sombochea/kubernetes-installation
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: sombochea:e0f46beaaba30a122095ab1f96496449b49fdbfb
Branches Tags
sombochea:main
...
compare: sombochea:main
Branches Tags
sombochea:main

16 Commits
e0f46beaab ... main

Author SHA1 Message Date
Sambo Chea
5eaefccdb7 Updated drone ci 2022-04-01 11:25:29 +07:00
Sambo Chea
a68788913b Merge branch 'main' of https://github.com/sombochea/kubernetes-installation into main 2022-04-01 10:44:47 +07:00
Sambo Chea
b9523c0d4d Updated drone ci 2022-04-01 10:44:38 +07:00
Sambo Chea
e72c6168ef Create portainer.md 2022-03-09 09:24:48 +07:00
Sambo Chea
990300c269 Create local-path.md 2022-03-09 09:07:55 +07:00
Sambo Chea
0cbaf1c165 Updated nginx 2022-03-02 15:37:52 +07:00
Sambo Chea
e103078eab Add mysql cluster operator and rbac in sample 2022-01-14 10:33:35 +07:00
Sambo Chea
e7e44fdee3 Update README.md 2022-01-14 10:07:11 +07:00
Sambo Chea
d564c2350f Updated traefik script 2021-12-29 14:35:13 +07:00
Sambo Chea
fa0ef34f30 Add cert manager 2021-12-29 10:33:22 +07:00
Sambo Chea
0b20e0db1b Add traefik 2021-12-28 16:12:12 +07:00
Sambo Chea
b0f9564c21 Merge branch 'main' of https://github.com/sombochea/kubernetes-installation into main 2021-12-22 18:13:06 +07:00
Sambo Chea
4950895bce Add bgp routing with metallb 2021-12-22 18:12:46 +07:00
Sambo Chea
fa2b71d357 Update README.md 2021-12-21 11:43:03 +07:00
Sambo Chea
0d86b57569 Rename KOMPOS.md to KOMPOSE.md 2021-12-09 19:55:05 +07:00
Sambo Chea
b1c879defd Create KOMPOS.md 2021-12-09 19:54:48 +07:00
17 changed files with 316 additions and 36 deletions
Expand all files Collapse all files

7
KOMPOSE.md Normal file
View File

@@ -0,0 +1,7 @@
# Enables Docker Compose on Kubernetes
```shell
curl -L https://github.com/kubernetes/kompose/releases/download/v1.15.0/kompose-linux-amd64 -o kompose
chmod +x kompose
sudo mv ./kompose /usr/local/bin/kompose
```

5
NGINX_ING.md Normal file
View File

@@ -0,0 +1,5 @@
# Nginx Ingress Controller
```shell
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/baremetal/deploy.yaml
```

6
README.md
View File

@@ -187,6 +187,10 @@ sudo kubeadm join ip-api-server:6443 --token $TOKEN --discovery-token-ca-cert-ha
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
```
For Kube 1.17+
```shell
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
```
#### Cluster Network with Calico
```shell
@@ -195,7 +199,7 @@ kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
#### Kubernetes Dashboard
```shell
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
```
- Proxy for kubernetes dashboard
```shell

25
drone-runner/deployment.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: drone
labels:
app.kubernetes.io/name: drone
spec:
replicas: 1
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: drone
@@ -15,14 +16,14 @@ spec:
app.kubernetes.io/name: drone
spec:
containers:
- name: runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_HOST
value: dci.osa.cubetiqs.com
- name: DRONE_RPC_PROTO
value: https
- name: DRONE_RPC_SECRET
value: super-duper-secret
- name: runner
image: drone/drone-runner-kube:latest
ports:
- containerPort: 3000
env:
- name: DRONE_RPC_HOST
value: dci.cubetiqs.com
- name: DRONE_RPC_PROTO
value: https
- name: DRONE_RPC_SECRET
value: 1a6c2d8b6fac4bf9351e5149c39e7fc4

46
drone-runner/role.yaml
View File

@@ -4,25 +4,25 @@ metadata:
namespace: default
name: drone
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- create
- delete
- list
- watch
- update
---
kind: RoleBinding
@@ -31,10 +31,10 @@ metadata:
name: drone
namespace: default
subjects:
- kind: ServiceAccount
name: default
namespace: default
- kind: ServiceAccount
name: default
namespace: default
roleRef:
kind: Role
name: drone
apiGroup: rbac.authorization.k8s.io
apiGroup: rbac.authorization.k8s.io

11
k8s/cert-test.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: mp-dev.lb-app.cubetiqdns.net
spec:
secretName: mp-dev.lb-app.cubetiqdns.net
dnsNames:
- mp-dev.lb-app.cubetiqdns.net
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer

17
k8s/cm-clusterissuer.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
# Remember to update this if you use this manifest to obtain real certificates :)
email: sombochea100@gmail.com
#server: https://acme-staging-v02.api.letsencrypt.org/directory
# To use the production environment, use the following line instead:
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: issuer-letsencrypt-production
solvers:
- http01:
ingress:
class: traefik

16
metallb/bgpconfig.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
peers:
- peer-address: 192.168.0.225
peer-asn: 65432
my-asn: 65433
address-pools:
- name: default
protocol: bgp
addresses:
- 10.25.0.10-10.25.3.250

42
metallb/nginx-test.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-nginx
namespace: default
spec:
selector:
matchLabels:
run: test-nginx
replicas: 3
template:
metadata:
labels:
run: test-nginx
spec:
containers:
- name: test-nginx
image: nginx
ports:
- containerPort: 80
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
---
apiVersion: v1
kind: Service
metadata:
name: test-nginx
namespace: default
labels:
run: test-nginx
spec:
type: LoadBalancer
ports:
- port: 80
protocol: TCP
selector:
run: test-nginx

15
mysql/mysql-cluster.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Namespace
metadata:
name: mysql
---
apiVersion: mysql.oracle.com/v2alpha1
kind: InnoDBCluster
metadata:
name: mysql-cluster
namespace: mysql
spec:
secretName: mysql-secret
instances: 3
router:
instances: 1

6
portainer.md Normal file
View File

@@ -0,0 +1,6 @@
# Install Portainer
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set service.type=LoadBalancer \
--set tls.force=true
```

1
rbac/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
developer-user.yaml

74
rbac/README.md Normal file
View File

@@ -0,0 +1,74 @@
# Create RBAC for specific namespace
- Apply RBAC for specific namespace
```shell
k apply -f access.yaml
```
- Get Details of RBAC
```shell
k describe sa developer -n developer-dev
```
- Get Token from RBAC
```shell
k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data.token}" | base64 -d
```
- Get Certificate from RBAC
```shell
k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data['ca\.crt']}"
```
- Create kube config file
```yaml
apiVersion: v1
kind: Config
preferences: {}
cluster:
certificate-authority-data: PLACE CERTIFICATE HERE
server: https://YOUR_KUBERNETES_API_ENDPOINT
name: developer-cluster
users:
- name: developer
user:
as-user-extra: {}
client-key-data: PLACE CERTIFICATE HERE
token: PLACE USER TOKEN HERE
contexts:
- context:
cluster: kubernetes
namespace: developer-dev
user: developer
name: developer-dev
current-context: developer-dev
clusters:
- cluster:
certificate-authority-data: PLACE CERTIFICATE HERE
server: https://YOUR_KUBERNETES_API_ENDPOINT
name: developer-cluster
users:
- name: developer
user:
as-user-extra: {}
client-key-data: PLACE CERTIFICATE HERE
token: PLACE USER TOKEN HERE
contexts:
- context:
cluster: kubernetes
namespace: developer-dev
user: developer
name: developer-dev
current-context: developer-dev
```

43
rbac/access.yaml Normal file
View File

@@ -0,0 +1,43 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
app: developer-dev
name: developer-dev
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: developer
namespace: developer-dev
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: developer-full-access
namespace: developer-dev
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["batch"]
resources:
- jobs
- cronjobs
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: developer-view
namespace: developer-dev
subjects:
- kind: ServiceAccount
name: developer
namespace: developer-dev
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: developer-full-access

4
sc-provider/local-path.md Normal file
View File

@@ -0,0 +1,4 @@
# Install Local Path
```shell
kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
```

20
traefik/README.md Normal file
View File

@@ -0,0 +1,20 @@
# Traefik Installation
```shell
kubectl create ns traefik-v2
helm install --namespace=traefik-v2 \
--set="additionalArguments={--log.level=DEBUG}" \
traefik traefik/traefik
```
OR
```shell
helm upgrade --install traefik traefik/traefik --create-namespace -n traefik \
--set "ports.websecure.tls.enabled=true" \
--set "providers.kubernetesIngress.publishedService.enabled=true"
```
```shell
kubectl port-forward $(kubectl get pods --namespace traefik-v2 --selector "app.kubernetes.io/name=traefik" --output=name) --namespace traefik-v2 9000:9000
```

14
traefik/dashboard.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
namespace: traefik-v2
name: dashboard
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.ct.host`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
kind: Rule
services:
- name: api@internal
kind: TraefikService