Add Samba/SSH/Bupstash deployment.
Change-Id: I4e16583990514b28531c99b2ed3dc21e09debe98
diff --git a/samba/samba.yaml b/samba/samba.yaml
new file mode 100644
index 0000000..375078a
--- /dev/null
+++ b/samba/samba.yaml
@@ -0,0 +1,190 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+
+metadata:
+ name: samba
+ namespace: mulk
+ labels:
+ name: samba
+ k8s-app: samba
+
+spec:
+ replicas: 1
+
+ strategy:
+ type: Recreate
+
+ selector:
+ matchLabels:
+ k8s-app: samba
+ name: samba
+
+ template:
+ metadata:
+ labels:
+ name: samba
+ k8s-app: samba
+
+ spec:
+ imagePullSecrets:
+ - name: portus-token
+
+ volumes:
+ - name: homes
+ persistentVolumeClaim:
+ claimName: samba-homes
+ - name: samba-smbpasswd
+ secret:
+ secretName: samba-smbpasswd
+ defaultMode: 0600
+ items:
+ - key: smbpasswd
+ path: smbpasswd
+ mode: 0600
+ - name: samba-config
+ configMap:
+ name: samba-config
+ - name: sshd-config
+ secret:
+ secretName: sshd-config
+ defaultMode: 0600
+
+ hostNetwork: true
+
+ containers:
+ - name: master
+ image: docker.benkard.de/mulk/samba:5fdaazgkjc73m6pjahxgfc9xxymrcd8i
+ imagePullPolicy: Always
+ resources:
+ limits:
+ cpu: 2000m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 300Mi
+ volumeMounts:
+ - name: homes
+ mountPath: /home
+ - name: samba-smbpasswd
+ mountPath: /vol/samba-smbpasswd/smbpasswd
+ subPath: smbpasswd
+ readOnly: true
+ - name: samba-config
+ mountPath: /vol/samba-config
+ readOnly: true
+ - name: sshd-config
+ mountPath: /vol/sshd-config
+ readOnly: true
+ ports:
+ - containerPort: 445
+ name: smb
+ protocol: TCP
+ hostPort: 445
+ - containerPort: 22445
+ name: ssh
+ protocol: TCP
+ hostPort: 22445
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+
+metadata:
+ name: samba-homes
+ namespace: mulk
+
+ labels:
+ name: samba-homes
+ k8s-app: samba
+
+ annotations:
+ volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
+
+spec:
+ accessModes:
+ - ReadWriteOnce
+
+ resources:
+ requests:
+ storage: 1Ti
+
+ storageClassName: local-path
+
+---
+kind: ConfigMap
+apiVersion: v1
+
+metadata:
+ name: samba-config
+ namespace: mulk
+
+ labels:
+ k8s-app: samba
+
+data:
+ smb.conf: |
+ [global]
+ log file = /dev/stdout
+ load printers = no
+ printcap name = /dev/null
+ unix password sync = no
+ preserve case = yes
+ short preserve case = yes
+ default case = lower
+ workgroup = MSTPLUS
+ passdb backend = smbpasswd:/var/lib/samba/private/smbpasswd
+ disable spoolss = yes
+ unix extensions = yes
+ map to guest = bad user
+ #usershare allow guests = yes
+ multicast dns register = yes
+ mdns name = netbios
+ acl allow execute always = yes
+
+ spotlight = no
+ rpc_server:mdsvc = embedded
+
+ [homes]
+ path = /home/%S
+ read only = no
+ browseable = no
+ valid users = %S
+
+ vfs objects = catia fruit streams_xattr
+
+ durable handles = yes
+ kernel oplocks = no
+ kernel share modes = no
+ posix locking = yes
+
+ #create mask = 0664
+ #force create mode = 0644
+ #directory mask = 2755
+ #force directory mode = 2755
+ #directory security mask = 2755
+ #force directory security mode = 2755
+ inherit acls = yes
+ inherit permissions = yes
+ strict locking = no
+ follow symlinks = yes
+ wide links = no
+ ea support = yes
+ #acl allow execute always = yes
+
+ spotlight backend = noindex
+
+ fruit:aapl = yes
+ fruit:time machine = yes
+ #fruit:model = TimeCapsule
+ fruit:advertise_fullsync = true
+ fruit:copyfile = yes
+ fruit:resource = xattr
+ fruit:metadata = stream
+ fruit:locking = none
+ fruit:encoding = native
+ fruit:wipe_intentionally_left_blank_rfork = yes
+ fruit:delete_empty_adfiles = yes
+ fruit:veto_appledouble = no
+ fruit:time machine max size = 500G
+---