Updated drone ci

Merge branch 'main' of https://github.com/sombochea/kubernetes-installation into main
Updated drone ci
2022-04-01 11:25:29 +07:00 · 2022-04-01 10:44:47 +07:00 · 2022-04-01 10:44:38 +07:00 · 2022-03-09 09:24:48 +07:00 · 2022-03-09 09:07:55 +07:00 · 2022-03-02 15:37:52 +07:00
17 changed files with 316 additions and 36 deletions
--- a/KOMPOSE.md
+++ b/KOMPOSE.md
@@ -0,0 +1,7 @@
 # Enables Docker Compose on Kubernetes
 ```shell
 curl -L https://github.com/kubernetes/kompose/releases/download/v1.15.0/kompose-linux-amd64 -o kompose
 chmod +x kompose
 sudo mv ./kompose /usr/local/bin/kompose
 ```
--- a/NGINX_ING.md
+++ b/NGINX_ING.md
@@ -0,0 +1,5 @@
 # Nginx Ingress Controller
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/baremetal/deploy.yaml
 ```
--- a/README.md
+++ b/README.md
@@ -187,6 +187,10 @@ sudo kubeadm join ip-api-server:6443 --token $TOKEN --discovery-token-ca-cert-ha
 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
 ```
 For Kube 1.17+
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
 ```
 #### Cluster Network with Calico
 ```shell
@@ -195,7 +199,7 @@ kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
 #### Kubernetes Dashboard
 ```shell
-kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
 ```
 - Proxy for kubernetes dashboard
 ```shell
--- a/drone-runner/deployment.yaml
+++ b/drone-runner/deployment.yaml
@@ -1,11 +1,12 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  namespace: default
  name: drone
  labels:
    app.kubernetes.io/name: drone
 spec:
-  replicas: 1
+  replicas: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: drone
@@ -15,14 +16,14 @@ spec:
        app.kubernetes.io/name: drone
    spec:
      containers:
-      - name: runner
+        - name: runner
-        image: drone/drone-runner-kube:latest
+          image: drone/drone-runner-kube:latest
-        ports:
+          ports:
-        - containerPort: 3000
+            - containerPort: 3000
-        env:
+          env:
-        - name: DRONE_RPC_HOST
+            - name: DRONE_RPC_HOST
-          value: dci.osa.cubetiqs.com
+              value: dci.cubetiqs.com
-        - name: DRONE_RPC_PROTO
+            - name: DRONE_RPC_PROTO
-          value: https
+              value: https
-        - name: DRONE_RPC_SECRET
+            - name: DRONE_RPC_SECRET
-          value: super-duper-secret
+              value: 1a6c2d8b6fac4bf9351e5149c39e7fc4
--- a/drone-runner/role.yaml
+++ b/drone-runner/role.yaml
@@ -4,25 +4,25 @@ metadata:
  namespace: default
  name: drone
 rules:
- apiGroups:
+  - apiGroups:
-  - ""
+      - ""
-  resources:
+    resources:
-  - secrets
+      - secrets
-  verbs:
+    verbs:
-  - create
+      - create
-  - delete
+      - delete
- apiGroups:
+  - apiGroups:
-  - ""
+      - ""
-  resources:
+    resources:
-  - pods
+      - pods
-  - pods/log
+      - pods/log
-  verbs:
+    verbs:
-  - get
+      - get
-  - create
+      - create
-  - delete
+      - delete
-  - list
+      - list
-  - watch
+      - watch
-  - update
+      - update
 ---
 kind: RoleBinding
@@ -31,10 +31,10 @@ metadata:
  name: drone
  namespace: default
 subjects:
- kind: ServiceAccount
+  - kind: ServiceAccount
-  name: default
+    name: default
-  namespace: default
+    namespace: default
 roleRef:
  kind: Role
  name: drone
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io
--- a/k8s/cert-test.yaml
+++ b/k8s/cert-test.yaml
@@ -0,0 +1,11 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
 name: mp-dev.lb-app.cubetiqdns.net
 spec:
 secretName: mp-dev.lb-app.cubetiqdns.net
 dnsNames:
 - mp-dev.lb-app.cubetiqdns.net
 issuerRef:
   name: letsencrypt-staging
   kind: ClusterIssuer
--- a/k8s/cm-clusterissuer.yaml
+++ b/k8s/cm-clusterissuer.yaml
@@ -0,0 +1,17 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-production
 spec:
  acme:
    # Remember to update this if you use this manifest to obtain real certificates :)
    email: sombochea100@gmail.com
    #server: https://acme-staging-v02.api.letsencrypt.org/directory
    # To use the production environment, use the following line instead:
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: issuer-letsencrypt-production
    solvers:
    - http01:
        ingress:
          class: traefik
--- a/metallb/bgpconfig.yaml
+++ b/metallb/bgpconfig.yaml
@@ -0,0 +1,16 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  namespace: metallb-system
  name: config
 data:
  config: |
    peers:
    - peer-address: 192.168.0.225
      peer-asn: 65432
      my-asn: 65433
    address-pools:
    - name: default
      protocol: bgp
      addresses:
      - 10.25.0.10-10.25.3.250
--- a/metallb/nginx-test.yaml
+++ b/metallb/nginx-test.yaml
@@ -0,0 +1,42 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: test-nginx
  namespace: default
 spec:
  selector:
    matchLabels:
      run: test-nginx
  replicas: 3
  template:
    metadata:
      labels:
        run: test-nginx
    spec:
      containers:
        - name: test-nginx
          image: nginx
          ports:
            - containerPort: 80
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
            limits:
              cpu: 100m
              memory: 100Mi
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: test-nginx
  namespace: default
  labels:
    run: test-nginx
 spec:
  type: LoadBalancer
  ports:
    - port: 80
      protocol: TCP
  selector:
    run: test-nginx
--- a/mysql/mysql-cluster.yaml
+++ b/mysql/mysql-cluster.yaml
@@ -0,0 +1,15 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: mysql
 ---
 apiVersion: mysql.oracle.com/v2alpha1
 kind: InnoDBCluster
 metadata:
  name: mysql-cluster
  namespace: mysql
 spec:
  secretName: mysql-secret
  instances: 3
  router:
    instances: 1
--- a/portainer.md
+++ b/portainer.md
@@ -0,0 +1,6 @@
 # Install Portainer
 ```shell
 helm install --create-namespace -n portainer portainer portainer/portainer \
    --set service.type=LoadBalancer \
    --set tls.force=true
 ```
--- a/rbac/.gitignore
+++ b/rbac/.gitignore
@@ -0,0 +1 @@
 developer-user.yaml
--- a/rbac/README.md
+++ b/rbac/README.md
@@ -0,0 +1,74 @@
 # Create RBAC for specific namespace
 - Apply RBAC for specific namespace
 ```shell
 k apply -f access.yaml
 ```
 - Get Details of RBAC
 ```shell
 k describe sa developer -n developer-dev
 ```
 - Get Token from RBAC
 ```shell
 k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data.token}" | base64 -d
 ```
 - Get Certificate from RBAC
 ```shell
 k get secret developer-token-l4r67 -n developer-dev -o "jsonpath={.data['ca\.crt']}"
 ```
 - Create kube config file
 ```yaml
 apiVersion: v1
 kind: Config
 preferences: {}
 cluster:
      certificate-authority-data: PLACE CERTIFICATE HERE
      server: https://YOUR_KUBERNETES_API_ENDPOINT
    name: developer-cluster
 users:
  - name: developer
    user:
      as-user-extra: {}
      client-key-data: PLACE CERTIFICATE HERE
      token: PLACE USER TOKEN HERE
 contexts:
  - context:
      cluster: kubernetes
      namespace: developer-dev
      user: developer
    name: developer-dev
 current-context: developer-dev
 clusters:
  - cluster:
      certificate-authority-data: PLACE CERTIFICATE HERE
      server: https://YOUR_KUBERNETES_API_ENDPOINT
    name: developer-cluster
 users:
  - name: developer
    user:
      as-user-extra: {}
      client-key-data: PLACE CERTIFICATE HERE
      token: PLACE USER TOKEN HERE
 contexts:
  - context:
      cluster: kubernetes
      namespace: developer-dev
      user: developer
    name: developer-dev
 current-context: developer-dev
 ```
--- a/rbac/access.yaml
+++ b/rbac/access.yaml
@@ -0,0 +1,43 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  labels:
    app: developer-dev
  name: developer-dev
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: developer
  namespace: developer-dev
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: developer-full-access
  namespace: developer-dev
 rules:
  - apiGroups: ["", "extensions", "apps"]
    resources: ["*"]
    verbs: ["*"]
  - apiGroups: ["batch"]
    resources:
      - jobs
      - cronjobs
    verbs: ["*"]
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: developer-view
  namespace: developer-dev
 subjects:
  - kind: ServiceAccount
    name: developer
    namespace: developer-dev
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: developer-full-access
--- a/sc-provider/local-path.md
+++ b/sc-provider/local-path.md
@@ -0,0 +1,4 @@
 # Install Local Path
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
 ```
--- a/traefik/README.md
+++ b/traefik/README.md
@@ -0,0 +1,20 @@
 # Traefik Installation
 ```shell
 kubectl create ns traefik-v2
 helm install --namespace=traefik-v2 \
    --set="additionalArguments={--log.level=DEBUG}" \
    traefik traefik/traefik
 ```
 OR
 ```shell
 helm upgrade --install traefik traefik/traefik --create-namespace -n traefik \
 --set "ports.websecure.tls.enabled=true" \
 --set "providers.kubernetesIngress.publishedService.enabled=true"
 ```
 ```shell
 kubectl port-forward $(kubectl get pods --namespace traefik-v2 --selector "app.kubernetes.io/name=traefik" --output=name)  --namespace traefik-v2 9000:9000
 ```
--- a/traefik/dashboard.yaml
+++ b/traefik/dashboard.yaml
@@ -0,0 +1,14 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  namespace: traefik-v2
  name: dashboard
 spec:
  entryPoints:
    - web
  routes:
    - match: Host(`traefik.ct.host`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
Author	SHA1	Message	Date
Sambo Chea	5eaefccdb7	Updated drone ci	2022-04-01 11:25:29 +07:00
Sambo Chea	a68788913b	Merge branch 'main' of https://github.com/sombochea/kubernetes-installation into main	2022-04-01 10:44:47 +07:00
Sambo Chea	b9523c0d4d	Updated drone ci	2022-04-01 10:44:38 +07:00
Sambo Chea	e72c6168ef	Create portainer.md	2022-03-09 09:24:48 +07:00
Sambo Chea	990300c269	Create local-path.md	2022-03-09 09:07:55 +07:00
Sambo Chea	0cbaf1c165	Updated nginx	2022-03-02 15:37:52 +07:00
Sambo Chea	e103078eab	Add mysql cluster operator and rbac in sample	2022-01-14 10:33:35 +07:00
Sambo Chea	e7e44fdee3	Update README.md	2022-01-14 10:07:11 +07:00
Sambo Chea	d564c2350f	Updated traefik script	2021-12-29 14:35:13 +07:00
Sambo Chea	fa0ef34f30	Add cert manager	2021-12-29 10:33:22 +07:00
Sambo Chea	0b20e0db1b	Add traefik	2021-12-28 16:12:12 +07:00
Sambo Chea	b0f9564c21	Merge branch 'main' of https://github.com/sombochea/kubernetes-installation into main	2021-12-22 18:13:06 +07:00
Sambo Chea	4950895bce	Add bgp routing with metallb	2021-12-22 18:12:46 +07:00
Sambo Chea	fa2b71d357	Update README.md	2021-12-21 11:43:03 +07:00
Sambo Chea	0d86b57569	Rename KOMPOS.md to KOMPOSE.md	2021-12-09 19:55:05 +07:00
Sambo Chea	b1c879defd	Create KOMPOS.md	2021-12-09 19:54:48 +07:00