-get install -y docker-ce -docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log --net=host --name loxilb ghcr.io/loxilb-io/loxilb:latest + +mkdir cert +cd cert +wget --retry-connrefused --waitretry=1 --read-timeout=20 --timeout=15 -t 3 https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 +chmod +x mkcert-v1.4.3-linux-amd64 +mv mkcert-v1.4.3-linux-amd64 mkcert +mkdir loxilb.io +export CAROOT=`pwd`/loxilb +./mkcert -install +./mkcert 192.168.80.9 +cp loxilb/rootCA.pem ./rootCA.crt +cp loxilb/rootCA.pem /vagrant/loxilbCA.pem +mv 192.168.80.9.pem ./server.crt +mv 192.168.80.9-key.pem ./server.key +cd - + +docker run -u root --cap-add SYS_ADMIN --restart unless-stopped --privileged -dit -v /dev/log:/dev/log -v `pwd`/cert:/opt/loxilb/cert/ --net=host --name loxilb ghcr.io/loxilb-io/loxilb:latest --tls echo alias loxicmd=\"sudo docker exec -it loxilb loxicmd\" >> ~/.bashrc echo alias loxilb=\"sudo docker exec -it loxilb \" >> ~/.bashrc diff --git a/cicd/k3s-flannel-loxilb-ingress/master.sh b/cicd/k3s-flannel-loxilb-ingress/master.sh index bea1de21a..eb83ad19f 100755 --- a/cicd/k3s-flannel-loxilb-ingress/master.sh +++ b/cicd/k3s-flannel-loxilb-ingress/master.sh @@ -25,6 +25,8 @@ sudo kubectl create secret tls loxilb-ssl --cert server.crt --key server.key -n sed -i -e 's/tls.key/server.key/g' ./loxilb-secret.yml sed -i -e 's/tls.crt/server.crt/g' ./loxilb-secret.yml sed -i -e 's/kubernetes.io\/tls/Opaque/g' ./loxilb-secret.yml +cp /vagrant/loxilbCA.pem . +sudo kubectl -n kube-system create configmap loxilb-cacert --from-file=`pwd`/loxilbCA.pem sudo kubectl apply -f /vagrant/kube-loxilb.yml sudo kubectl apply -f loxilb-secret.yml sudo kubectl apply -f /vagrant/ingress/loxilb-ingress-deploy.yml