├── Chapter02 ├── README.md ├── docker-compose.yml ├── kiosk │ ├── Dockerfile │ ├── app.py │ └── requirements.txt └── recorder │ ├── Dockerfile │ ├── process.py │ └── requirements.txt ├── Chapter03 ├── 3-2-1_pod.yaml ├── 3-2-2_RS_RC │ ├── 3-2-2_rc.yaml │ ├── 3-2-2_rc_self_created_pod.yaml │ ├── 3-2-2_rc_updated.yaml │ └── 3-2-2_rs.yaml ├── 3-2-3_ConfigMap │ ├── 3-2-3_configmap.yaml │ ├── 3-2-3_pod_ev_configmap.yaml │ ├── 3-2-3_pod_vol_configmap.yaml │ └── config │ │ ├── app.properties │ │ └── database.properties ├── 3-2-3_Deployments │ ├── 3-2-3_deployments.yaml │ └── 3-2-3_deployments_rollingupdate.yaml ├── 3-2-3_Secret │ ├── 3-2-3_pod_ev_secret.yaml │ ├── 3-2-3_pod_vol_secret.yaml │ ├── 3-2-3_secret.yaml │ └── mypassword.txt ├── 3-2-3_Service │ ├── 3-2-3_clusterip_chk.yaml │ ├── 3-2-3_clusterip_dns_chk.yaml │ ├── 3-2-3_nodeport.yaml │ ├── 3-2-3_proxy-chk.yaml │ ├── 3-2-3_rc1.yaml │ ├── 3-2-3_rc2.yaml │ ├── 3-2-3_service.yaml │ ├── 3-2-3_service_wo_selector_endpoints.yaml │ └── 3-2-3_service_wo_selector_srv.yaml └── 3-3_kiosk │ ├── config.yaml │ ├── kiosk-example.yaml │ ├── mysql.yaml │ ├── recorder-example.yaml │ ├── redis.yaml │ └── secret.yaml ├── Chapter04 ├── 4-1_volume │ ├── elasticsearch │ │ ├── es-coordinator.yml │ │ ├── es-data.yml │ │ ├── es-master.yml │ │ └── es-storageclass.yml │ ├── grafana-pv.yml │ ├── grafana.yml │ ├── pv-gce-pd-1.yml │ ├── pvc-1.yml │ ├── pvc-aws.yml │ ├── storageclass-aws.yml │ ├── tomcat-logstash.yaml │ ├── tomcat-nginx.yml │ ├── tomcat-pv.yml │ └── tomcat-pvc.yml └── 4-2_resource │ ├── besteffort-explicit.yml │ ├── besteffort-implicit.yml │ ├── burstable.yml │ ├── burstable2.yml │ ├── guaranteed-fail.yml │ ├── guaranteed-fail2.yml │ └── guaranteed.yml ├── Chapter05 ├── 5-1-1_pod.yaml ├── 5-2-1_echoserver.yaml ├── 5-2-1_ingress.yaml ├── 5-2-1_loadbalancer.yaml ├── 5-2-1_nginx.yaml ├── 5-3-1_networkpolicy.yaml ├── 5-3-1_np_allowall.yaml └── 5-3-1_np_denyall.yaml ├── Chapter06 ├── 6-1_prometheus │ ├── exporters │ │ └── prom-node-exporter.yml │ ├── grafana │ │ ├── grafana-svc.yml │ │ └── grafana.yml │ ├── kubernetes │ │ ├── kube-dns-metrics-svc.yml │ │ └── self │ │ │ ├── etcd-server.yml │ │ │ ├── kube-controller-manager-metrics-svc.yml │ │ │ └── kube-scheduler-metrics-svc.yml │ ├── monitoring-ns.yml │ └── prometheus │ │ ├── configs │ │ ├── prom-config-default.yml │ │ └── prom-config-k8s.yml │ │ ├── prom-flags.yml │ │ ├── prom-pvc.yml │ │ ├── prom-sa.yml │ │ ├── prom-svc.yml │ │ └── prom.yml ├── 6-2_logging-sidecar.yml └── 6-3_efk │ ├── elasticsearch │ ├── es-config.yml │ ├── es-logging.yml │ └── kibana-logging.yml │ ├── fluentd │ ├── fluentd-ds.yml │ └── fluentd-sa.yml │ ├── heapster-eventer │ ├── eventer-only.yml │ └── heapster-eventer.yml │ └── monitoring-ns.yml ├── Chapter07 ├── 7-1_updates │ └── ex-daemonset.yml └── 7-3_on_pods │ ├── graceful_docker │ ├── Dockerfile.exec-sh │ ├── Dockerfile.shell-bash │ ├── Dockerfile.shell-exec │ ├── Dockerfile.shell-sh │ └── app.py │ ├── lifecycle.yml │ └── probe.yml ├── Chapter08 ├── 8-1_namespaces │ ├── 8-1-1_ns1.yml │ ├── 8-1-1_ns2.yml │ ├── 8-1-2_resource_quota.yml │ └── 8-1-3_limit_range.yml ├── 8-3_serviceaccount │ └── 8-3-1_serviceaccount.yml ├── 8-5_authorization │ ├── 8-5-1_ABAC │ │ └── policy.json │ └── 8-5-2_RBAC │ │ ├── 8-5-2_role.yml │ │ └── 8-5-2_rolebinding_user.yml └── 8-6_admission_controller │ ├── 8-6_pod_node_selector.yml │ └── 8-6_pod_tolerations.yml ├── Chapter09 ├── add-record.json ├── change-to-elb.json ├── grafana.yml └── pvc-aws.yml ├── Chapter10 ├── grafana.yml ├── nginx-pod-selector.yml ├── nginx-tomcat-ingress.yaml ├── nginx.yml ├── pvc-gke.yml ├── tomcat-pod-selector.yml └── tomcat.yml ├── LICENSE └── README.md /Chapter02/README.md: -------------------------------------------------------------------------------- 1 | This is an application to demonstrate how components interact with each others. 2 | 3 | *Kiosk* is a service with three APIs, and it connect to a *redis* to cache its tickets. Tickets are set to zero by default, and they can be set with `POST /tickets`: 4 | ``` 5 | $ curl -XPOST -F 'value=10' /tickets 6 | ``` 7 | Our kiosk now can start its business. Use `GET /tickets` to know how many tickets left, And use `POST /buy` to consume one ticket. 8 | 9 | ``` 10 | // Get tickets 11 | $ curl -XGET /tickets 12 | // Buy one ticket 13 | $ curl -XPOST /buy 14 | ``` 15 | -------------------------------------------------------------------------------- /Chapter02/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | kiosk-example: 4 | image: kiosk-example 5 | build: ./kiosk 6 | ports: 7 | - "5000:5000" 8 | environment: 9 | REDIS_HOST: lcredis 10 | recorder-example: 11 | image: recorder-example 12 | build: ./recorder 13 | environment: 14 | REDIS_HOST: lcredis 15 | MYSQL_HOST: lmysql 16 | MYSQL_USER: root 17 | MYSQL_ROOT_PASSWORD: mysqlpass 18 | lcredis: 19 | image: redis 20 | ports: 21 | - "6379" 22 | lmysql: 23 | image: mysql:5.7 24 | environment: 25 | MYSQL_ROOT_PASSWORD: mysqlpass 26 | MYSQL_DATABASE: db 27 | MYSQL_USER: user 28 | MYSQL_PASSWORD: pass 29 | volumes: 30 | - mysql-vol:/var/lib/mysql 31 | ports: 32 | - "3306" 33 | volumes: 34 | mysql-vol: -------------------------------------------------------------------------------- /Chapter02/kiosk/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:2-alpine 2 | EXPOSE 5000 3 | WORKDIR /app 4 | CMD ["/usr/local/bin/python", "app.py"] 5 | COPY requirements.txt . 6 | RUN pip install -r requirements.txt 7 | COPY app.py . 8 | ENV REDIS_HOST=localhost \ 9 | REDIS_PORT=6379 \ 10 | REDIS_DB=0 11 | -------------------------------------------------------------------------------- /Chapter02/kiosk/app.py: -------------------------------------------------------------------------------- 1 | import os 2 | from time import time 3 | from flask import Flask, request 4 | from flask_redis import FlaskRedis 5 | 6 | app = Flask(__name__) 7 | app.config['REDIS_URL'] = "redis://{0}:{1}/{2}".format( 8 | os.environ.get('REDIS_HOST', 'localhost'), 9 | os.environ.get('REDIS_PORT', '6379'), 10 | os.environ.get('REDIS_DB', '0') 11 | ) 12 | redis_store = FlaskRedis(app) 13 | 14 | 15 | @app.route('/tickets', methods=['POST']) 16 | def set_tickets(): 17 | new_ticket_counts = request.form.get('value') 18 | if new_ticket_counts is not None: 19 | redis_store.set('tik', new_ticket_counts) 20 | return 'SUCCESS' 21 | else: 22 | return 'NOTHING UPDATED' 23 | 24 | 25 | @app.route('/tickets', methods=['GET']) 26 | def get_tickets(): 27 | return redis_store.get('tik') or '0' 28 | 29 | 30 | @app.route('/buy', methods=['POST']) 31 | def buy_a_ticket(): 32 | with redis_store.pipeline() as pipe: 33 | while True: 34 | try: 35 | ret = 'NO TICKETS' 36 | pipe.watch('tik') 37 | if int(pipe.get('tik') or 0): 38 | pipe.decr('tik') 39 | # send a log to pub chanell 40 | pipe.publish( 41 | 'selling_timestamp', 42 | '{0}'.format(int(1000 * time()))) 43 | ret = 'SUCCESS' 44 | pipe.execute() 45 | break 46 | except Exception as ex: 47 | continue 48 | return ret 49 | 50 | if __name__ == "__main__": 51 | app.run(host="0.0.0.0") 52 | -------------------------------------------------------------------------------- /Chapter02/kiosk/requirements.txt: -------------------------------------------------------------------------------- 1 | flask 2 | flask-redis -------------------------------------------------------------------------------- /Chapter02/recorder/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:2-alpine 2 | WORKDIR /app 3 | CMD ["/usr/local/bin/python", "process.py"] 4 | COPY requirements.txt . 5 | RUN pip install -r requirements.txt 6 | COPY process.py . 7 | ENV REDIS_HOST=localhost \ 8 | REDIS_PORT=6379 \ 9 | REDIS_DB=0 \ 10 | MYSQL_HOST=localhost \ 11 | MYSQL_PORT=3306 -------------------------------------------------------------------------------- /Chapter02/recorder/process.py: -------------------------------------------------------------------------------- 1 | import os 2 | import time 3 | import pymysql 4 | from redis import Redis 5 | 6 | redis_params = { 7 | 'host': os.environ.get('REDIS_HOST', 'localhost'), 8 | 'port': int(os.environ.get('REDIS_PORT', 6379)), 9 | 'db': int(os.environ.get('REDIS_DB', 0)) 10 | } 11 | 12 | mysql_params = { 13 | 'host': os.environ.get('MYSQL_HOST', 'localhost'), 14 | 'user': os.environ.get('MYSQL_USER', 'root'), 15 | 'password': os.environ.get('MYSQL_ROOT_PASSWORD', '') 16 | } 17 | 18 | 19 | def init_mysql(params): 20 | tries = 10 21 | for i in range(tries): 22 | try: 23 | conn = pymysql.connect(**params) 24 | break 25 | except pymysql.err.OperationalError as ex: 26 | time.sleep(5 * (i + 1)) 27 | continue 28 | else: 29 | raise ex 30 | else: 31 | raise RuntimeError("Cannot connet to mysql db") 32 | 33 | conn.query("CREATE DATABASE IF NOT EXISTS kiosk;") 34 | conn.select_db('kiosk') 35 | conn.query("".join(( 36 | "CREATE TABLE IF NOT EXISTS `sellinglog` ( ", 37 | "`id` int(11) NOT NULL AUTO_INCREMENT, ", 38 | "`ts` VARCHAR(16) NOT NULL, PRIMARY KEY (`id`) )", 39 | " ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ;" 40 | ))) 41 | conn.commit() 42 | return conn 43 | 44 | mysql_conn = init_mysql(mysql_params) 45 | r = Redis(**redis_params) 46 | sub = r.pubsub() 47 | sub.subscribe('selling_timestamp') 48 | while True: 49 | for item in sub.listen(): 50 | if item['type'] == 'message': 51 | mysql_conn.query("INSERT INTO sellinglog (`ts`) VALUES ('{0}');".format(item['data'])) 52 | mysql_conn.commit() 53 | -------------------------------------------------------------------------------- /Chapter02/recorder/requirements.txt: -------------------------------------------------------------------------------- 1 | redis 2 | PyMySQL -------------------------------------------------------------------------------- /Chapter03/3-2-1_pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: example 5 | spec: 6 | containers: 7 | - name: web 8 | image: nginx 9 | - name: centos 10 | image: centos 11 | command: ["/bin/sh", "-c", "while : ;do curl http://localhost:80/; sleep 10; done"] 12 | -------------------------------------------------------------------------------- /Chapter03/3-2-2_RS_RC/3-2-2_rc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 2 7 | selector: 8 | project: chapter3 9 | service: web 10 | version: "0.1" 11 | template: 12 | metadata: 13 | name: nginx 14 | labels: 15 | project: chapter3 16 | service: web 17 | version: "0.1" 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: nginx 22 | ports: 23 | - containerPort: 80 24 | -------------------------------------------------------------------------------- /Chapter03/3-2-2_RS_RC/3-2-2_rc_self_created_pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: our-nginx 5 | labels: 6 | project: chapter3 7 | service: web 8 | version: "0.1" 9 | spec: 10 | containers: 11 | - name: nginx 12 | image: nginx 13 | ports: 14 | - containerPort: 80 15 | -------------------------------------------------------------------------------- /Chapter03/3-2-2_RS_RC/3-2-2_rc_updated.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 5 7 | selector: 8 | project: chapter3 9 | service: web 10 | version: "0.1" 11 | template: 12 | metadata: 13 | name: nginx 14 | labels: 15 | project: chapter3 16 | service: web 17 | version: "0.1" 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: nginx 22 | ports: 23 | - containerPort: 80 24 | -------------------------------------------------------------------------------- /Chapter03/3-2-2_RS_RC/3-2-2_rs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: ReplicaSet 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | project: chapter3 10 | matchExpressions: 11 | - {key: version, operator: In, values: ["0.1", "0.2"]} 12 | template: 13 | metadata: 14 | name: nginx 15 | labels: 16 | project: chapter3 17 | service: web 18 | version: "0.1" 19 | spec: 20 | containers: 21 | - name: nginx 22 | image: nginx 23 | ports: 24 | - containerPort: 80 25 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_ConfigMap/3-2-3_configmap.yaml: -------------------------------------------------------------------------------- 1 | # configMap example 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: config-example 6 | data: 7 | database.properties: | 8 | endpoint=k8s.us-east-1.rds.amazonaws.com 9 | port=1521 10 | app.properties: | 11 | name=DevOps-with-Kubernetes 12 | port=4420 13 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_ConfigMap/3-2-3_pod_ev_configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: configmap-ev 5 | spec: 6 | containers: 7 | - name: configmap 8 | image: centos 9 | command: ["/bin/sh", "-c", "while : ;do echo $DATABASE_ENDPOINT; sleep 10; done"] 10 | env: 11 | - name: DATABASE_ENDPOINT 12 | valueFrom: 13 | configMapKeyRef: 14 | name: example 15 | key: database.properties 16 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_ConfigMap/3-2-3_pod_vol_configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: configmap-vol 5 | spec: 6 | containers: 7 | - name: configmap 8 | image: centos 9 | command: ["/bin/sh", "-c", "while : ;do cat /src/app/config/database.properties; sleep 10; done"] 10 | volumeMounts: 11 | - name: config-volume 12 | mountPath: /src/app/config 13 | volumes: 14 | - name: config-volume 15 | configMap: 16 | name: example 17 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_ConfigMap/config/app.properties: -------------------------------------------------------------------------------- 1 | name=DevOps-with-Kubernetes 2 | port=4420 3 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_ConfigMap/config/database.properties: -------------------------------------------------------------------------------- 1 | endpoint=k8s.us-east-1.rds.amazonaws.com 2 | port=1521 3 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Deployments/3-2-3_deployments.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 2 7 | template: 8 | metadata: 9 | labels: 10 | run: nginx 11 | spec: 12 | containers: 13 | - name: nginx 14 | image: nginx:1.12.0 15 | ports: 16 | - containerPort: 80 17 | --- 18 | kind: Service 19 | apiVersion: v1 20 | metadata: 21 | name: nginx 22 | labels: 23 | run: nginx 24 | spec: 25 | selector: 26 | run: nginx 27 | ports: 28 | - protocol: TCP 29 | port: 80 30 | targetPort: 80 31 | name: http 32 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Deployments/3-2-3_deployments_rollingupdate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 2 7 | template: 8 | metadata: 9 | labels: 10 | run: nginx 11 | spec: 12 | containers: 13 | - name: nginx 14 | image: nginx:1.12.0 15 | ports: 16 | - containerPort: 80 17 | minReadySeconds: 3 18 | strategy: 19 | type: RollingUpdate 20 | rollingUpdate: 21 | maxSurge: 1 22 | maxUnavailable: 1 23 | --- 24 | kind: Service 25 | apiVersion: v1 26 | metadata: 27 | name: nginx 28 | labels: 29 | run: nginx 30 | spec: 31 | selector: 32 | run: nginx 33 | ports: 34 | - protocol: TCP 35 | port: 80 36 | targetPort: 80 37 | name: http 38 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Secret/3-2-3_pod_ev_secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: secret-acces-ev 5 | spec: 6 | containers: 7 | - name: centos 8 | image: centos 9 | command: ["/bin/sh", "-c", "while : ;do echo $MY_PASSWORD; sleep 10; done"] 10 | env: 11 | - name: MY_PASSWORD 12 | valueFrom: 13 | secretKeyRef: 14 | name: mypassword 15 | key: mypassword 16 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Secret/3-2-3_pod_vol_secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: secret-access 5 | spec: 6 | containers: 7 | - name: centos 8 | image: centos 9 | command: ["/bin/sh", "-c", "while : ;do cat /secret/password-example; sleep 10; done"] 10 | volumeMounts: 11 | - name: secret-vol 12 | mountPath: /secret 13 | readOnly: true 14 | volumes: 15 | - name: secret-vol 16 | secret: 17 | secretName: mypassword 18 | items: 19 | - key: mypassword 20 | path: password-example 21 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Secret/3-2-3_secret.yaml: -------------------------------------------------------------------------------- 1 | # secret example 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: mypassword 6 | type: Opaque 7 | data: 8 | mypassword: bXlwYXNzd29yZA== 9 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Secret/mypassword.txt: -------------------------------------------------------------------------------- 1 | mypassword -------------------------------------------------------------------------------- /Chapter03/3-2-3_Service/3-2-3_clusterip_chk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: clusterip-chk 5 | spec: 6 | containers: 7 | - name: centos 8 | image: centos 9 | command: ["/bin/sh", "-c", "while : ;do curl http://${NGINX_SERVICE_SERVICE_HOST}:80/; sleep 10; done"] 10 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Service/3-2-3_clusterip_dns_chk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: clusterip-dns-chk 5 | spec: 6 | containers: 7 | - name: centos 8 | image: centos 9 | command: ["/bin/sh", "-c", "while : ;do curl http://nginx-service.default:_http_tcp.nginx-service.default/; sleep 10; done"] 10 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Service/3-2-3_nodeport.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: nginx-nodeport 5 | spec: 6 | type: NodePort 7 | selector: 8 | project: chapter3 9 | service: web 10 | ports: 11 | - protocol: TCP 12 | port: 80 13 | targetPort: 80 14 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Service/3-2-3_proxy-chk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: proxy-chk 5 | spec: 6 | containers: 7 | - name: centos 8 | image: centos 9 | command: ["/bin/sh", "-c", "while : ;do curl -L http://${GOOGLE_PROXY_SERVICE_HOST}:80/; sleep 10; done"] 10 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Service/3-2-3_rc1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: nginx-1.12 5 | spec: 6 | replicas: 2 7 | selector: 8 | project: chapter3 9 | service: web 10 | version: "0.1" 11 | template: 12 | metadata: 13 | name: nginx 14 | labels: 15 | project: chapter3 16 | service: web 17 | version: "0.1" 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: nginx:1.12.0 22 | ports: 23 | - containerPort: 80 24 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Service/3-2-3_rc2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: nginx-1.13 5 | spec: 6 | replicas: 2 7 | selector: 8 | project: chapter3 9 | service: web 10 | version: "0.2" 11 | template: 12 | metadata: 13 | name: nginx 14 | labels: 15 | project: chapter3 16 | service: web 17 | version: "0.2" 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: nginx:1.13.1 22 | ports: 23 | - containerPort: 80 24 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Service/3-2-3_service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: nginx-service 5 | spec: 6 | selector: 7 | project: chapter3 8 | service: web 9 | ports: 10 | - protocol: TCP 11 | port: 80 12 | targetPort: 80 13 | name: http 14 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Service/3-2-3_service_wo_selector_endpoints.yaml: -------------------------------------------------------------------------------- 1 | kind: Endpoints 2 | apiVersion: v1 3 | metadata: 4 | name: google-proxy 5 | subsets: 6 | - addresses: 7 | - ip: 172.217.0.238 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /Chapter03/3-2-3_Service/3-2-3_service_wo_selector_srv.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: google-proxy 5 | spec: 6 | ports: 7 | - protocol: TCP 8 | port: 80 9 | targetPort: 80 10 | 11 | -------------------------------------------------------------------------------- /Chapter03/3-3_kiosk/config.yaml: -------------------------------------------------------------------------------- 1 | # 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: mysql-config 6 | data: 7 | user: user 8 | database: db 9 | -------------------------------------------------------------------------------- /Chapter03/3-3_kiosk/kiosk-example.yaml: -------------------------------------------------------------------------------- 1 | # kiosk-example 2 | apiVersion: apps/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: kiosk-example 6 | spec: 7 | replicas: 5 8 | template: 9 | metadata: 10 | labels: 11 | tier: frontend 12 | version: "3" 13 | annotations: 14 | maintainer: cywu 15 | spec: 16 | containers: 17 | - name: kiosk-example 18 | image: devopswithkubernetes/kiosk-example 19 | ports: 20 | - containerPort: 5000 21 | env: 22 | - name: REDIS_HOST 23 | value: lcredis-service.default 24 | minReadySeconds: 5 25 | strategy: 26 | type: RollingUpdate 27 | rollingUpdate: 28 | maxSurge: 1 29 | maxUnavailable: 1 30 | --- 31 | kind: Service 32 | apiVersion: v1 33 | metadata: 34 | name: kiosk-service 35 | spec: 36 | type: NodePort 37 | selector: 38 | tier: frontend 39 | ports: 40 | - protocol: TCP 41 | port: 80 42 | targetPort: 5000 43 | name: tcp5000 44 | -------------------------------------------------------------------------------- /Chapter03/3-3_kiosk/mysql.yaml: -------------------------------------------------------------------------------- 1 | # mysql 2 | apiVersion: apps/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: lmysql 6 | spec: 7 | replicas: 1 8 | template: 9 | metadata: 10 | labels: 11 | tier: database 12 | version: "5.7" 13 | spec: 14 | containers: 15 | - name: lmysql 16 | image: mysql:5.7 17 | volumeMounts: 18 | - mountPath: /var/lib/mysql 19 | name: mysql-vol 20 | ports: 21 | - containerPort: 3306 22 | env: 23 | - name: MYSQL_ROOT_PASSWORD 24 | valueFrom: 25 | secretKeyRef: 26 | name: mysql-root 27 | key: password 28 | - name: MYSQL_DATABASE 29 | valueFrom: 30 | configMapKeyRef: 31 | name: mysql-config 32 | key: database 33 | - name: MYSQL_USER 34 | valueFrom: 35 | configMapKeyRef: 36 | name: mysql-config 37 | key: user 38 | - name: MYSQL_PASSWORD 39 | valueFrom: 40 | secretKeyRef: 41 | name: mysql-user 42 | key: password 43 | volumes: 44 | - name: mysql-vol 45 | hostPath: 46 | path: /mysql/data 47 | minReadySeconds: 10 48 | strategy: 49 | type: RollingUpdate 50 | rollingUpdate: 51 | maxSurge: 1 52 | maxUnavailable: 1 53 | --- 54 | kind: Service 55 | apiVersion: v1 56 | metadata: 57 | name: lmysql-service 58 | spec: 59 | selector: 60 | tier: database 61 | ports: 62 | - protocol: TCP 63 | port: 3306 64 | targetPort: 3306 65 | name: tcp3306 66 | -------------------------------------------------------------------------------- /Chapter03/3-3_kiosk/recorder-example.yaml: -------------------------------------------------------------------------------- 1 | # recorder-example 2 | apiVersion: apps/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: recorder-example 6 | spec: 7 | replicas: 3 8 | template: 9 | metadata: 10 | labels: 11 | tier: backend 12 | version: "3" 13 | annotations: 14 | maintainer: cywu 15 | spec: 16 | containers: 17 | - name: recorder-example 18 | image: devopswithkubernetes/recorder-example 19 | env: 20 | - name: REDIS_HOST 21 | value: lcredis-service.default 22 | - name: MYSQL_HOST 23 | value: lmysql-service.default 24 | - name: MYSQL_USER 25 | value: root 26 | - name: MYSQL_ROOT_PASSWORD 27 | valueFrom: 28 | secretKeyRef: 29 | name: mysql-root 30 | key: password 31 | minReadySeconds: 3 32 | strategy: 33 | type: RollingUpdate 34 | rollingUpdate: 35 | maxSurge: 1 36 | maxUnavailable: 1 37 | -------------------------------------------------------------------------------- /Chapter03/3-3_kiosk/redis.yaml: -------------------------------------------------------------------------------- 1 | # lcredis 2 | apiVersion: apps/v1beta1 3 | kind: Deployment 4 | metadata: 5 | name: lcredis 6 | spec: 7 | replicas: 1 8 | template: 9 | metadata: 10 | labels: 11 | tier: cache 12 | version: "3.0" 13 | spec: 14 | containers: 15 | - name: lcredis 16 | image: redis:3.0 17 | ports: 18 | - containerPort: 6379 19 | minReadySeconds: 1 20 | strategy: 21 | type: RollingUpdate 22 | rollingUpdate: 23 | maxSurge: 1 24 | maxUnavailable: 1 25 | --- 26 | kind: Service 27 | apiVersion: v1 28 | metadata: 29 | name: lcredis-service 30 | spec: 31 | selector: 32 | tier: cache 33 | ports: 34 | - protocol: TCP 35 | port: 6379 36 | targetPort: 6379 37 | name: tcp6379 38 | -------------------------------------------------------------------------------- /Chapter03/3-3_kiosk/secret.yaml: -------------------------------------------------------------------------------- 1 | # MYSQL_PASSWORD 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: mysql-user 6 | type: Opaque 7 | data: 8 | password: cGFzcw== 9 | 10 | --- 11 | # MYSQL_ROOT_PASSWORD 12 | apiVersion: v1 13 | kind: Secret 14 | metadata: 15 | name: mysql-root 16 | type: Opaque 17 | data: 18 | password: bXlzcWxwYXNz 19 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/elasticsearch/es-coordinator.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: es-coordinator 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: es-coordinator 11 | spec: 12 | containers: 13 | - image: elasticsearch:2 14 | name: es-coordinator 15 | args: 16 | - --node.master=false 17 | - --node.data=false 18 | - --discovery.zen.ping.unicast.hosts=es-master-0.es-master-svc.default.svc.cluster.local 19 | resources: 20 | requests: 21 | memory: 1Gi 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: elasticsearch-svc 27 | spec: 28 | ports: 29 | - name: http 30 | port: 9200 31 | nodePort: 30200 32 | protocol: TCP 33 | selector: 34 | run: es-coordinator 35 | type: NodePort 36 | 37 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/elasticsearch/es-data.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: StatefulSet 3 | metadata: 4 | name: es-data 5 | spec: 6 | serviceName: "es-data" 7 | replicas: 3 8 | template: 9 | metadata: 10 | labels: 11 | run: es-data 12 | spec: 13 | containers: 14 | - image: elasticsearch:2 15 | name: es-data 16 | args: 17 | - --node.master=false 18 | - --node.data=true 19 | - --discovery.zen.ping.unicast.hosts=es-master-0.es-master-svc.default.svc.cluster.local 20 | volumeMounts: 21 | - mountPath: /usr/share/elasticsearch/data 22 | name: es-data 23 | resources: 24 | requests: 25 | memory: 1Gi 26 | volumeClaimTemplates: 27 | - metadata: 28 | name: es-data 29 | annotations: 30 | volume.beta.kubernetes.io/storage-class: es-sc 31 | spec: 32 | accessModes: [ "ReadWriteOnce" ] 33 | resources: 34 | requests: 35 | storage: 1Gi 36 | 37 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/elasticsearch/es-master.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: StatefulSet 3 | metadata: 4 | name: es-master 5 | spec: 6 | serviceName: "es-master-svc" 7 | replicas: 1 8 | template: 9 | metadata: 10 | labels: 11 | run: es-master 12 | spec: 13 | containers: 14 | - image: elasticsearch:2 15 | name: es-master 16 | args: 17 | - --node.master=true 18 | - --node.data=false 19 | - --discovery.zen.ping.unicast.hosts=es-master-0.es-master-svc.default.svc.cluster.local 20 | resources: 21 | requests: 22 | memory: 1Gi 23 | --- 24 | apiVersion: v1 25 | kind: Service 26 | metadata: 27 | name: es-master-svc 28 | spec: 29 | ports: 30 | - name: native 31 | port: 9300 32 | protocol: TCP 33 | selector: 34 | run: es-master 35 | type: ClusterIP 36 | clusterIP: None 37 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/elasticsearch/es-storageclass.yml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: es-sc 5 | provisioner: kubernetes.io/gce-pd 6 | parameters: 7 | type: pd-standard 8 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/grafana-pv.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: grafana 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: grafana 11 | spec: 12 | containers: 13 | - image: grafana/grafana 14 | name: grafana 15 | ports: 16 | - containerPort: 3000 17 | volumeMounts: 18 | - mountPath: /var/lib/grafana 19 | name: grafana-data 20 | volumes: 21 | - name: grafana-data 22 | gcePersistentDisk: 23 | pdName: gce-pd-1 24 | fsType: ext4 25 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/grafana.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: grafana 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: grafana 11 | spec: 12 | containers: 13 | - image: grafana/grafana 14 | name: grafana 15 | ports: 16 | - containerPort: 3000 17 | --- 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: grafana 22 | spec: 23 | ports: 24 | - protocol: TCP 25 | port: 3000 26 | nodePort: 30300 27 | type: NodePort 28 | selector: 29 | run: grafana 30 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/pv-gce-pd-1.yml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: "PersistentVolume" 3 | metadata: 4 | name: pv-1 5 | spec: 6 | capacity: 7 | storage: "10Gi" 8 | accessModes: 9 | - "ReadWriteOnce" 10 | gcePersistentDisk: 11 | fsType: "ext4" 12 | pdName: "gce-pd-1" 13 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/pvc-1.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: pvc-1 5 | spec: 6 | storageClassName: "" 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 10Gi 12 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/pvc-aws.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: pvc-aws-1 5 | spec: 6 | storageClassName: "aws-sc" 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 10Gi 12 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/storageclass-aws.yml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: aws-sc 5 | provisioner: kubernetes.io/aws-ebs 6 | parameters: 7 | type: gp2 8 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/tomcat-logstash.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: tomcat 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: tomcat 11 | spec: 12 | containers: 13 | - image: tomcat 14 | name: tomcat 15 | ports: 16 | - containerPort: 8080 17 | env: 18 | - name: UMASK 19 | value: "0022" 20 | volumeMounts: 21 | - mountPath: /usr/local/tomcat/logs 22 | name: tomcat-log 23 | - image: logstash 24 | name: logstash 25 | args: ["-e input { file { path => \"/mnt/localhost_access_log.*\" } } output { stdout { codec => rubydebug } elasticsearch { hosts => [\"http://elasticsearch-svc.default.svc.cluster.local:9200\"] } }"] 26 | volumeMounts: 27 | - mountPath: /mnt 28 | name: tomcat-log 29 | volumes: 30 | - name: tomcat-log 31 | emptyDir: {} 32 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/tomcat-nginx.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: webapp 5 | spec: 6 | containers: 7 | - image: tomcat 8 | name: tomcat 9 | - image: nginx 10 | name: nginx 11 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/tomcat-pv.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: tomcat 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: tomcat 11 | spec: 12 | containers: 13 | - image: tomcat 14 | name: tomcat 15 | ports: 16 | - containerPort: 8080 17 | volumeMounts: 18 | - mountPath: /usr/local/tomcat/logs 19 | name: tomcat-log 20 | volumes: 21 | - name: tomcat-log 22 | gcePersistentDisk: 23 | pdName: gce-pd-1 24 | fsType: ext4 25 | --- 26 | apiVersion: v1 27 | kind: Service 28 | metadata: 29 | name: tomcat 30 | spec: 31 | ports: 32 | - protocol: TCP 33 | port: 8080 34 | nodePort: 30088 35 | type: NodePort 36 | selector: 37 | run: tomcat 38 | -------------------------------------------------------------------------------- /Chapter04/4-1_volume/tomcat-pvc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: tomcat 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: tomcat 11 | spec: 12 | containers: 13 | - image: tomcat 14 | name: tomcat 15 | ports: 16 | - containerPort: 8080 17 | volumeMounts: 18 | - mountPath: /usr/local/tomcat/logs 19 | name: tomcat-log 20 | volumes: 21 | - name: tomcat-log 22 | persistentVolumeClaim: 23 | claimName: "pvc-1" 24 | 25 | --- 26 | apiVersion: v1 27 | kind: Service 28 | metadata: 29 | name: tomcat 30 | spec: 31 | ports: 32 | - protocol: TCP 33 | port: 8080 34 | nodePort: 30088 35 | type: NodePort 36 | selector: 37 | run: tomcat 38 | -------------------------------------------------------------------------------- /Chapter04/4-2_resource/besteffort-explicit.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: besteffort 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | resources: 10 | limits: 11 | cpu: 0 12 | memory: 0 13 | -------------------------------------------------------------------------------- /Chapter04/4-2_resource/besteffort-implicit.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: besteffort 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | -------------------------------------------------------------------------------- /Chapter04/4-2_resource/burstable.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: burstable-pod 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | resources: 10 | requests: 11 | cpu: 0.1 12 | memory: 10Mi 13 | limits: 14 | cpu: 0.5 15 | memory: 300Mi 16 | -------------------------------------------------------------------------------- /Chapter04/4-2_resource/burstable2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: burstable-pod 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | resources: 10 | requests: 11 | cpu: 0.1 12 | memory: 30Mi 13 | -------------------------------------------------------------------------------- /Chapter04/4-2_resource/guaranteed-fail.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: guaranteed-fail 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | resources: 10 | limits: 11 | cpu: 0.3 12 | memory: 350Mi 13 | requests: 14 | cpu: 0.3 15 | memory: 350Mi 16 | - name: tomcat 17 | image: tomcat 18 | resources: 19 | requests: 20 | cpu: 0.2 21 | memory: 100Mi 22 | -------------------------------------------------------------------------------- /Chapter04/4-2_resource/guaranteed-fail2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: guaranteed-fail2 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | resources: 10 | limits: 11 | cpu: 0.3 12 | - name: tomcat 13 | image: tomcat 14 | resources: 15 | requests: 16 | memory: 100Mi 17 | -------------------------------------------------------------------------------- /Chapter04/4-2_resource/guaranteed.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: guaranteed-pod 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | resources: 10 | limits: 11 | cpu: 0.3 12 | memory: 350Mi 13 | requests: 14 | cpu: 0.3 15 | memory: 350Mi 16 | -------------------------------------------------------------------------------- /Chapter05/5-1-1_pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: example 5 | spec: 6 | containers: 7 | - name: web 8 | image: nginx 9 | - name: centos 10 | image: centos 11 | command: ["/bin/sh", "-c", "while : ;do curl http://localhost:80/; sleep 10; done"] 12 | -------------------------------------------------------------------------------- /Chapter05/5-2-1_echoserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: ReplicaSet 3 | metadata: 4 | name: echoserver 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | name: echoserver 10 | labels: 11 | project: chapter5 12 | service: echoserver 13 | spec: 14 | containers: 15 | - name: echoserver 16 | image: gcr.io/google_containers/echoserver:1.4 17 | ports: 18 | - containerPort: 8080 19 | 20 | --- 21 | 22 | kind: Service 23 | apiVersion: v1 24 | metadata: 25 | name: echoserver 26 | spec: 27 | type: NodePort 28 | selector: 29 | project: chapter5 30 | service: echoserver 31 | ports: 32 | - protocol: TCP 33 | port: 8080 34 | targetPort: 8080 35 | -------------------------------------------------------------------------------- /Chapter05/5-2-1_ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: ingress-example 5 | annotations: 6 | ingress.kubernetes.io/rewrite-target: / 7 | spec: 8 | rules: 9 | - host: devops.k8s 10 | http: 11 | paths: 12 | - path: /welcome 13 | backend: 14 | serviceName: nginx 15 | servicePort: 80 16 | - path: /echoserver 17 | backend: 18 | serviceName: echoserver 19 | servicePort: 8080 20 | -------------------------------------------------------------------------------- /Chapter05/5-2-1_loadbalancer.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: echoserver 5 | spec: 6 | type: LoadBalancer 7 | selector: 8 | project: chapter5 9 | service: echoserver 10 | ports: 11 | - protocol: TCP 12 | port: 8080 13 | targetPort: 8080 14 | 15 | --- 16 | 17 | apiVersion: extensions/v1beta1 18 | kind: ReplicaSet 19 | metadata: 20 | name: echoserver 21 | spec: 22 | replicas: 1 23 | template: 24 | metadata: 25 | name: echoserver 26 | labels: 27 | project: chapter5 28 | service: echoserver 29 | spec: 30 | containers: 31 | - name: echoserver 32 | image: gcr.io/google_containers/echoserver:1.4 33 | ports: 34 | - containerPort: 8080 -------------------------------------------------------------------------------- /Chapter05/5-2-1_nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: ReplicaSet 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 2 7 | template: 8 | metadata: 9 | name: nginx 10 | labels: 11 | project: chapter5 12 | service: nginx 13 | spec: 14 | containers: 15 | - name: nginx 16 | image: nginx 17 | ports: 18 | - containerPort: 80 19 | 20 | --- 21 | 22 | kind: Service 23 | apiVersion: v1 24 | metadata: 25 | name: nginx 26 | spec: 27 | type: NodePort 28 | selector: 29 | project: chapter5 30 | service: nginx 31 | ports: 32 | - protocol: TCP 33 | port: 80 34 | targetPort: 80 35 | -------------------------------------------------------------------------------- /Chapter05/5-3-1_networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | kind: NetworkPolicy 2 | apiVersion: extensions/v1beta1 3 | metadata: 4 | name: nginx-networkpolicy 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | service: nginx 9 | ingress: 10 | - from: 11 | - podSelector: 12 | matchLabels: 13 | project: chapter5 14 | -------------------------------------------------------------------------------- /Chapter05/5-3-1_np_allowall.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: allow-all 5 | spec: 6 | podSelector: 7 | ingress: 8 | - {} 9 | -------------------------------------------------------------------------------- /Chapter05/5-3-1_np_denyall.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: default-deny 5 | spec: 6 | podSelector: 7 | -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/exporters/prom-node-exporter.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | name: node-exporter 5 | namespace: monitoring 6 | labels: 7 | app: node-exporter 8 | component: prometheus 9 | spec: 10 | template: 11 | metadata: 12 | labels: 13 | app: node-exporter 14 | annotations: 15 | prometheus.io/port: "9100" 16 | prometheus.io/scrape: "true" 17 | spec: 18 | hostNetwork: true 19 | hostPID: true 20 | containers: 21 | - image: quay.io/prometheus/node-exporter:v0.14.0 22 | name: node-exporter 23 | args: 24 | - "-collector.procfs=/host/proc" 25 | - "-collector.sysfs=/host/sys" 26 | ports: 27 | - containerPort: 9100 28 | name: scrape-port 29 | resources: 30 | requests: 31 | memory: 50Mi 32 | cpu: 50m 33 | limits: 34 | memory: 50Mi 35 | cpu: 50m 36 | volumeMounts: 37 | - name: proc 38 | readOnly: true 39 | mountPath: /host/proc 40 | - name: sys 41 | readOnly: true 42 | mountPath: /host/sys 43 | tolerations: 44 | - effect: NoSchedule 45 | key: node-role.kubernetes.io/master 46 | - key: CriticalAddonsOnly 47 | operator: Exists 48 | volumes: 49 | - name: proc 50 | hostPath: 51 | path: /proc 52 | - name: sys 53 | hostPath: 54 | path: /sys 55 | -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/grafana/grafana-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: grafana-svc 5 | namespace: monitoring 6 | labels: 7 | app: grafana 8 | spec: 9 | selector: 10 | app: grafana 11 | type: ClusterIP 12 | ports: 13 | - name: grafana 14 | protocol: TCP 15 | port: 80 16 | targetPort: 3000 17 | -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/grafana/grafana.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: grafana 5 | namespace: monitoring 6 | labels: 7 | app: grafana 8 | spec: 9 | replicas: 1 10 | template: 11 | metadata: 12 | labels: 13 | app: grafana 14 | spec: 15 | containers: 16 | - image: grafana/grafana 17 | name: grafana 18 | ports: 19 | - containerPort: 3000 20 | resources: 21 | limits: 22 | cpu: 100m 23 | memory: 100Mi 24 | requests: 25 | cpu: 100m 26 | memory: 100Mi 27 | volumeMounts: 28 | - mountPath: /var/lib/grafana 29 | name: grafana-data 30 | volumes: 31 | - name: grafana-data 32 | emptyDir: {} -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/kubernetes/kube-dns-metrics-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: kube-system 5 | name: kube-dns-dnsmasq-metrics 6 | labels: 7 | k8s-app: kube-dns 8 | prom-target: kube-dns-dnsmasq 9 | component: prometheus 10 | task: scrape 11 | annotations: 12 | prometheus.io/scrape: 'true' 13 | prometheus.io/port: '10054' 14 | spec: 15 | clusterIP: None 16 | ports: 17 | - name: dnsmasq 18 | port: 10054 19 | selector: 20 | k8s-app: kube-dns 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | namespace: kube-system 26 | name: kube-dns-skydns-metrics 27 | labels: 28 | k8s-app: kube-dns 29 | prom-target: kube-dns-skydns 30 | component: prometheus 31 | task: scrape 32 | annotations: 33 | prometheus.io/scrape: 'true' 34 | prometheus.io/port: '10055' 35 | spec: 36 | clusterIP: None 37 | ports: 38 | - name: skydns 39 | port: 10055 40 | selector: 41 | k8s-app: kube-dns -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/kubernetes/self/etcd-server.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: kube-system 5 | name: etcd-server-svc 6 | labels: 7 | k8s-app: etcd-server 8 | prom-target: etcd 9 | component: prometheus 10 | task: scrape 11 | annotations: 12 | prometheus.io/scrape: 'true' 13 | prometheus.io/port: '4001' 14 | spec: 15 | clusterIP: None 16 | ports: 17 | - name: etcd-server 18 | port: 4001 19 | selector: 20 | k8s-app: etcd-server 21 | -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/kubernetes/self/kube-controller-manager-metrics-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: kube-system 5 | name: kube-controller-manager-metrics-svc 6 | labels: 7 | k8s-app: kube-controller-manager 8 | prom-target: kube-controller-manager 9 | component: prometheus 10 | task: scrape 11 | annotations: 12 | prometheus.io/scrape: 'true' 13 | spec: 14 | clusterIP: None 15 | ports: 16 | - name: kube-controller-manager 17 | port: 10252 18 | selector: 19 | k8s-app: kube-controller-manager 20 | -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/kubernetes/self/kube-scheduler-metrics-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: kube-system 5 | name: kube-scheduler-metrics-svc 6 | labels: 7 | k8s-app: kube-scheduler 8 | prom-target: kube-scheduler 9 | component: prometheus 10 | task: scrape 11 | annotations: 12 | prometheus.io/scrape: 'true' 13 | spec: 14 | clusterIP: None 15 | ports: 16 | - name: kube-scheduler 17 | port: 10251 18 | selector: 19 | k8s-app: kube-scheduler 20 | -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/monitoring-ns.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/prometheus/configs/prom-config-default.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: prometheus-config-file 5 | namespace: monitoring 6 | labels: 7 | app: prometheus 8 | data: 9 | prometheus.yml: |- 10 | # my global config 11 | global: 12 | scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. 13 | evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. 14 | # scrape_timeout is set to the global default (10s). 15 | 16 | # Attach these labels to any time series or alerts when communicating with 17 | # external systems (federation, remote storage, Alertmanager). 18 | external_labels: 19 | monitor: 'codelab-monitor' 20 | 21 | # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. 22 | rule_files: 23 | # - "first.rules" 24 | # - "second.rules" 25 | 26 | # A scrape configuration containing exactly one endpoint to scrape: 27 | # Here it's Prometheus itself. 28 | scrape_configs: 29 | # The job name is added as a label `job=` to any timeseries scraped from this config. 30 | - job_name: 'prometheus' 31 | 32 | # metrics_path defaults to '/metrics' 33 | # scheme defaults to 'http'. 34 | 35 | static_configs: 36 | - targets: ['localhost:9090'] -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/prometheus/configs/prom-config-k8s.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: prometheus-config-file 5 | namespace: monitoring 6 | labels: 7 | app: prometheus 8 | data: 9 | prometheus.yml: |- 10 | global: 11 | scrape_interval: 5s 12 | evaluation_interval: 5s 13 | 14 | rule_files: 15 | # - "first.rules" 16 | # - "second.rules" 17 | 18 | scrape_configs: 19 | - job_name: 'prometheus' 20 | static_configs: 21 | - targets: ['localhost:9090'] 22 | 23 | # see: https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml 24 | # and: https://prometheus.io/docs/operating/configuration/# 25 | - job_name: 'k8s-apiservers' 26 | kubernetes_sd_configs: 27 | - role: endpoints 28 | scheme: https 29 | tls_config: 30 | ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 31 | bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 32 | 33 | relabel_configs: 34 | - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name] 35 | action: keep 36 | regex: default;kubernetes;https 37 | - target_label: __address__ 38 | replacement: kubernetes.default:443 39 | 40 | - job_name: 'k8s-cadvisor' 41 | kubernetes_sd_configs: 42 | - role: node 43 | scheme: https 44 | tls_config: 45 | ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 46 | bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token 47 | 48 | relabel_configs: 49 | - action: labelmap 50 | regex: __meta_kubernetes_node_label_(.+) 51 | - target_label: __address__ 52 | replacement: kubernetes.default.svc:443 53 | - source_labels: [__meta_kubernetes_node_name] 54 | regex: (.+) 55 | target_label: __metrics_path__ 56 | replacement: /api/v1/nodes/${1}:4194/proxy/metrics 57 | 58 | - job_name: 'kubernetes-pods' 59 | kubernetes_sd_configs: 60 | - role: pod 61 | 62 | relabel_configs: 63 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 64 | action: keep 65 | regex: true 66 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 67 | action: replace 68 | target_label: __metrics_path__ 69 | regex: (.+) 70 | - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 71 | action: replace 72 | regex: ([^:]+)(?::\d+)?;(\d+) 73 | replacement: $1:$2 74 | target_label: __address__ 75 | - action: labelmap 76 | regex: __meta_kubernetes_pod_label_(.+) 77 | - source_labels: [__meta_kubernetes_namespace] 78 | action: replace 79 | target_label: kubernetes_namespace 80 | - source_labels: [__meta_kubernetes_pod_name] 81 | action: replace 82 | target_label: kubernetes_pod_name 83 | 84 | - job_name: 'kubernetes-service-endpoints' 85 | kubernetes_sd_configs: 86 | - role: endpoints 87 | 88 | relabel_configs: 89 | - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape] 90 | action: keep 91 | regex: true 92 | - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] 93 | action: replace 94 | target_label: __scheme__ 95 | regex: (https?) 96 | - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] 97 | action: replace 98 | target_label: __metrics_path__ 99 | regex: (.+) 100 | - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] 101 | action: replace 102 | target_label: __address__ 103 | regex: ([^:]+)(?::\d+)?;(\d+) 104 | replacement: $1:$2 105 | - action: labelmap 106 | regex: __meta_kubernetes_service_label_(.+) 107 | - source_labels: [__meta_kubernetes_namespace] 108 | action: replace 109 | target_label: kubernetes_namespace 110 | - source_labels: [__meta_kubernetes_service_name] 111 | action: replace 112 | target_label: kubernetes_name 113 | 114 | - job_name: 'kubernetes-services' 115 | kubernetes_sd_configs: 116 | - role: service 117 | 118 | relabel_configs: 119 | - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_probe] 120 | action: keep 121 | regex: true 122 | - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme] 123 | action: replace 124 | target_label: __scheme__ 125 | regex: (https?) 126 | - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path] 127 | action: replace 128 | target_label: __metrics_path__ 129 | regex: (.+) 130 | - source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port] 131 | action: replace 132 | target_label: __address__ 133 | regex: ([^:]+)(?::\d+)?;(\d+) 134 | replacement: $1:$2 135 | - action: labelmap 136 | regex: __meta_kubernetes_service_label_(.+) 137 | - source_labels: [__meta_kubernetes_namespace] 138 | action: replace 139 | target_label: kubernetes_namespace 140 | - source_labels: [__meta_kubernetes_service_name] 141 | action: replace 142 | target_label: kubernetes_name -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/prometheus/prom-flags.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: prometheus-config-flags 5 | namespace: monitoring 6 | labels: 7 | app: prometheus 8 | data: 9 | # Check "prometheus --help" for more flags 10 | STORAGE_LOCAL_RETENTION: 168h0m0s 11 | STORAGE_LOCAL_TARGET_HEAP_SIZE: '536870912' 12 | -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/prometheus/prom-pvc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: prometheus-storage 5 | namespace: monitoring 6 | labels: 7 | app: prometheus 8 | spec: 9 | accessModes: 10 | - ReadWriteOnce 11 | resources: 12 | requests: 13 | storage: 10Gi -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/prometheus/prom-sa.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: prometheus 5 | namespace: monitoring 6 | labels: 7 | app: prometheus 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: ClusterRole 11 | metadata: 12 | name: prometheus 13 | namespace: monitoring 14 | labels: 15 | app: prometheus 16 | rules: 17 | - apiGroups: [""] 18 | resources: 19 | - nodes 20 | - nodes/proxy 21 | - services 22 | - endpoints 23 | - pods 24 | verbs: ["get", "list", "watch"] 25 | - nonResourceURLs: ["/metrics"] 26 | verbs: ["get"] 27 | --- 28 | apiVersion: rbac.authorization.k8s.io/v1beta1 29 | kind: ClusterRoleBinding 30 | metadata: 31 | name: prometheus 32 | namespace: monitoring 33 | labels: 34 | app: prometheus 35 | roleRef: 36 | apiGroup: rbac.authorization.k8s.io 37 | kind: ClusterRole 38 | name: prometheus 39 | subjects: 40 | - kind: ServiceAccount 41 | name: prometheus 42 | namespace: monitoring -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/prometheus/prom-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: prometheus-svc 5 | namespace: monitoring 6 | labels: 7 | app: prometheus 8 | spec: 9 | selector: 10 | app: prometheus 11 | ports: 12 | - name: prometheus 13 | protocol: TCP 14 | port: 9090 15 | -------------------------------------------------------------------------------- /Chapter06/6-1_prometheus/prometheus/prom.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: prometheus 5 | namespace: monitoring 6 | labels: 7 | app: prometheus 8 | spec: 9 | replicas: 1 10 | strategy: 11 | type: Recreate 12 | template: 13 | metadata: 14 | labels: 15 | app: prometheus 16 | spec: 17 | serviceAccountName: prometheus 18 | containers: 19 | - image: quay.io/prometheus/prometheus:v1.7.1 20 | name: prom 21 | args: 22 | - '-config.file=/prometheus-cfg/prometheus.yml' 23 | - '-storage.local.path=/data' 24 | - '-storage.local.retention=$(STORAGE_LOCAL_RETENTION)' 25 | - '-storage.local.target-heap-size=$(STORAGE_LOCAL_TARGET_HEAP_SIZE)' 26 | envFrom: 27 | - configMapRef: 28 | name: prometheus-config-flags 29 | ports: 30 | - containerPort: 9090 31 | name: prom-port 32 | resources: 33 | limits: 34 | memory: 1Gi 35 | requests: 36 | cpu: 200m 37 | memory: 1Gi 38 | volumeMounts: 39 | - name: config-file 40 | mountPath: /prometheus-cfg 41 | - name: storage 42 | mountPath: /data 43 | volumes: 44 | - name: config-file 45 | configMap: 46 | name: prometheus-config-file 47 | - name: storage 48 | persistentVolumeClaim: 49 | claimName: prometheus-storage -------------------------------------------------------------------------------- /Chapter06/6-2_logging-sidecar.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: myapp 5 | spec: 6 | containers: 7 | - image: busybox 8 | name: application 9 | args: 10 | - /bin/sh 11 | - -c 12 | - > 13 | while true; do 14 | echo "$(date) INFO hello" >> /var/log/myapp.log ; 15 | sleep 1; 16 | done 17 | volumeMounts: 18 | - name: log 19 | mountPath: /var/log 20 | - name: sidecar 21 | image: busybox 22 | args: 23 | - /bin/sh 24 | - -c 25 | - tail -fn+1 /var/log/myapp.log 26 | volumeMounts: 27 | - name: log 28 | mountPath: /var/log 29 | volumes: 30 | - name: log 31 | emptyDir: {} -------------------------------------------------------------------------------- /Chapter06/6-3_efk/elasticsearch/es-config.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: es-config-file 5 | labels: 6 | app: es-logging 7 | data: 8 | log4j2.properties: |- 9 | status = error 10 | 11 | appender.console.type = Console 12 | appender.console.name = console 13 | appender.console.layout.type = PatternLayout 14 | appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n 15 | 16 | rootLogger.level = debug 17 | rootLogger.appenderRef.console.ref = console 18 | rootLogger.action = debug 19 | 20 | elasticsearch.yml: |- 21 | cluster.name: "es-logging" 22 | network.host: 0.0.0.0 23 | 24 | node.name: ${HOSTNAME} 25 | node.master: ${IS_MASTER_NODE} 26 | node.data: ${IS_DATA_NODE} 27 | node.ingest: ${IS_INGEST_NODE} 28 | 29 | discovery.zen.minimum_master_nodes: ${MINIMUM_MASTER_NODES} 30 | 31 | # bootstrap.memory_lock: true 32 | 33 | # xpack.security.enabled: false 34 | # xpack.monitoring.enabled: false 35 | # xpack.ml.enabled: false 36 | # xpack.graph.enabled: false 37 | # xpack.watcher.enabled: false 38 | -------------------------------------------------------------------------------- /Chapter06/6-3_efk/elasticsearch/es-logging.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: es-logging 5 | spec: 6 | replicas: 1 7 | strategy: 8 | type: Recreate 9 | template: 10 | metadata: 11 | labels: 12 | app: es-logging 13 | spec: 14 | securityContext: 15 | fsGroup: 1000 16 | initContainers: 17 | - image: busybox 18 | name: adjust-heap 19 | securityContext: 20 | privileged: true 21 | command: ["sysctl", "-w", "vm.max_map_count=262144"] 22 | containers: 23 | - image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1 24 | name: es-logging 25 | command: 26 | - /bin/bash 27 | - -c 28 | - | 29 | cp /config-file/* /usr/share/elasticsearch/config/ ; 30 | bin/elasticsearch-plugin remove x-pack ; 31 | bin/es-docker 32 | env: 33 | - name: ES_JAVA_OPTS 34 | value: "-Des.enforce.bootstrap.checks=true -Xms512m -Xmx512m" 35 | - name: IS_MASTER_NODE 36 | value: "true" 37 | - name: IS_DATA_NODE 38 | value: "true" 39 | - name: IS_INGEST_NODE 40 | value: "true" 41 | - name: MINIMUM_MASTER_NODES 42 | value: "1" 43 | resources: 44 | requests: 45 | memory: 1Gi 46 | limits: 47 | memory: 1Gi 48 | securityContext: 49 | capabilities: 50 | add: 51 | - IPC_LOCK 52 | volumeMounts: 53 | - name: es-logging-pv 54 | mountPath: /usr/share/elasticsearch/data 55 | - name: config-file 56 | mountPath: /config-file 57 | volumes: 58 | - name: es-logging-pv 59 | persistentVolumeClaim: 60 | claimName: es-logging-pvc 61 | - name: config-file 62 | configMap: 63 | name: es-config-file 64 | --- 65 | apiVersion: v1 66 | kind: Service 67 | metadata: 68 | name: es-logging-svc 69 | spec: 70 | ports: 71 | - port: 9300 72 | name: transport 73 | - port: 9200 74 | name: http 75 | selector: 76 | app: es-logging 77 | --- 78 | apiVersion: v1 79 | kind: PersistentVolumeClaim 80 | metadata: 81 | name: es-logging-pvc 82 | labels: 83 | app: es-logging 84 | spec: 85 | accessModes: [ "ReadWriteOnce" ] 86 | resources: 87 | requests: 88 | storage: 1Gi 89 | -------------------------------------------------------------------------------- /Chapter06/6-3_efk/elasticsearch/kibana-logging.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: kibana-logging 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | app: kibana-logging 11 | spec: 12 | containers: 13 | - image: docker.elastic.co/kibana/kibana:5.5.1 14 | name: kibana-logging 15 | command: 16 | - /bin/bash 17 | - -c 18 | - | 19 | bin/kibana-plugin remove x-pack ; 20 | /usr/local/bin/kibana-docker 21 | env: 22 | - name: ELASTICSEARCH_URL 23 | value: "http://es-logging-svc:9200" 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: kibana-logging-svc 29 | spec: 30 | ports: 31 | - port: 5601 32 | selector: 33 | app: kibana-logging 34 | 35 | -------------------------------------------------------------------------------- /Chapter06/6-3_efk/fluentd/fluentd-ds.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | name: fluentd-logging 5 | namespace: monitoring 6 | labels: 7 | app: fluentd-logging 8 | spec: 9 | updateStrategy: 10 | type: RollingUpdate 11 | template: 12 | metadata: 13 | labels: 14 | app: fluentd-logging 15 | spec: 16 | serviceAccountName: fluentd 17 | containers: 18 | - name: fluentd 19 | image: fluent/fluentd-kubernetes-daemonset:elasticsearch 20 | env: 21 | - name: FLUENT_ELASTICSEARCH_HOST 22 | value: "es-logging-svc" 23 | - name: FLUENT_ELASTICSEARCH_PORT 24 | value: "9200" 25 | - name: FLUENT_ELASTICSEARCH_SCHEME 26 | value: "http" 27 | # - name: FLUENT_ELASTICSEARCH_USER 28 | # value: "elastic" 29 | # - name: FLUENT_ELASTICSEARCH_PASSWORD 30 | # value: "changeme" 31 | resources: 32 | limits: 33 | memory: 200Mi 34 | requests: 35 | cpu: 100m 36 | memory: 200Mi 37 | volumeMounts: 38 | - name: varlog 39 | mountPath: /var/log 40 | - name: varlibdockercontainers 41 | mountPath: /var/lib/docker/containers 42 | readOnly: true 43 | tolerations: 44 | - key: node-role.kubernetes.io/master 45 | effect: NoSchedule 46 | - key: CriticalAddonsOnly 47 | operator: Exists 48 | volumes: 49 | - name: varlog 50 | hostPath: 51 | path: /var/log 52 | - name: varlibdockercontainers 53 | hostPath: 54 | path: /var/lib/docker/containers -------------------------------------------------------------------------------- /Chapter06/6-3_efk/fluentd/fluentd-sa.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: fluentd 5 | namespace: monitoring 6 | labels: 7 | app: fluentd 8 | --- 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: ClusterRole 11 | metadata: 12 | name: fluentd 13 | namespace: monitoring 14 | labels: 15 | app: fluentd 16 | rules: 17 | - apiGroups: [""] 18 | resources: 19 | - pods 20 | verbs: ["get", "list", "watch"] 21 | --- 22 | apiVersion: rbac.authorization.k8s.io/v1beta1 23 | kind: ClusterRoleBinding 24 | metadata: 25 | name: fluentd 26 | namespace: monitoring 27 | labels: 28 | app: fluentd 29 | roleRef: 30 | apiGroup: rbac.authorization.k8s.io 31 | kind: ClusterRole 32 | name: fluentd 33 | subjects: 34 | - kind: ServiceAccount 35 | name: fluentd 36 | namespace: monitoring -------------------------------------------------------------------------------- /Chapter06/6-3_efk/heapster-eventer/eventer-only.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | k8s-app: eventer 6 | version: v1.4.0 7 | name: eventer-v1.4.0 8 | namespace: kube-system 9 | spec: 10 | replicas: 1 11 | template: 12 | metadata: 13 | annotations: 14 | scheduler.alpha.kubernetes.io/critical-pod: "" 15 | labels: 16 | k8s-app: eventer 17 | version: v1.4.0 18 | spec: 19 | serviceAccountName: heapster 20 | containers: 21 | - image: gcr.io/google_containers/heapster-amd64:v1.4.0 22 | name: eventer 23 | command: 24 | - /eventer 25 | - --source=kubernetes:'' 26 | - --sink=elasticsearch:http://es-logging-svc.monitoring:9200?sniff=false 27 | livenessProbe: 28 | failureThreshold: 3 29 | httpGet: 30 | path: /healthz 31 | port: 8084 32 | scheme: HTTP 33 | initialDelaySeconds: 180 34 | periodSeconds: 10 35 | successThreshold: 1 36 | timeoutSeconds: 5 37 | resources: 38 | limits: 39 | cpu: 88m 40 | memory: 204Mi 41 | requests: 42 | cpu: 88m 43 | memory: 204Mi 44 | tolerations: 45 | - key: CriticalAddonsOnly 46 | operator: Exists 47 | --- 48 | apiVersion: v1 49 | kind: ServiceAccount 50 | metadata: 51 | name: heapster 52 | namespace: kube-system 53 | --- 54 | kind: ClusterRoleBinding 55 | apiVersion: rbac.authorization.k8s.io/v1beta1 56 | metadata: 57 | name: heapster 58 | roleRef: 59 | apiGroup: rbac.authorization.k8s.io 60 | kind: ClusterRole 61 | name: system:heapster 62 | subjects: 63 | - kind: ServiceAccount 64 | name: heapster 65 | namespace: kube-system -------------------------------------------------------------------------------- /Chapter06/6-3_efk/heapster-eventer/heapster-eventer.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | k8s-app: heapster 6 | addonmanager.kubernetes.io/mode: Reconcile 7 | kubernetes.io/cluster-service: "true" 8 | version: v1.4.0 9 | name: heapster-v1.4.0 10 | namespace: kube-system 11 | spec: 12 | replicas: 1 13 | template: 14 | metadata: 15 | annotations: 16 | scheduler.alpha.kubernetes.io/critical-pod: "" 17 | labels: 18 | k8s-app: heapster 19 | version: v1.4.0 20 | spec: 21 | serviceAccountName: heapster 22 | tolerations: 23 | - key: CriticalAddonsOnly 24 | operator: Exists 25 | containers: 26 | - image: gcr.io/google_containers/heapster-amd64:v1.4.0 27 | name: heapster 28 | command: 29 | - /heapster 30 | - --source=kubernetes.summary_api:'' 31 | livenessProbe: 32 | failureThreshold: 3 33 | httpGet: 34 | path: /healthz 35 | port: 8082 36 | scheme: HTTP 37 | initialDelaySeconds: 180 38 | periodSeconds: 10 39 | successThreshold: 1 40 | timeoutSeconds: 5 41 | resources: 42 | limits: 43 | cpu: 88m 44 | memory: 204Mi 45 | requests: 46 | cpu: 88m 47 | memory: 204Mi 48 | - image: gcr.io/google_containers/heapster-amd64:v1.4.0 49 | name: eventer 50 | command: 51 | - /eventer 52 | - --source=kubernetes:'' 53 | - --sink=elasticsearch:http://es-logging-svc.monitoring:9200?sniff=false 54 | livenessProbe: 55 | failureThreshold: 3 56 | httpGet: 57 | path: /healthz 58 | port: 8084 59 | scheme: HTTP 60 | initialDelaySeconds: 180 61 | periodSeconds: 10 62 | successThreshold: 1 63 | timeoutSeconds: 5 64 | resources: 65 | limits: 66 | cpu: 88m 67 | memory: 204Mi 68 | requests: 69 | cpu: 88m 70 | memory: 204Mi 71 | - image: gcr.io/google_containers/addon-resizer:1.7 72 | name: heapster-nanny 73 | command: 74 | - /pod_nanny 75 | - --cpu=80m 76 | - --extra-cpu=0.5m 77 | - --memory=140Mi 78 | - --extra-memory=4Mi 79 | - --threshold=5 80 | - --deployment=heapster-v1.4.0 81 | - --container=heapster 82 | - --poll-period=300000 83 | - --estimator=exponential 84 | env: 85 | - name: MY_POD_NAME 86 | valueFrom: 87 | fieldRef: 88 | apiVersion: v1 89 | fieldPath: metadata.name 90 | - name: MY_POD_NAMESPACE 91 | valueFrom: 92 | fieldRef: 93 | apiVersion: v1 94 | fieldPath: metadata.namespace 95 | resources: 96 | limits: 97 | cpu: 50m 98 | memory: 92760Ki 99 | requests: 100 | cpu: 50m 101 | memory: 92760Ki 102 | --- 103 | apiVersion: v1 104 | kind: ServiceAccount 105 | metadata: 106 | name: heapster 107 | namespace: kube-system 108 | --- 109 | apiVersion: v1 110 | kind: Service 111 | metadata: 112 | labels: 113 | task: monitoring 114 | kubernetes.io/cluster-service: 'true' 115 | kubernetes.io/name: Heapster 116 | name: heapster 117 | namespace: kube-system 118 | spec: 119 | ports: 120 | - port: 80 121 | targetPort: 8082 122 | selector: 123 | k8s-app: heapster 124 | --- 125 | kind: ClusterRoleBinding 126 | apiVersion: rbac.authorization.k8s.io/v1beta1 127 | metadata: 128 | name: heapster 129 | roleRef: 130 | apiGroup: rbac.authorization.k8s.io 131 | kind: ClusterRole 132 | name: system:heapster 133 | subjects: 134 | - kind: ServiceAccount 135 | name: heapster 136 | namespace: kube-system -------------------------------------------------------------------------------- /Chapter06/6-3_efk/monitoring-ns.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: monitoring 5 | -------------------------------------------------------------------------------- /Chapter07/7-1_updates/ex-daemonset.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | name: my-ds 5 | spec: 6 | template: 7 | metadata: 8 | labels: 9 | app: my-ds 10 | spec: 11 | terminationGracePeriodSeconds: 10 12 | containers: 13 | - name: app 14 | image: alpine:3.5 15 | ports: 16 | - containerPort: 5000 17 | command: 18 | - /bin/sh 19 | - -c 20 | - > 21 | while true; do 22 | echo -e "HTTP/1.1 200 OK\n\n$(hostname)-v-$(cat /etc/alpine-release) is running..." | nc -w 1 -lp 5000 23 | done 24 | env: 25 | - name: DEMO 26 | value: "0" 27 | minReadySeconds: 10 28 | updateStrategy: 29 | type: RollingUpdate 30 | rollingUpdate: 31 | maxUnavailable: 1 32 | --- 33 | kind: Service 34 | apiVersion: v1 35 | metadata: 36 | name: my-ds-svc 37 | labels: 38 | app: my-ds 39 | spec: 40 | selector: 41 | app: my-ds 42 | ports: 43 | - protocol: TCP 44 | port: 80 45 | targetPort: 5000 46 | name: http 47 | -------------------------------------------------------------------------------- /Chapter07/7-3_on_pods/graceful_docker/Dockerfile.exec-sh: -------------------------------------------------------------------------------- 1 | FROM python:3-alpine 2 | EXPOSE 5000 3 | ADD app.py . 4 | CMD [ "python", "-u", "app.py" ] 5 | -------------------------------------------------------------------------------- /Chapter07/7-3_on_pods/graceful_docker/Dockerfile.shell-bash: -------------------------------------------------------------------------------- 1 | FROM python:3-slim 2 | EXPOSE 5000 3 | ADD app.py . 4 | CMD [ "/bin/bash", "-c", "python -u app.py" ] 5 | 6 | -------------------------------------------------------------------------------- /Chapter07/7-3_on_pods/graceful_docker/Dockerfile.shell-exec: -------------------------------------------------------------------------------- 1 | FROM python:3-alpine 2 | EXPOSE 5000 3 | ADD app.py . 4 | CMD exec python -u app.py 5 | -------------------------------------------------------------------------------- /Chapter07/7-3_on_pods/graceful_docker/Dockerfile.shell-sh: -------------------------------------------------------------------------------- 1 | FROM python:3-alpine 2 | EXPOSE 5000 3 | ADD app.py . 4 | CMD python -u app.py 5 | -------------------------------------------------------------------------------- /Chapter07/7-3_on_pods/graceful_docker/app.py: -------------------------------------------------------------------------------- 1 | import os 2 | import signal 3 | import time 4 | import threading 5 | from http.server import ( 6 | BaseHTTPRequestHandler, 7 | HTTPServer 8 | ) 9 | 10 | 11 | def fib(n): 12 | a, b = 0, 1 13 | for _ in range(n): 14 | a, b = b, a + b 15 | return a 16 | 17 | 18 | class MyMsgHandler(BaseHTTPRequestHandler): 19 | 20 | def do_GET(self): 21 | try: 22 | message = str(fib(int(self.path.split('/')[1]))) 23 | except ValueError as ex: 24 | message = "OK" 25 | self.send_response(200) 26 | self.end_headers() 27 | self.wfile.write(message.encode()) 28 | return 29 | 30 | def do_HEAD(self): 31 | self.send_response(200) 32 | self.end_headers() 33 | return 34 | 35 | def log_message(self, format, *args): 36 | print("{0:6f} - {1}".format(time.time(), *args)) 37 | return 38 | 39 | 40 | class MyApp(object): 41 | 42 | def __init__(self): 43 | self.httpd = HTTPServer(('0.0.0.0', 5000), MyMsgHandler) 44 | 45 | def run(self): 46 | print('starting server at {0:6f}'.format(time.time())) 47 | self.httpd.serve_forever() 48 | 49 | def stop(self): 50 | print('stopping server at {0:6f}'.format(time.time())) 51 | threading.Thread(target=self.httpd.shutdown).start() 52 | 53 | if __name__ == '__main__': 54 | def graceful_exit_handler(signum, frame): 55 | app.stop() 56 | app = MyApp() 57 | signal.signal(signal.SIGTERM, graceful_exit_handler) 58 | app.run() 59 | -------------------------------------------------------------------------------- /Chapter07/7-3_on_pods/lifecycle.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: my-app 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | app: my-app 11 | spec: 12 | terminationGracePeriodSeconds: 30 13 | containers: 14 | - name: main 15 | image: devopswithkubernetes/my-app:b5 16 | # readinessProbe: 17 | # httpGet: 18 | # path: / 19 | # port: 5000 20 | # periodSeconds: 8 21 | # initialDelaySeconds: 10 22 | # successThreshold: 2 23 | # failureThreshold: 3 24 | # timeoutSeconds: 1 25 | lifecycle: 26 | postStart: 27 | exec: 28 | command: 29 | - /bin/bash 30 | - -c 31 | - | 32 | echo "postStart received at $(date +%s).$(( 10#$(date +%N)/1000 ))" >> /var/log/hook.log 33 | sleep 30 34 | echo "ends at $(date +%s).$(( 10#$(date +%N)/1000 ))" >> /var/log/hook.log 35 | preStop: 36 | exec: 37 | command: 38 | - /bin/bash 39 | - -c 40 | - | 41 | echo "preStop received at $(date +%s).$(( 10#$(date +%N)/1000 ))" >> /var/log/hook.log 42 | sleep 30 43 | echo "ends at $(date +%s).$(( 10#$(date +%N)/1000 ))" >> /var/log/hook.log 44 | -------------------------------------------------------------------------------- /Chapter07/7-3_on_pods/probe.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: my-app 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | app: my-app 11 | spec: 12 | containers: 13 | - name: main 14 | image: devopswithkubernetes/my-app:b4 15 | command: 16 | - /bin/sh 17 | - -c 18 | - | 19 | echo "Pod is created at" $(date +%s) 20 | sleep 7 21 | python -u app.py & PID=$! 22 | sleep 16 23 | kill -15 $PID 24 | sleep 1 25 | for i in 1 2 3; do 26 | echo -e "HTTP/1.1 500" | nc -lp 5000 > /dev/null 2>&1 27 | echo $(date +%s) fail#$i 28 | done 29 | sleep 60 30 | readinessProbe: 31 | httpGet: 32 | path: / 33 | port: 5000 34 | periodSeconds: 5 35 | initialDelaySeconds: 10 36 | successThreshold: 2 37 | failureThreshold: 3 38 | timeoutSeconds: 1 39 | -------------------------------------------------------------------------------- /Chapter08/8-1_namespaces/8-1-1_ns1.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: project1 -------------------------------------------------------------------------------- /Chapter08/8-1_namespaces/8-1-1_ns2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: project2 -------------------------------------------------------------------------------- /Chapter08/8-1_namespaces/8-1-2_resource_quota.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: project1-resource-quota 5 | spec: 6 | hard: 7 | requests.cpu: "4" # the limits of the sum of requested CPU 8 | requests.memory: 16Gi # the limits of the sum of requested memory 9 | limits.cpu: "4" # the total CPU limits can’t exceed this value 10 | limits.memory: 4Gi # the limits of total memory limit 11 | requests.storage: 64Gi # the limits of sum of storage requests across PV claims 12 | pods: "4" # the limits of pod number -------------------------------------------------------------------------------- /Chapter08/8-1_namespaces/8-1-3_limit_range.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: project1-limit-range 5 | spec: 6 | limits: 7 | - default: 8 | cpu: 0.5 9 | memory: 512Mi 10 | defaultRequest: 11 | cpu: 0.25 12 | memory: 256Mi 13 | type: Container 14 | -------------------------------------------------------------------------------- /Chapter08/8-3_serviceaccount/8-3-1_serviceaccount.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: project1-serviceaccount 5 | -------------------------------------------------------------------------------- /Chapter08/8-5_authorization/8-5-1_ABAC/policy.json: -------------------------------------------------------------------------------- 1 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"admin", "namespace": "*", "resource": "*", "apiGroup": "*"}} 2 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "pods", "readonly": true }} 3 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "services", "readonly": true }} 4 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "endpoints", "readonly": true }} 5 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"kubelet", "namespace": "*", "resource": "events"}} 6 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"linda", "namespace": "project1", "resource": "deployments", "apiGroup": "*", "readonly": true }} 7 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"linda", "namespace": "project1", "resource": "replicasets", "apiGroup": "*", "readonly": true }} 8 | {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user":"linda", "namespace": "project1", "resource": "pods", "apiGroup": "*", "readonly": true }} 9 | -------------------------------------------------------------------------------- /Chapter08/8-5_authorization/8-5-2_RBAC/8-5-2_role.yml: -------------------------------------------------------------------------------- 1 | kind: Role 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | metadata: 4 | namespace: project1 5 | name: devops-role 6 | rules: 7 | - apiGroups: ["", "extensions", "apps"] 8 | resources: 9 | - "deployments" 10 | - "replicasets" 11 | - "pods" 12 | verbs: ["*"] 13 | -------------------------------------------------------------------------------- /Chapter08/8-5_authorization/8-5-2_RBAC/8-5-2_rolebinding_user.yml: -------------------------------------------------------------------------------- 1 | kind: RoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | metadata: 4 | name: devops-role-binding 5 | namespace: project1 6 | subjects: 7 | - apiGroup: "" 8 | kind: User 9 | name: linda 10 | roleRef: 11 | apiGroup: "" 12 | kind: Role 13 | name: devops-role 14 | -------------------------------------------------------------------------------- /Chapter08/8-6_admission_controller/8-6_pod_node_selector.yml: -------------------------------------------------------------------------------- 1 | podNodeSelectorPluginConfig: 2 | clusterDefaultNodeSelector: 3 | namespace1: 4 | namespace2: 5 | -------------------------------------------------------------------------------- /Chapter08/8-6_admission_controller/8-6_pod_tolerations.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: pod-with-tolerations 5 | spec: 6 | containers: 7 | - name: web 8 | image: nginx 9 | tolerations: 10 | - key: "experimental" 11 | value: "true" 12 | operator: "Equal" 13 | effect: "NoExecute" 14 | -------------------------------------------------------------------------------- /Chapter09/add-record.json: -------------------------------------------------------------------------------- 1 | { 2 | "Comment": "add public subnet host", 3 | "Changes": [ 4 | { 5 | "Action": "UPSERT", 6 | "ResourceRecordSet": { 7 | "Name": "public.k8s-devops.net", 8 | "Type": "A", 9 | "TTL": 300, 10 | "ResourceRecords": [ 11 | { 12 | "Value": "54.227.197.56" 13 | } 14 | ] 15 | } 16 | } 17 | ] 18 | } 19 | -------------------------------------------------------------------------------- /Chapter09/change-to-elb.json: -------------------------------------------------------------------------------- 1 | { 2 | "Comment": "use CNAME to pointing to ELB", 3 | "Changes": [ 4 | { 5 | "Action": "DELETE", 6 | "ResourceRecordSet": { 7 | "Name": "public.k8s-devops.net", 8 | "Type": "A", 9 | "TTL": 300, 10 | "ResourceRecords": [ 11 | { 12 | "Value": "52.86.166.223" 13 | } 14 | ] 15 | } 16 | }, 17 | { 18 | "Action": "UPSERT", 19 | "ResourceRecordSet": { 20 | "Name": "public.k8s-devops.net", 21 | "Type": "CNAME", 22 | "TTL": 300, 23 | "ResourceRecords": [ 24 | { 25 | "Value": "public-elb-1779693260.us-east-1.elb.amazonaws.com" 26 | } 27 | ] 28 | } 29 | } 30 | ] 31 | } 32 | -------------------------------------------------------------------------------- /Chapter09/grafana.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: grafana 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: grafana 11 | spec: 12 | containers: 13 | - image: grafana/grafana 14 | name: grafana 15 | ports: 16 | - containerPort: 3000 17 | --- 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: grafana 22 | spec: 23 | ports: 24 | - port: 80 25 | targetPort: 3000 26 | type: LoadBalancer 27 | selector: 28 | run: grafana 29 | -------------------------------------------------------------------------------- /Chapter09/pvc-aws.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: pvc-aws-1 5 | spec: 6 | storageClassName: "default" 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 10Gi 12 | -------------------------------------------------------------------------------- /Chapter10/grafana.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: grafana 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: grafana 11 | spec: 12 | containers: 13 | - image: grafana/grafana 14 | name: grafana 15 | ports: 16 | - containerPort: 3000 17 | --- 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: grafana 22 | spec: 23 | ports: 24 | - port: 80 25 | targetPort: 3000 26 | type: LoadBalancer 27 | selector: 28 | run: grafana 29 | -------------------------------------------------------------------------------- /Chapter10/nginx-pod-selector.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | nodeSelector: 10 | beta.kubernetes.io/instance-type: f1-micro 11 | -------------------------------------------------------------------------------- /Chapter10/nginx-tomcat-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: nginx-tomcat-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | backend: 11 | serviceName: nginx 12 | servicePort: 80 13 | - path: /examples 14 | backend: 15 | serviceName: tomcat 16 | servicePort: 8080 17 | - path: /examples/* 18 | backend: 19 | serviceName: tomcat 20 | servicePort: 8080 21 | -------------------------------------------------------------------------------- /Chapter10/nginx.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: nginx 11 | spec: 12 | containers: 13 | - image: nginx 14 | name: nginx 15 | ports: 16 | - containerPort: 80 17 | --- 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: nginx 22 | spec: 23 | ports: 24 | - protocol: TCP 25 | port: 80 26 | type: NodePort 27 | selector: 28 | run: nginx 29 | -------------------------------------------------------------------------------- /Chapter10/pvc-gke.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: pvc-gke-1 5 | spec: 6 | storageClassName: "standard" 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 10Gi 12 | -------------------------------------------------------------------------------- /Chapter10/tomcat-pod-selector.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: tomcat 5 | spec: 6 | containers: 7 | - name: tomcat 8 | image: tomcat 9 | nodeSelector: 10 | beta.kubernetes.io/instance-type: g1-small 11 | -------------------------------------------------------------------------------- /Chapter10/tomcat.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: tomcat 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | run: tomcat 11 | spec: 12 | containers: 13 | - image: tomcat 14 | name: tomcat 15 | ports: 16 | - containerPort: 8080 17 | --- 18 | apiVersion: v1 19 | kind: Service 20 | metadata: 21 | name: tomcat 22 | spec: 23 | ports: 24 | - protocol: TCP 25 | port: 8080 26 | type: NodePort 27 | selector: 28 | run: tomcat 29 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Packt 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | # DevOps with Kubernetes 5 | This is the code repository for [DevOps with Kubernetes](https://www.packtpub.com/virtualization-and-cloud/devops-kubernetes?utm_source=github&utm_medium=repository&utm_campaign=9781788396646), published by [Packt](https://www.packtpub.com/?utm_source=github). It contains all the supporting project files necessary to work through the book from start to finish. 6 | ## About the Book 7 | Containerization is said to be the best way to implement DevOps. Google developed Kubernetes, which orchestrates containers efficiently and is considered the frontrunner in container orchestration. Kubernetes is an orchestrator that creates and manages your containers on clusters of servers. This book will guide you from simply deploying a container to administrate a Kubernetes cluster, and then you will learn how to do monitoring, logging, and continuous deployment in DevOps. The initial stages of the book will introduce the fundamental DevOps and the concept of containers. It will move on to how to containerize applications and deploy them into. The book will then introduce networks in Kubernetes. We then move on to advanced DevOps skills such as monitoring, logging, and continuous deployment in Kubernetes. It will proceed to introduce permission control for Kubernetes resources via attribute-based access control and role-based access control. The final stage of the book will cover deploying and managing your container clusters on the popular public cloud Amazon Web Services and Google Cloud Platform. At the end of the book, other orchestration frameworks, such as Docker Swarm mode, Amazon ECS, and Apache Mesos will be discussed. 8 | 9 | ## Instructions and Navigation 10 | All of the code is organized into folders. Each folder starts with a number followed by the application name. For example, Chapter02. 11 | 12 | 13 | 14 | The code will look like the following: 15 | ``` 16 | $ sudo yum -y -q install nginx 17 | $ sudo /etc/init.d/nginx start 18 | Starting nginx: 19 | ``` 20 | 21 | This book will guide you through the methodology of software development and delivery 22 | with Docker container and Kubernetes using macOS and public cloud (AWS and GCP). You 23 | will need to install minikube, AWSCLI, and the Cloud SDK to run the code samples present 24 | in this book. 25 | 26 | ## Related Products 27 | * [DevOps: Puppet, Docker, and Kubernetes](https://www.packtpub.com/virtualization-and-cloud/devops-puppet-docker-and-kubernetes?utm_source=github&utm_medium=repository&utm_campaign=9781788297615) 28 | 29 | * [Implementing DevOps with Ansible 2](https://www.packtpub.com/networking-and-servers/implementing-devops-ansible-2?utm_source=github&utm_medium=repository&utm_campaign=9781787120532) 30 | 31 | * [DevOps with Windows Server 2016](https://www.packtpub.com/networking-and-servers/devops-windows-server-2016?utm_source=github&utm_medium=repository&utm_campaign=9781786468550) 32 | ### Download a free PDF 33 | 34 | If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.
Simply click on the link to download a free PDF copy of this book. 35 |

https://packt.link/free-ebook/9781788396646

--------------------------------------------------------------------------------