mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-11-26 10:23:48 +01:00
Merge pull request #39 from zquestz/kubernetes
Added Kubernetes configurations for GCE
This commit is contained in:
commit
711c8444bb
16
README.md
16
README.md
@ -124,6 +124,22 @@ compiled from source.
|
|||||||
|
|
||||||
Keys and certificates are automatically rotated every 12 hour.
|
Keys and certificates are automatically rotated every 12 hour.
|
||||||
|
|
||||||
|
Kubernetes
|
||||||
|
==========
|
||||||
|
|
||||||
|
Kubernetes configurations are located in the `kube` directory. Currently these assume
|
||||||
|
a persistent disk named `dnscrypt-keys` on GCE. You will need to adjust the volumes
|
||||||
|
definition on other platforms. Once that is setup, you can have a dnscrypt server up
|
||||||
|
in minutes.
|
||||||
|
|
||||||
|
* Edit `kube/dnscrypt-init-job.yml` and change `example.com` to your desired hostname.
|
||||||
|
* Run `kubectl create -f kube/dnscrypt-init-job.yml` to setup your keys.
|
||||||
|
* Run `kubectl create -f kube/dnscrypt-deployment.yml` to deploy the dnscrypt server.
|
||||||
|
* Run `kubectl create -f kube/dnscrypt-srv.yml` to expose your server to the world.
|
||||||
|
|
||||||
|
To get your public key just view the logs for the `dnscrypt-init` job. The public
|
||||||
|
IP for your server is merely the `dnscrypt` service address.
|
||||||
|
|
||||||
Coming up next
|
Coming up next
|
||||||
==============
|
==============
|
||||||
|
|
||||||
|
33
kube/dnscrypt-deployment.yml
Normal file
33
kube/dnscrypt-deployment.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
apiVersion: extensions/v1beta1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
namespace: default
|
||||||
|
labels:
|
||||||
|
service: dnscrypt
|
||||||
|
name: dnscrypt
|
||||||
|
spec:
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
replicas: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
service: dnscrypt
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- env:
|
||||||
|
image: jedisct1/unbound-dnscrypt-server
|
||||||
|
name: dnscrypt
|
||||||
|
volumeMounts:
|
||||||
|
- name: dnscrypt-keys
|
||||||
|
mountPath: /opt/dnscrypt-wrapper/etc/keys
|
||||||
|
command: ["/entrypoint.sh", "start"]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: "1Gi"
|
||||||
|
restartPolicy: Always
|
||||||
|
volumes:
|
||||||
|
- name: dnscrypt-keys
|
||||||
|
gcePersistentDisk:
|
||||||
|
pdName: dnscrypt-keys
|
||||||
|
fsType: ext4
|
22
kube/dnscrypt-init-job.yml
Normal file
22
kube/dnscrypt-init-job.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: dnscrypt-init
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: dnscrypt-init
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: dnscrypt-init
|
||||||
|
image: jedisct1/unbound-dnscrypt-server
|
||||||
|
command: ["/entrypoint.sh", "init", "-N", "example.com"]
|
||||||
|
volumeMounts:
|
||||||
|
- name: dnscrypt-keys
|
||||||
|
mountPath: /opt/dnscrypt-wrapper/etc/keys
|
||||||
|
restartPolicy: Never
|
||||||
|
volumes:
|
||||||
|
- name: dnscrypt-keys
|
||||||
|
gcePersistentDisk:
|
||||||
|
pdName: dnscrypt-keys
|
||||||
|
fsType: ext4
|
12
kube/dnscrypt-srv.yml
Normal file
12
kube/dnscrypt-srv.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: dnscrypt
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 443
|
||||||
|
targetPort: 443
|
||||||
|
selector:
|
||||||
|
service: dnscrypt
|
||||||
|
type: LoadBalancer
|
Loading…
Reference in New Issue
Block a user