diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/cm-worknotes.txt b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/cm-worknotes.txt new file mode 100644 index 0000000..3de9add --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/cm-worknotes.txt @@ -0,0 +1,33 @@ +worknotes +#https://matthewpalmer.net/kubernetes-app-developer/articles/ultimate-configmap-guide-kubernetes.html + +ls -lrt +total 12 +-rw-r--r-- 1 root root 310 Apr 3 07:18 config-map.yaml +-rw-r--r-- 1 root root 779 Apr 3 07:59 pod.yaml +-rw-r--r-- 1 root root 209 Apr 3 08:02 pod-env-var.yaml + +============ +kubectl get cm,pods +NAME DATA AGE +configmap/example-configmap 3 49m +============ +kubectl get pods | grep -i pod +pod-env-var 1/1 Running 0 4m31s +pod-using-configmap 1/1 Running 0 9m14s +================== + +#pod with config volume + +kubectl exec -it pod-using-configmap bash +root@pod-using-configmap:/# cd /etc/config ; ls -lrt +total 0 +lrwxrwxrwx 1 root root 11 Apr 3 07:59 keys -> ..data/keys +lrwxrwxrwx 1 root root 19 Apr 3 07:59 database_uri -> ..data/database_uri +lrwxrwxrwx 1 root root 15 Apr 3 07:59 database -> ..data/database +============== + kubectl exec -it pod-env-var bash +root@pod-env-var:/# env +keys=image.public.key=771 +rsa.public.key=42 +============================================= \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/config-map.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/config-map.yaml new file mode 100644 index 0000000..77475d2 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/config-map.yaml @@ -0,0 +1,13 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: example-configmap +data: + # Configuration values can be set as key-value properties + database: mongodb + database_uri: mongodb://localhost:27017 + + # Or set as complete file contents (even JSON!) + keys: | + image.public.key=771 + rsa.public.key=42 \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/original doc.docx b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/original doc.docx new file mode 100644 index 0000000..4c28e62 Binary files /dev/null and b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/original doc.docx differ diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/pod-env-var.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/pod-env-var.yaml new file mode 100644 index 0000000..6ae652a --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/pod-env-var.yaml @@ -0,0 +1,11 @@ +kind: Pod +apiVersion: v1 +metadata: + name: pod-env-var +spec: + containers: + - name: env-var-configmap + image: nginx:1.7.9 + envFrom: + - configMapRef: + name: example-configmap \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/pod-using-raw-env-vars.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/pod-using-raw-env-vars.yaml new file mode 100644 index 0000000..0cf2cf3 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/pod-using-raw-env-vars.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod1 +spec: + containers: + - name: nginx + image: nginx + env: + - name: ENVVAR1 + value: value1 + - name: ENVVAR2 + value: value2 \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/pod.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/pod.yaml new file mode 100644 index 0000000..180de17 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/pod.yaml @@ -0,0 +1,27 @@ +kind: Pod +apiVersion: v1 +metadata: + name: pod-using-configmap + +spec: + # Add the ConfigMap as a volume to the Pod + volumes: + # `name` here must match the name + # specified in the volume mount + - name: example-configmap-volume + # Populate the volume with config map data + configMap: + # `name` here must match the name + # specified in the ConfigMap's YAML + name: example-configmap + + containers: + - name: container-configmap + image: nginx:1.7.9 + # Mount the volume that contains the configuration data + # into your container filesystem + volumeMounts: + # `name` here must match the name + # from the volumes section of this pod + - name: example-configmap-volume + mountPath: /etc/config \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/sample-ammpi-volume.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/sample-ammpi-volume.yaml new file mode 100644 index 0000000..f594b2e --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/cm/sample-ammpi-volume.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: oche-umpi +spec: + replicas: 1 + template: + metadata: + labels: + name: oche-umpi + microservice: umpi + kubernetes-service: oche-umpi + spec: + dnsPolicy: ClusterFirst + containers: + - name: oche-umpi + image: docker.ochedc.tureanalytics.com/dockadmin/umpi-document-service:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + volumeMounts: + - name: umpi-volume + mountPath: /opt/umpi_config/Document_Type_Config + volumes: + - name: umpi-volume + configMap: + name: umpi-config + imagePullSecrets: + - name: dockadmin \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-docker.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-docker.yaml new file mode 100644 index 0000000..71318e5 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-docker.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod4 +spec: + containers: + - name: privateapp + image: abhirockzz/test-private-repo:latest + command: ["/bin/sh"] + args: ["-c", "while true; do date; sleep 5;done"] + imagePullSecrets: + - name: docker-repo-secret diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-env.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-env.yaml new file mode 100644 index 0000000..3846124 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-env.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod1 +spec: + containers: + - name: nginx + image: nginx + env: + - name: API_KEY + valueFrom: + secretKeyRef: + name: service-apikey + key: apikey diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-envFrom.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-envFrom.yaml new file mode 100644 index 0000000..bf49e85 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-envFrom.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod2 +spec: + containers: + - name: nginx + image: nginx + envFrom: + - secretRef: + name: plaintext-secret diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-volume.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-volume.yaml new file mode 100644 index 0000000..c6322c8 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/pod-secret-volume.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod3 +spec: + containers: + - name: nginx + image: nginx + volumeMounts: + - name: apikey-config-volume + mountPath: /secret + readOnly: true + volumes: + - name: apikey-config-volume + secret: + secretName: service-apikey diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/secret-data.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/secret-data.yaml new file mode 100644 index 0000000..b98da28 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/secret-data.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Secret +metadata: + name: service-apikey +data: + apikey: Zm9vYmFy diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/secret-file.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/secret-file.yaml new file mode 100644 index 0000000..23a1d91 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/secret-file.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret-in-a-file +stringData: + app-config.yaml: |- + hello: world + john: doe diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/secret-plaintext.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/secret-plaintext.yaml new file mode 100644 index 0000000..73f0ce1 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/abhirockzzkubernetes-secrets/secret-plaintext.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: plaintext-secret +stringData: + foo: bar + mac: cheese diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/secret-pod.yaml b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/secret-pod.yaml new file mode 100644 index 0000000..a5d1bff --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/secret-pod.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Pod +metadata: + name: consumesec +spec: + containers: + - name: shell + image: centos:7 + command: + - "bin/bash" + - "-c" + - "sleep 10000" + volumeMounts: + - name: apikeyvol + mountPath: "/tmp/apikey" + readOnly: true + volumes: + - name: apikeyvol + secret: + secretName: apikey \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/secrets-wn.txt b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/secrets-wn.txt new file mode 100644 index 0000000..6a64df4 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-cm-secrets/secrets/secrets-wn.txt @@ -0,0 +1,84 @@ +=============== +Config maps ideally stores application configuration in a plain text format whereas Secrets store sensitive data like password in an encrypted format. + +Both config maps and secrets can be used as volume and mounted inside a pod through a pod definition file. + +Config map: + + kubectl create configmap myconfigmap --from-literal=env=dev + +Secret: + +echo -n ‘admin’ > ./username.txt +echo -n ‘abcd1234’ ./password.txt +kubectl create secret generic mysecret --from-file=./username.txt --from-file=./password.txt + +==================== + +echo -n "A19fh68B001j" > ./apikey.txt + +$ kubectl create secret generic apikey --from-file=./apikey.txt +secret "apikey" created + +$ kubectl describe secrets/apikey +Name: apikey +Namespace: default +Labels: +Annotations: + +Type: Opaque + +Data +==== +apikey.txt: 12 bytes +=========================== +kubectl get pod/consumesec +NAME READY STATUS RESTARTS AGE +consumesec 1/1 Running 0 4s +========================= +kubectl get pod/consumesec -o yaml | grep -i api + +######apikey value is not shown in yaml +apiVersion: v1 + selfLink: /api/v1/namespaces/default/pods/consumesec + - mountPath: /tmp/apikey + name: apikeyvol + - name: apikeyvol + secretName: apikey +================================================== + +kubectl exec -it consumesec bash +[root@consumesec /]# cd /tmp/apikey +[root@consumesec apikey]# ls -lrt +total 0 +lrwxrwxrwx 1 root root 17 Apr 3 09:19 apikey.txt -> ..data/apikey.txt +[root@consumesec apikey]# cat apikey.txt + + +A19fh68B001j + + + +====================== + +Detail about secrets +https://dev.to/itnext/tutorial-how-to-use-kubernetes-secrets-for-storing-sensitive-config-data-3dl5 + +#docker image pull + +kubectl create secret docker-registry docker-repo-secret --docker-server=DOCKER_REG_SERVER --docker-username=DOCKER_REG_USERNAME --docker-password=DOCKER_REG_PASSWORD --docker-email=DOCKER_REG_EMAIL +=================================== + +apiVersion: v1 +kind: Pod +metadata: + name: pod4 +spec: + containers: + - name: privateapp + image: abhirockzz/test-private-repo:latest + command: ["/bin/sh"] + args: ["-c", "while true; do date; sleep 5;done"] + imagePullSecrets: + - name: docker-repo-secret +---------------------------------- \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-dns/client-pod.yaml b/111-ingress-cm-secrets-dns-pv/g3-dns/client-pod.yaml new file mode 100644 index 0000000..d656e53 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-dns/client-pod.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Pod +metadata: + name: client-pod +spec: + containers: + - name: curl + image: appropriate/curl + command: ["/bin/sh"] + args: ["-c","curl test-service:4000 "] \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-dns/dns-wn.txt b/111-ingress-cm-secrets-dns-pv/g3-dns/dns-wn.txt new file mode 100644 index 0000000..c8d2c7c --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-dns/dns-wn.txt @@ -0,0 +1,65 @@ +#https://medium.com/kubernetes-tutorials/kubernetes-dns-for-services-and-pods-664804211501 + +Kubernetes DNS system assigns domain and sub-domain names to pods, ports, and services, which allows them to be discoverable by other components inside your Kubernetes cluster. + +============ +DNS-based service discovery is very powerful because you don’t need to hard-code network parameters like IPs and ports into your application. Once a set of pods is managed by a service, you can easily access them using the service’s DNS +==================== +With DNS, Kubernetes services can be referenced by name that will correspond to any number of backend pods managed by the service + + +===================== +kubectl get po test +test-deployment-674667c867-l649z 1/1 Running 0 77m +test-deployment-674667c867-pr8xd 1/1 Running 0 77m +test-deployment-674667c867-wppjk 1/1 Running 0 77m +======================== + + +kubectl logs client-pod + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed +100 45 100 45 0 0 7500 0 --:--:-- --:--:-- --:--:-- 7500 + Hello from test-deployment-674667c867-l649z +================ + +kubectl exec -it test-deployment-674667c867-l649z bash + +root@test-deployment-674667c867-l649z:/# apt-get update +Hit:1 http://security.debian.org/debian-security buster/updates InRelease +Hit:2 http://deb.debian.org/debian buster InRelease +Hit:3 http://deb.debian.org/debian buster-updates InRelease +Reading package lists... Done + +root@test-deployment-674667c867-l649z:/# apt-get install busybox +Reading package lists... Done +Building dependency tree +Reading state information... Done +busybox is already the newest version (1:1.30.1-4). +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. + +root@test-deployment-674667c867-l649z:/# busybox nslookup test-service.default.svc.cluster.local +Server: 10.96.0.10 +Address: 10.96.0.10:53 + + +Name: test-service.default.svc.cluster.local +Address: 10.97.198.149 +####address is same as the one in below service +=============================== + kubectl describe svc test-service +Name: test-service +Namespace: default +Labels: +Annotations: +Selector: app=test-pod +Type: ClusterIP +IP: 10.97.198.149 #######check this +Port: 4000/TCP +TargetPort: http/TCP +Endpoints: 172.17.0.18:80,172.17.0.19:80,172.17.0.20:80 +Session Affinity: None +Events: + +====================================== + diff --git a/111-ingress-cm-secrets-dns-pv/g3-dns/test-pod.yaml b/111-ingress-cm-secrets-dns-pv/g3-dns/test-pod.yaml new file mode 100644 index 0000000..a243d4c --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-dns/test-pod.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: test-deployment +spec: + replicas: 3 + selector: + matchLabels: + app: test-pod + template: + metadata: + labels: + app: test-pod + spec: + containers: + - name: python-http-server + image: python:2.7 + command: ["/bin/bash"] + args: ["-c", "echo \" Hello from $(hostname)\" > index.html; python -m SimpleHTTPServer 80"] + ports: + - name: http + containerPort: 80 \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-dns/test-service.yaml b/111-ingress-cm-secrets-dns-pv/g3-dns/test-service.yaml new file mode 100644 index 0000000..434896c --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-dns/test-service.yaml @@ -0,0 +1,11 @@ +kind: Service +apiVersion: v1 +metadata: + name: test-service +spec: + selector: + app: test-pod + ports: + - protocol: TCP + port: 4000 + targetPort: http \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-ingress/Kubernetes Ingress with Nginx Example.docx b/111-ingress-cm-secrets-dns-pv/g3-ingress/Kubernetes Ingress with Nginx Example.docx new file mode 100644 index 0000000..b0881f7 Binary files /dev/null and b/111-ingress-cm-secrets-dns-pv/g3-ingress/Kubernetes Ingress with Nginx Example.docx differ diff --git a/111-ingress-cm-secrets-dns-pv/g3-ingress/apple.yaml b/111-ingress-cm-secrets-dns-pv/g3-ingress/apple.yaml new file mode 100644 index 0000000..6faf6d6 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-ingress/apple.yaml @@ -0,0 +1,24 @@ +kind: Pod +apiVersion: v1 +metadata: + name: apple-app + labels: + app: apple +spec: + containers: + - name: apple-app + image: hashicorp/http-echo + args: + - "-text=apple" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: apple-service +spec: + selector: + app: apple + ports: + - port: 5678 # Default port for image \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-ingress/banana.yaml b/111-ingress-cm-secrets-dns-pv/g3-ingress/banana.yaml new file mode 100644 index 0000000..134a1ae --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-ingress/banana.yaml @@ -0,0 +1,24 @@ +kind: Pod +apiVersion: v1 +metadata: + name: banana-app + labels: + app: banana +spec: + containers: + - name: banana-app + image: hashicorp/http-echo + args: + - "-text=banana" + +--- + +kind: Service +apiVersion: v1 +metadata: + name: banana-service +spec: + selector: + app: banana + ports: + - port: 5678 # Default port for image \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-ingress/ing-worknotes.txt b/111-ingress-cm-secrets-dns-pv/g3-ingress/ing-worknotes.txt new file mode 100644 index 0000000..b6af931 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-ingress/ing-worknotes.txt @@ -0,0 +1,63 @@ +ingress controller acts as loadbalancer + +#Source https://matthewpalmer.net/kubernetes-app-developer/articles/kubernetes-ingress-guide-nginx-example.html + +https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml + +====== +#nginx pod created + +kubectl get pods -n ingress-nginx +NAME READY STATUS RESTARTS AGE +nginx-ingress-controller-7f74f657bd-jm6d9 1/1 Running 0 8m32s +[root@ip-hostname ~]# kubectl get pods,deploy,service -n ingress-nginx + +NAME READY STATUS RESTARTS AGE +pod/nginx-ingress-controller-7f74f657bd-jm6d9 1/1 Running 0 8m56s + + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/nginx-ingress-controller 1/1 1 1 8m56s +[root@ip-hostname ~]# kubectl get ingress +NAME HOSTS ADDRESS PORTS AGE +example-ingress * 10.100.50.122 80 4m36s +========================================= +#ingress service created + +# kubectl describe ingress +Name: example-ingress +Namespace: default +Address: 10.100.50.122 +Default backend: default-http-backend:80 () +Rules: + Host Path Backends + ---- ---- -------- + * + /apple apple-service:5678 (172.17.0.10:5678) + /banana banana-service:5678 (172.17.0.11:5678) +Annotations: + ingress.kubernetes.io/rewrite-target: / +Events: + Type Reason Age From Message + ---- ------ ---- ---- ------- + Normal CREATE 4m48s nginx-ingress-controller Ingress default/example-ingress +================================= + + +curl -kL http://localhost/apple +apple + +# curl -kL http://localhost/banana +banana + +# curl -kL http://localhost/notfound + +404 Not Found + +

404 Not Found

+
openresty/1.15.8.2
+ + +=========================================== + + diff --git a/111-ingress-cm-secrets-dns-pv/g3-ingress/ingress.yaml b/111-ingress-cm-secrets-dns-pv/g3-ingress/ingress.yaml new file mode 100644 index 0000000..ae1fa84 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-ingress/ingress.yaml @@ -0,0 +1,20 @@ +#ingress.yaml + +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: example-ingress + annotations: + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - http: + paths: + - path: /apple + backend: + serviceName: apple-service + servicePort: 5678 + - path: /banana + backend: + serviceName: banana-service + servicePort: 5678 \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-ingress/mandatory.yaml b/111-ingress-cm-secrets-dns-pv/g3-ingress/mandatory.yaml new file mode 100644 index 0000000..0d837d1 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-ingress/mandatory.yaml @@ -0,0 +1,295 @@ +#https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml + +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- + +kind: ConfigMap +apiVersion: v1 +metadata: + name: nginx-configuration + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: tcp-services + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: udp-services + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nginx-ingress-serviceaccount + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: nginx-ingress-clusterrole + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "extensions" + - "networking.k8s.io" + resources: + - ingresses/status + verbs: + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: nginx-ingress-role + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +rules: + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + resourceNames: + # Defaults to "-" + # Here: "-" + # This has to be adapted if you change either parameter + # when launching the nginx-ingress-controller. + - "ingress-controller-leader-nginx" + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: nginx-ingress-role-nisa-binding + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nginx-ingress-role +subjects: + - kind: ServiceAccount + name: nginx-ingress-serviceaccount + namespace: ingress-nginx + +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: nginx-ingress-clusterrole-nisa-binding + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nginx-ingress-clusterrole +subjects: + - kind: ServiceAccount + name: nginx-ingress-serviceaccount + namespace: ingress-nginx + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-ingress-controller + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + template: + metadata: + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + annotations: + prometheus.io/port: "10254" + prometheus.io/scrape: "true" + spec: + # wait up to five minutes for the drain of connections + terminationGracePeriodSeconds: 300 + serviceAccountName: nginx-ingress-serviceaccount + nodeSelector: + kubernetes.io/os: linux + containers: + - name: nginx-ingress-controller + image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0 + args: + - /nginx-ingress-controller + - --configmap=$(POD_NAMESPACE)/nginx-configuration + - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services + - --udp-services-configmap=$(POD_NAMESPACE)/udp-services + - --publish-service=$(POD_NAMESPACE)/ingress-nginx + - --annotations-prefix=nginx.ingress.kubernetes.io + securityContext: + allowPrivilegeEscalation: true + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + # www-data -> 101 + runAsUser: 101 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + +--- + +apiVersion: v1 +kind: LimitRange +metadata: + name: ingress-nginx + namespace: ingress-nginx + labels: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx +spec: + limits: + - min: + memory: 90Mi + cpu: 100m + type: Container \ No newline at end of file diff --git a/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/Persistent volumes clear -jenkins example.docx b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/Persistent volumes clear -jenkins example.docx new file mode 100644 index 0000000..2a46d80 Binary files /dev/null and b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/Persistent volumes clear -jenkins example.docx differ diff --git a/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/jenkins-pv.yaml b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/jenkins-pv.yaml new file mode 100644 index 0000000..ab914fc --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/jenkins-pv.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jenkins +spec: + replicas: 1 + selector: + matchLabels: + app: jenkins + template: + metadata: + labels: + app: jenkins + spec: + containers: + - name: jenkins + image: jenkins:2.60.3 + ports: + - containerPort: 8080 + volumeMounts: + - name: jenkins-volume + mountPath: /var/jenkins_home + volumes: + - name: jenkins-volume + persistentVolumeClaim: + claimName: myclaim1 +--- +apiVersion: v1 +kind: Service +metadata: + name: jenkins +spec: + type: NodePort + selector: + app: jenkins + ports: + - name: jenkins-port + port: 8080 + targetPort: 8080 + protocol: TCP + nodePort: 32080 diff --git a/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/oc-jenkins.txt b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/oc-jenkins.txt new file mode 100644 index 0000000..faf4ee8 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/oc-jenkins.txt @@ -0,0 +1,59 @@ +##### +#####for OC convert all these to json +create a PV +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: claim1 +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + volumeName: pv0001 +--- +create a deploy + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jenkins +spec: + replicas: 1 + selector: + matchLabels: + app: jenkins + template: + metadata: + labels: + app: jenkins + spec: + containers: + - name: jenkins + image: jenkins:2.60.3 + ports: + - containerPort: 8080 + volumeMounts: + - name: pv0001 + mountPath: "/var/jenkins_home" + volumes: + - name: pv0001 + persistentVolumeClaim: + claimName: claim1 +--- +###create a service and then route it + +apiVersion: v1 +kind: Service +metadata: + name: jenkins +spec: + selector: + app: jenkins + ports: + - protocol: TCP + port: 80 + targetPort: 8080 diff --git a/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/pv-d.yaml b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/pv-d.yaml new file mode 100644 index 0000000..73ab721 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/pv-d.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pv-deploy +spec: + replicas: 1 + selector: + matchLabels: + app: mypv + template: + metadata: + labels: + app: mypv + spec: + containers: + - name: shell + image: centos:7 + command: + - "bin/bash" + - "-c" + - "sleep 10000" + volumeMounts: + - name: mypd + mountPath: "/tmp/persistent" + volumes: + - name: mypd + persistentVolumeClaim: + claimName: myclaim diff --git a/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/pvc.yaml b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/pvc.yaml new file mode 100644 index 0000000..cf6b782 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-archive/pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: myclaim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-jenkins.txt b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-jenkins.txt new file mode 100644 index 0000000..c020255 --- /dev/null +++ b/111-ingress-cm-secrets-dns-pv/g3-persistentvolume/pv-jenkins.txt @@ -0,0 +1,74 @@ +#PV +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-volume + labels: + type: local +spec: + storageClassName: manual + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + hostPath: + path: "/mnt/data" + +================ +#PVC + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + volumeName: pv0001 + +=######create deploy,service + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jenkins +spec: + replicas: 1 + selector: + matchLabels: + app: jenkins + template: + metadata: + labels: + app: jenkins + spec: + containers: + - name: jenkins + image: jenkins:2.60.3 + ports: + - containerPort: 8080 + volumeMounts: + - name: pv0001 + mountPath: "/var/jenkins_home" + volumes: + - name: pv0001 + persistentVolumeClaim: + claimName: pv-claim +--- +###create a service and then route it + +apiVersion: v1 +kind: Service +metadata: + name: jenkins +spec: + selector: + app: jenkins + ports: + - protocol: TCP + port: 80 + targetPort: 8080 diff --git a/1111-kubernetes-in-a-nutshell/README.md b/1111-kubernetes-in-a-nutshell/README.md new file mode 100644 index 0000000..86f5237 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/README.md @@ -0,0 +1,17 @@ +# Kubernetes in a Nutshell + +## List of blogs + +- Kubernetes Stateless apps - [Beyond Pods: How to orchestrate stateless apps in Kubernetes?](https://dev.to/itnext/stateless-apps-in-kubernetes-beyond-pods-4p52) + +- Kubernetes Configuration - [Hands-on guide: Configure your Kubernetes apps using the ConfigMap object](https://dev.to/itnext/hands-on-guide-configure-your-kubernetes-apps-using-the-configmap-object-44gj) + +- Kubernetes `Volume`s + - Part 1 - [Tutorial: Basics of Kubernetes Volumes (Part 1)](https://dev.to/itnext/tutorial-basics-of-kubernetes-volumes-part-1-jhm) + - Part 2 - [The definitive guide to Kubernetes Volumes (Part 2)](https://dev.to/azure/the-definitive-guide-to-kubernetes-volumes-part-2-31c0) + +- Kubernetes `Service`s - [How to access your Kubernetes applications using Services](https://dev.to/azure/how-to-access-your-kubernetes-applications-using-services-5626) + +- Kubernetes `Secret`s - [Tutorial: How to use Kubernetes Secrets for storing sensitive config data](https://dev.to/itnext/tutorial-how-to-use-kubernetes-secrets-for-storing-sensitive-config-data-3dl5) + +- Kubernetes `Job` and `CronJob` - [Tutorial: Basics of Kubernetes Job and CronJob](https://dev.to/itnext/tutorial-basics-of-kubernetes-job-and-cronjob-5c9p) \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-configmap.yaml b/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-configmap.yaml new file mode 100644 index 0000000..fb7798a --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-configmap.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: simpleconfig +data: + foo: bar + hello: world +--- +apiVersion: v1 +kind: Pod +metadata: + name: pod2 +spec: + containers: + - name: nginx + image: nginx + env: + - name: FOO_ENV_VAR + valueFrom: + configMapKeyRef: + name: simpleconfig + key: foo + - name: HELLO_ENV_VAR + valueFrom: + configMapKeyRef: + name: simpleconfig + key: hello \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-in-pod.yaml b/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-in-pod.yaml new file mode 100644 index 0000000..0cf2cf3 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-in-pod.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod1 +spec: + containers: + - name: nginx + image: nginx + env: + - name: ENVVAR1 + value: value1 + - name: ENVVAR2 + value: value2 \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-json.yaml b/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-json.yaml new file mode 100644 index 0000000..a03718c --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-json.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config3 +data: + appconfig.json: | + { + "array": [ + 1, + 2, + 3 + ], + "boolean": true, + "number": 123, + "object": { + "a": "b", + "c": "d", + "e": "f" + }, + "string": "Hello World" + } +--- +apiVersion: v1 +kind: Pod +metadata: + name: pod4 +spec: + containers: + - name: nginx + image: nginx + env: + - name: APP_CONFIG_JSON + valueFrom: + configMapKeyRef: + name: config3 + key: appconfig.json \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-with-envFrom.yaml b/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-with-envFrom.yaml new file mode 100644 index 0000000..d155aa7 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/configuration/kin-config-envvar-with-envFrom.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config2 +data: + FOO_ENV: bar + HELLO_ENV: world +--- +apiVersion: v1 +kind: Pod +metadata: + name: pod3 +spec: + containers: + - name: nginx + image: nginx + envFrom: + - configMapRef: + name: config2 \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/jobs/cronjob1.yaml b/1111-kubernetes-in-a-nutshell/jobs/cronjob1.yaml new file mode 100644 index 0000000..c7c9f77 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/jobs/cronjob1.yaml @@ -0,0 +1,18 @@ +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: cronjob1 +spec: + schedule: "*/1 * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: cronjob + image: busybox + args: + - /bin/sh + - -c + - date; echo sleeping....; sleep 5s; echo exiting...; + restartPolicy: Never diff --git a/1111-kubernetes-in-a-nutshell/jobs/cronjob2.yaml b/1111-kubernetes-in-a-nutshell/jobs/cronjob2.yaml new file mode 100644 index 0000000..1acbef9 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/jobs/cronjob2.yaml @@ -0,0 +1,19 @@ +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: cronjob2 +spec: + schedule: "*/1 * * * *" + concurrencyPolicy: Allow + jobTemplate: + spec: + template: + spec: + containers: + - name: cronjob + image: busybox + args: + - /bin/sh + - -c + - date; echo sleeping....; sleep 90s; echo exiting...; + restartPolicy: Never diff --git a/1111-kubernetes-in-a-nutshell/jobs/job1.yaml b/1111-kubernetes-in-a-nutshell/jobs/job1.yaml new file mode 100644 index 0000000..763aa81 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/jobs/job1.yaml @@ -0,0 +1,15 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: job1 +spec: + template: + spec: + containers: + - name: job + image: busybox + args: + - /bin/sh + - -c + - date; echo sleeping....; sleep 90s; echo exiting...; date + restartPolicy: Never diff --git a/1111-kubernetes-in-a-nutshell/jobs/job2.yaml b/1111-kubernetes-in-a-nutshell/jobs/job2.yaml new file mode 100644 index 0000000..bd86d58 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/jobs/job2.yaml @@ -0,0 +1,16 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: job2 +spec: + activeDeadlineSeconds: 5 + template: + spec: + containers: + - name: job + image: busybox + args: + - /bin/sh + - -c + - date; echo sleeping....; sleep 10s; echo exiting...; date + restartPolicy: Never diff --git a/1111-kubernetes-in-a-nutshell/jobs/job3.yaml b/1111-kubernetes-in-a-nutshell/jobs/job3.yaml new file mode 100644 index 0000000..657d839 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/jobs/job3.yaml @@ -0,0 +1,16 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: job3 +spec: + backoffLimit: 2 + template: + spec: + containers: + - name: job + image: busybox + args: + - /bin/sh + - -c + - date; echo sleeping....; sleep 5s; exit 1; + restartPolicy: OnFailure diff --git a/1111-kubernetes-in-a-nutshell/jobs/job4.yaml b/1111-kubernetes-in-a-nutshell/jobs/job4.yaml new file mode 100644 index 0000000..5e8c10c --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/jobs/job4.yaml @@ -0,0 +1,16 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: job4 +spec: + completions: 2 + template: + spec: + containers: + - name: job + image: busybox + args: + - /bin/sh + - -c + - date; echo sleeping....; sleep 10s; echo exiting...; date + restartPolicy: Never diff --git a/1111-kubernetes-in-a-nutshell/jobs/job5.yaml b/1111-kubernetes-in-a-nutshell/jobs/job5.yaml new file mode 100644 index 0000000..f472017 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/jobs/job5.yaml @@ -0,0 +1,17 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: job5 +spec: + completions: 3 + parallelism: 3 + template: + spec: + containers: + - name: job + image: busybox + args: + - /bin/sh + - -c + - date; echo sleeping....; sleep 10s; echo exiting...; date + restartPolicy: Never diff --git a/1111-kubernetes-in-a-nutshell/k8s.png b/1111-kubernetes-in-a-nutshell/k8s.png new file mode 100644 index 0000000..7e072ba Binary files /dev/null and b/1111-kubernetes-in-a-nutshell/k8s.png differ diff --git a/1111-kubernetes-in-a-nutshell/read.txt b/1111-kubernetes-in-a-nutshell/read.txt new file mode 100644 index 0000000..04f49c5 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/read.txt @@ -0,0 +1 @@ +https://github.com/abhirockzz/kubernetes-in-a-nutshell \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/secrets/pod-secret-docker.yaml b/1111-kubernetes-in-a-nutshell/secrets/pod-secret-docker.yaml new file mode 100644 index 0000000..71318e5 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/secrets/pod-secret-docker.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod4 +spec: + containers: + - name: privateapp + image: abhirockzz/test-private-repo:latest + command: ["/bin/sh"] + args: ["-c", "while true; do date; sleep 5;done"] + imagePullSecrets: + - name: docker-repo-secret diff --git a/1111-kubernetes-in-a-nutshell/secrets/pod-secret-env.yaml b/1111-kubernetes-in-a-nutshell/secrets/pod-secret-env.yaml new file mode 100644 index 0000000..3846124 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/secrets/pod-secret-env.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod1 +spec: + containers: + - name: nginx + image: nginx + env: + - name: API_KEY + valueFrom: + secretKeyRef: + name: service-apikey + key: apikey diff --git a/1111-kubernetes-in-a-nutshell/secrets/pod-secret-envFrom.yaml b/1111-kubernetes-in-a-nutshell/secrets/pod-secret-envFrom.yaml new file mode 100644 index 0000000..bf49e85 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/secrets/pod-secret-envFrom.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod2 +spec: + containers: + - name: nginx + image: nginx + envFrom: + - secretRef: + name: plaintext-secret diff --git a/1111-kubernetes-in-a-nutshell/secrets/pod-secret-volume.yaml b/1111-kubernetes-in-a-nutshell/secrets/pod-secret-volume.yaml new file mode 100644 index 0000000..c6322c8 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/secrets/pod-secret-volume.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: pod3 +spec: + containers: + - name: nginx + image: nginx + volumeMounts: + - name: apikey-config-volume + mountPath: /secret + readOnly: true + volumes: + - name: apikey-config-volume + secret: + secretName: service-apikey diff --git a/1111-kubernetes-in-a-nutshell/secrets/secret-data.yaml b/1111-kubernetes-in-a-nutshell/secrets/secret-data.yaml new file mode 100644 index 0000000..b98da28 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/secrets/secret-data.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Secret +metadata: + name: service-apikey +data: + apikey: Zm9vYmFy diff --git a/1111-kubernetes-in-a-nutshell/secrets/secret-file.yaml b/1111-kubernetes-in-a-nutshell/secrets/secret-file.yaml new file mode 100644 index 0000000..23a1d91 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/secrets/secret-file.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret-in-a-file +stringData: + app-config.yaml: |- + hello: world + john: doe diff --git a/1111-kubernetes-in-a-nutshell/secrets/secret-plaintext.yaml b/1111-kubernetes-in-a-nutshell/secrets/secret-plaintext.yaml new file mode 100644 index 0000000..73f0ce1 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/secrets/secret-plaintext.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: plaintext-secret +stringData: + foo: bar + mac: cheese diff --git a/1111-kubernetes-in-a-nutshell/services/app/Dockerfile b/1111-kubernetes-in-a-nutshell/services/app/Dockerfile new file mode 100644 index 0000000..a3eab63 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/services/app/Dockerfile @@ -0,0 +1,9 @@ +FROM golang as build-stage +WORKDIR /go/ +COPY main.go /go/src +RUN cd /go/src && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app + +FROM alpine +COPY --from=build-stage /go/src/app / +EXPOSE 8080 +CMD ["/app"] \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/services/app/app.yaml b/1111-kubernetes-in-a-nutshell/services/app/app.yaml new file mode 100644 index 0000000..d56e46b --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/services/app/app.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kin-service-app +spec: + selector: + matchLabels: + app: kin-service-app + replicas: 2 + template: + metadata: + labels: + app: kin-service-app + spec: + containers: + - name: kin-service-app + image: abhirockzz/kintestapp + ports: + - containerPort: 8080 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP diff --git a/1111-kubernetes-in-a-nutshell/services/app/main.go b/1111-kubernetes-in-a-nutshell/services/app/main.go new file mode 100644 index 0000000..38e253f --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/services/app/main.go @@ -0,0 +1,39 @@ +package main + +import "net/http" + +import "fmt" + +import "os" + +import "log" + +var podIP string +var nodeName string + +const podOPEnvVar = "POD_IP" +const nodeNameEnvVar = "NODE_NAME" + +func init() { + podIP = os.Getenv(podOPEnvVar) + if podIP == "" { + log.Fatalf("Missing %s env variable", podOPEnvVar) + } + + nodeName = os.Getenv(nodeNameEnvVar) + if nodeName == "" { + log.Fatalf("Missing %s env variable", nodeNameEnvVar) + } + + log.Printf("Pod IP %s on Node %s\n", podIP, nodeName) + +} + +func main() { + http.HandleFunc("/", func(rw http.ResponseWriter, req *http.Request) { + fmt.Fprintf(rw, "Hello from Pod IP %s on Node %s", podIP, nodeName) + }) + + log.Println("started app...") + http.ListenAndServe(":8080", nil) +} diff --git a/1111-kubernetes-in-a-nutshell/services/clusterip/service.yaml b/1111-kubernetes-in-a-nutshell/services/clusterip/service.yaml new file mode 100644 index 0000000..3f811ef --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/services/clusterip/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: kin-cip-service +spec: + type: ClusterIP + ports: + - port: 9090 + targetPort: 8080 + selector: + app: kin-service-app diff --git a/1111-kubernetes-in-a-nutshell/services/external/external-name/service.yaml b/1111-kubernetes-in-a-nutshell/services/external/external-name/service.yaml new file mode 100644 index 0000000..de06b14 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/services/external/external-name/service.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Service +metadata: + name: demo-nats-public-service2 +spec: + type: ExternalName + externalName: demo.nats.io diff --git a/1111-kubernetes-in-a-nutshell/services/external/static/endpoints.yaml b/1111-kubernetes-in-a-nutshell/services/external/static/endpoints.yaml new file mode 100644 index 0000000..5daa042 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/services/external/static/endpoints.yaml @@ -0,0 +1,9 @@ +kind: Endpoints +apiVersion: v1 +metadata: + name: demo-nats-public-service +subsets: + - addresses: + - ip: 107.170.221.32 + ports: + - port: 8222 diff --git a/1111-kubernetes-in-a-nutshell/services/external/static/service.yaml b/1111-kubernetes-in-a-nutshell/services/external/static/service.yaml new file mode 100644 index 0000000..b2b56f6 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/services/external/static/service.yaml @@ -0,0 +1,9 @@ +kind: Service +apiVersion: v1 +metadata: + name: demo-nats-public-service +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: 8222 diff --git a/1111-kubernetes-in-a-nutshell/services/headless/service.yaml b/1111-kubernetes-in-a-nutshell/services/headless/service.yaml new file mode 100644 index 0000000..6b201cf --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/services/headless/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: kin-hl-service +spec: + clusterIP: None + ports: + - port: 9090 + targetPort: 8080 + selector: + app: kin-service-app diff --git a/1111-kubernetes-in-a-nutshell/services/loadbalancer/service.yaml b/1111-kubernetes-in-a-nutshell/services/loadbalancer/service.yaml new file mode 100644 index 0000000..2a0b64a --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/services/loadbalancer/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: kin-lb-service +spec: + type: LoadBalancer + ports: + - port: 80 + targetPort: 8080 + selector: + app: kin-service-app diff --git a/1111-kubernetes-in-a-nutshell/stateless-apps/README.md b/1111-kubernetes-in-a-nutshell/stateless-apps/README.md new file mode 100644 index 0000000..e69de29 diff --git a/1111-kubernetes-in-a-nutshell/stateless-apps/kin-stateless-deployment.yaml b/1111-kubernetes-in-a-nutshell/stateless-apps/kin-stateless-deployment.yaml new file mode 100644 index 0000000..0024c29 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/stateless-apps/kin-stateless-deployment.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kin-stateless-depl +spec: + replicas: 2 + selector: + matchLabels: + app: kin-stateless-depl + template: + metadata: + labels: + app: kin-stateless-depl + spec: + containers: + - name: nginx + image: nginx \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/stateless-apps/kin-stateless-pod.yaml b/1111-kubernetes-in-a-nutshell/stateless-apps/kin-stateless-pod.yaml new file mode 100644 index 0000000..b0bcea8 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/stateless-apps/kin-stateless-pod.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Pod +metadata: + name: kin-stateless-1 +spec: + containers: + - name: nginx + image: nginx \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/stateless-apps/kin-stateless-replicaset.yaml b/1111-kubernetes-in-a-nutshell/stateless-apps/kin-stateless-replicaset.yaml new file mode 100644 index 0000000..f1ef6f8 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/stateless-apps/kin-stateless-replicaset.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: ReplicaSet +metadata: + name: kin-stateless-rs +spec: + replicas: 2 + selector: + matchLabels: + app: kin-stateless-rs + template: + metadata: + labels: + app: kin-stateless-rs + spec: + containers: + - name: nginx + image: nginx \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/volumes-1/Dockerfile b/1111-kubernetes-in-a-nutshell/volumes-1/Dockerfile new file mode 100644 index 0000000..a6d9df7 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/volumes-1/Dockerfile @@ -0,0 +1,9 @@ +FROM golang as build-stage +WORKDIR /go/ +COPY main.go /go/src +RUN cd /go/src && CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o kvstore + +FROM alpine +COPY --from=build-stage /go/src/kvstore / +EXPOSE 8080 +CMD ["/kvstore"] \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/volumes-1/kvstore.yaml b/1111-kubernetes-in-a-nutshell/volumes-1/kvstore.yaml new file mode 100644 index 0000000..0f430d8 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/volumes-1/kvstore.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kvstore +spec: + selector: + matchLabels: + app: kvstore + replicas: 1 + template: + metadata: + labels: + app: kvstore + spec: + containers: + - name: kvstore + image: abhirockzz/kvstore:latest + volumeMounts: + - mountPath: /data + name: data-volume + ports: + - containerPort: 8080 + volumes: + - name: data-volume + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: kvstore-service +spec: + type: NodePort + ports: + - name: http + port: 8080 + protocol: TCP + selector: + app: kvstore \ No newline at end of file diff --git a/1111-kubernetes-in-a-nutshell/volumes-1/main.go b/1111-kubernetes-in-a-nutshell/volumes-1/main.go new file mode 100644 index 0000000..2a61f8b --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/volumes-1/main.go @@ -0,0 +1,63 @@ +package main + +import ( + "fmt" + "io/ioutil" + "net/http" + "os" + "strings" +) + +func main() { + http.HandleFunc("/save", save) + http.HandleFunc("/read/", read) + http.ListenAndServe(":8080", nil) +} + +const filenamePrefix string = "/data/" + +func save(rw http.ResponseWriter, req *http.Request) { + data, _ := ioutil.ReadAll(req.Body) //data -> foo=bar + fmt.Println("KV data", string(data)) + keyVal := strings.Split(string(data), "=") + key := keyVal[0] //foo + value := keyVal[1] //bar + + filename := filenamePrefix + key //e.g. /data/foo + file, err := os.OpenFile(filename, os.O_APPEND|os.O_WRONLY, 0600) + fmt.Println("Failed to open file " + filename + " due to " + err.Error()) + if err != nil { + newFile, createErr := os.Create(filename) + if createErr != nil { + errMsg := "Failed to create file " + filename + " due to - " + createErr.Error() + fmt.Println(errMsg) + rw.Write([]byte(errMsg)) + return + } + file = newFile + fmt.Println("Created new file", filename) + } + + defer file.Close() + + if _, err = file.WriteString(value); err != nil { + errMsg := "Failed to save data " + string(data) + " due to error - " + err.Error() + fmt.Println(errMsg) + rw.Write([]byte(errMsg)) + return + } + success := "Saved value " + value + " to " + filename + fmt.Println(success) + rw.Write([]byte(success)) +} +func read(rw http.ResponseWriter, req *http.Request) { + key := strings.TrimPrefix(req.URL.Path, "/read/") //http://kvstore:8080/read/foo (foo is the key) + filename := filenamePrefix + key + value, _ := ioutil.ReadFile(filename) + if string(value) == "" { + rw.Write([]byte("Key '" + key + "' does not exist in the store")) + return + } + fmt.Println("Value for key " + key + " is " + string(value)) + rw.Write(value) +} diff --git a/1111-kubernetes-in-a-nutshell/volumes-2/app.yaml b/1111-kubernetes-in-a-nutshell/volumes-2/app.yaml new file mode 100644 index 0000000..787c408 --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/volumes-2/app.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: logz-deployment + labels: + app: logz +spec: + replicas: 1 + selector: + matchLabels: + app: logz + template: + metadata: + labels: + app: logz + spec: + containers: + - name: logz + image: abhirockzz/logz + volumeMounts: + - name: azure-disk-vol + mountPath: /mnt/logs + volumes: + - name: azure-disk-vol + persistentVolumeClaim: + claimName: azure-disk-pvc diff --git a/1111-kubernetes-in-a-nutshell/volumes-2/azure-disk-pvc.yaml b/1111-kubernetes-in-a-nutshell/volumes-2/azure-disk-pvc.yaml new file mode 100644 index 0000000..800b1fa --- /dev/null +++ b/1111-kubernetes-in-a-nutshell/volumes-2/azure-disk-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: azure-disk-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi diff --git a/11111111111111lookme.txt b/11111111111111lookme.txt new file mode 100644 index 0000000..f4ea19b --- /dev/null +++ b/11111111111111lookme.txt @@ -0,0 +1,39 @@ +Focus on config map,secrets,RBAC,ingress,DNS,Load balancer,certs + +For volumes look +aws autoprovisioner + +https://github.com/gaya3chandran1/kubernetes-course/blob/master/wordpress-volumes/storage.yml + ++++++++++++ +PV Claim +https://github.com/gaya3chandran1/kubernetes-course/blob/master/wordpress-volumes/pv-claim.yml +================== +config map +https://github.com/gaya3chandran1/kubernetes-course/blob/master/configmap/nginx.yml + +kubectl create configmap nginx-config --from-file=congigmap/reverseproxy.conf + +https://github.com/gaya3chandran1/kubernetes-course/tree/master/configmap/g3-cm +=================== + +Secrets +https://github.com/gaya3chandran1/kubernetes-course/blob/master/configmap/g3-cm-secrets/secrets/secret-pod.yaml + +Config maps ideally stores application configuration in a plain text format whereas Secrets store sensitive data like password in an encrypted format. + +Both config maps and secrets can be used as volume and mounted inside a pod through a pod definition file. + +Config map: + + kubectl create configmap myconfigmap --from-literal=env=dev + +Secret: + +echo -n ‘admin’ > ./username.txt +echo -n ‘abcd1234’ ./password.txt +kubectl create secret generic mysecret --from-file=./username.txt --from-file=./password.txt +===================== + +DNS +https://github.com/gaya3chandran1/kubernetes-course/tree/master/1g3-ingress-cm-secrets-dns/g3-dns \ No newline at end of file