├── .gitignore ├── README.md └── samples ├── chapter01 ├── Dockerfile ├── Dockerfile-MultiStage ├── Dockerfile-Scratch └── main.go ├── chapter03 ├── kind-alpha.yaml └── kind.yaml ├── chapter04 ├── dir │ ├── innerdir │ │ └── sample-pod3.yaml │ ├── sample-pod1.yaml │ └── sample-pod2.yaml ├── kubeconfig ├── merge-sample │ ├── apply.yaml │ ├── apply_result.yaml_ │ ├── base.yaml │ └── create_result.yaml_ ├── prune-sample │ ├── sample-pod1.yaml │ └── sample-pod2.yaml ├── sample-annotations.yaml ├── sample-deployment.yaml ├── sample-generatename.yaml ├── sample-label.yaml ├── sample-multi-resource-manifest.yaml ├── sample-pod.json └── sample-pod.yaml ├── chapter05 ├── sample-2pod-fail.yaml ├── sample-2pod.yaml ├── sample-cronjob.yaml ├── sample-deployment-params.yaml ├── sample-deployment-recreate.yaml ├── sample-deployment-rollingupdate.yaml ├── sample-deployment.yaml ├── sample-dnspolicy-clusterfirst.yaml ├── sample-dnspolicy-clusterfirstwithhostnet.yaml ├── sample-dnspolicy-default.yaml ├── sample-dnspolicy-none.yaml ├── sample-ds-ondelete.yaml ├── sample-ds-rollingupdate.yaml ├── sample-ds.yaml ├── sample-entrypoint.yaml ├── sample-hostaliases.yaml ├── sample-hostnetwork.yaml ├── sample-job-never-restart.yaml ├── sample-job-onfailure-restart.yaml ├── sample-job-ttl.yaml ├── sample-job.yaml ├── sample-multi-task-job.yaml ├── sample-multi-workqueue-job.yaml ├── sample-oneshot-task-job.yaml ├── sample-paralleljob.yaml ├── sample-pod.yaml ├── sample-podname-fail.yaml ├── sample-rs-fail.yaml ├── sample-rs-pod.yaml ├── sample-rs.yaml ├── sample-single-workqueue-job.yaml ├── sample-statefulset-ondelete.yaml ├── sample-statefulset-parallel.yaml ├── sample-statefulset-rollingupdate.yaml ├── sample-statefulset.yaml └── sample-workingdir.yaml ├── chapter06 ├── no-sample-session-affinity.yaml ├── sample-clusterip-multi.yaml ├── sample-clusterip-vip.yaml ├── sample-clusterip.yaml ├── sample-deployment-servicelinks.yaml ├── sample-deployment.yaml ├── sample-ds.yaml ├── sample-externalip.yaml ├── sample-externalname.yaml ├── sample-headless.yaml ├── sample-ingress-apps.yaml ├── sample-ingress-by-aks.yaml ├── sample-ingress-by-gke.yaml ├── sample-ingress-by-nginx.yaml ├── sample-ingress.yaml ├── sample-lb-fixip.yaml ├── sample-lb-fw.yaml ├── sample-lb-local.yaml ├── sample-lb.yaml ├── sample-named-port-deployment.yaml ├── sample-named-port-pods.yaml ├── sample-named-port-service.yaml ├── sample-nodeport-fail.yaml ├── sample-nodeport-fail2.yaml ├── sample-nodeport-local.yaml ├── sample-nodeport.yaml ├── sample-none-selector.yaml ├── sample-pod.yaml ├── sample-service-topology.yaml ├── sample-session-affinity.yaml ├── sample-statefulset-headless.yaml ├── sample-subdomain.yaml └── tls-sample.yaml ├── chapter07 ├── env-secret.txt ├── image.jpg ├── install-gcp-csi.sh ├── nginx.conf ├── restored-pod.yaml ├── restored-pvc.yaml ├── sample-basic-auth.yaml ├── sample-configmap-binary-webserver.yaml ├── sample-configmap-binary.yaml ├── sample-configmap-immutable.yaml ├── sample-configmap-multi-env.yaml ├── sample-configmap-multi-volume.yaml ├── sample-configmap-scripts.yaml ├── sample-configmap-single-env.yaml ├── sample-configmap-single-volume.yaml ├── sample-configmap.yaml ├── sample-csi-storageclass.yaml ├── sample-csi-volumesnapshotclass.yaml ├── sample-db-auth-nobase64.yaml ├── sample-db-auth.yaml ├── sample-downward-api.yaml ├── sample-emptydir-limit.yaml ├── sample-emptydir-memory-with-memory-limits.yaml ├── sample-emptydir-memory.yaml ├── sample-emptydir.yaml ├── sample-env-container.yaml ├── sample-env-fail.yaml ├── sample-env-fail2.yaml ├── sample-env-fail3.yaml ├── sample-env-pod.yaml ├── sample-env.yaml ├── sample-gitrepo.yaml ├── sample-hostpath.yaml ├── sample-key ├── sample-key.pub ├── sample-projected.yaml ├── sample-pull-secret.yaml ├── sample-pv-readonlymany.yaml ├── sample-pv.yaml ├── sample-pvc-block-pod.yaml ├── sample-pvc-block.yaml ├── sample-pvc-dynamic-pod.yaml ├── sample-pvc-dynamic.yaml ├── sample-pvc-pod.yaml ├── sample-pvc-resize-pod.yaml ├── sample-pvc-resize.yaml ├── sample-pvc-wait-pod.yaml ├── sample-pvc-wait.yaml ├── sample-pvc.yaml ├── sample-readonly-volumemount.yaml ├── sample-secret-binary-webserver.yaml ├── sample-secret-binary.yaml ├── sample-secret-immutable.yaml ├── sample-secret-multi-env.yaml ├── sample-secret-multi-volume.yaml ├── sample-secret-prefix-env.yaml ├── sample-secret-secure.yaml ├── sample-secret-single-env.yaml ├── sample-secret-single-volume.yaml ├── sample-ssh-auth.yaml ├── sample-statefulset-with-pvc.yaml ├── sample-storageclass-manual.yaml ├── sample-storageclass-resize.yaml ├── sample-storageclass-wait.yaml ├── sample-storageclass.yaml ├── sample-subpath.yaml ├── source-pod.yaml ├── source-pvc-snapshot.yaml └── source-pvc.yaml ├── chapter08 └── sample-namespace.yaml ├── chapter09 ├── sample-ephemeral-storage-multi.yaml ├── sample-ephemeral-storage.yaml ├── sample-hpa-behavior.yaml ├── sample-hpa-deployment.yaml ├── sample-hpa.yaml ├── sample-limitrange-container.yaml ├── sample-limitrange-pod.yaml ├── sample-limitrange-pvc.yaml ├── sample-pod-overratio.yaml ├── sample-pod-overrequest.yaml ├── sample-pod.yaml ├── sample-pvc-fail.yaml ├── sample-qos-besteffort.yaml ├── sample-qos-burstable.yaml ├── sample-qos-guaranteed.yaml ├── sample-resource-containers.yaml ├── sample-resource-only-limits.yaml ├── sample-resource-only-requests.yaml ├── sample-resource.yaml ├── sample-resourcequota-count-new.yaml ├── sample-resourcequota-count-old.yaml ├── sample-resourcequota-usable.yaml ├── sample-resourcequota.yaml ├── sample-vpa-deployment.yaml └── sample-vpa.yaml ├── chapter10 ├── sample-deployment-readinessgate.yaml ├── sample-healthcheck.yaml ├── sample-initcontainer.yaml ├── sample-lifecycle-exec.yaml ├── sample-lifecycle-httpget.yaml ├── sample-liveness.yaml ├── sample-publish-notready.yaml ├── sample-readiness.yaml ├── sample-readinessgate.yaml ├── sample-restart-always.yaml ├── sample-restart-never.yaml ├── sample-restart-onfailure.yaml ├── sample-startup-shortfail.yaml ├── sample-startup.yaml └── sample-termination.yaml ├── chapter11 ├── sample-deployment.yaml ├── sample-pod-disruption-budget-fail.yaml ├── sample-pod-disruption-budget-percentage.yaml └── sample-pod-disruption-budget.yaml ├── chapter12 ├── sample-custom-scheduler.yaml ├── sample-high-priority.yaml ├── sample-matchexpressions-deployment.yaml ├── sample-node-affinity-fail.yaml ├── sample-node-affinity.yaml ├── sample-nodeselector.yaml ├── sample-nodespecific-scheduling.yaml ├── sample-pod-affinity-host.yaml ├── sample-pod-affinity-zone-host.yaml ├── sample-pod-antiaffinity-host.yaml ├── sample-pod-complex-scheduling.yaml ├── sample-pod.yaml ├── sample-priority-class-fail.yaml ├── sample-priority-class-preemption-policy.yaml ├── sample-priority-class.yaml ├── sample-tolerations-second.yaml ├── sample-tolerations.yaml └── sample-topology-spread-constraints.yaml ├── chapter13 ├── allow-all-networkpolicy.yaml ├── cloud-networkpolicy.yaml ├── deny-all-networkpolicy.yaml ├── externalsecret │ ├── data.txt │ ├── sample-external-secret.yaml │ └── values.yaml ├── kubesec │ └── sample-db-auth.yaml ├── networkpolicy-playground.yaml ├── sample-aggregated-clusterrole.yaml ├── sample-capabilities.yaml ├── sample-clusterrole.yaml ├── sample-clusterrolebinding.yaml ├── sample-fsgroup.yaml ├── sample-ipblock-ingress-networkpolicy.yaml ├── sample-kubectl.yaml ├── sample-namespaceselector-ingress-networkpolicy.yaml ├── sample-networkpolicy.yaml ├── sample-nonroot.yaml ├── sample-pod.yaml ├── sample-podpreset.yaml ├── sample-podsecuritypolicy.yaml ├── sample-podselector-ingress-networkpolicy.yaml ├── sample-preset-fail-pod.yaml ├── sample-preset-pod.yaml ├── sample-privileged.yaml ├── sample-role.yaml ├── sample-rolebinding.yaml ├── sample-rootfile-readonly.yaml ├── sample-rs-podsecuritypolicy.yaml ├── sample-rs.yaml ├── sample-runuser.yaml ├── sample-serviceaccount-noautomount-pod.yaml ├── sample-serviceaccount-noautomount.yaml ├── sample-serviceaccount-pod.yaml ├── sample-serviceaccount-pullsecret-pod.yaml ├── sample-serviceaccount-pullsecret.yaml ├── sample-serviceaccount.yaml ├── sample-sysctl-annotation.yaml ├── sample-sysctl-initcontainer.yaml ├── sample-sysctl.yaml └── sealedsecret │ └── sample-db-auth.yaml ├── chapter14 ├── helm │ └── values.yaml └── kustomize │ ├── commonmeta-sample │ ├── kustomization.yaml │ ├── sample-deployment.yaml │ └── sample-lb.yaml │ ├── generate-sample │ ├── kustomization.yaml │ ├── sample-deployment.yaml │ └── sample.txt │ ├── image-sample │ ├── kustomization.yaml │ ├── sample-deployment.yaml │ └── sample-lb.yaml │ ├── name-sample │ ├── kustomization.yaml │ ├── sample-deployment.yaml │ └── sample-lb.yaml │ ├── namespace-sample │ ├── kustomization.yaml │ ├── sample-deployment.yaml │ └── sample-lb.yaml │ ├── production │ ├── kustomization.yaml │ └── patch-replicas.yaml │ ├── resources-sample │ ├── kustomization.yaml │ ├── sample-deployment.yaml │ └── sample-lb.yaml │ ├── role-sample │ ├── kustomization.yaml │ ├── sample-role.yaml │ ├── sample-rolebinding.yaml │ └── sample-serviceaccount.yaml │ └── staging │ ├── kustomization.yaml │ └── patch-replicas.yaml ├── chapter15 ├── datadog-a.yaml ├── datadog-b.yaml ├── datadog_values.yaml └── prometheus_lb_values.yaml ├── chapter16 └── datadog_with_logs_values.yaml ├── chapter17 ├── argocd │ ├── install.yaml │ ├── manifests │ │ ├── sample-cd-clusterip.yaml │ │ └── sample-cd-deployment.yaml │ └── sample-cd.yaml ├── conftest │ ├── fail-deployment.yaml │ ├── policy │ │ └── sample.rego │ └── success-deployment.yaml ├── kubeval │ └── fail-deployment.yaml ├── opa-gatekeeper │ ├── requiredlabels │ │ ├── constraint.yaml │ │ ├── example.yaml │ │ └── template.yaml │ └── uniqueserviceselector │ │ ├── constraint.yaml │ │ ├── example1.yaml │ │ ├── example2.yaml │ │ ├── sync-service.yaml │ │ └── template.yaml ├── skaffold │ ├── Dockerfile │ ├── dev-skaffold-deployment.yaml │ ├── dev-skaffold-service.yaml │ ├── main.go │ ├── profiles-skaffold.yaml │ ├── skaffold-deployment.yaml │ ├── skaffold-service.yaml │ ├── skaffold.yaml │ └── skip-push-skaffold.yaml └── telepresence │ ├── replace-deployment.yaml │ ├── sample-clusterip.yaml │ └── sample-deployment.yaml ├── chapter18 ├── sample-deployment.yaml ├── sample-istio-fault-injection-abort.yaml ├── sample-istio-fault-injection-delay.yaml └── sample-istio-specific-request.yaml └── chapter19 ├── sample-cr.yaml └── sample-crd.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 『Kubernetes完全ガイド(第二版)』 付録マニフェストのリポジトリ 2 | 3 | はじめまして。 4 | 青山真也([@amsy810](https://twitter.com/@amsy810))と申します。 5 | 6 | この度は『Kubernetes完全ガイド( `第二版` )』を選んで頂き、誠にありがとうございます。 7 | (このリポジトリへのStarもお待ちしております。) 8 | 9 | 電子書籍に関しては、Amazon以外からもPDFなどで入手可能です。 10 | * Amazon: https://www.amazon.co.jp/dp/4295009792 11 | * Impress: https://book.impress.co.jp/books/1119101148 12 | * その他いくつかのサイト 13 | 14 | 15 | ## (注意)第一版について 16 | 17 | こちらのブランチは `第二版` 用です。 18 | `第一版` に関しては、[1st-edition branch](https://github.com/MasayaAoyama/kubernetes-perfect-guide/tree/1st-edition)を参照してください。 19 | 20 | ``` 21 | $ git checkout 1st-edition 22 | ``` 23 | 24 | # Kubernetes perfect guide "2nd edition" - sample manifest repository 25 | 26 | Hello, I'm Masaya Aoyama ([@amsy810](https://twitter.com/@amsy810)). 27 | 28 | Thank you for choosing "kubernetes perfect guide "2nd edition". 29 | If you like this repo, please add star :) 30 | 31 | You can get E-book and PDF from Amazon or various sites. 32 | * Amazon: https://www.amazon.co.jp/dp/4295009792 33 | * Impress: https://book.impress.co.jp/books/1119101148 34 | * etc 35 | 36 | ## Note: about 1st edition 37 | 38 | This branch is for `2nd edition`. 39 | For `1st edition`, please refer [1st-edition branch](https://github.com/MasayaAoyama/kubernetes-perfect-guide/tree/1st-edition). 40 | 41 | ``` 42 | $ git checkout 1st-edition 43 | ``` 44 | 45 | ## Note: about korea edition 46 | 47 | This branch is for `2nd edition for Japanese version`. 48 | For `korea edition`, prease refer [ko/2nd-edition branch](https://github.com/MasayaAoyama/kubernetes-perfect-guide/tree/ko/2nd-edition) 49 | -------------------------------------------------------------------------------- /samples/chapter01/Dockerfile: -------------------------------------------------------------------------------- 1 | # Alpine 3.11ベースのgolang 1.14.1のイメージをベースとして使用 2 | FROM golang:1.14.1-alpine3.11 3 | 4 | # ビルドを行うマシン上のmain.goファイルをコンテナにコピー 5 | COPY ./main.go ./ 6 | 7 | # ビルド時にコンテナ内でコマンドを実行 8 | RUN go build -o ./go-app ./main.go 9 | 10 | # 実行ユーザを指定 11 | USER nobody 12 | 13 | # コンテナ起動時に実行するコマンドを定義 14 | ENTRYPOINT ["./go-app"] 15 | -------------------------------------------------------------------------------- /samples/chapter01/Dockerfile-MultiStage: -------------------------------------------------------------------------------- 1 | # Stage 1のコンテナ(アプリケーションをビルド) 2 | FROM golang:1.14.1-alpine3.11 as builder 3 | COPY ./main.go ./ 4 | RUN go build -o /go-app ./main.go 5 | 6 | # Stage 2のコンテナ(ビルドしたバイナリを内包した実行用コンテナを作成) 7 | FROM alpine:3.11 8 | # Stage 1でビルドした成果物をコピー 9 | COPY --from=builder /go-app . 10 | ENTRYPOINT ["./go-app"] 11 | -------------------------------------------------------------------------------- /samples/chapter01/Dockerfile-Scratch: -------------------------------------------------------------------------------- 1 | # Stage 1のコンテナ(アプリケーションをビルド) 2 | FROM golang:1.14.1-alpine3.11 as builder 3 | COPY ./main.go ./ 4 | RUN CGO_ENABLED=0 go build -o /go-app ./main.go 5 | 6 | # Stage 2のコンテナ(ビルドしたバイナリを内包した実行用コンテナを作成) 7 | FROM scratch 8 | # Stage 1でビルドした成果物をコピー 9 | COPY --from=builder /go-app . 10 | ENTRYPOINT ["./go-app"] 11 | -------------------------------------------------------------------------------- /samples/chapter01/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | ) 7 | 8 | func handler(w http.ResponseWriter, r *http.Request) { 9 | fmt.Fprintf(w, "Hello, Kubernetes") 10 | } 11 | 12 | func main() { 13 | http.HandleFunc("/", handler) 14 | http.ListenAndServe(":8080", nil) 15 | } 16 | -------------------------------------------------------------------------------- /samples/chapter03/kind-alpha.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kind.x-k8s.io/v1alpha4 2 | kind: Cluster 3 | kubeadmConfigPatches: 4 | - | 5 | apiVersion: kubeadm.k8s.io/v1beta2 6 | kind: ClusterConfiguration 7 | metadata: 8 | name: config 9 | apiServer: 10 | extraArgs: 11 | "feature-gates": "EphemeralContainers=true,HPAScaleToZero=true,TTLAfterFinished=true,ServiceTopology=true,ImmutableEphemeralVolumes=true" 12 | scheduler: 13 | extraArgs: 14 | "feature-gates": "EphemeralContainers=true,HPAScaleToZero=true,TTLAfterFinished=true,ServiceTopology=true,NonPreemptingPriority=true" 15 | controllerManager: 16 | extraArgs: 17 | "feature-gates": "HPAScaleToZero=true,TTLAfterFinished=true,ImmutableEphemeralVolumes=true" 18 | - | 19 | apiVersion: kubelet.config.k8s.io/v1beta1 20 | kind: KubeletConfiguration 21 | featureGates: 22 | EphemeralContainers: true 23 | HPAScaleToZero: true 24 | TTLAfterFinished: true 25 | ServiceTopology: true 26 | - | 27 | apiVersion: kubeproxy.config.k8s.io/v1alpha1 28 | kind: KubeProxyConfiguration 29 | featureGates: 30 | EphemeralContainers: true 31 | HPAScaleToZero: true 32 | TTLAfterFinished: true 33 | ServiceTopology: true 34 | EndpointSliceProxying: true 35 | nodes: 36 | - role: control-plane 37 | image: amsy810/kind-node:v1.18.2 38 | - role: control-plane 39 | image: amsy810/kind-node:v1.18.2 40 | - role: control-plane 41 | image: amsy810/kind-node:v1.18.2 42 | - role: worker 43 | image: amsy810/kind-node:v1.18.2 44 | - role: worker 45 | image: amsy810/kind-node:v1.18.2 46 | - role: worker 47 | image: amsy810/kind-node:v1.18.2 48 | - role: worker 49 | image: amsy810/kind-node:v1.18.2 50 | -------------------------------------------------------------------------------- /samples/chapter03/kind.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kind.x-k8s.io/v1alpha4 2 | kind: Cluster 3 | nodes: 4 | - role: control-plane 5 | image: kindest/node:v1.18.2 6 | - role: control-plane 7 | image: kindest/node:v1.18.2 8 | - role: control-plane 9 | image: kindest/node:v1.18.2 10 | - role: worker 11 | image: kindest/node:v1.18.2 12 | - role: worker 13 | image: kindest/node:v1.18.2 14 | - role: worker 15 | image: kindest/node:v1.18.2 16 | -------------------------------------------------------------------------------- /samples/chapter04/dir/innerdir/sample-pod3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod3 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter04/dir/sample-pod1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod1 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter04/dir/sample-pod2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod2 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter04/kubeconfig: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Config 3 | preferences: {} 4 | clusters: # 接続先クラスタ 5 | - name: sample-cluster 6 | cluster: 7 | server: https://localhost:6443 8 | users: # 認証情報 9 | - name: sample-user 10 | user: 11 | client-certificate-data: LS0tLS1CRUdJTi... 12 | client-key-data: LS0tLS1CRUdJTi... 13 | contexts: # 接続先と認証情報の組み合わせ 14 | - name: sample-context 15 | context: 16 | cluster: sample-cluster 17 | namespace: default 18 | user: sample-user 19 | current-context: sample-context 20 | 21 | -------------------------------------------------------------------------------- /samples/chapter04/merge-sample/apply.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod 5 | annotations: 6 | key1: value1 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.17 11 | -------------------------------------------------------------------------------- /samples/chapter04/merge-sample/apply_result.yaml_: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | key1: value1 6 | name: sample-pod 7 | namespace: default 8 | spec: 9 | containers: 10 | - image: nginx:1.17 11 | name: nginx-container 12 | -------------------------------------------------------------------------------- /samples/chapter04/merge-sample/base.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod 5 | annotations: 6 | key1: value1 7 | key2: value2 8 | spec: 9 | containers: 10 | - name: nginx-container 11 | image: nginx:1.16 12 | -------------------------------------------------------------------------------- /samples/chapter04/merge-sample/create_result.yaml_: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | annotations: 5 | key1: value1 6 | key2: value2 7 | name: sample-pod 8 | namespace: default 9 | spec: 10 | containers: 11 | - image: nginx:1.17 12 | name: nginx-container 13 | -------------------------------------------------------------------------------- /samples/chapter04/prune-sample/sample-pod1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod1 5 | labels: 6 | system: a 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | -------------------------------------------------------------------------------- /samples/chapter04/prune-sample/sample-pod2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod2 5 | labels: 6 | system: a 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | -------------------------------------------------------------------------------- /samples/chapter04/sample-annotations.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-annotations 5 | annotations: 6 | annotation1: val1 7 | annotation2: "200" 8 | spec: 9 | containers: 10 | - name: nginx-container 11 | image: nginx:1.16 12 | -------------------------------------------------------------------------------- /samples/chapter04/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter04/sample-generatename.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | generateName: sample-generatename- 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter04/sample-label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-label 5 | labels: 6 | label1: val1 7 | label2: val2 8 | spec: 9 | containers: 10 | - name: nginx-container 11 | image: nginx:1.16 12 | -------------------------------------------------------------------------------- /samples/chapter04/sample-multi-resource-manifest.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: order1-deployment 6 | spec: 7 | replicas: 3 8 | selector: 9 | matchLabels: 10 | app: sample-app 11 | template: 12 | metadata: 13 | labels: 14 | app: sample-app 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.16 19 | --- 20 | apiVersion: v1 21 | kind: Service 22 | metadata: 23 | name: order2-service 24 | spec: 25 | type: LoadBalancer 26 | ports: 27 | - name: "http-port" 28 | protocol: "TCP" 29 | port: 8080 30 | targetPort: 80 31 | selector: 32 | app: sample-app 33 | -------------------------------------------------------------------------------- /samples/chapter04/sample-pod.json: -------------------------------------------------------------------------------- 1 | { 2 | "apiVersion": "v1", 3 | "kind": "Pod", 4 | "metadata": { 5 | "name": "sample-pod" 6 | }, 7 | "spec": { 8 | "containers": [ 9 | { 10 | "name": "nginx-container", 11 | "image": "nginx:1.16" 12 | } 13 | ] 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /samples/chapter04/sample-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter05/sample-2pod-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-2pod-fail 5 | spec: 6 | containers: 7 | - name: nginx-container-112 8 | image: nginx:1.16 9 | - name: nginx-container-113 10 | image: nginx:1.17 11 | -------------------------------------------------------------------------------- /samples/chapter05/sample-2pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-2pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | - name: redis-container 10 | image: redis:3.2 11 | -------------------------------------------------------------------------------- /samples/chapter05/sample-cronjob.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1beta1 2 | kind: CronJob 3 | metadata: 4 | name: sample-cronjob 5 | spec: 6 | schedule: "*/1 * * * *" 7 | concurrencyPolicy: Allow 8 | startingDeadlineSeconds: 30 9 | successfulJobsHistoryLimit: 5 10 | failedJobsHistoryLimit: 3 11 | suspend: false 12 | jobTemplate: 13 | spec: 14 | completions: 1 15 | parallelism: 1 16 | backoffLimit: 0 17 | template: 18 | spec: 19 | containers: 20 | - name: tools-container 21 | image: amsy810/random-exit:v2.0 22 | restartPolicy: Never 23 | -------------------------------------------------------------------------------- /samples/chapter05/sample-deployment-params.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment-params 5 | spec: 6 | minReadySeconds: 0 7 | revisionHistoryLimit: 2 8 | progressDeadlineSeconds: 3600 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | app: sample-app 13 | template: 14 | metadata: 15 | labels: 16 | app: sample-app 17 | spec: 18 | containers: 19 | - name: nginx-container 20 | image: nginx:1.16 21 | -------------------------------------------------------------------------------- /samples/chapter05/sample-deployment-recreate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment-recreate 5 | spec: 6 | strategy: 7 | type: Recreate 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: sample-app 12 | template: 13 | metadata: 14 | labels: 15 | app: sample-app 16 | spec: 17 | containers: 18 | - name: nginx-container 19 | image: nginx:1.16 20 | -------------------------------------------------------------------------------- /samples/chapter05/sample-deployment-rollingupdate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment-rollingupdate 5 | spec: 6 | strategy: 7 | type: RollingUpdate 8 | rollingUpdate: 9 | maxUnavailable: 0 10 | maxSurge: 1 11 | replicas: 3 12 | selector: 13 | matchLabels: 14 | app: sample-app 15 | template: 16 | metadata: 17 | labels: 18 | app: sample-app 19 | spec: 20 | containers: 21 | - name: nginx-container 22 | image: nginx:1.16 23 | -------------------------------------------------------------------------------- /samples/chapter05/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter05/sample-dnspolicy-clusterfirst.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-dnspolicy-clusterfirst 5 | spec: 6 | dnsPolicy: ClusterFirst 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | -------------------------------------------------------------------------------- /samples/chapter05/sample-dnspolicy-clusterfirstwithhostnet.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-dnspolicy-clusterfirstwithhostnet 5 | spec: 6 | dnsPolicy: ClusterFirstWithHostNet 7 | hostNetwork: true 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | -------------------------------------------------------------------------------- /samples/chapter05/sample-dnspolicy-default.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-dnspolicy-default 5 | spec: 6 | dnsPolicy: Default 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | -------------------------------------------------------------------------------- /samples/chapter05/sample-dnspolicy-none.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-dnspolicy-none 5 | spec: 6 | dnsPolicy: None 7 | dnsConfig: 8 | nameservers: 9 | - 8.8.8.8 10 | - 8.8.4.4 11 | searches: 12 | - example.com 13 | options: 14 | - name: ndots 15 | value: "5" 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.16 19 | -------------------------------------------------------------------------------- /samples/chapter05/sample-ds-ondelete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: sample-ds-ondelete 5 | spec: 6 | updateStrategy: 7 | type: OnDelete 8 | selector: 9 | matchLabels: 10 | app: sample-app 11 | template: 12 | metadata: 13 | labels: 14 | app: sample-app 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.16 19 | -------------------------------------------------------------------------------- /samples/chapter05/sample-ds-rollingupdate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: sample-ds-rollingupdate 5 | spec: 6 | updateStrategy: 7 | type: RollingUpdate 8 | rollingUpdate: 9 | maxUnavailable: 2 10 | selector: 11 | matchLabels: 12 | app: sample-app 13 | template: 14 | metadata: 15 | labels: 16 | app: sample-app 17 | spec: 18 | containers: 19 | - name: nginx-container 20 | image: nginx:1.16 21 | -------------------------------------------------------------------------------- /samples/chapter05/sample-ds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: sample-ds 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: sample-app 9 | template: 10 | metadata: 11 | labels: 12 | app: sample-app 13 | spec: 14 | containers: 15 | - name: nginx-container 16 | image: nginx:1.16 17 | -------------------------------------------------------------------------------- /samples/chapter05/sample-entrypoint.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-entrypoint 5 | spec: 6 | containers: 7 | - name: nginx-container-112 8 | image: nginx:1.16 9 | command: ["/bin/sleep"] # ENTRYPOINT命令に対応 10 | args: ["3600"] # CMD命令に対応 11 | -------------------------------------------------------------------------------- /samples/chapter05/sample-hostaliases.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-hostaliases 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | hostAliases: 10 | - ip: 8.8.8.8 11 | hostnames: 12 | - google-dns 13 | - google-public-dns 14 | -------------------------------------------------------------------------------- /samples/chapter05/sample-hostnetwork.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-hostnetwork 5 | spec: 6 | hostNetwork: true 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | -------------------------------------------------------------------------------- /samples/chapter05/sample-job-never-restart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: sample-job-never-restart 5 | spec: 6 | completions: 1 7 | parallelism: 1 8 | backoffLimit: 10 9 | template: 10 | spec: 11 | containers: 12 | - name: tools-container 13 | image: amsy810/tools:v2.0 14 | command: ["sh", "-c"] 15 | args: ["$(sleep 3600)"] 16 | restartPolicy: Never 17 | -------------------------------------------------------------------------------- /samples/chapter05/sample-job-onfailure-restart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: sample-job-onfailure-restart 5 | spec: 6 | completions: 1 7 | parallelism: 1 8 | backoffLimit: 10 9 | template: 10 | spec: 11 | containers: 12 | - name: tools-container 13 | image: amsy810/tools:v2.0 14 | command: ["sh", "-c"] 15 | args: ["$(sleep 3600)"] 16 | restartPolicy: OnFailure 17 | -------------------------------------------------------------------------------- /samples/chapter05/sample-job-ttl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: sample-job-ttl 5 | spec: 6 | ttlSecondsAfterFinished: 30 7 | completions: 1 8 | parallelism: 1 9 | backoffLimit: 10 10 | template: 11 | spec: 12 | containers: 13 | - name: tools-container 14 | image: amsy810/tools:v2.0 15 | command: ["sleep"] 16 | args: ["60"] 17 | restartPolicy: Never 18 | -------------------------------------------------------------------------------- /samples/chapter05/sample-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: sample-job 5 | spec: 6 | completions: 1 7 | parallelism: 1 8 | backoffLimit: 10 9 | template: 10 | spec: 11 | containers: 12 | - name: tools-container 13 | image: amsy810/tools:v2.0 14 | command: ["sleep"] 15 | args: ["60"] 16 | restartPolicy: Never 17 | -------------------------------------------------------------------------------- /samples/chapter05/sample-multi-task-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: sample-multi-task-job 5 | spec: 6 | completions: 5 7 | parallelism: 3 8 | backoffLimit: 5 9 | template: 10 | spec: 11 | containers: 12 | - name: tools-container 13 | image: amsy810/tools:v2.0 14 | command: ["sleep"] 15 | args: ["30"] 16 | restartPolicy: Never 17 | -------------------------------------------------------------------------------- /samples/chapter05/sample-multi-workqueue-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: sample-multi-workqueue-job 5 | spec: 6 | # 指定しない 7 | # completions: 1 8 | parallelism: 3 9 | backoffLimit: 1 10 | template: 11 | spec: 12 | containers: 13 | - name: tools-container 14 | image: amsy810/tools:v2.0 15 | command: ["sleep"] 16 | args: ["30"] 17 | restartPolicy: Never 18 | -------------------------------------------------------------------------------- /samples/chapter05/sample-oneshot-task-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: sample-oneshot-task-job 5 | spec: 6 | completions: 1 7 | parallelism: 1 8 | backoffLimit: 0 9 | template: 10 | spec: 11 | containers: 12 | - name: tools-container 13 | image: amsy810/tools:v2.0 14 | command: ["sleep"] 15 | args: ["30"] 16 | restartPolicy: Never 17 | -------------------------------------------------------------------------------- /samples/chapter05/sample-paralleljob.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: sample-paralleljob 5 | spec: 6 | completions: 10 7 | parallelism: 2 8 | backoffLimit: 10 9 | template: 10 | spec: 11 | containers: 12 | - name: tools-container 13 | image: amsy810/tools:v2.0 14 | command: ["sleep"] 15 | args: ["30"] 16 | restartPolicy: Never 17 | -------------------------------------------------------------------------------- /samples/chapter05/sample-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter05/sample-podname-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample_podname_fail 5 | spec: 6 | containers: 7 | - name: nginx-container-112 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter05/sample-rs-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: sample-rs-fail 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app-fail 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter05/sample-rs-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-rs-pod 5 | labels: 6 | app: sample-app 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.17 11 | -------------------------------------------------------------------------------- /samples/chapter05/sample-rs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: sample-rs 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter05/sample-single-workqueue-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: sample-single-workqueue-job 5 | spec: 6 | # 指定しない 7 | # completions: 1 8 | parallelism: 1 9 | backoffLimit: 1 10 | template: 11 | spec: 12 | containers: 13 | - name: tools-container 14 | image: amsy810/tools:v2.0 15 | command: ["sleep"] 16 | args: ["30"] 17 | restartPolicy: Never 18 | -------------------------------------------------------------------------------- /samples/chapter05/sample-statefulset-ondelete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: sample-statefulset-ondelete 5 | spec: 6 | updateStrategy: 7 | type: OnDelete 8 | serviceName: sample-statefulset-ondelete 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | app: sample-app 13 | template: 14 | metadata: 15 | labels: 16 | app: sample-app 17 | spec: 18 | containers: 19 | - name: nginx-container 20 | image: nginx:1.16 21 | -------------------------------------------------------------------------------- /samples/chapter05/sample-statefulset-parallel.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: sample-statefulset-parallel 5 | spec: 6 | podManagementPolicy: Parallel 7 | serviceName: sample-statefulset-parallel 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | app: sample-app 12 | template: 13 | metadata: 14 | labels: 15 | app: sample-app 16 | spec: 17 | containers: 18 | - name: nginx-container 19 | image: nginx:1.16 20 | -------------------------------------------------------------------------------- /samples/chapter05/sample-statefulset-rollingupdate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: sample-statefulset-rollingupdate 5 | spec: 6 | updateStrategy: 7 | type: RollingUpdate 8 | rollingUpdate: 9 | partition: 3 10 | serviceName: sample-statefulset-rollingupdate 11 | replicas: 5 12 | selector: 13 | matchLabels: 14 | app: sample-app 15 | template: 16 | metadata: 17 | labels: 18 | app: sample-app 19 | spec: 20 | containers: 21 | - name: nginx-container 22 | image: nginx:1.16 23 | -------------------------------------------------------------------------------- /samples/chapter05/sample-statefulset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: sample-statefulset 5 | spec: 6 | serviceName: sample-statefulset 7 | replicas: 3 8 | selector: 9 | matchLabels: 10 | app: sample-app 11 | template: 12 | metadata: 13 | labels: 14 | app: sample-app 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.16 19 | volumeMounts: 20 | - name: www 21 | mountPath: /usr/share/nginx/html 22 | volumeClaimTemplates: 23 | - metadata: 24 | name: www 25 | spec: 26 | accessModes: 27 | - ReadWriteOnce 28 | resources: 29 | requests: 30 | storage: 1G 31 | -------------------------------------------------------------------------------- /samples/chapter05/sample-workingdir.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-workingdir 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | workingDir: /tmp 10 | -------------------------------------------------------------------------------- /samples/chapter06/no-sample-session-affinity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-session-affinity 5 | spec: 6 | type: LoadBalancer 7 | selector: 8 | app: sample-app 9 | ports: 10 | - name: http-port 11 | protocol: TCP 12 | port: 8080 13 | targetPort: 80 14 | nodePort: 30083 15 | sessionAffinity: None 16 | -------------------------------------------------------------------------------- /samples/chapter06/sample-clusterip-multi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-clusterip-multi 5 | spec: 6 | type: ClusterIP 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | - name: "https-port" 13 | protocol: "TCP" 14 | port: 8443 15 | targetPort: 443 16 | selector: 17 | app: sample-app 18 | -------------------------------------------------------------------------------- /samples/chapter06/sample-clusterip-vip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-clusterip-vip 5 | spec: 6 | type: ClusterIP 7 | clusterIP: 10.11.253.81 8 | ports: 9 | - name: "http-port" 10 | protocol: "TCP" 11 | port: 8080 12 | targetPort: 80 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter06/sample-clusterip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-clusterip 5 | spec: 6 | type: ClusterIP 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | selector: 13 | app: sample-app 14 | -------------------------------------------------------------------------------- /samples/chapter06/sample-deployment-servicelinks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment-servicelinks 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | enableServiceLinks: false 16 | containers: 17 | - name: nginx-container 18 | image: amsy810/echo-nginx:v2.0 19 | -------------------------------------------------------------------------------- /samples/chapter06/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: amsy810/echo-nginx:v2.0 18 | -------------------------------------------------------------------------------- /samples/chapter06/sample-ds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: sample-ds 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: sample-app 9 | template: 10 | metadata: 11 | labels: 12 | app: sample-app 13 | spec: 14 | containers: 15 | - name: nginx-container 16 | image: amsy810/echo-nginx:v2.0 17 | -------------------------------------------------------------------------------- /samples/chapter06/sample-externalip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-externalip 5 | spec: 6 | type: ClusterIP 7 | externalIPs: 8 | - 10.240.0.7 9 | - 10.240.0.8 10 | ports: 11 | - name: "http-port" 12 | protocol: "TCP" 13 | port: 8080 14 | targetPort: 80 15 | selector: 16 | app: sample-app 17 | -------------------------------------------------------------------------------- /samples/chapter06/sample-externalname.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-externalname 5 | namespace: default 6 | spec: 7 | type: ExternalName 8 | externalName: external.example.com 9 | -------------------------------------------------------------------------------- /samples/chapter06/sample-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-headless 5 | spec: 6 | type: ClusterIP 7 | clusterIP: None 8 | ports: 9 | - name: "http-port" 10 | protocol: "TCP" 11 | port: 80 12 | targetPort: 80 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter06/sample-ingress-apps.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: sample-ingress-svc-1 6 | spec: 7 | type: NodePort 8 | ports: 9 | - name: "http-port" 10 | protocol: "TCP" 11 | port: 8888 12 | targetPort: 80 13 | selector: 14 | ingress-app: sample1 15 | --- 16 | apiVersion: v1 17 | kind: Pod 18 | metadata: 19 | name: sample-ingress-apps-1 20 | labels: 21 | ingress-app: sample1 22 | spec: 23 | containers: 24 | - name: nginx-container 25 | image: amsy810/echo-nginx:v2.0 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: sample-ingress-svc-2 31 | spec: 32 | type: NodePort 33 | ports: 34 | - name: "http-port" 35 | protocol: "TCP" 36 | port: 8888 37 | targetPort: 80 38 | selector: 39 | ingress-app: sample2 40 | --- 41 | apiVersion: v1 42 | kind: Pod 43 | metadata: 44 | name: sample-ingress-apps-2 45 | labels: 46 | ingress-app: sample2 47 | spec: 48 | containers: 49 | - name: nginx-container 50 | image: amsy810/echo-nginx:v2.0 51 | --- 52 | apiVersion: v1 53 | kind: Service 54 | metadata: 55 | name: sample-ingress-default 56 | spec: 57 | type: NodePort 58 | ports: 59 | - name: "http-port" 60 | protocol: "TCP" 61 | port: 8888 62 | targetPort: 80 63 | selector: 64 | ingress-app: default 65 | --- 66 | apiVersion: v1 67 | kind: Pod 68 | metadata: 69 | name: sample-ingress-default 70 | labels: 71 | ingress-app: default 72 | spec: 73 | containers: 74 | - name: nginx-container 75 | image: amsy810/echo-nginx:v2.0 76 | -------------------------------------------------------------------------------- /samples/chapter06/sample-ingress-by-aks.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: sample-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: addon-http-application-routing 7 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 8 | spec: 9 | rules: 10 | - host: sample.example.com 11 | http: 12 | paths: 13 | - path: /path1/ 14 | backend: 15 | serviceName: sample-ingress-svc-1 16 | servicePort: 8888 17 | - path: /path2/ 18 | backend: 19 | serviceName: sample-ingress-svc-2 20 | servicePort: 8888 21 | backend: 22 | serviceName: sample-ingress-default 23 | servicePort: 8888 24 | tls: 25 | - hosts: 26 | - sample.example.com 27 | secretName: tls-sample 28 | -------------------------------------------------------------------------------- /samples/chapter06/sample-ingress-by-gke.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: sample-ingress 5 | spec: 6 | rules: 7 | - host: sample.example.com 8 | http: 9 | paths: 10 | - path: /path1/ 11 | backend: 12 | serviceName: sample-ingress-svc-1 13 | servicePort: 8888 14 | - path: /path2/ 15 | backend: 16 | serviceName: sample-ingress-svc-2 17 | servicePort: 8888 18 | backend: 19 | serviceName: sample-ingress-default 20 | servicePort: 8888 21 | tls: 22 | - hosts: 23 | - sample.example.com 24 | secretName: tls-sample 25 | -------------------------------------------------------------------------------- /samples/chapter06/sample-ingress-by-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: sample-ingress-by-nginx 5 | annotations: 6 | kubernetes.io/ingress.class: nginx 7 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 8 | spec: 9 | rules: 10 | - host: sample.example.com 11 | http: 12 | paths: 13 | - path: /path1/ 14 | backend: 15 | serviceName: sample-ingress-svc-1 16 | servicePort: 8888 17 | - path: /path2/ 18 | backend: 19 | serviceName: sample-ingress-svc-2 20 | servicePort: 8888 21 | backend: 22 | serviceName: sample-ingress-default 23 | servicePort: 8888 24 | tls: 25 | - hosts: 26 | - sample.example.com 27 | secretName: tls-sample 28 | -------------------------------------------------------------------------------- /samples/chapter06/sample-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: sample-ingress 5 | spec: 6 | rules: 7 | - host: sample.example.com 8 | http: 9 | paths: 10 | - path: /path1/ 11 | backend: 12 | serviceName: sample-ingress-svc-1 13 | servicePort: 8888 14 | - path: /path2/ 15 | backend: 16 | serviceName: sample-ingress-svc-2 17 | servicePort: 8888 18 | backend: 19 | serviceName: sample-ingress-default 20 | servicePort: 8888 21 | tls: 22 | - hosts: 23 | - sample.example.com 24 | secretName: tls-sample 25 | -------------------------------------------------------------------------------- /samples/chapter06/sample-lb-fixip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-lb-fixip 5 | spec: 6 | type: LoadBalancer 7 | loadBalancerIP: xxx.xxx.xxx.xxx 8 | ports: 9 | - name: "http-port" 10 | protocol: "TCP" 11 | port: 8080 12 | targetPort: 80 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter06/sample-lb-fw.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-lb-fw 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | selector: 13 | app: sample-app 14 | loadBalancerSourceRanges: 15 | - 10.0.0.0/8 16 | -------------------------------------------------------------------------------- /samples/chapter06/sample-lb-local.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-lb-local 5 | spec: 6 | type: LoadBalancer 7 | externalTrafficPolicy: Local 8 | healthCheckNodePort: 30086 9 | ports: 10 | - name: "http-port" 11 | protocol: "TCP" 12 | port: 8080 13 | targetPort: 80 14 | nodePort: 30085 15 | selector: 16 | app: sample-app 17 | -------------------------------------------------------------------------------- /samples/chapter06/sample-lb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-lb 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | nodePort: 30082 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter06/sample-named-port-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-named-port-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: amsy810/echo-nginx:v2.0 18 | ports: 19 | - name: http 20 | containerPort: 80 21 | -------------------------------------------------------------------------------- /samples/chapter06/sample-named-port-pods.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: sample-named-port-pod-80 6 | labels: 7 | app: sample-app 8 | spec: 9 | containers: 10 | - name: nginx-container 11 | image: amsy810/echo-nginx:v2.0 12 | ports: 13 | - name: http # ポートに名前付け 14 | containerPort: 80 15 | --- 16 | apiVersion: v1 17 | kind: Pod 18 | metadata: 19 | name: sample-named-port-pod-81 20 | labels: 21 | app: sample-app 22 | spec: 23 | containers: 24 | - name: nginx-container 25 | image: amsy810/echo-nginx:v2.0 26 | env: 27 | - name: NGINX_PORT 28 | value: "81" 29 | ports: 30 | - name: http # ポートに名前付け 31 | containerPort: 81 32 | -------------------------------------------------------------------------------- /samples/chapter06/sample-named-port-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-named-port-service 5 | spec: 6 | type: ClusterIP 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: http 12 | selector: 13 | app: sample-app 14 | -------------------------------------------------------------------------------- /samples/chapter06/sample-nodeport-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-nodeport-fail 5 | spec: 6 | type: NodePort 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | nodePort: 8888 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter06/sample-nodeport-fail2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-nodeport-fail2 5 | spec: 6 | type: NodePort 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | nodePort: 30080 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter06/sample-nodeport-local.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-nodeport-local 5 | spec: 6 | type: NodePort 7 | externalTrafficPolicy: Local 8 | ports: 9 | - name: "http-port" 10 | protocol: "TCP" 11 | port: 8080 12 | targetPort: 80 13 | nodePort: 30081 14 | selector: 15 | app: sample-app 16 | -------------------------------------------------------------------------------- /samples/chapter06/sample-nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-nodeport 5 | spec: 6 | type: NodePort 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | nodePort: 30080 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter06/sample-none-selector.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: sample-none-selector 6 | spec: 7 | type: ClusterIP 8 | ports: 9 | - protocol: TCP 10 | port: 8080 11 | targetPort: 80 12 | --- 13 | apiVersion: v1 14 | kind: Endpoints 15 | metadata: 16 | name: sample-none-selector 17 | subsets: 18 | - addresses: 19 | - ip: 192.168.1.1 20 | - ip: 192.168.1.2 21 | ports: 22 | - protocol: TCP 23 | port: 80 24 | -------------------------------------------------------------------------------- /samples/chapter06/sample-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod 5 | spec: 6 | containers: 7 | - name: tools-container 8 | image: amsy810/tools:v2.0 9 | -------------------------------------------------------------------------------- /samples/chapter06/sample-service-topology.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-service-topology 5 | spec: 6 | type: ClusterIP 7 | selector: 8 | app: sample-app 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 8080 13 | targetPort: 80 14 | topologyKeys: 15 | - kubernetes.io/hostname 16 | - "*" 17 | -------------------------------------------------------------------------------- /samples/chapter06/sample-session-affinity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-session-affinity 5 | spec: 6 | type: LoadBalancer 7 | selector: 8 | app: sample-app 9 | ports: 10 | - name: http-port 11 | protocol: TCP 12 | port: 8080 13 | targetPort: 80 14 | nodePort: 30084 15 | sessionAffinity: ClientIP 16 | sessionAffinityConfig: 17 | clientIP: 18 | timeoutSeconds: 10 19 | -------------------------------------------------------------------------------- /samples/chapter06/sample-statefulset-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: sample-statefulset-headless 5 | spec: 6 | serviceName: sample-headless 7 | replicas: 3 8 | selector: 9 | matchLabels: 10 | app: sample-app 11 | template: 12 | metadata: 13 | labels: 14 | app: sample-app 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: amsy810/echo-nginx:v2.0 19 | -------------------------------------------------------------------------------- /samples/chapter06/sample-subdomain.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: sample-subdomain 6 | labels: 7 | app: sample-app 8 | spec: 9 | hostname: sample-hostname 10 | subdomain: sample-subdomain 11 | containers: 12 | - name: nginx-container 13 | image: amsy810/tools:v2.0 14 | --- 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | name: sample-subdomain 19 | spec: 20 | type: ClusterIP 21 | clusterIP: None 22 | ports: [] 23 | selector: 24 | app: sample-app 25 | -------------------------------------------------------------------------------- /samples/chapter06/tls-sample.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: tls-sample 5 | type: kubernetes.io/tls 6 | data: 7 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN0akNDQVo0Q0NRQ3NteG1PWUJCQXVUQU5CZ2txaGtpRzl3MEJBUXNGQURBZE1Sc3dHUVlEVlFRRERCSnoKWVcxd2JHVXVaWGhoYlhCc1pTNWpiMjB3SGhjTk1qQXdOREF4TURRME1qQTVXaGNOTXpBd016TXdNRFEwTWpBNQpXakFkTVJzd0dRWURWUVFEREJKellXMXdiR1V1WlhoaGJYQnNaUzVqYjIwd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFERnc4UTJoZFlBM3VPcDhKaGFLV1lDa1JZZ25GVWZDMVlTbXFSWWxsUy8KZC91MHo1TEdobzZaNXVJK29KU0RMZlh0akc5em5qSGloOVVLajZBa2c1a0pqSnVxM2hVY0lEZ0x1WW9EWEl3RwpwUFo5S2J4N3hvMk5RdGtONG5XRWU5cUdPaTlzVFpMbXhDa0xUMmt4dW5SWDlwbWpWS3dZcDRvdXJKTnM2Q1U3CkswTWxQa0lQZmdTd29UZC9mZ1QycWFLL1pXTldmcFE5OFZqbC9HREV3bUhod2U1VXZKK09kTzR0SzJLMVdkM2IKMlA0WVVSanVmaHd3Wm5NNERXNERHZGFNdTNRN3FUdWlydDFyZjd5N21oWlE3ZWZjNVNEbEthc01KUURudXhmSAovVFp3S05ralR1akRkbFVQMTI3RzEyMDlLKzQ5WFE4aERIYnVKOXZkZHN0L0FnTUJBQUV3RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFMWlNIZTZ3aVFvRXU5dVFQT0NZdEU5SFFIV3BGeVlCYzBCQ01GTVVDQms0K21vdEhFNUYKaDNGYzZkekpwdFBVN2d0WjVPRHZsWGpTSmVTQVFhZCtodWZlUUUwZWhzZDRjWUtvSEJFUVFlNDdTVS80ZWV0MwpMNHJZbXZTQWpsSm5BbUtQOENrdDkzRTJQYlFDS1R2Z0hTVG5DZ1VxVGFKVzNFRnBEWG9oMXFIK25kQzd0N3ZYCm0zQVJzWnQwTEVsZ0QreWd1ZHZxc2VaRTVZdzdmRnlYNStrQW9zSGV1M0N6Vlh3T2hJN29IVzZQc3ZuYjVhcTAKYWRNZytlbXZBcFM2QjZiRmRxZU1UeE9GbERIRWFVQXU2S1JnUk9KY1JkSFpnWmNKM29MbVBvUTBwL2ZITFVCUQpzZFZmK0N5UGFlSU1USzNIUkEzZk56akJPQ09raVRhdGZMOD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= 8 | tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREZ3OFEyaGRZQTN1T3AKOEpoYUtXWUNrUllnbkZVZkMxWVNtcVJZbGxTL2QvdTB6NUxHaG82WjV1SStvSlNETGZYdGpHOXpuakhpaDlVSwpqNkFrZzVrSmpKdXEzaFVjSURnTHVZb0RYSXdHcFBaOUtieDd4bzJOUXRrTjRuV0VlOXFHT2k5c1RaTG14Q2tMClQya3h1blJYOXBtalZLd1lwNG91ckpOczZDVTdLME1sUGtJUGZnU3dvVGQvZmdUMnFhSy9aV05XZnBROThWamwKL0dERXdtSGh3ZTVVdkorT2RPNHRLMksxV2QzYjJQNFlVUmp1Zmh3d1puTTREVzRER2RhTXUzUTdxVHVpcnQxcgpmN3k3bWhaUTdlZmM1U0RsS2FzTUpRRG51eGZIL1Rad0tOa2pUdWpEZGxVUDEyN0cxMjA5Sys0OVhROGhESGJ1Cko5dmRkc3QvQWdNQkFBRUNnZ0VCQUw0UkdpRDBtK3FXVE9QazhlZWxaZjhOaGVDdG56bUk0WjVidFp2V1QzajkKVFpKRzlOK01McjFISXlYaG14cEFMOTJ3WE9VWG93WCtXZ2dlWldEeWdVQ21QRzRKcHV3ekl1cFIxWXpKZzJKWApaUGFDQ0Q1Rlk0SGlQMDJTMmpNTC9jZUhZRkNNZGFVSDNoS2FyWlUzaDkyS2licHFCRVJsc082T3VkbXZleWpUCkNON0hNTWRRWHY2NHNyWnIyY0xMaklLNjFLRURlNjJJWlN6QW5RQklxTzRVNFNTMmdFakY0TGJxeHRoQUFoRjQKR1BKZHJ1MVJRK3M3VXk1UHFSTW03c3RBOWt6cmhOM0lVN1Btd3FGZWxwQnBnMVJXWEZuVnV4Q0R3SWlybkNaQQpHc2xpWnN6TWQ4THZnRHFCaUU2RUFWMDBHZ0JOcS9zaVgwUGt6WTZPOHVFQ2dZRUE0dXoreVZ5MzZRMVE5Y0h2CmhBNjhrZVdHWlJ1K29MQ1QxYm5mNVZXSFY4RVlvaStuUXJHY0FGR3lJK3F4NlIrR0F1THMvcnV3bWQrSUVleWUKcVI5UDRjUmxMdlVaUFJoaUtOOSs4T2hodks4TDN0ZmhEbUZ1L0Ewa0NvNk9hUDN1QVlhUVVrUmNrT3JRSVNVRgpPL3YxTFB5bW04Z1JQbWtjb1F5dy8xdnkrOGtDZ1lFQTN4cFBNY0dlMkRyRk4xUy85MnZOWGNuM09EQTdEeUVLCmJOWjkxM2tmN3VqTkVUaU5xQnNRZ2Z3cmIvMnprQWU1NDl4Y3FNUG1vVThYYnpKRlNsWTc3aC9VQWpCdngrQ0EKSjR0QTNYcno1KzVQUFF0aHkyTUk3NC9sYU5sSW9FLy9GMW1qWXRyL3dOMVRoenpDb09OL0dzZ1NEeUF5ZWdtMgpCNjlMQ3BEMUlRY0NnWUJQZ1Bydkw0WGJwK2V5Z3FUWTNwVGdoTXJtUjZjdEExQjRNK3dtbkNXVDhEb2lNSkhvClF2UEdCTmxsemdkUkJ0TmIxWWQwNCt0R3JkTXRmSHBHQkl0bkxQaktUK0xzemNzdVNNZGZ2ZnJvTVdmMlJpbzYKY0phQ3hsUFhRd1RQOGc5ZUIzZ3U2bmFINjB6S0gvOUtlY2IzWVBrNllRanhsY0FMQ0xoR2J6K2RTUUtCZ0daOQp0S0g3KzlnRDc3UENpRW5HeVZwcnZObWdOcEYxc1U5Y25nVU56T0M1Sy9QY1VoOUhCNmRmVENrdm1IenpQNjl3Ci9WUStZc1g2Q3A3M3JpTS9TRnJWWGxUL0lXcm1OSmwxL0grQ3kyZmg3NTd3aXFXZndtd2pZOVZ0OUZKSlRidlIKWHlDNzBNQXVMUUEwcG9pNDJoeFlpd3ROMUVLQ0VaQ29NOFlQMzd5akFvR0FRdDlQT3VvbjJIdTdrTWliUGNtbApCM2xVWlpqdS9ub0pWcDZPbzR3K0hqckFQa1kwOFMrZjc2ZmtuY2lYT3IvYU1wRDVMUDFBcEFseFlNLzN3V2FhCm1kZXNzTXpkQVBhSEtIYUxpTC9yQVQrdkdnb2pPUzlzdzh4VDJXbHMvYWVBMFBoajF4OWNpYndPSDk3OHloSEQKM0tkcEpCamdiaGRuSlZlT1hROFpxcU09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K 9 | -------------------------------------------------------------------------------- /samples/chapter07/env-secret.txt: -------------------------------------------------------------------------------- 1 | username=root 2 | password=rootpassword 3 | -------------------------------------------------------------------------------- /samples/chapter07/image.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MasayaAoyama/kubernetes-perfect-guide/43112df32e54df98f92bf69da4dbb2f0f3e29d31/samples/chapter07/image.jpg -------------------------------------------------------------------------------- /samples/chapter07/install-gcp-csi.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "${PROJECT}" ]; then 4 | echo please set PROJECT env 5 | fi 6 | 7 | GCE_PD_SA_NAME=gce-pd-csi-sa 8 | 9 | # Install CSI Common Component 10 | git clone https://github.com/kubernetes-csi/external-snapshotter -b v2.1.1 11 | kubectl apply -f external-snapshotter/config/crd 12 | kubectl apply -f external-snapshotter/deploy/kubernetes/ -R 13 | 14 | # Install GCE PersistentDisk CSI Driver 15 | git clone https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver 16 | git checkout ac1f8c -C gcp-compute-persistent-disk-csi-driver/ 17 | kubectl create namespace gce-pd-csi-driver 18 | kubectl apply -k ./gcp-compute-persistent-disk-csi-driver/deploy/kubernetes/overlays/stable 19 | 20 | 21 | 22 | IAM_NAME=${GCE_PD_SA_NAME}@${PROJECT}.iam.gserviceaccount.com 23 | 24 | gcloud iam service-accounts create ${GCE_PD_SA_NAME} --project ${PROJECT} 25 | 26 | gcloud iam roles create gcp_compute_persistent_disk_csi_driver_custom_role --quiet \ 27 | --project ${PROJECT} --file ./gcp-compute-persistent-disk-csi-driver/deploy/gcp-compute-persistent-disk-csi-driver-custom-role.yaml 28 | 29 | gcloud projects add-iam-policy-binding ${PROJECT} --member serviceAccount:${IAM_NAME} --role roles/compute.storageAdmin 30 | gcloud projects add-iam-policy-binding ${PROJECT} --member serviceAccount:${IAM_NAME} --role roles/iam.serviceAccountUser 31 | gcloud projects add-iam-policy-binding ${PROJECT} --member serviceAccount:${IAM_NAME} --role projects/${PROJECT}/roles/gcp_compute_persistent_disk_csi_driver_custom_role 32 | 33 | gcloud iam service-accounts keys create ./cloud-sa.json --iam-account ${IAM_NAME} --project ${PROJECT} 34 | 35 | kubectl create namespace gce-pd-csi-driver 36 | kubectl -n gce-pd-csi-driver create secret generic cloud-sa --from-file=./cloud-sa.json 37 | 38 | rm -f ./cloud-sa.json 39 | rm -rf ./external-snapshotter ./gcp-compute-persistent-disk-csi-driver 40 | -------------------------------------------------------------------------------- /samples/chapter07/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes auto; 3 | error_log /var/log/nginx/error.log warn; 4 | pid /var/run/nginx.pid; 5 | -------------------------------------------------------------------------------- /samples/chapter07/restored-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: restored-pod 5 | spec: 6 | containers: 7 | - name: tools-container 8 | image: amsy810/tools 9 | volumeMounts: 10 | - name: data-volume 11 | mountPath: /data 12 | volumes: 13 | - name: data-volume 14 | persistentVolumeClaim: 15 | claimName: restored-pvc 16 | readOnly: false 17 | -------------------------------------------------------------------------------- /samples/chapter07/restored-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: restored-pvc 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: sample-csi-storageclass 9 | resources: 10 | requests: 11 | storage: 3Gi 12 | dataSource: 13 | kind: VolumeSnapshot 14 | name: source-pvc-snapshot 15 | apiGroup: snapshot.storage.k8s.io 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-basic-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sample-basic-auth 5 | type: kubernetes.io/basic-auth 6 | data: 7 | username: cm9vdA== # root 8 | password: cm9vdHBhc3N3b3Jk # rootpassword 9 | -------------------------------------------------------------------------------- /samples/chapter07/sample-configmap-binary-webserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-configmap-binary-webserver 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - name: config-volume 11 | mountPath: /usr/share/nginx/html 12 | volumes: 13 | - name: config-volume 14 | configMap: 15 | name: sample-configmap-binary 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-configmap-binary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | binaryData: 3 | image.jpg: /9j/4AAQSkZJRgABAQAASABIAAD/4QCARXhpZgAATU0AKgAAAAgABAESAAMAAAABAAEAAAEaAAUAAAABAAAAPgEbAAUAAAABAAAARodpAAQAAAABAAAATgAAAAAAAABIAAAAAQAAAEgAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAE2gAwAEAAAAAQAAABQAAAAA/+0AOFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAAAAOEJJTQQlAAAAAAAQ1B2M2Y8AsgTpgAmY7PhCfv/AABEIABQATQMBIgACEQEDEQH/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2wBDAAYGBgYGBgoGBgoOCgoKDhIODg4OEhcSEhISEhccFxcXFxcXHBwcHBwcHBwiIiIiIiInJycnJywsLCwsLCwsLCz/2wBDAQcHBwsKCxMKChMuHxofLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi7/3QAEAAX/2gAMAwEAAhEDEQA/APpXUtQa08u2tUE13cZEUZOBx952PZF4yfcAZJArSBIXLkZxz6Vhab5Y1O9+0jF4zZG7vbjiPYf7o5z6MTnqK2LpWe2lROpRgPqQa1nFK0SItu7Y2e6ggtzcySIiYyHZgF9uaw7WSXX4bLVLW6MUW1XZI/8AnoMZGejLgsrAg9iMEZpkMmkQ6bp1/dxq7mGNIcIZG5TcQigE9ASSBwBzwKs+GLmK50O1aLOEQIQylSCB6EDt07EdK15OSDkl1t+ZHNzSUW/60NW9ulsbSW7dSwiUsQOpx6ZqZZYmcxqyll6gEZH4VyHiC31K7hvkumEdgioI1Th5Scbt5/uA8Y4Lc546t22669bafZacbcW8hdrhEAXb5ZyMgdGLADJOSDnoKI0E43vrq/wQOo09jqLzUbOwC/aZNrPnYgBZ2x12ooLH8BUOm6mupeeUhliEEnlnzQBuIAJxgngZwffI7VcnDCJ5IVBlCNt9c44H51R0NYV0e08g5UxKc9ySMsT7k5J96ySjyN21L15rC3GrQRTtawJJczrgNHEuduefmY4ReDnkjis7QrjV7uy824MSAM6LkmRztdlO4jaOwHGfrWnq8UcmmXCSSrCmwlnfhQByd3T5eMH2ql4YtjbaFaxtGISwaTyxnCeYxfaMgEAZwBgYHatFyqk2lrdE689mz//Q+mr+yiulSQlo5YDvjkTAZT3HIIII4IIINX6ZJ/q2+hp9W/gXzJW7KE2m2E9strNAjxKcqhUbR16D8TV4KFAVRgDgAUHpS1Lk3uOyI5Yo5ozHModT1B5HHNSUGikMKr29rb2qutugQO7SEDpuY5Y47ZPJ9+asUU7vYLDXjSRSkihlPUEZFOoopAf/2Q== 4 | data: 5 | index.html: Hello, Kubernetes 6 | kind: ConfigMap 7 | metadata: 8 | creationTimestamp: null 9 | name: sample-configmap-binary 10 | -------------------------------------------------------------------------------- /samples/chapter07/sample-configmap-immutable.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: sample-configmap-immutable 5 | data: 6 | thread: "16" 7 | connection.max: "100" 8 | connection.min: "10" 9 | sample.properties: | 10 | property.1=value-1 11 | property.2=value-2 12 | property.3=value-3 13 | nginx.conf: | 14 | user nginx; 15 | worker_processes auto; 16 | error_log /var/log/nginx/error.log; 17 | pid /run/nginx.pid; 18 | test.sh: | 19 | #!/bin/bash 20 | echo "Hello, kubernetes" 21 | sleep infinity 22 | immutable: true 23 | -------------------------------------------------------------------------------- /samples/chapter07/sample-configmap-multi-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-configmap-multi-env 5 | spec: 6 | containers: 7 | - name: configmap-container 8 | image: nginx:1.16 9 | envFrom: 10 | - configMapRef: 11 | name: sample-configmap 12 | -------------------------------------------------------------------------------- /samples/chapter07/sample-configmap-multi-volume.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-configmap-multi-volume 5 | spec: 6 | containers: 7 | - name: configmap-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - name: config-volume 11 | mountPath: /config 12 | volumes: 13 | - name: config-volume 14 | configMap: 15 | name: sample-configmap 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-configmap-scripts.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-configmap-scripts 5 | spec: 6 | containers: 7 | - name: configmap-container 8 | image: nginx:1.16 9 | command: ["/config/test.sh"] 10 | volumeMounts: 11 | - name: config-volume 12 | mountPath: /config 13 | volumes: 14 | - name: config-volume 15 | configMap: 16 | name: sample-configmap 17 | items: 18 | - key: test.sh 19 | path: test.sh 20 | mode: 493 # 0755 21 | -------------------------------------------------------------------------------- /samples/chapter07/sample-configmap-single-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-configmap-single-env 5 | spec: 6 | containers: 7 | - name: configmap-container 8 | image: nginx:1.16 9 | env: 10 | - name: CONNECTION_MAX 11 | valueFrom: 12 | configMapKeyRef: 13 | name: sample-configmap 14 | key: connection.max 15 | -------------------------------------------------------------------------------- /samples/chapter07/sample-configmap-single-volume.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-configmap-single-volume 5 | spec: 6 | containers: 7 | - name: configmap-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - name: config-volume 11 | mountPath: /config 12 | volumes: 13 | - name: config-volume 14 | configMap: 15 | name: sample-configmap 16 | items: 17 | - key: nginx.conf 18 | path: nginx-sample.conf 19 | -------------------------------------------------------------------------------- /samples/chapter07/sample-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: sample-configmap 5 | data: 6 | thread: "16" 7 | connection.max: "100" 8 | connection.min: "10" 9 | sample.properties: | 10 | property.1=value-1 11 | property.2=value-2 12 | property.3=value-3 13 | nginx.conf: | 14 | user nginx; 15 | worker_processes auto; 16 | error_log /var/log/nginx/error.log; 17 | pid /run/nginx.pid; 18 | test.sh: | 19 | #!/bin/bash 20 | echo "Hello, kubernetes" 21 | sleep infinity 22 | -------------------------------------------------------------------------------- /samples/chapter07/sample-csi-storageclass.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: sample-csi-storageclass 5 | provisioner: pd.csi.storage.gke.io 6 | parameters: 7 | type: pd-standard 8 | reclaimPolicy: Delete 9 | volumeBindingMode: Immediate 10 | allowVolumeExpansion: true 11 | -------------------------------------------------------------------------------- /samples/chapter07/sample-csi-volumesnapshotclass.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: snapshot.storage.k8s.io/v1beta1 2 | kind: VolumeSnapshotClass 3 | metadata: 4 | name: sample-csi-volumesnapshotclass 5 | driver: pd.csi.storage.gke.io 6 | deletionPolicy: Delete 7 | -------------------------------------------------------------------------------- /samples/chapter07/sample-db-auth-nobase64.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sample-db-auth-nobase64 5 | type: Opaque 6 | stringData: 7 | username: root 8 | password: rootpassword 9 | -------------------------------------------------------------------------------- /samples/chapter07/sample-db-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sample-db-auth 5 | type: Opaque 6 | data: 7 | username: cm9vdA== # root 8 | password: cm9vdHBhc3N3b3Jk # rootpassword 9 | -------------------------------------------------------------------------------- /samples/chapter07/sample-downward-api.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-downward-api 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - name: downward-api-volume 11 | mountPath: /srv 12 | volumes: 13 | - name: downward-api-volume 14 | downwardAPI: 15 | items: 16 | - path: "podname" 17 | fieldRef: 18 | fieldPath: metadata.name 19 | - path: "cpu-request" 20 | resourceFieldRef: 21 | containerName: nginx-container 22 | resource: requests.cpu 23 | -------------------------------------------------------------------------------- /samples/chapter07/sample-emptydir-limit.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-emptydir-limit 5 | spec: 6 | containers: 7 | - image: nginx:1.16 8 | name: nginx-container 9 | volumeMounts: 10 | - mountPath: /cache 11 | name: cache-volume 12 | volumes: 13 | - name: cache-volume 14 | emptyDir: 15 | sizeLimit: 128Mi 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-emptydir-memory-with-memory-limits.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-emptydir-memory-with-memory-limits 5 | spec: 6 | containers: 7 | - image: nginx:1.16 8 | name: nginx-container 9 | resources: 10 | limits: 11 | memory: 64Mi 12 | volumeMounts: 13 | - mountPath: /cache 14 | name: cache-volume 15 | volumes: 16 | - name: cache-volume 17 | emptyDir: 18 | medium: Memory 19 | sizeLimit: 128Mi 20 | -------------------------------------------------------------------------------- /samples/chapter07/sample-emptydir-memory.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-emptydir-memory 5 | spec: 6 | containers: 7 | - image: nginx:1.16 8 | name: nginx-container 9 | volumeMounts: 10 | - mountPath: /cache 11 | name: cache-volume 12 | volumes: 13 | - name: cache-volume 14 | emptyDir: 15 | medium: Memory 16 | sizeLimit: 128Mi 17 | -------------------------------------------------------------------------------- /samples/chapter07/sample-emptydir.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-emptydir 5 | spec: 6 | containers: 7 | - image: nginx:1.16 8 | name: nginx-container 9 | volumeMounts: 10 | - mountPath: /cache 11 | name: cache-volume 12 | volumes: 13 | - name: cache-volume 14 | emptyDir: {} 15 | -------------------------------------------------------------------------------- /samples/chapter07/sample-env-container.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-env-container 5 | labels: 6 | app: sample-app 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | env: 12 | - name: CPU_REQUESTS 13 | valueFrom: 14 | resourceFieldRef: 15 | containerName: nginx-container 16 | resource: requests.cpu 17 | - name: CPU_LIMITS 18 | valueFrom: 19 | resourceFieldRef: 20 | containerName: nginx-container 21 | resource: limits.cpu 22 | -------------------------------------------------------------------------------- /samples/chapter07/sample-env-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-env-fail 5 | labels: 6 | app: sample-app 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | command: ["echo"] 12 | args: ["${TESTENV}", "${HOSTNAME}"] 13 | env: 14 | - name: TESTENV 15 | value: "100" 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-env-fail2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-env-fail2 5 | labels: 6 | app: sample-app 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | command: ["echo"] 12 | args: ["$(TESTENV)", "$(HOSTNAME)"] 13 | env: 14 | - name: TESTENV 15 | value: "100" 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-env-fail3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-env-fail3 5 | labels: 6 | app: sample-app 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | command: ["echo"] 12 | args: ["$(K8S_NODE)", "${K8S_NODE}"] 13 | env: 14 | - name: K8S_NODE 15 | valueFrom: 16 | fieldRef: 17 | fieldPath: spec.nodeName 18 | -------------------------------------------------------------------------------- /samples/chapter07/sample-env-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-env-pod 5 | labels: 6 | app: sample-app 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | env: 12 | - name: K8S_NODE 13 | valueFrom: 14 | fieldRef: 15 | fieldPath: spec.nodeName 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-env 5 | labels: 6 | app: sample-app 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | env: 12 | - name: MAX_CONNECTION 13 | value: "100" 14 | -------------------------------------------------------------------------------- /samples/chapter07/sample-gitrepo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-gitrepo 5 | spec: 6 | containers: 7 | - image: nginx:1.16 8 | name: nginx-container 9 | volumeMounts: 10 | - mountPath: /srv 11 | name: gitrepo-sample 12 | volumes: 13 | - name: gitrepo-sample 14 | gitRepo: 15 | repository: "https://github.com/kubernetes/kubectl.git" 16 | # プライベートリポジトリの場合 17 | # repository: "https://USERNAME:PASSWORD@github.com/ORG/private-repo.git" 18 | revision: "master" # ブランチ、コミットハッシュ 19 | directory: kubectl-repo # 未指定の場合はリポジトリ名 20 | -------------------------------------------------------------------------------- /samples/chapter07/sample-hostpath.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-hostpath 5 | spec: 6 | containers: 7 | - image: nginx:1.16 8 | name: nginx-container 9 | volumeMounts: 10 | - mountPath: /srv 11 | name: hostpath-sample 12 | volumes: 13 | - name: hostpath-sample 14 | hostPath: 15 | path: /etc 16 | type: DirectoryOrCreate 17 | -------------------------------------------------------------------------------- /samples/chapter07/sample-key: -------------------------------------------------------------------------------- 1 | -----BEGIN OPENSSH PRIVATE KEY----- 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn 3 | NhAAAAAwEAAQAAAQEAroi55u2AWN3i7UrRTSwleCDM+4GsefrZ1SdPcW1ilZn8vphz0L8y 4 | t+zwUhdVVgqfMMypV6NoBVccNMb7RS9lZOnLm71D036fIoGiy6lc2/kbAvrGbx0vq/aQhn 5 | uw8z0RfVXEd9h7GZr3Io3sXA8QIxaKqqu88SrS7uzQuY44gefJDEs4KQDvXqrcH+54IhOc 6 | ylnVUWWzZp0l3Zz7IE96pYEfgFR9TwWParX7+QI4hP0q75ZNT5G+6T3A+7dN1gCf5RXrN7 7 | GODPRzDx7ED3KmibEp8qe6FO6pypkWKGKzGf9EyRypkFSdv8ZvtYHTL4/nJyjDVz3HBIji 8 | pDRVRfgmAwAAA8Ds6Kik7OiopAAAAAdzc2gtcnNhAAABAQCuiLnm7YBY3eLtStFNLCV4IM 9 | z7gax5+tnVJ09xbWKVmfy+mHPQvzK37PBSF1VWCp8wzKlXo2gFVxw0xvtFL2Vk6cubvUPT 10 | fp8igaLLqVzb+RsC+sZvHS+r9pCGe7DzPRF9VcR32HsZmvcijexcDxAjFoqqq7zxKtLu7N 11 | C5jjiB58kMSzgpAO9eqtwf7ngiE5zKWdVRZbNmnSXdnPsgT3qlgR+AVH1PBY9qtfv5AjiE 12 | /Srvlk1Pkb7pPcD7t03WAJ/lFes3sY4M9HMPHsQPcqaJsSnyp7oU7qnKmRYoYrMZ/0TJHK 13 | mQVJ2/xm+1gdMvj+cnKMNXPccEiOKkNFVF+CYDAAAAAwEAAQAAAQEApHhXpxPcROIjfDVq 14 | 8uxNCtzuDXvvSqtnJwR6SosnwY5wrDMBwI7MfqIa/WDbm886oEPcuKdV2OJzxBBWrKWzSN 15 | tAcaxzBBRoZZ4ACSe6R9iA6dfjssWwLL6XBwP8hdrgZlmyYLVxm3l6tedD+qR/MnGFjrtz 16 | u1f9mgUz1Af/m/l/2vjPCNTzO/n+o7HFX2S0+tEBinNQYJxCEQiQFzmS0e+FkUHAyf8TPy 17 | jpt6tiQzBt+XYYAdEmelIxvkN2B3IiQ3CPl0WZPD8ew9dDxq/d51bgS+eaBg2hv87nzP41 18 | 9ow9WNHAIwWGbUwdda7wCtW+oNtnvcP+h7+3JDOZiDE58QAAAIAhHFAkYEh+buJLKJBJbb 19 | TBR+Uy8LjtnDqQkIdlKte9qBhBagUVuPcwBaXKsh5q5U0nzi2l+U+pU4jx8RAvNg4DYoAl 20 | Jhkx9g3Xbnn2RSiag5Xj8VmjYQQXvE7ghmxLKnqzaI+NoayVRAkCkJ4V0RtjVTpTLMLrOh 21 | Wfc/6/JsrQYgAAAIEA2fkU27gMtenFk2NUc1DgKx65t7pbf7WpssJnUmLiZUczwJiOYHit 22 | j4TSoko2zAO6YyvFoAyCJvxOx1/GUYuNyiC0k0fARL906UW5xoKqXq7UWFreCwUuQ7zqQi 23 | YpAdLlM5xsGihoXzu+GWZ0u03xjgTkFyEROlhYzW9bu8bGz/0AAACBAMz7nXPWmlsg5FhB 24 | 983QTiVb6b/pFA5I/qWuSZOM7bNvhSA5/in8p4QlV6LvP4PS0bXw4bDinzUOXbGBY/KWVq 25 | P34p6/GUTZ9hyqBf3283RrVAlZ4BfYexEP9cd7duevRSlA/QbvH9zXxZq44pKlmMVc48Nx 26 | 39yigwqac1EMNa3/AAAABnNhbXBsZQECAwQ= 27 | -----END OPENSSH PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /samples/chapter07/sample-key.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuiLnm7YBY3eLtStFNLCV4IMz7gax5+tnVJ09xbWKVmfy+mHPQvzK37PBSF1VWCp8wzKlXo2gFVxw0xvtFL2Vk6cubvUPTfp8igaLLqVzb+RsC+sZvHS+r9pCGe7DzPRF9VcR32HsZmvcijexcDxAjFoqqq7zxKtLu7NC5jjiB58kMSzgpAO9eqtwf7ngiE5zKWdVRZbNmnSXdnPsgT3qlgR+AVH1PBY9qtfv5AjiE/Srvlk1Pkb7pPcD7t03WAJ/lFes3sY4M9HMPHsQPcqaJsSnyp7oU7qnKmRYoYrMZ/0TJHKmQVJ2/xm+1gdMvj+cnKMNXPccEiOKkNFVF+CYD sample 2 | -------------------------------------------------------------------------------- /samples/chapter07/sample-projected.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-projected 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - name: projected-volume 11 | mountPath: /srv 12 | volumes: 13 | - name: projected-volume 14 | projected: 15 | sources: 16 | - secret: 17 | name: sample-db-auth 18 | items: 19 | - key: username 20 | path: secret/username.txt 21 | - configMap: 22 | name: sample-configmap 23 | items: 24 | - key: nginx.conf 25 | path: configmap/nginx.conf 26 | - downwardAPI: 27 | items: 28 | - path: "podname" 29 | fieldRef: 30 | fieldPath: metadata.name 31 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pull-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pull-secret 5 | spec: 6 | containers: 7 | - name: secret-image-container 8 | image: REGISTRY_NAME/secret-image:latest 9 | imagePullSecrets: 10 | - name: sample-registry-auth 11 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pv-readonlymany.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-pv-readonlymany 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | volumeMounts: 19 | - mountPath: "/usr/share/nginx/html" 20 | name: nginx-pvc 21 | # readOnly: true 22 | volumes: 23 | - name: nginx-pvc 24 | persistentVolumeClaim: 25 | claimName: sample-pvc 26 | readOnly: true 27 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: sample-pv 5 | labels: # ラベル 6 | type: gce-pv 7 | environment: stg 8 | spec: 9 | capacity: # 容量 10 | storage: 10Gi 11 | accessModes: # アクセスモード 12 | - ReadWriteOnce 13 | persistentVolumeReclaimPolicy: Retain # Reclaim Policy 14 | storageClassName: manual # StorageClass 15 | # PersistentVolumeプラグインごとの設定(GCE Persistent Diskの例) 16 | gcePersistentDisk: 17 | pdName: sample-gce-pv 18 | fsType: ext4 19 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc-block-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pvc-block-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | volumeDevices: 10 | - devicePath: /dev/sample-block 11 | name: nginx-pvc 12 | volumes: 13 | - name: nginx-pvc 14 | persistentVolumeClaim: 15 | claimName: sample-pvc-block 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc-block.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: sample-pvc-block 5 | spec: 6 | storageClassName: sample-storageclass 7 | volumeMode: Block 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 3Gi 13 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc-dynamic-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pvc-dynamic-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - mountPath: "/usr/share/nginx/html" 11 | name: nginx-pvc 12 | volumes: 13 | - name: nginx-pvc 14 | persistentVolumeClaim: 15 | claimName: sample-pvc-dynamic 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc-dynamic.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: sample-pvc-dynamic 5 | spec: 6 | storageClassName: sample-storageclass 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 3Gi 12 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pvc-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - mountPath: "/usr/share/nginx/html" 11 | name: nginx-pvc 12 | volumes: 13 | - name: nginx-pvc 14 | persistentVolumeClaim: 15 | claimName: sample-pvc 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc-resize-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pvc-resize-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - mountPath: "/usr/share/nginx/html" 11 | name: nginx-pvc 12 | volumes: 13 | - name: nginx-pvc 14 | persistentVolumeClaim: 15 | claimName: sample-pvc-resize 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc-resize.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: sample-pvc-resize 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 8Gi 11 | storageClassName: sample-storageclass-resize 12 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc-wait-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pvc-wait-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - mountPath: "/usr/share/nginx/html" 11 | name: nginx-pvc 12 | volumes: 13 | - name: nginx-pvc 14 | persistentVolumeClaim: 15 | claimName: sample-pvc-wait 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc-wait.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: sample-pvc-wait 5 | spec: 6 | storageClassName: sample-storageclass-wait 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 3Gi 12 | -------------------------------------------------------------------------------- /samples/chapter07/sample-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: sample-pvc 5 | spec: 6 | selector: 7 | matchLabels: 8 | type: gce-pv 9 | matchExpressions: 10 | - key: environment 11 | operator: In 12 | values: 13 | - stg 14 | resources: 15 | requests: 16 | storage: 3Gi 17 | accessModes: 18 | - ReadWriteOnce 19 | storageClassName: manual 20 | -------------------------------------------------------------------------------- /samples/chapter07/sample-readonly-volumemount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-readonly-volumemount 5 | spec: 6 | containers: 7 | - image: nginx:1.16 8 | name: nginx-container 9 | volumeMounts: 10 | - mountPath: /srv 11 | name: hostpath-sample 12 | readOnly: true 13 | volumes: 14 | - name: hostpath-sample 15 | hostPath: 16 | path: /etc 17 | type: DirectoryOrCreate 18 | -------------------------------------------------------------------------------- /samples/chapter07/sample-secret-binary-webserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-secret-binary-webserver 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - name: config-volume 11 | mountPath: /usr/share/nginx/html 12 | volumes: 13 | - name: config-volume 14 | configMap: 15 | name: sample-secret-binary 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-secret-binary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sample-secret-binary 5 | data: 6 | image.jpg: /9j/4AAQSkZJRgABAQAASABIAAD/4QCARXhpZgAATU0AKgAAAAgABAESAAMAAAABAAEAAAEaAAUAAAABAAAAPgEbAAUAAAABAAAARodpAAQAAAABAAAATgAAAAAAAABIAAAAAQAAAEgAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAE2gAwAEAAAAAQAAABQAAAAA/+0AOFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAAAAOEJJTQQlAAAAAAAQ1B2M2Y8AsgTpgAmY7PhCfv/AABEIABQATQMBIgACEQEDEQH/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2wBDAAYGBgYGBgoGBgoOCgoKDhIODg4OEhcSEhISEhccFxcXFxcXHBwcHBwcHBwiIiIiIiInJycnJywsLCwsLCwsLCz/2wBDAQcHBwsKCxMKChMuHxofLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi4uLi7/3QAEAAX/2gAMAwEAAhEDEQA/APpXUtQa08u2tUE13cZEUZOBx952PZF4yfcAZJArSBIXLkZxz6Vhab5Y1O9+0jF4zZG7vbjiPYf7o5z6MTnqK2LpWe2lROpRgPqQa1nFK0SItu7Y2e6ggtzcySIiYyHZgF9uaw7WSXX4bLVLW6MUW1XZI/8AnoMZGejLgsrAg9iMEZpkMmkQ6bp1/dxq7mGNIcIZG5TcQigE9ASSBwBzwKs+GLmK50O1aLOEQIQylSCB6EDt07EdK15OSDkl1t+ZHNzSUW/60NW9ulsbSW7dSwiUsQOpx6ZqZZYmcxqyll6gEZH4VyHiC31K7hvkumEdgioI1Th5Scbt5/uA8Y4Lc546t22669bafZacbcW8hdrhEAXb5ZyMgdGLADJOSDnoKI0E43vrq/wQOo09jqLzUbOwC/aZNrPnYgBZ2x12ooLH8BUOm6mupeeUhliEEnlnzQBuIAJxgngZwffI7VcnDCJ5IVBlCNt9c44H51R0NYV0e08g5UxKc9ySMsT7k5J96ySjyN21L15rC3GrQRTtawJJczrgNHEuduefmY4ReDnkjis7QrjV7uy824MSAM6LkmRztdlO4jaOwHGfrWnq8UcmmXCSSrCmwlnfhQByd3T5eMH2ql4YtjbaFaxtGISwaTyxnCeYxfaMgEAZwBgYHatFyqk2lrdE689mz//Q+mr+yiulSQlo5YDvjkTAZT3HIIII4IIINX6ZJ/q2+hp9W/gXzJW7KE2m2E9strNAjxKcqhUbR16D8TV4KFAVRgDgAUHpS1Lk3uOyI5Yo5ozHModT1B5HHNSUGikMKr29rb2qutugQO7SEDpuY5Y47ZPJ9+asUU7vYLDXjSRSkihlPUEZFOoopAf/2Q== 7 | index.html: SGVsbG8sIEt1YmVybmV0ZXM= 8 | -------------------------------------------------------------------------------- /samples/chapter07/sample-secret-immutable.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sample-secret-immutable 5 | type: Opaque 6 | data: 7 | username: cm9vdA== # root 8 | password: cm9vdHBhc3N3b3Jk # rootpassword 9 | immutable: true 10 | -------------------------------------------------------------------------------- /samples/chapter07/sample-secret-multi-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-secret-multi-env 5 | spec: 6 | containers: 7 | - name: secret-container 8 | image: nginx:1.16 9 | envFrom: 10 | - secretRef: 11 | name: sample-db-auth 12 | -------------------------------------------------------------------------------- /samples/chapter07/sample-secret-multi-volume.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-secret-multi-volume 5 | spec: 6 | containers: 7 | - name: secret-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - name: config-volume 11 | mountPath: /config 12 | volumes: 13 | - name: config-volume 14 | secret: 15 | secretName: sample-db-auth 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-secret-prefix-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-secret-prefix-env 5 | spec: 6 | containers: 7 | - name: secret-container 8 | image: nginx:1.16 9 | envFrom: 10 | - secretRef: 11 | name: sample-db-auth 12 | prefix: DB1_ 13 | - secretRef: 14 | name: sample-db-auth 15 | prefix: DB2_ 16 | -------------------------------------------------------------------------------- /samples/chapter07/sample-secret-secure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-secret-secure 5 | spec: 6 | containers: 7 | - name: secret-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - name: config-volume 11 | mountPath: /config 12 | volumes: 13 | - name: config-volume 14 | secret: 15 | secretName: sample-db-auth 16 | defaultMode: 256 17 | -------------------------------------------------------------------------------- /samples/chapter07/sample-secret-single-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-secret-single-env 5 | spec: 6 | containers: 7 | - name: secret-container 8 | image: nginx:1.16 9 | env: 10 | - name: DB_USERNAME 11 | valueFrom: 12 | secretKeyRef: 13 | name: sample-db-auth 14 | key: username 15 | -------------------------------------------------------------------------------- /samples/chapter07/sample-secret-single-volume.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-secret-single-volume 5 | spec: 6 | containers: 7 | - name: secret-container 8 | image: nginx:1.16 9 | volumeMounts: 10 | - name: config-volume 11 | mountPath: /config 12 | volumes: 13 | - name: config-volume 14 | secret: 15 | secretName: sample-db-auth 16 | items: 17 | - key: username 18 | path: username.txt 19 | -------------------------------------------------------------------------------- /samples/chapter07/sample-ssh-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sample-ssh-auth 5 | type: kubernetes.io/ssh-auth 6 | data: 7 | ssh-privatekey: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUJGd0FBQUFkemMyZ3RjbgpOaEFBQUFBd0VBQVFBQUFRRUFyb2k1NXUyQVdOM2k3VXJSVFN3bGVDRE0rNEdzZWZyWjFTZFBjVzFpbFpuOHZwaHowTDh5CnQrendVaGRWVmdxZk1NeXBWNk5vQlZjY05NYjdSUzlsWk9uTG03MUQwMzZmSW9HaXk2bGMyL2tiQXZyR2J4MHZxL2FRaG4KdXc4ejBSZlZYRWQ5aDdHWnIzSW8zc1hBOFFJeGFLcXF1ODhTclM3dXpRdVk0NGdlZkpERXM0S1FEdlhxcmNIKzU0SWhPYwp5bG5WVVdXelpwMGwzWno3SUU5NnBZRWZnRlI5VHdXUGFyWDcrUUk0aFAwcTc1Wk5UNUcrNlQzQSs3ZE4xZ0NmNVJYck43CkdPRFBSekR4N0VEM0ttaWJFcDhxZTZGTzZweXBrV0tHS3pHZjlFeVJ5cGtGU2R2OFp2dFlIVEw0L25KeWpEVnozSEJJamkKcERSVlJmZ21Bd0FBQThEczZLaWs3T2lvcEFBQUFBZHpjMmd0Y25OaEFBQUJBUUN1aUxubTdZQlkzZUx0U3RGTkxDVjRJTQp6N2dheDUrdG5WSjA5eGJXS1ZtZnkrbUhQUXZ6SzM3UEJTRjFWV0NwOHd6S2xYbzJnRlZ4dzB4dnRGTDJWazZjdWJ2VVBUCmZwOGlnYUxMcVZ6YitSc0Mrc1p2SFMrcjlwQ0dlN0R6UFJGOVZjUjMySHNabXZjaWpleGNEeEFqRm9xcXE3enhLdEx1N04KQzVqamlCNThrTVN6Z3BBTzllcXR3ZjduZ2lFNXpLV2RWUlpiTm1uU1hkblBzZ1QzcWxnUitBVkgxUEJZOXF0ZnY1QWppRQovU3J2bGsxUGtiN3BQY0Q3dDAzV0FKL2xGZXMzc1k0TTlITVBIc1FQY3FhSnNTbnlwN29VN3FuS21SWW9Zck1aLzBUSkhLCm1RVkoyL3htKzFnZE12aitjbktNTlhQY2NFaU9La05GVkYrQ1lEQUFBQUF3RUFBUUFBQVFFQXBIaFhweFBjUk9JamZEVnEKOHV4TkN0enVEWHZ2U3F0bkp3UjZTb3Nud1k1d3JETUJ3STdNZnFJYS9XRGJtODg2b0VQY3VLZFYyT0p6eEJCV3JLV3pTTgp0QWNheHpCQlJvWlo0QUNTZTZSOWlBNmRmanNzV3dMTDZYQndQOGhkcmdabG15WUxWeG0zbDZ0ZWREK3FSL01uR0ZqcnR6CnUxZjltZ1V6MUFmL20vbC8ydmpQQ05Uek8vbitvN0hGWDJTMCt0RUJpbk5RWUp4Q0VRaVFGem1TMGUrRmtVSEF5ZjhUUHkKanB0NnRpUXpCdCtYWVlBZEVtZWxJeHZrTjJCM0lpUTNDUGwwV1pQRDhldzlkRHhxL2Q1MWJnUytlYUJnMmh2ODduelA0MQo5b3c5V05IQUl3V0diVXdkZGE3d0N0VytvTnRudmNQK2g3KzNKRE9aaURFNThRQUFBSUFoSEZBa1lFaCtidUpMS0pCSmJiClRCUitVeThManRuRHFRa0lkbEt0ZTlxQmhCYWdVVnVQY3dCYVhLc2g1cTVVMG56aTJsK1UrcFU0ang4UkF2Tmc0RFlvQWwKSmhreDlnM1hibm4yUlNpYWc1WGo4Vm1qWVFRWHZFN2dobXhMS25xemFJK05vYXlWUkFrQ2tKNFYwUnRqVlRwVExNTHJPaApXZmMvNi9Kc3JRWWdBQUFJRUEyZmtVMjdnTXRlbkZrMk5VYzFEZ0t4NjV0N3BiZjdXcHNzSm5VbUxpWlVjendKaU9ZSGl0Cmo0VFNva28yekFPNll5dkZvQXlDSnZ4T3gxL0dVWXVOeWlDMGswZkFSTDkwNlVXNXhvS3FYcTdVV0ZyZUN3VXVRN3pxUWkKWXBBZExsTTV4c0dpaG9YenUrR1daMHUwM3hqZ1RrRnlFUk9saFl6VzlidThiR3ovMEFBQUNCQU16N25YUFdtbHNnNUZoQgo5ODNRVGlWYjZiL3BGQTVJL3FXdVNaT003Yk52aFNBNS9pbjhwNFFsVjZMdlA0UFMwYlh3NGJEaW56VU9YYkdCWS9LV1ZxClAzNHA2L0dVVFo5aHlxQmYzMjgzUnJWQWxaNEJmWWV4RVA5Y2Q3ZHVldlJTbEEvUWJ2SDl6WHhacTQ0cEtsbU1WYzQ4TngKMzl5aWd3cWFjMUVNTmEzL0FBQUFCbk5oYlhCc1pRRUNBd1E9Ci0tLS0tRU5EIE9QRU5TU0ggUFJJVkFURSBLRVktLS0tLQo= 8 | -------------------------------------------------------------------------------- /samples/chapter07/sample-statefulset-with-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: sample-statefulset-with-pvc 5 | spec: 6 | serviceName: stateful-with-pvc 7 | replicas: 2 8 | selector: 9 | matchLabels: 10 | app: sample-pvc 11 | template: 12 | metadata: 13 | labels: 14 | app: sample-pvc 15 | spec: 16 | containers: 17 | - name: sample-pvc 18 | image: nginx:1.16 19 | volumeMounts: 20 | - name: pvc-template-volume 21 | mountPath: /tmp 22 | volumeClaimTemplates: 23 | - metadata: 24 | name: pvc-template-volume 25 | spec: 26 | accessModes: 27 | - ReadWriteOnce 28 | resources: 29 | requests: 30 | storage: 10Gi 31 | storageClassName: sample-storageclass 32 | -------------------------------------------------------------------------------- /samples/chapter07/sample-storageclass-manual.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: manual 5 | provisioner: kubernetes.io/no-provisioner 6 | -------------------------------------------------------------------------------- /samples/chapter07/sample-storageclass-resize.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: sample-storageclass-resize 5 | parameters: 6 | type: pd-ssd 7 | provisioner: kubernetes.io/gce-pd 8 | reclaimPolicy: Delete 9 | allowVolumeExpansion: true 10 | -------------------------------------------------------------------------------- /samples/chapter07/sample-storageclass-wait.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: sample-storageclass-wait 5 | parameters: 6 | type: pd-ssd 7 | provisioner: kubernetes.io/gce-pd 8 | reclaimPolicy: Delete 9 | volumeBindingMode: WaitForFirstConsumer 10 | -------------------------------------------------------------------------------- /samples/chapter07/sample-storageclass.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: sample-storageclass 5 | parameters: 6 | type: pd-ssd 7 | provisioner: kubernetes.io/gce-pd 8 | reclaimPolicy: Delete 9 | -------------------------------------------------------------------------------- /samples/chapter07/sample-subpath.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-subpath 5 | spec: 6 | containers: 7 | - name: container-a 8 | image: alpine:3.7 9 | command: ["sh", "-c", "touch /data/a.txt; sleep 86400"] 10 | volumeMounts: 11 | - mountPath: /data 12 | name: main-volume 13 | - name: container-b 14 | image: alpine:3.7 15 | command: ["sh", "-c", "touch /data/b.txt; sleep 86400"] 16 | volumeMounts: 17 | - mountPath: /data 18 | name: main-volume 19 | subPath: path1 20 | - name: container-c 21 | image: alpine:3.7 22 | command: ["sh", "-c", "touch /data/c.txt; sleep 86400"] 23 | volumeMounts: 24 | - mountPath: /data 25 | name: main-volume 26 | subPath: path2 27 | volumes: 28 | - name: main-volume 29 | emptyDir: {} 30 | -------------------------------------------------------------------------------- /samples/chapter07/source-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: source-pod 5 | spec: 6 | containers: 7 | - name: tools-container 8 | image: amsy810/tools 9 | command: ["/bin/sh", "-c"] 10 | args: ["date > /data/time.txt && sleep infinity"] 11 | volumeMounts: 12 | - name: data-volume 13 | mountPath: /data 14 | volumes: 15 | - name: data-volume 16 | persistentVolumeClaim: 17 | claimName: source-pvc 18 | readOnly: false 19 | -------------------------------------------------------------------------------- /samples/chapter07/source-pvc-snapshot.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: snapshot.storage.k8s.io/v1beta1 2 | kind: VolumeSnapshot 3 | metadata: 4 | name: source-pvc-snapshot 5 | spec: 6 | volumeSnapshotClassName: sample-csi-volumesnapshotclass 7 | source: 8 | persistentVolumeClaimName: source-pvc 9 | -------------------------------------------------------------------------------- /samples/chapter07/source-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: source-pvc 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: sample-csi-storageclass 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | -------------------------------------------------------------------------------- /samples/chapter08/sample-namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: sample-namespace 5 | -------------------------------------------------------------------------------- /samples/chapter09/sample-ephemeral-storage-multi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-ephemeral-storage-multi 5 | spec: 6 | containers: 7 | - name: container-a 8 | image: amsy810/tools:v2.0 9 | resources: 10 | requests: 11 | ephemeral-storage: "1024Mi" 12 | limits: 13 | ephemeral-storage: "2048Mi" 14 | volumeMounts: 15 | - mountPath: /cache 16 | name: cache-volume 17 | - name: container-b 18 | image: amsy810/tools:v2.0 19 | resources: 20 | requests: 21 | ephemeral-storage: "1024Mi" 22 | limits: 23 | ephemeral-storage: "2048Mi" 24 | volumeMounts: 25 | - mountPath: /cache 26 | name: cache-volume 27 | volumes: 28 | - name: cache-volume 29 | emptyDir: {} 30 | -------------------------------------------------------------------------------- /samples/chapter09/sample-ephemeral-storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-ephemeral-storage 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | resources: 10 | requests: 11 | ephemeral-storage: "1024Mi" 12 | limits: 13 | ephemeral-storage: "2048Mi" 14 | -------------------------------------------------------------------------------- /samples/chapter09/sample-hpa-behavior.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: sample-hpa-behavior 5 | spec: 6 | scaleTargetRef: 7 | apiVersion: apps/v1 8 | kind: Deployment 9 | name: sample-hpa-deployment 10 | minReplicas: 1 11 | maxReplicas: 10 12 | metrics: 13 | - type: Resource 14 | resource: 15 | name: cpu 16 | targetAverageUtilization: 50 17 | behavior: 18 | scaleDown: 19 | stabilizationWindowSeconds: 300 20 | policies: 21 | - type: Percent 22 | value: 100 23 | periodSeconds: 15 24 | scaleUp: 25 | stabilizationWindowSeconds: 0 26 | policies: 27 | - type: Percent 28 | value: 100 29 | periodSeconds: 15 30 | - type: Pods 31 | value: 4 32 | periodSeconds: 15 33 | selectPolicy: Max 34 | -------------------------------------------------------------------------------- /samples/chapter09/sample-hpa-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-hpa-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: tools-container 17 | image: amsy810/tools:v2.0 18 | resources: 19 | requests: 20 | cpu: 100m 21 | limits: 22 | cpu: 100m 23 | -------------------------------------------------------------------------------- /samples/chapter09/sample-hpa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: sample-hpa 5 | spec: 6 | scaleTargetRef: 7 | apiVersion: apps/v1 8 | kind: Deployment 9 | name: sample-hpa-deployment 10 | minReplicas: 1 11 | maxReplicas: 10 12 | metrics: 13 | - type: Resource 14 | resource: 15 | name: cpu 16 | targetAverageUtilization: 50 17 | -------------------------------------------------------------------------------- /samples/chapter09/sample-limitrange-container.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: sample-limitrange-container 5 | namespace: default 6 | spec: 7 | limits: 8 | - type: Container 9 | default: 10 | memory: 512Mi 11 | cpu: 500m 12 | defaultRequest: 13 | memory: 256Mi 14 | cpu: 250m 15 | max: 16 | memory: 1024Mi 17 | cpu: 1000m 18 | min: 19 | memory: 128Mi 20 | cpu: 125m 21 | maxLimitRequestRatio: 22 | memory: 2 23 | cpu: 2 24 | -------------------------------------------------------------------------------- /samples/chapter09/sample-limitrange-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: sample-limitrange-pod 5 | namespace: default 6 | spec: 7 | limits: 8 | - type: Pod 9 | max: 10 | memory: 2048Mi 11 | cpu: 2000m 12 | min: 13 | memory: 128Mi 14 | cpu: 125m 15 | maxLimitRequestRatio: 16 | memory: 1.5 17 | cpu: 1.5 18 | -------------------------------------------------------------------------------- /samples/chapter09/sample-limitrange-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: sample-limitrange-pvc 5 | namespace: default 6 | spec: 7 | limits: 8 | - type: PersistentVolumeClaim 9 | max: 10 | storage: 20Gi 11 | min: 12 | storage: 3Gi 13 | -------------------------------------------------------------------------------- /samples/chapter09/sample-pod-overratio.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod-overratio 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | resources: 10 | requests: 11 | cpu: 125m 12 | limits: 13 | cpu: 500m 14 | -------------------------------------------------------------------------------- /samples/chapter09/sample-pod-overrequest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod-overrequest 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | resources: 10 | requests: 11 | cpu: 100m 12 | limits: 13 | cpu: 100m 14 | -------------------------------------------------------------------------------- /samples/chapter09/sample-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter09/sample-pvc-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: sample-pvc-fail 5 | spec: 6 | resources: 7 | requests: 8 | storage: 25Gi 9 | accessModes: 10 | - ReadWriteOnce 11 | -------------------------------------------------------------------------------- /samples/chapter09/sample-qos-besteffort.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-qos-besteffort 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter09/sample-qos-burstable.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-qos-burstable 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | resources: 10 | requests: 11 | cpu: "250m" 12 | limits: 13 | cpu: "500m" 14 | -------------------------------------------------------------------------------- /samples/chapter09/sample-qos-guaranteed.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-qos-guaranteed 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | resources: 10 | requests: 11 | memory: "1024Mi" 12 | cpu: "500m" 13 | limits: 14 | memory: "1024Mi" 15 | cpu: "500m" 16 | -------------------------------------------------------------------------------- /samples/chapter09/sample-resource-containers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: sample-resource-containers-1 6 | spec: 7 | containers: 8 | - name: container-a 9 | image: amsy810/tools:v2.0 10 | resources: 11 | requests: 12 | cpu: 75m 13 | limits: 14 | cpu: 150m 15 | --- 16 | apiVersion: v1 17 | kind: Pod 18 | metadata: 19 | name: sample-resource-containers-2 20 | spec: 21 | containers: 22 | - name: container-a 23 | image: amsy810/tools:v2.0 24 | resources: 25 | requests: 26 | cpu: 75m 27 | limits: 28 | cpu: 150m 29 | - name: container-b 30 | image: amsy810/tools:v2.0 31 | resources: 32 | requests: 33 | cpu: 50m 34 | limits: 35 | cpu: 100m 36 | --- 37 | apiVersion: v1 38 | kind: Pod 39 | metadata: 40 | name: sample-resource-containers-3 41 | spec: 42 | initContainers: 43 | - name: initcontainer-a 44 | image: amsy810/success:latest 45 | resources: 46 | requests: 47 | cpu: 125m 48 | limits: 49 | cpu: 250m 50 | - name: initcontainer-b 51 | image: amsy810/success:latest 52 | resources: 53 | requests: 54 | cpu: 100m 55 | limits: 56 | cpu: 200m 57 | containers: 58 | - name: container-a 59 | image: amsy810/tools:v2.0 60 | resources: 61 | requests: 62 | cpu: 75m 63 | limits: 64 | cpu: 150m 65 | - name: container-b 66 | image: amsy810/tools:v2.0 67 | resources: 68 | requests: 69 | cpu: 100m 70 | limits: 71 | cpu: 200m 72 | --- 73 | apiVersion: v1 74 | kind: Pod 75 | metadata: 76 | name: sample-resource-containers-4 77 | spec: 78 | initContainers: 79 | - name: initcontainer-a 80 | image: amsy810/success:latest 81 | resources: 82 | requests: 83 | cpu: 125m 84 | limits: 85 | cpu: 250m 86 | - name: initcontainer-b 87 | image: amsy810/success:latest 88 | resources: 89 | requests: 90 | cpu: 100m 91 | limits: 92 | cpu: 200m 93 | containers: 94 | - name: container-a 95 | image: amsy810/tools:v2.0 96 | resources: 97 | requests: 98 | cpu: 50m 99 | limits: 100 | cpu: 100m 101 | - name: container-b 102 | image: amsy810/tools:v2.0 103 | resources: 104 | requests: 105 | cpu: 50m 106 | limits: 107 | cpu: 100m 108 | 109 | -------------------------------------------------------------------------------- /samples/chapter09/sample-resource-only-limits.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-resource-only-limits 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | resources: 10 | limits: 11 | memory: 256Mi 12 | cpu: 200m 13 | -------------------------------------------------------------------------------- /samples/chapter09/sample-resource-only-requests.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-resource-only-requests 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | resources: 10 | requests: 11 | memory: 256Mi 12 | cpu: 200m 13 | -------------------------------------------------------------------------------- /samples/chapter09/sample-resource.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-resource 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | resources: 19 | requests: 20 | memory: "1024Mi" 21 | cpu: "500m" 22 | limits: 23 | memory: "2048Mi" 24 | cpu: "1000m" 25 | -------------------------------------------------------------------------------- /samples/chapter09/sample-resourcequota-count-new.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: sample-resourcequota-count-new 5 | namespace: default 6 | spec: 7 | hard: 8 | # 作成可能なリソースの数(新方式) 9 | count/persistentvolumeclaims: 10 10 | count/services: 10 11 | count/secrets: 10 12 | count/configmaps: 10 13 | count/replicationcontrollers: 10 14 | count/deployments.apps: 10 15 | count/replicasets.apps: 10 16 | count/statefulsets.apps: 10 17 | count/jobs.batch: 10 18 | count/cronjobs.batch: 10 19 | count/deployments.extensions: 10 20 | -------------------------------------------------------------------------------- /samples/chapter09/sample-resourcequota-count-old.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: sample-resourcequota-count-old 5 | namespace: default 6 | spec: 7 | hard: 8 | # 作成可能なリソースの数(旧方式) 9 | # count/*の新方式では指定不可 10 | sample-storageclass.storageclass.storage.k8s.io/persistentvolumeclaims: 10 11 | services.loadbalancers: 10 12 | services.nodeports: 10 13 | 14 | # count/*の新方式でも指定可 15 | pods: 10 16 | persistentvolumeclaims: 10 17 | replicationcontrollers: 10 18 | secrets: 10 19 | configmaps: 10 20 | services: 10 21 | resourcequotas: 10 22 | -------------------------------------------------------------------------------- /samples/chapter09/sample-resourcequota-usable.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: sample-resourcequota-usable 5 | namespace: default 6 | spec: 7 | hard: 8 | # 合計のRequestsの制限 9 | requests.memory: 2Gi 10 | requests.storage: 5Gi 11 | sample-storageclass.storageclass.storage.k8s.io/requests.storage: 5Gi 12 | requests.ephemeral-storage: 5Gi 13 | requests.nvidia.com/gpu: 2 14 | # 合計のLimitsの制限 15 | limits.cpu: 4 16 | limits.ephemeral-storage: 10Gi 17 | limits.nvidia.com/gpu: 4 18 | -------------------------------------------------------------------------------- /samples/chapter09/sample-resourcequota.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: sample-resourcequota 5 | namespace: default 6 | spec: 7 | hard: 8 | # 作成可能なリソースの数 9 | count/configmaps: 10 10 | -------------------------------------------------------------------------------- /samples/chapter09/sample-vpa-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-vpa-deployment 5 | spec: 6 | replicas: 4 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: vpa-container 17 | image: amsy810/tools:v2.0 18 | resources: 19 | requests: 20 | cpu: 300m 21 | memory: 300Mi 22 | - name: no-vpa-container 23 | image: amsy810/tools:v2.0 24 | resources: 25 | requests: 26 | cpu: 100m 27 | memory: 100Mi 28 | -------------------------------------------------------------------------------- /samples/chapter09/sample-vpa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling.k8s.io/v1 2 | kind: VerticalPodAutoscaler 3 | metadata: 4 | name: sample-vpa 5 | spec: 6 | targetRef: 7 | apiVersion: apps/v1 8 | kind: Deployment 9 | name: sample-vpa-deployment 10 | updatePolicy: 11 | updateMode: Auto # Requests更新時にPodの再作成を行う 12 | resourcePolicy: 13 | containerPolicies: 14 | - containerName: no-vpa-container 15 | mode: "Off" # オートスケール対象外 16 | - containerName: "*" # 指定していない残りすべてのコンテナ 17 | mode: Auto # オートスケール対象 18 | minAllowed: 19 | memory: 300Mi 20 | maxAllowed: 21 | memory: 1000Mi 22 | controlledResources: ["cpu", "memory"] 23 | -------------------------------------------------------------------------------- /samples/chapter10/sample-deployment-readinessgate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment-readinessgate 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | readinessGates: 16 | - conditionType: "amsy.dev/sample-condition" 17 | containers: 18 | - name: nginx-container 19 | image: nginx:1.16 20 | -------------------------------------------------------------------------------- /samples/chapter10/sample-healthcheck.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-healthcheck 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | livenessProbe: 10 | httpGet: 11 | path: /index.html 12 | port: 80 13 | scheme: HTTP 14 | timeoutSeconds: 1 15 | successThreshold: 1 16 | failureThreshold: 2 17 | initialDelaySeconds: 5 18 | periodSeconds: 3 19 | readinessProbe: 20 | exec: 21 | command: ["ls", "/usr/share/nginx/html/50x.html"] 22 | timeoutSeconds: 1 23 | successThreshold: 2 24 | failureThreshold: 1 25 | initialDelaySeconds: 5 26 | periodSeconds: 3 27 | -------------------------------------------------------------------------------- /samples/chapter10/sample-initcontainer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-initcontainer 5 | spec: 6 | initContainers: 7 | - name: output-1 8 | image: amsy810/tools:v2.0 9 | command: ['sh', '-c', 'sleep 20; echo 1st > /usr/share/nginx/html/index.html'] 10 | volumeMounts: 11 | - name: html-volume 12 | mountPath: /usr/share/nginx/html/ 13 | - name: output-2 14 | image: amsy810/tools:v2.0 15 | command: ['sh', '-c', 'sleep 10; echo 2nd >> /usr/share/nginx/html/index.html'] 16 | volumeMounts: 17 | - name: html-volume 18 | mountPath: /usr/share/nginx/html/ 19 | containers: 20 | - name: nginx-container 21 | image: nginx:1.16 22 | volumeMounts: 23 | - name: html-volume 24 | mountPath: /usr/share/nginx/html/ 25 | volumes: 26 | - name: html-volume 27 | emptyDir: {} 28 | -------------------------------------------------------------------------------- /samples/chapter10/sample-lifecycle-exec.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-lifecycle-exec 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | command: ["/bin/sh", "-c", "touch /tmp/started; sleep 3600"] 10 | lifecycle: 11 | postStart: 12 | exec: 13 | command: ["/bin/sh", "-c", "sleep 20; touch /tmp/poststart"] 14 | preStop: 15 | exec: 16 | command: ["/bin/sh", "-c", "touch /tmp/prestop; sleep 20"] 17 | -------------------------------------------------------------------------------- /samples/chapter10/sample-lifecycle-httpget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-lifecycle-httpget 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | lifecycle: 10 | postStart: 11 | httpGet: 12 | path: /index.html 13 | port: 80 14 | scheme: HTTP 15 | -------------------------------------------------------------------------------- /samples/chapter10/sample-liveness.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-liveness 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | livenessProbe: 10 | httpGet: 11 | path: /index.html 12 | port: 80 13 | scheme: HTTP 14 | timeoutSeconds: 1 15 | successThreshold: 1 16 | failureThreshold: 2 17 | initialDelaySeconds: 5 18 | periodSeconds: 3 19 | -------------------------------------------------------------------------------- /samples/chapter10/sample-publish-notready.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: StatefulSet 4 | metadata: 5 | name: sample-publish-notready 6 | spec: 7 | serviceName: sample-publish-notready 8 | replicas: 3 9 | podManagementPolicy: Parallel 10 | selector: 11 | matchLabels: 12 | app: publish-notready 13 | template: 14 | metadata: 15 | labels: 16 | app: publish-notready 17 | spec: 18 | containers: 19 | - name: nginx-container 20 | image: amsy810/echo-nginx:v2.0 21 | readinessProbe: 22 | exec: 23 | command: ["sh", "-c", "exit 1"] 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: sample-publish-notready 29 | spec: 30 | type: ClusterIP 31 | publishNotReadyAddresses: true 32 | ports: 33 | - name: "http-port" 34 | protocol: "TCP" 35 | port: 8080 36 | targetPort: 80 37 | selector: 38 | app: publish-notready 39 | -------------------------------------------------------------------------------- /samples/chapter10/sample-readiness.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-readiness 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | readinessProbe: 10 | exec: 11 | command: ["ls", "/usr/share/nginx/html/50x.html"] 12 | timeoutSeconds: 1 13 | successThreshold: 2 14 | failureThreshold: 1 15 | initialDelaySeconds: 5 16 | periodSeconds: 3 17 | -------------------------------------------------------------------------------- /samples/chapter10/sample-readinessgate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: sample-readinessgate 6 | labels: 7 | app: sample-readinessgate 8 | spec: 9 | readinessGates: 10 | - conditionType: "amsy.dev/sample-condition" 11 | containers: 12 | - name: nginx-container 13 | image: nginx:1.16 14 | --- 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | name: sample-readinessgate 19 | spec: 20 | type: ClusterIP 21 | ports: 22 | - name: "http-port" 23 | protocol: "TCP" 24 | port: 8080 25 | targetPort: 80 26 | selector: 27 | app: sample-readinessgate 28 | -------------------------------------------------------------------------------- /samples/chapter10/sample-restart-always.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-restart-always 5 | spec: 6 | restartPolicy: Always 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | command: ["sh", "-c", "exit 0"] # 成功の場合 11 | # command: ["sh", "-c", "exit 1"] # 失敗の場合 12 | -------------------------------------------------------------------------------- /samples/chapter10/sample-restart-never.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-restart-never 5 | spec: 6 | restartPolicy: Never 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | command: ["sh", "-c", "exit 0"] # 成功の場合 11 | # command: ["sh", "-c", "exit 1"] # 失敗の場合 12 | -------------------------------------------------------------------------------- /samples/chapter10/sample-restart-onfailure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-restart-onfailure 5 | spec: 6 | restartPolicy: OnFailure 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | command: ["sh", "-c", "exit 0"] # 成功の場合 11 | # command: ["sh", "-c", "exit 1"] # 失敗の場合 12 | -------------------------------------------------------------------------------- /samples/chapter10/sample-startup-shortfail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-startup-shortfail 5 | spec: 6 | containers: 7 | - name: tools-container 8 | image: amsy810/tools:v2.0 9 | readinessProbe: 10 | exec: 11 | command: ["sh", "-c", "echo [$(date)] readiness >> /root/log; test ! -e /root/readiness"] 12 | periodSeconds: 3 13 | startupProbe: 14 | exec: 15 | command: ["sh", "-c", "echo [$(date)] startup >> /root/log; test -e /root/startup"] 16 | failureThreshold: 3 17 | initialDelaySeconds: 5 18 | periodSeconds: 3 19 | -------------------------------------------------------------------------------- /samples/chapter10/sample-startup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-startup 5 | spec: 6 | containers: 7 | - name: tools-container 8 | image: amsy810/tools:v2.0 9 | livenessProbe: 10 | exec: 11 | command: ["sh", "-c", "echo [$(date)] liveness >> /root/log; test ! -e /root/liveness"] 12 | periodSeconds: 3 13 | readinessProbe: 14 | exec: 15 | command: ["sh", "-c", "echo [$(date)] readiness >> /root/log; test ! -e /root/readiness"] 16 | periodSeconds: 3 17 | startupProbe: 18 | exec: 19 | command: ["sh", "-c", "echo [$(date)] startup >> /root/log; test -e /root/startup"] 20 | failureThreshold: 100 21 | periodSeconds: 3 22 | -------------------------------------------------------------------------------- /samples/chapter10/sample-termination.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-termination 5 | spec: 6 | terminationGracePeriodSeconds: 30 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | lifecycle: 11 | preStop: 12 | exec: 13 | command: ["/bin/sh", "-c", "echo preStop!; sleep 20"] 14 | -------------------------------------------------------------------------------- /samples/chapter11/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter11/sample-pod-disruption-budget-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: sample-pod-disruption-budget-fail 5 | spec: 6 | minAvailable: 1 7 | maxUnavailable: 1 8 | selector: 9 | matchLabels: 10 | app: sample-app 11 | -------------------------------------------------------------------------------- /samples/chapter11/sample-pod-disruption-budget-percentage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: sample-pod-disruption-budget-percentage 5 | spec: 6 | minAvailable: 90% 7 | # または 8 | # maxUnavailable: 10% 9 | selector: 10 | matchLabels: 11 | app: sample-app 12 | -------------------------------------------------------------------------------- /samples/chapter11/sample-pod-disruption-budget.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodDisruptionBudget 3 | metadata: 4 | name: sample-pod-disruption-budget 5 | spec: 6 | minAvailable: 1 7 | # または 8 | # maxUnavailable: 1 9 | selector: 10 | matchLabels: 11 | app: sample-app 12 | -------------------------------------------------------------------------------- /samples/chapter12/sample-custom-scheduler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-custom-scheduler 5 | spec: 6 | schedulerName: custom-scheduler 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | -------------------------------------------------------------------------------- /samples/chapter12/sample-high-priority.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-high-priority 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | priorityClassName: sample-priority-class 10 | -------------------------------------------------------------------------------- /samples/chapter12/sample-matchexpressions-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-matchexpressions-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchExpressions: 9 | - key: app 10 | operator: In 11 | values: 12 | - sample-app 13 | - sample-application 14 | template: 15 | metadata: 16 | labels: 17 | app: sample-app 18 | spec: 19 | containers: 20 | - name: nginx-container 21 | image: nginx:1.16 22 | -------------------------------------------------------------------------------- /samples/chapter12/sample-node-affinity-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-node-affinity-fail 5 | spec: 6 | affinity: 7 | nodeAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | nodeSelectorTerms: 10 | - matchExpressions: 11 | - key: disktype 12 | operator: In 13 | values: 14 | - nvme 15 | preferredDuringSchedulingIgnoredDuringExecution: 16 | - weight: 1 17 | preference: 18 | matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - gke-k8s-default-pool-9c2aa160-d2pl 23 | containers: 24 | - name: nginx-container 25 | image: nginx:1.16 26 | -------------------------------------------------------------------------------- /samples/chapter12/sample-node-affinity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-node-affinity 5 | spec: 6 | affinity: 7 | nodeAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | nodeSelectorTerms: 10 | - matchExpressions: 11 | - key: disktype 12 | operator: In 13 | values: 14 | - hdd 15 | preferredDuringSchedulingIgnoredDuringExecution: 16 | - weight: 1 17 | preference: 18 | matchExpressions: 19 | - key: kubernetes.io/hostname 20 | operator: In 21 | values: 22 | - gke-k8s-default-pool-9c2aa160-d2pl 23 | containers: 24 | - name: nginx-container 25 | image: nginx:1.16 26 | -------------------------------------------------------------------------------- /samples/chapter12/sample-nodeselector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-nodeselector 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | nodeSelector: 10 | disktype: ssd 11 | -------------------------------------------------------------------------------- /samples/chapter12/sample-nodespecific-scheduling.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-nodespecific-scheduling 5 | spec: 6 | nodeName: gke-k8s-default-pool-9c2aa160-d2pl 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | -------------------------------------------------------------------------------- /samples/chapter12/sample-pod-affinity-host.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod-affinity-host 5 | spec: 6 | affinity: 7 | podAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | - labelSelector: 10 | matchExpressions: 11 | - key: app 12 | operator: In 13 | values: 14 | - sample-app 15 | topologyKey: kubernetes.io/hostname 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.16 19 | -------------------------------------------------------------------------------- /samples/chapter12/sample-pod-affinity-zone-host.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod-affinity-zone-host 5 | spec: 6 | affinity: 7 | podAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | - labelSelector: 10 | matchExpressions: 11 | - key: app 12 | operator: In 13 | values: 14 | - sample-app 15 | topologyKey: failure-domain.beta.kubernetes.io/zone 16 | preferredDuringSchedulingIgnoredDuringExecution: 17 | - weight: 1 18 | podAffinityTerm: 19 | labelSelector: 20 | matchExpressions: 21 | - key: app 22 | operator: In 23 | values: 24 | - sample-app 25 | topologyKey: kubernetes.io/hostname 26 | containers: 27 | - name: nginx-container 28 | image: nginx:1.16 29 | -------------------------------------------------------------------------------- /samples/chapter12/sample-pod-antiaffinity-host.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod-antiaffinity-host 5 | spec: 6 | affinity: 7 | podAntiAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | - labelSelector: 10 | matchExpressions: 11 | - key: app 12 | operator: In 13 | values: 14 | - sample-app 15 | topologyKey: kubernetes.io/hostname 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.16 19 | -------------------------------------------------------------------------------- /samples/chapter12/sample-pod-complex-scheduling.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod-complex-scheduling 5 | spec: 6 | affinity: 7 | nodeAffinity: 8 | requiredDuringSchedulingIgnoredDuringExecution: 9 | nodeSelectorTerms: 10 | - matchExpressions: 11 | - key: disktype 12 | operator: In 13 | values: 14 | - ssd 15 | - nvme 16 | preferredDuringSchedulingIgnoredDuringExecution: 17 | - weight: 1 18 | preference: 19 | matchExpressions: 20 | - key: disksize 21 | operator: Gt 22 | values: 23 | - "150" 24 | podAffinity: 25 | requiredDuringSchedulingIgnoredDuringExecution: 26 | - labelSelector: 27 | matchExpressions: 28 | - key: app 29 | operator: In 30 | values: 31 | - sample-app 32 | topologyKey: failure-domain.beta.kubernetes.io/zone 33 | podAntiAffinity: 34 | requiredDuringSchedulingIgnoredDuringExecution: 35 | - labelSelector: 36 | matchExpressions: 37 | - key: app 38 | operator: In 39 | values: 40 | - sample-app 41 | topologyKey: kubernetes.io/hostname 42 | containers: 43 | - name: nginx-container 44 | image: nginx:1.16 45 | -------------------------------------------------------------------------------- /samples/chapter12/sample-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod 5 | labels: 6 | app: sample-app 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | -------------------------------------------------------------------------------- /samples/chapter12/sample-priority-class-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scheduling.k8s.io/v1 2 | kind: PriorityClass 3 | metadata: 4 | name: system-sample-priority-class-fail 5 | value: 100 6 | globalDefault: false 7 | description: "used for serviceA only" 8 | -------------------------------------------------------------------------------- /samples/chapter12/sample-priority-class-preemption-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scheduling.k8s.io/v1 2 | kind: PriorityClass 3 | metadata: 4 | name: sample-priority-class-preemption-policy 5 | value: 100 6 | globalDefault: false 7 | description: "used for serviceA only" 8 | preemptionPolicy: Never 9 | -------------------------------------------------------------------------------- /samples/chapter12/sample-priority-class.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scheduling.k8s.io/v1 2 | kind: PriorityClass 3 | metadata: 4 | name: sample-priority-class 5 | value: 100 6 | globalDefault: false 7 | description: "used for serviceA only" 8 | -------------------------------------------------------------------------------- /samples/chapter12/sample-tolerations-second.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-tolerations-second 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | tolerations: 10 | - key: "env" 11 | operator: "Equal" 12 | value: "prd" 13 | effect: "NoExecute" 14 | tolerationSeconds: 45 15 | -------------------------------------------------------------------------------- /samples/chapter12/sample-tolerations.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-tolerations 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | tolerations: 10 | - key: "env" 11 | operator: "Equal" 12 | value: "prd" 13 | effect: "NoSchedule" 14 | -------------------------------------------------------------------------------- /samples/chapter12/sample-topology-spread-constraints.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-topology-spread-constraints 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | topologySpreadConstraints: 16 | - topologyKey: kubernetes.io/hostname 17 | labelSelector: 18 | matchLabels: 19 | app: sample-app 20 | maxSkew: 2 21 | whenUnsatisfiable: DoNotSchedule 22 | - topologyKey: topology.kubernetes.io/zone 23 | labelSelector: 24 | matchLabels: 25 | app: sample-app 26 | maxSkew: 1 27 | whenUnsatisfiable: DoNotSchedule 28 | containers: 29 | - name: nginx-container 30 | image: nginx:1.16 31 | -------------------------------------------------------------------------------- /samples/chapter13/allow-all-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: allow-all-networkpolicy 5 | spec: 6 | podSelector: {} 7 | egress: 8 | - {} 9 | ingress: 10 | - {} 11 | policyTypes: 12 | - Ingress 13 | - Egress 14 | -------------------------------------------------------------------------------- /samples/chapter13/cloud-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: cloud-networkpolicy 5 | spec: 6 | podSelector: {} 7 | egress: 8 | - {} 9 | policyTypes: 10 | - Ingress 11 | - Egress 12 | -------------------------------------------------------------------------------- /samples/chapter13/deny-all-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: deny-all-networkpolicy 5 | spec: 6 | podSelector: {} 7 | policyTypes: 8 | - Ingress 9 | - Egress 10 | -------------------------------------------------------------------------------- /samples/chapter13/externalsecret/data.txt: -------------------------------------------------------------------------------- 1 | This is ExternalSecret test data. 2 | -------------------------------------------------------------------------------- /samples/chapter13/externalsecret/sample-external-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubernetes-client.io/v1 2 | kind: ExternalSecret 3 | metadata: 4 | name: sample-external-secret 5 | spec: 6 | backendType: gcpSecretsManager 7 | projectId: _PROJECT_ 8 | data: 9 | - key: sample-gsm-key 10 | name: sample-k8s-key 11 | version: latest 12 | -------------------------------------------------------------------------------- /samples/chapter13/externalsecret/values.yaml: -------------------------------------------------------------------------------- 1 | serviceAccount: 2 | annotations: 3 | iam.gke.io/gcp-service-account: external-secret-gsa@_PROJECT_.iam.gserviceaccount.com 4 | env: 5 | AWS_REGION: 6 | VAULT_ADDR: 7 | GOOGLE_APPLICATION_CREDENTIALS: 8 | -------------------------------------------------------------------------------- /samples/chapter13/kubesec/sample-db-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sample-db-auth 5 | type: Opaque 6 | data: 7 | username: cm9vdA== # root 8 | password: cm9vdHBhc3N3b3Jk # rootpassword 9 | -------------------------------------------------------------------------------- /samples/chapter13/networkpolicy-playground.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: sample-pod-np1 6 | namespace: default 7 | labels: 8 | app: np1 9 | spec: 10 | containers: 11 | - name: nginx-container 12 | image: amsy810/echo-nginx:v2.0 13 | --- 14 | apiVersion: v1 15 | kind: Pod 16 | metadata: 17 | name: sample-pod-np2 18 | namespace: default 19 | labels: 20 | app: np2 21 | spec: 22 | containers: 23 | - name: nginx-container 24 | image: amsy810/echo-nginx:v2.0 25 | --- 26 | apiVersion: v1 27 | kind: Namespace 28 | metadata: 29 | name: nptest 30 | --- 31 | apiVersion: v1 32 | kind: Pod 33 | metadata: 34 | name: sample-pod-np3 35 | namespace: nptest 36 | labels: 37 | app: np3 38 | spec: 39 | containers: 40 | - name: nginx-container 41 | image: amsy810/echo-nginx:v2.0 42 | --- 43 | apiVersion: v1 44 | kind: Pod 45 | metadata: 46 | name: sample-pod-np4 47 | namespace: nptest 48 | labels: 49 | app: np4 50 | spec: 51 | containers: 52 | - name: nginx-container 53 | image: amsy810/echo-nginx:v2.0 54 | -------------------------------------------------------------------------------- /samples/chapter13/sample-aggregated-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: sub-clusterrole1 6 | labels: 7 | app: sample-rbac 8 | rules: 9 | - apiGroups: ["apps"] 10 | resources: ["deployments"] 11 | verbs: ["get"] 12 | --- 13 | apiVersion: rbac.authorization.k8s.io/v1 14 | kind: ClusterRole 15 | metadata: 16 | name: sub-clusterrole2 17 | labels: 18 | app: sample-rbac 19 | rules: 20 | - apiGroups: [""] 21 | resources: ["services"] 22 | verbs: ["get"] 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: ClusterRole 26 | metadata: 27 | name: sample-aggregated-clusterrole 28 | aggregationRule: 29 | clusterRoleSelectors: 30 | - matchLabels: 31 | app: sample-rbac 32 | rules: 33 | - apiGroups: [""] 34 | resources: ["pods"] 35 | verbs: ["get"] 36 | -------------------------------------------------------------------------------- /samples/chapter13/sample-capabilities.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-capabilities 5 | spec: 6 | containers: 7 | - name: tools-container 8 | image: amsy810/tools:v2.0 9 | securityContext: 10 | capabilities: 11 | add: ["SYS_ADMIN"] 12 | drop: ["AUDIT_WRITE"] 13 | -------------------------------------------------------------------------------- /samples/chapter13/sample-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: sample-clusterrole 5 | rules: 6 | - apiGroups: 7 | - apps 8 | - extensions 9 | resources: 10 | - replicasets 11 | - deployments 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - nonResourceURLs: 17 | - /healthz 18 | - /healthz/* 19 | - /version 20 | verbs: 21 | - get 22 | -------------------------------------------------------------------------------- /samples/chapter13/sample-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: sample-clusterrolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: sample-clusterrole 9 | subjects: 10 | - kind: ServiceAccount 11 | name: sample-serviceaccount 12 | namespace: default 13 | -------------------------------------------------------------------------------- /samples/chapter13/sample-fsgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-fsgroup 5 | spec: 6 | securityContext: 7 | fsGroup: 1001 8 | containers: 9 | - image: nginx:1.16 10 | name: nginx-container 11 | volumeMounts: 12 | - mountPath: /cache 13 | name: cache-volume 14 | volumes: 15 | - name: cache-volume 16 | emptyDir: {} 17 | -------------------------------------------------------------------------------- /samples/chapter13/sample-ipblock-ingress-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: sample-ipblock-ingress-networkpolicy 5 | namespace: nptest 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | app: np4 10 | policyTypes: 11 | - Ingress 12 | ingress: 13 | - from: 14 | - ipBlock: 15 | cidr: 10.12.1.16/32 # sample-pod-np1のPod IPアドレスに書き換えてください 16 | ports: 17 | - protocol: TCP 18 | port: 80 19 | -------------------------------------------------------------------------------- /samples/chapter13/sample-kubectl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-kubectl 5 | spec: 6 | serviceAccountName: sample-serviceaccount 7 | containers: 8 | - name: kubectl-container 9 | image: lachlanevenson/k8s-kubectl:v1.18.2 10 | command: ["sleep", "86400"] 11 | -------------------------------------------------------------------------------- /samples/chapter13/sample-namespaceselector-ingress-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: sample-namespaceselector-ingress-networkpolicy 5 | namespace: nptest 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | app: np3 10 | policyTypes: 11 | - Ingress 12 | ingress: 13 | - from: 14 | - namespaceSelector: 15 | matchLabels: 16 | ns: default 17 | ports: 18 | - protocol: TCP 19 | port: 80 20 | -------------------------------------------------------------------------------- /samples/chapter13/sample-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: sample-networkpolicy 5 | namespace: default # NetworkPolicyを作成するNamespaceを指定 6 | spec: 7 | podSelector: 8 | # 設定する対象のPodをここに書く 9 | # ラベルセレクタなので、複数のPodを対象にできる 10 | policyTypes: 11 | - Ingress # Ingressルールを作成する場合明示 12 | - Egress # Egressルールを作成する場合明示 13 | ingress: 14 | - from: 15 | # Ingressルールをここに書く(Egressルールと形式は同じ) 16 | ports: 17 | # このIngressルールで許可する受信Port番号とプロトコルを書く 18 | egress: 19 | - to: 20 | # Egressルールをここに書く(Ingressルールと形式は同じ) 21 | ports: 22 | # このEgressルールで許可する宛先Port番号とプロトコルを書く 23 | -------------------------------------------------------------------------------- /samples/chapter13/sample-nonroot.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-nonroot 5 | spec: 6 | securityContext: 7 | runAsNonRoot: true 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | -------------------------------------------------------------------------------- /samples/chapter13/sample-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | -------------------------------------------------------------------------------- /samples/chapter13/sample-podpreset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: settings.k8s.io/v1alpha1 2 | kind: PodPreset 3 | metadata: 4 | name: sample-podpreset 5 | namespace: default 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: podpreset 10 | env: 11 | - name: SAMPLE_ENV 12 | value: "SAMPLE_VALUE" 13 | volumeMounts: 14 | - mountPath: /cache 15 | name: cache-volume 16 | volumes: 17 | - name: cache-volume 18 | emptyDir: {} 19 | -------------------------------------------------------------------------------- /samples/chapter13/sample-podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: policy/v1beta1 2 | kind: PodSecurityPolicy 3 | metadata: 4 | name: sample-podsecuritypolicy 5 | spec: 6 | privileged: false 7 | runAsUser: 8 | rule: RunAsAny 9 | allowPrivilegeEscalation: true 10 | allowedCapabilities: 11 | - '*' 12 | allowedHostPaths: 13 | - pathPrefix: "/etc" 14 | fsGroup: 15 | rule: RunAsAny 16 | supplementalGroups: 17 | rule: RunAsAny 18 | seLinux: 19 | rule: RunAsAny 20 | volumes: 21 | - '*' 22 | -------------------------------------------------------------------------------- /samples/chapter13/sample-podselector-ingress-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: sample-podselector-ingress-networkpolicy 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | app: np2 9 | policyTypes: 10 | - Ingress 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | app: np1 16 | ports: 17 | - protocol: TCP 18 | port: 80 19 | -------------------------------------------------------------------------------- /samples/chapter13/sample-preset-fail-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-preset-fail-pod 5 | labels: 6 | app: podpreset 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | env: 12 | - name: SAMPLE_ENV 13 | value: CONFLICT_VALUE 14 | -------------------------------------------------------------------------------- /samples/chapter13/sample-preset-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-preset-pod 5 | annotations: 6 | podpreset.admission.kubernetes.io/exclude: "true" 7 | labels: 8 | app: podpreset 9 | spec: 10 | containers: 11 | - name: nginx-container 12 | image: nginx:1.16 13 | -------------------------------------------------------------------------------- /samples/chapter13/sample-privileged.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-privileged 5 | spec: 6 | containers: 7 | - name: nginx-container 8 | image: nginx:1.16 9 | securityContext: 10 | privileged: true 11 | -------------------------------------------------------------------------------- /samples/chapter13/sample-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: sample-role 5 | namespace: default 6 | rules: 7 | - apiGroups: 8 | - apps 9 | - extensions 10 | resources: 11 | - replicasets 12 | - deployments 13 | - deployments/scale 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /samples/chapter13/sample-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: sample-rolebinding 5 | namespace: default 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: sample-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: sample-serviceaccount 13 | namespace: default 14 | -------------------------------------------------------------------------------- /samples/chapter13/sample-rootfile-readonly.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-rootfile-readonly 5 | spec: 6 | containers: 7 | - name: tools-container 8 | image: amsy810/tools:v2.0 9 | securityContext: 10 | readOnlyRootFilesystem: true 11 | -------------------------------------------------------------------------------- /samples/chapter13/sample-rs-podsecuritypolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: sample-rs-podsecuritypolicy 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | serviceAccountName: psp-test # PodSecurityPolicyが利用可能なServiceAccount 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.16 19 | -------------------------------------------------------------------------------- /samples/chapter13/sample-rs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: sample-rs 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter13/sample-runuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-runuser 5 | spec: 6 | securityContext: 7 | runAsUser: 65534 8 | runAsGroup: 65534 9 | supplementalGroups: 10 | - 1001 11 | - 1002 12 | containers: 13 | - name: tools-container 14 | image: amsy810/tools:v2.0 15 | -------------------------------------------------------------------------------- /samples/chapter13/sample-serviceaccount-noautomount-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-serviceaccount-noautomount-pod 5 | namespace: default 6 | spec: 7 | serviceAccountName: sample-serviceaccount-noautomount 8 | automountServiceAccountToken: true 9 | containers: 10 | - name: nginx-container 11 | image: nginx:1.16 12 | -------------------------------------------------------------------------------- /samples/chapter13/sample-serviceaccount-noautomount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: sample-serviceaccount-noautomount 5 | namespace: default 6 | automountServiceAccountToken: false 7 | -------------------------------------------------------------------------------- /samples/chapter13/sample-serviceaccount-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-serviceaccount-pod 5 | namespace: default 6 | spec: 7 | serviceAccountName: sample-serviceaccount 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | -------------------------------------------------------------------------------- /samples/chapter13/sample-serviceaccount-pullsecret-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-serviceaccount-pullsecret-pod 5 | spec: 6 | serviceAccountName: sample-serviceaccount-pullsecret 7 | containers: 8 | - name: nginx-container 9 | image: nginx:1.16 10 | -------------------------------------------------------------------------------- /samples/chapter13/sample-serviceaccount-pullsecret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: sample-serviceaccount-pullsecret 5 | imagePullSecrets: 6 | - name: sample-registry-auth 7 | -------------------------------------------------------------------------------- /samples/chapter13/sample-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: sample-serviceaccount 5 | namespace: default 6 | -------------------------------------------------------------------------------- /samples/chapter13/sample-sysctl-annotation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-sysctl-annotation 5 | annotations: 6 | security.alpha.kubernetes.io/sysctls: kernel.shm_rmid_forced=1 7 | security.alpha.kubernetes.io/unsafe-sysctls: net.core.somaxconn="12345" 8 | spec: 9 | containers: 10 | - name: tools-container 11 | image: amsy810/tools:v2.0 12 | -------------------------------------------------------------------------------- /samples/chapter13/sample-sysctl-initcontainer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-sysctl-initcontainer 5 | spec: 6 | initContainers: 7 | - name: initialize-sysctl 8 | image: busybox:1.27 9 | command: 10 | - /bin/sh 11 | - -c 12 | - | 13 | sysctl -w net.core.somaxconn=12345 14 | securityContext: 15 | privileged: true 16 | containers: 17 | - name: tools-container 18 | image: amsy810/tools:v2.0 19 | -------------------------------------------------------------------------------- /samples/chapter13/sample-sysctl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-sysctl 5 | spec: 6 | securityContext: 7 | sysctls: 8 | - name: net.core.somaxconn 9 | value: "12345" 10 | containers: 11 | - name: tools-container 12 | image: amsy810/tools:v2.0 13 | -------------------------------------------------------------------------------- /samples/chapter13/sealedsecret/sample-db-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: sample-db-auth 5 | type: Opaque 6 | data: 7 | username: cm9vdA== # root 8 | password: cm9vdHBhc3N3b3Jk # rootpassword 9 | -------------------------------------------------------------------------------- /samples/chapter14/helm/values.yaml: -------------------------------------------------------------------------------- 1 | wordpressUsername: sample-user 2 | wordpressPassword: sample-pass 3 | wordpressBlogName: "Sample BLOG" 4 | persistence: 5 | size: 5Gi 6 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/commonmeta-sample/kustomization.yaml: -------------------------------------------------------------------------------- 1 | commonLabels: 2 | label1: label1-val 3 | commonAnnotations: 4 | annotation1: annotation1-val 5 | resources: 6 | - sample-deployment.yaml 7 | - sample-lb.yaml 8 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/commonmeta-sample/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/commonmeta-sample/sample-lb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-lb 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | nodePort: 30082 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/generate-sample/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - sample-deployment.yaml 3 | configMapGenerator: 4 | - name: generated-configmap 5 | literals: 6 | - KEY1=VAL1 7 | files: 8 | - ./sample.txt 9 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/generate-sample/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | envFrom: 19 | - configMapRef: 20 | name: generated-configmap 21 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/generate-sample/sample.txt: -------------------------------------------------------------------------------- 1 | This is testfile. 2 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/image-sample/kustomization.yaml: -------------------------------------------------------------------------------- 1 | images: 2 | - name: nginx 3 | newName: amsy810/echo-nginx 4 | newTag: v2.0 5 | resources: 6 | - sample-deployment.yaml 7 | - sample-lb.yaml 8 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/image-sample/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/image-sample/sample-lb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-lb 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | nodePort: 30082 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/name-sample/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namePrefix: prefix- 2 | nameSuffix: -suffix 3 | resources: 4 | - sample-deployment.yaml 5 | - sample-lb.yaml 6 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/name-sample/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/name-sample/sample-lb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-lb 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | nodePort: 30082 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/namespace-sample/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: sample-namespace 2 | resources: 3 | - sample-deployment.yaml 4 | - sample-lb.yaml 5 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/namespace-sample/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/namespace-sample/sample-lb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-lb 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | nodePort: 30082 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/production/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../resources-sample/ 3 | patchesStrategicMerge: 4 | - ./patch-replicas.yaml 5 | images: 6 | - name: nginx 7 | newTag: production 8 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/production/patch-replicas.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 100 7 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/resources-sample/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - sample-deployment.yaml 3 | - sample-lb.yaml 4 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/resources-sample/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/resources-sample/sample-lb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-lb 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | nodePort: 30082 13 | selector: 14 | app: sample-app 15 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/role-sample/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: sample-namespace 2 | resources: 3 | - sample-rolebinding.yaml 4 | - sample-role.yaml 5 | - sample-serviceaccount.yaml 6 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/role-sample/sample-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: sample-role 5 | namespace: default 6 | rules: 7 | - apiGroups: 8 | - apps 9 | - extensions 10 | resources: 11 | - replicasets 12 | - deployments 13 | - deployments/scale 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/role-sample/sample-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: sample-rolebinding 5 | namespace: default 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: sample-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: sample-serviceaccount 13 | namespace: default 14 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/role-sample/sample-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: sample-serviceaccount 5 | namespace: default 6 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/staging/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../resources-sample/ 3 | patchesStrategicMerge: 4 | - ./patch-replicas.yaml 5 | images: 6 | - name: nginx 7 | newTag: staging 8 | -------------------------------------------------------------------------------- /samples/chapter14/kustomize/staging/patch-replicas.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 1 7 | -------------------------------------------------------------------------------- /samples/chapter15/datadog-a.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: dp1 6 | spec: 7 | replicas: 3 8 | selector: 9 | matchLabels: 10 | app: abtest 11 | template: 12 | metadata: 13 | labels: 14 | app: abtest 15 | spec: 16 | containers: 17 | - name: nginx-container 18 | image: nginx:1.16 19 | --- 20 | apiVersion: v1 21 | kind: Service 22 | metadata: 23 | name: ab-endpoint 24 | spec: 25 | type: LoadBalancer 26 | ports: 27 | - name: "http-port" 28 | protocol: "TCP" 29 | port: 80 30 | targetPort: 80 31 | selector: 32 | app: abtest 33 | -------------------------------------------------------------------------------- /samples/chapter15/datadog-b.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: dp2 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | app: abtest 10 | template: 11 | metadata: 12 | labels: 13 | app: abtest 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.17 18 | -------------------------------------------------------------------------------- /samples/chapter15/datadog_values.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | apiKey: XXXXXXXXXXXXXXXXXXXXXXXX 3 | appKey: YYYYYYYYYYYYYYYYYYYYYYYY 4 | tags: "project:sample,env:dev" 5 | clusterAgent: 6 | enabled: true 7 | metricsProvider: 8 | enabled: true 9 | processAgent: 10 | enabled: true 11 | processCollection: true 12 | collectEvents: true 13 | leaderElection: true 14 | -------------------------------------------------------------------------------- /samples/chapter15/prometheus_lb_values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MasayaAoyama/kubernetes-perfect-guide/43112df32e54df98f92bf69da4dbb2f0f3e29d31/samples/chapter15/prometheus_lb_values.yaml -------------------------------------------------------------------------------- /samples/chapter16/datadog_with_logs_values.yaml: -------------------------------------------------------------------------------- 1 | datadog: 2 | apiKey: XXXXXXXXXXXXXXXXXXXXXXXX 3 | appKey: YYYYYYYYYYYYYYYYYYYYYYYY 4 | tags: "project:sample,env:dev" 5 | clusterAgent: 6 | enabled: true 7 | metricsProvider: 8 | enabled: true 9 | processAgent: 10 | enabled: true 11 | processCollection: true 12 | collectEvents: true 13 | leaderElection: true 14 | logs: # 追加 15 | enabled: true # 追加 16 | containerCollectAll: true # 追加 17 | configContainerCollectAll: true # 追加 18 | -------------------------------------------------------------------------------- /samples/chapter17/argocd/manifests/sample-cd-clusterip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-cd-clusterip 5 | spec: 6 | type: ClusterIP 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | selector: 13 | app: sample-cd-app 14 | -------------------------------------------------------------------------------- /samples/chapter17/argocd/manifests/sample-cd-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-cd-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-cd-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-cd-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: amsy810/echo-nginx:v2.0 18 | -------------------------------------------------------------------------------- /samples/chapter17/argocd/sample-cd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: sample-cd 5 | namespace: argocd 6 | spec: 7 | project: default 8 | # 適用するマニフェスト 9 | source: 10 | repoURL: https://github.com/MasayaAoyama/kubernetes-perfect-guide.git 11 | targetRevision: 2nd-edition 12 | path: samples/chapter17/argocd/manifests 13 | directory: 14 | recurse: true 15 | # 適用先(デフォルトは自分自身のクラスタ) 16 | destination: 17 | server: https://kubernetes.default.svc 18 | namespace: default 19 | # 同期に関する設定 20 | syncPolicy: 21 | automated: 22 | prune: true 23 | selfHeal: true 24 | -------------------------------------------------------------------------------- /samples/chapter17/conftest/fail-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: fail-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | role: fail-app 10 | template: 11 | metadata: 12 | labels: 13 | role: fail-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter17/conftest/policy/sample.rego: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | deny[msg] { 4 | input.kind == "Deployment" 5 | not (input.spec.selector.matchLabels.app == input.spec.template.metadata.labels.app) 6 | msg = sprintf("Pod Template と Selector には同じ app ラベルを付与してください: %s", [input.metadata.name]) 7 | } 8 | 9 | -------------------------------------------------------------------------------- /samples/chapter17/conftest/success-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: success-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: success-app 10 | template: 11 | metadata: 12 | labels: 13 | app: success-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter17/kubeval/fail-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: fail-deployment 5 | annotations: 6 | max-replicas: 100 7 | spec: 8 | replicas: 3 9 | selector: 10 | matchLabels: 11 | role: fail-app 12 | template: 13 | metadata: 14 | labels: 15 | role: fail-app 16 | spec: 17 | containers: 18 | - name: nginx-container 19 | image: nginx:1.16 20 | -------------------------------------------------------------------------------- /samples/chapter17/opa-gatekeeper/requiredlabels/constraint.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: constraints.gatekeeper.sh/v1beta1 2 | kind: K8sRequiredLabels 3 | metadata: 4 | name: pod-has-app-label 5 | spec: 6 | match: 7 | kinds: 8 | - apiGroups: [""] 9 | kinds: ["Pod"] 10 | parameters: 11 | message: "All namespaces must have an `app` label" 12 | labels: 13 | - key: app 14 | allowedRegex: "^[a-zA-Z]+$" 15 | -------------------------------------------------------------------------------- /samples/chapter17/opa-gatekeeper/requiredlabels/example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sample-pod 5 | labels: 6 | role: app 7 | spec: 8 | containers: 9 | - name: nginx-container 10 | image: nginx:1.16 11 | -------------------------------------------------------------------------------- /samples/chapter17/opa-gatekeeper/requiredlabels/template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: templates.gatekeeper.sh/v1beta1 2 | kind: ConstraintTemplate 3 | metadata: 4 | name: k8srequiredlabels 5 | spec: 6 | crd: 7 | spec: 8 | names: 9 | kind: K8sRequiredLabels 10 | validation: 11 | # Schema for the `parameters` field 12 | openAPIV3Schema: 13 | properties: 14 | message: 15 | type: string 16 | labels: 17 | type: array 18 | items: 19 | type: object 20 | properties: 21 | key: 22 | type: string 23 | allowedRegex: 24 | type: string 25 | targets: 26 | - target: admission.k8s.gatekeeper.sh 27 | rego: | 28 | package k8srequiredlabels 29 | 30 | get_message(parameters, _default) = msg { 31 | not parameters.message 32 | msg := _default 33 | } 34 | 35 | get_message(parameters, _default) = msg { 36 | msg := parameters.message 37 | } 38 | 39 | violation[{"msg": msg, "details": {"missing_labels": missing}}] { 40 | provided := {label | input.review.object.metadata.labels[label]} 41 | required := {label | label := input.parameters.labels[_].key} 42 | missing := required - provided 43 | count(missing) > 0 44 | def_msg := sprintf("you must provide labels: %v", [missing]) 45 | msg := get_message(input.parameters, def_msg) 46 | } 47 | 48 | violation[{"msg": msg}] { 49 | value := input.review.object.metadata.labels[key] 50 | expected := input.parameters.labels[_] 51 | expected.key == key 52 | # do not match if allowedRegex is not defined, or is an empty string 53 | expected.allowedRegex != "" 54 | not re_match(expected.allowedRegex, value) 55 | def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex]) 56 | msg := get_message(input.parameters, def_msg) 57 | } 58 | -------------------------------------------------------------------------------- /samples/chapter17/opa-gatekeeper/uniqueserviceselector/constraint.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: constraints.gatekeeper.sh/v1beta1 2 | kind: K8sUniqueServiceSelector 3 | metadata: 4 | name: unique-service-selector 5 | -------------------------------------------------------------------------------- /samples/chapter17/opa-gatekeeper/uniqueserviceselector/example1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: test-service1 5 | spec: 6 | ports: 7 | - port: 443 8 | selector: 9 | app: sample-app 10 | project: a 11 | -------------------------------------------------------------------------------- /samples/chapter17/opa-gatekeeper/uniqueserviceselector/example2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: test-service2 5 | spec: 6 | ports: 7 | - port: 443 8 | selector: 9 | app: sample-app 10 | project: a 11 | -------------------------------------------------------------------------------- /samples/chapter17/opa-gatekeeper/uniqueserviceselector/sync-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.gatekeeper.sh/v1alpha1 2 | kind: Config 3 | metadata: 4 | name: config 5 | namespace: gatekeeper-system 6 | spec: 7 | sync: 8 | syncOnly: 9 | - group: "" 10 | version: v1 11 | kind: Service 12 | -------------------------------------------------------------------------------- /samples/chapter17/opa-gatekeeper/uniqueserviceselector/template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: templates.gatekeeper.sh/v1beta1 2 | kind: ConstraintTemplate 3 | metadata: 4 | name: k8suniqueserviceselector 5 | spec: 6 | crd: 7 | spec: 8 | names: 9 | kind: K8sUniqueServiceSelector 10 | targets: 11 | - target: admission.k8s.gatekeeper.sh 12 | rego: | 13 | package k8suniqueserviceselector 14 | 15 | make_apiversion(kind) = apiVersion { 16 | g := kind.group 17 | v := kind.version 18 | g != "" 19 | apiVersion = sprintf("%v/%v", [g, v]) 20 | } 21 | 22 | make_apiversion(kind) = apiVersion { 23 | kind.group == "" 24 | apiVersion = kind.version 25 | } 26 | 27 | identical(obj, review) { 28 | obj.metadata.namespace == review.namespace 29 | obj.metadata.name == review.name 30 | obj.kind == review.kind.kind 31 | obj.apiVersion == make_apiversion(review.kind) 32 | } 33 | 34 | flatten_selector(obj) = flattened { 35 | selectors := [s | s = concat(":", [key, val]); val = obj.spec.selector[key]] 36 | flattened := concat(",", sort(selectors)) 37 | } 38 | 39 | violation[{"msg": msg}] { 40 | input.review.kind.kind == "Service" 41 | input.review.kind.version == "v1" 42 | input.review.kind.group == "" 43 | input_selector := flatten_selector(input.review.object) 44 | other := data.inventory.namespace[namespace][_][_][name] 45 | not identical(other, input.review) 46 | other_selector := flatten_selector(other) 47 | input_selector == other_selector 48 | msg := sprintf("same selector as service <%v> in namespace <%v>", [name, namespace]) 49 | } 50 | -------------------------------------------------------------------------------- /samples/chapter17/skaffold/Dockerfile: -------------------------------------------------------------------------------- 1 | # Stage 1 2 | FROM golang:1.14.1-alpine3.11 as builder 3 | COPY ./main.go ./ 4 | RUN go build -o /go-app ./main.go 5 | 6 | # Stage 2 7 | FROM alpine:3.11 8 | EXPOSE 8080 9 | COPY --from=builder /go-app . 10 | ENTRYPOINT ["./go-app"] 11 | -------------------------------------------------------------------------------- /samples/chapter17/skaffold/dev-skaffold-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: dev-skaffold-deployment 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | app: dev-sample-skaffold 10 | template: 11 | metadata: 12 | labels: 13 | app: dev-sample-skaffold 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: DOCKERHUB_USER/sample-skaffold 18 | -------------------------------------------------------------------------------- /samples/chapter17/skaffold/dev-skaffold-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dev-skaffold-service 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 80 11 | targetPort: 8080 12 | selector: 13 | app: sample-skaffold 14 | -------------------------------------------------------------------------------- /samples/chapter17/skaffold/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "net/http" 6 | ) 7 | 8 | func handler(w http.ResponseWriter, r *http.Request) { 9 | fmt.Fprintf(w, "Hello, Skaffold") 10 | } 11 | 12 | func main() { 13 | http.HandleFunc("/", handler) 14 | http.ListenAndServe(":8080", nil) 15 | } 16 | -------------------------------------------------------------------------------- /samples/chapter17/skaffold/profiles-skaffold.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: skaffold/v2alpha3 2 | kind: Config 3 | build: 4 | # ビルドしたDockerイメージの保存先とイメージ名 5 | artifacts: 6 | - image: DOCKERHUB_USER/sample-skaffold 7 | docker: 8 | dockerfile: ./Dockerfile 9 | tagPolicy: 10 | dateTime: {} 11 | profiles: 12 | # GKE環境に本番用のマニフェストを使用するプロファイル 13 | - name: prdProfile 14 | build: 15 | local: 16 | push: true # イメージのプッシュを行う 17 | deploy: 18 | kubeContext: gke_PROJECT_asia-northeast1-a_k8s 19 | kubectl: 20 | manifests: 21 | # 適用するマニフェストのファイル名 22 | - skaffold-* 23 | # Docker Desktop環境に開発用のマニフェストを使用するプロファイル 24 | - name: devProfile 25 | build: 26 | local: 27 | push: false # イメージのプッシュを行わない 28 | deploy: 29 | kubeContext: docker-desktop 30 | kubectl: 31 | manifests: 32 | # 適用するマニフェストのファイル名 33 | - dev-skaffold-* 34 | -------------------------------------------------------------------------------- /samples/chapter17/skaffold/skaffold-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: skaffold-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-skaffold 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-skaffold 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: DOCKERHUB_USER/sample-skaffold 18 | -------------------------------------------------------------------------------- /samples/chapter17/skaffold/skaffold-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: skaffold-service 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 80 11 | targetPort: 8080 12 | selector: 13 | app: sample-skaffold 14 | -------------------------------------------------------------------------------- /samples/chapter17/skaffold/skaffold.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: skaffold/v2alpha3 2 | kind: Config 3 | build: 4 | # ビルドしたDockerイメージの保存先とイメージ名 5 | artifacts: 6 | - image: DOCKERHUB_USER/sample-skaffold 7 | docker: 8 | dockerfile: ./Dockerfile 9 | tagPolicy: 10 | dateTime: {} 11 | local: 12 | push: true 13 | deploy: 14 | kubectl: 15 | manifests: 16 | # 適用するマニフェストのファイル名 17 | - skaffold-* 18 | -------------------------------------------------------------------------------- /samples/chapter17/skaffold/skip-push-skaffold.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: skaffold/v2alpha3 2 | kind: Config 3 | build: 4 | # ビルドしたDockerイメージの保存先とイメージ名 5 | artifacts: 6 | - image: DOCKERHUB_USER/sample-skaffold 7 | docker: 8 | dockerfile: ./Dockerfile 9 | tagPolicy: 10 | dateTime: {} 11 | local: 12 | push: false # イメージのプッシュを行わない 13 | deploy: 14 | kubectl: 15 | manifests: 16 | # 適用するマニフェストのファイル名 17 | - skaffold-* 18 | -------------------------------------------------------------------------------- /samples/chapter17/telepresence/replace-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: replace-deployment 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | app: replace-app 10 | template: 11 | metadata: 12 | labels: 13 | app: replace-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: amsy810/echo-nginx:v2.0 18 | -------------------------------------------------------------------------------- /samples/chapter17/telepresence/sample-clusterip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: sample-clusterip 5 | spec: 6 | type: ClusterIP 7 | ports: 8 | - name: "http-port" 9 | protocol: "TCP" 10 | port: 8080 11 | targetPort: 80 12 | selector: 13 | app: sample-app 14 | -------------------------------------------------------------------------------- /samples/chapter17/telepresence/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: amsy810/echo-nginx:v2.0 18 | -------------------------------------------------------------------------------- /samples/chapter18/sample-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sample-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: sample-app 10 | template: 11 | metadata: 12 | labels: 13 | app: sample-app 14 | spec: 15 | containers: 16 | - name: nginx-container 17 | image: nginx:1.16 18 | -------------------------------------------------------------------------------- /samples/chapter18/sample-istio-fault-injection-abort.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | fault: 14 | abort: 15 | percentage: 16 | value: 50 17 | httpStatus: 500 18 | -------------------------------------------------------------------------------- /samples/chapter18/sample-istio-fault-injection-delay.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v1 13 | fault: 14 | delay: 15 | percentage: 16 | value: 50 17 | fixedDelay: 2.000s 18 | -------------------------------------------------------------------------------- /samples/chapter18/sample-istio-specific-request.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: reviews 5 | spec: 6 | hosts: 7 | - reviews 8 | http: 9 | - route: 10 | - destination: 11 | host: reviews 12 | subset: v2 13 | match: 14 | - headers: 15 | end-user: 16 | exact: test 17 | - route: 18 | - destination: 19 | host: reviews 20 | subset: v1 21 | -------------------------------------------------------------------------------- /samples/chapter19/sample-cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: stable.example.com/v1 2 | kind: Database 3 | metadata: 4 | name: my-mysql 5 | spec: 6 | dbType: mysql 7 | diskSize: 100 8 | -------------------------------------------------------------------------------- /samples/chapter19/sample-crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: databases.stable.example.com 5 | spec: 6 | group: stable.example.com 7 | # Namespaceごとのリソースかクラスタ横断のリソースか 8 | scope: Namespaced 9 | names: 10 | plural: databases 11 | singular: database 12 | kind: Database 13 | shortNames: 14 | - db 15 | versions: 16 | - name: v1 17 | served: true 18 | storage: true 19 | # 各フィールドのバリデーションを設定 20 | schema: 21 | openAPIV3Schema: 22 | type: object 23 | properties: 24 | spec: 25 | type: object 26 | properties: 27 | dbType: 28 | type: string 29 | pattern: '^(mysql|mariadb|postgresql)$' 30 | default: mysql 31 | diskSize: 32 | type: integer 33 | minimum: 10 34 | maximum: 1000 35 | default: 20 36 | #「kubectl get」実行時に表示するカラムの設定 37 | additionalPrinterColumns: 38 | - name: Type 39 | type: string 40 | description: Database type (mysql|mariadb|postgresql) 41 | jsonPath: .spec.dbType 42 | - name: DiskSize 43 | type: integer 44 | description: Database disk size 45 | jsonPath: .spec.diskSize 46 | - name: Age 47 | type: date 48 | jsonPath: .metadata.creationTimestamp 49 | --------------------------------------------------------------------------------