flywithu/community-catalog
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
Daniel Yu 2017-08-08 16:37:45 +08:00
commit fe30dc841e
21 changed files with 1351 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
templates/gitlab-multi-runner/1/docker-compose.yml.tpl Normal file
View File

@ -0,0 +1,47 @@
version: '2'
services:
gitlab-runner-config:
image: gitlab/gitlab-runner:alpine-v9.4.1
stdin_open: true
volumes:
- /etc/gitlab-runner/
tty: true
command:
- register
- -n
- --url
- ${GITLAB_URL}
- --registration-token
- ${GITLAB_TOKEN}
- --tag-list
- ${GITLAB_TAGS}
- --executor
- docker
- --description
- Rancher Docker Runner
- --docker-image
- docker:latest
- --docker-volumes
- /var/run/docker.sock:/var/run/docker.sock
- --docker-privileged
labels:
io.rancher.container.start_once: 'true'
gitlab-runner:
image: gitlab/gitlab-runner:alpine-v9.4.1
stdin_open: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
tty: true
volumes_from:
- gitlab-runner-config
command:
- run
labels:
io.rancher.sidekicks: gitlab-runner-config
io.rancher.scheduler.global: 'true'
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}

45
templates/gitlab-multi-runner/1/rancher-compose.yml Normal file
View File

@ -0,0 +1,45 @@
version: '2'
catalog:
name: "gitlab-multi-runner"
version: "9.4.1"
description: "a Gitlab pipelines multi-runner, that will spawn privates runners in your infra."
minimum_rancher_version: v1.5.0
# maximum_rancher_version:
# upgrade_from: # The previous versions that this template can be upgraded from
questions:
- variable: "GITLAB_URL"
label: "Gitlab Url"
description: "Url to your Gitlab CI endpoint"
type: "string"
default: "https://gitlab.com/ci"
required: true
- variable: "GITLAB_TOKEN"
label: "Gitlab Token"
description: "Token provided in you project settings"
type: "string"
default: "xxxxxxxxxxxxxxxxxxxx"
required: true
- variable: "GITLAB_TAGS"
label: "Gitlab Tags"
description: "Tags to apply"
type: "string"
default: "dev"
required: false
- variable: "host_label"
label: "Host with Label to deploy gitlab-runner on"
description: |
Host label to use as gitlab-runner 'value' tag.
Example: 'gitlab-runner=true'
type: "string"
default: ""
required: false
services:
gitlab-runner-config:
start_on_create: true
gitlab-runner:
start_on_create: true

2
templates/gitlab-multi-runner/config.yml
View File

@ -1,5 +1,5 @@
name: gitlab-multi-runner name: gitlab-multi-runner
description: | description: |
a Gitlab pipelines multi-runner, that will spawn privates runners in your infra. a Gitlab pipelines multi-runner, that will spawn privates runners in your infra.
version: 9.3.0 version: 9.4.1
category: Continuous Integration category: Continuous Integration

9
templates/gitlab/1/README.md Normal file
View File

@ -0,0 +1,9 @@
# GitLab CE
GitLab CE is a free alternative to GitHub
Stack based on official GitLab version: latest
https://hub.docker.com/r/gitlab/gitlab-ce/

26
templates/gitlab/1/docker-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: '2'
volumes:
gitlab-app-data:
driver: ${volumedriver}
gitlab-log-data:
driver: ${volumedriver}
gitlab-conf-files:
driver: ${volumedriver}
services:
gitlab-server:
ports:
- ${ssh_port}:22/tcp
- ${http_port}:80/tcp
- ${https_port}:443/tcp
labels:
io.rancher.container.hostname_override: container_name
image: gitlab/gitlab-ce:9.4.2-ce.0
volumes:
- gitlab-app-data:/var/opt/gitlab
- gitlab-log-data:/var/log/gitlab
- gitlab-conf-files:/etc/gitlab
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url '${gitlab_omnipus_prefix}${gitlab_hostname}'
registry_external_url '${gitlab_omnipus_prefix}${registry_gitlab_hostname}'

69
templates/gitlab/1/rancher-compose.yml Normal file
View File

@ -0,0 +1,69 @@
.catalog:
name: Gitlab Community
version: 9.4.2-ce.0
description: |
Gitlab CE is a free GitHub alternative
minimum_rancher_version: v0.56.0
maintainer: "Alexis Ducastel <alexis@ducastel.net>"
uuid: gitlab-0
questions:
- variable: "gitlab_hostname"
description: "Gitlab hostname (without uri scheme http:// or https://)"
label: "Hostname:"
required: true
default: "git.example.com"
type: "string"
- variable: "registry_gitlab_hostname"
description: "Registry Gitlab hostname (without uri scheme http:// or https://)"
label: "Registry hostname:"
required: true
default: "registry.example.com"
type: "string"
- variable: "gitlab_omnipus_prefix"
label: "Gitlab external_url prefix:"
description: |
This is needed for the docker-compose file to set the correct external_url
default: 'http://'
required: true
type: "enum"
options:
- 'http://'
- 'https://'
- variable: "http_port"
description: "HTTP port to expose on host. Will be used to bind TCP"
label: "HTTP port:"
required: true
default: 80
type: "int"
- variable: "https_port"
description: "HTTPS port to expose on host. Will be used to bind TCP"
label: "HTTPS port:"
required: true
default: 443
type: "int"
- variable: "ssh_port"
description: "SSH port to expose on host. Will be used to bind TCP"
label: "SSH port:"
required: true
default: 22
type: "int"
- variable: "volumedriver"
description: "Choose the Volume Driver being used.(Option: local or rancher-nfs)"
label: "Volume Driver:"
required: true
default: local
type: "enum"
options:
- local
- rancher-nfs
gitlab-server:
scale: 1
retain_ip: true
health_check:
port: 80
interval: 30000
unhealthy_threshold: 3
strategy: recreate
response_timeout: 2000
healthy_threshold: 2

2
templates/gitlab/config.yml
View File

@ -1,5 +1,5 @@
name: Gitlab Community name: Gitlab Community
description: | description: |
Gitlab CE is a free GitHub alternative Gitlab CE is a free GitHub alternative
version: 9.3.3-ce.0 version: 9.4.2-ce.0
category: Versioning category: Versioning

50
templates/keepalived/0/README.md Executable file
View File

@ -0,0 +1,50 @@
# Keepalived
This catalog recipe enables unicast VRRP based failover for one or more floating IP Addresses. It's intended deployment is for use on a pair edge or ingress nodes where forward-facing load-balancers or other like services will be scheduled.
### Form Fields
* **Update Host Sysctl** - If `true` automatically sets the needed sysctl setting on the host.
* **Host Label Name** - Host label key name used to schedule keepalived master and backup instances.
* **Master Label** - The value of the keepalived host Label to signify the master instance.
* **Backup Label** - The value of the keepalived host Label to signify the backup instance.
* **Interface Name** - The host interface that keepalived will monitor and use for VRRP traffic.
* **Virtual Router ID** - A unique number from 0 to 255 that should identify the VRRP group.
* **Master IP** - The IP on the master host that the keepalived daemon should bind to.
* **Backup IP** - The IP on the backup host that the keepalived daemon should bind to.
* **Virtual IP** - Virtual IP to be created. Must be in ip notation: `<ipaddress>/<mask> dev <interface>`
### Requirements
The host must have the sysctl setting `net.ipv4.ip_nonlocal_bind=1` configured.
### Usage
This service is intended to be deployed to edge nodes with a `master` and `backup` deployed respectively. One or more Virtual IPs may then be bound to hosts. These hosts should have an additional label used for load-balancer scheduling e.g. `ingress=true`
#### Adding an HA Load Balancer Service
**Ensure your edge hosts have an additional host label before proceeding**
1. From the Stack menu add a new `Load Balancer`.
2. Set `Scale` to be `Always run one instance of this container on every host`.
3. Add an appropriate `Name` and `Description`.
4. In the `Port Rules` section, click `Show host IP address options.` This enables the Host IP Field.
5. Update the `Port Rules` with the `Host IP` field set to your `Virtual IP` as defined in the keepalived config. Configure the rest of the fields as needed for your application.
6. Click on the `Scheduling` tab and click on `Add Scheduling Rule`.
7. Create a rule where "The host `must` have a `host label` of `<edge node host label>` = `<edge node host label value>`.
8. Click Create.
#### Adding additional Virtual IPs to the keepalived Service
1. From the Stack menu expand the `keepalived` service.
2. Select upgrade on the `keepalived-backup` service.
3. Add a new Environment Variable called `KEEPALIVED_VIRTUAL_IPADDRESS_<number>`. Where `<number>` should be a unique value from 0-999. e.g. `KEEPALIVED_VIRTUAL_IPADDRESS_2`.
4. Set the value to be a **QUOTED STRING** with an additional virtual IP following the standard ip format of `<ipaddress>/<mask> dev <interface>`. e.g. `10.255.33.102/24 dev eth0`.
5. Press `Upgrade`.
6. Repeat the same steps for the `keepalived-master` service.
### Troubleshooting
For further help see the main [arc-ts/keepalived git repo](https://github.com/arc-ts/keepalived)

56
templates/keepalived/0/docker-compose.yml.tpl Executable file
View File

@ -0,0 +1,56 @@
version: '2'
services:
keepalived-master:
restart: always
image: arcts/keepalived:1.1.0
network_mode: host
cap_add:
- NET_ADMIN
environment:
KEEPALIVED_AUTOCONF: true
KEEPALIVED_STATE: MASTER
KEEPALIVED_INTERFACE: ${interface}
KEEPALIVED_VIRTUAL_ROUTER_ID: ${router_id}
KEEPALIVED_UNICAST_SRC_IP: ${master_ip}
KEEPALIVED_UNICAST_PEER_0: ${backup_ip}
KEEPALIVED_TRACK_INTERFACE_1: ${interface}
KEEPALIVED_VIRTUAL_IPADDRESS_1: "\"${virtual_ip}\""
labels:
io.rancher.scheduler.affinity:host_label: ${host_label}=${master_label}
{{- if eq .Values.update_sysctl "true" }}
io.rancher.sidekicks: keepalived-sysctl
{{- end}}
keepalived-backup:
restart: always
image: arcts/keepalived:1.1.0
network_mode: host
cap_add:
- NET_ADMIN
environment:
KEEPALIVED_AUTOCONF: true
KEEPALIVED_STATE: BACKUP
KEEPALIVED_INTERFACE: ${interface}
KEEPALIVED_VIRTUAL_ROUTER_ID: ${router_id}
KEEPALIVED_UNICAST_SRC_IP: ${backup_ip}
KEEPALIVED_UNICAST_PEER_0: ${master_ip}
KEEPALIVED_TRACK_INTERFACE_1: ${interface}
KEEPALIVED_VIRTUAL_IPADDRESS_1: "\"${virtual_ip}\""
labels:
io.rancher.scheduler.affinity:host_label: ${host_label}=${backup_label}
{{- if eq .Values.update_sysctl "true" }}
io.rancher.sidekicks: keepalived-sysctl
{{- end}}
{{- if eq .Values.update_sysctl "true" }}
keepalived-sysctl:
image: rawmind/alpine-sysctl:0.1-1
network_mode: none
privileged: true
environment:
SYSCTL_KEY: net.ipv4.ip_nonlocal_bind
SYSCTL_VALUE: 1
labels:
io.rancher.container.start_once: true
{{- end}}

63
templates/keepalived/0/rancher-compose.yml Executable file
View File

@ -0,0 +1,63 @@
.catalog:
name: "keepalived"
version: v1.0.1
description: "Keepalived VRRP based HA service."
minimum_rancher_version: v0.46.0
uuid: keepalived-1
questions:
- variable: "update_sysctl"
description: |
Set true to update sysctl.
WARN: If set to true, sysctl key net.ipv4.ip_nonlocal_bind will be set to 1.
label: "Update Host Sysctl:"
type: "enum"
default: "false"
options:
- "true"
- "false"
required: true
- variable: "host_label"
description: "Host label key name used to schedule keepalived master and backup instances."
label: "Host Label Name:"
type: "string"
default: "vrrp_role"
required: true
- variable: "master_label"
description: "The value of the keepalived host Label to signify the master instance."
label: "Master Label:"
type: "string"
default: "master"
required: true
- variable: "backup_label"
description: "The value of the keepalived host Label to signify the backup instance."
label: "Backup Label:"
type: "string"
default: "backup"
required: true
- variable: "interface"
description: "The name of the host interface."
label: "Interface Name:"
type: "string"
default: "eth0"
required: true
- variable: "router_id"
description: "The virtual Router ID to assign to the VRRP Pair."
label: "Virtual Router ID:"
type: "int"
default: "2"
required: true
- variable: "master_ip"
description: "Host IP of master node"
label: "Master IP:"
type: "string"
required: true
- variable: "backup_ip"
description: "Host IP of backup node"
label: "Backup IP:"
type: "string"
required: true
- variable: "virtual_ip"
description: "Virtual IP to be created. MUST be in ip notation: <IPADDRESS>/<MASK> dev <INTERFACE>"
label: "Virtual IP:"
type: "string"
required: true

293
templates/keepalived/catalogIcon-keepalived.svg Normal file
View File

@ -0,0 +1,293 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="96"
height="96"
id="svg6517"
version="1.1"
inkscape:version="0.91 r13725"
sodipodi:docname="icon.svg"
viewBox="0 0 96 96">
<defs
id="defs6519">
<linearGradient
id="Background">
<stop
id="stop4178"
offset="0"
style="stop-color:#b8b8b8;stop-opacity:1" />
<stop
id="stop4180"
offset="1"
style="stop-color:#c9c9c9;stop-opacity:1" />
</linearGradient>
<filter
style="color-interpolation-filters:sRGB;"
inkscape:label="Inner Shadow"
id="filter1121">
<feFlood
flood-opacity="0.59999999999999998"
flood-color="rgb(0,0,0)"
result="flood"
id="feFlood1123" />
<feComposite
in="flood"
in2="SourceGraphic"
operator="out"
result="composite1"
id="feComposite1125" />
<feGaussianBlur
in="composite1"
stdDeviation="1"
result="blur"
id="feGaussianBlur1127" />
<feOffset
dx="0"
dy="2"
result="offset"
id="feOffset1129" />
<feComposite
in="offset"
in2="SourceGraphic"
operator="atop"
result="composite2"
id="feComposite1131" />
</filter>
<filter
style="color-interpolation-filters:sRGB;"
inkscape:label="Drop Shadow"
id="filter950">
<feFlood
flood-opacity="0.25"
flood-color="rgb(0,0,0)"
result="flood"
id="feFlood952" />
<feComposite
in="flood"
in2="SourceGraphic"
operator="in"
result="composite1"
id="feComposite954" />
<feGaussianBlur
in="composite1"
stdDeviation="1"
result="blur"
id="feGaussianBlur956" />
<feOffset
dx="0"
dy="1"
result="offset"
id="feOffset958" />
<feComposite
in="SourceGraphic"
in2="offset"
operator="over"
result="composite2"
id="feComposite960" />
<feBlend
blend="normal"
id="feBlend3895"
in2="composite2" />
</filter>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath873">
<g
transform="matrix(0,-0.66666667,0.66604479,0,-258.25992,677.00001)"
id="g875"
inkscape:label="Layer 1"
style="fill:#ff00ff;fill-opacity:1;stroke:none;display:inline">
<path
style="fill:#ff00ff;fill-opacity:1;stroke:none;display:inline"
d="m 46.702703,898.22775 50.594594,0 C 138.16216,898.22775 144,904.06497 144,944.92583 l 0,50.73846 c 0,40.86071 -5.83784,46.69791 -46.702703,46.69791 l -50.594594,0 C 5.8378378,1042.3622 0,1036.525 0,995.66429 L 0,944.92583 C 0,904.06497 5.8378378,898.22775 46.702703,898.22775 Z"
id="path877"
inkscape:connector-curvature="0"
sodipodi:nodetypes="sssssssss" />
</g>
</clipPath>
<filter
inkscape:collect="always"
id="filter891"
inkscape:label="Badge Shadow">
<feGaussianBlur
inkscape:collect="always"
stdDeviation="0.71999962"
id="feGaussianBlur893" />
</filter>
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="8.1490724"
inkscape:cx="49.021381"
inkscape:cy="46.975739"
inkscape:document-units="px"
inkscape:current-layer="layer3"
showgrid="true"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0"
inkscape:window-width="1920"
inkscape:window-height="1056"
inkscape:window-x="0"
inkscape:window-y="24"
inkscape:window-maximized="1"
showborder="true"
showguides="true"
inkscape:guide-bbox="true"
inkscape:showpageshadow="false">
<inkscape:grid
type="xygrid"
id="grid821" />
<sodipodi:guide
orientation="1,0"
position="16,48"
id="guide823" />
<sodipodi:guide
orientation="0,1"
position="64,80"
id="guide825" />
<sodipodi:guide
orientation="1,0"
position="80,40"
id="guide827" />
<sodipodi:guide
orientation="0,1"
position="64,16"
id="guide829" />
</sodipodi:namedview>
<metadata
id="metadata6522">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="BACKGROUND"
inkscape:groupmode="layer"
id="layer1"
transform="translate(268,-635.29076)"
style="display:inline">
<path
style="fill:#333333;fill-opacity:0.93333334000000001;stroke:none;display:inline;filter:url(#filter1121);opacity:0.7"
d="m -268,700.15563 0,-33.72973 c 0,-27.24324 3.88785,-31.13513 31.10302,-31.13513 l 33.79408,0 c 27.21507,0 31.1029,3.89189 31.1029,31.13513 l 0,33.72973 c 0,27.24325 -3.88783,31.13514 -31.1029,31.13514 l -33.79408,0 C -264.11215,731.29077 -268,727.39888 -268,700.15563 Z"
id="path6455"
inkscape:connector-curvature="0"
sodipodi:nodetypes="sssssssss" />
</g>
<g
inkscape:groupmode="layer"
id="layer3"
inkscape:label="PLACEHOLDER LETTER"
style="display:inline">
<text
xml:space="preserve"
style="font-style:normal;font-weight:normal;font-size:40px;line-height:125%;font-family:Sans;letter-spacing:0px;word-spacing:0px;fill:#ffffff;fill-opacity:1;stroke:none;filter:url(#filter950)"
x="17.458124"
y="69.1772"
id="text3891"
sodipodi:linespacing="125%"><tspan
sodipodi:role="line"
id="tspan3893"
x="17.458124"
y="69.1772"
style="font-style:normal;font-variant:normal;font-weight:500;font-stretch:normal;font-size:56px;font-family:Ubuntu;-inkscape-font-specification:'Ubuntu Medium';fill:#ffffff;fill-opacity:1">ka</tspan></text>
<rect
style="opacity:0.7;fill:none;stroke:none"
id="rect3021"
width="64"
height="64"
x="16"
y="15.449201" />
</g>
<g
inkscape:groupmode="layer"
id="layer2"
inkscape:label="BADGE"
style="display:none"
sodipodi:insensitive="true">
<g
style="display:inline"
transform="translate(-340.00001,-581)"
id="g4394"
clip-path="none">
<g
id="g855">
<g
inkscape:groupmode="maskhelper"
id="g870"
clip-path="url(#clipPath873)"
style="opacity:0.6;filter:url(#filter891)">
<path
transform="matrix(1.4999992,0,0,1.4999992,-29.999795,-237.54282)"
d="m 264,552.36218 a 12,12 0 0 1 -12,12 12,12 0 0 1 -12,-12 12,12 0 0 1 12,-12 12,12 0 0 1 12,12 z"
sodipodi:ry="12"
sodipodi:rx="12"
sodipodi:cy="552.36218"
sodipodi:cx="252"
id="path844"
style="color:#000000;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:4;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
sodipodi:type="arc" />
</g>
<g
id="g862">
<path
sodipodi:type="arc"
style="color:#000000;fill:#f5f5f5;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:4;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="path4398"
sodipodi:cx="252"
sodipodi:cy="552.36218"
sodipodi:rx="12"
sodipodi:ry="12"
d="m 264,552.36218 a 12,12 0 0 1 -12,12 12,12 0 0 1 -12,-12 12,12 0 0 1 12,-12 12,12 0 0 1 12,12 z"
transform="matrix(1.4999992,0,0,1.4999992,-29.999795,-238.54282)" />
<path
transform="matrix(1.25,0,0,1.25,33,-100.45273)"
d="m 264,552.36218 a 12,12 0 0 1 -12,12 12,12 0 0 1 -12,-12 12,12 0 0 1 12,-12 12,12 0 0 1 12,12 z"
sodipodi:ry="12"
sodipodi:rx="12"
sodipodi:cy="552.36218"
sodipodi:cx="252"
id="path4400"
style="color:#000000;fill:#dd4814;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:4;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
sodipodi:type="arc" />
<path
sodipodi:type="star"
style="color:#000000;fill:#f5f5f5;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:3;marker:none;visibility:visible;display:inline;overflow:visible;enable-background:accumulate"
id="path4459"
sodipodi:sides="5"
sodipodi:cx="666.19574"
sodipodi:cy="589.50385"
sodipodi:r1="7.2431178"
sodipodi:r2="4.3458705"
sodipodi:arg1="1.0471976"
sodipodi:arg2="1.6755161"
inkscape:flatsided="false"
inkscape:rounded="0.1"
inkscape:randomized="0"
d="m 669.8173,595.77657 c -0.39132,0.22593 -3.62645,-1.90343 -4.07583,-1.95066 -0.44938,-0.0472 -4.05653,1.36297 -4.39232,1.06062 -0.3358,-0.30235 0.68963,-4.03715 0.59569,-4.47913 -0.0939,-0.44198 -2.5498,-3.43681 -2.36602,-3.8496 0.18379,-0.41279 4.05267,-0.59166 4.44398,-0.81759 0.39132,-0.22593 2.48067,-3.48704 2.93005,-3.4398 0.44938,0.0472 1.81505,3.67147 2.15084,3.97382 0.3358,0.30236 4.08294,1.2817 4.17689,1.72369 0.0939,0.44198 -2.9309,2.86076 -3.11469,3.27355 -0.18379,0.41279 0.0427,4.27917 -0.34859,4.5051 z"
transform="matrix(1.511423,-0.16366377,0.16366377,1.511423,-755.37346,-191.93651)" />
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

5
templates/keepalived/config.yml Executable file
View File

@ -0,0 +1,5 @@
name: keepalived
description: |
Keepalived enables services to be deployed in HA with VRRP based failover across multiple hosts.
version: v1.0.1
category: Networking

101
templates/letsencrypt/4/README.md Normal file
View File

@ -0,0 +1,101 @@
# Let's Encrypt Certificate Manager
### About
The Let's Encrypt Certificate Manager obtains a free (SAN) SSL Certificate from the [Let's Encrypt CA](https://letsencrypt.org/) and adds it to Rancher's certificate store. Once the certificate is created it is scheduled for automatic renewal 20-days before expiration. Rancher load balancer services are automatically updated to use the renewed certificate.
### Changelog v0.5.0
- Added support for Aurora DNS, Azure DNS and NS1
- Added support for stopping container after creating/renewing certificate
- Added configuration option to specify DNS resolvers to use (fixes an issue with private zones on AWS)
- Added configuration option to specify renewal grace period
- Added support for Rancher servers using self-signed certs
- Logs now contain ACME library messages
### Usage
1. Accept the terms of service.
2. Select the API version to use. The Sandbox API should be used for testing purposes.
3. Fill in your email address.
4. Enter the name used for storing the certificate in Rancher and volumes. Any existing certificate by that name will be updated.
5. Enter one or more domain names. The first domain will be used as the Common Name property of the certificate.
6. Fill in the required credentials for the chosen provider. Note provider specific usage notes below.
If you want the certificate to be automatically renewed, leave the service running. Otherwise you may remove the service once the certificate has appeared in Rancher's certificate store.
### Store data in a persistent volume
If you specify a name under "Volume Name" then account data, certificate and private key are stored in a (host scoped) Docker volume with the specified name.
To store the data in a stack scoped volume that can be shared with services running on other hosts, you should provide the name of an already active persistent storage service under "Persistent Storage Driver". See the [Storage Service documentation](https://docs.rancher.com/rancher/v1.3/en/rancher-services/storage-service/).
#### Example
1. Configure the service with a volume named "letsencrypt".
2. Mount the volume to `/etc/letsencrypt` in another service.
This service can then access the certificate and key in the following locations:
- `/etc/letsencrypt/production/certs/<certificate name>/fullchain.pem`
- `/etc/letsencrypt/production/certs/<certificate name>/privkey.pem`
where `<certificate name>` is the name of the certificate sanitized to consist of only the following characters: `[a-zA-Z0-9-_.]`.
### Provider specific usage
#### AWS Route 53
Note: If you have both a private and public zone for the domain, make sure you configure the service to use public DNS resolvers (the default ones are fine).
The following IAM policy describes the minimum permissions required when using AWS Route 53 for domain authorization.
Replace `<HOSTED_ZONE_ID>` with the ID of the hosted zone that encloses the domain(s) for which you are going to obtain certificates. You may use a wildcard (*) in place of the ID to make this policy work with all of the hosted zones associated with an AWS account.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:GetChange",
"route53:ListHostedZonesByName"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/<HOSTED_ZONE_ID>"
]
}
]
}
```
#### OVH
First create your credentials on https://eu.api.ovh.com/createToken/ by filling out the form like this:
- `Account ID`: Your OVH account ID
- `Password`: Your password
- `Script name`: letsencrypt
- `Script description`: Letsencrypt for Rancher
- `Validity`: Unlimited
- `Rights`:
- GET /domain/zone/*
- POST /domain/zone/*
- DELETE /domain/zone/*
Then deploy this service using the generated key, application secret and consumer key.
#### HTTP
If you prefer not to use a DNS-based challenge or your provider is not supported, you can use the HTTP challenge.
Simply choose `HTTP` from the list of providers.
Then make sure that HTTP requests to `domain.com/.well-known/acme-challenge` are forwarded to port 80 of the `rancher-letsencrypt` service, e.g. by configuring a Rancher load balancer accordingly. Make sure the reverse proxy passes the original `host` header to the backend.
### Suggestions & bug reports
Please submit suggestions or any issues you find to the [rancher-letsencrypt](https://github.com/janeczku/rancher-letsencrypt) GitHub repo.

55
templates/letsencrypt/4/docker-compose.yml.tpl Normal file
View File

@ -0,0 +1,55 @@
version: '2'
services:
letsencrypt:
image: janeczku/rancher-letsencrypt:v0.5.0
environment:
EULA: ${EULA}
API_VERSION: ${API_VERSION}
CERT_NAME: ${CERT_NAME}
EMAIL: ${EMAIL}
DOMAINS: ${DOMAINS}
PUBLIC_KEY_TYPE: ${PUBLIC_KEY_TYPE}
RENEWAL_TIME: ${RENEWAL_TIME}
PROVIDER: ${PROVIDER}
CLOUDFLARE_EMAIL: ${CLOUDFLARE_EMAIL}
CLOUDFLARE_KEY: ${CLOUDFLARE_KEY}
DO_ACCESS_TOKEN: ${DO_ACCESS_TOKEN}
AWS_ACCESS_KEY: ${AWS_ACCESS_KEY}
AWS_SECRET_KEY: ${AWS_SECRET_KEY}
DNSIMPLE_EMAIL: ${DNSIMPLE_EMAIL}
DNSIMPLE_KEY: ${DNSIMPLE_KEY}
DYN_CUSTOMER_NAME: ${DYN_CUSTOMER_NAME}
DYN_USER_NAME: ${DYN_USER_NAME}
DYN_PASSWORD: ${DYN_PASSWORD}
VULTR_API_KEY: ${VULTR_API_KEY}
OVH_APPLICATION_KEY: ${OVH_APPLICATION_KEY}
OVH_APPLICATION_SECRET: ${OVH_APPLICATION_SECRET}
OVH_CONSUMER_KEY: ${OVH_CONSUMER_KEY}
GANDI_API_KEY: ${GANDI_API_KEY}
AZURE_CLIENT_ID: ${AZURE_CLIENT_ID}
AZURE_CLIENT_SECRET: ${AZURE_CLIENT_SECRET}
AZURE_SUBSCRIPTION_ID: ${AZURE_SUBSCRIPTION_ID}
AZURE_TENANT_ID: ${AZURE_TENANT_ID}
AZURE_RESOURCE_GROUP: ${AZURE_RESOURCE_GROUP}
volumes:
- /var/lib/rancher:/var/lib/rancher
{{- if .Values.VOLUME_NAME}}
- {{.Values.VOLUME_NAME}}:/etc/letsencrypt
{{- end }}
labels:
io.rancher.container.create_agent: 'true'
io.rancher.container.agent.role: 'environment'
{{- if eq .Values.RUN_ONCE "true" }}
io.rancher.container.start_once: "true"
{{- end }}
{{- if .Values.VOLUME_NAME}}
volumes:
{{.Values.VOLUME_NAME}}:
{{- if .Values.STORAGE_DRIVER}}
driver: {{.Values.STORAGE_DRIVER}}
{{- if .Values.STORAGE_DRIVER_OPT}}
driver_opts:
{{.Values.STORAGE_DRIVER_OPT}}
{{- end }}
{{- end }}
{{- end }}

226
templates/letsencrypt/4/rancher-compose.yml Normal file
View File

@ -0,0 +1,226 @@
.catalog:
name: Let's Encrypt
version: 0.5.0
description: Trusted SSL certificates at zero cost
minimum_rancher_version: v1.5.0
questions:
- variable: EULA
label: I Agree to the Let's Encrypt TOS
description: |
Read https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf
required: true
type: enum
options:
- "Yes"
- "No"
- variable: API_VERSION
label: Let's Encrypt API Version
description: |
Select the Let's Encrypt API endpoint used for issuing the certificate.
Use `Sandbox` for testing your configuration.
required: true
type: enum
default: Production
options:
- Production
- Sandbox
- variable: EMAIL
label: Your Email Address
description: |
Enter the email address to use for creating the Let's Encrypt account.
required: true
type: string
- variable: CERT_NAME
label: Certificate Name
description: |
Name for storing the certificate in the Rancher API and in volumes.
Any existing certificate by that name will be updated.
required: true
type: string
- variable: DOMAINS
label: Domain Names
description: |
Comma delimited list of the certificate domains starting with the Common Name.
E.g: `example.com, dev.example.com`.
required: true
type: string
- variable: PUBLIC_KEY_TYPE
label: Public Key Algorithm
description: |
Select one of the available key types.
required: true
type: enum
default: RSA-2048
options:
- RSA-2048
- RSA-4096
- RSA-8192
- ECDSA-256
- ECDSA-384
- variable: RENEWAL_TIME
label: Renewal Time of Day (00-23)
description: |
Set the time of day (UTC in hours) at which certificate renewals should be run.
default: 12
required: true
type: int
- variable: RENEWAL_PERIOD_DAYS
label: Renewal Grace Period
description: |
Number of days before expiration the certificate should be renewed / become eligible for renewal.
default: 20
required: true
type: int
- variable: RUN_ONCE
label: Run Once
description: |
Stop the service after creating or renewing the certificate instead of continously running and managing renewal.
required: true
type: boolean
default: false
- variable: DNS_RESOLVERS
label: DNS Resolvers
description: |
Comma delimited list of DNS resolvers used to check propagation of ACME TXT record.
If empty the DNS resolvers configured in your hosts /etc/resolv.conf are used.
required: false
default: "8.8.8.8:53,8.8.4.4:53"
type: string
- variable: VOLUME_NAME
label: Volume Name (Optional)
description: |
To store the account data, certificates and private keys in a volume, enter the volume name that should be used.
By default this will be a (host scoped) named Docker volume. See "Persistent Storage Driver" for other options.
required: false
type: string
- variable: STORAGE_DRIVER
label: Volume Storage Driver (Optional)
description: |
To use a stack scoped volume backed by a persistent storage service, enter the name
of an existing storage driver (see `Infrastructure -> Storage`). This also requires "Volume Name" to be set.
required: false
type: string
- variable: STORAGE_DRIVER_OPT
label: Storage Driver Option (Optional)
description: |
Specify a single "driver_opts" key/value pair in the format "optionName: optionValue".
E.g. for the `rancher-ebs` driver you should specify the required 'size' option like this: "size: 1".
required: false
type: string
- variable: PROVIDER
label: Domain Validation Method
description: Select a DNS provider to use for domain validation. Use 'HTTP' if your domain is hosted elsewhere.
required: true
type: enum
options:
- CloudFlare
- DigitalOcean
- DNSimple
- Dyn
- Gandi
- Ovh
- Route53
- Vultr
- HTTP
- Azure
- NS1
- variable: AWS_ACCESS_KEY
label: AWS Route53 Access Key Id
description: Enter the Access Key Id for your AWS account.
type: string
required: false
- variable: AWS_SECRET_KEY
label: AWS Route53 Secret Access Key
description: Enter the Secret Access Key for your AWS account.
type: password
required: false
- variable: AZURE_CLIENT_ID
label: Azure Client ID
description: Enter the Client Id for your Azure account.
type: string
required: false
- variable: AZURE_CLIENT_SECRET
label: Azure Client Secret
description: Enter the Access Key Id for your Azure account.
type: password
required: false
- variable: AZURE_SUBSCRIPTION_ID
label: Azure Subscription Id
description: Enter the Azure Subscription Id for your Azure account.
type: string
required: false
- variable: AZURE_TENANT_ID
label: Azure Tenant Id
description: Enter the Azure Tenant Id for your Azure account.
type: string
required: false
- variable: AZURE_RESOURCE_GROUP
label: Azure Resource Group
description: Enter the Azure Resource Group for your Azure account.
type: string
required: false
- variable: CLOUDFLARE_EMAIL
label: CloudFlare Email Address
description: Enter the email address associated with your CloudFlare account.
type: string
required: false
- variable: CLOUDFLARE_KEY
label: CloudFlare API Key
description: Enter the Global API Key for your CloudFlare account.
type: password
required: false
- variable: DO_ACCESS_TOKEN
label: DigitalOcean API Access Token
description: Enter the Personal Access Token for your DigitalOcean account.
type: password
required: false
- variable: DNSIMPLE_EMAIL
label: DNSimple Email Address
description: Enter the email address associated with your DNSimple account.
type: string
required: false
- variable: DNSIMPLE_KEY
label: DNSimple API Key
description: Enter your DNSimple API key.
type: password
required: false
- variable: DYN_CUSTOMER_NAME
label: Dyn Customer Name
description: Enter your Dyn customer name.
type: string
required: false
- variable: DYN_USER_NAME
label: Dyn User Name
description: Enter your Dyn user name.
type: string
required: false
- variable: DYN_PASSWORD
label: Dyn Password
description: Enter your Dyn password.
type: password
required: false
- variable: GANDI_API_KEY
label: Gandi API Key
description: Enter the API key for your Gandi account.
type: password
required: false
- variable: OVH_APPLICATION_KEY
label: OVH Application Key
description: Enter your OVH application key.
type: string
required: false
- variable: OVH_APPLICATION_SECRET
label: OVH Application Secret
description: Enter your OVH application secret.
type: password
required: false
- variable: OVH_CONSUMER_KEY
label: OVH Consumer Key
description: Enter your OVH consumer key.
type: password
required: false
- variable: VULTR_API_KEY
label: Vultr API Key
description: Enter the API key for your Vultr account.
type: password
required: false

2
templates/letsencrypt/config.yml
View File

@ -1,7 +1,7 @@
name: Let's Encrypt name: Let's Encrypt
description: | description: |
Trusted SSL certificates at zero cost Trusted SSL certificates at zero cost
version: 0.4.0 version: 0.5.0
category: Security category: Security
maintainer: Jan Bruder <jan@rancher.com> maintainer: Jan Bruder <jan@rancher.com>
license: The MIT License license: The MIT License

11
templates/rabbitmq-examples/0/README.md Normal file
View File

@ -0,0 +1,11 @@
# RabbitMQ Examples
I needed to test a rabbitMQ with some basics so I forked the official tutorials and added a Dockerfile
[here](https://github.com/joshuacox/rabbitmq-tutorials/tree/jsdockerfile/javascript-nodejs)
[dockerhub here](https://hub.docker.com/r/joshuacox/rabbitmq-tutorials/)
In that fork, there is a `Makefile` that can run through the proof of
concept. `make` will start a rabbitmq container, then start all the
listeners as deamons, and the emitters to run once. The emitters are
ephemeral and will go away once their message is sent or they error out.

253
templates/rabbitmq-examples/0/docker-compose.yml.tpl Normal file
View File

@ -0,0 +1,253 @@
version: '2'
services:
{{- if eq .Values.rabbitmq_link ""}}
rabbit:
hostname: rabbit
image: rabbitmq:3
{{- end}}
receive:
command: receive
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
io.rancher.sidekicks: send
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
send:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
io.rancher.container.start_once: true
command: send
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
worker:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
io.rancher.sidekicks: newtask
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
command: worker
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
newtask:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
io.rancher.container.start_once: true
command: new_task
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
rpcserver:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
io.rancher.sidekicks: rpcclient
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
command: rpc_server
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
rpcclient:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
io.rancher.container.start_once: true
command: rpc_client 4
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
receivelogs:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
io.rancher.sidekicks: emitlog
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
command: receive_logs
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
emitlog:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
io.rancher.container.start_once: true
command: emit_log
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
receivelogsdirect:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
io.rancher.sidekicks: emitlogdirect
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
command: receive_logs_direct info
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
emitlogdirect:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
io.rancher.container.start_once: true
command: emit_log_direct
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
receivelogstopic:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
io.rancher.sidekicks: emitlogtopic
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
command: receive_logs_topic anonymous.info
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}
emitlogtopic:
image: joshuacox/rabbitmq-tutorials
labels:
io.rancher.container.hostname_override: container_name
{{- if ne .Values.host_label ""}}
io.rancher.scheduler.affinity:host_label: ${host_label}
{{- end}}
io.rancher.container.start_once: true
command: emit_log_topic
{{- if ne .Values.rabbitmq_link ""}}
external_links:
- ${rabbitmq_link}:rabbit
environment:
- AMQ_HOST=rabbit.rancher.internal
{{- else}}
links:
- rabbit
environment:
- AMQ_HOST=rabbit
{{- end}}

32
templates/rabbitmq-examples/0/rancher-compose.yml Normal file
View File

@ -0,0 +1,32 @@
version: '2'
catalog:
name: RabbitMQ_Examples
version: 3.6-rancher1
description: |
tutorial storage examples
questions:
- variable: rabbitmq_link
description: "rabbitmq service link"
label: "rabbitmq stack/service"
default: ""
required: false
type: "service"
- variable: "host_label"
description: "Host label where to run this service."
label: "Host label:"
required: false
default: ""
type: "string"
services:
receive:
scale: 1
receivelogs:
scale: 1
receivelogsdirect:
scale: 1
receivelogstopic:
scale: 1
rpcserver:
scale: 1
worker:
scale: 1

BIN
templates/rabbitmq-examples/catalogIcon-rabbitmq.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.0 KiB

7
templates/rabbitmq-examples/config.yml Executable file
View File

@ -0,0 +1,7 @@
name: RabbitMQ 3.6 Tutorial Examples
description: |
Robust messaging for applications Examples
version: 3.6-rancher1
category: Message queues
maintainer: "Josh Cox <josh@webhosting.coop>"
minimum_rancher_version: v0.59.0