examples/kustomize-simple: add k8s manifests

examples/README.md

@@ -6,11 +6,16 @@
 
 An example how to setup endlessh-go, Prometheus, and Grafana using [docker compose](https://docs.docker.com/compose/).
 
+## [kustomize-simple](./kustomize-simple)
+
+An example how to setup endlessh-go using [kustomize](https://kustomize.io/).
+
 ## [docker-maxmind](./docker-maxmind)
 
 An example how to setup endlessh-go with the Maxmind GeoIP Database.
 
 ## FAQ
+
 ### Bind to privileged ports (<1024) in a container
 
 You need to add capability `NET_BIND_SERVICE` to the program.

examples/kustomize-simple/README.md

@@ -0,0 +1,25 @@
+## kustomize
+
+This is an example how to setup endlessh-go with existing Prometheus and Grafana using [kustomize](https://kustomize.io/).
+
+This example assumes the cluster already has a Prometheus Operator based monitoring stack. It deploys:
+
+- endlessh-go
+- a Service exposing SSH and Prometheus metrics
+- a `ServiceMonitor` for scraping endlessh-go metrics
+- a Grafana dashboard `ConfigMap`
+
+To deploy the stack, run:
+
+```bash
+kubectl apply -k examples/kustomize-simple
+```
+
+`dashboard.json` is added to a `ConfigMap` with label `grafana_dashboard=1`, which can be picked up by a Grafana sidecar based dashboard loader.
+
+The `ServiceMonitor` in `monitor.yaml` scrapes the `metrics` port every `60s`. If your Prometheus stack only selects `ServiceMonitor` objects with specific labels, add the matching label in `kustomization.yaml`.
+
+The `endlessh` Service exposes the following ports inside the cluster:
+
+- **22**: SSH for endlessh-go
+- **2112**: Prometheus metrics exported by endlessh-go

examples/kustomize-simple/deployment.yaml

@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: endlessh
+spec:
+  replicas: 1
+  template:
+    spec:
+      automountServiceAccountToken: false
+      containers:
+        - name: endlessh
+          image: shizunge/endlessh-go:latest
+          args:
+            - -interval_ms=1000
+            - -logtostderr
+            - -v=1
+            - -enable_prometheus
+            - -geoip_supplier=ip-api
+            - -host=[::]
+            - -prometheus_host=[::]
+          ports:
+            - name: ssh
+              containerPort: 2222
+            - name: metrics
+              containerPort: 2112
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL

examples/kustomize-simple/kustomization.yaml

@@ -0,0 +1,21 @@
+resources:
+  - deployment.yaml
+  - service.yaml
+  - monitor.yaml
+configMapGenerator:
+  - name: endlessh-dashboard
+    files:
+      - dashboard.json
+    options:
+      labels:
+        grafana_dashboard: "1"
+labels:
+  - pairs:
+      app.kubernetes.io/name: endlessh
+    includeSelectors: true
+    includeTemplates: true
+    fields:
+      - group: monitoring.coreos.com
+        kind: ServiceMonitor
+        path: spec/selector/matchLabels
+        create: true

examples/kustomize-simple/monitor.yaml

@@ -0,0 +1,10 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: endlessh
+spec:
+  endpoints:
+    - interval: 60s
+      path: /metrics
+      port: metrics
+  jobLabel: app.kubernetes.io/name

examples/kustomize-simple/service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: endlessh
+spec:
+  ports:
+    - name: ssh
+      port: 22
+      targetPort: ssh
+      protocol: TCP
+    - name: metrics
+      port: 2112
+      targetPort: metrics
+      protocol: TCP