├── docker ├── laravel-container │ ├── build │ │ ├── backend │ │ │ ├── README.md │ │ │ ├── public │ │ │ │ ├── favicon.ico │ │ │ │ ├── robots.txt │ │ │ │ ├── .htaccess │ │ │ │ ├── web.config │ │ │ │ └── index.php │ │ │ ├── resources │ │ │ │ ├── css │ │ │ │ │ └── app.css │ │ │ │ ├── js │ │ │ │ │ ├── app.js │ │ │ │ │ └── bootstrap.js │ │ │ │ └── lang │ │ │ │ │ └── en │ │ │ │ │ ├── pagination.php │ │ │ │ │ ├── auth.php │ │ │ │ │ └── passwords.php │ │ │ ├── database │ │ │ │ ├── .gitignore │ │ │ │ ├── seeders │ │ │ │ │ └── DatabaseSeeder.php │ │ │ │ ├── migrations │ │ │ │ │ ├── 2014_10_12_100000_create_password_resets_table.php │ │ │ │ │ ├── 2014_10_12_000000_create_users_table.php │ │ │ │ │ └── 2019_08_19_000000_create_failed_jobs_table.php │ │ │ │ └── factories │ │ │ │ │ └── UserFactory.php │ │ │ ├── storage │ │ │ │ ├── logs │ │ │ │ │ └── .gitignore │ │ │ │ ├── app │ │ │ │ │ ├── .gitignore │ │ │ │ │ └── public │ │ │ │ │ │ └── .gitignore │ │ │ │ └── framework │ │ │ │ │ ├── sessions │ │ │ │ │ └── .gitignore │ │ │ │ │ ├── testing │ │ │ │ │ └── .gitignore │ │ │ │ │ ├── views │ │ │ │ │ └── .gitignore │ │ │ │ │ ├── cache │ │ │ │ │ ├── .gitignore │ │ │ │ │ └── data │ │ │ │ │ │ └── .gitignore │ │ │ │ │ └── .gitignore │ │ │ ├── bootstrap │ │ │ │ ├── cache │ │ │ │ │ └── .gitignore │ │ │ │ └── app.php │ │ │ ├── .gitattributes │ │ │ ├── .runtime │ │ │ │ ├── livenessprobe.sh │ │ │ │ └── takeover.sh │ │ │ ├── .gitignore │ │ │ ├── tests │ │ │ │ ├── TestCase.php │ │ │ │ ├── Unit │ │ │ │ │ └── ExampleTest.php │ │ │ │ ├── Feature │ │ │ │ │ └── ExampleTest.php │ │ │ │ └── CreatesApplication.php │ │ │ ├── .styleci.yml │ │ │ ├── .editorconfig │ │ │ ├── app │ │ │ │ ├── Http │ │ │ │ │ ├── Middleware │ │ │ │ │ │ ├── EncryptCookies.php │ │ │ │ │ │ ├── VerifyCsrfToken.php │ │ │ │ │ │ ├── TrimStrings.php │ │ │ │ │ │ ├── TrustHosts.php │ │ │ │ │ │ ├── PreventRequestsDuringMaintenance.php │ │ │ │ │ │ ├── TrustProxies.php │ │ │ │ │ │ ├── Authenticate.php │ │ │ │ │ │ └── RedirectIfAuthenticated.php │ │ │ │ │ ├── Controllers │ │ │ │ │ │ └── Controller.php │ │ │ │ │ └── Kernel.php │ │ │ │ ├── Providers │ │ │ │ │ ├── BroadcastServiceProvider.php │ │ │ │ │ ├── AppServiceProvider.php │ │ │ │ │ ├── AuthServiceProvider.php │ │ │ │ │ ├── EventServiceProvider.php │ │ │ │ │ └── RouteServiceProvider.php │ │ │ │ ├── Exceptions │ │ │ │ │ └── Handler.php │ │ │ │ ├── Console │ │ │ │ │ └── Kernel.php │ │ │ │ └── Models │ │ │ │ │ └── User.php │ │ │ ├── routes │ │ │ │ ├── web.php │ │ │ │ ├── channels.php │ │ │ │ ├── api.php │ │ │ │ └── console.php │ │ │ ├── webpack.mix.js │ │ │ ├── server.php │ │ │ ├── .gitlab-ci.yml │ │ │ ├── config │ │ │ │ ├── cors.php │ │ │ │ ├── services.php │ │ │ │ ├── view.php │ │ │ │ ├── hashing.php │ │ │ │ ├── broadcasting.php │ │ │ │ ├── filesystems.php │ │ │ │ ├── queue.php │ │ │ │ ├── logging.php │ │ │ │ ├── cache.php │ │ │ │ ├── mail.php │ │ │ │ └── auth.php │ │ │ ├── .env.example │ │ │ ├── package.json │ │ │ ├── phpunit.xml │ │ │ ├── composer.json │ │ │ ├── artisan │ │ │ └── Dockerfile │ │ └── frontend │ │ │ ├── docker-files │ │ │ ├── init.sh │ │ │ └── nginx.conf │ │ │ └── Dockerfile │ ├── README.md │ ├── docker-compose.yaml │ └── Dockerfile ├── gitlab-ci │ ├── Dockerfile │ ├── header.png │ ├── .gitlab-ci.yml │ └── index.html ├── rabbitmq │ ├── enable_plugins │ └── docker-compose.yaml ├── prometheus-grafana │ ├── grafana │ │ └── docker-compose.yaml │ ├── redis │ │ └── docker-compose.yaml │ ├── prometheus │ │ ├── prometheus.yml │ │ └── docker-compose.yaml │ └── redis-exporter │ │ └── docker-compose.yaml ├── ddclient │ ├── docker-compose.yaml │ └── ddclient.conf ├── lets-haproxy │ ├── docker-compose-01.yaml │ ├── haproxy.cfg │ └── docker-compose-02.yaml ├── nginx-proxy-manager │ └── docker-compose.yaml ├── keycloak │ └── docker-compose.yaml ├── minecraft │ └── docker-compose.yaml ├── netdata │ └── docker-compose.yaml └── bitwardenrs │ ├── haproxy.cfg │ └── docker-compose.yaml ├── kubernetes ├── keda │ ├── 001-dummy-redis │ │ ├── values.yaml │ │ └── Chart.yaml │ ├── 000-operator │ │ ├── values.yaml │ │ └── Chart.yaml │ ├── 002-dummy-deployment │ │ ├── triggerAuthentication-redis-queue-scale.yaml │ │ ├── kustomization.yaml │ │ ├── deployment-dummy-deployment.yaml │ │ └── scaleObject-redis-queue-scale.yaml │ └── README.md ├── nats-broker │ ├── namespace.yaml │ ├── overlays │ │ └── deploymentCluster.yaml │ ├── natsCluster.yaml │ ├── kustomization.yaml │ └── README.md ├── juicefs │ ├── 02-application │ │ ├── namespace.yaml │ │ ├── kustomization.yaml │ │ ├── pvc.yaml │ │ └── deployment.yaml │ ├── 00-metadata-server │ │ ├── Chart.yaml │ │ └── values.yaml │ ├── 01-csi-driver │ │ ├── Chart.yaml │ │ └── values.yaml │ └── README.md ├── concepts-rbac │ ├── application-a │ │ ├── namespace.yaml │ │ ├── serviceaccount-automata.yaml │ │ ├── serviceaccount-developers.yaml │ │ ├── role-automation.yaml │ │ ├── kustomization.yaml │ │ ├── rolebinding-automata.yaml │ │ ├── rolebinding-developers.yaml │ │ └── role-developer.yaml │ └── README.md ├── logs-loki-fluentd-grafana │ ├── 001-loki │ │ ├── 000-loki-namespace.yaml │ │ ├── 002-loki-configmap.yaml │ │ ├── README.md │ │ ├── kustomization.yaml │ │ ├── 005-loki-persistentvolumeclaim.yaml │ │ ├── 001-loki-secrets.yaml │ │ ├── 003-loki-service.yaml │ │ ├── 000-loki-local-config-yaml.yaml │ │ └── 004-loki-deployment.yaml │ ├── 002-fluentd-loki │ │ ├── 000-fluentd-namespace.yaml │ │ ├── README.md │ │ ├── 000-fluentd-serviceaccount.yaml │ │ ├── 001-fluentd-clusterrole.yaml │ │ ├── kustomization.yaml │ │ ├── 002-fluentd-clusterrolebinding.yaml │ │ ├── 003-fluentd-daemonset.yaml │ │ └── 004-fluentd-config.yaml │ ├── 000-grafana │ │ ├── kustomization.yaml │ │ ├── README.md │ │ ├── 003-grafana-service.yaml │ │ └── 004-grafana-deployment.yaml │ ├── 003-log-it │ │ ├── README.md │ │ ├── kustomization.yaml │ │ ├── 002-log-it-configmap.yaml │ │ ├── 004-log-it-service.yaml │ │ └── 005-log-it-deployment.yaml │ └── 004-hello-kubernetes │ │ └── 001-hello-kubernetes.yaml ├── kuberbac │ ├── 000-operator │ │ ├── values.yaml │ │ └── Chart.yaml │ ├── 001-dummy-extras │ │ ├── kustomization.yaml │ │ ├── dynamic-role-binding-cluster.yaml │ │ ├── dynamic-role-binding-namespaced.yaml │ │ └── dynamic-cluster-role.yaml │ └── README.md ├── prometheus-operator │ ├── prometheus │ │ ├── rbac │ │ │ ├── 003-prometheus-service-account.yaml │ │ │ ├── 002-prometheus-cluster-role-binding.yaml │ │ │ ├── 000-prometheus.yaml │ │ │ └── 001-prometheus-cluster-role.yaml │ │ ├── 001-prometheus-service.yaml │ │ ├── 000-prometheus-service-monitor.yaml │ │ └── kustomization.yaml │ ├── example-app │ │ ├── kustomization.yaml │ │ ├── 001-example-app-service.yaml │ │ ├── 000-example-app-deployment.yaml │ │ └── 002-example-app-service-monitor.yaml │ ├── example-app-2 │ │ ├── kustomization.yaml │ │ ├── 001-example-app-2-service.yaml │ │ ├── 000-example-app-2-deployment.yaml │ │ └── 002-example-app-2-service-monitor.yaml │ └── README.md ├── replika-operator │ ├── configMap-sample-configmap.yaml │ ├── clusterRole-replika-custom-resources.yaml │ ├── clusterRoleBinding-replika-custom-resources.yaml │ ├── kustomization.yaml │ └── replika-sample-configmap.yaml ├── crossplane │ ├── 000-operator │ │ ├── values.yaml │ │ └── Chart.yaml │ ├── 001-provider │ │ ├── provider-aws.yaml │ │ └── kustomization.yaml │ ├── 003-resources │ │ ├── kustomization.yaml │ │ └── bucket.yaml │ ├── 002-provider-config │ │ ├── kustomization.yaml │ │ ├── secret-aws-account-creds.yaml │ │ └── providerConfig-aws-config.yaml │ └── README.md ├── kaniko │ ├── kustomization.yaml │ ├── secret.yaml │ ├── README.md │ └── pod.yaml ├── gateway-api-istio │ ├── 003-gateway-api-extra │ │ ├── kustomization.yaml │ │ ├── httproute-redirect.yaml │ │ ├── httproute-plain.yaml │ │ └── gateway.yaml │ ├── 000-gateway-api-crds │ │ ├── v1.0.0 │ │ │ └── kustomization.yaml │ │ ├── v1.1.0 │ │ │ └── kustomization.yaml │ │ └── v1.2.1 │ │ │ └── kustomization.yaml │ ├── 001-istio-crds │ │ ├── values.yaml │ │ └── Chart.yaml │ ├── 002-istio-control-plane │ │ ├── Chart.yaml │ │ ├── values.yaml │ │ └── values-production.yaml │ └── README.md ├── reforma-operator │ ├── crs │ │ ├── kustomization.yaml │ │ ├── configMap-cluster-info.yaml │ │ ├── serviceAccount-external-dns.yaml │ │ └── patch-external-dns-sa.yaml │ └── operator │ │ ├── clusterRole-reforma-custom-resources.yaml │ │ ├── clusterRoleBinding-reforma-custom-resources.yaml │ │ └── kustomization.yaml ├── external-secrets │ ├── external-secrets │ │ ├── kustomization.yaml │ │ ├── secret.yaml │ │ ├── clusterSecretStore.yaml │ │ ├── externalSecret-basic.yaml │ │ └── externalSecret-docker.yaml │ ├── hashicorp-vault │ │ └── values.yaml │ └── README.md ├── concepts-deployments │ ├── 001-hello-service.yaml │ └── 002-hello-deployment.yaml ├── rabbitmq-cluster │ ├── 001-rabbitmqcluster.yaml │ ├── 002-rabbitmqcluster-ingress.yaml │ └── README.md └── concepts-services │ └── 001-hello-kubernetes.yaml ├── ansible └── install-docker-host │ ├── inventory │ ├── README.md │ ├── playbook-ubuntu-arm64.yml │ └── playbook-ubuntu-x64.yml └── README.md /docker/laravel-container/build/backend/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/public/favicon.ico: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kubernetes/keda/001-dummy-redis/values.yaml: -------------------------------------------------------------------------------- 1 | redis: {} 2 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/resources/css/app.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docker/gitlab-ci/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx 2 | COPY . /usr/share/nginx/html -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/public/robots.txt: -------------------------------------------------------------------------------- 1 | User-agent: * 2 | Disallow: 3 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/resources/js/app.js: -------------------------------------------------------------------------------- 1 | require('./bootstrap'); 2 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/database/.gitignore: -------------------------------------------------------------------------------- 1 | *.sqlite 2 | *.sqlite-journal 3 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/storage/logs/.gitignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/bootstrap/cache/.gitignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/storage/app/.gitignore: -------------------------------------------------------------------------------- 1 | public 2 | !public/ 3 | !.gitignore 4 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/storage/app/public/.gitignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /docker/gitlab-ci/header.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/achetronic/youtube/HEAD/docker/gitlab-ci/header.png -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/storage/framework/sessions/.gitignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/storage/framework/testing/.gitignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/storage/framework/views/.gitignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/storage/framework/cache/.gitignore: -------------------------------------------------------------------------------- 1 | data 2 | !data/ 3 | !.gitignore 4 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/storage/framework/cache/data/.gitignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | !.gitignore 3 | -------------------------------------------------------------------------------- /kubernetes/nats-broker/namespace.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | metadata: 4 | name: nats-io 5 | -------------------------------------------------------------------------------- /kubernetes/juicefs/02-application/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: default -------------------------------------------------------------------------------- /kubernetes/keda/000-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Ref: https://github.com/kedacore/charts/blob/main/keda/values.yaml 2 | 3 | keda: {} 4 | -------------------------------------------------------------------------------- /kubernetes/concepts-rbac/application-a/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: application-a 5 | 6 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/001-loki/000-loki-namespace.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | metadata: 4 | name: kube-logging -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/002-fluentd-loki/000-fluentd-namespace.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | metadata: 4 | name: kube-logging -------------------------------------------------------------------------------- /kubernetes/kuberbac/000-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Ref: https://github.com/prosimcorp/helm-charts/blob/main/charts/kuberbac/values.yaml 2 | 3 | kuberbac: {} 4 | -------------------------------------------------------------------------------- /kubernetes/prometheus-operator/prometheus/rbac/003-prometheus-service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: prometheus 5 | -------------------------------------------------------------------------------- /docker/rabbitmq/enable_plugins: -------------------------------------------------------------------------------- 1 | [rabbitmq_shovel,rabbitmq_federation_management,rabbitmq_management,rabbitmq_mqtt,rabbitmq_web_mqtt,rabbitmq_stomp,rabbitmq_web_stomp]. -------------------------------------------------------------------------------- /kubernetes/replika-operator/configMap-sample-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: sample-configmap 5 | data: 6 | example-key: value -------------------------------------------------------------------------------- /kubernetes/crossplane/000-operator/values.yaml: -------------------------------------------------------------------------------- 1 | # Ref: https://github.com/crossplane/crossplane/blob/master/cluster/charts/crossplane/values.yaml.tmpl 2 | 3 | crossplane: {} 4 | -------------------------------------------------------------------------------- /kubernetes/nats-broker/overlays/deploymentCluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - op: add 3 | path: /spec/template/spec/containers/0/args/- 4 | value: --feature-gates=ClusterScoped=true 5 | -------------------------------------------------------------------------------- /kubernetes/concepts-rbac/application-a/serviceaccount-automata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: automata 5 | namespace: application-a 6 | 7 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto 2 | *.css linguist-vendored 3 | *.scss linguist-vendored 4 | *.js linguist-vendored 5 | CHANGELOG.md export-ignore 6 | -------------------------------------------------------------------------------- /kubernetes/concepts-rbac/application-a/serviceaccount-developers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: developers 5 | namespace: application-a 6 | 7 | -------------------------------------------------------------------------------- /kubernetes/crossplane/001-provider/provider-aws.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: pkg.crossplane.io/v1 2 | kind: Provider 3 | metadata: 4 | name: aws 5 | spec: 6 | package: crossplane/provider-aws:v0.32.0 -------------------------------------------------------------------------------- /kubernetes/crossplane/003-resources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: crossplane 5 | 6 | resources: 7 | - bucket.yaml -------------------------------------------------------------------------------- /kubernetes/kaniko/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: default 4 | 5 | resources: 6 | - secret.yaml 7 | - pod.yaml 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/nats-broker/natsCluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: nats.io/v1alpha2 2 | kind: NatsCluster 3 | metadata: 4 | name: service-nats-cluster 5 | spec: 6 | size: 3 7 | version: "1.3.0" 8 | 9 | -------------------------------------------------------------------------------- /kubernetes/crossplane/001-provider/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: crossplane 5 | 6 | resources: 7 | - provider-aws.yaml -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/002-fluentd-loki/README.md: -------------------------------------------------------------------------------- 1 | ### Steps to deploy Fluentd to send logs to Loki 2 | 1. Apply all manifests in order using Kustomize 3 | ``` 4 | kubectl apply -k . 5 | ``` 6 | 7 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/.runtime/livenessprobe.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | if [ $(ps -ef | grep -v grep | grep 'php /app/artisan queue2db:consume' | wc -l) -lt 1 ]; then 3 | exit 1 4 | else 5 | exit 0 6 | fi -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/000-grafana/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - 003-grafana-service.yaml 6 | - 004-grafana-deployment.yaml -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/002-fluentd-loki/000-fluentd-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: fluentd 5 | namespace: kube-logging 6 | labels: 7 | app: fluentd -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/storage/framework/.gitignore: -------------------------------------------------------------------------------- 1 | compiled.php 2 | config.php 3 | down 4 | events.scanned.php 5 | maintenance.php 6 | routes.php 7 | routes.scanned.php 8 | schedule-* 9 | services.json 10 | -------------------------------------------------------------------------------- /docker/prometheus-grafana/grafana/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | grafana: 4 | image: grafana/grafana 5 | container_name: grafana 6 | ports: 7 | - 3000:3000 8 | restart: unless-stopped -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/.runtime/takeover.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | pkill -f "php /app/artisan queue2db:consume" 3 | nohup php /app/artisan queue2db:consume &>/dev/null & 4 | echo "sh /app/runtime/takeover.sh" | at now + 1 hour 5 | -------------------------------------------------------------------------------- /kubernetes/juicefs/00-metadata-server/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: meta-redis-cluster 3 | version: 0.1.0 4 | dependencies: 5 | - name: redis-cluster 6 | version: 12.0.0 7 | repository: https://charts.bitnami.com/bitnami -------------------------------------------------------------------------------- /docker/laravel-container/build/frontend/docker-files/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Starting Nginx 4 | service nginx start 5 | 6 | # Change to a low permissions user 7 | # su www-data 8 | 9 | # Executing bash 10 | /bin/bash 11 | -------------------------------------------------------------------------------- /kubernetes/gateway-api-istio/003-gateway-api-extra/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - gateway.yaml 6 | - httproute-plain.yaml 7 | - httproute-redirect.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/juicefs/01-csi-driver/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: meta-juicefs-csi-driver 3 | version: 0.1.0 4 | dependencies: 5 | - name: juicefs-csi-driver 6 | version: 0.23.1 7 | repository: https://juicedata.github.io/charts/ -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/003-log-it/README.md: -------------------------------------------------------------------------------- 1 | ## Steps to deploy 2 | 1. Apply all YAML files in order and wait 3 | 2. Port forward to the 80 port and do a cURL to the /healtzh endpoint 4 | 3. View the console and you should have logs -------------------------------------------------------------------------------- /kubernetes/juicefs/02-application/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: application 5 | 6 | resources: 7 | - namespace.yaml 8 | - pvc.yaml 9 | - deployment.yaml 10 | -------------------------------------------------------------------------------- /kubernetes/crossplane/002-provider-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: crossplane 5 | 6 | resources: 7 | - secret-aws-account-creds.yaml 8 | - providerConfig-aws-config.yaml -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/000-grafana/README.md: -------------------------------------------------------------------------------- 1 | # Deployment for grafana 2 | 3 | ## Steps 4 | 1. Apply all YAML files using Kustomize 5 | ``` 6 | kubectl apply -k . 7 | ``` 8 | 2. kubectl port-forward service/grafana-service 80:80 9 | -------------------------------------------------------------------------------- /kubernetes/reforma-operator/crs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - serviceAccount-external-dns.yaml 6 | - configMap-cluster-info.yaml 7 | - patch-external-dns-sa.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/003-log-it/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - 002-log-it-configmap.yaml 6 | - 004-log-it-service.yaml 7 | - 005-log-it-deployment.yaml 8 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/001-loki/002-loki-configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: loki-config 6 | namespace: kube-logging 7 | data: 8 | # Application data 9 | # APP_NAME: "thesolicitor" 10 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/.gitignore: -------------------------------------------------------------------------------- 1 | /node_modules 2 | /public/hot 3 | /public/storage 4 | /storage/*.key 5 | /vendor 6 | .env 7 | .env.backup 8 | .phpunit.result.cache 9 | Homestead.json 10 | Homestead.yaml 11 | npm-debug.log 12 | yarn-error.log 13 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/tests/TestCase.php: -------------------------------------------------------------------------------- 1 | assertTrue(true); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /kubernetes/concepts-rbac/application-a/rolebinding-automata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: automation-automata 5 | namespace: application-a 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: automation 10 | subjects: 11 | - kind: ServiceAccount 12 | name: automata 13 | namespace: application-a 14 | 15 | -------------------------------------------------------------------------------- /kubernetes/concepts-rbac/application-a/rolebinding-developers.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: developer-developers 5 | namespace: application-a 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: developer 10 | subjects: 11 | - kind: ServiceAccount 12 | name: developers 13 | namespace: application-a 14 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/001-loki/001-loki-secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: loki-secrets 6 | namespace: kube-logging 7 | 8 | stringData: 9 | # Application secrets 10 | # APP_KEY: "base64:ZMhMvYF89tKl6nUMwVHo6CCsPNg676OJBA2TJ2Yz7TY=" 11 | 12 | #data 13 | #SOME_PASSWORD: "C5&hwg5cGQMMv@2Kicb$xRY@VYrgZXKTiw3izv%6dZ@5R*&cbUS%yvzEu*svfaY$" 14 | -------------------------------------------------------------------------------- /kubernetes/reforma-operator/operator/clusterRoleBinding-reforma-custom-resources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: reforma-custom-resources 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: reforma-custom-resources 9 | subjects: 10 | - kind: ServiceAccount 11 | name: reforma-controller-manager -------------------------------------------------------------------------------- /kubernetes/prometheus-operator/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | # - rbac/000-prometheus.yaml 6 | - rbac/001-prometheus-cluster-role.yaml 7 | - rbac/002-prometheus-cluster-role-binding.yaml 8 | - rbac/003-prometheus-service-account.yaml 9 | - 000-prometheus-service-monitor.yaml 10 | - 001-prometheus-service.yaml -------------------------------------------------------------------------------- /docker/prometheus-grafana/prometheus/prometheus.yml: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 15s 3 | evaluation_interval: 15s 4 | 5 | rule_files: 6 | # - "first.rules" 7 | # - "second.rules" 8 | 9 | scrape_configs: 10 | - job_name: prometheus 11 | static_configs: 12 | - targets: ['localhost:9090'] 13 | - job_name: redis-exporter 14 | static_configs: 15 | - targets: ['redis-exporter:9121'] -------------------------------------------------------------------------------- /kubernetes/crossplane/003-resources/bucket.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: s3.aws.crossplane.io/v1beta1 2 | kind: Bucket 3 | metadata: 4 | name: madnesscorp-amazing-app 5 | spec: 6 | deletionPolicy: Orphan 7 | providerConfigRef: 8 | name: aws-config 9 | forProvider: 10 | acl: private 11 | locationConstraint: us-east-1 12 | tagging: 13 | tagSet: 14 | - key: CreatedBy 15 | value: Crossplane -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/001-loki/003-loki-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: loki-service 6 | namespace: kube-logging 7 | labels: 8 | app: loki 9 | spec: 10 | # ClusterIP | LoadBalancer 11 | type: ClusterIP 12 | ports: 13 | - name: loki 14 | protocol: TCP 15 | port: 3100 16 | targetPort: 3100 17 | selector: 18 | app: loki -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/003-log-it/004-log-it-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: log-it-service 6 | namespace: default 7 | labels: 8 | app: log-it 9 | spec: 10 | # ClusterIP | LoadBalancer 11 | type: ClusterIP 12 | ports: 13 | - name: http 14 | protocol: TCP 15 | port: 80 16 | targetPort: 80 17 | selector: 18 | app: log-it -------------------------------------------------------------------------------- /kubernetes/kaniko/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: docker-hub 5 | type: kubernetes.io/dockerconfigjson 6 | 7 | data: 8 | .dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJhY2hldHJvbmljIiwicGFzc3dvcmQiOiJlMzk0ZjdjNy1iNmFjLTQwZGYtODAzYS02M2ExNGRkYjFiNjUiLCJhdXRoIjoiWVdOb1pYUnliMjVwWXpwbE16azBaamRqTnkxaU5tRmpMVFF3WkdZdE9EQXpZUzAyTTJFeE5HUmtZakZpTmpVPSJ9fX0= 9 | -------------------------------------------------------------------------------- /kubernetes/replika-operator/clusterRole-replika-custom-resources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: replika-custom-resources 5 | rules: 6 | - apiGroups: 7 | - '*' 8 | resources: 9 | - '*' 10 | verbs: 11 | - create 12 | - delete 13 | - get 14 | - list 15 | - patch 16 | - update 17 | - watch -------------------------------------------------------------------------------- /kubernetes/replika-operator/clusterRoleBinding-replika-custom-resources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: replika-custom-resources 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: replika-custom-resources 9 | subjects: 10 | - kind: ServiceAccount 11 | name: replika-controller-manager 12 | namespace: replika -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Http/Middleware/EncryptCookies.php: -------------------------------------------------------------------------------- 1 | get('/'); 18 | 19 | $response->assertStatus(200); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Http/Middleware/TrustHosts.php: -------------------------------------------------------------------------------- 1 | allSubdomainsOfApplicationUrl(), 18 | ]; 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Http/Middleware/PreventRequestsDuringMaintenance.php: -------------------------------------------------------------------------------- 1 | create(); 17 | // $this->call([ 18 | // YourSeeder::class, 19 | // ]); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /kubernetes/prometheus-operator/example-app/000-example-app-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: example-app 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: example-app 10 | template: 11 | metadata: 12 | labels: 13 | app: example-app 14 | spec: 15 | containers: 16 | - name: example-app 17 | image: fabxc/instrumented_app 18 | ports: 19 | - name: web 20 | containerPort: 8080 21 | -------------------------------------------------------------------------------- /kubernetes/prometheus-operator/example-app-2/000-example-app-2-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: example-app-2 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: example-app-2 10 | template: 11 | metadata: 12 | labels: 13 | app: example-app-2 14 | spec: 15 | containers: 16 | - name: example-app-2 17 | image: fabxc/instrumented_app 18 | ports: 19 | - name: web 20 | containerPort: 8080 21 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/tests/CreatesApplication.php: -------------------------------------------------------------------------------- 1 | make(Kernel::class)->bootstrap(); 19 | 20 | return $app; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /kubernetes/concepts-rbac/application-a/role-developer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | namespace: application-a 5 | name: developer 6 | rules: 7 | - apiGroups: [""] 8 | resources: ["services"] 9 | verbs: ["get", "watch", "list", "describe"] 10 | 11 | - apiGroups: [""] 12 | resources: ["deployments"] 13 | verbs: ["get", "watch", "list", "describe"] 14 | 15 | - apiGroups: [""] 16 | resources: ["pods"] 17 | verbs: ["get", "watch", "list", "describe", "exec", "attach", "logs"] 18 | -------------------------------------------------------------------------------- /kubernetes/external-secrets/hashicorp-vault/values.yaml: -------------------------------------------------------------------------------- 1 | # Agent that is able to inject credentials by volumes or env vars 2 | # Disabled to be Kubernetes Secret pattern compilant 3 | injector: 4 | enabled: false 5 | 6 | # Enable development mode to set the Vault token to "root" 7 | # This is obviously not recommended on production, just to test 8 | server: 9 | dev: 10 | enabled: true 11 | 12 | # Set VAULT_DEV_ROOT_TOKEN_ID value 13 | devRootToken: "root" 14 | 15 | # Enables debug logging. 16 | debug: false 17 | 18 | -------------------------------------------------------------------------------- /kubernetes/nats-broker/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: nats-io 4 | 5 | resources: 6 | - namespace.yaml 7 | - https://github.com/nats-io/nats-operator/releases/latest/download/00-prereqs.yaml 8 | - https://github.com/nats-io/nats-operator/releases/latest/download/10-deployment.yaml 9 | 10 | patchesJson6902: 11 | - path: overlays/deploymentCluster.yaml 12 | target: 13 | group: apps 14 | version: v1 15 | kind: Deployment 16 | name: nats-operator 17 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Providers/BroadcastServiceProvider.php: -------------------------------------------------------------------------------- 1 | expectsJson()) { 18 | return route('login'); 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /kubernetes/kaniko/README.md: -------------------------------------------------------------------------------- 1 | ### Description 2 | These manifests create a pod with Kaniko that downloads a Git repository and builds its image. 3 | After building, push it to a Docker Hub repository 4 | 5 | 6 | ### Steps 7 | 1. Create a Secret with Docker credentials to be authenticated into Docker Hub 8 | ``` 9 | kubectl create secret docker-registry docker-hub --docker-server=https://index.docker.io/v1/ --docker-username= --docker-password= 10 | ``` 11 | 12 | 2. Apply the Kustomization 13 | ``` 14 | kubectl apply -k . 15 | ``` 16 | 17 | 3. See the magic happening 18 | ``` 19 | kubectl logs -f kaniko 20 | ``` 21 | -------------------------------------------------------------------------------- /kubernetes/concepts-rbac/README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | This folder contains the manifests to create some ServiceAccount resources with some Role resources binded giving the accounts some permissions inside the cluster 3 | 4 | # How to do it 5 | 1. You have to apply all manifests step by step 6 | 7 | ``` 8 | cd application-a 9 | 10 | kubectl apply -k . 11 | ``` 12 | 13 | 2. Check if a ServiceAccount can do some tasks 14 | ``` 15 | kubectl auth can-i --as system:serviceaccount:application-a:automata get pods -n application-a 16 | 17 | kubectl auth can-i --as system:serviceaccount:application-a:automata get secrets -n application-a 18 | ``` -------------------------------------------------------------------------------- /kubernetes/prometheus-operator/prometheus/rbac/001-prometheus-cluster-role.yaml: -------------------------------------------------------------------------------- 1 | # apiVersion: rbac.authorization.k8s.io/v1beta1 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: prometheus 6 | rules: 7 | - apiGroups: [""] 8 | resources: 9 | - nodes 10 | - nodes/metrics 11 | - services 12 | - endpoints 13 | - pods 14 | verbs: ["get", "list", "watch"] 15 | - apiGroups: [""] 16 | resources: 17 | - configmaps 18 | verbs: ["get"] 19 | - apiGroups: 20 | - networking.k8s.io 21 | resources: 22 | - ingresses 23 | verbs: ["get", "list", "watch"] 24 | - nonResourceURLs: ["/metrics"] 25 | verbs: ["get"] 26 | -------------------------------------------------------------------------------- /kubernetes/rabbitmq-cluster/001-rabbitmqcluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rabbitmq.com/v1beta1 3 | kind: RabbitmqCluster 4 | metadata: 5 | name: rabbitmqcluster 6 | spec: 7 | image: rabbitmq:3.8.9-management 8 | replicas: 3 9 | service: 10 | type: LoadBalancer # ClusterIP | LoadBalancer 11 | resources: 12 | requests: 13 | # cpu: 3000m 14 | memory: 512Mi 15 | # limits: 16 | # cpu: 1000m 17 | # memory: 2Gi 18 | rabbitmq: 19 | additionalPlugins: 20 | - rabbitmq_top 21 | - rabbitmq_shovel 22 | # tls: 23 | # secretName: rabbitmq-server-certs 24 | # caSecretName: rabbitmq-ca-cert 25 | # caCertName: ca.crt -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/webpack.mix.js: -------------------------------------------------------------------------------- 1 | const mix = require('laravel-mix'); 2 | 3 | /* 4 | |-------------------------------------------------------------------------- 5 | | Mix Asset Management 6 | |-------------------------------------------------------------------------- 7 | | 8 | | Mix provides a clean, fluent API for defining some Webpack build steps 9 | | for your Laravel applications. By default, we are compiling the CSS 10 | | file for the application as well as bundling up all the JS files. 11 | | 12 | */ 13 | 14 | mix.js('resources/js/app.js', 'public/js') 15 | .postCss('resources/css/app.css', 'public/css', [ 16 | // 17 | ]); 18 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/resources/lang/en/pagination.php: -------------------------------------------------------------------------------- 1 | '« Previous', 17 | 'next' => 'Next »', 18 | 19 | ]; 20 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/routes/channels.php: -------------------------------------------------------------------------------- 1 | id === (int) $id; 18 | }); 19 | -------------------------------------------------------------------------------- /docker/laravel-container/build/frontend/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:buster-slim 2 | 3 | 4 | 5 | #### NGINX OPERATIONS 6 | # Installing system packages 7 | RUN apt-get update && apt-get install -y \ 8 | nano \ 9 | lsb-base \ 10 | nginx-light 11 | 12 | # Reconfiguring the server 13 | RUN rm /etc/nginx/sites-enabled/default 14 | COPY docker-files/nginx.conf /etc/nginx/sites-enabled/nginx.conf 15 | 16 | # Building canonical public folder 17 | RUN rm -rf /var/www/html 18 | RUN mkdir -p /var/www/public 19 | 20 | 21 | 22 | #### FINAL OPERATIONS 23 | COPY docker-files/init.sh /init.sh 24 | RUN chown root:root /init.sh 25 | RUN chmod +x /init.sh 26 | EXPOSE 80 443 27 | CMD /init.sh 28 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/routes/api.php: -------------------------------------------------------------------------------- 1 | get('/user', function (Request $request) { 18 | return $request->user(); 19 | }); 20 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/server.php: -------------------------------------------------------------------------------- 1 | 8 | */ 9 | 10 | $uri = urldecode( 11 | parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) 12 | ); 13 | 14 | // This file allows us to emulate Apache's "mod_rewrite" functionality from the 15 | // built-in PHP web server. This provides a convenient way to test a Laravel 16 | // application without having installed a "real" web server software here. 17 | if ($uri !== '/' && file_exists(__DIR__.'/public'.$uri)) { 18 | return false; 19 | } 20 | 21 | require_once __DIR__.'/public/index.php'; 22 | -------------------------------------------------------------------------------- /kubernetes/gateway-api-istio/003-gateway-api-extra/httproute-redirect.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: gateway.networking.k8s.io/v1 2 | kind: HTTPRoute 3 | metadata: 4 | name: route-redirect-to-https 5 | namespace: application 6 | spec: 7 | parentRefs: 8 | - group: gateway.networking.k8s.io 9 | kind: Gateway 10 | name: production 11 | namespace: istio-system 12 | sectionName: http 13 | 14 | hostnames: 15 | - example.com 16 | 17 | rules: 18 | - filters: 19 | - requestRedirect: 20 | scheme: https 21 | statusCode: 301 22 | type: RequestRedirect 23 | matches: 24 | - path: 25 | type: PathPrefix 26 | value: / 27 | -------------------------------------------------------------------------------- /ansible/install-docker-host/README.md: -------------------------------------------------------------------------------- 1 | ### Install Ansible 2 | 3 | The Ansible software is installed on the client side and manages the "Managed Nodes" or "Hosts". 4 | For installing it, execute the following: 5 | 6 | ``` 7 | sudo su 8 | apt update 9 | apt install ansible 10 | ``` 11 | 12 | ### Configure the global inventory 13 | 14 | The inventory is the list of managed servers by Ansible. They can be grouped with an alias or treated individually. 15 | The file is on /etc/ansible/hosts however you can use individual inventory files for the Playbooks. 16 | 17 | ### Execute a Playbook 18 | 19 | ``` 20 | ansible-playbook -l [group] [playbook yaml file] 21 | ansible-playbook -i [inventory] [playbook yaml file] 22 | ``` -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/routes/console.php: -------------------------------------------------------------------------------- 1 | comment(Inspiring::quote()); 19 | })->purpose('Display an inspiring quote'); 20 | -------------------------------------------------------------------------------- /docker/keycloak/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | keycloack: 4 | image: quay.io/keycloak/keycloak:12.0.2 5 | container_name: keycloak 6 | ports: 7 | - 8080:8080 8 | - 8443:8443 9 | restart: unless-stopped 10 | environment: 11 | # Credentials for admin account 12 | # ----------------------------- 13 | KEYCLOAK_USER: "admin" 14 | KEYCLOAK_PASSWORD: "admin" 15 | 16 | # Credentials for storing into an external database 17 | # ------------------------------------------------- 18 | # DB_VENDOR: "mysql" 19 | # DB_ADDR: 20 | # DB_PORT: 21 | # DB_DATABASE: 22 | # DB_USER: 23 | # DB_PASSWORD: 24 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/public/.htaccess: -------------------------------------------------------------------------------- 1 | 2 | 3 | Options -MultiViews -Indexes 4 | 5 | 6 | RewriteEngine On 7 | 8 | # Handle Authorization Header 9 | RewriteCond %{HTTP:Authorization} . 10 | RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 11 | 12 | # Redirect Trailing Slashes If Not A Folder... 13 | RewriteCond %{REQUEST_FILENAME} !-d 14 | RewriteCond %{REQUEST_URI} (.+)/$ 15 | RewriteRule ^ %1 [L,R=301] 16 | 17 | # Send Requests To Front Controller... 18 | RewriteCond %{REQUEST_FILENAME} !-d 19 | RewriteCond %{REQUEST_FILENAME} !-f 20 | RewriteRule ^ index.php [L] 21 | 22 | -------------------------------------------------------------------------------- /kubernetes/gateway-api-istio/003-gateway-api-extra/httproute-plain.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: gateway.networking.k8s.io/v1 2 | kind: HTTPRoute 3 | metadata: 4 | name: route 5 | namespace: application 6 | spec: 7 | 8 | parentRefs: 9 | - group: gateway.networking.k8s.io 10 | kind: Gateway 11 | name: production 12 | namespace: istio-system 13 | sectionName: http 14 | 15 | 16 | hostnames: 17 | - example.com 18 | 19 | rules: 20 | 21 | - backendRefs: 22 | - group: "" 23 | kind: Service 24 | name: your-application 25 | namespace: application 26 | port: 8080 27 | weight: 1 28 | matches: 29 | - path: 30 | type: PathPrefix 31 | value: / 32 | 33 | -------------------------------------------------------------------------------- /kubernetes/kaniko/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kaniko 5 | spec: 6 | containers: 7 | - name: kaniko 8 | image: gcr.io/kaniko-project/executor:latest 9 | args: [ 10 | "--context=git://github.com/achetronic/lets-haproxy.git", 11 | "--dockerfile=Dockerfile", 12 | "--destination=achetronic/test-kaniko", 13 | #"--no-push" 14 | ] 15 | volumeMounts: 16 | - name: kaniko-secret 17 | mountPath: /root 18 | env: 19 | - name: DOCKER_CONFIG 20 | value: /root/.docker/ 21 | restartPolicy: Never 22 | volumes: 23 | - name: kaniko-secret 24 | secret: 25 | secretName: docker-hub 26 | items: 27 | - key: .dockerconfigjson 28 | path: .docker/config.json 29 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | image: docker:latest 2 | services: 3 | - docker:dind 4 | 5 | stages: 6 | - buildAndPush 7 | 8 | before_script: 9 | - export TAG=${CI_COMMIT_SHORT_SHA}-${CI_JOB_ID} 10 | - docker login $CI_REGISTRY -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" 11 | 12 | build: 13 | stage: buildAndPush 14 | script: 15 | # Build and push the real image 16 | - docker build -t $CI_REGISTRY/${CI_PROJECT_PATH}:$TAG . 17 | - docker push $CI_REGISTRY/${CI_PROJECT_PATH}:$TAG 18 | 19 | # Retag and push the image to have a latest tag 20 | - docker tag $CI_REGISTRY/${CI_PROJECT_PATH}:$TAG $CI_REGISTRY/${CI_PROJECT_PATH}:latest 21 | - docker push $CI_REGISTRY/${CI_PROJECT_PATH}:latest 22 | only: 23 | - master 24 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Providers/AuthServiceProvider.php: -------------------------------------------------------------------------------- 1 | 'App\Policies\ModelPolicy', 17 | ]; 18 | 19 | /** 20 | * Register any authentication / authorization services. 21 | * 22 | * @return void 23 | */ 24 | public function boot() 25 | { 26 | $this->registerPolicies(); 27 | 28 | // 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /docker/minecraft/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.5" 2 | 3 | # Docker Volumes 4 | volumes: 5 | papermc_data: 6 | name: papermc_data 7 | 8 | # Docker services 9 | services: 10 | # Paper MC 11 | papermc: 12 | image: itzg/minecraft-server 13 | environment: 14 | EULA: "true" 15 | TYPE: PAPER 16 | VERSION: 1.16.2 17 | # needed for Paper versions before 1.14 18 | CONSOLE: "false" 19 | ONLINE_MODE: "false" 20 | 21 | container_name: papermc 22 | restart: always 23 | tty: true 24 | stdin_open: true 25 | volumes: 26 | - papermc_data:/data 27 | 28 | ports: 29 | - "25565:25565" 30 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/003-log-it/005-log-it-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: log-it-deployment 6 | namespace: default 7 | labels: 8 | app: log-it 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: log-it 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | app: log-it 18 | spec: 19 | restartPolicy: Always 20 | containers: 21 | 22 | # Create a container with the log-it 23 | - name: log-it-container 24 | image: registry.gitlab.com/achetronic/log-it:latest 25 | imagePullPolicy: Always 26 | command: 27 | - /bin/sh 28 | stdin: true 29 | tty: true 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /docker/netdata/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | netdata: 4 | image: netdata/netdata 5 | container_name: netdata 6 | hostname: netdata.achetronic.com # set to fqdn of host 7 | ports: 8 | - 19999:19999 9 | restart: unless-stopped 10 | cap_add: 11 | - SYS_PTRACE 12 | security_opt: 13 | - apparmor:unconfined 14 | volumes: 15 | - netdataconfig:/etc/netdata 16 | - netdatalib:/var/lib/netdata 17 | - netdatacache:/var/cache/netdata 18 | - /etc/passwd:/host/etc/passwd:ro 19 | - /etc/group:/host/etc/group:ro 20 | - /proc:/host/proc:ro 21 | - /sys:/host/sys:ro 22 | - /etc/os-release:/host/etc/os-release:ro 23 | 24 | volumes: 25 | netdataconfig: 26 | netdatalib: 27 | netdatacache: -------------------------------------------------------------------------------- /kubernetes/concepts-services/001-hello-kubernetes.yaml: -------------------------------------------------------------------------------- 1 | # hello-kubernetes.yaml 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: hello-kubernetes 6 | spec: 7 | type: LoadBalancer 8 | ports: 9 | - port: 80 10 | targetPort: 8080 11 | selector: 12 | app: hello-kubernetes 13 | 14 | 15 | 16 | --- 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | metadata: 20 | name: hello-kubernetes 21 | spec: 22 | replicas: 1 23 | selector: 24 | matchLabels: 25 | app: hello-kubernetes 26 | template: 27 | metadata: 28 | labels: 29 | app: hello-kubernetes 30 | spec: 31 | containers: 32 | - name: hello-kubernetes 33 | image: paulbouwer/hello-kubernetes:1.8 34 | ports: 35 | - containerPort: 8080 36 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/004-hello-kubernetes/001-hello-kubernetes.yaml: -------------------------------------------------------------------------------- 1 | # hello-kubernetes.yaml 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: hello-kubernetes 6 | spec: 7 | type: ClusterIP 8 | ports: 9 | - port: 80 10 | targetPort: 8080 11 | selector: 12 | app: hello-kubernetes 13 | --- 14 | apiVersion: apps/v1 15 | kind: Deployment 16 | metadata: 17 | name: hello-kubernetes 18 | spec: 19 | replicas: 3 20 | selector: 21 | matchLabels: 22 | app: hello-kubernetes 23 | template: 24 | metadata: 25 | labels: 26 | app: hello-kubernetes 27 | spec: 28 | containers: 29 | - name: hello-kubernetes 30 | image: paulbouwer/hello-kubernetes:1.8 31 | ports: 32 | - containerPort: 8080 -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/resources/lang/en/auth.php: -------------------------------------------------------------------------------- 1 | 'These credentials do not match our records.', 17 | 'password' => 'The provided password is incorrect.', 18 | 'throttle' => 'Too many login attempts. Please try again in :seconds seconds.', 19 | 20 | ]; 21 | -------------------------------------------------------------------------------- /docker/rabbitmq/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.5" 2 | 3 | # Docker services 4 | services: 5 | 6 | rabbitmq: 7 | image: rabbitmq:3.8.9-management 8 | container_name: rabbitmq 9 | restart: always 10 | tty: true 11 | stdin_open: true 12 | volumes: 13 | - ./enable_plugins:/etc/rabbitmq/enabled_plugins:ro 14 | # More plugins on: 15 | # https://www.rabbitmq.com/plugins.html 16 | # https://www.rabbitmq.com/community-plugins.html 17 | ports: 18 | # HTTP DASHBOARD FOR MANAGEMENT 19 | - "15672:15672" 20 | # AMQP PROTOCOL 21 | - "5672:5672" 22 | # MQTT PROTOCOL 23 | #- "1883:1883" 24 | # MQTT OVER WEBSOCKETS 25 | #- "15675:15675" -------------------------------------------------------------------------------- /kubernetes/rabbitmq-cluster/002-rabbitmqcluster-ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: rabbitmqcluster-ingress 6 | namespace: default 7 | labels: 8 | app: rabbitmqcluster 9 | annotations: 10 | kubernetes.io/ingress.class: "nginx" 11 | cert-manager.io/cluster-issuer: "letsencrypt-prod" 12 | ingress.kubernetes.io/ssl-redirect: "true" 13 | spec: 14 | tls: 15 | - hosts: 16 | - test.dominio.com 17 | secretName: rabbitmqcluster-tls 18 | 19 | rules: 20 | - host: test.dominio.com 21 | http: 22 | paths: 23 | - path: / 24 | pathType: Prefix 25 | backend: 26 | service: 27 | name: rabbitmqcluster-rabbitmq-client 28 | port: 29 | number: 15672 30 | #name: 31 | 32 | -------------------------------------------------------------------------------- /docker/gitlab-ci/.gitlab-ci.yml: -------------------------------------------------------------------------------- 1 | docker-build-master: 2 | image: docker:latest 3 | stage: build 4 | services: 5 | - docker:dind 6 | 7 | before_script: 8 | # Create a tag using the commit and the job ID 9 | - export TAG=${CI_COMMIT_SHORT_SHA}-${CI_JOB_ID} 10 | 11 | # Login into the containers registry 12 | - docker login $CI_REGISTRY -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" 13 | 14 | script: 15 | # Build and push the real image 16 | - docker build -t $CI_REGISTRY/${CI_PROJECT_PATH}:$TAG . 17 | - docker push $CI_REGISTRY/${CI_PROJECT_PATH}:$TAG 18 | 19 | # Retag and push the image to have a latest tag 20 | - docker tag $CI_REGISTRY/${CI_PROJECT_PATH}:$TAG $CI_REGISTRY/${CI_PROJECT_PATH}:latest 21 | - docker push $CI_REGISTRY/${CI_PROJECT_PATH}:latest 22 | only: 23 | - master 24 | 25 | -------------------------------------------------------------------------------- /kubernetes/gateway-api-istio/002-istio-control-plane/values.yaml: -------------------------------------------------------------------------------- 1 | # Ref: https://github.com/istio/istio/blob/master/manifests/charts/istio-control/istio-discovery/values.yaml 2 | istiod: 3 | 4 | global: 5 | istioNamespace: istio-system 6 | 7 | logAsJson: true 8 | 9 | proxy: 10 | # This controls the 'policy' in the sidecar injector. 11 | # Ref: https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/ 12 | autoInject: disabled 13 | 14 | resources: 15 | requests: &istioResourcesRequests 16 | cpu: 500m 17 | memory: 512Mi 18 | limits: *istioResourcesRequests 19 | 20 | pilot: 21 | 22 | # Mesh config settings 23 | # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services 24 | ipFamilyPolicy: "SingleStack" 25 | ipFamilies: [ "IPv4" ] 26 | 27 | -------------------------------------------------------------------------------- /docker/laravel-container/README.md: -------------------------------------------------------------------------------- 1 | # Docker Compose for Laravel 2 | 3 | 4 | ### Services integrated 5 | * PHP + Laravel backend server 6 | * Nginx frontend server 7 | 8 | 9 | ### Testing 10 | Just one command to dominate them all. Clone this repository, go to the main folder (where docker-compose.yaml is) 11 | and type the following: 12 | ``` 13 | docker-compose up -d 14 | ``` 15 | 16 | 17 | ### Building your own Laravel 18 | Copy and paste the Dockerfile into the root directory of your Laravel and execute the following 19 | ``` 20 | docker build . 21 | ``` 22 | Set a tag for your container and push it into your Docker registry. 23 | I recommend GitLab Docker Registry to have it all in the same place. 24 | 25 | 26 | ### Results 27 | * Laravel working, configured with ENV vars and listening, internally, on port 9000. Exposed on port 80 by Nginx 28 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /docker/bitwardenrs/haproxy.cfg: -------------------------------------------------------------------------------- 1 | # CONFIGS APPLIED GLOBALLY 2 | global 3 | maxconn 32768 4 | daemon 5 | 6 | # CONFIGS APPLIED BY DEFAULT ON FRONTENDS AND BACKENDS 7 | defaults 8 | mode http 9 | retries 3 10 | timeout connect 5s 11 | timeout client 50s 12 | timeout server 450s 13 | 14 | # FRONTENDS HTTP REDIRECT TO HTTPS 15 | frontend http-in 16 | bind *:80 17 | acl http ssl_fc,not 18 | http-request redirect scheme https if http 19 | 20 | # FRONTENDS HTTP 21 | frontend https-in 22 | bind *:443 23 | mode http 24 | acl host_vault hdr(host) -i vault.achetronic.com 25 | use_backend cluster_vault if host_vault 26 | 27 | # BACKENDS HTTP 28 | backend cluster_vault 29 | mode http 30 | balance roundrobin 31 | option forwardfor 32 | server node1 bitwardenrs:80 check 33 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Providers/EventServiceProvider.php: -------------------------------------------------------------------------------- 1 | [ 19 | SendEmailVerificationNotification::class, 20 | ], 21 | ]; 22 | 23 | /** 24 | * Register any events for your application. 25 | * 26 | * @return void 27 | */ 28 | public function boot() 29 | { 30 | // 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/resources/lang/en/passwords.php: -------------------------------------------------------------------------------- 1 | 'Your password has been reset!', 17 | 'sent' => 'We have emailed your password reset link!', 18 | 'throttled' => 'Please wait before retrying.', 19 | 'token' => 'This password reset token is invalid.', 20 | 'user' => "We can't find a user with that email address.", 21 | 22 | ]; 23 | -------------------------------------------------------------------------------- /docker/lets-haproxy/haproxy.cfg: -------------------------------------------------------------------------------- 1 | # CONFIGS APPLIED GLOBALLY 2 | global 3 | maxconn 32768 4 | daemon 5 | 6 | # CONFIGS APPLIED BY DEFAULT ON FRONTENDS AND BACKENDS 7 | defaults 8 | mode http 9 | retries 3 10 | timeout connect 5s 11 | timeout client 50s 12 | timeout server 450s 13 | 14 | # FRONTENDS HTTP REDIRECT TO HTTPS 15 | frontend http-in 16 | bind *:80 17 | acl http ssl_fc,not 18 | http-request redirect scheme https if http 19 | 20 | # FRONTENDS HTTPS 21 | frontend https-in 22 | bind *:443 23 | mode http 24 | acl host_hola hdr(host) -i hola.achetronic.com 25 | use_backend cluster_hola if host_hola 26 | 27 | # BACKENDS HTTP 28 | backend cluster_hola 29 | mode http 30 | balance roundrobin 31 | option forwardfor 32 | server node1 nginx-01:80 check 33 | server node2 nginx-02:80 check 34 | -------------------------------------------------------------------------------- /kubernetes/replika-operator/replika-sample-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: replika.prosimcorp.com/v1alpha1 2 | kind: Replika 3 | metadata: 4 | name: sample-configmap 5 | spec: 6 | # Some configuration features 7 | synchronization: 8 | time: "20s" 9 | 10 | # Defines the resource to sync through namespaces 11 | source: 12 | group: "" 13 | version: v1 14 | kind: ConfigMap 15 | name: sample-configmap 16 | namespace: &sourceNamespace default 17 | 18 | # Defines the resources that will be generated 19 | target: 20 | namespaces: 21 | # List of namespaces where to replicate the resources when 'matchAll' is disabled 22 | replicateIn: [] 23 | 24 | # Replicate the resource in all namespaces, some of them are excluded 25 | matchAll: true 26 | excludeFrom: 27 | - kube-system 28 | - kube-public 29 | - kube-node-lease 30 | - *sourceNamespace -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/database/migrations/2014_10_12_100000_create_password_resets_table.php: -------------------------------------------------------------------------------- 1 | string('email')->index(); 18 | $table->string('token'); 19 | $table->timestamp('created_at')->nullable(); 20 | }); 21 | } 22 | 23 | /** 24 | * Reverse the migrations. 25 | * 26 | * @return void 27 | */ 28 | public function down() 29 | { 30 | Schema::dropIfExists('password_resets'); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Http/Middleware/RedirectIfAuthenticated.php: -------------------------------------------------------------------------------- 1 | check()) { 26 | return redirect(RouteServiceProvider::HOME); 27 | } 28 | } 29 | 30 | return $next($request); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/database/factories/UserFactory.php: -------------------------------------------------------------------------------- 1 | $this->faker->name, 27 | 'email' => $this->faker->unique()->safeEmail, 28 | 'email_verified_at' => now(), 29 | 'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', // password 30 | 'remember_token' => Str::random(10), 31 | ]; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /kubernetes/nats-broker/README.md: -------------------------------------------------------------------------------- 1 | ### Description 2 | Applying these manifests, you are installing the NATS operator in Cluster mode. This implies that you are planning 3 | only to have one NATS cluster for every projects on the cluster. Do this only if you are sure you want this made this way. 4 | 5 | 6 | ### Steps 7 | 1. Install the operator in cluster mode 8 | 9 | ``` 10 | kubectl apply -k . 11 | ``` 12 | 2. Create your NATS cluster (take care, you can create is under TLS too) 13 | 14 | ``` 15 | kubectl apply -f natsCluster.yaml 16 | ``` 17 | 18 | ### Test the cluster 19 | 1. Download and install NATS CLI binary from https://github.com/nats-io/natscli/releases 20 | 2. Create a context pointing your NATS service 21 | ``` 22 | nats context add nats --server YOUR_CLUSTER_SERVICE:4222 --description "My NATS Cluster Service" --select 23 | ``` 24 | 3. Interact with it 25 | ``` 26 | nats sub "channel.subchannel" 27 | nats pub "channel.subchannel" "Hello, I am your father" 28 | ``` -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Exceptions/Handler.php: -------------------------------------------------------------------------------- 1 | reportable(function (Throwable $e) { 37 | // 38 | }); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /kubernetes/keda/README.md: -------------------------------------------------------------------------------- 1 | # Keda 2 | 3 | ## Description 4 | 5 | Deployment made using a combination of Helm and Kustomize to deploy Keda and 6 | a dummy Deployment which is scaled depending on the size of a Redis queue. 7 | 8 | ## Steps 9 | 10 | 1. Execute the following command to deploy Keda 11 | 12 | ``` 13 | helm dependency update ./000-operator 14 | helm upgrade --install keda ./000-operator --namespace keda --create-namespace 15 | ``` 16 | 17 | 2. Execute the following command to deploy Redis 18 | 19 | > DISCLAIMER: included Redis is not intended for production. 20 | > In that case, Sentinel or cluster is needed. 21 | 22 | ``` 23 | helm dependency update ./001-dummy-redis 24 | helm upgrade --install redis ./001-dummy-redis --namespace application --create-namespace 25 | ``` 26 | 27 | 3. Execute the following command to deploy a dummy application with a scaler triggered by Redis queue size 28 | 29 | ``` 30 | kubectl apply -k ./002-dummy-deployment 31 | ``` 32 | -------------------------------------------------------------------------------- /docker/laravel-container/build/frontend/docker-files/nginx.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | listen 80; 4 | listen [::]:80; 5 | server_name _; 6 | 7 | root /var/www/public; 8 | 9 | add_header X-Frame-Options "SAMEORIGIN"; 10 | add_header X-XSS-Protection "1; mode=block"; 11 | add_header X-Content-Type-Options "nosniff"; 12 | 13 | index index.html index.htm index.php; 14 | 15 | charset utf-8; 16 | 17 | location / { 18 | try_files $uri $uri/ /index.php?$query_string; 19 | } 20 | 21 | location = /favicon.ico { access_log off; log_not_found off; } 22 | location = /robots.txt { access_log off; log_not_found off; } 23 | 24 | error_page 404 /index.php; 25 | 26 | location ~ \.php$ { 27 | fastcgi_pass backend:9000; 28 | fastcgi_index index.php; 29 | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 30 | include fastcgi_params; 31 | } 32 | 33 | location ~ /\.(?!well-known).* { 34 | deny all; 35 | } 36 | } 37 | 38 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/cors.php: -------------------------------------------------------------------------------- 1 | ['api/*', 'sanctum/csrf-cookie'], 19 | 20 | 'allowed_methods' => ['*'], 21 | 22 | 'allowed_origins' => ['*'], 23 | 24 | 'allowed_origins_patterns' => [], 25 | 26 | 'allowed_headers' => ['*'], 27 | 28 | 'exposed_headers' => [], 29 | 30 | 'max_age' => 0, 31 | 32 | 'supports_credentials' => false, 33 | 34 | ]; 35 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/database/migrations/2014_10_12_000000_create_users_table.php: -------------------------------------------------------------------------------- 1 | id(); 18 | $table->string('name'); 19 | $table->string('email')->unique(); 20 | $table->timestamp('email_verified_at')->nullable(); 21 | $table->string('password'); 22 | $table->rememberToken(); 23 | $table->timestamps(); 24 | }); 25 | } 26 | 27 | /** 28 | * Reverse the migrations. 29 | * 30 | * @return void 31 | */ 32 | public function down() 33 | { 34 | Schema::dropIfExists('users'); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/resources/js/bootstrap.js: -------------------------------------------------------------------------------- 1 | window._ = require('lodash'); 2 | 3 | /** 4 | * We'll load the axios HTTP library which allows us to easily issue requests 5 | * to our Laravel back-end. This library automatically handles sending the 6 | * CSRF token as a header based on the value of the "XSRF" token cookie. 7 | */ 8 | 9 | window.axios = require('axios'); 10 | 11 | window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest'; 12 | 13 | /** 14 | * Echo exposes an expressive API for subscribing to channels and listening 15 | * for events that are broadcast by Laravel. Echo and event broadcasting 16 | * allows your team to easily build robust real-time web applications. 17 | */ 18 | 19 | // import Echo from 'laravel-echo'; 20 | 21 | // window.Pusher = require('pusher-js'); 22 | 23 | // window.Echo = new Echo({ 24 | // broadcaster: 'pusher', 25 | // key: process.env.MIX_PUSHER_APP_KEY, 26 | // cluster: process.env.MIX_PUSHER_APP_CLUSTER, 27 | // forceTLS: true 28 | // }); 29 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/.env.example: -------------------------------------------------------------------------------- 1 | APP_NAME=Laravel 2 | APP_ENV=local 3 | APP_KEY= 4 | APP_DEBUG=true 5 | APP_URL=http://localhost 6 | 7 | LOG_CHANNEL=stack 8 | LOG_LEVEL=debug 9 | 10 | DB_CONNECTION=mysql 11 | DB_HOST=127.0.0.1 12 | DB_PORT=3306 13 | DB_DATABASE=laravel 14 | DB_USERNAME=root 15 | DB_PASSWORD= 16 | 17 | BROADCAST_DRIVER=log 18 | CACHE_DRIVER=file 19 | QUEUE_CONNECTION=sync 20 | SESSION_DRIVER=file 21 | SESSION_LIFETIME=120 22 | 23 | REDIS_HOST=127.0.0.1 24 | REDIS_PASSWORD=null 25 | REDIS_PORT=6379 26 | 27 | MAIL_MAILER=smtp 28 | MAIL_HOST=smtp.mailtrap.io 29 | MAIL_PORT=2525 30 | MAIL_USERNAME=null 31 | MAIL_PASSWORD=null 32 | MAIL_ENCRYPTION=null 33 | MAIL_FROM_ADDRESS=null 34 | MAIL_FROM_NAME="${APP_NAME}" 35 | 36 | AWS_ACCESS_KEY_ID= 37 | AWS_SECRET_ACCESS_KEY= 38 | AWS_DEFAULT_REGION=us-east-1 39 | AWS_BUCKET= 40 | 41 | PUSHER_APP_ID= 42 | PUSHER_APP_KEY= 43 | PUSHER_APP_SECRET= 44 | PUSHER_APP_CLUSTER=mt1 45 | 46 | MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" 47 | MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" 48 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "private": true, 3 | "scripts": { 4 | "dev": "npm run development", 5 | "development": "cross-env NODE_ENV=development node_modules/webpack/bin/webpack.js --progress --config=node_modules/laravel-mix/setup/webpack.config.js", 6 | "watch": "npm run development -- --watch", 7 | "watch-poll": "npm run watch -- --watch-poll", 8 | "hot": "cross-env NODE_ENV=development node_modules/webpack-dev-server/bin/webpack-dev-server.js --inline --hot --disable-host-check --config=node_modules/laravel-mix/setup/webpack.config.js", 9 | "prod": "npm run production", 10 | "production": "cross-env NODE_ENV=production node_modules/webpack/bin/webpack.js --no-progress --config=node_modules/laravel-mix/setup/webpack.config.js" 11 | }, 12 | "devDependencies": { 13 | "axios": "^0.19", 14 | "cross-env": "^7.0", 15 | "laravel-mix": "^5.0.1", 16 | "lodash": "^4.17.19", 17 | "resolve-url-loader": "^3.1.0" 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Console/Kernel.php: -------------------------------------------------------------------------------- 1 | command('inspire')->hourly(); 28 | } 29 | 30 | /** 31 | * Register the commands for the application. 32 | * 33 | * @return void 34 | */ 35 | protected function commands() 36 | { 37 | $this->load(__DIR__.'/Commands'); 38 | 39 | require base_path('routes/console.php'); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /kubernetes/keda/002-dummy-deployment/scaleObject-redis-queue-scale.yaml: -------------------------------------------------------------------------------- 1 | # Ref: https://keda.sh/docs/2.9/concepts/scaling-deployments/ 2 | apiVersion: keda.sh/v1alpha1 3 | kind: ScaledObject 4 | metadata: 5 | name: redis-queue-scale 6 | spec: 7 | scaleTargetRef: 8 | name: "dummy-deployment" 9 | pollingInterval: 30 10 | cooldownPeriod: 300 11 | idleReplicaCount: 0 12 | minReplicaCount: 1 13 | maxReplicaCount: 100 14 | fallback: 15 | failureThreshold: 3 16 | replicas: 6 17 | advanced: 18 | restoreToOriginalReplicaCount: false 19 | # Ref: https://keda.sh/docs/2.9/scalers/ 20 | triggers: 21 | 22 | # Ref: https://keda.sh/docs/2.9/scalers/redis-lists/ 23 | - type: redis 24 | metadata: 25 | address: redis-master.application.svc:6379 26 | # Ref: https://redis.io/docs/data-types/lists/ 27 | listName: mylist 28 | listLength: "3" 29 | activationListLength: "3" 30 | enableTLS: "false" 31 | databaseIndex: "0" 32 | authenticationRef: 33 | name: redis-queue-scale 34 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Models/User.php: -------------------------------------------------------------------------------- 1 | 'datetime', 42 | ]; 43 | } 44 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/database/migrations/2019_08_19_000000_create_failed_jobs_table.php: -------------------------------------------------------------------------------- 1 | id(); 18 | $table->string('uuid')->unique(); 19 | $table->text('connection'); 20 | $table->text('queue'); 21 | $table->longText('payload'); 22 | $table->longText('exception'); 23 | $table->timestamp('failed_at')->useCurrent(); 24 | }); 25 | } 26 | 27 | /** 28 | * Reverse the migrations. 29 | * 30 | * @return void 31 | */ 32 | public function down() 33 | { 34 | Schema::dropIfExists('failed_jobs'); 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/000-grafana/004-grafana-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: grafana-deployment 6 | namespace: default 7 | labels: 8 | app: grafana 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: grafana 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | app: grafana 18 | spec: 19 | containers: 20 | 21 | # Create a container with the RabbitMQ 22 | - name: grafana-container 23 | image: grafana/grafana:latest 24 | imagePullPolicy: Always 25 | stdin: true 26 | tty: true 27 | # env: 28 | # - name: grafana_DEFAULT_SERVER 29 | # valueFrom: 30 | # configMapKeyRef: 31 | # name: grafana-config 32 | # key: grafana_DEFAULT_SERVER 33 | # - name: APP_KEY 34 | # valueFrom: 35 | # secretKeyRef: 36 | # name: queue2db-secrets 37 | # key: APP_KEY 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /kubernetes/gateway-api-istio/README.md: -------------------------------------------------------------------------------- 1 | # Gateway API + Istio 2 | 3 | ## Description 4 | 5 | Deployment made using a combination of Helm and Kustomize to deploy Gateway API (controlled by Istio) and 6 | some Gateway/HTTPRoute resources. 7 | 8 | ## Steps 9 | 10 | 1. Execute the following command to deploy Gateway API CRDs 11 | 12 | ``` 13 | kubectl apply -k ./000-gateway-api-crds/v1.2.1 14 | ``` 15 | 16 | 2. Execute the following command to deploy Istio base CRDs 17 | 18 | ``` 19 | helm dependency update ./001-istio-crds 20 | helm upgrade --install istio-base ./001-istio-crds --namespace istio-system --create-namespace 21 | ``` 22 | 23 | 3. Execute the following command to deploy Istio control plane 24 | 25 | ``` 26 | helm dependency update ./002-istio-control-plane 27 | helm upgrade --install istio-discovery ./002-istio-control-plane --namespace istio-system --create-namespace 28 | ``` 29 | 30 | 4. Execute the following command to deploy a Gateway and some HTTPRoute resources 31 | 32 | ``` 33 | kubectl apply -k ./003-gateway-api-extra 34 | ``` -------------------------------------------------------------------------------- /kubernetes/juicefs/02-application/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: application 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | app: application 10 | template: 11 | metadata: 12 | labels: 13 | app: application 14 | spec: 15 | containers: 16 | - name: app 17 | image: nginx:stable 18 | ports: 19 | - containerPort: 80 20 | volumeMounts: 21 | - name: application-storage 22 | mountPath: /usr/share/nginx/html 23 | resources: 24 | requests: 25 | memory: "128Mi" 26 | cpu: "100m" 27 | limits: 28 | memory: "256Mi" 29 | cpu: "200m" 30 | lifecycle: 31 | postStart: 32 | exec: 33 | command: ["/bin/sh", "-c", "echo 'Prueba JuiceFS - Pod: $HOSTNAME' > /usr/share/nginx/html/index.html"] 34 | volumes: 35 | - name: application-storage 36 | persistentVolumeClaim: 37 | claimName: application-pvc 38 | -------------------------------------------------------------------------------- /kubernetes/prometheus-operator/README.md: -------------------------------------------------------------------------------- 1 | ### Descripción 2 | Estás viendo las instrucciones para montar un Prometheus en clúster dentro de Kubernetes, con alta disponibilidad, etc. 3 | Este operador te crea varios recursos personalizados como los ServiceMonitor para agregar métricas de distintos servicios 4 | sin tirar el server Prometheus para recargar la configuración con los scrappers, etc. 5 | 6 | ### Pasos 7 | 1. Instala el operador 8 | 9 | ``` 10 | kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/master/bundle.yaml 11 | ``` 12 | 2. Aplica los manifiestos para levantar Prometheus (RBAC, servicio, etc) 13 | 14 | ``` 15 | kubectl apply -k prometheus/ 16 | ``` 17 | 3. Aplica los manifiestos para crear una app de ejemplo con un ServiceMonitor 18 | 19 | ``` 20 | kubectl apply -k example-app/ 21 | ``` 22 | 23 | ### ¿Por qué tan fácil? 24 | Si te fijas, el manifiesto YAML que estás aplicando en cada directorio es un kustomization.yaml que he creado, que se encarga 25 | de aplicar el resto de manifiestos uno por uno. Así que en vez de levantarlos a mano, los levanta de forma automática. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Youtube 2 | 3 | The things you saw on my [YT](https://youtube.com/@achetronic) channel. 4 | You will find a bunch of things to help newcomers to follow my videos 5 | 6 | ## Index 7 | TODO 8 | 9 | ## How to collaborate 10 | 11 | We are open to external collaborations for this project. For doing it you must: 12 | - [Fork the repository](https://github.com/achetronic/youtube/fork) 13 | - Make your changes to the code into a different branch 14 | - Open a PR. The manifests will be reviewed and tested 15 | 16 | ## License 17 | 18 | Copyright 2023. 19 | 20 | Licensed under the Apache License, Version 2.0 (the "License"); 21 | you may not use this file except in compliance with the License. 22 | You may obtain a copy of the License at 23 | 24 | http://www.apache.org/licenses/LICENSE-2.0 25 | 26 | Unless required by applicable law or agreed to in writing, software 27 | distributed under the License is distributed on an "AS IS" BASIS, 28 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 29 | See the License for the specific language governing permissions and 30 | limitations under the License. 31 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/services.php: -------------------------------------------------------------------------------- 1 | [ 18 | 'domain' => env('MAILGUN_DOMAIN'), 19 | 'secret' => env('MAILGUN_SECRET'), 20 | 'endpoint' => env('MAILGUN_ENDPOINT', 'api.mailgun.net'), 21 | ], 22 | 23 | 'postmark' => [ 24 | 'token' => env('POSTMARK_TOKEN'), 25 | ], 26 | 27 | 'ses' => [ 28 | 'key' => env('AWS_ACCESS_KEY_ID'), 29 | 'secret' => env('AWS_SECRET_ACCESS_KEY'), 30 | 'region' => env('AWS_DEFAULT_REGION', 'us-east-1'), 31 | ], 32 | 33 | ]; 34 | -------------------------------------------------------------------------------- /kubernetes/external-secrets/README.md: -------------------------------------------------------------------------------- 1 | ### Description 2 | Deployment made using a combination of Helm and Kustomize to install 3 | Hashicorp Vault (in development mode) and External Secrets inside a Kubernetes cluster. 4 | This can be automated using GitOps approach as I wrote in the official 5 | [documentation page](https://external-secrets.io/guides-gitops-using-fluxcd/) 6 | 7 | 8 | ### Steps 9 | 1. Install Hashicorp Vault inside your Kubernetes cluster 10 | 11 | ```console 12 | helm repo add hashicorp https://helm.releases.hashicorp.com 13 | 14 | helm install vault hashicorp/vault --namespace vault --create-namespace -f hashicorp-vault/values.yaml 15 | ``` 16 | 17 | 2. Install External Secrets inside the cluster 18 | 19 | ```console 20 | helm repo add external-secrets https://charts.external-secrets.io 21 | 22 | helm install external-secrets \ 23 | external-secrets/external-secrets \ 24 | --namespace external-secrets \ 25 | --create-namespace \ 26 | --set installCRDs=true 27 | ``` 28 | 29 | 3. Deploy the Secret and CRs to grant access to Vault from External Secrets 30 | 31 | ```console 32 | kubectl apply -k external-secrets 33 | ``` 34 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/001-loki/000-loki-local-config-yaml.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: loki-local-config-yaml 6 | namespace: kube-logging 7 | data: 8 | local-config.yaml: | 9 | auth_enabled: false 10 | 11 | server: 12 | http_listen_port: 3100 13 | 14 | ingester: 15 | lifecycler: 16 | address: 127.0.0.1 17 | ring: 18 | kvstore: 19 | store: inmemory 20 | replication_factor: 1 21 | final_sleep: 0s 22 | chunk_idle_period: 5m 23 | chunk_retain_period: 30s 24 | 25 | schema_config: 26 | configs: 27 | - from: 2020-05-15 28 | store: boltdb 29 | object_store: filesystem 30 | schema: v11 31 | index: 32 | prefix: index_ 33 | period: 168h 34 | 35 | storage_config: 36 | boltdb: 37 | directory: /tmp/loki/index 38 | 39 | filesystem: 40 | directory: /tmp/loki/chunks 41 | 42 | limits_config: 43 | enforce_metric_name: false 44 | reject_old_samples: true 45 | reject_old_samples_max_age: 168h 46 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/001-loki/004-loki-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | 5 | metadata: 6 | name: loki-deployment 7 | namespace: kube-logging 8 | labels: 9 | app: loki 10 | 11 | spec: 12 | selector: 13 | matchLabels: 14 | app: loki 15 | replicas: 1 16 | template: 17 | metadata: 18 | labels: 19 | app: loki 20 | spec: 21 | volumes: 22 | - name: loki-config-yaml 23 | configMap: 24 | name: loki-config-yaml 25 | - name: loki-data 26 | persistentVolumeClaim: 27 | claimName: loki-pv-claim 28 | restartPolicy: Always 29 | containers: 30 | 31 | # Create a container with the Grafana Loki 32 | - name: loki-container 33 | image: grafana/loki:latest 34 | imagePullPolicy: Always 35 | args: ["-config.file=/etc/loki/local-config.yaml"] 36 | stdin: true 37 | tty: true 38 | ports: 39 | - containerPort: 3100 40 | volumeMounts: 41 | - name: loki-data 42 | mountPath: /tmp/loki 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /kubernetes/external-secrets/external-secrets/externalSecret-docker.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: external-secrets.io/v1alpha1 2 | kind: ExternalSecret 3 | metadata: 4 | name: docker-registry-credentials 5 | spec: 6 | refreshInterval: "15s" 7 | secretStoreRef: 8 | name: vault-backend-global 9 | kind: ClusterSecretStore 10 | target: 11 | name: docker-registry-credentials 12 | template: 13 | type: kubernetes.io/dockerconfigjson 14 | data: 15 | .dockerconfigjson: | 16 | {{- $auth := (printf "%s:%s" .USERNAME .PASSWORD) | toBytes | base64encode | toString -}} 17 | {{- $structure := (printf `{"auths":{"%s":{"username":"%s","password":"%s","auth":"%s"}}}` .HOST .USERNAME .PASSWORD $auth) -}} 18 | {{- print $structure -}} 19 | data: 20 | - secretKey: HOST 21 | remoteRef: 22 | key: infrastructure/artifacts/credentials 23 | property: host 24 | 25 | - secretKey: USERNAME 26 | remoteRef: 27 | key: infrastructure/artifacts/credentials 28 | property: username 29 | 30 | - secretKey: PASSWORD 31 | remoteRef: 32 | key: infrastructure/artifacts/credentials 33 | property: password 34 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/view.php: -------------------------------------------------------------------------------- 1 | [ 17 | resource_path('views'), 18 | ], 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Compiled View Path 23 | |-------------------------------------------------------------------------- 24 | | 25 | | This option determines where all the compiled Blade templates will be 26 | | stored for your application. Typically, this is within the storage 27 | | directory. However, as usual, you are free to change this value. 28 | | 29 | */ 30 | 31 | 'compiled' => env( 32 | 'VIEW_COMPILED_PATH', 33 | realpath(storage_path('framework/views')) 34 | ), 35 | 36 | ]; 37 | -------------------------------------------------------------------------------- /docker/ddclient/ddclient.conf: -------------------------------------------------------------------------------- 1 | # DEFAULT CONFIG 2 | daemon=1200 # check every 20 min 3 | syslog=yes # log update msgs to syslog 4 | mail=root # mail all msgs to root 5 | mail-failure=root # mail failed update msgs to root 6 | pid=/var/run/ddclient.pid # record PID in file. 7 | 8 | # WHERE TO GET THE PUBLIC IP 9 | use=web, web=ip.changeip.com 10 | 11 | # LOGIN DETAILS FOR THE FIRST SERVICE 12 | protocol=dyndns2 # default protocol 13 | server=members.dyndns.org:8245 # default server (bypassing proxies) 14 | login=dyndnsUsername # default login 15 | password=dyndnsPass # default password 16 | 17 | # DOMAINS YOU WANT TO UPDATE AT THE FIRST SERVICE 18 | first.service.domain.name 19 | 20 | # LOGIN DETAILS FOR THE SECOND SERVICE 21 | #protocol=dyndns2 22 | #server=nic.changeip.com # default server (bypassing proxies) 23 | #login=changeipLogin # default login 24 | #password=changeipPass # default password 25 | 26 | # DOMAINS YOU WANT TO UPDATE AT THE SECOND SERVICE 27 | #second.service.domain.name -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/public/web.config: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/phpunit.xml: -------------------------------------------------------------------------------- 1 | 2 | 7 | 8 | 9 | ./tests/Unit 10 | 11 | 12 | ./tests/Feature 13 | 14 | 15 | 16 | 17 | ./app 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /kubernetes/reforma-operator/crs/patch-external-dns-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: reforma.prosimcorp.com/v1alpha1 2 | kind: Patch 3 | metadata: 4 | name: external-dns-sa 5 | spec: 6 | # Synchronization parameters 7 | synchronization: 8 | time: "5s" 9 | 10 | # Sources to look for the data to make wonderful patches 11 | sources: 12 | - apiVersion: v1 13 | kind: ConfigMap 14 | name: cluster-info 15 | namespace: default 16 | 17 | # Target to apply patches to 18 | target: 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | name: external-dns 22 | namespace: default 23 | 24 | # You know, the patch type 25 | patchType: application/merge-patch+json 26 | 27 | # Templating section is where you can be creative to craft a patch 28 | # Basically, if you know Helm templating and Kustomize patches, do what you want 29 | template: | 30 | {{- $source := (index . 1) -}} 31 | metadata: 32 | annotations: 33 | {{- if eq ($source.data.provider | lower) "aws" }} 34 | eks.amazonaws.com/role-arn: "arn:aws:iam::{{- $source.data.account -}}:role/{{- $source.data.name -}}-external-dns" 35 | {{- end }} 36 | 37 | {{- if eq ($source.data.provider | lower) "gcp" }} 38 | iam.gke.io/gcp-service-account: "{{- $source.data.name -}}-external-dns@{{- $source.data.account -}}.iam.gserviceaccount.com" 39 | {{ end }} -------------------------------------------------------------------------------- /kubernetes/crossplane/README.md: -------------------------------------------------------------------------------- 1 | # Crossplane 2 | 3 | ## Description 4 | 5 | Deployment made using a combination of Helm and Kustomize to install Crossplane and 6 | AWS provider inside a Kubernetes cluster. 7 | This can be automated using GitOps approach using tools like FluxCD or ArgoCD 8 | 9 | ## Steps 10 | 11 | 1. Execute the following command to install Crossplane's operator 12 | 13 | ``` 14 | helm dependency update 15 | helm upgrade --install crossplane ./000-operator --namespace crossplane --create-namespace 16 | ``` 17 | 18 | 2. Apply the Kustomization to deploy the AWS provider 19 | 20 | ``` 21 | kubectl apply -k ./001-provider/ 22 | ``` 23 | 3. Open the Secret resource which contains your AWS credentials and change them 24 | 25 | > As a security recommendation, generate this secret dynamically retrieving the credentials from a credentials vault 26 | > like Hashicorp Vault using safe tools like External Secrets 27 | 28 | ```yaml 29 | # 002-provider-config/secret-aws-account-creds.yaml 30 | 31 | apiVersion: v1 32 | kind: Secret 33 | metadata: 34 | name: aws-account-creds 35 | type: Opaque 36 | stringData: 37 | 38 | # These credentials must be substituted by yours 39 | creds: ${AWS_ACCOUNT_CREDS} 40 | ``` 41 | 42 | 4. Apply the Kustomization to deploy the configuration for AWS provider 43 | 44 | ``` 45 | kubectl apply -k ./002-provider-config/ 46 | ``` 47 | -------------------------------------------------------------------------------- /docker/lets-haproxy/docker-compose-02.yaml: -------------------------------------------------------------------------------- 1 | version: "3.5" 2 | 3 | 4 | # Docker Volumes 5 | volumes: 6 | letsencrypt_logs: 7 | name: letsencrypt_logs 8 | letsencrypt_data: 9 | name: letsencrypt_data 10 | 11 | 12 | 13 | # Docker services 14 | services: 15 | lets-haproxy: 16 | image: achetronic/lets-haproxy:latest 17 | container_name: lets-haproxy 18 | restart: always 19 | tty: true 20 | stdin_open: true 21 | environment: 22 | ENVIRONMENT: "staging" # staging | production 23 | ADMIN_MAIL: "me@achetronic.com" 24 | SKIP_CREATION: "false" 25 | volumes: 26 | - ./haproxy.cfg:/root/templates/haproxy.user.cfg:ro 27 | - letsencrypt_logs:/var/log/letsencrypt 28 | - letsencrypt_data:/etc/letsencrypt 29 | ports: 30 | - "80:80" 31 | - "443:443" 32 | 33 | nginx-01: 34 | image: nginxdemos/hello 35 | container_name: nginx-01 36 | restart: always 37 | tty: true 38 | stdin_open: true 39 | expose: 40 | - "80" 41 | 42 | nginx-02: 43 | image: nginxdemos/hello:plain-text 44 | container_name: nginx-02 45 | restart: always 46 | tty: true 47 | stdin_open: true 48 | expose: 49 | - "80" 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /kubernetes/kuberbac/001-dummy-extras/dynamic-role-binding-cluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuberbac.prosimcorp.com/v1alpha1 2 | kind: DynamicRoleBinding 3 | metadata: 4 | name: example-role-binding-cluster 5 | spec: 6 | 7 | synchronization: 8 | time: "10s" 9 | 10 | # This is the section to enrol members to your existing role 11 | source: 12 | clusterRole: example-policy-cluster 13 | 14 | subject: 15 | # Members can be of type User. These members only exists outside your cluster 16 | # so they can be ONLY matched by exact names 17 | 18 | apiGroup: rbac.authorization.k8s.io 19 | kind: User 20 | nameSelector: 21 | matchList: 22 | - developer 23 | 24 | # This is the section to define the target namespaces where the role-bindings will be created 25 | # For those members selected in the previous section 26 | targets: 27 | 28 | # (Required) 29 | # Name of the RoleBinding objects to be created 30 | name: example-policy-cluster 31 | 32 | # Add some metadata to the RoleBinding objects 33 | annotations: {} 34 | labels: {} 35 | 36 | # This flag create a ClusterRoleBinding object instead of RoleBindings 37 | clusterScoped: true 38 | 39 | # (Optional) 40 | # Target namespaces can be matched by exact name, 41 | # by their labels, or a Golang regular expression. 42 | # Attention: Only one can be performed. 43 | namespaceSelector: 44 | 45 | # Select those ServiceAccounts in namespaces different from: kube-system, kube-public or default 46 | matchRegex: 47 | negative: false 48 | expression: "^(application-.+)$" 49 | -------------------------------------------------------------------------------- /docker/bitwardenrs/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.5" 2 | 3 | # Docker Volumes 4 | volumes: 5 | letsencrypt_logs: 6 | name: letsencrypt_logs 7 | letsencrypt_data: 8 | name: letsencrypt_data 9 | bitwardenrs_data: 10 | name: bitwardenrs_data 11 | 12 | # Docker services 13 | services: 14 | 15 | # Reverse proxy in the frontline 16 | lets-haproxy: 17 | image: achetronic/lets-haproxy:latest 18 | container_name: lets-haproxy 19 | restart: always 20 | tty: true 21 | stdin_open: true 22 | environment: 23 | ENVIRONMENT: "staging" # staging | production 24 | ADMIN_MAIL: "me@achetronic.com" 25 | SKIP_CREATION: "false" 26 | volumes: 27 | - ./haproxy.cfg:/root/templates/haproxy.user.cfg:ro 28 | - letsencrypt_logs:/var/log/letsencrypt 29 | - letsencrypt_data:/etc/letsencrypt 30 | ports: 31 | - "80:80" 32 | - "443:443" 33 | 34 | # Bitwarden server implemented in Rust 35 | bitwardenrs: 36 | image: bitwardenrs/server:latest 37 | container_name: bitwardenrs 38 | restart: always 39 | tty: true 40 | stdin_open: true 41 | environment: 42 | # Password for accessing /admin (generate it with: openssl rand -base64 48) 43 | ADMIN_TOKEN: "q2m8h9iYl9FpPB3PSfUHAM5/dxrt7IU44zoY9NAyNp6ecr5pjzIBZWwpYwxtqE+j" 44 | # Allow people to register 45 | # SIGNUPS_ALLOWED: "false" 46 | volumes: 47 | - bitwardenrs_data:/data/ 48 | expose: 49 | - "80" -------------------------------------------------------------------------------- /kubernetes/kuberbac/001-dummy-extras/dynamic-role-binding-namespaced.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuberbac.prosimcorp.com/v1alpha1 2 | kind: DynamicRoleBinding 3 | metadata: 4 | name: example-role-binding-namespaced 5 | spec: 6 | 7 | synchronization: 8 | time: "10s" 9 | 10 | # This is the section to enrol members to your existing role 11 | source: 12 | clusterRole: example-policy-namespace 13 | 14 | subject: 15 | # Members can be of type User. These members only exists outside your cluster 16 | # so they can be ONLY matched by exact names 17 | 18 | apiGroup: rbac.authorization.k8s.io 19 | kind: User 20 | nameSelector: 21 | matchList: 22 | - developer 23 | 24 | # This is the section to define the target namespaces where the role-bindings will be created 25 | # For those members selected in the previous section 26 | targets: 27 | 28 | # (Required) 29 | # Name of the RoleBinding objects to be created 30 | name: example-policy-namespaced 31 | 32 | # Add some metadata to the RoleBinding objects 33 | annotations: {} 34 | labels: {} 35 | 36 | # This flag create a ClusterRoleBinding object instead of RoleBindings 37 | clusterScoped: false 38 | 39 | # (Optional) 40 | # Target namespaces can be matched by exact name, 41 | # by their labels, or a Golang regular expression. 42 | # Attention: Only one can be performed. 43 | namespaceSelector: 44 | 45 | # Select those ServiceAccounts in namespaces different from: kube-system, kube-public or default 46 | matchRegex: 47 | negative: false 48 | expression: "^(application-.+)$" 49 | -------------------------------------------------------------------------------- /kubernetes/concepts-deployments/002-hello-deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: hello-deployment 6 | namespace: default 7 | labels: 8 | app: hello 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: hello 13 | 14 | replicas: 3 15 | 16 | template: 17 | metadata: 18 | labels: 19 | app: hello 20 | spec: 21 | # volumes: 22 | # - name: app-logs 23 | # emptyDir: {} 24 | 25 | restartPolicy: Always 26 | 27 | containers: 28 | # Create a container with a "Hello World" for Kubernetes 29 | - name: hello-container 30 | image: paulbouwer/hello-kubernetes:1.8 31 | imagePullPolicy: Always 32 | stdin: true 33 | tty: true 34 | 35 | # livenessProbe: 36 | # exec: 37 | # command: 38 | # - /app/runtime/livenessprobe.sh 39 | # initialDelaySeconds: 5 40 | # periodSeconds: 15 41 | 42 | # livenessProbe: 43 | # httpGet: 44 | # path: /healthz 45 | # port: 5000 46 | # initialDelaySeconds: 5 47 | # timeoutSeconds: 2 48 | # periodSeconds: 10 49 | # failureThreshold: 3 50 | 51 | 52 | # volumeMounts: 53 | # - name: app-logs 54 | # mountPath: /logs 55 | # subPath: logs 56 | 57 | 58 | # env: 59 | # # Application configuration 60 | # - name: APP_NAME 61 | # valueFrom: 62 | # configMapKeyRef: 63 | # name: hello-config 64 | # key: APP_NAME 65 | 66 | 67 | 68 | -------------------------------------------------------------------------------- /ansible/install-docker-host/playbook-ubuntu-arm64.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Installing Docker and Docker Compose on Ubuntu x64 3 | #connection: ansible.netcommon.network_cli 4 | gather_facts: false 5 | hosts: test 6 | tasks: 7 | 8 | - name: Removing old versions 9 | apt: name={{ item }} update_cache=yes state=absent 10 | loop: [ 'docker', 'docker-engine', 'docker.io', 'containerd', 'runc' ] 11 | 12 | - name: Installing needed packages for using HTTPS on the repositories 13 | apt: name={{ item }} update_cache=yes state=latest 14 | loop: [ 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg-agent', 'software-properties-common' ] 15 | 16 | - name: Adding GPG key for Docker repository 17 | shell: 18 | cmd: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 19 | warn: False 20 | 21 | - name: Adding Docker repository 22 | shell: 23 | cmd: sudo add-apt-repository "deb [arch=arm64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 24 | warn: False 25 | 26 | - name: Installing Docker 27 | apt: name={{ item }} update_cache=yes state=latest 28 | loop: [ 'docker-ce', 'docker-ce-cli', 'containerd.io' ] 29 | 30 | - name: Downloading Docker Compose 31 | shell: 32 | cmd: sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 33 | warn: False 34 | 35 | - name: Changing permissions to Docker Compose 36 | file: 37 | path: /usr/local/bin/docker-compose 38 | mode: a+x 39 | 40 | - name: Create a symbolic link for Docker Compose 41 | file: 42 | src: /usr/local/bin/docker-compose 43 | dest: /usr/bin/docker-compose 44 | state: link 45 | 46 | -------------------------------------------------------------------------------- /ansible/install-docker-host/playbook-ubuntu-x64.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Installing Docker and Docker Compose on Ubuntu x64 3 | #connection: ansible.netcommon.network_cli 4 | gather_facts: false 5 | hosts: test 6 | tasks: 7 | 8 | - name: Removing old versions 9 | apt: name={{ item }} update_cache=yes state=absent 10 | loop: [ 'docker', 'docker-engine', 'docker.io', 'containerd', 'runc' ] 11 | 12 | - name: Installing needed packages for using HTTPS on the repositories 13 | apt: name={{ item }} update_cache=yes state=latest 14 | loop: [ 'apt-transport-https', 'ca-certificates', 'curl', 'gnupg-agent', 'software-properties-common' ] 15 | 16 | - name: Adding GPG key for Docker repository 17 | shell: 18 | cmd: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 19 | warn: False 20 | 21 | - name: Adding Docker repository 22 | shell: 23 | cmd: sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 24 | warn: False 25 | 26 | - name: Installing Docker 27 | apt: name={{ item }} update_cache=yes state=latest 28 | loop: [ 'docker-ce', 'docker-ce-cli', 'containerd.io' ] 29 | 30 | - name: Downloading Docker Compose 31 | shell: 32 | cmd: sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 33 | warn: False 34 | 35 | - name: Changing permissions to Docker Compose 36 | file: 37 | path: /usr/local/bin/docker-compose 38 | mode: a+x 39 | 40 | - name: Create a symbolic link for Docker Compose 41 | file: 42 | src: /usr/local/bin/docker-compose 43 | dest: /usr/bin/docker-compose 44 | state: link 45 | 46 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/hashing.php: -------------------------------------------------------------------------------- 1 | 'bcrypt', 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Bcrypt Options 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may specify the configuration options that should be used when 26 | | passwords are hashed using the Bcrypt algorithm. This will allow you 27 | | to control the amount of time it takes to hash the given password. 28 | | 29 | */ 30 | 31 | 'bcrypt' => [ 32 | 'rounds' => env('BCRYPT_ROUNDS', 10), 33 | ], 34 | 35 | /* 36 | |-------------------------------------------------------------------------- 37 | | Argon Options 38 | |-------------------------------------------------------------------------- 39 | | 40 | | Here you may specify the configuration options that should be used when 41 | | passwords are hashed using the Argon algorithm. These will allow you 42 | | to control the amount of time it takes to hash the given password. 43 | | 44 | */ 45 | 46 | 'argon' => [ 47 | 'memory' => 1024, 48 | 'threads' => 2, 49 | 'time' => 2, 50 | ], 51 | 52 | ]; 53 | -------------------------------------------------------------------------------- /kubernetes/gateway-api-istio/003-gateway-api-extra/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: gateway.networking.k8s.io/v1 2 | kind: Gateway 3 | metadata: 4 | name: production 5 | namespace: istio-system 6 | spec: 7 | 8 | # A standalone Envoy deployment can be used to gain fine control over the 9 | # resources, disruption policies, etc. 10 | #addresses: 11 | # - type: Hostname 12 | # value: istio-standalone.istio-system.svc.cluster.local 13 | 14 | gatewayClassName: istio 15 | listeners: 16 | 17 | ########################################## 18 | ## HTTP endpoint with NO SECURITY 19 | ########################################## 20 | - allowedRoutes: 21 | namespaces: 22 | from: All 23 | hostname: example.com 24 | name: http 25 | port: 80 26 | protocol: HTTP 27 | 28 | ########################################## 29 | ## HTTPS endpoint with TLS termination 30 | ########################################## 31 | 32 | #- allowedRoutes: 33 | # namespaces: 34 | # from: All 35 | # hostname: '*.example.com' 36 | # name: https 37 | # port: 443 38 | # protocol: HTTPS 39 | # tls: 40 | # certificateRefs: 41 | # - group: "" 42 | # kind: Secret 43 | # name: example-entrance-tls 44 | # mode: Terminate 45 | 46 | ########################################## 47 | ## HTTPS endpoint with mTLS 48 | ########################################## 49 | 50 | #- allowedRoutes: 51 | # namespaces: 52 | # from: All 53 | # name: https-mtls 54 | # port: 8443 55 | # protocol: HTTPS 56 | # tls: 57 | # certificateRefs: 58 | # - group: "" 59 | # kind: Secret 60 | # name: https-mtls 61 | # mode: Terminate 62 | # options: 63 | # gateway.istio.io/tls-terminate-mode: MUTUAL 64 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/bootstrap/app.php: -------------------------------------------------------------------------------- 1 | singleton( 30 | Illuminate\Contracts\Http\Kernel::class, 31 | App\Http\Kernel::class 32 | ); 33 | 34 | $app->singleton( 35 | Illuminate\Contracts\Console\Kernel::class, 36 | App\Console\Kernel::class 37 | ); 38 | 39 | $app->singleton( 40 | Illuminate\Contracts\Debug\ExceptionHandler::class, 41 | App\Exceptions\Handler::class 42 | ); 43 | 44 | /* 45 | |-------------------------------------------------------------------------- 46 | | Return The Application 47 | |-------------------------------------------------------------------------- 48 | | 49 | | This script returns the application instance. The instance is given to 50 | | the calling script so we can separate the building of the instances 51 | | from the actual running of the application and sending responses. 52 | | 53 | */ 54 | 55 | return $app; 56 | -------------------------------------------------------------------------------- /kubernetes/kuberbac/001-dummy-extras/dynamic-cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kuberbac.prosimcorp.com/v1alpha1 2 | kind: DynamicClusterRole 3 | metadata: 4 | name: example-policy 5 | spec: 6 | # Synchronization parameters 7 | synchronization: 8 | time: "30s" 9 | 10 | # Desired name for produced ClusterRole 11 | target: 12 | name: example-policy 13 | annotations: {} 14 | labels: {} 15 | 16 | # This flag create two separated ClusterRoles: 17 | # one for cluster-wide resources and another for namespace-scoped resources 18 | separateScopes: true 19 | 20 | # This is where the allowed policies are expressed 21 | # Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/ 22 | allow: 23 | # Allow everything to remove permissions or resources later 24 | # Of course, you can be much more specific. This is just an example 25 | - apiGroups: [ "*" ] 26 | resources: [ "*" ] 27 | verbs: [ "*" ] 28 | 29 | # This is where the denied policies are expressed 30 | # Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/ 31 | deny: 32 | # Deny access to resources related to this wonderful RBAC 33 | # You can use typical wildcards. They will be expanded by Kuberbac 34 | - apiGroups: 35 | - "*" 36 | resources: 37 | - "dynamicclusterroles" 38 | - "dynamicrolebindings" 39 | verbs: 40 | - "*" 41 | 42 | # Deny access to resources related to core RBAC 43 | - apiGroups: 44 | - "*" 45 | resources: 46 | - "clusterroles" 47 | - "clusterrolebindings" 48 | - "serviceaccounts" 49 | verbs: 50 | - "*" 51 | 52 | # Deny access to secrets 53 | - apiGroups: [ "*" ] 54 | resources: [ "secrets" ] 55 | verbs: [ "*" ] 56 | 57 | - apiGroups: [ "" ] 58 | resources: [ "pods/exec", "pods/attach" ] 59 | verbs: [ "*" ] 60 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "laravel/laravel", 3 | "type": "project", 4 | "description": "The Laravel Framework.", 5 | "keywords": [ 6 | "framework", 7 | "laravel" 8 | ], 9 | "license": "MIT", 10 | "require": { 11 | "php": "^7.3|^8.0", 12 | "fideloper/proxy": "^4.4", 13 | "fruitcake/laravel-cors": "^2.0", 14 | "guzzlehttp/guzzle": "^7.0.1", 15 | "laravel/framework": "^8.12", 16 | "laravel/tinker": "^2.5" 17 | }, 18 | "require-dev": { 19 | "facade/ignition": "^2.5", 20 | "fakerphp/faker": "^1.9.1", 21 | "mockery/mockery": "^1.4.2", 22 | "nunomaduro/collision": "^5.0", 23 | "phpunit/phpunit": "^9.3.3" 24 | }, 25 | "config": { 26 | "optimize-autoloader": true, 27 | "preferred-install": "dist", 28 | "sort-packages": true 29 | }, 30 | "extra": { 31 | "laravel": { 32 | "dont-discover": [] 33 | } 34 | }, 35 | "autoload": { 36 | "psr-4": { 37 | "App\\": "app/", 38 | "Database\\Factories\\": "database/factories/", 39 | "Database\\Seeders\\": "database/seeders/" 40 | } 41 | }, 42 | "autoload-dev": { 43 | "psr-4": { 44 | "Tests\\": "tests/" 45 | } 46 | }, 47 | "minimum-stability": "dev", 48 | "prefer-stable": true, 49 | "scripts": { 50 | "post-autoload-dump": [ 51 | "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump", 52 | "@php artisan package:discover --ansi" 53 | ], 54 | "post-root-package-install": [ 55 | "@php -r \"file_exists('.env') || copy('.env.example', '.env');\"" 56 | ], 57 | "post-create-project-cmd": [ 58 | "@php artisan key:generate --ansi" 59 | ] 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/artisan: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env php 2 | make(Illuminate\Contracts\Console\Kernel::class); 34 | 35 | $status = $kernel->handle( 36 | $input = new Symfony\Component\Console\Input\ArgvInput, 37 | new Symfony\Component\Console\Output\ConsoleOutput 38 | ); 39 | 40 | /* 41 | |-------------------------------------------------------------------------- 42 | | Shutdown The Application 43 | |-------------------------------------------------------------------------- 44 | | 45 | | Once Artisan has finished running, we will fire off the shutdown events 46 | | so that any final work may be done by the application before we shut 47 | | down the process. This is the last thing to happen to the request. 48 | | 49 | */ 50 | 51 | $kernel->terminate($input, $status); 52 | 53 | exit($status); 54 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/002-fluentd-loki/003-fluentd-daemonset.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: DaemonSet 4 | metadata: 5 | name: fluentd 6 | namespace: kube-logging 7 | labels: 8 | app: fluentd 9 | version: v1 10 | kubernetes.io/cluster-service: "true" 11 | spec: 12 | selector: 13 | matchLabels: 14 | app: fluentd 15 | version: v1 16 | kubernetes.io/cluster-service: "true" 17 | template: 18 | metadata: 19 | labels: 20 | app: fluentd 21 | version: v1 22 | kubernetes.io/cluster-service: "true" 23 | spec: 24 | serviceAccount: fluentd 25 | serviceAccountName: fluentd 26 | tolerations: 27 | - key: node-role.kubernetes.io/master 28 | effect: NoSchedule 29 | containers: 30 | - name: fluentd 31 | image: fluent/fluentd-kubernetes-daemonset:v1.4-debian-forward-1 32 | command: 33 | - /bin/sh 34 | - '-c' 35 | - > 36 | fluent-gem i fluent-plugin-grafana-loki-licence-fix ; 37 | fluent-gem i fluent-plugin-parser-cri --no-document ; 38 | tini /fluentd/entrypoint.sh; 39 | resources: 40 | limits: 41 | memory: 512Mi 42 | requests: 43 | cpu: 100m 44 | memory: 200Mi 45 | volumeMounts: 46 | - name: varlog 47 | mountPath: /var/log 48 | - name: varlibdockercontainers 49 | mountPath: /var/lib/docker/containers 50 | readOnly: true 51 | - name: config 52 | mountPath: /fluentd/etc 53 | terminationGracePeriodSeconds: 30 54 | volumes: 55 | - name: varlog 56 | hostPath: 57 | path: /var/log 58 | - name: varlibdockercontainers 59 | hostPath: 60 | path: /var/lib/docker/containers 61 | - name: config 62 | configMap: 63 | name: fluentd-config -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/public/index.php: -------------------------------------------------------------------------------- 1 | make(Kernel::class); 50 | 51 | $response = tap($kernel->handle( 52 | $request = Request::capture() 53 | ))->send(); 54 | 55 | $kernel->terminate($request, $response); 56 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Providers/RouteServiceProvider.php: -------------------------------------------------------------------------------- 1 | configureRateLimiting(); 39 | 40 | $this->routes(function () { 41 | Route::prefix('api') 42 | ->middleware('api') 43 | ->namespace($this->namespace) 44 | ->group(base_path('routes/api.php')); 45 | 46 | Route::middleware('web') 47 | ->namespace($this->namespace) 48 | ->group(base_path('routes/web.php')); 49 | }); 50 | } 51 | 52 | /** 53 | * Configure the rate limiters for the application. 54 | * 55 | * @return void 56 | */ 57 | protected function configureRateLimiting() 58 | { 59 | RateLimiter::for('api', function (Request $request) { 60 | return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip()); 61 | }); 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/broadcasting.php: -------------------------------------------------------------------------------- 1 | env('BROADCAST_DRIVER', 'null'), 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Broadcast Connections 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may define all of the broadcast connections that will be used 26 | | to broadcast events to other systems or over websockets. Samples of 27 | | each available type of connection are provided inside this array. 28 | | 29 | */ 30 | 31 | 'connections' => [ 32 | 33 | 'pusher' => [ 34 | 'driver' => 'pusher', 35 | 'key' => env('PUSHER_APP_KEY'), 36 | 'secret' => env('PUSHER_APP_SECRET'), 37 | 'app_id' => env('PUSHER_APP_ID'), 38 | 'options' => [ 39 | 'cluster' => env('PUSHER_APP_CLUSTER'), 40 | 'useTLS' => true, 41 | ], 42 | ], 43 | 44 | 'ably' => [ 45 | 'driver' => 'ably', 46 | 'key' => env('ABLY_KEY'), 47 | ], 48 | 49 | 'redis' => [ 50 | 'driver' => 'redis', 51 | 'connection' => 'default', 52 | ], 53 | 54 | 'log' => [ 55 | 'driver' => 'log', 56 | ], 57 | 58 | 'null' => [ 59 | 'driver' => 'null', 60 | ], 61 | 62 | ], 63 | 64 | ]; 65 | -------------------------------------------------------------------------------- /kubernetes/rabbitmq-cluster/README.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | 3 | This folder contains the files to create a RabbitMQ cluster based on the 4 | rabbitmq operator, which has to be installed into Kubernetes 5 | 6 | # Installation: Official 7 | 8 | 1. You must have the RabbitMQ Operator in the cluster. Check it executing the following: 9 | 10 | ``` 11 | kubectl get customresourcedefinitions.apiextensions.k8s.io 12 | 13 | # NAME CREATED AT 14 | # rabbitmqclusters.rabbitmq.com 2019-10-23T10:11:06Z 15 | ``` 16 | 17 | If you don't have it installed, you just have to install it applying this file: 18 | 19 | ``` 20 | kubectl apply -f "https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml" 21 | ``` 22 | 23 | 2. The second step is to apply the files in the right order. 24 | 25 | If you have any doubt, there is a link 26 | where you can read the installation instructions [here](https://www.rabbitmq.com/kubernetes/operator/install-operator.html) 27 | 28 | 3. Extra 29 | 30 | Configure TLS for safe connections 31 | 32 | ``` 33 | TLS Configuration 34 | Description: Configure RabbitMQ to use the certificates provided by Secret spec.tls.secretName. 35 | The Secret must already exist in the same Namespace as the RabbitmqCluster object. 36 | It is expected that the Secret contains tls.key and tls.crt for the private key and public certificate respectively. 37 | 38 | Optionally, configure RabbitMQ to connect using mutual TLS authentication (mTLS) by providing a CA certificate to 39 | verify peer certificates against. This certificate must be stored under a key of name spec.tls.caCertName, 40 | in a Secret of name spec.tls.caSecretName, in the same Namespace as the RabbitmqCluster object. 41 | Note that this can be the same Secret as spec.tls.secretName. 42 | ``` 43 | 44 | Obtain user and password 45 | 46 | ``` 47 | kubectl -n default get secret rabbitmqcluster-default-user -o jsonpath="{.data.username}" | base64 --decode | cowsay 48 | kubectl -n default get secret rabbitmqcluster-default-user -o jsonpath="{.data.password}" | base64 --decode | cowsay 49 | ``` 50 | 51 | 52 | -------------------------------------------------------------------------------- /kubernetes/juicefs/01-csi-driver/values.yaml: -------------------------------------------------------------------------------- 1 | # Ref: https://github.com/juicedata/charts/blob/main/charts/juicefs-csi-driver/values.yaml 2 | 3 | juicefs-csi-driver: 4 | 5 | # The way JuiceFS Client runs. choose between: 6 | # - mountpod: default, run JuiceFS Client in an independent pod 7 | # - sidecar: run JuiceFS Client as a sidecar container in the same pod with application 8 | # - process: run JuiceFS Client as a process in the JuiceFS CSI node service 9 | # - serverless: a special "sidecar" mode that requires no privilege, creates no hostPath volumes, to allow full serverless deployment 10 | # Ref: https://juicefs.com/docs/csi/introduction/ 11 | mountMode: mountpod 12 | 13 | # Specifies whether JuiceFS is being deployed in an immutable Kubernetes environment. 14 | # Immutable environments, such as Talos Linux, have read-only paths in the host filesystem. 15 | immutable: false 16 | 17 | # CSI Dashboard helps with CSI Driver observation, enabled by default 18 | dashboard: 19 | enabled: true 20 | 21 | # Basic auth for dashboard 22 | auth: 23 | enabled: false 24 | 25 | # Set existingSecret to indicate whether to use an existing secret. 26 | # If it is empty, a corresponding secret will be created according to the plain text configuration. 27 | existingSecret: "" 28 | username: admin 29 | password: admin 30 | 31 | # For production environment, manually create & manage storageClass outside Helm is recommended, ref: https://juicefs.com/docs/csi/guide/pv#create-storage-class 32 | storageClasses: 33 | - name: "juicefs-primary" 34 | enabled: true 35 | 36 | # Set existingSecret to indicate whether to use an existing secret. 37 | # If it is empty, a corresponding secret will be created according to the plain text configuration. 38 | existingSecret: juicefs-credentials 39 | 40 | # Additional annotations for this StorageClass, e.g. make it default 41 | # annotations: 42 | # storageclass.kubernetes.io/is-default-class: "true" 43 | 44 | # Customize PV directory format, ref: https://juicefs.com/docs/csi/guide/pv#using-path-pattern 45 | pathPattern: "${.PVC.namespace}-${.PVC.name}" 46 | 47 | mountPod: 48 | # Mount pod resource requests & limits 49 | resources: 50 | limits: 51 | cpu: 5000m 52 | memory: 5Gi 53 | requests: 54 | cpu: 1000m 55 | memory: 1Gi 56 | # Override mount pod image, ref: https://juicefs.com/docs/csi/guide/custom-image 57 | image: "" 58 | # Set annotations for the mount pod 59 | annotations: {} -------------------------------------------------------------------------------- /kubernetes/juicefs/00-metadata-server/values.yaml: -------------------------------------------------------------------------------- 1 | # Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis-cluster/values.yaml 2 | # Ref: https://juicefs.com/docs/community/redis_best_practices 3 | 4 | redis-cluster: 5 | 6 | # Guarantee some availability during rotation 7 | pdb: 8 | create: true 9 | minAvailable: 50% 10 | 11 | # Use password authentication 12 | usePassword: true 13 | 14 | # Redis password (ignored if existingSecret set) 15 | # Defaults to a random 10-character alphanumeric string if not set and usePassword is true 16 | #password: "" 17 | 18 | existingSecret: metadata-redis-cluster 19 | existingSecretPasswordKey: redis-password 20 | 21 | # Enable persistence using Persistent Volume Claims 22 | persistence: 23 | enabled: true 24 | 25 | storageClass: "" 26 | size: 20Gi 27 | 28 | # 'whenScaled' Volume retention behavior when the replica count of the StatefulSet is reduced 29 | # 'whenDeleted' Volume retention behavior that applies when the StatefulSet is deleted 30 | persistentVolumeClaimRetentionPolicy: 31 | enabled: false 32 | whenScaled: Retain 33 | whenDeleted: Retain 34 | 35 | redis: 36 | resourcesPreset: "xlarge" 37 | # resources: {} 38 | 39 | 40 | # Steps for scaling-up the cluster after first installation: 41 | # 1. Set 'init' to false 42 | # 1. Set 'update.currentNumberOfNodes' and 'update.currentNumberOfReplicas' to current actual values 43 | # 2. Set 'nodes' and 'replicas' to desired values 44 | # 3. Set 'update.addNodes' to true 45 | # 4. Perform a Helm upgrade 46 | # 5. Set 'update.addNodes' to false again 47 | 48 | # Steps for scaling-down the cluster after first installation: 49 | # 1. Set 'init' to false 50 | # 2. Set 'nodes' and 'replicas' to desired values 51 | # 3. Set 'update.addNodes' to false 52 | # 4. Perform a Helm upgrade 53 | 54 | cluster: 55 | # Set this to false only after first installation 56 | # init: false 57 | 58 | # The number of master nodes should always be >= 3, otherwise cluster creation will fail 59 | nodes: 6 60 | 61 | # Number of replicas for every master in the cluster 62 | # Take care with this. Use the following example: 63 | # 6 nodes w/ 1 replicas = 3 master + 3 replica 64 | # 3 nodes w/ 0 replicas = 3 master + 0 replica 65 | replicas: 1 66 | 67 | # This section allows to update the Redis cluster nodes. 68 | update: 69 | # Setting this to true a hook will add nodes to the Redis cluster after the upgrade. 70 | # Enable it when the operation is actually needed 71 | addNodes: false 72 | 73 | currentNumberOfNodes: 9 74 | currentNumberOfReplicas: 2 75 | -------------------------------------------------------------------------------- /kubernetes/logs-loki-fluentd-grafana/002-fluentd-loki/004-fluentd-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: fluentd-config 5 | namespace: kube-logging 6 | labels: 7 | app: fluentd 8 | data: 9 | fluent.conf: | 10 | 11 | @type tail 12 | path /var/log/*.log 13 | pos_file /var/log/fluentd/tmp/access.log.pos 14 | tag foo.* 15 | 16 | 17 | @type json 18 | 19 | 20 | 21 | 22 | @type tail 23 | @id in_tail_container_logs 24 | path /var/log/containers/*.log 25 | exclude_path ["/var/log/containers/fluentd*"] 26 | pos_file /var/log/fluentd-containers.log.pos 27 | tag kubernetes.* 28 | read_from_head true 29 | 30 | # ATTENTION: THE FOLLOWING DEPENDS ON THE KUBERNETES VERSION 31 | # https://github.com/fluent/fluent-plugin-parser-cri#log-and-configuration-example 32 | 33 | # 34 | # @type cri 35 | # merge_cri_fields false 36 | # 37 | # @type json 38 | # time_key time 39 | # time_format %Y-%m-%dT%H:%M:%S.%L%z 40 | # 41 | # 42 | 43 | 44 | @type cri 45 | time_format %Y-%m-%dT%H:%M:%S.%L%z 46 | 47 | 48 | 49 | 50 | 51 | @type null 52 | 53 | 54 | 55 | @type null 56 | 57 | 58 | 59 | @type kubernetes_metadata 60 | @id filter_kube_metadata 61 | 62 | 63 | 64 | @type record_transformer 65 | enable_ruby 66 | remove_keys kubernetes, docker 67 | 68 | 69 | app ${ record.dig("kubernetes", "labels", "app") } 70 | job ${ record.dig("kubernetes", "labels", "app") } 71 | namespace ${ record.dig("kubernetes", "namespace_name") } 72 | pod ${ record.dig("kubernetes", "pod_name") } 73 | container ${ record.dig("kubernetes", "container_name") } 74 | 75 | 76 | 77 | 78 | @type copy 79 | 80 | 81 | @type loki 82 | url "http://loki-service.kube-logging.svc.cluster.local:3100" 83 | # extra_labels {"env":"dev"} 84 | label_keys "app,job,namespace,pod,container" 85 | flush_interval 10s 86 | flush_at_shutdown true 87 | buffer_chunk_limit 1m 88 | 89 | 90 | 91 | @type stdout 92 | 93 | 94 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/app/Http/Kernel.php: -------------------------------------------------------------------------------- 1 | [ 33 | \App\Http\Middleware\EncryptCookies::class, 34 | \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, 35 | \Illuminate\Session\Middleware\StartSession::class, 36 | // \Illuminate\Session\Middleware\AuthenticateSession::class, 37 | \Illuminate\View\Middleware\ShareErrorsFromSession::class, 38 | \App\Http\Middleware\VerifyCsrfToken::class, 39 | \Illuminate\Routing\Middleware\SubstituteBindings::class, 40 | ], 41 | 42 | 'api' => [ 43 | 'throttle:api', 44 | \Illuminate\Routing\Middleware\SubstituteBindings::class, 45 | ], 46 | ]; 47 | 48 | /** 49 | * The application's route middleware. 50 | * 51 | * These middleware may be assigned to groups or used individually. 52 | * 53 | * @var array 54 | */ 55 | protected $routeMiddleware = [ 56 | 'auth' => \App\Http\Middleware\Authenticate::class, 57 | 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 58 | 'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class, 59 | 'can' => \Illuminate\Auth\Middleware\Authorize::class, 60 | 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 61 | 'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class, 62 | 'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class, 63 | 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 64 | 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class, 65 | ]; 66 | } 67 | -------------------------------------------------------------------------------- /docker/gitlab-ci/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Achetronic 12 | 13 | 14 |
15 | 16 |
17 |
18 |
the web header
19 | 20 |
21 |

Gitlab

22 |

Youtube

23 |

Medium

24 |

Linkedin

25 |

Twitter

26 |

Twitch

27 |
28 | 29 |
Achetronic ©
30 | 31 |
32 |
33 |
34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/filesystems.php: -------------------------------------------------------------------------------- 1 | env('FILESYSTEM_DRIVER', 'local'), 17 | 18 | /* 19 | |-------------------------------------------------------------------------- 20 | | Default Cloud Filesystem Disk 21 | |-------------------------------------------------------------------------- 22 | | 23 | | Many applications store files both locally and in the cloud. For this 24 | | reason, you may specify a default "cloud" driver here. This driver 25 | | will be bound as the Cloud disk implementation in the container. 26 | | 27 | */ 28 | 29 | 'cloud' => env('FILESYSTEM_CLOUD', 's3'), 30 | 31 | /* 32 | |-------------------------------------------------------------------------- 33 | | Filesystem Disks 34 | |-------------------------------------------------------------------------- 35 | | 36 | | Here you may configure as many filesystem "disks" as you wish, and you 37 | | may even configure multiple disks of the same driver. Defaults have 38 | | been setup for each driver as an example of the required options. 39 | | 40 | | Supported Drivers: "local", "ftp", "sftp", "s3" 41 | | 42 | */ 43 | 44 | 'disks' => [ 45 | 46 | 'local' => [ 47 | 'driver' => 'local', 48 | 'root' => storage_path('app'), 49 | ], 50 | 51 | 'public' => [ 52 | 'driver' => 'local', 53 | 'root' => storage_path('app/public'), 54 | 'url' => env('APP_URL').'/storage', 55 | 'visibility' => 'public', 56 | ], 57 | 58 | 's3' => [ 59 | 'driver' => 's3', 60 | 'key' => env('AWS_ACCESS_KEY_ID'), 61 | 'secret' => env('AWS_SECRET_ACCESS_KEY'), 62 | 'region' => env('AWS_DEFAULT_REGION'), 63 | 'bucket' => env('AWS_BUCKET'), 64 | 'url' => env('AWS_URL'), 65 | 'endpoint' => env('AWS_ENDPOINT'), 66 | ], 67 | 68 | ], 69 | 70 | /* 71 | |-------------------------------------------------------------------------- 72 | | Symbolic Links 73 | |-------------------------------------------------------------------------- 74 | | 75 | | Here you may configure the symbolic links that will be created when the 76 | | `storage:link` Artisan command is executed. The array keys should be 77 | | the locations of the links and the values should be their targets. 78 | | 79 | */ 80 | 81 | 'links' => [ 82 | public_path('storage') => storage_path('app/public'), 83 | ], 84 | 85 | ]; 86 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/queue.php: -------------------------------------------------------------------------------- 1 | env('QUEUE_CONNECTION', 'sync'), 17 | 18 | /* 19 | |-------------------------------------------------------------------------- 20 | | Queue Connections 21 | |-------------------------------------------------------------------------- 22 | | 23 | | Here you may configure the connection information for each server that 24 | | is used by your application. A default configuration has been added 25 | | for each back-end shipped with Laravel. You are free to add more. 26 | | 27 | | Drivers: "sync", "database", "beanstalkd", "sqs", "redis", "null" 28 | | 29 | */ 30 | 31 | 'connections' => [ 32 | 33 | 'sync' => [ 34 | 'driver' => 'sync', 35 | ], 36 | 37 | 'database' => [ 38 | 'driver' => 'database', 39 | 'table' => 'jobs', 40 | 'queue' => 'default', 41 | 'retry_after' => 90, 42 | ], 43 | 44 | 'beanstalkd' => [ 45 | 'driver' => 'beanstalkd', 46 | 'host' => 'localhost', 47 | 'queue' => 'default', 48 | 'retry_after' => 90, 49 | 'block_for' => 0, 50 | ], 51 | 52 | 'sqs' => [ 53 | 'driver' => 'sqs', 54 | 'key' => env('AWS_ACCESS_KEY_ID'), 55 | 'secret' => env('AWS_SECRET_ACCESS_KEY'), 56 | 'prefix' => env('SQS_PREFIX', 'https://sqs.us-east-1.amazonaws.com/your-account-id'), 57 | 'queue' => env('SQS_QUEUE', 'your-queue-name'), 58 | 'suffix' => env('SQS_SUFFIX'), 59 | 'region' => env('AWS_DEFAULT_REGION', 'us-east-1'), 60 | ], 61 | 62 | 'redis' => [ 63 | 'driver' => 'redis', 64 | 'connection' => 'default', 65 | 'queue' => env('REDIS_QUEUE', 'default'), 66 | 'retry_after' => 90, 67 | 'block_for' => null, 68 | ], 69 | 70 | ], 71 | 72 | /* 73 | |-------------------------------------------------------------------------- 74 | | Failed Queue Jobs 75 | |-------------------------------------------------------------------------- 76 | | 77 | | These options configure the behavior of failed queue job logging so you 78 | | can control which database and table are used to store the jobs that 79 | | have failed. You may change them to any database / table you wish. 80 | | 81 | */ 82 | 83 | 'failed' => [ 84 | 'driver' => env('QUEUE_FAILED_DRIVER', 'database-uuids'), 85 | 'database' => env('DB_CONNECTION', 'mysql'), 86 | 'table' => 'failed_jobs', 87 | ], 88 | 89 | ]; 90 | -------------------------------------------------------------------------------- /docker/laravel-container/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.5" 2 | 3 | 4 | 5 | #Docker Networks 6 | networks: 7 | internal: 8 | driver: bridge 9 | name: internal 10 | external: 11 | driver: bridge 12 | name: external 13 | 14 | 15 | 16 | # Docker Volumes 17 | volumes: 18 | backend: 19 | name: backend 20 | 21 | 22 | 23 | # Docker services 24 | services: 25 | 26 | # Laravel container (backend) 27 | backend: 28 | build: 29 | context: build/backend 30 | dockerfile: build/backend/Dockerfile 31 | image: backend:laravel 32 | container_name: backend 33 | restart: always 34 | tty: true 35 | stdin_open: true 36 | environment: 37 | APP_VENDOR: "Achetronic" 38 | APP_NAME: "Laravel" 39 | APP_ENV: local 40 | APP_KEY: "base64:ejHnK9FbRXrtLw85zkQ9Eo7DiyQyJfVSge20qX+rQ8s=" 41 | APP_DEBUG: "false" 42 | APP_URL: https://your-site.com 43 | LOG_CHANNEL: stack 44 | 45 | ###### MYSQL ###### 46 | DB_CONNECTION: mysql 47 | DB_HOST: database 48 | DB_PORT: 3306 49 | DB_DATABASE: "your-database" 50 | DB_USERNAME: "your-user" 51 | DB_PASSWORD: "your-password" 52 | 53 | ###### EXTRA ###### 54 | BROADCAST_DRIVER: log 55 | CACHE_DRIVER: file 56 | QUEUE_CONNECTION: sync 57 | SESSION_DRIVER: file 58 | SESSION_LIFETIME: 120 59 | 60 | ###### REDIS ###### 61 | REDIS_HOST: cache 62 | REDIS_PASSWORD: null 63 | REDIS_PORT: 6379 64 | 65 | ###### SENDGRID ###### 66 | MAIL_DRIVER: smtp 67 | MAIL_HOST: smtp.sendgrid.net 68 | MAIL_PORT: 587 69 | MAIL_USERNAME: apikey 70 | MAIL_PASSWORD: "SG.7U4aAIFjSEiqdRjs-a0pug.r3IJ_DsdfdsfLK0S978546ds67f9ds79fds7Ndsfdsc8GF8e29K34cfv_5Os_your-key" 71 | MAIL_ENCRYPTION: tls 72 | MAIL_FROM_NAME: "${APP_NAME}" 73 | MAIL_FROM_ADDRESS: "noreply@your-site.com" 74 | 75 | working_dir: /var/www 76 | volumes: 77 | - type: volume 78 | source: backend 79 | target: /var/www 80 | expose: 81 | - "9000" 82 | networks: 83 | - internal 84 | 85 | # Nginx (frontend) 86 | frontend: 87 | build: 88 | context: build/frontend 89 | dockerfile: build/frontend/Dockerfile 90 | image: frontend:nginx 91 | container_name: frontend 92 | depends_on: 93 | - backend 94 | restart: always 95 | tty: true 96 | stdin_open: true 97 | working_dir: /var/www 98 | volumes: 99 | - type: volume 100 | source: backend 101 | target: /var/www 102 | read_only: true 103 | volume: 104 | nocopy: true 105 | ports: 106 | - "80:80" 107 | - "443:443" 108 | networks: 109 | - internal 110 | - external 111 | 112 | -------------------------------------------------------------------------------- /kubernetes/gateway-api-istio/002-istio-control-plane/values-production.yaml: -------------------------------------------------------------------------------- 1 | # Ref: https://github.com/istio/istio/blob/master/manifests/charts/istio-control/istio-discovery/values.yaml 2 | istiod: 3 | 4 | global: 5 | istioNamespace: istio-system 6 | 7 | # To output all istio components logs in json format by adding --log_as_json argument to each container argument 8 | logAsJson: true 9 | 10 | proxy: 11 | # This controls the 'policy' in the sidecar injector. 12 | # Ref: https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/ 13 | autoInject: disabled 14 | 15 | resources: 16 | requests: &istioResourcesRequests 17 | cpu: 1000m 18 | memory: 1024Mi 19 | limits: 20 | <<: *istioResourcesRequests 21 | cpu: 2000m 22 | 23 | # Discovery Settings 24 | pilot: 25 | 26 | # Mesh config settings 27 | # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services 28 | # Done this way for keeping compatibility with current Istio configuration 29 | ipFamilyPolicy: "SingleStack" 30 | ipFamilies: [ "IPv4" ] 31 | 32 | # Ref: https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig 33 | meshConfig: 34 | 35 | # Ref: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#format-rules 36 | # Ref: https://www.envoyproxy.io/docs/envoy/v1.11.1/configuration/http_filters/router_filter.html?highlight=x-envoy%20attempt%20count#x-envoy-attempt-count 37 | accessLogFile: /dev/stdout 38 | accessLogEncoding: JSON 39 | accessLogFormat: | 40 | { 41 | "protocol": "%PROTOCOL%", 42 | "upstream_service_time": "%REQ(X-ENVOY-UPSTREAM-SERVICE-TIME)%", 43 | "upstream_local_address": "%UPSTREAM_LOCAL_ADDRESS%", 44 | "duration": "%DURATION%", 45 | "request_duration": "%REQUEST_DURATION%", 46 | "response_duration": "%RESPONSE_DURATION%", 47 | "upstream_transport_failure_reason": "%UPSTREAM_TRANSPORT_FAILURE_REASON%", 48 | "route_name": "%ROUTE_NAME%", 49 | "downstream_local_address": "%DOWNSTREAM_LOCAL_ADDRESS%", 50 | "user_agent": "%REQ(USER-AGENT)%", 51 | "response_code": "%RESPONSE_CODE%", 52 | "response_flags": "%RESPONSE_FLAGS%", 53 | "start_time": "%START_TIME%", 54 | "method": "%REQ(:METHOD)%", 55 | "request_id": "%REQ(X-REQUEST-ID)%", 56 | "upstream_host": "%UPSTREAM_HOST%", 57 | "x_forwarded_for": "%REQ(X-FORWARDED-FOR)%", 58 | "client_ip": "%REQ(TRUE-Client-IP)%", 59 | "requested_server_name": "%REQUESTED_SERVER_NAME%", 60 | "bytes_received": "%BYTES_RECEIVED%", 61 | "bytes_sent": "%BYTES_SENT%", 62 | "upstream_cluster": "%UPSTREAM_CLUSTER%", 63 | "downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%", 64 | "authority": "%REQ(:AUTHORITY)%", 65 | "path": "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", 66 | "response_code_details": "%RESPONSE_CODE_DETAILS%", 67 | "request_attempt": "%REQ(X-ENVOY-ATTEMPT-COUNT)%" 68 | } 69 | 70 | defaultConfig: 71 | # Configuration for the gateway topology. Used to determine the number of XFF headers that will be processed. 72 | gatewayTopology: 73 | # Number of proxies that can be chained together before reaching Istio. 74 | # This amount is to have an open limit. 75 | numTrustedProxies: 12 76 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/logging.php: -------------------------------------------------------------------------------- 1 | env('LOG_CHANNEL', 'stack'), 21 | 22 | /* 23 | |-------------------------------------------------------------------------- 24 | | Log Channels 25 | |-------------------------------------------------------------------------- 26 | | 27 | | Here you may configure the log channels for your application. Out of 28 | | the box, Laravel uses the Monolog PHP logging library. This gives 29 | | you a variety of powerful log handlers / formatters to utilize. 30 | | 31 | | Available Drivers: "single", "daily", "slack", "syslog", 32 | | "errorlog", "monolog", 33 | | "custom", "stack" 34 | | 35 | */ 36 | 37 | 'channels' => [ 38 | 'stack' => [ 39 | 'driver' => 'stack', 40 | 'channels' => ['single'], 41 | 'ignore_exceptions' => false, 42 | ], 43 | 44 | 'single' => [ 45 | 'driver' => 'single', 46 | 'path' => storage_path('logs/laravel.log'), 47 | 'level' => env('LOG_LEVEL', 'debug'), 48 | ], 49 | 50 | 'daily' => [ 51 | 'driver' => 'daily', 52 | 'path' => storage_path('logs/laravel.log'), 53 | 'level' => env('LOG_LEVEL', 'debug'), 54 | 'days' => 14, 55 | ], 56 | 57 | 'slack' => [ 58 | 'driver' => 'slack', 59 | 'url' => env('LOG_SLACK_WEBHOOK_URL'), 60 | 'username' => 'Laravel Log', 61 | 'emoji' => ':boom:', 62 | 'level' => env('LOG_LEVEL', 'critical'), 63 | ], 64 | 65 | 'papertrail' => [ 66 | 'driver' => 'monolog', 67 | 'level' => env('LOG_LEVEL', 'debug'), 68 | 'handler' => SyslogUdpHandler::class, 69 | 'handler_with' => [ 70 | 'host' => env('PAPERTRAIL_URL'), 71 | 'port' => env('PAPERTRAIL_PORT'), 72 | ], 73 | ], 74 | 75 | 'stderr' => [ 76 | 'driver' => 'monolog', 77 | 'handler' => StreamHandler::class, 78 | 'formatter' => env('LOG_STDERR_FORMATTER'), 79 | 'with' => [ 80 | 'stream' => 'php://stderr', 81 | ], 82 | ], 83 | 84 | 'syslog' => [ 85 | 'driver' => 'syslog', 86 | 'level' => env('LOG_LEVEL', 'debug'), 87 | ], 88 | 89 | 'errorlog' => [ 90 | 'driver' => 'errorlog', 91 | 'level' => env('LOG_LEVEL', 'debug'), 92 | ], 93 | 94 | 'null' => [ 95 | 'driver' => 'monolog', 96 | 'handler' => NullHandler::class, 97 | ], 98 | 99 | 'emergency' => [ 100 | 'path' => storage_path('logs/laravel.log'), 101 | ], 102 | ], 103 | 104 | ]; 105 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/cache.php: -------------------------------------------------------------------------------- 1 | env('CACHE_DRIVER', 'file'), 19 | 20 | /* 21 | |-------------------------------------------------------------------------- 22 | | Cache Stores 23 | |-------------------------------------------------------------------------- 24 | | 25 | | Here you may define all of the cache "stores" for your application as 26 | | well as their drivers. You may even define multiple stores for the 27 | | same cache driver to group types of items stored in your caches. 28 | | 29 | | Supported drivers: "apc", "array", "database", "file", 30 | | "memcached", "redis", "dynamodb", "null" 31 | | 32 | */ 33 | 34 | 'stores' => [ 35 | 36 | 'apc' => [ 37 | 'driver' => 'apc', 38 | ], 39 | 40 | 'array' => [ 41 | 'driver' => 'array', 42 | 'serialize' => false, 43 | ], 44 | 45 | 'database' => [ 46 | 'driver' => 'database', 47 | 'table' => 'cache', 48 | 'connection' => null, 49 | ], 50 | 51 | 'file' => [ 52 | 'driver' => 'file', 53 | 'path' => storage_path('framework/cache/data'), 54 | ], 55 | 56 | 'memcached' => [ 57 | 'driver' => 'memcached', 58 | 'persistent_id' => env('MEMCACHED_PERSISTENT_ID'), 59 | 'sasl' => [ 60 | env('MEMCACHED_USERNAME'), 61 | env('MEMCACHED_PASSWORD'), 62 | ], 63 | 'options' => [ 64 | // Memcached::OPT_CONNECT_TIMEOUT => 2000, 65 | ], 66 | 'servers' => [ 67 | [ 68 | 'host' => env('MEMCACHED_HOST', '127.0.0.1'), 69 | 'port' => env('MEMCACHED_PORT', 11211), 70 | 'weight' => 100, 71 | ], 72 | ], 73 | ], 74 | 75 | 'redis' => [ 76 | 'driver' => 'redis', 77 | 'connection' => 'cache', 78 | ], 79 | 80 | 'dynamodb' => [ 81 | 'driver' => 'dynamodb', 82 | 'key' => env('AWS_ACCESS_KEY_ID'), 83 | 'secret' => env('AWS_SECRET_ACCESS_KEY'), 84 | 'region' => env('AWS_DEFAULT_REGION', 'us-east-1'), 85 | 'table' => env('DYNAMODB_CACHE_TABLE', 'cache'), 86 | 'endpoint' => env('DYNAMODB_ENDPOINT'), 87 | ], 88 | 89 | ], 90 | 91 | /* 92 | |-------------------------------------------------------------------------- 93 | | Cache Key Prefix 94 | |-------------------------------------------------------------------------- 95 | | 96 | | When utilizing a RAM based store such as APC or Memcached, there might 97 | | be other applications utilizing the same cache. So, we'll specify a 98 | | value to get prefixed to all our keys so we can avoid collisions. 99 | | 100 | */ 101 | 102 | 'prefix' => env('CACHE_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_cache'), 103 | 104 | ]; 105 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/mail.php: -------------------------------------------------------------------------------- 1 | env('MAIL_MAILER', 'smtp'), 17 | 18 | /* 19 | |-------------------------------------------------------------------------- 20 | | Mailer Configurations 21 | |-------------------------------------------------------------------------- 22 | | 23 | | Here you may configure all of the mailers used by your application plus 24 | | their respective settings. Several examples have been configured for 25 | | you and you are free to add your own as your application requires. 26 | | 27 | | Laravel supports a variety of mail "transport" drivers to be used while 28 | | sending an e-mail. You will specify which one you are using for your 29 | | mailers below. You are free to add additional mailers as required. 30 | | 31 | | Supported: "smtp", "sendmail", "mailgun", "ses", 32 | | "postmark", "log", "array" 33 | | 34 | */ 35 | 36 | 'mailers' => [ 37 | 'smtp' => [ 38 | 'transport' => 'smtp', 39 | 'host' => env('MAIL_HOST', 'smtp.mailgun.org'), 40 | 'port' => env('MAIL_PORT', 587), 41 | 'encryption' => env('MAIL_ENCRYPTION', 'tls'), 42 | 'username' => env('MAIL_USERNAME'), 43 | 'password' => env('MAIL_PASSWORD'), 44 | 'timeout' => null, 45 | 'auth_mode' => null, 46 | ], 47 | 48 | 'ses' => [ 49 | 'transport' => 'ses', 50 | ], 51 | 52 | 'mailgun' => [ 53 | 'transport' => 'mailgun', 54 | ], 55 | 56 | 'postmark' => [ 57 | 'transport' => 'postmark', 58 | ], 59 | 60 | 'sendmail' => [ 61 | 'transport' => 'sendmail', 62 | 'path' => '/usr/sbin/sendmail -bs', 63 | ], 64 | 65 | 'log' => [ 66 | 'transport' => 'log', 67 | 'channel' => env('MAIL_LOG_CHANNEL'), 68 | ], 69 | 70 | 'array' => [ 71 | 'transport' => 'array', 72 | ], 73 | ], 74 | 75 | /* 76 | |-------------------------------------------------------------------------- 77 | | Global "From" Address 78 | |-------------------------------------------------------------------------- 79 | | 80 | | You may wish for all e-mails sent by your application to be sent from 81 | | the same address. Here, you may specify a name and address that is 82 | | used globally for all e-mails that are sent by your application. 83 | | 84 | */ 85 | 86 | 'from' => [ 87 | 'address' => env('MAIL_FROM_ADDRESS', 'hello@example.com'), 88 | 'name' => env('MAIL_FROM_NAME', 'Example'), 89 | ], 90 | 91 | /* 92 | |-------------------------------------------------------------------------- 93 | | Markdown Mail Settings 94 | |-------------------------------------------------------------------------- 95 | | 96 | | If you are using Markdown based email rendering, you may configure your 97 | | theme and component paths here, allowing you to customize the design 98 | | of the emails. Or, you may simply stick with the Laravel defaults! 99 | | 100 | */ 101 | 102 | 'markdown' => [ 103 | 'theme' => 'default', 104 | 105 | 'paths' => [ 106 | resource_path('views/vendor/mail'), 107 | ], 108 | ], 109 | 110 | ]; 111 | -------------------------------------------------------------------------------- /kubernetes/juicefs/README.md: -------------------------------------------------------------------------------- 1 | # JuiceFS 2 | 3 | ## Description 4 | 5 | This document will guide on the deployment and usage of JuiceFS inside a Kubernetes cluster. 6 | 7 | All the pieces will live inside Kubernetes, but it can be deployed using other spells of arcane magic. 8 | 9 | JuiceFS deployment is not super documented on the website and some of the following steps can be automated, such as the 10 | secrets' creation. 11 | 12 | 13 | > [!TIP] 14 | > To test this guide in KIND Kubernetes, you need to solve some 15 | > [issues](https://github.com/juicedata/juicefs-csi-driver/issues/1297) 16 | > 17 | > Don't worry, there is a fix: [fix](https://kind.sigs.k8s.io/docs/user/known-issues/#pod-errors-due-to-too-many-open-files) 18 | 19 | ## Steps 20 | 21 | ### 1. Metadata server 22 | 23 | Deploy the metadata server. This will store the location of the chunks in your object storage, the path of the files 24 | (as they are divided in several chunks), etc. Be super careful with this server as it stores the most important data. 25 | 26 | Several types of databases can be used as metadata server, such as Postgres, Redis, Etcd or MariaDB. 27 | Redis is less reliable but has higher performance. Because of that, It's better to use it in cluster mode preventing data lost. 28 | 29 | Redis is configured with authentication enabled. The secret can be provisioned in a plenty of ways, but I recommend you 30 | to use External Secrets and a credentials vault such as Hashicorp Vault. 31 | Videos for both them can be found in my Youtube channel. 32 | 33 | ```console 34 | export METADATA_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 20) 35 | 36 | kubectl create ns juicefs 37 | 38 | kubectl -n juicefs create secret generic metadata-redis-cluster \ 39 | --from-literal=redis-password=${METADATA_PASSWORD} 40 | 41 | 42 | helm dependency update ./00-metadata-server 43 | 44 | helm upgrade --install --timeout 600s metadata --namespace juicefs --create-namespace ./00-metadata-server 45 | ``` 46 | 47 | ### 2. Create the filesystem using Metadata + S3 48 | 49 | Now it's time to create the filesystem. It's super easy to do, and it's only needed to be done once, 50 | so it's not a bad idea to launch it by hand and run for your life. Anyway, if you prefer to automate 51 | this one-shot step, Bash, Ansible and company are there for you. 52 | 53 | ```console 54 | # Format your metadata and storage 55 | kubectl run juicefs-format \ 56 | --image=juicedata/mount:ce-v1.2.3 \ 57 | --restart=Never \ 58 | --env STORAGE=s3 \ 59 | --env BUCKET=https://xxxEXAMPLExxx \ 60 | --env ACCESS_KEY=xxxEXAMPLExxx \ 61 | --env SECRET_KEY=xxxEXAMPLExxx \ 62 | --env METADATA_PASSWORD=${METADATA_PASSWORD} \ 63 | --command -- /bin/sh -c ' 64 | juicefs format \ 65 | --storage ${STORAGE} \ 66 | --bucket ${BUCKET} \ 67 | --access-key ${ACCESS_KEY} \ 68 | --secret-key ${SECRET_KEY} \ 69 | redis://:${METADATA_PASSWORD}@metadata-redis-cluster.juicefs.svc:6379/1 \ 70 | juice-filesystem-01 71 | ' 72 | 73 | # Check the result 74 | kubectl logs juicefs-format 75 | ``` 76 | 77 | ### 3. Deploy and connect your CSI driver to your filesystem 78 | 79 | Create the secret for the CSI driver to access your volume. 80 | More information into the [official docs](https://juicefs.com/docs/csi/guide/pv/#community-edition) 81 | 82 | ```console 83 | kubectl create secret generic juicefs-credentials \ 84 | --namespace=juicefs \ 85 | --from-literal=name= \ 86 | --from-literal=metaurl= \ 87 | --from-literal=storage=s3 \ 88 | --from-literal=bucket=https://.s3..amazonaws.com \ 89 | --from-literal=access-key= \ 90 | --from-literal=secret-key= 91 | ``` 92 | 93 | Deploy the CSI driver with sane defaults: 94 | 95 | ```console 96 | helm dependency update ./01-csi-driver 97 | 98 | helm upgrade --install --timeout 600s csi-driver --namespace juicefs --create-namespace ./01-csi-driver 99 | ``` 100 | 101 | ### 4. Deploy an application to test everything 102 | 103 | ```console 104 | kubectl apply -k ./02-application 105 | ``` 106 | 107 | Now, if everything is done right, you can write a file inside `/usr/share/nginx/html` directory, and will appear 108 | immediately in the same dir, but in the other pod. Come on, test it! -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/config/auth.php: -------------------------------------------------------------------------------- 1 | [ 17 | 'guard' => 'web', 18 | 'passwords' => 'users', 19 | ], 20 | 21 | /* 22 | |-------------------------------------------------------------------------- 23 | | Authentication Guards 24 | |-------------------------------------------------------------------------- 25 | | 26 | | Next, you may define every authentication guard for your application. 27 | | Of course, a great default configuration has been defined for you 28 | | here which uses session storage and the Eloquent user provider. 29 | | 30 | | All authentication drivers have a user provider. This defines how the 31 | | users are actually retrieved out of your database or other storage 32 | | mechanisms used by this application to persist your user's data. 33 | | 34 | | Supported: "session", "token" 35 | | 36 | */ 37 | 38 | 'guards' => [ 39 | 'web' => [ 40 | 'driver' => 'session', 41 | 'provider' => 'users', 42 | ], 43 | 44 | 'api' => [ 45 | 'driver' => 'token', 46 | 'provider' => 'users', 47 | 'hash' => false, 48 | ], 49 | ], 50 | 51 | /* 52 | |-------------------------------------------------------------------------- 53 | | User Providers 54 | |-------------------------------------------------------------------------- 55 | | 56 | | All authentication drivers have a user provider. This defines how the 57 | | users are actually retrieved out of your database or other storage 58 | | mechanisms used by this application to persist your user's data. 59 | | 60 | | If you have multiple user tables or models you may configure multiple 61 | | sources which represent each model / table. These sources may then 62 | | be assigned to any extra authentication guards you have defined. 63 | | 64 | | Supported: "database", "eloquent" 65 | | 66 | */ 67 | 68 | 'providers' => [ 69 | 'users' => [ 70 | 'driver' => 'eloquent', 71 | 'model' => App\Models\User::class, 72 | ], 73 | 74 | // 'users' => [ 75 | // 'driver' => 'database', 76 | // 'table' => 'users', 77 | // ], 78 | ], 79 | 80 | /* 81 | |-------------------------------------------------------------------------- 82 | | Resetting Passwords 83 | |-------------------------------------------------------------------------- 84 | | 85 | | You may specify multiple password reset configurations if you have more 86 | | than one user table or model in the application and you want to have 87 | | separate password reset settings based on the specific user types. 88 | | 89 | | The expire time is the number of minutes that the reset token should be 90 | | considered valid. This security feature keeps tokens short-lived so 91 | | they have less time to be guessed. You may change this as needed. 92 | | 93 | */ 94 | 95 | 'passwords' => [ 96 | 'users' => [ 97 | 'provider' => 'users', 98 | 'table' => 'password_resets', 99 | 'expire' => 60, 100 | 'throttle' => 60, 101 | ], 102 | ], 103 | 104 | /* 105 | |-------------------------------------------------------------------------- 106 | | Password Confirmation Timeout 107 | |-------------------------------------------------------------------------- 108 | | 109 | | Here you may define the amount of seconds before a password confirmation 110 | | times out and the user is prompted to re-enter their password via the 111 | | confirmation screen. By default, the timeout lasts for three hours. 112 | | 113 | */ 114 | 115 | 'password_timeout' => 10800, 116 | 117 | ]; 118 | -------------------------------------------------------------------------------- /docker/laravel-container/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:buster-slim 2 | 3 | 4 | 5 | #### DEFINING VARS 6 | ARG php_version=7.3 7 | ARG php_fpm_path="/etc/php/${php_version}/fpm/" 8 | ARG php_fpm_pool_path="/etc/php/${php_version}/fpm/pool.d/" 9 | 10 | 11 | 12 | #### LARAVEL OPERATIONS 13 | RUN apt-get update 14 | 15 | # Installing system packages 16 | RUN apt-get install -y -qq --force-yes \ 17 | at \ 18 | lsb-base \ 19 | procps \ 20 | cron \ 21 | php${php_version}-fpm \ 22 | --no-install-recommends > /dev/null 23 | 24 | # Installing packages for Laravel 25 | RUN apt-get install -y -qq --force-yes \ 26 | php${php_version}-bcmath \ 27 | php${php_version}-json \ 28 | php${php_version}-mbstring \ 29 | php${php_version}-tokenizer \ 30 | php${php_version}-xml \ 31 | php${php_version}-mysql \ 32 | php-redis \ 33 | php-curl \ 34 | --no-install-recommends > /dev/null 35 | 36 | # Installing temporary packages 37 | RUN apt-get install -y -qq --force-yes \ 38 | composer \ 39 | git \ 40 | zip \ 41 | unzip \ 42 | php${php_version}-zip \ 43 | --no-install-recommends > /dev/null 44 | 45 | 46 | 47 | #### CONFIGURING PHP-FPM 48 | # CONFIGURING POOL 49 | COPY .build/www.conf ${php_fpm_pool_path}/www.conf 50 | RUN chown root:root ${php_fpm_pool_path}/www.conf 51 | RUN chmod 644 ${php_fpm_pool_path}/www.conf 52 | 53 | # CONFIGURING BASE 54 | COPY .build/php.ini ${php_fpm_path}/php.ini 55 | RUN chown root:root ${php_fpm_path}/php.ini 56 | RUN chmod 644 ${php_fpm_path}/php.ini 57 | 58 | 59 | 60 | #### 61 | # Creating a temporary folder for our app 62 | RUN mkdir -p /tmp/laravel 63 | 64 | # Download the entire project 65 | COPY . /tmp/laravel/ 66 | 67 | # Create needed folders for composer autoloader optimization 68 | RUN mkdir -p /app/database 69 | RUN mkdir -p /app/database/seeds 70 | RUN mkdir -p /app/database/factories 71 | 72 | # Defining which packages Composer will install 73 | RUN cp /tmp/laravel/composer.lock /app/composer.lock 74 | RUN cp /tmp/laravel/composer.json /app/composer.json 75 | 76 | # Please, Composer, install them 77 | RUN composer install -d /app --no-dev --no-scripts 78 | 79 | # Moving Laravel to the right place 80 | RUN cp -r /tmp/laravel/* /app 81 | RUN rm -rf /tmp/laravel 82 | RUN touch /app/.env 83 | 84 | # Setting the configurations values for Laravel 85 | RUN cd /app && composer dump-autoload 86 | 87 | # Deleting system temporary packages 88 | RUN apt-get purge -y -qq --force-yes \ 89 | composer \ 90 | git \ 91 | zip \ 92 | unzip \ 93 | php${php_version}-zip \ 94 | > /dev/null 95 | 96 | # Cleaning the system 97 | RUN apt-get -y -qq --force-yes autoremove > /dev/null 98 | 99 | # Changing permissions of the entire Laravel 100 | #RUN chown root:root -R /app 101 | RUN chown www-data:www-data -R /app 102 | RUN find /app -type f -exec chmod 644 {} \; 103 | RUN find /app -type d -exec chmod 755 {} \; 104 | 105 | # Crafting the entrypoint script 106 | RUN rm -rf /entrypoint.sh && touch /entrypoint.sh 107 | RUN echo "#!/bin/bash" >> /entrypoint.sh 108 | RUN echo "service cron start" >> /entrypoint.sh 109 | RUN echo "service atd start" >> /entrypoint.sh 110 | RUN echo "service php${php_version}-fpm start" >> /entrypoint.sh 111 | RUN echo "shopt -s dotglob" >> /entrypoint.sh 112 | RUN echo "mkdir -p /var/www/" >> /entrypoint.sh 113 | RUN echo "mv /app/* /var/www/" >> /entrypoint.sh 114 | RUN echo "(crontab -l; echo '* * * * * cd /var/www && php artisan schedule:run >> /dev/null 2>&1';) | crontab -" >> /entrypoint.sh 115 | RUN echo "touch /etc/crontab /etc/cron.*/*" >> /entrypoint.sh 116 | RUN echo 'exec "$@"' >> /entrypoint.sh 117 | RUN echo "php /var/www/artisan config:cache" >> /entrypoint.sh 118 | RUN echo "php /var/www/artisan migrate" >> /entrypoint.sh 119 | RUN echo "php /var/www/artisan db:seed" >> /entrypoint.sh 120 | #RUN echo "sh /app/runtime/takeover.sh" >> /entrypoint.sh 121 | RUN echo "/bin/bash" >> /entrypoint.sh 122 | 123 | # Giving permissions to the entrypoint script 124 | RUN chown root:root /entrypoint.sh 125 | RUN chmod +x /entrypoint.sh 126 | 127 | # Giving permissions to the livenessprobe script 128 | # RUN chown root:root /app/runtime/livenessprobe.sh 129 | # RUN chmod +x /app/runtime/livenessprobe.sh 130 | 131 | # Giving permissions to the takeover script 132 | # RUN chown root:root /app/runtime/takeover.sh 133 | # RUN chmod +x /app/runtime/takeover.sh 134 | 135 | # Gaining a bit of comfort 136 | WORKDIR "/var/www" 137 | 138 | # Executing the scripts 139 | ENTRYPOINT ["/entrypoint.sh"] 140 | -------------------------------------------------------------------------------- /docker/laravel-container/build/backend/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:buster-slim 2 | 3 | 4 | 5 | #### DEFINING VARS 6 | ARG php_version=7.3 7 | ARG php_fpm_path="/etc/php/${php_version}/fpm/" 8 | ARG php_fpm_pool_path="/etc/php/${php_version}/fpm/pool.d/" 9 | 10 | 11 | 12 | #### LARAVEL OPERATIONS 13 | RUN apt-get update 14 | 15 | # Installing system packages 16 | RUN apt-get install -y -qq --force-yes \ 17 | at \ 18 | lsb-base \ 19 | procps \ 20 | cron \ 21 | php${php_version}-fpm \ 22 | --no-install-recommends > /dev/null 23 | 24 | # Installing packages for Laravel 25 | RUN apt-get install -y -qq --force-yes \ 26 | php${php_version}-bcmath \ 27 | php${php_version}-json \ 28 | php${php_version}-mbstring \ 29 | php${php_version}-tokenizer \ 30 | php${php_version}-xml \ 31 | php${php_version}-mysql \ 32 | php-redis \ 33 | php-curl \ 34 | --no-install-recommends > /dev/null 35 | 36 | # Installing temporary packages 37 | RUN apt-get install -y -qq --force-yes \ 38 | composer \ 39 | git \ 40 | zip \ 41 | unzip \ 42 | php${php_version}-zip \ 43 | --no-install-recommends > /dev/null 44 | 45 | 46 | 47 | #### CONFIGURING PHP-FPM 48 | # CONFIGURING POOL 49 | COPY .build/www.conf ${php_fpm_pool_path}/www.conf 50 | RUN chown root:root ${php_fpm_pool_path}/www.conf 51 | RUN chmod 644 ${php_fpm_pool_path}/www.conf 52 | 53 | # CONFIGURING BASE 54 | COPY .build/php.ini ${php_fpm_path}/php.ini 55 | RUN chown root:root ${php_fpm_path}/php.ini 56 | RUN chmod 644 ${php_fpm_path}/php.ini 57 | 58 | 59 | 60 | #### 61 | # Creating a temporary folder for our app 62 | RUN mkdir -p /tmp/laravel 63 | 64 | # Download the entire project 65 | COPY . /tmp/laravel/ 66 | 67 | # Create needed folders for composer autoloader optimization 68 | RUN mkdir -p /app/database 69 | RUN mkdir -p /app/database/seeds 70 | RUN mkdir -p /app/database/factories 71 | 72 | # Defining which packages Composer will install 73 | RUN cp /tmp/laravel/composer.lock /app/composer.lock 74 | RUN cp /tmp/laravel/composer.json /app/composer.json 75 | 76 | # Please, Composer, install them 77 | RUN composer install -d /app --no-dev --no-scripts 78 | 79 | # Moving Laravel to the right place 80 | RUN cp -r /tmp/laravel/* /app 81 | RUN rm -rf /tmp/laravel 82 | RUN touch /app/.env 83 | 84 | # Setting the configurations values for Laravel 85 | RUN cd /app && composer dump-autoload 86 | 87 | # Deleting system temporary packages 88 | RUN apt-get purge -y -qq --force-yes \ 89 | composer \ 90 | git \ 91 | zip \ 92 | unzip \ 93 | php${php_version}-zip \ 94 | > /dev/null 95 | 96 | # Cleaning the system 97 | RUN apt-get -y -qq --force-yes autoremove > /dev/null 98 | 99 | # Changing permissions of the entire Laravel 100 | #RUN chown root:root -R /app 101 | RUN chown www-data:www-data -R /app 102 | RUN find /app -type f -exec chmod 644 {} \; 103 | RUN find /app -type d -exec chmod 755 {} \; 104 | 105 | # Crafting the entrypoint script 106 | RUN rm -rf /entrypoint.sh && touch /entrypoint.sh 107 | RUN echo "#!/bin/bash" >> /entrypoint.sh 108 | RUN echo "service cron start" >> /entrypoint.sh 109 | RUN echo "service atd start" >> /entrypoint.sh 110 | RUN echo "service php${php_version}-fpm start" >> /entrypoint.sh 111 | RUN echo "shopt -s dotglob" >> /entrypoint.sh 112 | RUN echo "mkdir -p /var/www/" >> /entrypoint.sh 113 | RUN echo "mv /app/* /var/www/" >> /entrypoint.sh 114 | RUN echo "(crontab -l; echo '* * * * * cd /var/www && php artisan schedule:run >> /dev/null 2>&1';) | crontab -" >> /entrypoint.sh 115 | RUN echo "touch /etc/crontab /etc/cron.*/*" >> /entrypoint.sh 116 | RUN echo 'exec "$@"' >> /entrypoint.sh 117 | RUN echo "php /var/www/artisan config:cache" >> /entrypoint.sh 118 | RUN echo "php /var/www/artisan migrate" >> /entrypoint.sh 119 | RUN echo "php /var/www/artisan db:seed --force" >> /entrypoint.sh 120 | #RUN echo "sh /app/runtime/takeover.sh" >> /entrypoint.sh 121 | RUN echo "/bin/bash" >> /entrypoint.sh 122 | 123 | # Giving permissions to the entrypoint script 124 | RUN chown root:root /entrypoint.sh 125 | RUN chmod +x /entrypoint.sh 126 | 127 | # Giving permissions to the livenessprobe script 128 | # RUN chown root:root /app/runtime/livenessprobe.sh 129 | # RUN chmod +x /app/runtime/livenessprobe.sh 130 | 131 | # Giving permissions to the takeover script 132 | # RUN chown root:root /app/runtime/takeover.sh 133 | # RUN chmod +x /app/runtime/takeover.sh 134 | 135 | # Gaining a bit of comfort 136 | WORKDIR "/var/www" 137 | 138 | # Executing the scripts 139 | ENTRYPOINT ["/entrypoint.sh"] --------------------------------------------------------------------------------