├── 5 ├── init-container-exam-svc.yaml ├── init-container-exam.yaml ├── init-container-exam2.yaml ├── liveness-exam.yaml ├── pod-liveness.yaml ├── pod-multi.yaml ├── pod-mysql.yaml ├── pod-nginx-env.yaml ├── pod-nginx-liveness.yaml ├── pod-nginx-resources.yaml ├── pod-nginx.yaml ├── redis.yaml └── stress.yaml ├── 6 ├── cronjob-exam.yaml ├── daemonset-exam.yaml ├── deploy-nginx.yaml ├── deployment-exam1.yaml ├── deployment-exam2.yaml ├── job-exam.yaml ├── pod-redis.yaml ├── rc-exam.yaml ├── rc-lab1.yaml ├── rc-nginx.yaml ├── redis.yaml ├── rs-exam1.yaml ├── rs-nginx.yaml └── statefulset-exam.yaml ├── 7 ├── clusterip-nginx.yaml ├── deploy-nginx.yaml ├── external-name.yaml ├── headless-nginx.yaml ├── loadbalancer-nginx.yaml ├── nodeport-nginx.yaml └── service-nginx.yaml ├── 8 ├── deploy.yaml └── webserver-demo │ ├── ingress │ ├── ingress.yaml │ ├── marvel-home.yaml │ └── pay.yaml │ ├── marvel-collection │ ├── Dockerfile │ └── html │ │ ├── images │ │ ├── category.png │ │ └── marvel_logo.png │ │ └── index.html │ └── paymentjs │ ├── Dockerfile │ └── app.js ├── 9 ├── annotation.yaml ├── deployment.yaml ├── mainui-canary.yaml ├── mainui-service.yaml ├── mainui-stable.yaml ├── nodeselector.yaml ├── pod1.yaml └── pod2.yaml ├── 10 ├── build │ ├── Dockerfile │ └── genid.sh ├── config.dir │ └── nginx-config.conf ├── genid-volume.yaml ├── genid-whole.yaml ├── genid.yaml └── text.file ├── 11 ├── genid-env-secret.yaml ├── genid-volume-secret.yaml └── genid-web-config │ └── nginx-config.conf ├── 12 ├── deploy-nginx.yaml ├── nodeselector.yaml ├── pod-affinity.yaml ├── pod-antiaffinity.yaml ├── redis-ssd.yaml ├── tensorflow-gpu-ssd.yaml └── tensorflow-gpu.yaml ├── 13 ├── csr-myuser.yaml ├── myuser.crt ├── myuser.csr ├── myuser.key └── testpod.yaml ├── 14 ├── empty.yaml ├── hostpath.yaml ├── nfs.yaml ├── pv-hostpath.yaml ├── pv.yaml ├── pvc-pod-web.yaml ├── pvc.yaml ├── testpods.yaml └── volume-hostpath.yaml ├── 15 ├── deployment.yaml └── svc.yaml ├── 16 ├── custom-dns.yaml ├── deployment.yaml └── svc.yaml ├── 17 ├── 17-2_note ├── 17-3_note └── yamls │ ├── grafana.yaml │ ├── kube-state-metrics.yaml │ ├── node-exporter.yaml │ └── prometheus.yaml ├── 18 ├── deploy_web.yaml └── hpa_web.yaml ├── 21 ├── Helm_note └── mynginx │ ├── Chart.yaml │ ├── templates │ ├── deployment.yaml │ └── service.yaml │ └── values.yaml └── README.md /10/build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | RUN apt-get update ; apt-get -y install rig boxes 3 | ENV INTERVAL 5 4 | ENV OPTION stone 5 | ADD genid.sh /bin/genid.sh 6 | RUN chmod +x /bin/genid.sh 7 | ENTRYPOINT ["/bin/genid.sh"] 8 | -------------------------------------------------------------------------------- /10/build/genid.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | mkdir -p /webdata 3 | while true 4 | do 5 | /usr/bin/rig | /usr/bin/boxes -d $OPTION > /webdata/index.html 6 | sleep $INTERVAL 7 | done 8 | -------------------------------------------------------------------------------- /10/config.dir/nginx-config.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name www.example.com; 4 | 5 | gzip on; 6 | gzip_types text/plain application/xml; 7 | 8 | location / { 9 | root /usr/share/nginx/html; 10 | index index.html index.htm; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /10/genid-volume.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: genid-volume 5 | spec: 6 | containers: 7 | - image: smlinux/genid:env 8 | env: 9 | - name: INTERVAL 10 | valueFrom: 11 | configMapKeyRef: 12 | name: ttabae-config 13 | key: INTERVAL 14 | name: fakeid-generator 15 | volumeMounts: 16 | - name: html 17 | mountPath: /webdata 18 | - image: nginx:1.14 19 | name: web-server 20 | ports: 21 | - containerPort: 80 22 | volumeMounts: 23 | - name: html 24 | mountPath: /usr/share/nginx/html 25 | readOnly: true 26 | - name: config 27 | mountPath: /etc/nginx/conf.d 28 | readOnly: true 29 | volumes: 30 | - name: html 31 | emptyDir: {} 32 | - name: config 33 | configMap: 34 | name: ttabae-config 35 | items: 36 | - key: nginx-config.conf 37 | path: nginx-config.conf 38 | -------------------------------------------------------------------------------- /10/genid-whole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: genid-boy 5 | spec: 6 | containers: 7 | - image: smlinux/genid:env 8 | envFrom: 9 | - configMapRef: 10 | name: ttabae-config 11 | name: fakeid 12 | volumeMounts: 13 | - name: html 14 | mountPath: /webdata 15 | - image: nginx:1.14 16 | name: web-server 17 | volumeMounts: 18 | - name: html 19 | mountPath: /usr/share/nginx/html 20 | readOnly: true 21 | ports: 22 | - containerPort: 80 23 | volumes: 24 | - name: html 25 | emptyDir: {} 26 | -------------------------------------------------------------------------------- /10/genid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: genid-stone 5 | spec: 6 | containers: 7 | - image: smlinux/genid:env 8 | env: 9 | - name: INTERVAL 10 | valueFrom: 11 | configMapKeyRef: 12 | name: ttabae-config 13 | key: INTERVAL 14 | name: fakeid 15 | volumeMounts: 16 | - name: html 17 | mountPath: /webdata 18 | - image: nginx:1.14 19 | name: web-server 20 | volumeMounts: 21 | - name: html 22 | mountPath: /usr/share/nginx/html 23 | readOnly: true 24 | ports: 25 | - containerPort: 80 26 | volumes: 27 | - name: html 28 | emptyDir: {} 29 | -------------------------------------------------------------------------------- /10/text.file: -------------------------------------------------------------------------------- 1 | This is a file. 2 | -------------------------------------------------------------------------------- /11/genid-env-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: genid-env-secret 5 | spec: 6 | containers: 7 | - image: smlinux/genid:env 8 | env: 9 | - name: INTERVAL 10 | valueFrom: 11 | secretKeyRef: 12 | name: ttabae-secret 13 | key: INTERVAL 14 | name: fakeid-generator 15 | volumeMounts: 16 | - name: html 17 | mountPath: /webdata 18 | - image: nginx:1.14 19 | name: web-server 20 | volumeMounts: 21 | - name: html 22 | mountPath: /usr/share/nginx/html 23 | readOnly: true 24 | ports: 25 | - containerPort: 80 26 | volumes: 27 | - name: html 28 | emptyDir: {} 29 | -------------------------------------------------------------------------------- /11/genid-volume-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: genid-volume-secret 5 | spec: 6 | containers: 7 | - image: smlinux/genid:env 8 | env: 9 | - name: INTERVAL 10 | valueFrom: 11 | secretKeyRef: 12 | name: ttabae-secret 13 | key: INTERVAL 14 | name: fakeid-generator 15 | volumeMounts: 16 | - name: html 17 | mountPath: /webdata 18 | - image: nginx:1.14 19 | name: web-server 20 | volumeMounts: 21 | - name: html 22 | mountPath: /usr/share/nginx/html 23 | readOnly: true 24 | - name: config 25 | mountPath: /etc/nginx/conf.d 26 | readOnly: true 27 | ports: 28 | - containerPort: 80 29 | volumes: 30 | - name: html 31 | emptyDir: {} 32 | - name: config 33 | secret: 34 | secretName: ttabae-secret 35 | items: 36 | - key: nginx-config.conf 37 | path: nginx-config.conf 38 | -------------------------------------------------------------------------------- /11/genid-web-config/nginx-config.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name www.example.com; 4 | 5 | gzip on; 6 | gzip_types text/plain application/xml; 7 | 8 | location / { 9 | root /usr/share/nginx/html; 10 | index index.html index.htm; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /12/deploy-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: webui 5 | spec: 6 | replicas: 4 7 | selector: 8 | matchLabels: 9 | app: webui 10 | template: 11 | metadata: 12 | name: nginx-pod 13 | labels: 14 | app: webui 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.14 19 | tolerations: 20 | - key: "role" 21 | operator: "Equal" 22 | value: "web" 23 | effect: "NoSchedule" 24 | -------------------------------------------------------------------------------- /12/nodeselector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: node-select-pod 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx:1.14 9 | nodeSelector: 10 | gpu: true 11 | -------------------------------------------------------------------------------- /12/pod-affinity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: frontend 5 | spec: 6 | replicas: 5 7 | selector: 8 | matchLabels: 9 | app: frontend 10 | template: 11 | metadata: 12 | labels: 13 | app: frontend 14 | spec: 15 | affinity: 16 | podAffinity: 17 | requiredDuringSchedulingIgnoredDuringExecution: 18 | - labelSelector: 19 | matchLabels: 20 | app: backend 21 | topologyKey: kubernetes.io/hostname 22 | containers: 23 | - name: main 24 | image: busybox 25 | args: 26 | - sleep 27 | - "99999" 28 | -------------------------------------------------------------------------------- /12/pod-antiaffinity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: frontend 5 | spec: 6 | replicas: 5 7 | selector: 8 | matchLabels: 9 | app: frontend 10 | template: 11 | metadata: 12 | labels: 13 | app: frontend 14 | spec: 15 | affinity: 16 | podAntiAffinity: 17 | requiredDuringSchedulingIgnoredDuringExecution: 18 | - labelSelector: 19 | matchLabels: 20 | app: backend 21 | topologyKey: kubernetes.io/hostname 22 | containers: 23 | - name: main 24 | image: busybox 25 | args: 26 | - sleep 27 | - "99999" 28 | -------------------------------------------------------------------------------- /12/redis-ssd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: redis-ssd 5 | spec: 6 | containers: 7 | - name: redis 8 | image: redis 9 | affinity: 10 | nodeAffinity: 11 | requiredDuringSchedulingIgnoredDuringExecution: 12 | nodeSelectorTerms: 13 | - matchExpressions: 14 | - {key: disktype, operator: In, values: ["ssd"]} 15 | -------------------------------------------------------------------------------- /12/tensorflow-gpu-ssd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: tensorflow-gpu-ssd 5 | spec: 6 | containers: 7 | - name: tensorflow 8 | image: tensorflow/tensorflow:nightly-jupyter 9 | ports: 10 | - containerPort: 8888 11 | protocol: TCP 12 | affinity: 13 | nodeAffinity: 14 | requiredDuringSchedulingIgnoredDuringExecution: 15 | nodeSelectorTerms: 16 | - matchExpressions: 17 | - {key: disktype, operator: Exists} 18 | preferredDuringSchedulingIgnoredDuringExecution: 19 | - weight: 10 20 | preference: 21 | matchExpressions: 22 | - {key: gpu, operator: In, values: ["true"]} 23 | - {key: disktype, operator: In, values: ["ssd"]} 24 | 25 | 26 | -------------------------------------------------------------------------------- /12/tensorflow-gpu.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: tensorflow-gpu 5 | spec: 6 | containers: 7 | - name: tensorflow 8 | image: tensorflow/tensorflow:nightly-jupyter 9 | ports: 10 | - containerPort: 8888 11 | protocol: TCP 12 | nodeSelector: 13 | gpu: "true" 14 | -------------------------------------------------------------------------------- /13/csr-myuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: certificates.k8s.io/v1 2 | kind: CertificateSigningRequest 3 | metadata: 4 | name: myuser 5 | spec: 6 | request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZqQ0NBVDRDQVFBd0VURVBNQTBHQTFVRUF3d0diWGwxYzJWeU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRgpBQU9DQVE4QU1JSUJDZ0tDQVFFQXVHZzg5TzJTZTRaNEcwNDJzR0RncTJqdys1Vy9FOHdVb3QzbmNDcnlQc3JXClZ0T3hpZjJiZ2ZySTZoSC9XQTVjZ0Y3b3F6aGFlU0I0eHpVN2QzdjRDV2RDVXBDa1NBeURERVhhSnlhc3FzSm8KRUdNYktvNllDQ3h1Z0NIY3FEVmJNeFZ2dWc3WFNMU3VFVnNqNitLL3ovUUhsZFIwZURSY2dzWmZuRTBDWWFDTgo2aWxrTGNydzRidFFOZkIxdFp1ZHIyK3BzMWZRQ2NqTjJkK2RBYkFvbmpBRjE4ay9IczA5aDBWUUdUb1g3bGJJCnI2K01MejV4TXFGOXkvc0RrL3NnTlN6eVFPQW5qV3RPckRwRjBxK3VQblFiUG5HUGZaVzlzd2t1NExRWGxZYUgKY3lIeEU5YldDdGNoZjJXZW85aG81N2FJOWxkYmJLMnNDUnJwOHVjOGN3SURBUUFCb0FBd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjJFU3pPWU5jWjVoN21uOCtwQ1QxMXlpMTFHUlh6S3FWTUdPQzRxS29GZWd6cnFjOGtYCjN5YmRPSDBiSThJL3RvL0J3dWhvdXRlL0t5eHE0eXY5cGpkOG5iT0JGaU4zOTNUcXJCZWNUYzdXN1p5SUlzV2sKek5IVlN5ZkdhWlZXQmlIRzlGUmViK3lBTU1QYW5xRDlzUFpWUE5yc2Y1Skxhb3RuSGdDbHB4ZXErQnJrWm8rUQpsQ1plQ3VCd2ZnUXpZdEJLQjBxOWd1Q3Q0bk5xQ3Z4T2paaE5MYUE5VGZ3N0NYdVh5RG43cE9iU2drNnQybUM3CkliVElINVlacy80NXJWeWlVM0JSS2VTR0lyZXMvSHZnUjFHZ2QydjhTNlJlMDI1NUNzc3pCbjZqUFRjQkM3TjQKdkdlY25TaWdNelBKeUUrdjZBZ0o2WHJDUm50NzAwMzNqVHM9Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= 7 | signerName: kubernetes.io/kube-apiserver-client 8 | usages: 9 | - client auth 10 | -------------------------------------------------------------------------------- /13/myuser.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIC9zCCAd+gAwIBAgIRALiJA+zZYGahwS9+xLoQBOEwDQYJKoZIhvcNAQELBQAw 3 | FTETMBEGA1UEAxMKa3ViZXJuZXRlczAeFw0yMTA4MTAwMjIzNDNaFw0yMjA4MTAw 4 | MjIzNDNaMBExDzANBgNVBAMTBm15dXNlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP 5 | ADCCAQoCggEBALhoPPTtknuGeBtONrBg4Kto8PuVvxPMFKLd53Aq8j7K1lbTsYn9 6 | m4H6yOoR/1gOXIBe6Ks4WnkgeMc1O3d7+AlnQlKQpEgMgwxF2icmrKrCaBBjGyqO 7 | mAgsboAh3Kg1WzMVb7oO10i0rhFbI+viv8/0B5XUdHg0XILGX5xNAmGgjeopZC3K 8 | 8OG7UDXwdbWbna9vqbNX0AnIzdnfnQGwKJ4wBdfJPx7NPYdFUBk6F+5WyK+vjC8+ 9 | cTKhfcv7A5P7IDUs8kDgJ41rTqw6RdKvrj50Gz5xj32VvbMJLuC0F5WGh3Mh8RPW 10 | 1grXIX9lnqPYaOe2iPZXW2ytrAka6fLnPHMCAwEAAaNGMEQwEwYDVR0lBAwwCgYI 11 | KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRJC4HXPIKv2hr7EJL0 12 | smz5qOi0KDANBgkqhkiG9w0BAQsFAAOCAQEAcBJarHMLUE8P3kh6X4lqF9mEu8Qf 13 | mdmDkoIWChX4Jm47tr2kyHhNIOGdurvd2mFlMcUNFOMyndJBtEJvvCzfYPpZ5srm 14 | n6UF2y/qr/o5i/+/lnHAN5qMETNM0n7GC2MtWxJZNNYC9XJk6XM57uOsRAgcz+ey 15 | WAmgngX4Eygyd20gCKh9hoWGNPBVv9I5zVny4gRo0CReyjMAjBHC/VRT5ujZ5HdJ 16 | sKfYLtSrFSbM8p/QJVJuXnMTeQNymdWUofffRIe4zpI7muAQZlrkpNZyHMFtKjeB 17 | zWz+FiNu8g0ijX2aW4Qslw+gnh3hOutpIDr4kDEfliFfuGyBcBrtuJMjtQ== 18 | -----END CERTIFICATE----- 19 | -------------------------------------------------------------------------------- /13/myuser.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICVjCCAT4CAQAwETEPMA0GA1UEAwwGbXl1c2VyMIIBIjANBgkqhkiG9w0BAQEF 3 | AAOCAQ8AMIIBCgKCAQEAuGg89O2Se4Z4G042sGDgq2jw+5W/E8wUot3ncCryPsrW 4 | VtOxif2bgfrI6hH/WA5cgF7oqzhaeSB4xzU7d3v4CWdCUpCkSAyDDEXaJyasqsJo 5 | EGMbKo6YCCxugCHcqDVbMxVvug7XSLSuEVsj6+K/z/QHldR0eDRcgsZfnE0CYaCN 6 | 6ilkLcrw4btQNfB1tZudr2+ps1fQCcjN2d+dAbAonjAF18k/Hs09h0VQGToX7lbI 7 | r6+MLz5xMqF9y/sDk/sgNSzyQOAnjWtOrDpF0q+uPnQbPnGPfZW9swku4LQXlYaH 8 | cyHxE9bWCtchf2Weo9ho57aI9ldbbK2sCRrp8uc8cwIDAQABoAAwDQYJKoZIhvcN 9 | AQELBQADggEBAJ2ESzOYNcZ5h7mn8+pCT11yi11GRXzKqVMGOC4qKoFegzrqc8kX 10 | 3ybdOH0bI8I/to/Bwuhoute/Kyxq4yv9pjd8nbOBFiN393TqrBecTc7W7ZyIIsWk 11 | zNHVSyfGaZVWBiHG9FReb+yAMMPanqD9sPZVPNrsf5JLaotnHgClpxeq+BrkZo+Q 12 | lCZeCuBwfgQzYtBKB0q9guCt4nNqCvxOjZhNLaA9Tfw7CXuXyDn7pObSgk6t2mC7 13 | IbTIH5YZs/45rVyiU3BRKeSGIres/HvgR1Ggd2v8S6Re0255CsszBn6jPTcBC7N4 14 | vGecnSigMzPJyE+v6AgJ6XrCRnt70033jTs= 15 | -----END CERTIFICATE REQUEST----- 16 | -------------------------------------------------------------------------------- /13/myuser.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAuGg89O2Se4Z4G042sGDgq2jw+5W/E8wUot3ncCryPsrWVtOx 3 | if2bgfrI6hH/WA5cgF7oqzhaeSB4xzU7d3v4CWdCUpCkSAyDDEXaJyasqsJoEGMb 4 | Ko6YCCxugCHcqDVbMxVvug7XSLSuEVsj6+K/z/QHldR0eDRcgsZfnE0CYaCN6ilk 5 | Lcrw4btQNfB1tZudr2+ps1fQCcjN2d+dAbAonjAF18k/Hs09h0VQGToX7lbIr6+M 6 | Lz5xMqF9y/sDk/sgNSzyQOAnjWtOrDpF0q+uPnQbPnGPfZW9swku4LQXlYaHcyHx 7 | E9bWCtchf2Weo9ho57aI9ldbbK2sCRrp8uc8cwIDAQABAoIBAGIkX+S+l4oUS9HE 8 | c4i1Vn0DcdWDodjocUcosGbbBGf0zdQSAFf/WAb6MHmasHnt0r8jQ9L0P/pdFMp4 9 | gziZCq3+faaxgi0yM4CRoIPbqmOK6ZVnGWsxzqny87BP1T7UfsAWNYshIOR5/HYS 10 | OnDtEcacCnlsQ7xBqcaTywjFV3Ia+ELovVVvpd5W0KFMj4PYR3aiLuogG+1kuBsL 11 | BH6zDUD3UN1BOyWbq4ohrH3E7qkT/Atzj+VzKjkYDL6UxUGet+gE+HOeUN741VFg 12 | CFTRSc1TkxbCiK4jxo+O+DhFb+iklzzGmyPAD0bP9LYtMBhjRefPAxugvXve/g6O 13 | CQRXlUkCgYEA4+0fBIfR1O78T05bAzS5rgx0DU2qa59ICuBO4JyQ9sEfvUPyPNPc 14 | JxVBNUESVmLAnw20p8+T+pvwrJQenfY3CCRL+kCvDk7Fd8qKsGx/VRAbGkebO+OY 15 | 59LFxQIKBPfTksr37KnUjr2efWI2S7+yKWR1ZgyFA7WuQGHBqxg+ivUCgYEAzx7k 16 | GlTPrpC8D4CbYQv4ezNv8qaNabgKr1ItGnoSlAgGmo6sDAa8UmAKJe5rtBWRRCPw 17 | Xy5IwLPfBYfaIzREEmEu0wxvoQEZfuCl/ijEGxkCLgyd44FaNnpqENpFOXbYuBg8 18 | C0gKHBgQ07BPH+I5RTUrHFUTxH3PmmkhMDdRWMcCgYEAobVdWViHbfx0tEuSVO72 19 | gd7CA6JDtAGZGmZUcBWE4BzayOxJFBD31B7HWeImAXYk1XPi5WBny9kRY0/ffRDv 20 | sG4YHaAA0zTd8wSXa14+5Pn9UKLXJyFuHaOzvveYZjfyOuaYCafgb7lmley1Ov7x 21 | h16H0HQ3dw9SZsk0n5Ae53UCgYAQB4P/xbCNAgaL7JgZ2qNQZZq0XM907xlkmCeF 22 | dQ0bB8P7Ei+efqb0eRpP9TPArCqh62Ye96YJw+Huu6TWNKVQBtVo3/2DqGIgv6IZ 23 | GW6T6kuQ5MkTYl9o9/BdfYb9+4SqOrXq6ZhetD4ZI/v7q7Zi9MpxVuRAwLvgZ2J6 24 | KM3S4QKBgAqgHOmlRf50V34n7igzPWfsKxDLVFsmQXRvtBPyssgHQFHkYnRKLeNK 25 | RqYmNuN4aPNqAMVSM/UugWf8eG4iK2DWdNWgHeJTvMCsLi7YjoRFcR/rb4yFqg6Y 26 | EC02rgbDkSjl2bkDlOW9kV56/VWml6doTlR13HkZ/4wdcZvakpP/ 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /13/testpod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: testpod 5 | namespace: default 6 | spec: 7 | containers: 8 | - image: nginx 9 | name: testpod 10 | serviceAccount: pod-viewer 11 | -------------------------------------------------------------------------------- /14/empty.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: web-empty 5 | spec: 6 | containers: 7 | - image: nginx:1.14 8 | name: nginx 9 | volumeMounts: 10 | - name: html 11 | mountPath: /usr/share/nginx/html 12 | volumes: 13 | - name: html 14 | emptyDir: {} 15 | -------------------------------------------------------------------------------- /14/hostpath.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: web 5 | spec: 6 | volumes: 7 | - name: html 8 | hostPath: 9 | path: /webdata 10 | containers: 11 | - image: nginx:1.14 12 | name: nginx 13 | volumeMounts: 14 | - name: html 15 | mountPath: /usr/share/nginx/html 16 | -------------------------------------------------------------------------------- /14/nfs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: web-nfs 5 | spec: 6 | containers: 7 | - image: nginx:1.14 8 | name: nginx 9 | volumeMounts: 10 | - name: html 11 | mountPath: /usr/share/nginx/html 12 | volumes: 13 | - name: html 14 | nfs: 15 | server: 172.27.20.50 16 | path: /sharedir/k8s 17 | -------------------------------------------------------------------------------- /14/pv-hostpath.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv-hostpath 5 | spec: 6 | capacity: 7 | storage: 2Gi 8 | volumeMode: Filesystem 9 | accessModes: 10 | - ReadWriteOnce 11 | storageClassName: manual 12 | persistentVolumeReclaimPolicy: Delete 13 | hostPath: 14 | path: /tmp/k8s-pv -------------------------------------------------------------------------------- /14/pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv1 5 | spec: 6 | capacity: 7 | storage: 20Gi 8 | volumeMode: Filesystem 9 | accessModes: 10 | - ReadWriteMany 11 | storageClassName: manual 12 | persistentVolumeReclaimPolicy: Delete 13 | nfs: 14 | server: 172.27.20.50 15 | path: /sharedir/k8s 16 | -------------------------------------------------------------------------------- /14/pvc-pod-web.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: web 5 | spec: 6 | containers: 7 | - image: nginx:1.14 8 | name: nginx 9 | volumeMounts: 10 | - name: html 11 | mountPath: /usr/share/nginx/html 12 | volumes: 13 | - name: html 14 | persistentVolumeClaim: 15 | claimName: pvc-web 16 | 17 | -------------------------------------------------------------------------------- /14/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: pvc-web 5 | spec: 6 | accessModes: 7 | - ReadWriteMany 8 | volumeMode: Filesystem 9 | resources: 10 | requests: 11 | storage: 20Gi 12 | storageClassName: manual 13 | -------------------------------------------------------------------------------- /14/testpods.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: testpod 5 | spec: 6 | containers: 7 | - image: nginx 8 | name: testpod 9 | 10 | -------------------------------------------------------------------------------- /14/volume-hostpath.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: volume-hostpath 5 | spec: 6 | containers: 7 | - name: volume-hostpath 8 | image: nginx 9 | volumeMounts: 10 | - mountPath: /test-volume 11 | name: hostpath-vol 12 | ports: 13 | - containerPort: 8080 14 | volumes: 15 | - name: hostpath-vol 16 | hostPath: 17 | path: /tmp 18 | type: Directory 19 | -------------------------------------------------------------------------------- /15/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: web 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: webui 10 | template: 11 | metadata: 12 | name: nginx-pod 13 | labels: 14 | app: webui 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.14 19 | -------------------------------------------------------------------------------- /15/svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: webui-svc 5 | spec: 6 | clusterIP: 10.96.100.100 7 | selector: 8 | app: webui 9 | ports: 10 | - protocol: TCP 11 | port: 80 12 | targetPort: 80 13 | -------------------------------------------------------------------------------- /16/custom-dns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | namespace: default 5 | name: dns-example 6 | spec: 7 | containers: 8 | - name: test 9 | image: nginx 10 | dnsPolicy: "None" 11 | dnsConfig: 12 | nameservers: 13 | - 1.2.3.4 14 | searches: 15 | - ns1.svc.cluster-domain.example 16 | - my.dns.search.suffix 17 | options: 18 | - name: ndots 19 | value: "2" 20 | - name: edns0 21 | -------------------------------------------------------------------------------- /16/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: web 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: web 10 | template: 11 | metadata: 12 | name: nginx-pod 13 | labels: 14 | app: web 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.14 19 | -------------------------------------------------------------------------------- /16/svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: svc-web 5 | spec: 6 | clusterIP: 10.96.100.100 7 | selector: 8 | app: web 9 | ports: 10 | - protocol: TCP 11 | port: 80 12 | targetPort: 80 13 | -------------------------------------------------------------------------------- /17/17-2_note: -------------------------------------------------------------------------------- 1 | Kubernetes Dashboard 2 | 3 | 1. NodePort로 대시보드 실행 4 | 참고: https://kubernetes.io/ko/docs/tasks/access-application-cluster/web-ui-dashboard/ 5 | 대시보드 버전은 docs 에 맞춰서 진행하시면 됩니다. 6 | kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml 7 | kubectl get all -n kubernetes-dashboard 8 | # ServiceType을 NodePort로 수정 9 | kubectl -n kubernetes-dashboard edit service kubernetes-dashboard 10 | type: NodePort 11 | 12 | kubectl -n kubernetes-dashboard get service kubernetes-dashboard 13 | 14 | 15 | # 대시보드 접속 활성화 16 | kubectl proxy --address=10.0.2.20 --accept-hosts='^*$' 17 | curl 10.0.2.20:8001 18 | 19 | 20 | 2. 대시보드 UI 연결 21 | 2.1 대시보드 접속 가능한 ServiceAccount 생성 22 | ServiceAccount 생성 : admin-user 23 | ClusterRoleBinding : admin-user – cluster-admin 24 | ServiceAccount를 위한 Bearer Token 가져오기 25 | Bearer Token을 Secret으로 저장 26 | 토큰 확인 후 인증 27 | https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md 28 | 29 | cat << EOF | kubectl apply -f - 30 | apiVersion: v1 31 | kind: ServiceAccount 32 | metadata: 33 | name: admin-user 34 | namespace: kubernetes-dashboard 35 | --- 36 | apiVersion: rbac.authorization.k8s.io/v1 37 | kind: ClusterRoleBinding 38 | metadata: 39 | name: admin-user 40 | roleRef: 41 | apiGroup: rbac.authorization.k8s.io 42 | kind: ClusterRole 43 | name: cluster-admin 44 | subjects: 45 | - kind: ServiceAccount 46 | name: admin-user 47 | namespace: kubernetes-dashboard 48 | --- 49 | apiVersion: v1 50 | kind: Secret 51 | metadata: 52 | name: admin-user 53 | namespace: kubernetes-dashboard 54 | annotations: 55 | kubernetes.io/service-account.name: "admin-user" 56 | type: kubernetes.io/service-account-token 57 | 58 | EOF 59 | 60 | 61 | 2.2 로그인 토큰 확인 62 | kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d 63 | 64 | 2.3 대시보드 연결 65 | https://10.0.2.20:NODEPORT/ 66 | -------------------------------------------------------------------------------- /17/17-3_note: -------------------------------------------------------------------------------- 1 | # Metrics-server 2 | # https://kubernetes.io/ko/docs/tasks/debug/debug-cluster/resource-metrics-pipeline/ 3 | 4 | # https://github.com/kubernetes-sigs/metrics-server 5 | kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml 6 | 7 | 8 | 9 | #2. Prometheus 설치 및 데이터 수집, 통합 10 | #- 쿠버 스테이트 메트릭(kube-state-metrics) 11 | # Kubernetes API 서버를 수신하고 Deployment 및 Pod와 같은 12 | # Kubernetes 개체의 상태를 프로메테우스 서버가 수집할 수 있는 13 | # 메트릭 데이터로 변환해 공개 14 | #- 노드 익스포터(node-exporter) 15 | # 노드의 CPU, 메모리 사용량과 같은 OS 및 하드웨어 측정값인 16 | # 시스템 메트릭 정보를 프로메테우스에게 전달 17 | 18 | #1.1. prometheus 설치 19 | mkdir monitoring 20 | cd monitoring 21 | kubectl create ns monitoring 22 | kubectl apply -f kube-state-metrics.yaml -f node-exporter.yaml -f prometheus.yaml 23 | kubectl get pod -n kube-system | grep kube-state 24 | kubectl get pod -n monitoring 25 | kubectl get svc -n monitoring | grep prome 26 | 27 | # 웹브라우저로 접속 28 | 10.0.2.21:NodePort 29 | 30 | #1.2 간단한 애플리케이션 실행후 시계열 매트릭 정보 확인 31 | 32 | 33 | ## Grafana 실행 34 | kubectl apply -f grafana.yaml 35 | kubectl get all -n monitoring 36 | 37 | # Grafana 서비스 노드포트 확인 후 웹브라우저로 접속 38 | -------------------------------------------------------------------------------- /17/yamls/grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: grafana 5 | namespace: monitoring 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | app: grafana 11 | template: 12 | metadata: 13 | name: grafana 14 | labels: 15 | app: grafana 16 | spec: 17 | containers: 18 | - name: grafana 19 | image: grafana/grafana:latest 20 | ports: 21 | - name: grafana 22 | containerPort: 3000 23 | env: 24 | - name: GF_SERVER_HTTP_PORT 25 | value: "3000" 26 | - name: GF_AUTH_BASIC_ENABLED 27 | value: "false" 28 | - name: GF_AUTH_ANONYMOUS_ENABLED 29 | value: "true" 30 | - name: GF_AUTH_ANONYMOUS_ORG_ROLE 31 | value: Admin 32 | - name: GF_SERVER_ROOT_URL 33 | value: / 34 | --- 35 | apiVersion: v1 36 | kind: Service 37 | metadata: 38 | name: grafana 39 | namespace: monitoring 40 | annotations: 41 | prometheus.io/scrape: 'true' 42 | prometheus.io/port: '3000' 43 | spec: 44 | selector: 45 | app: grafana 46 | type: LoadBalancer 47 | ports: 48 | - port: 3000 49 | targetPort: 3000 50 | -------------------------------------------------------------------------------- /17/yamls/kube-state-metrics.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kube-state-metrics 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kube-state-metrics 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kube-state-metrics 12 | namespace: kube-system 13 | --- 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: ClusterRole 16 | metadata: 17 | name: kube-state-metrics 18 | rules: 19 | - apiGroups: 20 | - "" 21 | resources: ["configmaps", "secrets", "nodes", "pods", "services", "resourcequotas", "replicationcontrollers", "limitranges", "persistentvolumeclaims", "persistentvolumes", "namespaces", "endpoints"] 22 | verbs: ["list","watch"] 23 | - apiGroups: 24 | - extensions 25 | resources: ["daemonsets", "deployments", "replicasets", "ingresses"] 26 | verbs: ["list", "watch"] 27 | - apiGroups: 28 | - apps 29 | resources: ["statefulsets", "daemonsets", "deployments", "replicasets"] 30 | verbs: ["list", "watch"] 31 | - apiGroups: 32 | - batch 33 | resources: ["cronjobs", "jobs"] 34 | verbs: ["list", "watch"] 35 | - apiGroups: 36 | - autoscaling 37 | resources: ["horizontalpodautoscalers"] 38 | verbs: ["list", "watch"] 39 | - apiGroups: 40 | - authentication.k8s.io 41 | resources: ["tokenreviews"] 42 | verbs: ["create"] 43 | - apiGroups: 44 | - authorization.k8s.io 45 | resources: ["subjectaccessreviews"] 46 | verbs: ["create"] 47 | - apiGroups: 48 | - policy 49 | resources: ["poddisruptionbudgets"] 50 | verbs: ["list", "watch"] 51 | - apiGroups: 52 | - certificates.k8s.io 53 | resources: ["certificatesigningrequests"] 54 | verbs: ["list", "watch"] 55 | - apiGroups: 56 | - storage.k8s.io 57 | resources: ["storageclasses", "volumeattachments"] 58 | verbs: ["list", "watch"] 59 | - apiGroups: 60 | - admissionregistration.k8s.io 61 | resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] 62 | verbs: ["list", "watch"] 63 | - apiGroups: 64 | - networking.k8s.io 65 | resources: ["networkpolicies"] 66 | verbs: ["list", "watch"] 67 | --- 68 | apiVersion: v1 69 | kind: ServiceAccount 70 | metadata: 71 | name: kube-state-metrics 72 | namespace: kube-system 73 | --- 74 | apiVersion: apps/v1 75 | kind: Deployment 76 | metadata: 77 | labels: 78 | app: kube-state-metrics 79 | name: kube-state-metrics 80 | namespace: kube-system 81 | spec: 82 | replicas: 1 83 | selector: 84 | matchLabels: 85 | app: kube-state-metrics 86 | template: 87 | metadata: 88 | labels: 89 | app: kube-state-metrics 90 | spec: 91 | containers: 92 | - image: quay.io/coreos/kube-state-metrics:v1.8.0 93 | livenessProbe: 94 | httpGet: 95 | path: /healthz 96 | port: 8080 97 | initialDelaySeconds: 5 98 | timeoutSeconds: 5 99 | name: kube-state-metrics 100 | ports: 101 | - containerPort: 8080 102 | name: http-metrics 103 | - containerPort: 8081 104 | name: telemetry 105 | readinessProbe: 106 | httpGet: 107 | path: / 108 | port: 8081 109 | initialDelaySeconds: 5 110 | timeoutSeconds: 5 111 | nodeSelector: 112 | kubernetes.io/os: linux 113 | serviceAccountName: kube-state-metrics 114 | --- 115 | apiVersion: v1 116 | kind: Service 117 | metadata: 118 | labels: 119 | app: kube-state-metrics 120 | name: kube-state-metrics 121 | namespace: kube-system 122 | spec: 123 | clusterIP: None 124 | ports: 125 | - name: http-metrics 126 | port: 8080 127 | targetPort: http-metrics 128 | - name: telemetry 129 | port: 8081 130 | targetPort: telemetry 131 | selector: 132 | app: kube-state-metrics 133 | -------------------------------------------------------------------------------- /17/yamls/node-exporter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: node-exporter 5 | namespace: monitoring 6 | labels: 7 | k8s-app: node-exporter 8 | spec: 9 | selector: 10 | matchLabels: 11 | k8s-app: node-exporter 12 | template: 13 | metadata: 14 | labels: 15 | k8s-app: node-exporter 16 | spec: 17 | containers: 18 | - image: prom/node-exporter 19 | name: node-exporter 20 | ports: 21 | - containerPort: 9100 22 | protocol: TCP 23 | name: http 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | labels: 29 | k8s-app: node-exporter 30 | name: node-exporter 31 | namespace: monitoring 32 | spec: 33 | ports: 34 | - name: http 35 | port: 9100 36 | nodePort: 32245 37 | protocol: TCP 38 | type: NodePort 39 | selector: 40 | k8s-app: node-exporter 41 | --- 42 | -------------------------------------------------------------------------------- /17/yamls/prometheus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: prometheus 5 | namespace: monitoring 6 | rules: 7 | - apiGroups: [""] 8 | resources: 9 | - nodes 10 | - nodes/proxy 11 | - services 12 | - endpoints 13 | - pods 14 | verbs: ["get", "list", "watch"] 15 | - apiGroups: 16 | - extensions 17 | resources: 18 | - ingresses 19 | verbs: ["get", "list", "watch"] 20 | - nonResourceURLs: ["/metrics"] 21 | verbs: ["get"] 22 | --- 23 | apiVersion: rbac.authorization.k8s.io/v1 24 | kind: ClusterRoleBinding 25 | metadata: 26 | name: prometheus 27 | roleRef: 28 | apiGroup: rbac.authorization.k8s.io 29 | kind: ClusterRole 30 | name: prometheus 31 | subjects: 32 | - kind: ServiceAccount 33 | name: default 34 | namespace: monitoring 35 | 36 | --- 37 | apiVersion: v1 38 | kind: ConfigMap 39 | metadata: 40 | name: prometheus-server-conf 41 | labels: 42 | name: prometheus-server-conf 43 | namespace: monitoring 44 | data: 45 | prometheus.rules: |- 46 | groups: 47 | - name: container memory alert 48 | rules: 49 | - alert: container memory usage rate is very high( > 55%) 50 | expr: sum(container_memory_working_set_bytes{pod!="", name=""})/ sum (kube_node_status_allocatable_memory_bytes) * 100 > 55 51 | for: 1m 52 | labels: 53 | severity: fatal 54 | annotations: 55 | summary: High Memory Usage on 56 | identifier: "" 57 | description: " Memory Usage: " 58 | - name: container CPU alert 59 | rules: 60 | - alert: container CPU usage rate is very high( > 10%) 61 | expr: sum (rate (container_cpu_usage_seconds_total{pod!=""}[1m])) / sum (machine_cpu_cores) * 100 > 10 62 | for: 1m 63 | labels: 64 | severity: fatal 65 | annotations: 66 | summary: High Cpu Usage 67 | - name: node kill 68 | rules: 69 | - alert: node die 70 | expr: sum(kube_node_status_condition{condition="Ready", status="true"}==1) < 3 71 | for: 0m 72 | labels: 73 | severity: fatal 74 | annotations: 75 | summary: node die 76 | - name: Pods 77 | rules: 78 | - alert: Container restarted 79 | annotations: 80 | summary: Container named {{$labels.container}} in {{$labels.pod}} in {{$labels.namespace}} was restarted 81 | expr: sum(increase(kube_pod_container_status_restarts_total{namespace!="kube-system",pod_template_hash=""}[1m])) by (pod,namespace,container) > 0 82 | for: 0m 83 | labels: 84 | team: slack 85 | - name: Pod CrashLoop 86 | rules: 87 | - alert: Pod CrashLoop 88 | annotations: 89 | summary: Container named {{$labels.container}} in {{$labels.pod}} in {{$labels.namespace}} was restarted (CrashLoop) 90 | expr: sum(increase(kube_pod_container_status_restarts_total{namespace!="kube-system",pod_template_hash=""}[15m])) by (pod,namespace,container) > 5 91 | for: 0m 92 | labels: 93 | team: slack 94 | - name: pod Pending 95 | rules: 96 | - alert: Pod Pendinging 97 | expr: kube_pod_status_phase{phase="Pending"} > 0 98 | for: 1m 99 | labels: 100 | team: slack 101 | prometheus.yml: |- 102 | global: 103 | scrape_interval: 5s 104 | evaluation_interval: 5s 105 | rule_files: 106 | - /etc/prometheus/prometheus.rules 107 | alerting: 108 | alertmanagers: 109 | - scheme: http 110 | static_configs: 111 | - targets: 112 | - "alertmanager.monitoring.svc:9093" 113 | 114 | scrape_configs: 115 | - job_name: 'node-exporter' 116 | 117 | kubernetes_sd_configs: 118 | - role: endpoints 119 | 120 | relabel_configs: 121 | - source_labels: [__meta_kubernetes_endpoints_name] 122 | regex: 'node-exporter' 123 | action: keep 124 | 125 | - job_name: 'kubernetes-apiservers' 126 | static_configs: 127 | - targets: ['node-exporter.monitoring.svc.cluster.local:9100'] 128 | 129 | kubernetes_sd_configs: 130 | - role: endpoints 131 | scheme: https 132 | 133 | tls_config: 134 | ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 135 | bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 136 | 137 | relabel_configs: 138 | - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 139 | action: keep 140 | regex: default;kubernetes;https 141 | 142 | - job_name: 'kubernetes-nodes' 143 | 144 | scheme: https 145 | 146 | tls_config: 147 | ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 148 | bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 149 | 150 | kubernetes_sd_configs: 151 | - role: node 152 | 153 | relabel_configs: 154 | - action: labelmap 155 | regex: __meta_kubernetes_node_label_(.+) 156 | - target_label: __address__ 157 | replacement: kubernetes.default.svc:443 158 | - source_labels: [__meta_kubernetes_node_name] 159 | regex: (.+) 160 | target_label: __metrics_path__ 161 | replacement: /api/v1/nodes/${1}/proxy/metrics 162 | 163 | 164 | - job_name: 'kubernetes-pods' 165 | 166 | kubernetes_sd_configs: 167 | - role: pod 168 | 169 | relabel_configs: 170 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 171 | action: keep 172 | regex: true 173 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 174 | action: replace 175 | target_label: __metrics_path__ 176 | regex: (.+) 177 | - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 178 | action: replace 179 | regex: ([^:]+)(?::\d+)?;(\d+) 180 | replacement: $1:$2 181 | target_label: __address__ 182 | - action: labelmap 183 | regex: __meta_kubernetes_pod_label_(.+) 184 | - source_labels: [__meta_kubernetes_namespace] 185 | action: replace 186 | target_label: kubernetes_namespace 187 | - source_labels: [__meta_kubernetes_pod_name] 188 | action: replace 189 | target_label: kubernetes_pod_name 190 | 191 | - job_name: 'kube-state-metrics' 192 | static_configs: 193 | - targets: ['kube-state-metrics.kube-system.svc.cluster.local:8080'] 194 | 195 | - job_name: 'kubernetes-cadvisor' 196 | 197 | scheme: https 198 | 199 | tls_config: 200 | ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 201 | bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 202 | 203 | kubernetes_sd_configs: 204 | - role: node 205 | 206 | relabel_configs: 207 | - action: labelmap 208 | regex: __meta_kubernetes_node_label_(.+) 209 | - target_label: __address__ 210 | replacement: kubernetes.default.svc:443 211 | - source_labels: [__meta_kubernetes_node_name] 212 | regex: (.+) 213 | target_label: __metrics_path__ 214 | replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor 215 | 216 | - job_name: 'kubernetes-service-endpoints' 217 | 218 | kubernetes_sd_configs: 219 | - role: endpoints 220 | 221 | relabel_configs: 222 | - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] 223 | action: keep 224 | regex: true 225 | - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] 226 | action: replace 227 | target_label: __scheme__ 228 | regex: (https?) 229 | - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] 230 | action: replace 231 | target_label: __metrics_path__ 232 | regex: (.+) 233 | - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] 234 | action: replace 235 | target_label: __address__ 236 | regex: ([^:]+)(?::\d+)?;(\d+) 237 | replacement: $1:$2 238 | - action: labelmap 239 | regex: __meta_kubernetes_service_label_(.+) 240 | - source_labels: [__meta_kubernetes_namespace] 241 | action: replace 242 | target_label: kubernetes_namespace 243 | - source_labels: [__meta_kubernetes_service_name] 244 | action: replace 245 | target_label: kubernetes_name 246 | --- 247 | apiVersion: apps/v1 248 | kind: Deployment 249 | metadata: 250 | name: prometheus-deployment 251 | namespace: monitoring 252 | spec: 253 | replicas: 1 254 | selector: 255 | matchLabels: 256 | app: prometheus-server 257 | template: 258 | metadata: 259 | labels: 260 | app: prometheus-server 261 | spec: 262 | containers: 263 | - name: prometheus 264 | image: prom/prometheus:latest 265 | args: 266 | - "--config.file=/etc/prometheus/prometheus.yml" 267 | - "--storage.tsdb.path=/prometheus/" 268 | ports: 269 | - containerPort: 9090 270 | volumeMounts: 271 | - name: prometheus-config-volume 272 | mountPath: /etc/prometheus/ 273 | - name: prometheus-storage-volume 274 | mountPath: /prometheus/ 275 | volumes: 276 | - name: prometheus-config-volume 277 | configMap: 278 | defaultMode: 420 279 | name: prometheus-server-conf 280 | 281 | - name: prometheus-storage-volume 282 | emptyDir: {} 283 | --- 284 | apiVersion: v1 285 | kind: Service 286 | metadata: 287 | name: prometheus-service 288 | namespace: monitoring 289 | annotations: 290 | prometheus.io/scrape: 'true' 291 | prometheus.io/port: '9090' 292 | spec: 293 | selector: 294 | app: prometheus-server 295 | type: NodePort 296 | ports: 297 | - port: 8080 298 | targetPort: 9090 299 | --- 300 | -------------------------------------------------------------------------------- /18/deploy_web.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deploy-web 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: web 10 | template: 11 | metadata: 12 | labels: 13 | app: web 14 | spec: 15 | containers: 16 | - image: smlinux/hpa-example 17 | name: web 18 | ports: 19 | - containerPort: 80 20 | resources: 21 | requests: 22 | cpu: 200m 23 | --- 24 | apiVersion: v1 25 | kind: Service 26 | metadata: 27 | name: svc-web 28 | spec: 29 | ports: 30 | - port: 80 31 | targetPort: 80 32 | selector: 33 | app: web 34 | -------------------------------------------------------------------------------- /18/hpa_web.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: hpe-web 5 | spec: 6 | maxReplicas: 10 7 | minReplicas: 1 8 | scaleTargetRef: 9 | apiVersion: apps/v1 10 | kind: Deployment 11 | name: deploy-web 12 | targetCPUUtilizationPercentage: 50 13 | -------------------------------------------------------------------------------- /21/Helm_note: -------------------------------------------------------------------------------- 1 | # Install Helm 2 | curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 3 | chmod 700 get_helm.sh 4 | ./get_helm.sh 5 | 6 | helm version 7 | 8 | source <(helm completion bash) 9 | echo "source <(helm completion bash)" >> ~/.bashrc 10 | 11 | 12 | # Helm 사용하기 13 | helm --help 14 | 15 | 16 | # Repository 추가/삭제 : helm repo [add|remove|list] [NAME] [URL] 17 | helm repo add bitnami https://charts.bitnami.com/bitnami 18 | helm repo list 19 | 20 | #Repository에서 제공하는 chart 검색 : helm search repo [keyword] 21 | helm search repo 22 | helm search repo nginx 23 | 24 | # chart 정보 보기 : 25 | # helm show chart [CHART] 26 | # helm inspect values [CHART] 27 | # Chart.yaml 파일의 내용과ls chart의 세부정보 출력 28 | helm show chart bitnami/nginx 29 | helm inspect values bitnami/nginx 30 | 31 | #chart 아카이브 설치: helm install chart_name [CHART] 32 | #chart를 설치하고 설치된 패키지 운영 요약 메시지 출력 33 | helm install webserver bitnami/nginx 34 | helm install webserver --set service.type=NodePort bitnami/nginx 35 | helm list 36 | kubectl get all 37 | 38 | #chart 아카이브 삭제: helm uninstall chart_name 39 | #chart를 설치하고 설치된 패키지 운영 요약 메시지 출력 40 | helm uninstall webserver 41 | 42 | # Repository 삭제 43 | helm repo list 44 | 45 | # valume.yaml 파일을 적용하여 패키지 실행 46 | helm inspect values bitnami/nginx > nginx_value.yaml 47 | vi nginx_value.yaml 48 | service: 49 | ## @param service.type Service type 50 | ## 51 | type: NodePort 52 | ... 53 | 54 | helm install webserver -f nginx_values.yaml bitnami/nginx 55 | kubectl get all 56 | helm uninstall webserver 57 | 58 | 59 | # helm 패키지 구조 보기 60 | helm pull bitnami/nginx 61 | tar zxvf nginx-15.2.0.tgz 62 | tree nginx 63 | 64 | 65 | # Helm Chart 만들기 66 | # Create helm chart : mynginx 67 | mkdir manifests 68 | kubectl create deployment webserver --image nginx:1.25.2 --port 80 -o yaml > manifests/deployment.yaml 69 | kubectl expose deployment webserver --port 80 --target-port 80 --type NodePort -o yaml > manifests/service.yaml 70 | tree manifests/ 71 | kubectl delete -f manifests/ 72 | 73 | helm create mynginx 74 | tree mynginx/ 75 | rm mynginx/templates/*.yaml mynginx/templates/{_helpers.tpl,NOTES.txt} 76 | rm -rf mynginx/templates/tests/ 77 | cp manifests/* mynginx/templates/ 78 | vi mynginx/Chart.yaml 79 | .. 80 | description: A halm chart for running nginx web server 81 | 82 | tree mynginx/ 83 | 84 | # chart를 TEST 실행하여 오류 유무를 확인 85 | # helm lint PATH [flags] 86 | helm lint mynginx/ 87 | 88 | # 실행 89 | helm install webserver ./mynginx/ 90 | 91 | 92 | #서비스 동작 중인지확인 93 | helm list 94 | Kubectl get all 95 | curl localhost:XXXX 96 | helm uninstall webserver 97 | 98 | 99 | ################## 100 | # mynginx chart에 변수(values.yaml) 설정 101 | 102 | cat > mynginx/values.yaml 103 | replicaCount: 1 104 | image: 105 | repository: nginx 106 | tag: 1.25.2 107 | pullPolicy: IfNotPresent 108 | pullSecret: 109 | service: 110 | type: NodePort 111 | 112 | # Chart.yaml, values.yaml 파일 기준으로 변수 설정 113 | vi mynginx/templates/deployment.yaml 114 | vi mynginx/templates/service.yaml 115 | 116 | # chart 실행 117 | helm install webserver ./mynginx/ 118 | helm list 119 | kubectl get all 120 | curl localhost:30671 121 | 122 | #helm 으로 실행한 차트 수정해서 재실행 123 | helm upgrade --set image.repository=httpd --set image.tag=2.2.34-alpine webserver mynginx 124 | curl localhost:X 125 | helm list 126 | 127 | #helm을 이용한 roleback 128 | helm rollback webserver 1 129 | curl localhost:X 130 | 131 | helm list 132 | helm uninstall webserver 133 | 134 | # helm chart 파일 만들기 135 | helm package mynginx 136 | ls mynginx-0.1.0.tgz 137 | kubectl get all 138 | curl localhost:XXXX 139 | 140 | 141 | # 4. Github repository를 이용해 helm chart 배포하기 142 | # 4.1 repository 만들기 143 | # 4.2 chart package 만들기 144 | mkdir my-helm-repo; cd my-helm-repo/ 145 | git init 146 | git config --global user.email "MAIL_address" 147 | git config --global user.name "GIT ID" 148 | 149 | cat < README.md 150 | # My Helm Chart 151 | 152 | Helm chart repository provided by ttabae 153 | 154 | helm repo add my-helm-repo https://237summit.github.io/my-helm-chart/ 155 | helm repo list 156 | helm repo update 157 | helm search repo mynginx 158 | helm install webserver my-helm-repo/mynginx 159 | EOF 160 | cp ~/mynginx-0.1.0.tgz . 161 | helm repo index . 162 | 163 | git add . 164 | git commit -m "Create mynginx helm chart" 165 | 166 | git remote add origin https://github.com/237summit/my-helm-repo.git 167 | git push -u origin master 168 | 169 | #4.3 Github page 만들기 170 | #4.4 Helm repository 구성 171 | helm repo add my-helm-repo https://237summit.github.io/my-helm-repo/ 172 | helm repo list 173 | helm repo update 174 | 175 | helm search repo mynginx 176 | helm install webserver my-helm-repo/mynginx 177 | kubectl get all 178 | curl localhost:30032 179 | helm uninstall webserver -------------------------------------------------------------------------------- /21/mynginx/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: mynginx 3 | description: A halm chart for running nginx web server 4 | 5 | type: application 6 | 7 | version: 0.1.0 8 | 9 | appVersion: "1.16.0" 10 | -------------------------------------------------------------------------------- /21/mynginx/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: "deploy-{{ .Release.Name }}" 5 | namespace: default 6 | spec: 7 | replicas: {{ .Values.replicaCount }} 8 | selector: 9 | matchLabels: 10 | app: "{{ .Chart.Name }}" 11 | template: 12 | metadata: 13 | labels: 14 | app: "{{ .Chart.Name }}" 15 | spec: 16 | containers: 17 | - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 18 | imagePullPolicy: "{{ .Values.image.pullPolicy }}" 19 | name: "{{ .Chart.Name }}" 20 | ports: 21 | - containerPort: 80 22 | 23 | -------------------------------------------------------------------------------- /21/mynginx/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: "svc-{{ .Release.Name }}" 5 | namespace: default 6 | spec: 7 | type: "{{ .Values.service.type }}" 8 | ports: 9 | - port: 80 10 | protocol: TCP 11 | targetPort: 80 12 | selector: 13 | app: "{{ .Chart.Name }}" 14 | -------------------------------------------------------------------------------- /21/mynginx/values.yaml: -------------------------------------------------------------------------------- 1 | replicaCount: 1 2 | image: 3 | repository: nginx 4 | tag: 1.25.2 5 | pullPolicy: IfNotPresent 6 | pullSecret: 7 | service: 8 | type: NodePort 9 | -------------------------------------------------------------------------------- /5/init-container-exam-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: mydb 5 | spec: 6 | ports: 7 | - protocol: TCP 8 | port: 80 9 | targetPort: 9377 10 | -------------------------------------------------------------------------------- /5/init-container-exam.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: myapp-pod 5 | labels: 6 | app: myapp 7 | spec: 8 | containers: 9 | - name: myapp-container 10 | image: busybox:1.28 11 | command: ['sh', '-c', 'echo The app is running! && sleep 3600'] 12 | initContainers: 13 | - name: init-myservice 14 | image: busybox:1.28 15 | command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] 16 | - name: init-mydb 17 | image: busybox:1.28 18 | command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"] 19 | -------------------------------------------------------------------------------- /5/init-container-exam2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: multipod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.14 9 | ports: 10 | - containerPort: 80 11 | - name: centos-container 12 | image: centos:7 13 | command: 14 | - sleep 15 | - "10000" 16 | -------------------------------------------------------------------------------- /5/liveness-exam.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: liveness-exam 5 | spec: 6 | containers: 7 | - name: busybox-container 8 | image: busybox 9 | args: 10 | - /bin/sh 11 | - -c 12 | - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600 13 | -------------------------------------------------------------------------------- /5/pod-liveness.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: liveness-pod 5 | spec: 6 | containers: 7 | - image: smlinux/unhealthy 8 | name: unhealthy-container 9 | ports: 10 | - containerPort: 8080 11 | protocol: TCP 12 | livenessProbe: 13 | httpGet: 14 | path: / 15 | port: 8080 16 | -------------------------------------------------------------------------------- /5/pod-multi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: multipod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.14 9 | ports: 10 | - containerPort: 80 11 | - name: centos-container 12 | image: centos:7 13 | command: 14 | - sleep 15 | - "10000" 16 | -------------------------------------------------------------------------------- /5/pod-mysql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: mysql-pod 5 | spec: 6 | initContainers: 7 | - name: init-mysql 8 | image: mysql:5.7 9 | command: ['bash', '-c', "until hostname; do echo waiting for db service; sleep 2; done"] 10 | 11 | containers: 12 | - name: mysql 13 | image: mysql:5.7 14 | env: 15 | - name: "MYSQL_ROOT_PASSWORD" 16 | value: "pass" 17 | ports: 18 | - containerPort: 3306 19 | livenessProbe: 20 | exec: 21 | command: 22 | - mysqladmin 23 | - ping 24 | initialDelaySeconds: 30 25 | periodSeconds: 10 26 | timeoutSeconds: 5 27 | resources: 28 | requests: 29 | memory: "1Gi" 30 | cpu: "500m" 31 | -------------------------------------------------------------------------------- /5/pod-nginx-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-pod-env 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.14 9 | ports: 10 | - containerPort: 80 11 | protocol: TCP 12 | env: 13 | - name: MYVAR 14 | value: "testvalue" 15 | 16 | -------------------------------------------------------------------------------- /5/pod-nginx-liveness.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-pod-liveness 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.14 9 | ports: 10 | - containerPort: 80 11 | protocol: TCP 12 | livenessProbe: 13 | httpGet: 14 | path: / 15 | port: 80 16 | 17 | 18 | -------------------------------------------------------------------------------- /5/pod-nginx-resources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-pod-env 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.14 9 | ports: 10 | - containerPort: 80 11 | protocol: TCP 12 | env: 13 | - name: MYVAR 14 | value: "testvalue" 15 | resources: 16 | requests: 17 | memory: 500Mi 18 | cpu: 200m 19 | limits: 20 | memory: 1Gi 21 | cpu: 1 22 | -------------------------------------------------------------------------------- /5/pod-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.14 9 | ports: 10 | - containerPort: 80 11 | protocol: TCP 12 | 13 | -------------------------------------------------------------------------------- /5/redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: redis 5 | spec: 6 | containers: 7 | - image: redis123 8 | name: redis 9 | -------------------------------------------------------------------------------- /5/stress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: stress-pod 5 | spec: 6 | containers: 7 | - image: smlinux/vish-stress 8 | name: stress-container 9 | resources: 10 | limits: 11 | cpu: "1" 12 | memory: "500Mi" 13 | requests: 14 | cpu: "0.5" 15 | memory: "250Mi" 16 | args: 17 | - -cpus 18 | - "1" 19 | - -mem-total 20 | - "600Mi" 21 | - -mem-alloc-size 22 | - "100Mi" 23 | - -mem-alloc-sleep 24 | - "1s" 25 | 26 | -------------------------------------------------------------------------------- /6/cronjob-exam.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1beta1 2 | kind: CronJob 3 | metadata: 4 | name: cronjob-exam 5 | spec: 6 | schedule: "* * * * *" 7 | startingDeadlineSeconds: 500 8 | # concurrencyPolicy: Allow 9 | concurrencyPolicy: Forbid 10 | jobTemplate: 11 | spec: 12 | template: 13 | spec: 14 | containers: 15 | - name: hello 16 | image: busybox 17 | args: 18 | - /bin/sh 19 | - -c 20 | - echo Hello; sleep 10; echo Bye 21 | restartPolicy: Never 22 | -------------------------------------------------------------------------------- /6/daemonset-exam.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: daemonset-nginx 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: webui 9 | template: 10 | metadata: 11 | name: nginx-pod 12 | labels: 13 | app: webui 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.14 18 | -------------------------------------------------------------------------------- /6/deploy-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deploy-nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: webui 10 | template: 11 | metadata: 12 | name: nginx-pod 13 | labels: 14 | app: webui 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.14 19 | -------------------------------------------------------------------------------- /6/deployment-exam1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: app-deploy 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: webui 9 | replicas: 3 10 | template: 11 | metadata: 12 | labels: 13 | app: webui 14 | spec: 15 | containers: 16 | - image: nginx:1.14 17 | name: web 18 | ports: 19 | - containerPort: 80 20 | -------------------------------------------------------------------------------- /6/deployment-exam2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deploy-nginx 5 | annotations: 6 | kubernetes.io/change-cause: version 1.15 7 | spec: 8 | progressDeadlineSeconds: 600 9 | revisionHistoryLimit: 10 10 | strategy: 11 | rollingUpdate: 12 | maxSurge: 25% 13 | maxUnavailable: 25% 14 | type: RollingUpdate 15 | replicas: 3 16 | selector: 17 | matchLabels: 18 | app: webui 19 | template: 20 | metadata: 21 | labels: 22 | app: webui 23 | spec: 24 | containers: 25 | - name: web 26 | image: nginx:1.15 27 | ports: 28 | - containerPort: 80 29 | 30 | -------------------------------------------------------------------------------- /6/job-exam.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: centos-job 5 | spec: 6 | # completions: 5 7 | # parallelism: 2 8 | activeDeadlineSeconds: 5 9 | template: 10 | spec: 11 | containers: 12 | - name: centos-container 13 | image: centos:7 14 | command: ["bash"] 15 | args: 16 | - "-c" 17 | - "echo 'Hello World'; sleep 25; echo 'Bye'" 18 | restartPolicy: Never 19 | # restartPolicy: OnFailure 20 | # backoffLimit: 3 21 | -------------------------------------------------------------------------------- /6/pod-redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: redis-pod 5 | spec: 6 | containers: 7 | - name: redis-container 8 | image: redis 9 | -------------------------------------------------------------------------------- /6/rc-exam.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: frontend 5 | labels: 6 | app: guestbook 7 | tier: frontend 8 | spec: 9 | # 케이스에 따라 레플리카를 수정한다. 10 | replicas: 3 11 | selector: 12 | matchLabels: 13 | tier: frontend 14 | template: 15 | metadata: 16 | labels: 17 | tier: frontend 18 | spec: 19 | containers: 20 | - name: php-redis 21 | image: gcr.io/google_samples/gb-frontend:v3 22 | -------------------------------------------------------------------------------- /6/rc-lab1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: rc-main 5 | spec: 6 | replicas: 2 7 | selector: 8 | app: main 9 | name: apache 10 | rel: stable 11 | template: 12 | metadata: 13 | labels: 14 | app: main 15 | name: apache 16 | rel: stable 17 | spec: 18 | containers: 19 | - name: webui 20 | image: httpd:2.2 21 | ports: 22 | - containerPort: 80 23 | -------------------------------------------------------------------------------- /6/rc-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: rc-nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | app: webui 9 | template: 10 | metadata: 11 | name: nginx-pod 12 | labels: 13 | app: webui 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.14 18 | -------------------------------------------------------------------------------- /6/redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | labels: 5 | app: webui 6 | name: redis 7 | spec: 8 | containers: 9 | - image: redis 10 | name: redis 11 | -------------------------------------------------------------------------------- /6/rs-exam1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: rs-exam1 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: webui 10 | matchExpressions: 11 | - {key: ver, operator: Exists} 12 | template: 13 | metadata: 14 | name: nginx-pod 15 | labels: 16 | app: webui 17 | ver: "1.15" 18 | spec: 19 | containers: 20 | - name: nginx-container 21 | image: nginx:1.14 22 | -------------------------------------------------------------------------------- /6/rs-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: rs-nginx 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: webui 10 | template: 11 | metadata: 12 | name: nginx-pod 13 | labels: 14 | app: webui 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.14 19 | -------------------------------------------------------------------------------- /6/statefulset-exam.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: sf-nginx 5 | spec: 6 | replicas: 3 7 | serviceName: sf-service 8 | # podManagementPolicy: OrderedReady 9 | podManagementPolicy: Parallel 10 | selector: 11 | matchLabels: 12 | app: webui 13 | template: 14 | metadata: 15 | name: nginx-pod 16 | labels: 17 | app: webui 18 | spec: 19 | containers: 20 | - name: nginx-container 21 | image: nginx:1.14 22 | -------------------------------------------------------------------------------- /7/clusterip-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: clusterip-service 5 | spec: 6 | type: ClusterIP 7 | clusterIP: 10.100.100.100 8 | selector: 9 | app: webui 10 | ports: 11 | - protocol: TCP 12 | port: 80 13 | targetPort: 80 14 | -------------------------------------------------------------------------------- /7/deploy-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: webui 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: webui 10 | template: 11 | metadata: 12 | name: nginx-pod 13 | labels: 14 | app: webui 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.14 19 | -------------------------------------------------------------------------------- /7/external-name.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: externalname-svc 5 | spec: 6 | type: ExternalName 7 | externalName: google.com 8 | -------------------------------------------------------------------------------- /7/headless-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: headless-service 5 | spec: 6 | type: ClusterIP 7 | clusterIP: None 8 | selector: 9 | app: webui 10 | ports: 11 | - protocol: TCP 12 | port: 80 13 | targetPort: 80 14 | -------------------------------------------------------------------------------- /7/loadbalancer-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: loadbalancer-service 5 | spec: 6 | type: LoadBalancer 7 | selector: 8 | app: webui 9 | ports: 10 | - protocol: TCP 11 | port: 80 12 | targetPort: 80 13 | -------------------------------------------------------------------------------- /7/nodeport-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nodeport-service 5 | spec: 6 | type: NodePort 7 | clusterIP: 10.100.100.200 8 | selector: 9 | app: webui 10 | ports: 11 | - protocol: TCP 12 | port: 80 13 | targetPort: 80 14 | nodePort: 30200 15 | -------------------------------------------------------------------------------- /7/service-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: webui-svc 5 | spec: 6 | selector: 7 | app: webui 8 | ports: 9 | - protocol: TCP 10 | port: 80 11 | targetPort: 80 12 | -------------------------------------------------------------------------------- /8/deploy.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: ingress-nginx 6 | labels: 7 | app.kubernetes.io/name: ingress-nginx 8 | app.kubernetes.io/instance: ingress-nginx 9 | 10 | --- 11 | # Source: ingress-nginx/templates/controller-serviceaccount.yaml 12 | apiVersion: v1 13 | kind: ServiceAccount 14 | metadata: 15 | labels: 16 | helm.sh/chart: ingress-nginx-3.27.0 17 | app.kubernetes.io/name: ingress-nginx 18 | app.kubernetes.io/instance: ingress-nginx 19 | app.kubernetes.io/version: 0.45.0 20 | app.kubernetes.io/managed-by: Helm 21 | app.kubernetes.io/component: controller 22 | name: ingress-nginx 23 | namespace: ingress-nginx 24 | automountServiceAccountToken: true 25 | --- 26 | # Source: ingress-nginx/templates/controller-configmap.yaml 27 | apiVersion: v1 28 | kind: ConfigMap 29 | metadata: 30 | labels: 31 | helm.sh/chart: ingress-nginx-3.27.0 32 | app.kubernetes.io/name: ingress-nginx 33 | app.kubernetes.io/instance: ingress-nginx 34 | app.kubernetes.io/version: 0.45.0 35 | app.kubernetes.io/managed-by: Helm 36 | app.kubernetes.io/component: controller 37 | name: ingress-nginx-controller 38 | namespace: ingress-nginx 39 | data: 40 | --- 41 | # Source: ingress-nginx/templates/clusterrole.yaml 42 | apiVersion: rbac.authorization.k8s.io/v1 43 | kind: ClusterRole 44 | metadata: 45 | labels: 46 | helm.sh/chart: ingress-nginx-3.27.0 47 | app.kubernetes.io/name: ingress-nginx 48 | app.kubernetes.io/instance: ingress-nginx 49 | app.kubernetes.io/version: 0.45.0 50 | app.kubernetes.io/managed-by: Helm 51 | name: ingress-nginx 52 | rules: 53 | - apiGroups: 54 | - '' 55 | resources: 56 | - configmaps 57 | - endpoints 58 | - nodes 59 | - pods 60 | - secrets 61 | verbs: 62 | - list 63 | - watch 64 | - apiGroups: 65 | - '' 66 | resources: 67 | - nodes 68 | verbs: 69 | - get 70 | - apiGroups: 71 | - '' 72 | resources: 73 | - services 74 | verbs: 75 | - get 76 | - list 77 | - watch 78 | - apiGroups: 79 | - extensions 80 | - networking.k8s.io # k8s 1.14+ 81 | resources: 82 | - ingresses 83 | verbs: 84 | - get 85 | - list 86 | - watch 87 | - apiGroups: 88 | - '' 89 | resources: 90 | - events 91 | verbs: 92 | - create 93 | - patch 94 | - apiGroups: 95 | - extensions 96 | - networking.k8s.io # k8s 1.14+ 97 | resources: 98 | - ingresses/status 99 | verbs: 100 | - update 101 | - apiGroups: 102 | - networking.k8s.io # k8s 1.14+ 103 | resources: 104 | - ingressclasses 105 | verbs: 106 | - get 107 | - list 108 | - watch 109 | --- 110 | # Source: ingress-nginx/templates/clusterrolebinding.yaml 111 | apiVersion: rbac.authorization.k8s.io/v1 112 | kind: ClusterRoleBinding 113 | metadata: 114 | labels: 115 | helm.sh/chart: ingress-nginx-3.27.0 116 | app.kubernetes.io/name: ingress-nginx 117 | app.kubernetes.io/instance: ingress-nginx 118 | app.kubernetes.io/version: 0.45.0 119 | app.kubernetes.io/managed-by: Helm 120 | name: ingress-nginx 121 | roleRef: 122 | apiGroup: rbac.authorization.k8s.io 123 | kind: ClusterRole 124 | name: ingress-nginx 125 | subjects: 126 | - kind: ServiceAccount 127 | name: ingress-nginx 128 | namespace: ingress-nginx 129 | --- 130 | # Source: ingress-nginx/templates/controller-role.yaml 131 | apiVersion: rbac.authorization.k8s.io/v1 132 | kind: Role 133 | metadata: 134 | labels: 135 | helm.sh/chart: ingress-nginx-3.27.0 136 | app.kubernetes.io/name: ingress-nginx 137 | app.kubernetes.io/instance: ingress-nginx 138 | app.kubernetes.io/version: 0.45.0 139 | app.kubernetes.io/managed-by: Helm 140 | app.kubernetes.io/component: controller 141 | name: ingress-nginx 142 | namespace: ingress-nginx 143 | rules: 144 | - apiGroups: 145 | - '' 146 | resources: 147 | - namespaces 148 | verbs: 149 | - get 150 | - apiGroups: 151 | - '' 152 | resources: 153 | - configmaps 154 | - pods 155 | - secrets 156 | - endpoints 157 | verbs: 158 | - get 159 | - list 160 | - watch 161 | - apiGroups: 162 | - '' 163 | resources: 164 | - services 165 | verbs: 166 | - get 167 | - list 168 | - watch 169 | - apiGroups: 170 | - extensions 171 | - networking.k8s.io # k8s 1.14+ 172 | resources: 173 | - ingresses 174 | verbs: 175 | - get 176 | - list 177 | - watch 178 | - apiGroups: 179 | - extensions 180 | - networking.k8s.io # k8s 1.14+ 181 | resources: 182 | - ingresses/status 183 | verbs: 184 | - update 185 | - apiGroups: 186 | - networking.k8s.io # k8s 1.14+ 187 | resources: 188 | - ingressclasses 189 | verbs: 190 | - get 191 | - list 192 | - watch 193 | - apiGroups: 194 | - '' 195 | resources: 196 | - configmaps 197 | resourceNames: 198 | - ingress-controller-leader-nginx 199 | verbs: 200 | - get 201 | - update 202 | - apiGroups: 203 | - '' 204 | resources: 205 | - configmaps 206 | verbs: 207 | - create 208 | - apiGroups: 209 | - '' 210 | resources: 211 | - events 212 | verbs: 213 | - create 214 | - patch 215 | --- 216 | # Source: ingress-nginx/templates/controller-rolebinding.yaml 217 | apiVersion: rbac.authorization.k8s.io/v1 218 | kind: RoleBinding 219 | metadata: 220 | labels: 221 | helm.sh/chart: ingress-nginx-3.27.0 222 | app.kubernetes.io/name: ingress-nginx 223 | app.kubernetes.io/instance: ingress-nginx 224 | app.kubernetes.io/version: 0.45.0 225 | app.kubernetes.io/managed-by: Helm 226 | app.kubernetes.io/component: controller 227 | name: ingress-nginx 228 | namespace: ingress-nginx 229 | roleRef: 230 | apiGroup: rbac.authorization.k8s.io 231 | kind: Role 232 | name: ingress-nginx 233 | subjects: 234 | - kind: ServiceAccount 235 | name: ingress-nginx 236 | namespace: ingress-nginx 237 | --- 238 | # Source: ingress-nginx/templates/controller-service-webhook.yaml 239 | apiVersion: v1 240 | kind: Service 241 | metadata: 242 | labels: 243 | helm.sh/chart: ingress-nginx-3.27.0 244 | app.kubernetes.io/name: ingress-nginx 245 | app.kubernetes.io/instance: ingress-nginx 246 | app.kubernetes.io/version: 0.45.0 247 | app.kubernetes.io/managed-by: Helm 248 | app.kubernetes.io/component: controller 249 | name: ingress-nginx-controller-admission 250 | namespace: ingress-nginx 251 | spec: 252 | type: ClusterIP 253 | ports: 254 | - name: https-webhook 255 | port: 443 256 | targetPort: webhook 257 | selector: 258 | app.kubernetes.io/name: ingress-nginx 259 | app.kubernetes.io/instance: ingress-nginx 260 | app.kubernetes.io/component: controller 261 | --- 262 | # Source: ingress-nginx/templates/controller-service.yaml 263 | apiVersion: v1 264 | kind: Service 265 | metadata: 266 | annotations: 267 | labels: 268 | helm.sh/chart: ingress-nginx-3.27.0 269 | app.kubernetes.io/name: ingress-nginx 270 | app.kubernetes.io/instance: ingress-nginx 271 | app.kubernetes.io/version: 0.45.0 272 | app.kubernetes.io/managed-by: Helm 273 | app.kubernetes.io/component: controller 274 | name: ingress-nginx-controller 275 | namespace: ingress-nginx 276 | spec: 277 | type: NodePort 278 | ports: 279 | - name: http 280 | port: 80 281 | protocol: TCP 282 | targetPort: http 283 | nodePort: 30100 284 | - name: https 285 | port: 443 286 | protocol: TCP 287 | targetPort: https 288 | nodePort: 30200 289 | selector: 290 | app.kubernetes.io/name: ingress-nginx 291 | app.kubernetes.io/instance: ingress-nginx 292 | app.kubernetes.io/component: controller 293 | --- 294 | # Source: ingress-nginx/templates/controller-deployment.yaml 295 | apiVersion: apps/v1 296 | kind: Deployment 297 | metadata: 298 | labels: 299 | helm.sh/chart: ingress-nginx-3.27.0 300 | app.kubernetes.io/name: ingress-nginx 301 | app.kubernetes.io/instance: ingress-nginx 302 | app.kubernetes.io/version: 0.45.0 303 | app.kubernetes.io/managed-by: Helm 304 | app.kubernetes.io/component: controller 305 | name: ingress-nginx-controller 306 | namespace: ingress-nginx 307 | spec: 308 | selector: 309 | matchLabels: 310 | app.kubernetes.io/name: ingress-nginx 311 | app.kubernetes.io/instance: ingress-nginx 312 | app.kubernetes.io/component: controller 313 | revisionHistoryLimit: 10 314 | minReadySeconds: 0 315 | template: 316 | metadata: 317 | labels: 318 | app.kubernetes.io/name: ingress-nginx 319 | app.kubernetes.io/instance: ingress-nginx 320 | app.kubernetes.io/component: controller 321 | spec: 322 | dnsPolicy: ClusterFirst 323 | containers: 324 | - name: controller 325 | image: k8s.gcr.io/ingress-nginx/controller:v0.45.0@sha256:c4390c53f348c3bd4e60a5dd6a11c35799ae78c49388090140b9d72ccede1755 326 | imagePullPolicy: IfNotPresent 327 | lifecycle: 328 | preStop: 329 | exec: 330 | command: 331 | - /wait-shutdown 332 | args: 333 | - /nginx-ingress-controller 334 | - --election-id=ingress-controller-leader 335 | - --ingress-class=nginx 336 | - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller 337 | - --validating-webhook=:8443 338 | - --validating-webhook-certificate=/usr/local/certificates/cert 339 | - --validating-webhook-key=/usr/local/certificates/key 340 | securityContext: 341 | capabilities: 342 | drop: 343 | - ALL 344 | add: 345 | - NET_BIND_SERVICE 346 | runAsUser: 101 347 | allowPrivilegeEscalation: true 348 | env: 349 | - name: POD_NAME 350 | valueFrom: 351 | fieldRef: 352 | fieldPath: metadata.name 353 | - name: POD_NAMESPACE 354 | valueFrom: 355 | fieldRef: 356 | fieldPath: metadata.namespace 357 | - name: LD_PRELOAD 358 | value: /usr/local/lib/libmimalloc.so 359 | livenessProbe: 360 | httpGet: 361 | path: /healthz 362 | port: 10254 363 | scheme: HTTP 364 | initialDelaySeconds: 10 365 | periodSeconds: 10 366 | timeoutSeconds: 1 367 | successThreshold: 1 368 | failureThreshold: 5 369 | readinessProbe: 370 | httpGet: 371 | path: /healthz 372 | port: 10254 373 | scheme: HTTP 374 | initialDelaySeconds: 10 375 | periodSeconds: 10 376 | timeoutSeconds: 1 377 | successThreshold: 1 378 | failureThreshold: 3 379 | ports: 380 | - name: http 381 | containerPort: 80 382 | protocol: TCP 383 | - name: https 384 | containerPort: 443 385 | protocol: TCP 386 | - name: webhook 387 | containerPort: 8443 388 | protocol: TCP 389 | volumeMounts: 390 | - name: webhook-cert 391 | mountPath: /usr/local/certificates/ 392 | readOnly: true 393 | resources: 394 | requests: 395 | cpu: 100m 396 | memory: 90Mi 397 | nodeSelector: 398 | kubernetes.io/os: linux 399 | serviceAccountName: ingress-nginx 400 | terminationGracePeriodSeconds: 300 401 | volumes: 402 | - name: webhook-cert 403 | secret: 404 | secretName: ingress-nginx-admission 405 | --- 406 | # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml 407 | # before changing this value, check the required kubernetes version 408 | # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites 409 | apiVersion: admissionregistration.k8s.io/v1 410 | kind: ValidatingWebhookConfiguration 411 | metadata: 412 | labels: 413 | helm.sh/chart: ingress-nginx-3.27.0 414 | app.kubernetes.io/name: ingress-nginx 415 | app.kubernetes.io/instance: ingress-nginx 416 | app.kubernetes.io/version: 0.45.0 417 | app.kubernetes.io/managed-by: Helm 418 | app.kubernetes.io/component: admission-webhook 419 | name: ingress-nginx-admission 420 | webhooks: 421 | - name: validate.nginx.ingress.kubernetes.io 422 | matchPolicy: Equivalent 423 | rules: 424 | - apiGroups: 425 | - networking.k8s.io 426 | apiVersions: 427 | - v1beta1 428 | operations: 429 | - CREATE 430 | - UPDATE 431 | resources: 432 | - ingresses 433 | failurePolicy: Fail 434 | sideEffects: None 435 | admissionReviewVersions: 436 | - v1 437 | - v1beta1 438 | clientConfig: 439 | service: 440 | namespace: ingress-nginx 441 | name: ingress-nginx-controller-admission 442 | path: /networking/v1beta1/ingresses 443 | --- 444 | # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml 445 | apiVersion: v1 446 | kind: ServiceAccount 447 | metadata: 448 | name: ingress-nginx-admission 449 | annotations: 450 | helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade 451 | helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded 452 | labels: 453 | helm.sh/chart: ingress-nginx-3.27.0 454 | app.kubernetes.io/name: ingress-nginx 455 | app.kubernetes.io/instance: ingress-nginx 456 | app.kubernetes.io/version: 0.45.0 457 | app.kubernetes.io/managed-by: Helm 458 | app.kubernetes.io/component: admission-webhook 459 | namespace: ingress-nginx 460 | --- 461 | # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml 462 | apiVersion: rbac.authorization.k8s.io/v1 463 | kind: ClusterRole 464 | metadata: 465 | name: ingress-nginx-admission 466 | annotations: 467 | helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade 468 | helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded 469 | labels: 470 | helm.sh/chart: ingress-nginx-3.27.0 471 | app.kubernetes.io/name: ingress-nginx 472 | app.kubernetes.io/instance: ingress-nginx 473 | app.kubernetes.io/version: 0.45.0 474 | app.kubernetes.io/managed-by: Helm 475 | app.kubernetes.io/component: admission-webhook 476 | rules: 477 | - apiGroups: 478 | - admissionregistration.k8s.io 479 | resources: 480 | - validatingwebhookconfigurations 481 | verbs: 482 | - get 483 | - update 484 | --- 485 | # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml 486 | apiVersion: rbac.authorization.k8s.io/v1 487 | kind: ClusterRoleBinding 488 | metadata: 489 | name: ingress-nginx-admission 490 | annotations: 491 | helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade 492 | helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded 493 | labels: 494 | helm.sh/chart: ingress-nginx-3.27.0 495 | app.kubernetes.io/name: ingress-nginx 496 | app.kubernetes.io/instance: ingress-nginx 497 | app.kubernetes.io/version: 0.45.0 498 | app.kubernetes.io/managed-by: Helm 499 | app.kubernetes.io/component: admission-webhook 500 | roleRef: 501 | apiGroup: rbac.authorization.k8s.io 502 | kind: ClusterRole 503 | name: ingress-nginx-admission 504 | subjects: 505 | - kind: ServiceAccount 506 | name: ingress-nginx-admission 507 | namespace: ingress-nginx 508 | --- 509 | # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml 510 | apiVersion: rbac.authorization.k8s.io/v1 511 | kind: Role 512 | metadata: 513 | name: ingress-nginx-admission 514 | annotations: 515 | helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade 516 | helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded 517 | labels: 518 | helm.sh/chart: ingress-nginx-3.27.0 519 | app.kubernetes.io/name: ingress-nginx 520 | app.kubernetes.io/instance: ingress-nginx 521 | app.kubernetes.io/version: 0.45.0 522 | app.kubernetes.io/managed-by: Helm 523 | app.kubernetes.io/component: admission-webhook 524 | namespace: ingress-nginx 525 | rules: 526 | - apiGroups: 527 | - '' 528 | resources: 529 | - secrets 530 | verbs: 531 | - get 532 | - create 533 | --- 534 | # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml 535 | apiVersion: rbac.authorization.k8s.io/v1 536 | kind: RoleBinding 537 | metadata: 538 | name: ingress-nginx-admission 539 | annotations: 540 | helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade 541 | helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded 542 | labels: 543 | helm.sh/chart: ingress-nginx-3.27.0 544 | app.kubernetes.io/name: ingress-nginx 545 | app.kubernetes.io/instance: ingress-nginx 546 | app.kubernetes.io/version: 0.45.0 547 | app.kubernetes.io/managed-by: Helm 548 | app.kubernetes.io/component: admission-webhook 549 | namespace: ingress-nginx 550 | roleRef: 551 | apiGroup: rbac.authorization.k8s.io 552 | kind: Role 553 | name: ingress-nginx-admission 554 | subjects: 555 | - kind: ServiceAccount 556 | name: ingress-nginx-admission 557 | namespace: ingress-nginx 558 | --- 559 | # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml 560 | apiVersion: batch/v1 561 | kind: Job 562 | metadata: 563 | name: ingress-nginx-admission-create 564 | annotations: 565 | helm.sh/hook: pre-install,pre-upgrade 566 | helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded 567 | labels: 568 | helm.sh/chart: ingress-nginx-3.27.0 569 | app.kubernetes.io/name: ingress-nginx 570 | app.kubernetes.io/instance: ingress-nginx 571 | app.kubernetes.io/version: 0.45.0 572 | app.kubernetes.io/managed-by: Helm 573 | app.kubernetes.io/component: admission-webhook 574 | namespace: ingress-nginx 575 | spec: 576 | template: 577 | metadata: 578 | name: ingress-nginx-admission-create 579 | labels: 580 | helm.sh/chart: ingress-nginx-3.27.0 581 | app.kubernetes.io/name: ingress-nginx 582 | app.kubernetes.io/instance: ingress-nginx 583 | app.kubernetes.io/version: 0.45.0 584 | app.kubernetes.io/managed-by: Helm 585 | app.kubernetes.io/component: admission-webhook 586 | spec: 587 | containers: 588 | - name: create 589 | image: docker.io/jettech/kube-webhook-certgen:v1.5.1 590 | imagePullPolicy: IfNotPresent 591 | args: 592 | - create 593 | - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc 594 | - --namespace=$(POD_NAMESPACE) 595 | - --secret-name=ingress-nginx-admission 596 | env: 597 | - name: POD_NAMESPACE 598 | valueFrom: 599 | fieldRef: 600 | fieldPath: metadata.namespace 601 | restartPolicy: OnFailure 602 | serviceAccountName: ingress-nginx-admission 603 | securityContext: 604 | runAsNonRoot: true 605 | runAsUser: 2000 606 | --- 607 | # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml 608 | apiVersion: batch/v1 609 | kind: Job 610 | metadata: 611 | name: ingress-nginx-admission-patch 612 | annotations: 613 | helm.sh/hook: post-install,post-upgrade 614 | helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded 615 | labels: 616 | helm.sh/chart: ingress-nginx-3.27.0 617 | app.kubernetes.io/name: ingress-nginx 618 | app.kubernetes.io/instance: ingress-nginx 619 | app.kubernetes.io/version: 0.45.0 620 | app.kubernetes.io/managed-by: Helm 621 | app.kubernetes.io/component: admission-webhook 622 | namespace: ingress-nginx 623 | spec: 624 | template: 625 | metadata: 626 | name: ingress-nginx-admission-patch 627 | labels: 628 | helm.sh/chart: ingress-nginx-3.27.0 629 | app.kubernetes.io/name: ingress-nginx 630 | app.kubernetes.io/instance: ingress-nginx 631 | app.kubernetes.io/version: 0.45.0 632 | app.kubernetes.io/managed-by: Helm 633 | app.kubernetes.io/component: admission-webhook 634 | spec: 635 | containers: 636 | - name: patch 637 | image: docker.io/jettech/kube-webhook-certgen:v1.5.1 638 | imagePullPolicy: IfNotPresent 639 | args: 640 | - patch 641 | - --webhook-name=ingress-nginx-admission 642 | - --namespace=$(POD_NAMESPACE) 643 | - --patch-mutating=false 644 | - --secret-name=ingress-nginx-admission 645 | - --patch-failure-policy=Fail 646 | env: 647 | - name: POD_NAMESPACE 648 | valueFrom: 649 | fieldRef: 650 | fieldPath: metadata.namespace 651 | restartPolicy: OnFailure 652 | serviceAccountName: ingress-nginx-admission 653 | securityContext: 654 | runAsNonRoot: true 655 | runAsUser: 2000 656 | -------------------------------------------------------------------------------- /8/webserver-demo/ingress/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: marvel-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | backend: 11 | serviceName: marvel-service 12 | servicePort: 80 13 | - path: /pay 14 | backend: 15 | serviceName: pay-service 16 | servicePort: 80 17 | -------------------------------------------------------------------------------- /8/webserver-demo/ingress/marvel-home.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: marvel-home 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | name: marvel 10 | template: 11 | metadata: 12 | labels: 13 | name: marvel 14 | spec: 15 | containers: 16 | - image: smlinux/marvel-collection 17 | name: marvel-container 18 | ports: 19 | - containerPort: 80 20 | --- 21 | apiVersion: v1 22 | kind: Service 23 | metadata: 24 | name: marvel-service 25 | spec: 26 | ports: 27 | - port: 80 28 | protocol: TCP 29 | targetPort: 80 30 | selector: 31 | name: marvel 32 | 33 | -------------------------------------------------------------------------------- /8/webserver-demo/ingress/pay.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: pay-rc 5 | spec: 6 | replicas: 3 7 | template: 8 | metadata: 9 | labels: 10 | app: pay 11 | spec: 12 | containers: 13 | - image: smlinux/pay 14 | name: pay 15 | ports: 16 | - containerPort: 8080 17 | --- 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: pay-service 22 | spec: 23 | ports: 24 | - port: 80 25 | targetPort: 8080 26 | selector: 27 | app: pay 28 | -------------------------------------------------------------------------------- /8/webserver-demo/marvel-collection/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx:1.14 2 | LABEL maintainer="NGINX Front-end container " 3 | 4 | COPY html /usr/share/nginx/html 5 | 6 | CMD ["nginx", "-g", "daemon off;"] 7 | -------------------------------------------------------------------------------- /8/webserver-demo/marvel-collection/html/images/category.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/237summit/Getting-Start-Kubernetes/9430a2e2074f3369e2cb36898c798ec9c133f1c0/8/webserver-demo/marvel-collection/html/images/category.png -------------------------------------------------------------------------------- /8/webserver-demo/marvel-collection/html/images/marvel_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/237summit/Getting-Start-Kubernetes/9430a2e2074f3369e2cb36898c798ec9c133f1c0/8/webserver-demo/marvel-collection/html/images/marvel_logo.png -------------------------------------------------------------------------------- /8/webserver-demo/marvel-collection/html/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | marvel heroes 4 | 5 | 6 |
7 |
8 |

Marvel Entertainment/Marvel Studios


9 |
10 | [payment]
11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /8/webserver-demo/paymentjs/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:7 2 | COPY app.js /app.js 3 | ENTRYPOINT ["node", "app.js"] 4 | -------------------------------------------------------------------------------- /8/webserver-demo/paymentjs/app.js: -------------------------------------------------------------------------------- 1 | const http = require('http'); 2 | var handler = function(request, response) { 3 | console.log("Received request from " + request.connection.remoteAddress); 4 | response.writeHead(200); 5 | response.end("PAYMENT Page" + "\n"); 6 | }; 7 | 8 | var www = http.createServer(handler); 9 | www.listen(8080); 10 | -------------------------------------------------------------------------------- /9/annotation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: pod-annotation 5 | annotations: 6 | builder: "seongmi Lee (seongmi.lee@gmail.com)" 7 | buildDate: "20210502" 8 | imageRegistry: https://hub.docker.com/ 9 | spec: 10 | containers: 11 | - name: nginx 12 | image: nginx:1.14 13 | ports: 14 | - containerPort: 80 15 | -------------------------------------------------------------------------------- /9/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: deploy-nginx 5 | annotations: 6 | kubernetes.io/change-cause: version 1.15 7 | spec: 8 | progressDeadlineSeconds: 600 9 | revisionHistoryLimit: 10 10 | strategy: 11 | rollingUpdate: 12 | maxSurge: 25% 13 | maxUnavailable: 25% 14 | type: RollingUpdate 15 | replicas: 3 16 | selector: 17 | matchLabels: 18 | app: webui 19 | template: 20 | metadata: 21 | labels: 22 | app: webui 23 | spec: 24 | containers: 25 | - name: web 26 | image: nginx:1.15 27 | ports: 28 | - containerPort: 80 29 | 30 | -------------------------------------------------------------------------------- /9/mainui-canary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: mainui-canary 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: mainui 10 | version: canary 11 | template: 12 | metadata: 13 | labels: 14 | app: mainui 15 | version: canary 16 | spec: 17 | containers: 18 | - name: mainui 19 | image: nginx:1.15 20 | ports: 21 | - containerPort: 80 22 | -------------------------------------------------------------------------------- /9/mainui-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: mainui-svc 5 | spec: 6 | selector: 7 | app: mainui 8 | ports: 9 | - port: 8080 10 | protocol: TCP 11 | targetPort: 8080 12 | -------------------------------------------------------------------------------- /9/mainui-stable.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: mainui-stable 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | app: mainui 10 | version: stable 11 | template: 12 | metadata: 13 | labels: 14 | app: mainui 15 | version: stable 16 | spec: 17 | containers: 18 | - name: mainui 19 | image: nginx:1.14 20 | ports: 21 | - containerPort: 80 22 | -------------------------------------------------------------------------------- /9/nodeselector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: pod-nodeselector 5 | spec: 6 | nodeSelector: 7 | gpu: "true" 8 | disk: ssd 9 | containers: 10 | - name: nginx 11 | image: nginx:1.14 12 | ports: 13 | - containerPort: 80 14 | -------------------------------------------------------------------------------- /9/pod1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: pod-demo 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx:1.14 9 | ports: 10 | - containerPort: 80 11 | -------------------------------------------------------------------------------- /9/pod2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: label-pod-demo 5 | labels: 6 | name: mainui 7 | rel: stable 8 | spec: 9 | containers: 10 | - name: nginx 11 | image: nginx:1.14 12 | ports: 13 | - containerPort: 80 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 쿠버네티스 실습 LAB 2 | ## 따배쿠 사용 example 3 | ## Last updated on: 2023.09.02 4 | ## CONTENTS 5 | ├── 5 6 | │   ├── init-container-exam2.yaml 7 | │   ├── init-container-exam-svc.yaml 8 | │   ├── init-container-exam.yaml 9 | │   ├── liveness-exam.yaml 10 | │   ├── pod-liveness.yaml 11 | │   ├── pod-multi.yaml 12 | │   ├── pod-mysql.yaml 13 | │   ├── pod-nginx-env.yaml 14 | │   ├── pod-nginx-liveness.yaml 15 | │   ├── pod-nginx-resources.yaml 16 | │   ├── pod-nginx.yaml 17 | │   ├── redis.yaml 18 | │   └── stress.yaml 19 | ├── 6 20 | │   ├── cronjob-exam.yaml 21 | │   ├── daemonset-exam.yaml 22 | │   ├── deployment-exam1.yaml 23 | │   ├── deployment-exam2.yaml 24 | │   ├── deploy-nginx.yaml 25 | │   ├── job-exam.yaml 26 | │   ├── pod-redis.yaml 27 | │   ├── rc-exam.yaml 28 | │   ├── rc-lab1.yaml 29 | │   ├── rc-nginx.yaml 30 | │   ├── redis.yaml 31 | │   ├── rs-exam1.yaml 32 | │   ├── rs-nginx.yaml 33 | │   └── statefulset-exam.yaml 34 | ├── 7 35 | │   ├── clusterip-nginx.yaml 36 | │   ├── deploy-nginx.yaml 37 | │   ├── external-name.yaml 38 | │   ├── headless-nginx.yaml 39 | │   ├── loadbalancer-nginx.yaml 40 | │   ├── nodeport-nginx.yaml 41 | │   └── service-nginx.yaml 42 | ├── 8 43 | │   ├── deploy.yaml 44 | │   └── webserver-demo 45 | │   ├── ingress 46 | │   │   ├── ingress.yaml 47 | │   │   ├── marvel-home.yaml 48 | │   │   └── pay.yaml 49 | │   ├── marvel-collection 50 | │   │   ├── Dockerfile 51 | │   │   └── html 52 | │   │   ├── images 53 | │   │   │   ├── category.png 54 | │   │   │   └── marvel_logo.png 55 | │   │   └── index.html 56 | │   └── paymentjs 57 | │   ├── app.js 58 | │   └── Dockerfile 59 | ├── 9 60 | │   ├── annotation.yaml 61 | │   ├── deployment.yaml 62 | │   ├── mainui-canary.yaml 63 | │   ├── mainui-service.yaml 64 | │   ├── mainui-stable.yaml 65 | │   ├── nodeselector.yaml 66 | │   ├── pod1.yaml 67 | │   └── pod2.yaml 68 | ├── 10 69 | │   ├── build 70 | │   │   ├── Dockerfile 71 | │   │   └── genid.sh 72 | │   ├── config.dir 73 | │   │   └── nginx-config.conf 74 | │   ├── genid-volume.yaml 75 | │   ├── genid-whole.yaml 76 | │   ├── genid.yaml 77 | │   └── text.file 78 | ├── 11 79 | │   ├── genid-env-secret.yaml 80 | │   ├── genid-volume-secret.yaml 81 | │   └── genid-web-config 82 | │   └── nginx-config.conf 83 | ├── 12 84 | │   ├── deploy-nginx.yaml 85 | │   ├── nodeselector.yaml 86 | │   ├── pod-affinity.yaml 87 | │   ├── pod-antiaffinity.yaml 88 | │   ├── redis-ssd.yaml 89 | │   ├── tensorflow-gpu-ssd.yaml 90 | │   └── tensorflow-gpu.yaml 91 | ├── 13 92 | │   ├── csr-myuser.yaml 93 | │   ├── myuser.crt 94 | │   ├── myuser.csr 95 | │   ├── myuser.key 96 | │   └── testpod.yaml 97 | ├── 14 98 | │   ├── empty.yaml 99 | │   ├── hostpath.yaml 100 | │   ├── nfs.yaml 101 | │   ├── pvc-pod-web.yaml 102 | │   ├── pvc.yaml 103 | │   ├── pv-hostpath.yaml 104 | │   ├── pv.yaml 105 | │   ├── testpods.yaml 106 | │   └── volume-hostpath.yaml 107 | ├── 15 108 | │   ├── deployment.yaml 109 | │   └── svc.yaml 110 | ├── 16 111 | │   ├── custom-dns.yaml 112 | │   ├── deployment.yaml 113 | │   └── svc.yaml 114 | ├── 17 115 | ├── 18 116 | │   ├── deploy_web.yaml 117 | │   └── hpa_web.yaml 118 | ├── 21 119 | │   ├── Helm_note 120 | │   └── d 121 | └── README.md 122 | --------------------------------------------------------------------------------