mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-11-26 06:13:49 +01:00
Merge pull request #39 from zquestz/kubernetes
Added Kubernetes configurations for GCE
This commit is contained in:
commit
711c8444bb
16
README.md
16
README.md
@ -124,6 +124,22 @@ compiled from source.
|
||||
|
||||
Keys and certificates are automatically rotated every 12 hour.
|
||||
|
||||
Kubernetes
|
||||
==========
|
||||
|
||||
Kubernetes configurations are located in the `kube` directory. Currently these assume
|
||||
a persistent disk named `dnscrypt-keys` on GCE. You will need to adjust the volumes
|
||||
definition on other platforms. Once that is setup, you can have a dnscrypt server up
|
||||
in minutes.
|
||||
|
||||
* Edit `kube/dnscrypt-init-job.yml` and change `example.com` to your desired hostname.
|
||||
* Run `kubectl create -f kube/dnscrypt-init-job.yml` to setup your keys.
|
||||
* Run `kubectl create -f kube/dnscrypt-deployment.yml` to deploy the dnscrypt server.
|
||||
* Run `kubectl create -f kube/dnscrypt-srv.yml` to expose your server to the world.
|
||||
|
||||
To get your public key just view the logs for the `dnscrypt-init` job. The public
|
||||
IP for your server is merely the `dnscrypt` service address.
|
||||
|
||||
Coming up next
|
||||
==============
|
||||
|
||||
|
33
kube/dnscrypt-deployment.yml
Normal file
33
kube/dnscrypt-deployment.yml
Normal file
@ -0,0 +1,33 @@
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: default
|
||||
labels:
|
||||
service: dnscrypt
|
||||
name: dnscrypt
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
service: dnscrypt
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
image: jedisct1/unbound-dnscrypt-server
|
||||
name: dnscrypt
|
||||
volumeMounts:
|
||||
- name: dnscrypt-keys
|
||||
mountPath: /opt/dnscrypt-wrapper/etc/keys
|
||||
command: ["/entrypoint.sh", "start"]
|
||||
resources:
|
||||
requests:
|
||||
memory: "1Gi"
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: dnscrypt-keys
|
||||
gcePersistentDisk:
|
||||
pdName: dnscrypt-keys
|
||||
fsType: ext4
|
22
kube/dnscrypt-init-job.yml
Normal file
22
kube/dnscrypt-init-job.yml
Normal file
@ -0,0 +1,22 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: dnscrypt-init
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
name: dnscrypt-init
|
||||
spec:
|
||||
containers:
|
||||
- name: dnscrypt-init
|
||||
image: jedisct1/unbound-dnscrypt-server
|
||||
command: ["/entrypoint.sh", "init", "-N", "example.com"]
|
||||
volumeMounts:
|
||||
- name: dnscrypt-keys
|
||||
mountPath: /opt/dnscrypt-wrapper/etc/keys
|
||||
restartPolicy: Never
|
||||
volumes:
|
||||
- name: dnscrypt-keys
|
||||
gcePersistentDisk:
|
||||
pdName: dnscrypt-keys
|
||||
fsType: ext4
|
12
kube/dnscrypt-srv.yml
Normal file
12
kube/dnscrypt-srv.yml
Normal file
@ -0,0 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: dnscrypt
|
||||
namespace: default
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
targetPort: 443
|
||||
selector:
|
||||
service: dnscrypt
|
||||
type: LoadBalancer
|
Loading…
Reference in New Issue
Block a user