├── lesson-40
├── README.md
├── terraform
│ ├── README.md
│ ├── versions.tf
│ └── variables.tf
└── k8s
│ ├── example-1
│ └── az-spread.yaml
│ ├── kind
│ ├── README.md
│ ├── kind-config.yaml
│ └── topology.yaml
│ ├── README.md
│ ├── example-4
│ └── topology.yaml
│ └── common
│ └── nginx.yaml
├── lesson-24
├── terraform
│ ├── README.md
│ └── variables.tf
├── README.md
└── k8s
│ ├── 0-namespace.yaml
│ ├── 1-sa.yaml
│ ├── README.md
│ ├── 3-deploy-awscli-default.yaml
│ └── 2-deploy-awscli.yaml
├── lesson-25
├── terraform
│ ├── README.md
│ └── variables.tf
├── README.md
└── k8s
│ ├── example-4
│ ├── namespace.yaml
│ ├── README.md
│ ├── ingress.yaml
│ ├── deploy-svc-app.yaml
│ ├── prod-issuer.yaml
│ └── staging-issuer.yaml
│ ├── values-cert-manager.yaml
│ ├── example-1
│ ├── README.md
│ ├── deploy-svc-app-1.yaml
│ ├── deploy-svc-app-2.yaml
│ └── ingress.yaml
│ ├── example-2
│ ├── certificate.yaml
│ ├── README.md
│ ├── ingress.yaml
│ └── deploy-svc-app-3.yaml
│ ├── example-3
│ ├── README.md
│ ├── wildcard-certificate.yaml
│ ├── deploy-svc-app.yaml
│ ├── deploy-svc-app-4.yaml
│ └── deploy-svc-app-5.yaml
│ ├── README.md
│ ├── prod-clusterissuer.yaml
│ └── staging-clusterissuer.yaml
├── lesson-29
├── terraform
│ ├── README.md
│ └── variables.tf
├── README.md
└── k8s
│ └── chartmuseum-values.yaml
├── lesson-31
├── terraform
│ ├── README.md
│ └── variables.tf
├── k8s
│ ├── fluentd
│ │ ├── namespace.yaml
│ │ └── rbac.yaml
│ └── apps
│ │ ├── deploy-1.yaml
│ │ ├── deploy-2.yaml
│ │ └── deploy-3.yaml
└── README.md
├── lesson-32
├── terraform
│ ├── README.md
│ └── variables.tf
├── README.md
└── k8s
│ ├── example-5
│ └── README.md
│ ├── example-2
│ ├── ns.yaml
│ ├── README.md
│ ├── deploy-svc-app-1.yaml
│ ├── deploy-svc-app-2.yaml
│ └── ingress.yaml
│ ├── albc-values.yaml
│ ├── example-1
│ └── README.md
│ └── README.md
├── lesson-33
├── terraform
│ ├── README.md
│ ├── variables.tf
│ └── helm-alb.tf
├── README.md
└── k8s
│ ├── README.md
│ └── external-dns-values.yaml
├── lesson-35
├── terraform
│ ├── README.md
│ ├── templates
│ │ └── values.yaml
│ ├── versions.tf
│ └── variables.tf
├── k8s
│ ├── charts
│ │ └── app
│ │ │ ├── README.md
│ │ │ ├── values.yaml
│ │ │ ├── Chart.yaml
│ │ │ ├── templates
│ │ │ ├── svc-2.yaml
│ │ │ ├── svc-1.yaml
│ │ │ ├── deploy-1.yaml
│ │ │ ├── deploy-2.yaml
│ │ │ └── ingress.yaml
│ │ │ └── .helmignore
│ ├── infrastructure
│ │ ├── README.md
│ │ ├── charts
│ │ │ ├── bootstrap-app
│ │ │ │ └── README.md
│ │ │ └── cert-manager-configs
│ │ │ │ ├── values.yaml
│ │ │ │ ├── .helmignore
│ │ │ │ └── templates
│ │ │ │ └── cluster-issuer-prod.yaml
│ │ └── applications
│ │ │ ├── .helmignore
│ │ │ ├── templates
│ │ │ ├── 00-project-dev.yaml
│ │ │ └── 00-project-infra.yaml
│ │ │ └── values.yaml
│ └── development
│ │ ├── values.yaml
│ │ ├── .helmignore
│ │ └── templates
│ │ └── app.yaml
└── README.md
├── lesson-36
├── terraform
│ ├── README.md
│ ├── versions.tf
│ └── variables.tf
├── k8s
│ ├── example-4
│ │ ├── ns.yaml
│ │ ├── sa.yaml
│ │ ├── ss-parameter-store.yaml
│ │ └── mysql-secrets-manager.yaml
│ ├── example-3
│ │ ├── ns-1.yaml
│ │ └── ns-2.yaml
│ ├── common
│ │ ├── sa.yaml
│ │ ├── css-parameter-store.yaml
│ │ └── css-secrets-manager.yaml
│ ├── README.md
│ ├── example-1
│ │ ├── external-secret.yaml
│ │ └── deploy.yaml
│ └── example-2
│ │ ├── mysql-secrets-manager.yaml
│ │ └── mysql-parameter-store.yaml
└── README.md
├── lesson-37
├── terraform
│ ├── README.md
│ ├── versions.tf
│ ├── variables.tf
│ └── irsa-ebs-csi-driver.tf
└── README.md
├── lesson-38
├── terraform
│ ├── README.md
│ ├── versions.tf
│ └── variables.tf
├── README.md
└── k8s
│ ├── README.md
│ └── example-1
│ └── with-node-affinity.yaml
├── lesson-39
├── terraform
│ ├── README.md
│ ├── versions.tf
│ └── variables.tf
├── README.md
└── k8s
│ ├── example-3
│ ├── README.md
│ └── with-no-execute-taint.yaml
│ ├── example-2
│ ├── README.md
│ └── with-prefer-no-schedule-taint.yaml
│ └── example-1
│ └── with-no-schedule-taint.yaml
├── lesson-41
├── terraform
│ ├── README.md
│ ├── versions.tf
│ ├── kms.tf
│ └── variables.tf
├── README.md
└── k8s
│ ├── example-1
│ ├── pvc.yaml
│ └── deploy.yaml
│ ├── example-2
│ ├── pvc.yaml
│ ├── storageclass.yaml
│ └── deploy.yaml
│ ├── example-3
│ ├── pvc.yaml
│ ├── storageclass.yaml
│ └── deploy.yaml
│ └── example-4
│ ├── pvc.yaml
│ ├── storageclass.yaml
│ └── deploy.yaml
├── lesson-42
├── terraform
│ ├── README.md
│ ├── templates
│ │ └── efs-csi-values.yaml
│ ├── versions.tf
│ ├── kms.tf
│ └── variables.tf
├── README.md
└── k8s
│ ├── example-1
│ ├── pvc.yaml
│ ├── pv.yaml
│ └── deploy.yaml
│ └── example-3
│ ├── pvc.yaml
│ ├── storageclass.yaml
│ └── deploy.yaml
├── lesson-43
├── terraform
│ ├── README.md
│ ├── templates
│ │ └── tigera-operator-values.yaml
│ ├── versions.tf
│ └── variables.tf
├── k8s
│ ├── example-1
│ │ ├── network-policies
│ │ │ ├── default-deny.yaml
│ │ │ └── allow-ingress-nginx.yaml
│ │ ├── nginx.yaml
│ │ └── deploy.yaml
│ ├── example-2
│ │ ├── network-policies
│ │ │ ├── default-deny.yaml
│ │ │ └── allow-ingress.yaml
│ │ └── deploy.yaml
│ └── example-3
│ │ ├── network-policies
│ │ ├── allow-metadata-access.yaml
│ │ └── deny-metadata-access.yaml
│ │ ├── deploy-app.yaml
│ │ └── deploy-awscli.yaml
└── README.md
├── lesson-49
├── terraform
│ ├── README.md
│ ├── ecr.tf
│ ├── versions.tf
│ └── variables.tf
├── repo-examples
│ ├── app-1
│ │ ├── Dockerfile
│ │ └── server.py
│ └── app-2
│ │ ├── Dockerfile
│ │ └── server.py
├── k8s
│ ├── sa-kaniko.yaml
│ └── gitlab-runner-secret.yaml
└── README.md
├── lesson-44-45-46-47-48
├── terraform
│ ├── README.md
│ ├── modules
│ │ └── s3
│ │ │ ├── README.md
│ │ │ ├── versions.tf
│ │ │ ├── variables.tf
│ │ │ ├── outputs.tf
│ │ │ └── main.tf
│ ├── templates
│ │ └── values.yaml
│ ├── versions.tf
│ ├── irsa-ebs-csi-driver.tf
│ └── variables.tf
├── README.md
├── k8s
│ ├── charts
│ │ └── app
│ │ │ ├── README.md
│ │ │ ├── values.yaml
│ │ │ ├── Chart.yaml
│ │ │ ├── templates
│ │ │ ├── svc-2.yaml
│ │ │ ├── svc-1.yaml
│ │ │ ├── deploy-1.yaml
│ │ │ ├── deploy-2.yaml
│ │ │ └── ingress.yaml
│ │ │ └── .helmignore
│ ├── infrastructure
│ │ ├── README.md
│ │ ├── charts
│ │ │ ├── bootstrap-app
│ │ │ │ ├── README.md
│ │ │ │ └── templates
│ │ │ │ │ └── external-secrets.yaml
│ │ │ ├── cert-manager-configs
│ │ │ │ ├── values.yaml
│ │ │ │ ├── .helmignore
│ │ │ │ └── templates
│ │ │ │ │ └── cluster-issuer-prod.yaml
│ │ │ └── external-secrets-configs
│ │ │ │ ├── values.yaml
│ │ │ │ ├── templates
│ │ │ │ ├── sa.yaml
│ │ │ │ ├── css-parameter-store.yaml
│ │ │ │ └── css-secrets-manager.yaml
│ │ │ │ └── .helmignore
│ │ └── applications
│ │ │ ├── .helmignore
│ │ │ └── templates
│ │ │ ├── 00-project-dev.yaml
│ │ │ └── 00-project-infra.yaml
│ ├── gitlab
│ │ ├── ns.yaml
│ │ ├── storageclass.yaml
│ │ ├── pages-wildcard-cert.yaml
│ │ ├── agent
│ │ │ └── external-secrets.yaml
│ │ ├── secrets.yaml
│ │ └── runners
│ │ │ ├── internal
│ │ │ └── external-secrets.yaml
│ │ │ └── external
│ │ │ └── external-secrets.yaml
│ └── development
│ │ ├── values.yaml
│ │ ├── .helmignore
│ │ └── templates
│ │ └── app.yaml
└── repo-examples
│ ├── agents
│ ├── README.md
│ └── .gitlab
│ │ └── agents
│ │ └── agent
│ │ └── config.yaml
│ ├── demo-cache
│ ├── README.md
│ └── .gitlab-ci.yml
│ ├── demo
│ ├── README.md
│ ├── .gitattributes
│ ├── Gemfile
│ ├── demo.mp4
│ ├── .gitlab-ci.yml
│ └── index.html
│ └── k8s-manifests
│ ├── README.md
│ ├── .gitlab-ci.yml
│ └── kuber.yaml
├── lesson-26
├── example-5
│ ├── configs
│ │ ├── conf.ini
│ │ ├── level.config
│ │ └── properties
│ ├── nginx.conf
│ ├── env-file.properties
│ └── README.md
├── example-4
│ ├── cm.yaml
│ └── deploy.yaml
├── example-3
│ ├── cm.yaml
│ └── pod.yaml
├── example-2
│ ├── kuber-deploy-arg.yaml
│ └── kuber-deploy.yaml
└── example-1
│ └── deploy.yaml
├── lesson-07
├── namespace.yaml
├── kuber-pod.yaml
├── kuber-pod-with-gpu.yaml
└── kuber-pod-with-labels.yaml
├── lesson-30
├── charts
│ └── demo
│ │ ├── values-dev.yaml
│ │ ├── templates
│ │ ├── serviceaccount.yaml
│ │ ├── service.yaml
│ │ ├── tests
│ │ │ └── test-connection.yaml
│ │ └── hpa.yaml
│ │ └── .helmignore
├── dev
│ └── kuber
│ │ ├── svc.yaml
│ │ └── deploy.yaml
├── README.md
└── argocd
│ ├── README.md
│ ├── projects
│ ├── infra.yaml
│ └── dev.yaml
│ └── applications
│ └── ingress-nginx.yaml
├── lesson-15
├── docker-entrypoint-shell
│ ├── Dockerfile
│ └── server.py
├── docker-entrypoint-exec
│ ├── Dockerfile
│ └── server.py
├── docker
│ ├── Dockerfile
│ └── server-default.py
└── kuber-deploy.yaml
├── lesson-34
├── example-4
│ ├── README.md
│ ├── sa-secret.yaml
│ └── app.yaml
├── README.md
├── example-1
│ ├── nginx.yaml
│ └── app.yaml
├── example-2
│ ├── sa.yaml
│ └── app.yaml
└── example-3
│ ├── sa.yaml
│ └── app.yaml
├── lesson-11
├── externalname-service.yaml
├── clusterip-service.yaml
├── headless-clusterip-service.yaml
├── lb-service.yaml
├── nodeport-service.yaml
└── kuber-deployment.yaml
├── lesson-01
└── README.md
├── lesson-02
└── README.md
├── lesson-03
└── README.md
├── lesson-04
└── README.md
├── lesson-05
└── README.md
├── lesson-27
├── README.md
├── example-1
│ ├── secret-stringData.yaml
│ ├── secret-data.yaml
│ ├── deploy-1.yaml
│ ├── deploy-2.yaml
│ └── README.md
├── example-3
│ ├── ssh-auth.yaml
│ ├── tls.yaml
│ ├── basic-auth.yaml
│ ├── README.md
│ └── deploy-private.yaml
└── example-2
│ ├── secret-data.yaml
│ ├── deploy-1.yaml
│ └── deploy-2.yaml
├── lesson-23
├── sc-ebs-csi-example.yaml
├── 1-pvc-kuber.yaml
├── 0-pvc-kuber.yaml
├── 1-sc-kuber.yaml
├── 0-deploy-kuber.yaml
├── 1-deploy-kuber.yaml
└── 0-pv-kuber.yaml
├── lesson-06
└── kuber-pod.yaml
├── lesson-08
├── kuber-pod.yaml
├── rs-kuber.yaml
├── rc-kuber.yaml
├── rs-kuber-matchExpressions.yaml
└── kuber-pods-manual.yaml
├── lesson-10
├── clusterip-service.yaml
├── endpoints-service.yaml
├── kuber-deployment.yaml
└── pod-service-port-names.yaml
├── lesson-09
├── kuber-service.yaml
├── kuber-deployment-recreate.yaml
└── kuber-deployment.yaml
├── lesson-20
├── README.md
├── 1-cronjob-allow.yaml
├── 2-cronjob-forbid.yaml
├── 3-cronjob-replace.yaml
├── 5-cronjob-skip-next-schedule.yaml
├── 6-cronjob-startingDeadlineSeconds.yaml
├── 8-cronjob-without-startingDeadlineSeconds.yaml
├── 7-cronjob-startingDeadlineSeconds.yaml
├── 0-cronjob.yaml
└── 4-cronjob-suspend.yaml
├── lesson-19
├── 0-job.yaml
├── 7-job-with-ttl.yaml
├── 3-job-completions.yaml
├── 4-job-parallelism.yaml
├── 2-job-never.yaml
├── 1-job-onfailure.yaml
├── 5-job-parallelism-completions.yaml
└── 6-job-with-timeout.yaml
├── lesson-21-22
├── 2-hostPath-volume.yaml
├── 3-awsElasticBlockStore.yaml
├── 1-deploy-two-containers.yaml
└── 0-deploy-kuber.yaml
├── lesson-18
└── daemonset.yaml
├── lesson-12
├── deploy-svc-app-latest.yaml
├── deploy-svc-app-v1.yaml
├── deploy-svc-app-v2.yaml
└── deploy-svc-app-v3.yaml
├── lesson-16
├── deploy-svc-app-1.yaml
├── deploy-svc-app-2.yaml
├── prod_ClusterIssuer.yaml
├── staging_ClusterIssuer.yaml
└── ingress.yaml
└── lesson-13
├── kuber-deploy.yaml
├── kuber-deploy-readinessProbe-http.yaml
├── kuber-deploy-livenessProbe-http.yaml
└── kuber-deploy-livenessProbe-exec.yaml
/lesson-40/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-24/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-25/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-29/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-31/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-32/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-33/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-35/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-36/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-37/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-38/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-39/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-40/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-41/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-42/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-43/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-49/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-35/k8s/charts/app/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-35/k8s/infrastructure/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-26/example-5/configs/conf.ini:
--------------------------------------------------------------------------------
1 | My config!
--------------------------------------------------------------------------------
/lesson-26/example-5/configs/level.config:
--------------------------------------------------------------------------------
1 | warn
--------------------------------------------------------------------------------
/lesson-38/README.md:
--------------------------------------------------------------------------------
1 | # Affinity and anti-affinity
--------------------------------------------------------------------------------
/lesson-39/README.md:
--------------------------------------------------------------------------------
1 | # Taints and Tolerations
2 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/README.md:
--------------------------------------------------------------------------------
1 | # GitLab
2 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/charts/app/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/modules/s3/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-35/k8s/infrastructure/charts/bootstrap-app/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/README.md:
--------------------------------------------------------------------------------
1 |
2 | Demos
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/agents/README.md:
--------------------------------------------------------------------------------
1 | # Agents
--------------------------------------------------------------------------------
/lesson-25/README.md:
--------------------------------------------------------------------------------
1 | # Cert-manager. Configuring DNS01 Challenge Provider
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/bootstrap-app/README.md:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/demo-cache/README.md:
--------------------------------------------------------------------------------
1 | # demo-cache
2 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/demo/README.md:
--------------------------------------------------------------------------------
1 | # Demo Test Repo
2 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/k8s-manifests/README.md:
--------------------------------------------------------------------------------
1 | # k8s-manifests
2 |
--------------------------------------------------------------------------------
/lesson-07/namespace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: dev
--------------------------------------------------------------------------------
/lesson-24/README.md:
--------------------------------------------------------------------------------
1 | # How to associate AWS IAM roles to Kubernetes service accounts in AWS EKS
--------------------------------------------------------------------------------
/lesson-33/README.md:
--------------------------------------------------------------------------------
1 | # ExternalDNS
2 |
3 | https://github.com/kubernetes-sigs/external-dns
--------------------------------------------------------------------------------
/lesson-26/example-5/configs/properties:
--------------------------------------------------------------------------------
1 | Hello from World!
2 | This is demo config!
3 | As an example.
--------------------------------------------------------------------------------
/lesson-36/k8s/example-4/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: example
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/demo/.gitattributes:
--------------------------------------------------------------------------------
1 | *.mp4 filter=lfs diff=lfs merge=lfs -text
2 |
--------------------------------------------------------------------------------
/lesson-31/k8s/fluentd/namespace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: fluentd
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/demo/Gemfile:
--------------------------------------------------------------------------------
1 | source "https://rubygems.org"
2 |
3 | gem "jekyll"
4 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/gitlab/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: gitlab
5 |
--------------------------------------------------------------------------------
/lesson-30/charts/demo/values-dev.yaml:
--------------------------------------------------------------------------------
1 | replicaCount: 3
2 |
3 | image:
4 | repository: nginx
5 | tag: "1.22.0"
6 |
--------------------------------------------------------------------------------
/lesson-32/README.md:
--------------------------------------------------------------------------------
1 | # AWS Load Balancer Controller
2 |
3 | https://github.com/kubernetes-sigs/aws-load-balancer-controller/
--------------------------------------------------------------------------------
/lesson-15/docker-entrypoint-shell/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.8.5
2 | COPY server.py /server.py
3 | ENTRYPOINT python3 -u server.py
--------------------------------------------------------------------------------
/lesson-38/k8s/README.md:
--------------------------------------------------------------------------------
1 | ```kubectl get no -L capacityType,topology.kubernetes.io/zone,node.kubernetes.io/instance-type```
2 |
--------------------------------------------------------------------------------
/lesson-15/docker-entrypoint-exec/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.8.5
2 | COPY server.py /server.py
3 | ENTRYPOINT ["python3","-u", "server.py"]
--------------------------------------------------------------------------------
/lesson-24/k8s/0-namespace.yaml:
--------------------------------------------------------------------------------
1 | kind: Namespace
2 | apiVersion: v1
3 | metadata:
4 | name: demo-irsa
5 | labels:
6 | name: demo-irsa
--------------------------------------------------------------------------------
/lesson-25/k8s/example-4/namespace.yaml:
--------------------------------------------------------------------------------
1 | kind: Namespace
2 | apiVersion: v1
3 | metadata:
4 | name: demo
5 | labels:
6 | name: demo
--------------------------------------------------------------------------------
/lesson-49/repo-examples/app-1/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.8.5
2 | COPY server.py /server.py
3 | ENTRYPOINT ["python3","-u", "server.py"]
4 |
--------------------------------------------------------------------------------
/lesson-49/repo-examples/app-2/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.8.5
2 | COPY server.py /server.py
3 | ENTRYPOINT ["python3","-u", "server.py"]
4 |
--------------------------------------------------------------------------------
/lesson-36/k8s/example-3/ns-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: example-1
5 | labels:
6 | demo: my-secret
--------------------------------------------------------------------------------
/lesson-36/k8s/example-3/ns-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: example-2
5 | labels:
6 | demo: my-secret
--------------------------------------------------------------------------------
/lesson-36/README.md:
--------------------------------------------------------------------------------
1 | # External Secrets Operator
2 |
3 | https://external-secrets.io/
4 |
5 | https://github.com/external-secrets/external-secrets/
--------------------------------------------------------------------------------
/lesson-32/k8s/example-5/README.md:
--------------------------------------------------------------------------------
1 | Certificate Discovery: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/cert_discovery/
--------------------------------------------------------------------------------
/lesson-39/k8s/example-3/README.md:
--------------------------------------------------------------------------------
1 | export K8S_NODE=ip-10-23-80-243.eu-west-1.compute.internal
2 |
3 | kubectl taint nodes $K8S_NODE gpu=true:NoExecute
4 |
--------------------------------------------------------------------------------
/lesson-34/example-4/README.md:
--------------------------------------------------------------------------------
1 | ```
2 | kubectl create token mysa # kubectl create token --help
3 | ```
4 | ```
5 | kubectl create token mysa --duration=10m
6 | ```
--------------------------------------------------------------------------------
/lesson-35/k8s/charts/app/values.yaml:
--------------------------------------------------------------------------------
1 | hosts:
2 | app1: app-1.example.com
3 | app2: app-2.example.com
4 |
5 | clusterIssuer:
6 | name: cluster-issuer-name
7 |
--------------------------------------------------------------------------------
/lesson-49/terraform/ecr.tf:
--------------------------------------------------------------------------------
1 | resource "aws_ecr_repository" "template" {
2 | name = "demo-app"
3 | image_tag_mutability = "IMMUTABLE"
4 | }
5 |
--------------------------------------------------------------------------------
/lesson-32/k8s/example-2/ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: example-2
5 | # labels:
6 | # elbv2.k8s.aws/pod-readiness-gate-inject: enabled
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/charts/app/values.yaml:
--------------------------------------------------------------------------------
1 | hosts:
2 | app1: app-1.example.com
3 | app2: app-2.example.com
4 |
5 | clusterIssuer:
6 | name: cluster-issuer-name
7 |
--------------------------------------------------------------------------------
/lesson-35/k8s/charts/app/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | appVersion: 0.1.0
3 | description: A Helm chart for Kubernetes
4 | name: demo-app
5 | type: application
6 | version: 0.1.0
7 |
--------------------------------------------------------------------------------
/lesson-11/externalname-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: external-service
5 | spec:
6 | type: ExternalName
7 | externalName: example.com
8 |
--------------------------------------------------------------------------------
/lesson-15/docker/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:3.8.5
2 | COPY server.py /server.py
3 | COPY server-default.py /server-default.py
4 | ENTRYPOINT ["python3","-u", "server.py"]
5 | CMD ["1","5","text"]
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/charts/app/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | appVersion: 0.1.0
3 | description: A Helm chart for Kubernetes
4 | name: demo-app
5 | type: application
6 | version: 0.1.0
7 |
--------------------------------------------------------------------------------
/lesson-41/README.md:
--------------------------------------------------------------------------------
1 | # Amazon EBS CSI driver.
2 |
3 | Docs: https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html
4 |
5 | GitHub: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
6 |
--------------------------------------------------------------------------------
/lesson-42/README.md:
--------------------------------------------------------------------------------
1 | # Amazon EFS CSI driver.
2 |
3 | Docs: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html
4 |
5 | GitHub: https://github.com/kubernetes-sigs/aws-efs-csi-driver
6 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/demo/demo.mp4:
--------------------------------------------------------------------------------
1 | version https://git-lfs.github.com/spec/v1
2 | oid sha256:d6617a009c0c6c9aebf7398d43cad6d1985ddc1b9ab0479e2ea977362b8af5b0
3 | size 17839845
4 |
--------------------------------------------------------------------------------
/lesson-01/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
--------------------------------------------------------------------------------
/lesson-02/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
--------------------------------------------------------------------------------
/lesson-03/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
--------------------------------------------------------------------------------
/lesson-04/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
--------------------------------------------------------------------------------
/lesson-05/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
--------------------------------------------------------------------------------
/lesson-27/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
--------------------------------------------------------------------------------
/lesson-29/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
--------------------------------------------------------------------------------
/lesson-32/k8s/example-2/README.md:
--------------------------------------------------------------------------------
1 | ```while true; do sleep 1; curl -H "Host: app-1.kubxr.com" http://domain-name.amazonaws.com; echo " - "$(date); done```
2 |
3 | ```kubectl get pod -o wide -n example-2```
--------------------------------------------------------------------------------
/lesson-42/terraform/templates/efs-csi-values.yaml:
--------------------------------------------------------------------------------
1 | controller:
2 | serviceAccount:
3 | create: true
4 | name: ${sa_name}
5 | annotations:
6 | eks.amazonaws.com/role-arn: ${role_arn}
7 |
--------------------------------------------------------------------------------
/lesson-27/example-1/secret-stringData.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 | name: secret-stringdata
5 | type: Opaque
6 | stringData:
7 | username: adminuser
8 | password: Rt2GG#(ERgf09
9 |
--------------------------------------------------------------------------------
/lesson-35/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
4 |
--------------------------------------------------------------------------------
/lesson-34/example-4/sa-secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | type: kubernetes.io/service-account-token
4 | metadata:
5 | name: mysa-token
6 | annotations:
7 | kubernetes.io/service-account.name: "mysa"
8 |
--------------------------------------------------------------------------------
/lesson-26/example-5/nginx.conf:
--------------------------------------------------------------------------------
1 | server {
2 | listen 80;
3 | access_log /var/log/nginx/reverse-access.log;
4 | error_log /var/log/nginx/reverse-error.log;
5 | location / {
6 | proxy_pass http://example.com;
7 | }
8 | }
--------------------------------------------------------------------------------
/lesson-35/k8s/infrastructure/charts/cert-manager-configs/values.yaml:
--------------------------------------------------------------------------------
1 | acme:
2 | email: example@example.com
3 | dnsZones:
4 | - example.com
5 | route53:
6 | region: us-east-1
7 | hostedZoneID: Z123456789EXAMPLE
8 |
--------------------------------------------------------------------------------
/lesson-36/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/lesson-39/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/lesson-40/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/lesson-23/sc-ebs-csi-example.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 | name: ebs-csi-gp3
5 | provisioner: ebs.csi.aws.com
6 | allowVolumeExpansion: true
7 | parameters:
8 | type: gp3
9 | fsType: ext4
--------------------------------------------------------------------------------
/lesson-25/k8s/example-4/README.md:
--------------------------------------------------------------------------------
1 | Check allowed domains in cert:
2 |
3 | ```bash
4 | kubectl -n demo get secret app-tls-bakavets -o json | jq -r '.data."tls.crt"' | base64 -d | openssl x509 -dates -noout -text | grep DNS:
5 | ```
6 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/cert-manager-configs/values.yaml:
--------------------------------------------------------------------------------
1 | acme:
2 | email: example@example.com
3 | dnsZones:
4 | - example.com
5 | route53:
6 | region: us-east-1
7 | hostedZoneID: Z123456789EXAMPLE
8 |
--------------------------------------------------------------------------------
/lesson-06/kuber-pod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: app-kuber-2
5 | spec:
6 | containers:
7 | - name: app-kuber-container
8 | image: bokovets/kuber:0.1
9 | ports:
10 | - containerPort: 8000
11 |
--------------------------------------------------------------------------------
/lesson-41/k8s/example-1/pvc.yaml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: aws-pvc-kuber
5 | spec:
6 | accessModes:
7 | - ReadWriteOnce
8 | resources:
9 | requests:
10 | storage: 5Gi
11 |
--------------------------------------------------------------------------------
/lesson-30/dev/kuber/svc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service
5 | spec:
6 | selector:
7 | app: http-server
8 | ports:
9 | - protocol: TCP
10 | port: 80
11 | targetPort: 8000
12 |
--------------------------------------------------------------------------------
/lesson-26/example-4/cm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: demo-cm
5 | data:
6 | INTERVAL: "3"
7 | COUNT: "6"
8 | TEXT_ARG: |
9 | Hello from World!
10 | This is demo config!
11 | As an example.
12 |
--------------------------------------------------------------------------------
/lesson-36/k8s/example-4/sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: es-sa
5 | namespace: example
6 | annotations:
7 | eks.amazonaws.com/role-arn: arn:aws:iam::849634744839:role/demo-eks-cluster-external-secrets-role
8 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/agents/.gitlab/agents/agent/config.yaml:
--------------------------------------------------------------------------------
1 | # https://docs.gitlab.com/ee/user/clusters/agent/ci_cd_workflow.html#authorize-the-agent-to-access-your-projects
2 | ci_access:
3 | projects:
4 | - id: root/k8s-manifests
5 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/modules/s3/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 5.2.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/lesson-49/k8s/sa-kaniko.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: ci-kaniko
5 | namespace: gitlab-space-external
6 | annotations:
7 | eks.amazonaws.com/role-arn: arn:aws:iam::849634744839:role/demo-eks-cluster-kaniko
8 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/external-secrets-configs/values.yaml:
--------------------------------------------------------------------------------
1 | serviceAccountRef:
2 | name: external-secrets
3 | namespace: external-secrets
4 | eksRoleArn: arn:aws:iam::123456789123:role/role-name
5 |
6 | aws:
7 | region: eu-west-1
--------------------------------------------------------------------------------
/lesson-49/k8s/gitlab-runner-secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 | name: gitlab-runner-secret
5 | namespace: gitlab-space-external
6 | type: Opaque
7 | stringData:
8 | runner-registration-token: ""
9 | runner-token: "glrt-*******"
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/demo/.gitlab-ci.yml:
--------------------------------------------------------------------------------
1 | image: ruby:2.7
2 |
3 | pages:
4 | script:
5 | - gem install bundler
6 | - bundle install
7 | - bundle exec jekyll build -d public
8 | artifacts:
9 | paths:
10 | - public
11 |
--------------------------------------------------------------------------------
/lesson-42/k8s/example-1/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: efs-claim
5 | spec:
6 | accessModes:
7 | - ReadWriteMany
8 | storageClassName: ""
9 | resources:
10 | requests:
11 | storage: 5Gi
12 |
--------------------------------------------------------------------------------
/lesson-08/kuber-pod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: kuber-app-manual
5 | labels:
6 | app: kuber-test
7 | spec:
8 | containers:
9 | - name: kuber-app-image
10 | image: bokovets/kuber
11 | ports:
12 | - containerPort: 8000
--------------------------------------------------------------------------------
/lesson-10/clusterip-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service
5 | spec:
6 | selector:
7 | app: http-server
8 | ports:
9 | - protocol: TCP
10 | port: 80
11 | targetPort: 8000
12 | type: ClusterIP
13 |
--------------------------------------------------------------------------------
/lesson-11/clusterip-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service
5 | spec:
6 | selector:
7 | app: http-server
8 | ports:
9 | - protocol: TCP
10 | port: 80
11 | targetPort: 8000
12 | type: ClusterIP
13 |
--------------------------------------------------------------------------------
/lesson-36/k8s/common/sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: external-secrets-sa
5 | namespace: external-secrets
6 | annotations:
7 | eks.amazonaws.com/role-arn: arn:aws:iam::849634744839:role/demo-eks-cluster-external-secrets-role
8 |
--------------------------------------------------------------------------------
/lesson-41/k8s/example-2/pvc.yaml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: aws-pvc-kuber
5 | spec:
6 | accessModes:
7 | - ReadWriteOnce
8 | storageClassName: ebs-sc
9 | resources:
10 | requests:
11 | storage: 10Gi
12 |
--------------------------------------------------------------------------------
/lesson-43/terraform/templates/tigera-operator-values.yaml:
--------------------------------------------------------------------------------
1 | installation:
2 | enabled: true
3 | kubernetesProvider: EKS
4 | flexVolumePath: None
5 | kubeletVolumePluginPath: None
6 | cni:
7 | type: AmazonVPC
8 |
9 | apiServer:
10 | enabled: true
11 |
--------------------------------------------------------------------------------
/lesson-07/kuber-pod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: app-kuber-2
5 | labels:
6 | app: http-server
7 | spec:
8 | containers:
9 | - name: app-kuber-container
10 | image: bokovets/kuber:0.1
11 | ports:
12 | - containerPort: 8000
--------------------------------------------------------------------------------
/lesson-09/kuber-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service
5 | spec:
6 | selector:
7 | app: http-server
8 | ports:
9 | - protocol: TCP
10 | port: 80
11 | targetPort: 8000
12 | type: NodePort
13 |
14 |
--------------------------------------------------------------------------------
/lesson-25/k8s/values-cert-manager.yaml:
--------------------------------------------------------------------------------
1 | installCRDs: true
2 | serviceAccount:
3 | name: cert-manager-route53
4 | annotations:
5 | eks.amazonaws.com/role-arn: arn:aws:iam::849634744839:role/demo-eks-cluster-cert-manager-role
6 | extraArgs:
7 | - --issuer-ambient-credentials
--------------------------------------------------------------------------------
/lesson-32/k8s/albc-values.yaml:
--------------------------------------------------------------------------------
1 | clusterName: demo-eks-cluster
2 | serviceAccount:
3 | create: true
4 | name: aws-load-balancer-controller
5 | annotations:
6 | eks.amazonaws.com/role-arn: "arn:aws:iam::849634744839:role/demo-eks-cluster-load-balancer-controller-role"
7 |
--------------------------------------------------------------------------------
/lesson-42/k8s/example-3/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: efs-claim-ap
5 | spec:
6 | accessModes:
7 | - ReadWriteMany
8 | storageClassName: efs-sc-ap
9 | resources:
10 | requests:
11 | storage: 5Gi
12 |
--------------------------------------------------------------------------------
/lesson-24/k8s/1-sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: demo
5 | namespace: demo-irsa
6 | labels:
7 | name: demo
8 | annotations:
9 | eks.amazonaws.com/role-arn: arn:aws:iam::849634744839:role/demo-eks-cluster-role
10 |
11 |
12 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-1/network-policies/default-deny.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: networking.k8s.io/v1
3 | kind: NetworkPolicy
4 | metadata:
5 | name: default-deny
6 | namespace: example-1
7 | spec:
8 | podSelector: {}
9 | policyTypes:
10 | - Ingress
11 | - Egress
12 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-2/network-policies/default-deny.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: networking.k8s.io/v1
3 | kind: NetworkPolicy
4 | metadata:
5 | name: default-deny
6 | namespace: example-2
7 | spec:
8 | podSelector: {}
9 | policyTypes:
10 | - Ingress
11 | - Egress
12 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-1/README.md:
--------------------------------------------------------------------------------
1 | Securing Ingress Resources: https://cert-manager.io/docs/usage/ingress/
2 |
3 | Check allowed domains in cert:
4 |
5 | ```bash
6 | kubectl get secret app-tls -o json | jq -r '.data."tls.crt"' | base64 -d | openssl x509 -dates -noout -text | grep DNS:
7 | ```
8 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-2/certificate.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: Certificate
3 | metadata:
4 | name: app-3-cert
5 | spec:
6 | secretName: app-tls-3
7 | dnsNames:
8 | - app-3.kubxr.com
9 | issuerRef:
10 | name: letsencrypt-prod
11 | kind: ClusterIssuer
--------------------------------------------------------------------------------
/lesson-35/k8s/charts/app/templates/svc-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service-2
5 | spec:
6 | selector:
7 | app: http-server-2
8 | ports:
9 | - protocol: TCP
10 | port: 80
11 | targetPort: 8000
12 | type: ClusterIP
13 |
--------------------------------------------------------------------------------
/lesson-41/k8s/example-3/pvc.yaml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: aws-pvc-kuber
5 | spec:
6 | accessModes:
7 | - ReadWriteOnce
8 | storageClassName: ebs-gp3-with-encryption
9 | resources:
10 | requests:
11 | storage: 10Gi
12 |
--------------------------------------------------------------------------------
/lesson-41/k8s/example-4/pvc.yaml:
--------------------------------------------------------------------------------
1 | kind: PersistentVolumeClaim
2 | apiVersion: v1
3 | metadata:
4 | name: aws-pvc-kuber
5 | spec:
6 | accessModes:
7 | - ReadWriteOnce
8 | storageClassName: ebs-gp3-with-custom-kms
9 | resources:
10 | requests:
11 | storage: 7Gi
12 |
--------------------------------------------------------------------------------
/lesson-20/README.md:
--------------------------------------------------------------------------------
1 | 
2 | 
3 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-2/README.md:
--------------------------------------------------------------------------------
1 | Certificate Resources: https://cert-manager.io/docs/usage/certificate/
2 |
3 | Check allowed domains in cert:
4 |
5 | ```bash
6 | kubectl get secret app-tls-3 -o json | jq -r '.data."tls.crt"' | base64 -d | openssl x509 -dates -noout -text | grep DNS:
7 | ```
8 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-3/README.md:
--------------------------------------------------------------------------------
1 | Certificate Resources: https://cert-manager.io/docs/usage/certificate/
2 |
3 | Check allowed domains in cert:
4 |
5 | ```bash
6 | kubectl get secret tls-wildcard -o json | jq -r '.data."tls.crt"' | base64 -d | openssl x509 -dates -noout -text | grep DNS:
7 | ```
8 |
--------------------------------------------------------------------------------
/lesson-35/k8s/charts/app/templates/svc-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service-1
5 | spec:
6 | selector:
7 | app: http-server-1
8 | ports:
9 | - protocol: TCP
10 | port: 80
11 | targetPort: 8000
12 | type: ClusterIP
13 |
14 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/modules/s3/variables.tf:
--------------------------------------------------------------------------------
1 | variable "deployment_prefix" {
2 | description = "Prefix of the deployment"
3 | type = string
4 | }
5 |
6 | variable "deployment_suffix" {
7 | description = "Suffix of the deployment"
8 | type = string
9 | }
10 |
--------------------------------------------------------------------------------
/lesson-19/0-job.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: pi
5 | spec:
6 | template:
7 | spec:
8 | containers:
9 | - name: pi
10 | image: perl
11 | command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
12 | restartPolicy: Never
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/charts/app/templates/svc-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service-2
5 | spec:
6 | selector:
7 | app: http-server-2
8 | ports:
9 | - protocol: TCP
10 | port: 80
11 | targetPort: 8000
12 | type: ClusterIP
13 |
--------------------------------------------------------------------------------
/lesson-24/k8s/README.md:
--------------------------------------------------------------------------------
1 | Returns details about the IAM user or role whose credentials are used to call the operation.
2 |
3 | ```bash
4 | aws sts get-caller-identity
5 | ```
6 |
7 | Describes the specified volume:
8 |
9 | ```bash
10 | aws ec2 describe-volumes --volume-ids vol-081234fdsgf3242
11 | ```
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/charts/app/templates/svc-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service-1
5 | spec:
6 | selector:
7 | app: http-server-1
8 | ports:
9 | - protocol: TCP
10 | port: 80
11 | targetPort: 8000
12 | type: ClusterIP
13 |
14 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/demo/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Home
5 |
6 |
7 |
8 | Hello World!
9 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/modules/s3/outputs.tf:
--------------------------------------------------------------------------------
1 | output "s3_bucket_arn" {
2 | value = aws_s3_bucket.bucket.arn
3 | description = "AWS S3 Bucket ARN."
4 | }
5 |
6 | output "s3_bucket_id" {
7 | value = aws_s3_bucket.bucket.id
8 | description = "AWS S3 Bucket name."
9 | }
10 |
--------------------------------------------------------------------------------
/lesson-11/headless-clusterip-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-headless-service
5 | spec:
6 | clusterIP: None
7 | selector:
8 | app: http-server
9 | ports:
10 | - protocol: TCP
11 | port: 80
12 | targetPort: 8000
13 | type: ClusterIP
14 |
--------------------------------------------------------------------------------
/lesson-11/lb-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service-lb
5 | spec:
6 | externalTrafficPolicy: Local
7 | selector:
8 | app: http-server
9 | ports:
10 | - protocol: TCP
11 | port: 80
12 | targetPort: 8000
13 | type: LoadBalancer
14 |
15 |
--------------------------------------------------------------------------------
/lesson-41/k8s/example-2/storageclass.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 | name: ebs-sc
5 | provisioner: ebs.csi.aws.com
6 | volumeBindingMode: WaitForFirstConsumer
7 | allowVolumeExpansion: true
8 | parameters:
9 | csi.storage.k8s.io/fstype: ext4
10 | type: gp3
11 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-3/wildcard-certificate.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: Certificate
3 | metadata:
4 | name: wildcard-cert
5 | spec:
6 | secretName: tls-wildcard
7 | dnsNames:
8 | - kubxr.com
9 | - '*.kubxr.com'
10 | issuerRef:
11 | name: letsencrypt-prod
12 | kind: ClusterIssuer
--------------------------------------------------------------------------------
/lesson-30/README.md:
--------------------------------------------------------------------------------
1 | # ArgoCD
2 |
3 | [ArgoCD GitHub](https://github.com/argoproj/argo-cd)
4 |
5 | [Getting Started](https://argo-cd.readthedocs.io/en/stable/getting_started/)
6 |
7 | [Multiple configuration objects](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#multiple-configuration-objects)
8 |
--------------------------------------------------------------------------------
/lesson-37/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | helm = {
10 | source = "hashicorp/helm"
11 | version = ">= 2.4"
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/lesson-38/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | helm = {
10 | source = "hashicorp/helm"
11 | version = ">= 2.4"
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/lesson-41/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | helm = {
10 | source = "hashicorp/helm"
11 | version = ">= 2.4"
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/lesson-42/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | helm = {
10 | source = "hashicorp/helm"
11 | version = ">= 2.4"
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/lesson-07/kuber-pod-with-gpu.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: app-kuber-with-gpu
5 | labels:
6 | app: http-server
7 | spec:
8 | nodeSelector:
9 | gpu: "true"
10 | containers:
11 | - name: app-kuber-container
12 | image: bokovets/kuber:0.1
13 | ports:
14 | - containerPort: 8000
--------------------------------------------------------------------------------
/lesson-49/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | kubernetes = {
10 | source = "hashicorp/kubernetes"
11 | version = ">= 2.10"
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/lesson-07/kuber-pod-with-labels.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: app-kuber-with-labels
5 | labels:
6 | environment: dev
7 | app: http-server
8 | spec:
9 | containers:
10 | - name: app-kuber-container
11 | image: bokovets/kuber:0.1
12 | ports:
13 | - containerPort: 8000
14 |
15 |
--------------------------------------------------------------------------------
/lesson-27/example-3/ssh-auth.yaml:
--------------------------------------------------------------------------------
1 | # Ref: https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | name: secret-ssh-auth
6 | type: kubernetes.io/ssh-auth
7 | stringData:
8 | # the data is abbreviated in this example
9 | ssh-privatekey: |
10 | test
11 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/external-secrets-configs/templates/sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: {{ .Values.serviceAccountRef.name }}
5 | namespace: {{ .Values.serviceAccountRef.namespace }}
6 | annotations:
7 | eks.amazonaws.com/role-arn: {{ .Values.serviceAccountRef.eksRoleArn }}
8 |
--------------------------------------------------------------------------------
/lesson-19/7-job-with-ttl.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: pi-with-ttl
5 | spec:
6 | ttlSecondsAfterFinished: 30
7 | template:
8 | spec:
9 | containers:
10 | - name: pi
11 | image: perl
12 | command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
13 | restartPolicy: Never
--------------------------------------------------------------------------------
/lesson-41/k8s/example-3/storageclass.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 | name: ebs-gp3-with-encryption
5 | provisioner: ebs.csi.aws.com
6 | volumeBindingMode: WaitForFirstConsumer
7 | allowVolumeExpansion: true
8 | parameters:
9 | csi.storage.k8s.io/fstype: ext4
10 | type: gp3
11 | encrypted: "true"
12 |
--------------------------------------------------------------------------------
/lesson-43/README.md:
--------------------------------------------------------------------------------
1 | # Kubernetes Network Policies.
2 |
3 | ## Docs:
4 |
5 | * https://kubernetes.io/docs/concepts/services-networking/network-policies/
6 | * https://docs.aws.amazon.com/eks/latest/userguide/calico.html
7 | * https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node
8 |
--------------------------------------------------------------------------------
/lesson-19/3-job-completions.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: pi-completions
5 | spec:
6 | completions: 3
7 | backoffLimit: 4
8 | template:
9 | spec:
10 | containers:
11 | - name: pi
12 | image: perl
13 | command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
14 | restartPolicy: Never
--------------------------------------------------------------------------------
/lesson-26/example-3/cm.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: demo-cm
5 | data:
6 | # property-like keys; each key maps to a simple value
7 | interval: "5"
8 | count: "3"
9 | # file-like keys
10 | properties: |
11 | Hello from World!
12 | This is demo config!
13 | As an example.
14 | config.ini: "This is demo config!"
--------------------------------------------------------------------------------
/lesson-37/README.md:
--------------------------------------------------------------------------------
1 | # Loki: like Prometheus, but for logs.
2 |
3 | Website: https://grafana.com/loki
4 |
5 | GitHub: https://github.com/grafana/loki
6 |
7 | Components: https://grafana.com/docs/loki/latest/fundamentals/architecture/components/
8 |
9 | Deployment modes: https://grafana.com/docs/loki/latest/fundamentals/architecture/deployment-modes/
10 |
11 |
--------------------------------------------------------------------------------
/lesson-10/endpoints-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: endpoints-service
5 | spec:
6 | ports:
7 | - port: 80
8 | ---
9 | apiVersion: v1
10 | kind: Endpoints
11 | metadata:
12 | name: endpoints-service
13 | subsets:
14 | - addresses:
15 | - ip: 10.75.21.169
16 | - ip: 10.75.22.141
17 | ports:
18 | - port: 8000
--------------------------------------------------------------------------------
/lesson-19/4-job-parallelism.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: pi-parallelism
5 | spec:
6 | parallelism: 2
7 | backoffLimit: 4
8 | template:
9 | spec:
10 | containers:
11 | - name: pi
12 | image: perl
13 | command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
14 | restartPolicy: OnFailure
--------------------------------------------------------------------------------
/lesson-27/example-1/secret-data.yaml:
--------------------------------------------------------------------------------
1 | # echo -n 'adminuser' | base64
2 | # echo -n 'Rt2GG#(ERgf09' | base64
3 | apiVersion: v1
4 | kind: Secret
5 | metadata:
6 | name: secret-data
7 | type: Opaque
8 | data:
9 | username: YWRtaW51c2Vy
10 | password: UnQyR0cjKEVSZ2YwOQ==
11 | # echo -n 'YWRtaW51c2Vy' | base64 --decode
12 | # echo -n 'UnQyR0cjKEVSZ2YwOQ==' | base64 --decode
--------------------------------------------------------------------------------
/lesson-27/example-2/secret-data.yaml:
--------------------------------------------------------------------------------
1 | # echo -n 'adminuser' | base64
2 | # echo -n 'Rt2GG#(ERgf09' | base64
3 | apiVersion: v1
4 | kind: Secret
5 | metadata:
6 | name: secret-data
7 | type: Opaque
8 | data:
9 | username: YWRtaW51c2Vy
10 | password: UnQyR0cjKEVSZ2YwOQ==
11 | # echo -n 'YWRtaW51c2Vy' | base64 --decode
12 | # echo -n 'UnQyR0cjKEVSZ2YwOQ==' | base64 --decode
--------------------------------------------------------------------------------
/lesson-36/k8s/example-4/ss-parameter-store.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: SecretStore
3 | metadata:
4 | name: aws-ps-ns
5 | namespace: example
6 | spec:
7 | provider:
8 | aws:
9 | service: ParameterStore
10 | region: eu-west-1
11 | auth:
12 | jwt:
13 | serviceAccountRef:
14 | name: es-sa
15 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/gitlab/storageclass.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 | name: gp3-encrypted
5 | provisioner: ebs.csi.aws.com
6 | volumeBindingMode: WaitForFirstConsumer
7 | allowVolumeExpansion: true
8 | reclaimPolicy: Retain
9 | parameters:
10 | csi.storage.k8s.io/fstype: ext4
11 | type: gp3
12 | encrypted: "true"
13 |
--------------------------------------------------------------------------------
/lesson-23/1-pvc-kuber.yaml:
--------------------------------------------------------------------------------
1 | # https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/
2 | kind: PersistentVolumeClaim
3 | apiVersion: v1
4 | metadata:
5 | name: aws-pvc-kuber-1
6 | spec:
7 | storageClassName: "custom-gp2"
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 4Gi
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/modules/s3/main.tf:
--------------------------------------------------------------------------------
1 | resource "aws_s3_bucket" "bucket" {
2 | bucket = "${var.deployment_prefix}-${var.deployment_suffix}"
3 | tags = {
4 | "Name" = "${var.deployment_prefix}-${var.deployment_suffix}"
5 | "Type" = "Storage Service"
6 | "Description" = "Store data for deployment related to ${var.deployment_suffix}"
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/lesson-19/2-job-never.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: job-with-restartpolicy-never
5 | spec:
6 | backoffLimit: 3
7 | template:
8 | spec:
9 | containers:
10 | - name: job-with-failure
11 | image: busybox
12 | command: ["/bin/sh", "-c"]
13 | args: ["echo 'Running Job'; sleep 5; exit 1"]
14 | restartPolicy: Never
--------------------------------------------------------------------------------
/lesson-27/example-3/tls.yaml:
--------------------------------------------------------------------------------
1 | # Ref: https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | name: secret-tls
6 | type: kubernetes.io/tls
7 | stringData:
8 | # the data is abbreviated in this example
9 | tls.crt: |
10 | MIIC2DCCAcCgAwIBAgIBATANBgkqh
11 | tls.key: |
12 | MIIEpgIBAAKCAQEA7yn3bRHQ5FHMQ
13 |
--------------------------------------------------------------------------------
/lesson-08/rs-kuber.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: ReplicaSet
3 | metadata:
4 | name: kuber-rs-1
5 | labels:
6 | app: kuber-rs
7 | spec:
8 | replicas: 3
9 | selector:
10 | matchLabels:
11 | env: dev
12 | template:
13 | metadata:
14 | labels:
15 | env: dev
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bokovets/kuber
--------------------------------------------------------------------------------
/lesson-11/nodeport-service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: kuber-service-nodeport
5 | spec:
6 | externalTrafficPolicy: Local
7 | # sessionAffinity: ClientIP
8 | selector:
9 | app: http-server
10 | ports:
11 | - protocol: TCP
12 | port: 80
13 | targetPort: 8000
14 | nodePort: 30080 # port-range: 30000-32767
15 | type: NodePort
16 |
17 |
--------------------------------------------------------------------------------
/lesson-19/1-job-onfailure.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: job-with-restartpolicy-onfailure
5 | spec:
6 | backoffLimit: 3
7 | template:
8 | spec:
9 | containers:
10 | - name: job-with-failure
11 | image: busybox
12 | command: ["/bin/sh", "-c"]
13 | args: ["echo 'Running Job'; sleep 5; exit 1"]
14 | restartPolicy: OnFailure
--------------------------------------------------------------------------------
/lesson-36/k8s/README.md:
--------------------------------------------------------------------------------
1 | Install External Secrets using Helm:
2 |
3 | ```helm repo add external-secrets https://charts.external-secrets.io```
4 |
5 | ```helm repo update external-secrets```
6 |
7 | ```helm search repo external-secrets/external-secrets```
8 |
9 | ```helm upgrade --install external-secrets external-secrets/external-secrets --version 0.6.0 -n external-secrets --create-namespace```
10 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-3/network-policies/allow-metadata-access.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: NetworkPolicy
3 | metadata:
4 | name: allow-metadata-access
5 | namespace: example-3
6 | spec:
7 | podSelector:
8 | matchLabels:
9 | app: myapp
10 | policyTypes:
11 | - Egress
12 | egress:
13 | - to:
14 | - ipBlock:
15 | cidr: 169.254.169.254/32
16 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/gitlab/pages-wildcard-cert.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: Certificate
3 | metadata:
4 | name: gitlab-pages-wildcard-cert
5 | namespace: gitlab
6 | spec:
7 | secretName: gitlab-pages-tls-wildcard
8 | dnsNames:
9 | - gitlab-pg.kubxr.com
10 | - '*.gitlab-pg.kubxr.com'
11 | issuerRef:
12 | name: letsencrypt-prod
13 | kind: ClusterIssuer
14 |
--------------------------------------------------------------------------------
/lesson-19/5-job-parallelism-completions.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: pi-parallelism-completions
5 | spec:
6 | parallelism: 3
7 | completions: 7
8 | backoffLimit: 4
9 | template:
10 | spec:
11 | containers:
12 | - name: pi
13 | image: perl
14 | command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
15 | restartPolicy: Never
--------------------------------------------------------------------------------
/lesson-27/example-3/basic-auth.yaml:
--------------------------------------------------------------------------------
1 | # Ref: https://kubernetes.io/docs/concepts/configuration/secret/#basic-authentication-secret
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | name: secret-basic-auth
6 | type: kubernetes.io/basic-auth
7 | stringData:
8 | username: admin # required field for kubernetes.io/basic-auth
9 | password: t0p-Secret # required field for kubernetes.io/basic-auth
10 |
--------------------------------------------------------------------------------
/lesson-35/k8s/development/values.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | destination:
3 | server: https://kubernetes.default.svc
4 |
5 | source:
6 | repoURL: git@gitlab.com:example/example.git
7 | targetRevision: main
8 | path: k8s/charts/test-app/
9 |
10 | appHosts:
11 | app1: app-1.example.com
12 | app2: app-2.example.com
13 |
14 | clusterIssuer:
15 | name: letsencrypt-prod
16 |
17 | namespace: demo-app
18 |
--------------------------------------------------------------------------------
/lesson-42/k8s/example-3/storageclass.yaml:
--------------------------------------------------------------------------------
1 | kind: StorageClass
2 | apiVersion: storage.k8s.io/v1
3 | metadata:
4 | name: efs-sc-ap
5 | provisioner: efs.csi.aws.com
6 | parameters:
7 | provisioningMode: efs-ap
8 | fileSystemId: fs-091a417a0a5e4fd14
9 | directoryPerms: "700"
10 | gidRangeStart: "1000" # optional
11 | gidRangeEnd: "2000" # optional
12 | basePath: "/dynamic_provisioning" # optional
13 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-3/network-policies/deny-metadata-access.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: NetworkPolicy
3 | metadata:
4 | name: deny-metadata-access
5 | namespace: example-3
6 | spec:
7 | podSelector: {}
8 | policyTypes:
9 | - Egress
10 | egress:
11 | - to:
12 | - ipBlock:
13 | cidr: 0.0.0.0/0
14 | except:
15 | - 169.254.169.254/32
16 |
--------------------------------------------------------------------------------
/lesson-30/charts/demo/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.serviceAccount.create -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ include "demo.serviceAccountName" . }}
6 | labels:
7 | {{- include "demo.labels" . | nindent 4 }}
8 | {{- with .Values.serviceAccount.annotations }}
9 | annotations:
10 | {{- toYaml . | nindent 4 }}
11 | {{- end }}
12 | {{- end }}
13 |
--------------------------------------------------------------------------------
/lesson-42/k8s/example-1/pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: efs-pv
5 | spec:
6 | capacity:
7 | storage: 5Gi
8 | volumeMode: Filesystem
9 | accessModes:
10 | - ReadWriteMany
11 | - ReadWriteOnce
12 | storageClassName: ""
13 | persistentVolumeReclaimPolicy: Retain
14 | csi:
15 | driver: efs.csi.aws.com
16 | volumeHandle: fs-091a417a0a5e4fd14
17 |
--------------------------------------------------------------------------------
/lesson-19/6-job-with-timeout.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: job-with-failure
5 | spec:
6 | backoffLimit: 4
7 | activeDeadlineSeconds: 50
8 | template:
9 | spec:
10 | containers:
11 | - name: job-with-failure
12 | image: busybox
13 | command: ["/bin/sh", "-c"]
14 | args: ["echo 'Running Job'; sleep 5; exit 1"]
15 | restartPolicy: Never
--------------------------------------------------------------------------------
/lesson-36/k8s/common/css-parameter-store.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ClusterSecretStore
3 | metadata:
4 | name: aws-parameter-store
5 | spec:
6 | provider:
7 | aws:
8 | service: ParameterStore
9 | region: eu-west-1
10 | auth:
11 | jwt:
12 | serviceAccountRef:
13 | name: external-secrets-sa
14 | namespace: external-secrets
15 |
--------------------------------------------------------------------------------
/lesson-36/k8s/common/css-secrets-manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ClusterSecretStore
3 | metadata:
4 | name: aws-secrets-manager
5 | spec:
6 | provider:
7 | aws:
8 | service: SecretsManager
9 | region: eu-west-1
10 | auth:
11 | jwt:
12 | serviceAccountRef:
13 | name: external-secrets-sa
14 | namespace: external-secrets
15 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/development/values.yaml:
--------------------------------------------------------------------------------
1 | spec:
2 | destination:
3 | server: https://kubernetes.default.svc
4 |
5 | source:
6 | repoURL: git@gitlab.com:example/example.git
7 | targetRevision: main
8 | path: k8s/charts/test-app/
9 |
10 | appHosts:
11 | app1: app-1.example.com
12 | app2: app-2.example.com
13 |
14 | clusterIssuer:
15 | name: letsencrypt-prod
16 |
17 | namespace: demo-app
18 |
--------------------------------------------------------------------------------
/lesson-43/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 4.47"
8 | }
9 | helm = {
10 | source = "hashicorp/helm"
11 | version = ">= 2.4"
12 | }
13 | kubernetes = {
14 | source = "hashicorp/kubernetes"
15 | version = ">= 2.10"
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/lesson-08/rc-kuber.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ReplicationController
3 | metadata:
4 | name: kuber-rc
5 | spec:
6 | replicas: 3
7 | selector:
8 | app: http-server
9 | template:
10 | metadata:
11 | name: kuber-app
12 | labels:
13 | app: http-server
14 | spec:
15 | containers:
16 | - name: http-server-image
17 | image: bokovets/kuber
18 | ports:
19 | - containerPort: 8000
--------------------------------------------------------------------------------
/lesson-23/0-pvc-kuber.yaml:
--------------------------------------------------------------------------------
1 | # https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/
2 | kind: PersistentVolumeClaim
3 | apiVersion: v1
4 | metadata:
5 | name: aws-pvc-kuber
6 | spec:
7 | storageClassName: "" # Empty string must be explicitly set otherwise default StorageClass will be set
8 | accessModes:
9 | - ReadWriteOnce
10 | resources:
11 | requests:
12 | storage: 3Gi
--------------------------------------------------------------------------------
/lesson-41/k8s/example-4/storageclass.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 | name: ebs-gp3-with-custom-kms
5 | provisioner: ebs.csi.aws.com
6 | volumeBindingMode: WaitForFirstConsumer
7 | allowVolumeExpansion: true
8 | parameters:
9 | csi.storage.k8s.io/fstype: ext4
10 | type: gp3
11 | encrypted: "true"
12 | kmsKeyId: "arn:aws:kms:eu-west-1:849634744839:key/dcf49252-39b4-4469-bff0-ca3e1e8643de"
13 |
--------------------------------------------------------------------------------
/lesson-21-22/2-hostPath-volume.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: test-pd
5 | spec:
6 | containers:
7 | - image: bakavets/kuber
8 | name: test-container
9 | volumeMounts:
10 | - mountPath: /test-pd
11 | name: test-volume
12 | volumes:
13 | - name: test-volume
14 | hostPath:
15 | # directory location on host
16 | path: /data
17 | # this field is optional
18 | type: Directory
--------------------------------------------------------------------------------
/lesson-21-22/3-awsElasticBlockStore.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: http-server
5 | spec:
6 | containers:
7 | - image: bakavets/kuber
8 | name: http-server
9 | volumeMounts:
10 | - mountPath: /cache
11 | name: aws-volume
12 | volumes:
13 | - name: aws-volume
14 | # This AWS EBS volume must already exist.
15 | awsElasticBlockStore:
16 | volumeID: "vol-0111111111111"
17 | fsType: ext4
--------------------------------------------------------------------------------
/lesson-27/example-3/README.md:
--------------------------------------------------------------------------------
1 | ### Create a Secret for accessing a container image registry:
2 |
3 | ```bash
4 | kubectl create secret docker-registry secret-docker-registry \
5 | --docker-email=bakavets.com@gmail.com \
6 | --docker-username=bakavets \
7 | --docker-password=password \
8 | --docker-server=https://index.docker.io/v1/
9 | ```
10 | Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
11 |
12 |
--------------------------------------------------------------------------------
/lesson-24/k8s/3-deploy-awscli-default.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: aws-cli-deployment
5 | spec:
6 | selector:
7 | matchLabels:
8 | app: aws-cli
9 | replicas: 1
10 | template:
11 | metadata:
12 | labels:
13 | app: aws-cli
14 | spec:
15 | containers:
16 | - name: aws-cli
17 | image: amazon/aws-cli
18 | command: ["/bin/sh", "-c", "sleep 100000000"]
19 |
--------------------------------------------------------------------------------
/lesson-30/charts/demo/templates/service.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ include "demo.fullname" . }}
5 | labels:
6 | {{- include "demo.labels" . | nindent 4 }}
7 | spec:
8 | type: {{ .Values.service.type }}
9 | ports:
10 | - port: {{ .Values.service.port }}
11 | targetPort: http
12 | protocol: TCP
13 | name: http
14 | selector:
15 | {{- include "demo.selectorLabels" . | nindent 4 }}
16 |
--------------------------------------------------------------------------------
/lesson-41/terraform/kms.tf:
--------------------------------------------------------------------------------
1 | ################################################################################
2 | # AWS KMS Key
3 | ################################################################################
4 |
5 | resource "aws_kms_key" "kms" {
6 | description = "AWS KMS key used to encrypt AWS resources."
7 | key_usage = "ENCRYPT_DECRYPT"
8 | customer_master_key_spec = "SYMMETRIC_DEFAULT"
9 | deletion_window_in_days = 7
10 | }
11 |
--------------------------------------------------------------------------------
/lesson-42/terraform/kms.tf:
--------------------------------------------------------------------------------
1 | ################################################################################
2 | # AWS KMS Key
3 | ################################################################################
4 |
5 | resource "aws_kms_key" "kms" {
6 | description = "AWS KMS key used to encrypt AWS resources."
7 | key_usage = "ENCRYPT_DECRYPT"
8 | customer_master_key_spec = "SYMMETRIC_DEFAULT"
9 | deletion_window_in_days = 7
10 | }
11 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-3/deploy-app.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: myapp
6 | namespace: example-3
7 | spec:
8 | selector:
9 | matchLabels:
10 | app: myapp
11 | replicas: 1
12 | template:
13 | metadata:
14 | labels:
15 | app: myapp
16 | spec:
17 | containers:
18 | - name: aws-cli
19 | image: amazon/aws-cli
20 | command: ["/bin/sh", "-c", "sleep 100000000"]
21 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/demo-cache/.gitlab-ci.yml:
--------------------------------------------------------------------------------
1 | job1:
2 | script:
3 | - ls -la
4 | - echo $(date) >> date.txt
5 | - ls -la
6 | cache: &global_cache
7 | paths:
8 | - date.txt
9 | policy: pull-push
10 |
11 | job2:
12 | needs: ["job1"]
13 | script:
14 | - ls -la
15 | - cat date.txt
16 | cache:
17 | # inherit all global cache settings
18 | <<: *global_cache
19 | # override the policy
20 | policy: pull
21 |
--------------------------------------------------------------------------------
/lesson-30/argocd/README.md:
--------------------------------------------------------------------------------
1 | ## Install Argo CD
2 |
3 | ```kubectl create namespace argocd```
4 |
5 | ```kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml```
6 |
7 | ## Access The Argo CD API Server
8 |
9 | ```kubectl port-forward svc/argocd-server -n argocd 8080:443```
10 |
11 | ## Login Using The CLI
12 |
13 | ```kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo```
--------------------------------------------------------------------------------
/lesson-30/charts/demo/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-30/dev/kuber/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-2
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 |
--------------------------------------------------------------------------------
/lesson-35/k8s/charts/app/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-35/k8s/development/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-39/k8s/example-2/README.md:
--------------------------------------------------------------------------------
1 | export K8S_NODE=ip-10-23-56-192.eu-west-1.compute.internal
2 |
3 | kubectl taint nodes $K8S_NODE node.k8s/app-role=api:PreferNoSchedule
4 |
5 | kubectl taint nodes $K8S_NODE gpu=true:NoSchedule
6 |
7 | # Remove from node '$K8S_NODE' the taint with key 'node.k8s/app-role' and effect 'PreferNoSchedule' if one exists
8 |
9 | kubectl taint nodes $K8S_NODE node.k8s/app-role:PreferNoSchedule-
10 |
11 | kubectl taint nodes $K8S_NODE gpu=true:NoSchedule-
12 |
--------------------------------------------------------------------------------
/lesson-30/charts/demo/templates/tests/test-connection.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: "{{ include "demo.fullname" . }}-test-connection"
5 | labels:
6 | {{- include "demo.labels" . | nindent 4 }}
7 | annotations:
8 | "helm.sh/hook": test
9 | spec:
10 | containers:
11 | - name: wget
12 | image: busybox
13 | command: ['wget']
14 | args: ['{{ include "demo.fullname" . }}:{{ .Values.service.port }}']
15 | restartPolicy: Never
16 |
--------------------------------------------------------------------------------
/lesson-36/k8s/example-1/external-secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ExternalSecret
3 | metadata:
4 | name: api-token
5 | namespace: default
6 | spec:
7 | refreshInterval: "0"
8 | # refreshInterval: "1m"
9 | secretStoreRef:
10 | name: aws-parameter-store
11 | kind: ClusterSecretStore
12 | target:
13 | name: k8s-secret-api-token
14 | creationPolicy: Owner
15 | data:
16 | - secretKey: token
17 | remoteRef:
18 | key: demo-api-token
--------------------------------------------------------------------------------
/lesson-40/k8s/example-1/az-spread.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: az-spread
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 45
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/charts/app/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-23/1-sc-kuber.yaml:
--------------------------------------------------------------------------------
1 | # https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/storage-class-v1/
2 | apiVersion: storage.k8s.io/v1
3 | kind: StorageClass
4 | metadata:
5 | name: custom-gp2
6 | provisioner: kubernetes.io/aws-ebs # https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner
7 | parameters:
8 | type: gp2
9 | reclaimPolicy: Retain # https://kubernetes.io/docs/concepts/storage/storage-classes/#reclaim-policy
10 | allowVolumeExpansion: true
11 |
--------------------------------------------------------------------------------
/lesson-35/k8s/charts/app/templates/deploy-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-1
5 | labels:
6 | app: kuber-1
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-1
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-1
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 |
--------------------------------------------------------------------------------
/lesson-35/k8s/charts/app/templates/deploy-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-2
5 | labels:
6 | app: kuber-2
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-2
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-2
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v2.0
20 | ports:
21 | - containerPort: 8000
22 |
--------------------------------------------------------------------------------
/lesson-35/k8s/infrastructure/applications/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/development/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-24/k8s/2-deploy-awscli.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: aws-cli-deployment
5 | namespace: demo-irsa
6 | spec:
7 | selector:
8 | matchLabels:
9 | app: aws-cli
10 | replicas: 1
11 | template:
12 | metadata:
13 | labels:
14 | app: aws-cli
15 | spec:
16 | serviceAccount: demo
17 | containers:
18 | - name: aws-cli
19 | image: amazon/aws-cli
20 | command: ["/bin/sh", "-c", "sleep 100000000"]
21 |
--------------------------------------------------------------------------------
/lesson-20/1-cronjob-allow.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1beta1
2 | kind: CronJob
3 | metadata:
4 | name: hello-allow
5 | spec:
6 | schedule: "*/1 * * * *"
7 | concurrencyPolicy: Allow
8 | jobTemplate:
9 | spec:
10 | template:
11 | spec:
12 | containers:
13 | - name: hello
14 | image: busybox
15 | args:
16 | - /bin/sh
17 | - -c
18 | - date; echo "Hello World!"; sleep 140
19 | restartPolicy: OnFailure
20 |
--------------------------------------------------------------------------------
/lesson-31/k8s/apps/deploy-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: counter-1
5 | labels:
6 | app: counter-1
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: counter-1
12 | template:
13 | metadata:
14 | labels:
15 | app: counter-1
16 | spec:
17 | containers:
18 | - name: count
19 | image: busybox
20 | args: [/bin/sh, -c, 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']
21 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-1/network-policies/allow-ingress-nginx.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: networking.k8s.io/v1
3 | kind: NetworkPolicy
4 | metadata:
5 | name: allow-ingress-nginx
6 | namespace: example-1
7 | spec:
8 | podSelector:
9 | matchLabels:
10 | app: nginx
11 | policyTypes:
12 | - Ingress
13 | ingress:
14 | - from:
15 | - podSelector:
16 | matchLabels:
17 | app: http-server
18 | ports:
19 | - port: 80
20 | protocol: TCP
21 |
--------------------------------------------------------------------------------
/lesson-20/2-cronjob-forbid.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1beta1
2 | kind: CronJob
3 | metadata:
4 | name: hello-forbid
5 | spec:
6 | schedule: "*/1 * * * *"
7 | concurrencyPolicy: Forbid
8 | jobTemplate:
9 | spec:
10 | template:
11 | spec:
12 | containers:
13 | - name: hello
14 | image: busybox
15 | args:
16 | - /bin/sh
17 | - -c
18 | - date; echo "Hello World!"; sleep 140
19 | restartPolicy: OnFailure
20 |
--------------------------------------------------------------------------------
/lesson-20/3-cronjob-replace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1beta1
2 | kind: CronJob
3 | metadata:
4 | name: hello-replace
5 | spec:
6 | schedule: "*/1 * * * *"
7 | concurrencyPolicy: Replace
8 | jobTemplate:
9 | spec:
10 | template:
11 | spec:
12 | containers:
13 | - name: hello
14 | image: busybox
15 | args:
16 | - /bin/sh
17 | - -c
18 | - date; echo "Hello World!"; sleep 140
19 | restartPolicy: OnFailure
20 |
--------------------------------------------------------------------------------
/lesson-35/k8s/infrastructure/charts/cert-manager-configs/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/charts/app/templates/deploy-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-1
5 | labels:
6 | app: kuber-1
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-1
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-1
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/charts/app/templates/deploy-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-2
5 | labels:
6 | app: kuber-2
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-2
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-2
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v2.0
20 | ports:
21 | - containerPort: 8000
22 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/applications/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-26/example-5/env-file.properties:
--------------------------------------------------------------------------------
1 | # Env-files contain a list of environment variables.
2 | # These syntax rules apply:
3 | # Each line in an env file has to be in VAR=VAL format.
4 | # Lines beginning with # (i.e. comments) are ignored.
5 | # Blank lines are ignored.
6 | # There is no special handling of quotation marks (i.e. they will be part of the ConfigMap value)).
7 | env_1="value_1"
8 | env_2=value_2
9 | env_3=value_3
10 | env_4="value_4"
11 | env_5=value_5
12 | env_6=value_6
13 | env_7="value_7"
14 |
--------------------------------------------------------------------------------
/lesson-32/k8s/example-1/README.md:
--------------------------------------------------------------------------------
1 | Network Load Balancer: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/nlb/
2 |
3 | Service annotations: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/annotations/
4 |
5 | Pod readiness gate: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/deploy/pod_readiness_gate/
6 |
7 | ```while true; do sleep 1; curl http://domain-name.amazonaws.com; echo " - "$(date); done```
8 |
9 | ```kubectl get pod -o wide -n example-1```
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/gitlab/agent/external-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ExternalSecret
3 | metadata:
4 | name: gitlab-agent
5 | namespace: gitlab-agent
6 | spec:
7 | refreshInterval: "0"
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: aws-parameter-store
11 | target:
12 | name: gitlab-agent
13 | creationPolicy: Owner
14 | data:
15 | - secretKey: token
16 | remoteRef:
17 | key: demo-gitlab
18 | property: kas.tokens.internal
19 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/cert-manager-configs/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-29/k8s/chartmuseum-values.yaml:
--------------------------------------------------------------------------------
1 | env:
2 | open:
3 | STORAGE: amazon
4 | STORAGE_AMAZON_BUCKET: demo-helm-chartmuseum
5 | STORAGE_AMAZON_PREFIX:
6 | STORAGE_AMAZON_REGION: eu-north-1
7 | AWS_SDK_LOAD_CONFIG: true
8 | DISABLE_API: false
9 | secret:
10 | BASIC_AUTH_USER: admin
11 | BASIC_AUTH_PASS: mypassword
12 | serviceAccount:
13 | create: true
14 | name: chartmuseum
15 | annotations:
16 | eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/demo-eks-cluster-chartmuseum-role
17 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/external-secrets-configs/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *.orig
18 | *~
19 | # Various IDEs
20 | .project
21 | .idea/
22 | *.tmproj
23 | .vscode/
24 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/external-secrets-configs/templates/css-parameter-store.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ClusterSecretStore
3 | metadata:
4 | name: aws-parameter-store
5 | spec:
6 | provider:
7 | aws:
8 | service: ParameterStore
9 | region: {{ .Values.aws.region }}
10 | auth:
11 | jwt:
12 | serviceAccountRef:
13 | name: {{ .Values.serviceAccountRef.name }}
14 | namespace: {{ .Values.serviceAccountRef.namespace }}
15 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/external-secrets-configs/templates/css-secrets-manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ClusterSecretStore
3 | metadata:
4 | name: aws-secrets-manager
5 | spec:
6 | provider:
7 | aws:
8 | service: SecretsManager
9 | region: {{ .Values.aws.region }}
10 | auth:
11 | jwt:
12 | serviceAccountRef:
13 | name: {{ .Values.serviceAccountRef.name }}
14 | namespace: {{ .Values.serviceAccountRef.namespace }}
15 |
--------------------------------------------------------------------------------
/lesson-18/daemonset.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: DaemonSet
3 | metadata:
4 | name: kuber-daemonset
5 | labels:
6 | app: kuber-daemonset
7 | spec:
8 | selector:
9 | matchLabels:
10 | app: kuber-daemon
11 | template:
12 | metadata:
13 | labels:
14 | app: kuber-daemon
15 | spec:
16 | nodeSelector:
17 | topology.kubernetes.io/zone: "eu-west-1c"
18 | containers:
19 | - name: kuber-app
20 | image: bakavets/kuber
21 | ports:
22 | - containerPort: 8000
--------------------------------------------------------------------------------
/lesson-31/README.md:
--------------------------------------------------------------------------------
1 | ```helm repo add elastic https://helm.elastic.co```
2 |
3 | ```helm repo update elastic```
4 |
5 | ```helm upgrade --install elasticsearch --version 7.17.3 elastic/elasticsearch --set replicas=1 -n elastic --create-namespace --debug```
6 |
7 | ```helm upgrade --install kibana --version 7.17.3 elastic/kibana -n elastic --debug```
8 |
9 | https://github.com/fluent/fluentd-kubernetes-daemonset
10 |
11 | https://docs.fluentd.org/configuration/config-file#5-group-filter-and-output-the-ldquolabelrdquo-directive
12 |
13 |
--------------------------------------------------------------------------------
/lesson-34/README.md:
--------------------------------------------------------------------------------
1 | ```
2 | minikube start --kubernetes-version=v1.20.0 --profile k8s-v1.20.0
3 | ```
4 | ```
5 | minikube start --kubernetes-version=v1.23.9 --profile k8s-v1.23.9
6 | ```
7 | ```
8 | minikube start --kubernetes-version=v1.24.3 --profile k8s-v1.24.3
9 | ```
10 |
11 | https://jwt.io
12 |
13 | https://kubernetes.io/docs/reference/access-authn-authz/authorization/#determine-the-request-verb
14 |
15 | https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection
16 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/k8s-manifests/.gitlab-ci.yml:
--------------------------------------------------------------------------------
1 | # https://docs.gitlab.com/ee/user/clusters/agent/ci_cd_workflow.html#update-your-gitlab-ciyml-file-to-run-kubectl-commands
2 | deploy:
3 | image:
4 | name: bitnami/kubectl:latest
5 | entrypoint: [""]
6 | script:
7 | - kubectl config get-contexts
8 | - kubectl config use-context root/agents:k8s-agent
9 | - kubectl get pods
10 | - kubectl apply -f kuber.yaml
11 | - kubectl auth can-i '*' '*' --all-namespaces
12 | - kubectl auth can-i --list
13 |
--------------------------------------------------------------------------------
/lesson-15/docker-entrypoint-exec/server.py:
--------------------------------------------------------------------------------
1 | from http.server import HTTPServer, BaseHTTPRequestHandler
2 | import socket
3 |
4 | class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
5 | def do_GET(self):
6 | self.send_response(200)
7 | self.end_headers()
8 | self.wfile.write(b'Hello world from hostname: ' + socket.gethostname().encode())
9 |
10 | SERVER_PORT = 8000
11 | httpd = HTTPServer(('0.0.0.0', SERVER_PORT), SimpleHTTPRequestHandler)
12 | print('Listening on port %s ...' % SERVER_PORT)
13 | httpd.serve_forever()
--------------------------------------------------------------------------------
/lesson-26/example-2/kuber-deploy-arg.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-args
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-args
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-args
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0-args
20 | args: ["1","7","Hello World!"]
21 | ports:
22 | - containerPort: 8000
--------------------------------------------------------------------------------
/lesson-49/repo-examples/app-1/server.py:
--------------------------------------------------------------------------------
1 | from http.server import HTTPServer, BaseHTTPRequestHandler
2 | import socket
3 |
4 | class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
5 | def do_GET(self):
6 | self.send_response(200)
7 | self.end_headers()
8 | self.wfile.write(b'Hello world from hostname: ' + socket.gethostname().encode())
9 |
10 | SERVER_PORT = 8000
11 | httpd = HTTPServer(('0.0.0.0', SERVER_PORT), SimpleHTTPRequestHandler)
12 | print('Listening on port %s ...' % SERVER_PORT)
13 | httpd.serve_forever()
--------------------------------------------------------------------------------
/lesson-49/repo-examples/app-2/server.py:
--------------------------------------------------------------------------------
1 | from http.server import HTTPServer, BaseHTTPRequestHandler
2 | import socket
3 |
4 | class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
5 | def do_GET(self):
6 | self.send_response(200)
7 | self.end_headers()
8 | self.wfile.write(b'Hello world from hostname: ' + socket.gethostname().encode())
9 |
10 | SERVER_PORT = 8000
11 | httpd = HTTPServer(('0.0.0.0', SERVER_PORT), SimpleHTTPRequestHandler)
12 | print('Listening on port %s ...' % SERVER_PORT)
13 | httpd.serve_forever()
--------------------------------------------------------------------------------
/lesson-15/docker-entrypoint-shell/server.py:
--------------------------------------------------------------------------------
1 | from http.server import HTTPServer, BaseHTTPRequestHandler
2 | import socket
3 |
4 | class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
5 | def do_GET(self):
6 | self.send_response(200)
7 | self.end_headers()
8 | self.wfile.write(b'Hello world from hostname: ' + socket.gethostname().encode())
9 |
10 | SERVER_PORT = 8000
11 | httpd = HTTPServer(('0.0.0.0', SERVER_PORT), SimpleHTTPRequestHandler)
12 | print('Listening on port %s ...' % SERVER_PORT)
13 | httpd.serve_forever()
--------------------------------------------------------------------------------
/lesson-08/rs-kuber-matchExpressions.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: ReplicaSet
3 | metadata:
4 | name: kuber-rs-2
5 | spec:
6 | replicas: 3
7 | selector:
8 | matchExpressions:
9 | - key: app
10 | operator: In
11 | values:
12 | - kuber
13 | - http-server
14 | - key: env
15 | operator: Exists
16 | template:
17 | metadata:
18 | labels:
19 | app: kuber
20 | env: dev
21 | spec:
22 | containers:
23 | - name: kuber-app
24 | image: bokovets/kuber
--------------------------------------------------------------------------------
/lesson-09/kuber-deployment-recreate.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 5
9 | minReadySeconds: 10
10 | strategy:
11 | type: Recreate
12 | selector:
13 | matchLabels:
14 | app: http-server
15 | template:
16 | metadata:
17 | labels:
18 | app: http-server
19 | spec:
20 | containers:
21 | - name: kuber-app
22 | image: bokovets/kuber:v1.0
23 | ports:
24 | - containerPort: 8000
25 |
--------------------------------------------------------------------------------
/lesson-08/kuber-pods-manual.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: kuber-app-manual-1
5 | labels:
6 | app: kuber
7 | env: prod
8 | spec:
9 | containers:
10 | - name: kuber-app-1
11 | image: bokovets/kuber
12 | ports:
13 | - containerPort: 8000
14 | ---
15 | apiVersion: v1
16 | kind: Pod
17 | metadata:
18 | name: kuber-app-manual-2
19 | labels:
20 | app: http-server
21 | env: dev
22 | spec:
23 | containers:
24 | - name: kuber-app-1
25 | image: bokovets/kuber
26 | ports:
27 | - containerPort: 8000
--------------------------------------------------------------------------------
/lesson-20/5-cronjob-skip-next-schedule.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1beta1
2 | kind: CronJob
3 | metadata:
4 | name: cronjon-skip-next-schedule
5 | spec:
6 | schedule: "*/5 * * * *"
7 | startingDeadlineSeconds: 60
8 | concurrencyPolicy: Forbid
9 | jobTemplate:
10 | spec:
11 | template:
12 | spec:
13 | containers:
14 | - name: hello
15 | image: busybox
16 | args:
17 | - /bin/sh
18 | - -c
19 | - date; echo "Hello World!"; sleep 400
20 | restartPolicy: Never
--------------------------------------------------------------------------------
/lesson-27/example-1/deploy-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-1
5 | labels:
6 | app: kuber-1
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-1
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-1
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 | envFrom:
23 | - secretRef:
24 | name: secret-data
--------------------------------------------------------------------------------
/lesson-31/k8s/apps/deploy-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: counter-2
5 | labels:
6 | app: counter-2
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: counter-2
12 | template:
13 | metadata:
14 | labels:
15 | app: counter-2
16 | annotations:
17 | fluentd.active: 'true'
18 | spec:
19 | containers:
20 | - name: count
21 | image: busybox
22 | args: [/bin/sh, -c, 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']
23 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-3/deploy-awscli.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: example-3
6 | ---
7 | apiVersion: apps/v1
8 | kind: Deployment
9 | metadata:
10 | name: aws-cli
11 | namespace: example-3
12 | spec:
13 | selector:
14 | matchLabels:
15 | app: aws-cli
16 | replicas: 1
17 | template:
18 | metadata:
19 | labels:
20 | app: aws-cli
21 | spec:
22 | containers:
23 | - name: aws-cli
24 | image: amazon/aws-cli
25 | command: ["/bin/sh", "-c", "sleep 100000000"]
26 |
--------------------------------------------------------------------------------
/lesson-20/6-cronjob-startingDeadlineSeconds.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1beta1
2 | kind: CronJob
3 | metadata:
4 | name: cronjon-startingdeadlineseconds
5 | spec:
6 | schedule: "*/5 * * * *"
7 | startingDeadlineSeconds: 60
8 | concurrencyPolicy: Forbid
9 | jobTemplate:
10 | spec:
11 | template:
12 | spec:
13 | containers:
14 | - name: hello
15 | image: busybox
16 | args:
17 | - /bin/sh
18 | - -c
19 | - date; echo "Hello World!"; sleep 340
20 | restartPolicy: Never
--------------------------------------------------------------------------------
/lesson-31/k8s/apps/deploy-3.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: counter-3
5 | labels:
6 | app: counter-3
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: counter-3
12 | template:
13 | metadata:
14 | labels:
15 | app: counter-3
16 | annotations:
17 | fluentd.active: 'false'
18 | spec:
19 | containers:
20 | - name: count
21 | image: busybox
22 | args: [/bin/sh, -c, 'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']
23 |
--------------------------------------------------------------------------------
/lesson-20/8-cronjob-without-startingDeadlineSeconds.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1beta1
2 | kind: CronJob
3 | metadata:
4 | name: hello-without-startingdeadlineseconds
5 | spec:
6 | schedule: "*/1 * * * *"
7 | concurrencyPolicy: Forbid
8 | jobTemplate:
9 | spec:
10 | backoffLimit: 1
11 | template:
12 | spec:
13 | containers:
14 | - name: hello
15 | image: busybox
16 | args:
17 | - /bin/sh
18 | - -c
19 | - date; echo "Hello World!"; sleep 7000
20 | restartPolicy: Never
21 |
--------------------------------------------------------------------------------
/lesson-30/argocd/projects/infra.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: AppProject
3 | metadata:
4 | name: infrastructure
5 | namespace: argocd
6 | # Finalizer that ensures that project is not deleted until it is not referenced by any application
7 | finalizers:
8 | - resources-finalizer.argocd.argoproj.io
9 | spec:
10 | description: Project with infrastructure related applications
11 | sourceRepos:
12 | - '*'
13 | destinations:
14 | - namespace: '*'
15 | server: '*'
16 | clusterResourceWhitelist:
17 | - group: '*'
18 | kind: '*'
19 |
--------------------------------------------------------------------------------
/lesson-35/k8s/infrastructure/applications/templates/00-project-dev.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: AppProject
3 | metadata:
4 | name: development
5 | # Finalizer that ensures that project is not deleted until it is not referenced by any application
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | description: Project containing development environment services
10 | sourceRepos:
11 | - '*'
12 | destinations:
13 | - namespace: '*'
14 | server: '*'
15 | clusterResourceWhitelist:
16 | - group: '*'
17 | kind: '*'
18 |
--------------------------------------------------------------------------------
/lesson-35/k8s/infrastructure/applications/templates/00-project-infra.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: AppProject
3 | metadata:
4 | name: infrastructure
5 | # Finalizer that ensures that project is not deleted until it is not referenced by any application
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | description: Project with infrastructure related applications
10 | sourceRepos:
11 | - '*'
12 | destinations:
13 | - namespace: '*'
14 | server: '*'
15 | clusterResourceWhitelist:
16 | - group: '*'
17 | kind: '*'
18 |
--------------------------------------------------------------------------------
/lesson-40/k8s/kind/README.md:
--------------------------------------------------------------------------------
1 | GitHub: https://github.com/kubernetes-sigs/kind
2 |
3 | Installation and usage: https://github.com/kubernetes-sigs/kind#installation-and-usage
4 |
5 | To use kind, you will need to install docker. Once you have docker running you can create a cluster with:
6 |
7 | ```kind create cluster --name k8s --config kind-config.yaml```
8 |
9 | To delete your cluster use:
10 |
11 | ```kind delete cluster --name k8s```
12 |
13 | Rolling restart of the "zone-spread-topology" deployment:
14 |
15 | ```kubectl rollout restart deployment zone-spread-topology```
16 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/applications/templates/00-project-dev.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: AppProject
3 | metadata:
4 | name: development
5 | # Finalizer that ensures that project is not deleted until it is not referenced by any application
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | description: Project containing development environment services
10 | sourceRepos:
11 | - '*'
12 | destinations:
13 | - namespace: '*'
14 | server: '*'
15 | clusterResourceWhitelist:
16 | - group: '*'
17 | kind: '*'
18 |
--------------------------------------------------------------------------------
/lesson-27/example-3/deploy-private.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-private
5 | labels:
6 | app: kuber-private
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-private
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-private
16 | spec:
17 | # imagePullSecrets:
18 | # - name: secret-docker-registry
19 | containers:
20 | - name: kuber-app
21 | image: bakavets/kuber-private
22 | ports:
23 | - containerPort: 8000
24 |
25 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/applications/templates/00-project-infra.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: AppProject
3 | metadata:
4 | name: infrastructure
5 | # Finalizer that ensures that project is not deleted until it is not referenced by any application
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | description: Project with infrastructure related applications
10 | sourceRepos:
11 | - '*'
12 | destinations:
13 | - namespace: '*'
14 | server: '*'
15 | clusterResourceWhitelist:
16 | - group: '*'
17 | kind: '*'
18 |
--------------------------------------------------------------------------------
/lesson-34/example-4/app.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: mysa
5 | ---
6 | apiVersion: apps/v1
7 | kind: Deployment
8 | metadata:
9 | name: kuber
10 | labels:
11 | app: kuber
12 | spec:
13 | replicas: 1
14 | selector:
15 | matchLabels:
16 | app: http-server
17 | template:
18 | metadata:
19 | labels:
20 | app: http-server
21 | spec:
22 | serviceAccountName: mysa
23 | containers:
24 | - name: kuber-app
25 | image: bakavets/kuber:v1.0
26 | ports:
27 | - containerPort: 8000
28 |
--------------------------------------------------------------------------------
/lesson-36/k8s/example-4/mysql-secrets-manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ExternalSecret
3 | metadata:
4 | name: mysql-secrets
5 | namespace: example
6 | spec:
7 | refreshInterval: 1h
8 | secretStoreRef:
9 | kind: SecretStore
10 | name: aws-ps-ns
11 | target:
12 | name: mysql-secrets
13 | creationPolicy: Owner
14 | data:
15 | - secretKey: MYSQL_USER
16 | remoteRef:
17 | key: demo-mysql
18 | property: MYSQL_USER
19 | - secretKey: MYSQL_PASSWORD
20 | remoteRef:
21 | key: demo-mysql
22 | property: MYSQL_PASSWORD
23 |
--------------------------------------------------------------------------------
/lesson-20/7-cronjob-startingDeadlineSeconds.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1beta1
2 | kind: CronJob
3 | metadata:
4 | name: hello-startingdeadlineseconds
5 | spec:
6 | schedule: "*/1 * * * *"
7 | startingDeadlineSeconds: 8200
8 | concurrencyPolicy: Forbid
9 | jobTemplate:
10 | spec:
11 | backoffLimit: 1
12 | template:
13 | spec:
14 | containers:
15 | - name: hello
16 | image: busybox
17 | args:
18 | - /bin/sh
19 | - -c
20 | - date; echo "Hello World!"; sleep 8000
21 | restartPolicy: Never
22 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-2/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: Ingress
3 | metadata:
4 | name: app3-ingress
5 | spec:
6 | ingressClassName: nginx # replacement of annotation: kubernetes.io/ingress.class: nginx
7 | tls:
8 | - hosts:
9 | - app-3.kubxr.com
10 | secretName: app-tls-3
11 | rules:
12 | - host: app-3.kubxr.com
13 | http:
14 | paths:
15 | - pathType: Prefix
16 | path: /
17 | backend:
18 | service:
19 | name: kuber-service-3
20 | port:
21 | number: 80
22 |
--------------------------------------------------------------------------------
/lesson-33/k8s/README.md:
--------------------------------------------------------------------------------
1 | ExternalDNS GitHub: https://github.com/kubernetes-sigs/external-dns
2 |
3 | ExternalDNS Artifacthub: https://artifacthub.io/packages/helm/bitnami/external-dns
4 |
5 | Install ExternalDNS using Helm:
6 |
7 | ```helm repo add bitnami https://charts.bitnami.com/bitnami```
8 |
9 | ```helm repo update bitnami```
10 |
11 | ```helm search repo bitnami/external-dns```
12 |
13 | ```helm upgrade --install external-dns bitnami/external-dns --version 6.7.4 -n kube-system -f external-dns-values.yaml```
14 |
15 | Note: https://github.com/kubernetes-sigs/external-dns/blob/v0.12.2/docs/registry.md
--------------------------------------------------------------------------------
/lesson-38/k8s/example-1/with-node-affinity.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: with-node-selector
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 3
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | nodeSelector:
23 | topology.kubernetes.io/zone: eu-west-1b
24 | capacityType: spot
25 |
--------------------------------------------------------------------------------
/lesson-09/kuber-deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 5
9 | minReadySeconds: 10
10 | strategy:
11 | rollingUpdate:
12 | maxSurge: 1
13 | maxUnavailable: 1
14 | type: RollingUpdate
15 | selector:
16 | matchLabels:
17 | app: http-server
18 | template:
19 | metadata:
20 | labels:
21 | app: http-server
22 | spec:
23 | containers:
24 | - name: kuber-app
25 | image: bokovets/kuber:v2.0
26 | ports:
27 | - containerPort: 8000
28 |
--------------------------------------------------------------------------------
/lesson-10/kuber-deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 3
9 | minReadySeconds: 5
10 | strategy:
11 | rollingUpdate:
12 | maxSurge: 1
13 | maxUnavailable: 1
14 | type: RollingUpdate
15 | selector:
16 | matchLabels:
17 | app: http-server
18 | template:
19 | metadata:
20 | labels:
21 | app: http-server
22 | spec:
23 | containers:
24 | - name: kuber-app
25 | image: bokovets/kuber:v1.0
26 | ports:
27 | - containerPort: 8000
28 |
--------------------------------------------------------------------------------
/lesson-11/kuber-deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 3
9 | minReadySeconds: 5
10 | strategy:
11 | rollingUpdate:
12 | maxSurge: 1
13 | maxUnavailable: 1
14 | type: RollingUpdate
15 | selector:
16 | matchLabels:
17 | app: http-server
18 | template:
19 | metadata:
20 | labels:
21 | app: http-server
22 | spec:
23 | containers:
24 | - name: kuber-app
25 | image: bokovets/kuber:v1.0
26 | ports:
27 | - containerPort: 8000
28 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-2/network-policies/allow-ingress.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: networking.k8s.io/v1
3 | kind: NetworkPolicy
4 | metadata:
5 | name: allow-ingress
6 | namespace: example-2
7 | spec:
8 | podSelector:
9 | matchLabels:
10 | app: http-server-2
11 | policyTypes:
12 | - Ingress
13 | ingress:
14 | - from:
15 | - namespaceSelector:
16 | matchLabels:
17 | kubernetes.io/metadata.name: example-1
18 | podSelector:
19 | matchLabels:
20 | app: http-server
21 | ports:
22 | - port: 8000
23 | protocol: TCP
24 |
--------------------------------------------------------------------------------
/lesson-20/0-cronjob.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1beta1
2 | kind: CronJob
3 | metadata:
4 | name: hello
5 | spec:
6 | schedule: "*/1 * * * *"
7 | jobTemplate:
8 | spec:
9 | backoffLimit: 4
10 | activeDeadlineSeconds: 240
11 | parallelism: 2
12 | completions: 3
13 | template:
14 | spec:
15 | containers:
16 | - name: hello
17 | image: busybox
18 | imagePullPolicy: IfNotPresent
19 | command:
20 | - /bin/sh
21 | - -c
22 | - date; echo Hello from the Kubernetes cluster
23 | restartPolicy: OnFailure
24 |
--------------------------------------------------------------------------------
/lesson-20/4-cronjob-suspend.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1beta1
2 | kind: CronJob
3 | metadata:
4 | name: hello-suspend
5 | spec:
6 | schedule: "*/1 * * * *"
7 | concurrencyPolicy: Allow
8 | successfulJobsHistoryLimit: 2
9 | failedJobsHistoryLimit: 2
10 | suspend: false
11 | jobTemplate:
12 | spec:
13 | backoffLimit: 1
14 | template:
15 | spec:
16 | containers:
17 | - name: hello
18 | image: busybox
19 | args:
20 | - /bin/sh
21 | - -c
22 | - date; echo "Hello World!"; exit $((RANDOM%2))
23 | restartPolicy: OnFailure
24 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/gitlab/secrets.yaml:
--------------------------------------------------------------------------------
1 | # https://docs.gitlab.com/charts/advanced/external-object-storage/aws-iam-roles.html
2 | # https://docs.gitlab.com/ee/install/aws/manual_install_aws.html
3 | ---
4 | apiVersion: v1
5 | kind: Secret
6 | metadata:
7 | name: gitlab-rails-s3-storage
8 | namespace: gitlab
9 | stringData:
10 | connection: |
11 | provider: AWS
12 | use_iam_profile: true
13 | region: eu-west-1
14 | ---
15 | apiVersion: v1
16 | kind: Secret
17 | metadata:
18 | name: s3-credentials
19 | namespace: gitlab
20 | stringData:
21 | config: |
22 | [default]
23 | bucket_location = eu-west-1
24 |
--------------------------------------------------------------------------------
/lesson-32/k8s/README.md:
--------------------------------------------------------------------------------
1 | Ingress annotations: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/
2 |
3 | Service annotations: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/service/annotations/
4 |
5 | Install AWS Load Balancer Controller using Helm:
6 |
7 | ```helm repo add eks https://aws.github.io/eks-charts```
8 |
9 | ```helm repo update eks```
10 |
11 | ```helm search repo eks/aws-load-balancer-controller```
12 |
13 | ```helm upgrade --install aws-load-balancer-controller eks/aws-load-balancer-controller --version 1.4.2 -n kube-system -f albc-values.yaml```
14 |
15 |
--------------------------------------------------------------------------------
/lesson-10/pod-service-port-names.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: kuber-app-manual
5 | labels:
6 | app: web-server
7 | spec:
8 | containers:
9 | - name: kuber-app-image
10 | image: bokovets/kuber:v2.0
11 | ports:
12 | - name: http
13 | containerPort: 8000
14 | - name: https
15 | containerPort: 8000
16 | ---
17 | apiVersion: v1
18 | kind: Service
19 | metadata:
20 | name: kuber-app-manual-service
21 | spec:
22 | selector:
23 | app: web-server
24 | ports:
25 | - name: http
26 | port: 80
27 | targetPort: http
28 | - name: https
29 | port: 443
30 | targetPort: https
--------------------------------------------------------------------------------
/lesson-26/example-4/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-2
5 | labels:
6 | app: kuber-2
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-2
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-2
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0-args
20 | args: ["$(INTERVAL)","$(COUNT)","$(TEXT_ARG)"]
21 | ports:
22 | - containerPort: 8000
23 | envFrom:
24 | - # prefix: CONFIG_
25 | configMapRef:
26 | name: demo-cm
--------------------------------------------------------------------------------
/lesson-36/k8s/example-1/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | env:
23 | - name: API_TOKEN
24 | valueFrom:
25 | secretKeyRef:
26 | name: k8s-secret-api-token
27 | key: token
28 |
--------------------------------------------------------------------------------
/lesson-35/terraform/templates/values.yaml:
--------------------------------------------------------------------------------
1 | configs:
2 | repositories:
3 | k8s-repo:
4 | name: k8s-repo
5 | url: git@gitlab.com:${k8s_repo}.git
6 | type: git
7 | sshPrivateKey: |
8 | ${indent(8, k8s_ssh_private_key)}
9 |
10 | server:
11 | ingress:
12 | enabled: true
13 | annotations:
14 | cert-manager.io/cluster-issuer: letsencrypt-prod
15 | ingressClassName: nginx
16 | hosts:
17 | - argocd.${host}
18 | tls:
19 | - hosts:
20 | - argocd.${host}
21 | secretName: argocd-tls
22 | extraArgs:
23 | - --insecure # https://github.com/argoproj/argo-cd/issues/2953#issuecomment-602898868
24 |
--------------------------------------------------------------------------------
/lesson-30/argocd/projects/dev.yaml:
--------------------------------------------------------------------------------
1 | # https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#projects
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: AppProject
4 | metadata:
5 | name: development
6 | namespace: argocd
7 | # Finalizer that ensures that project is not deleted until it is not referenced by any application
8 | finalizers:
9 | - resources-finalizer.argocd.argoproj.io
10 | spec:
11 | description: Project containing development environment services
12 | sourceRepos:
13 | - '*'
14 | destinations:
15 | - namespace: '*'
16 | server: '*'
17 | clusterResourceWhitelist:
18 | - group: '*'
19 | kind: '*'
20 |
--------------------------------------------------------------------------------
/lesson-24/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region"
3 | default = "eu-north-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource"
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment"
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-29/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region"
3 | default = "eu-north-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment"
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-31/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region"
3 | default = "eu-north-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment"
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-32/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-north-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-33/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-north-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-36/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-37/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-38/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-39/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-40/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-41/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-42/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-43/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
--------------------------------------------------------------------------------
/lesson-23/0-deploy-kuber.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | volumeMounts:
23 | - mountPath: /cache
24 | name: cache-volume
25 | volumes:
26 | - name: cache-volume
27 | persistentVolumeClaim:
28 | claimName: aws-pvc-kuber
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/templates/values.yaml:
--------------------------------------------------------------------------------
1 | configs:
2 | repositories:
3 | k8s-repo:
4 | name: k8s-repo
5 | url: git@gitlab.com:${k8s_repo}.git
6 | type: git
7 | sshPrivateKey: |
8 | ${indent(8, k8s_ssh_private_key)}
9 |
10 | server:
11 | ingress:
12 | enabled: true
13 | annotations:
14 | cert-manager.io/cluster-issuer: letsencrypt-prod
15 | ingressClassName: nginx
16 | hosts:
17 | - argocd.${host}
18 | tls:
19 | - hosts:
20 | - argocd.${host}
21 | secretName: argocd-tls
22 | extraArgs:
23 | - --insecure # https://github.com/argoproj/argo-cd/issues/2953#issuecomment-602898868
24 |
--------------------------------------------------------------------------------
/lesson-23/1-deploy-kuber.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-1
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | volumeMounts:
23 | - mountPath: /cache
24 | name: cache-volume
25 | volumes:
26 | - name: cache-volume
27 | persistentVolumeClaim:
28 | claimName: aws-pvc-kuber-1
--------------------------------------------------------------------------------
/lesson-40/k8s/kind/kind-config.yaml:
--------------------------------------------------------------------------------
1 | # three node (two workers) cluster config
2 | kind: Cluster
3 | apiVersion: kind.x-k8s.io/v1alpha4
4 | featureGates:
5 | MatchLabelKeysInPodTopologySpread: true
6 | nodes:
7 | - role: control-plane
8 | - role: worker
9 | kubeadmConfigPatches:
10 | - |
11 | kind: JoinConfiguration
12 | nodeRegistration:
13 | kubeletExtraArgs:
14 | node-labels: "topology.kubernetes.io/zone=A"
15 | - role: worker
16 | kubeadmConfigPatches:
17 | - |
18 | kind: JoinConfiguration
19 | nodeRegistration:
20 | kubeletExtraArgs:
21 | node-labels: "topology.kubernetes.io/zone=B"
22 |
--------------------------------------------------------------------------------
/lesson-41/k8s/example-1/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | volumeMounts:
23 | - mountPath: /data
24 | name: data-volume
25 | volumes:
26 | - name: data-volume
27 | persistentVolumeClaim:
28 | claimName: aws-pvc-kuber
29 |
--------------------------------------------------------------------------------
/lesson-41/k8s/example-2/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | volumeMounts:
23 | - mountPath: /data
24 | name: data-volume
25 | volumes:
26 | - name: data-volume
27 | persistentVolumeClaim:
28 | claimName: aws-pvc-kuber
29 |
--------------------------------------------------------------------------------
/lesson-41/k8s/example-3/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | volumeMounts:
23 | - mountPath: /data
24 | name: data-volume
25 | volumes:
26 | - name: data-volume
27 | persistentVolumeClaim:
28 | claimName: aws-pvc-kuber
29 |
--------------------------------------------------------------------------------
/lesson-41/k8s/example-4/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | volumeMounts:
23 | - mountPath: /data
24 | name: data-volume
25 | volumes:
26 | - name: data-volume
27 | persistentVolumeClaim:
28 | claimName: aws-pvc-kuber
29 |
--------------------------------------------------------------------------------
/lesson-26/example-1/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-1
5 | labels:
6 | app: kuber-1
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-1
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-1
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 | env:
23 | - name: HELLO
24 | value: "Hello"
25 | - name: WORLD
26 | value: "World"
27 | - name: ENV_HELLO_WORLD
28 | value: "$(HELLO)_$(WORLD) from Pod"
29 |
--------------------------------------------------------------------------------
/lesson-34/example-1/nginx.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: nginx-deployment
5 | namespace: example-1
6 | spec:
7 | selector:
8 | matchLabels:
9 | app: nginx
10 | replicas: 1
11 | template:
12 | metadata:
13 | labels:
14 | app: nginx
15 | spec:
16 | containers:
17 | - name: nginx
18 | image: nginx
19 | ports:
20 | - containerPort: 80
21 | ---
22 | apiVersion: v1
23 | kind: Service
24 | metadata:
25 | name: nginx-svc
26 | namespace: example-1
27 | spec:
28 | selector:
29 | app: nginx
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 80
34 |
--------------------------------------------------------------------------------
/lesson-31/k8s/fluentd/rbac.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: fluentd
6 | namespace: fluentd
7 | ---
8 | apiVersion: rbac.authorization.k8s.io/v1
9 | kind: ClusterRole
10 | metadata:
11 | name: fluentd
12 | rules:
13 | - apiGroups:
14 | - ""
15 | resources:
16 | - pods
17 | - namespaces
18 | verbs:
19 | - get
20 | - list
21 | - watch
22 | ---
23 | kind: ClusterRoleBinding
24 | apiVersion: rbac.authorization.k8s.io/v1
25 | metadata:
26 | name: fluentd
27 | roleRef:
28 | kind: ClusterRole
29 | name: fluentd
30 | apiGroup: rbac.authorization.k8s.io
31 | subjects:
32 | - kind: ServiceAccount
33 | name: fluentd
34 | namespace: fluentd
35 |
--------------------------------------------------------------------------------
/lesson-40/k8s/README.md:
--------------------------------------------------------------------------------
1 | ```for node in $(kubectl get po -o wide | grep -v NODE | awk '{print $7}'); do kubectl get node $node -L topology.kubernetes.io/zone,node.k8s/role | tail -n +2 | awk '{ print $1, "\033[32m" $6 "\033[0m","\033[35m" $7 "\033[0m"}'; done | sort | uniq -c```
2 |
3 | ### Respect PodTopologySpread after rolling upgrades:
4 |
5 | https://github.com/kubernetes/enhancements/issues/3243
6 |
7 | https://github.com/kubernetes/kubernetes/pull/111441
8 |
9 | Issues:
10 | * https://github.com/kubernetes/kubernetes/issues/98215
11 | * https://github.com/kubernetes/kubernetes/issues/105661
12 | * https://stackoverflow.com/questions/66510883/k8s-pod-topology-spread-is-not-respected-after-rollout
13 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-1/nginx.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: nginx-deployment
5 | namespace: example-1
6 | spec:
7 | selector:
8 | matchLabels:
9 | app: nginx
10 | replicas: 1
11 | template:
12 | metadata:
13 | labels:
14 | app: nginx
15 | spec:
16 | containers:
17 | - name: nginx
18 | image: nginx
19 | ports:
20 | - containerPort: 80
21 | ---
22 | apiVersion: v1
23 | kind: Service
24 | metadata:
25 | name: nginx-svc
26 | namespace: example-1
27 | spec:
28 | selector:
29 | app: nginx
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 80
34 |
--------------------------------------------------------------------------------
/lesson-12/deploy-svc-app-latest.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service
27 | spec:
28 | selector:
29 | app: http-server
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 |
35 |
--------------------------------------------------------------------------------
/lesson-27/example-2/deploy-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-1
5 | labels:
6 | app: kuber-1
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-1
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-1
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 | volumeMounts:
23 | - name: secrets
24 | mountPath: "/etc/secrets"
25 | volumes:
26 | - name: secrets
27 | secret:
28 | secretName: secret-data
29 | defaultMode: 0400
--------------------------------------------------------------------------------
/lesson-49/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | type = string
5 | }
6 |
7 | variable "default_tags" {
8 | type = map(string)
9 | description = "Default tags for AWS that will be attached to each resource."
10 | default = {
11 | "TerminationDate" = "Permanent",
12 | "Environment" = "Development",
13 | "Team" = "DevOps",
14 | "DeployedBy" = "Terraform",
15 | "OwnerEmail" = "devops@example.com"
16 | }
17 | }
18 |
19 | variable "deployment_prefix" {
20 | description = "Prefix of the deployment."
21 | type = string
22 | default = "demo"
23 | }
24 |
25 |
--------------------------------------------------------------------------------
/lesson-35/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | kubernetes = {
10 | source = "hashicorp/kubernetes"
11 | version = ">= 2.10"
12 | }
13 | tls = {
14 | source = "hashicorp/tls"
15 | version = "~> 3.0"
16 | }
17 | helm = {
18 | source = "hashicorp/helm"
19 | version = ">= 2.4"
20 | }
21 | gitlab = {
22 | source = "gitlabhq/gitlab"
23 | version = "~> 3.16.1"
24 | }
25 | kubectl = {
26 | source = "gavinbunney/kubectl"
27 | version = ">= 1.14"
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/lesson-12/deploy-svc-app-v1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-v1
5 | labels:
6 | app: kuber-v1
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-v1
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-v1
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-v1
27 | spec:
28 | selector:
29 | app: http-server-v1
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 |
35 |
--------------------------------------------------------------------------------
/lesson-12/deploy-svc-app-v2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-v2
5 | labels:
6 | app: kuber-v2
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-v2
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-v2
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v2.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-v2
27 | spec:
28 | selector:
29 | app: http-server-v2
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 |
35 |
--------------------------------------------------------------------------------
/lesson-12/deploy-svc-app-v3.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-v3
5 | labels:
6 | app: kuber-v3
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-v3
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-v3
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v3.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-v3
27 | spec:
28 | selector:
29 | app: http-server-v3
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 |
35 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-4/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: Ingress
3 | metadata:
4 | name: app-bakavets-ingress
5 | namespace: demo
6 | annotations:
7 | cert-manager.io/issuer: letsencrypt-prod-issuer
8 | spec:
9 | ingressClassName: nginx # replacement of annotation: kubernetes.io/ingress.class: nginx
10 | tls:
11 | - hosts:
12 | - demo.k8s.bakavets.com
13 | secretName: app-tls-bakavets
14 | rules:
15 | - host: demo.k8s.bakavets.com
16 | http:
17 | paths:
18 | - pathType: Prefix
19 | path: /
20 | backend:
21 | service:
22 | name: kuber-service
23 | port:
24 | number: 80
25 |
--------------------------------------------------------------------------------
/lesson-33/terraform/helm-alb.tf:
--------------------------------------------------------------------------------
1 | resource "helm_release" "aws_load_balancer_controller" {
2 | name = "aws-load-balancer-controller"
3 | repository = "https://aws.github.io/eks-charts"
4 | chart = "aws-load-balancer-controller"
5 | version = "1.4.3"
6 | namespace = local.k8s_service_account_lb_namespace
7 |
8 | set {
9 | name = "clusterName"
10 | value = module.eks.cluster_id
11 | }
12 |
13 | set {
14 | name = "serviceAccount.name"
15 | value = local.k8s_service_account_lb_name
16 | }
17 |
18 | set {
19 | name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
20 | value = module.iam_assumable_role_aws_load_balancer_controller.iam_role_arn
21 | }
22 |
23 | }
24 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-3/deploy-svc-app.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service
27 | spec:
28 | selector:
29 | app: http-server
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 | type: ClusterIP
35 |
36 |
--------------------------------------------------------------------------------
/lesson-16/deploy-svc-app-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-1
5 | labels:
6 | app: kuber-1
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-1
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-1
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-1
27 | spec:
28 | selector:
29 | app: http-server-1
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 | type: ClusterIP
35 |
36 |
--------------------------------------------------------------------------------
/lesson-16/deploy-svc-app-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-2
5 | labels:
6 | app: kuber-2
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-2
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-2
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v2.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-2
27 | spec:
28 | selector:
29 | app: http-server-2
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 | type: ClusterIP
35 |
36 |
--------------------------------------------------------------------------------
/lesson-16/prod_ClusterIssuer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: ClusterIssuer
3 | metadata:
4 | name: letsencrypt-prod
5 | spec:
6 | acme:
7 | # You must replace this email address with your own.
8 | # Let's Encrypt will use this to contact you about expiring
9 | # certificates, and issues related to your account.
10 | email: bakavets.com@gmail.com
11 | server: https://acme-v02.api.letsencrypt.org/directory
12 | privateKeySecretRef:
13 | # Secret resource that will be used to store the ACME account's private key.
14 | name: letsencrypt-prod-private-key
15 | # Add a single challenge solver, HTTP01 using nginx
16 | solvers:
17 | - http01:
18 | ingress:
19 | class: nginx
--------------------------------------------------------------------------------
/lesson-21-22/1-deploy-two-containers.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: two-containers
5 | spec:
6 | restartPolicy: Never
7 | containers:
8 | - name: nginx-container
9 | image: nginx
10 | volumeMounts:
11 | - name: shared-data
12 | mountPath: /usr/share/nginx/html
13 | readOnly: true
14 | - name: debian-container
15 | image: debian
16 | volumeMounts:
17 | - name: shared-data
18 | mountPath: /pod-data
19 | command: ["/bin/sh"]
20 | args: ["-c", "while true; do echo Hello from the debian container date: $(date)> /pod-data/index.html; sleep 1; done"]
21 | volumes:
22 | - name: shared-data
23 | emptyDir: # {}
24 | medium: Memory
--------------------------------------------------------------------------------
/lesson-15/docker/server-default.py:
--------------------------------------------------------------------------------
1 | from http.server import HTTPServer, BaseHTTPRequestHandler
2 | import socket
3 | import sys
4 |
5 | class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
6 | def do_GET(self):
7 | self.send_response(200)
8 | self.send_header('Content-type','text/html')
9 | self.end_headers()
10 | self.wfile.write(b'Hello from hostname: ' + socket.gethostname().encode() + b'
')
11 | self.wfile.write(b'Text arg: ' + str(string_arg).encode() + b'
')
12 |
13 | string_arg = sys.argv[1]
14 | SERVER_PORT = 8000
15 | httpd = HTTPServer(('0.0.0.0', SERVER_PORT), SimpleHTTPRequestHandler)
16 | print('Listening on port %s ...' % SERVER_PORT)
17 | httpd.serve_forever()
--------------------------------------------------------------------------------
/lesson-25/k8s/example-1/deploy-svc-app-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-1
5 | labels:
6 | app: kuber-1
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-1
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-1
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-1
27 | spec:
28 | selector:
29 | app: http-server-1
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 | type: ClusterIP
35 |
36 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-1/deploy-svc-app-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-2
5 | labels:
6 | app: kuber-2
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-2
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-2
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v2.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-2
27 | spec:
28 | selector:
29 | app: http-server-2
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 | type: ClusterIP
35 |
36 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-2/deploy-svc-app-3.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-3
5 | labels:
6 | app: kuber-3
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-3
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-3
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v3.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-3
27 | spec:
28 | selector:
29 | app: http-server-3
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 | type: ClusterIP
35 |
36 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-3/deploy-svc-app-4.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-4
5 | labels:
6 | app: kuber-4
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-4
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-4
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-4
27 | spec:
28 | selector:
29 | app: http-server-4
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 | type: ClusterIP
35 |
36 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-3/deploy-svc-app-5.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-5
5 | labels:
6 | app: kuber-5
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server-5
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-5
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v2.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-service-5
27 | spec:
28 | selector:
29 | app: http-server-5
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 | type: ClusterIP
35 |
36 |
--------------------------------------------------------------------------------
/lesson-16/staging_ClusterIssuer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: ClusterIssuer
3 | metadata:
4 | name: letsencrypt-staging
5 | spec:
6 | acme:
7 | # You must replace this email address with your own.
8 | # Let's Encrypt will use this to contact you about expiring
9 | # certificates, and issues related to your account.
10 | email: bakavets.com@gmail.com
11 | server: https://acme-staging-v02.api.letsencrypt.org/directory
12 | privateKeySecretRef:
13 | # Secret resource that will be used to store the ACME account's private key.
14 | name: letsencrypt-staging-private-key
15 | # Add a single challenge solver, HTTP01 using nginx
16 | solvers:
17 | - http01:
18 | ingress:
19 | class: nginx
--------------------------------------------------------------------------------
/lesson-34/example-2/sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: app-sa-2
5 | namespace: example-2
6 | ---
7 | apiVersion: rbac.authorization.k8s.io/v1
8 | kind: ClusterRole
9 | metadata:
10 | # "namespace" omitted since ClusterRoles are not namespaced
11 | name: example-2-cr
12 | rules:
13 | - apiGroups: ["apps"]
14 | resources: ["deployments"]
15 | verbs: ["list"]
16 | ---
17 | apiVersion: rbac.authorization.k8s.io/v1
18 | kind: ClusterRoleBinding
19 | metadata:
20 | name: example-2-crb
21 | subjects:
22 | - kind: ServiceAccount
23 | name: app-sa-2
24 | namespace: example-2
25 | roleRef:
26 | kind: ClusterRole
27 | name: example-2-cr
28 | apiGroup: rbac.authorization.k8s.io
29 |
--------------------------------------------------------------------------------
/lesson-27/example-2/deploy-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-2
5 | labels:
6 | app: kuber-2
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-2
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-2
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v2.0
20 | ports:
21 | - containerPort: 8000
22 | volumeMounts:
23 | - name: secrets
24 | mountPath: "/etc/secrets"
25 | volumes:
26 | - name: secrets
27 | secret:
28 | secretName: secret-data
29 | items:
30 | - key: username
31 | path: my-group/my-username
--------------------------------------------------------------------------------
/lesson-13/kuber-deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-default
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-default
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-default
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0
20 | ports:
21 | - containerPort: 8000
22 | ---
23 | apiVersion: v1
24 | kind: Service
25 | metadata:
26 | name: kuber-default-service
27 | spec:
28 | selector:
29 | app: http-server-default
30 | ports:
31 | - protocol: TCP
32 | port: 80
33 | targetPort: 8000
34 | nodePort: 30001
35 | type: NodePort
--------------------------------------------------------------------------------
/lesson-25/k8s/README.md:
--------------------------------------------------------------------------------
1 | ## Install NGINX Ingress Controller: https://kubernetes.github.io/ingress-nginx/deploy/#aws
2 |
3 | NGINX Ingress Controller ingressClassName: https://kubernetes.github.io/ingress-nginx/user-guide/basic-usage/
4 |
5 | # Install Cert-manager using Helm
6 |
7 | ```bash
8 | helm repo add jetstack https://charts.jetstack.io
9 | ```
10 |
11 | ```bash
12 | helm repo update
13 | ```
14 |
15 | ```bash
16 | helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.7.0 -f values-cert-manager.yaml
17 | ```
18 |
19 | # Upgrade Cert-manager using Helm
20 |
21 | ```bash
22 | helm upgrade cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.7.0 -f values-cert-manager.yaml
23 | ```
--------------------------------------------------------------------------------
/lesson-34/example-3/sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: app-sa-3
5 | namespace: example-3
6 | ---
7 | apiVersion: rbac.authorization.k8s.io/v1
8 | kind: ClusterRole
9 | metadata:
10 | # "namespace" omitted since ClusterRoles are not namespaced
11 | name: example-3-cr
12 | rules:
13 | - apiGroups: ["apps"]
14 | resources: ["deployments"]
15 | verbs: ["list"]
16 | ---
17 | apiVersion: rbac.authorization.k8s.io/v1
18 | kind: RoleBinding
19 | metadata:
20 | name: rb
21 | namespace: example-3
22 | roleRef:
23 | apiGroup: rbac.authorization.k8s.io
24 | kind: ClusterRole
25 | name: example-3-cr
26 | subjects:
27 | - kind: ServiceAccount
28 | name: app-sa-3
29 | namespace: example-3
30 |
--------------------------------------------------------------------------------
/lesson-49/README.md:
--------------------------------------------------------------------------------
1 | Terraform
2 | ```
3 | export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
4 | export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
5 |
6 | cd terraform
7 | terraform init
8 | terraform plan
9 | terraform apply
10 |
11 | aws configure --profile personal
12 | aws eks update-kubeconfig --name demo-eks-cluster --profile personal --region eu-west-1
13 | ```
14 |
15 | K8s
16 | ```
17 | cd k8s
18 | kubectl create ns gitlab-space-external
19 | kubectl apply -f gitlab-runner-secret.yaml
20 |
21 | helm repo add gitlab https://charts.gitlab.io
22 | helm repo update gitlab
23 | helm install --namespace gitlab-space-external gitlab-runner -f gitlab-runner-values.yaml gitlab/gitlab-runner --version 0.57.0
24 |
25 | kubectl apply -f sa-kaniko.yaml
26 | ```
27 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-4/deploy-svc-app.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | namespace: demo
6 | labels:
7 | app: kuber
8 | spec:
9 | replicas: 2
10 | selector:
11 | matchLabels:
12 | app: http-server
13 | template:
14 | metadata:
15 | labels:
16 | app: http-server
17 | spec:
18 | containers:
19 | - name: kuber-app
20 | image: bakavets/kuber
21 | ports:
22 | - containerPort: 8000
23 | ---
24 | apiVersion: v1
25 | kind: Service
26 | metadata:
27 | name: kuber-service
28 | namespace: demo
29 | spec:
30 | selector:
31 | app: http-server
32 | ports:
33 | - protocol: TCP
34 | port: 80
35 | targetPort: 8000
36 | type: ClusterIP
37 |
38 |
--------------------------------------------------------------------------------
/lesson-40/k8s/kind/topology.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: zone-spread-topology
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 6
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: nginx
20 | topologySpreadConstraints:
21 | - maxSkew: 1
22 | topologyKey: topology.kubernetes.io/zone
23 | whenUnsatisfiable: DoNotSchedule
24 | labelSelector:
25 | matchLabels:
26 | app: http-server
27 | # matchLabelKeys:
28 | # - app
29 | # - pod-template-hash
30 |
--------------------------------------------------------------------------------
/lesson-26/example-3/pod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata:
4 | name: demo-pod
5 | spec:
6 | containers:
7 | - name: container
8 | image: busybox
9 | command: [ "/bin/sh", "-c", "echo Interval = $(INTERVAL). Desired count of print = $(COUNT). Text: $(TEXT_ARG)"]
10 | env:
11 | - name: INTERVAL
12 | valueFrom:
13 | configMapKeyRef:
14 | name: demo-cm
15 | key: interval
16 | - name: COUNT
17 | valueFrom:
18 | configMapKeyRef:
19 | name: demo-cm
20 | key: count
21 | - name: TEXT_ARG
22 | valueFrom:
23 | configMapKeyRef:
24 | name: demo-cm
25 | key: config.ini
26 | restartPolicy: Never
--------------------------------------------------------------------------------
/lesson-26/example-2/kuber-deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-args
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-args
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-args
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0-args
20 | args: ["$(INTERVAL)","$(COUNT)","$(TEXT_ARG)"]
21 | ports:
22 | - containerPort: 8000
23 | env:
24 | - name: INTERVAL
25 | value: "3"
26 | - name: COUNT
27 | value: "4"
28 | - name: TEXT_ARG
29 | value: "Interval = $(INTERVAL). Desired count of print = $(COUNT)."
30 |
31 |
--------------------------------------------------------------------------------
/lesson-42/k8s/example-1/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | # securityContext:
18 | # runAsUser: 1100
19 | # runAsGroup: 3000
20 | # fsGroup: 2000
21 | containers:
22 | - name: kuber-app
23 | image: bakavets/kuber
24 | ports:
25 | - containerPort: 8000
26 | volumeMounts:
27 | - mountPath: /data
28 | name: data-volume
29 | volumes:
30 | - name: data-volume
31 | persistentVolumeClaim:
32 | claimName: efs-claim
33 |
--------------------------------------------------------------------------------
/lesson-32/k8s/example-2/deploy-svc-app-1.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-1
5 | namespace: example-2
6 | labels:
7 | app: kuber-1
8 | spec:
9 | replicas: 2
10 | selector:
11 | matchLabels:
12 | app: http-server-1
13 | template:
14 | metadata:
15 | labels:
16 | app: http-server-1
17 | spec:
18 | containers:
19 | - name: kuber-app
20 | image: bakavets/kuber:v1.0
21 | ports:
22 | - containerPort: 8000
23 | ---
24 | apiVersion: v1
25 | kind: Service
26 | metadata:
27 | name: kuber-service-1
28 | namespace: example-2
29 | spec:
30 | selector:
31 | app: http-server-1
32 | ports:
33 | - protocol: TCP
34 | port: 80
35 | targetPort: 8000
36 | type: NodePort
37 |
38 |
--------------------------------------------------------------------------------
/lesson-32/k8s/example-2/deploy-svc-app-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-2
5 | namespace: example-2
6 | labels:
7 | app: kuber-2
8 | spec:
9 | replicas: 2
10 | selector:
11 | matchLabels:
12 | app: http-server-2
13 | template:
14 | metadata:
15 | labels:
16 | app: http-server-2
17 | spec:
18 | containers:
19 | - name: kuber-app
20 | image: bakavets/kuber:v2.0
21 | ports:
22 | - containerPort: 8000
23 | ---
24 | apiVersion: v1
25 | kind: Service
26 | metadata:
27 | name: kuber-service-2
28 | namespace: example-2
29 | spec:
30 | selector:
31 | app: http-server-2
32 | ports:
33 | - protocol: TCP
34 | port: 80
35 | targetPort: 8000
36 | type: NodePort
37 |
38 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/repo-examples/k8s-manifests/kuber.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-default
5 | namespace: default
6 | labels:
7 | app: kuber
8 | spec:
9 | replicas: 1
10 | selector:
11 | matchLabels:
12 | app: http-server-default
13 | template:
14 | metadata:
15 | labels:
16 | app: http-server-default
17 | spec:
18 | containers:
19 | - name: kuber-app
20 | image: bakavets/kuber:v1.0
21 | ports:
22 | - containerPort: 8000
23 | ---
24 | apiVersion: v1
25 | kind: Service
26 | metadata:
27 | name: kuber-default-service
28 | namespace: default
29 | spec:
30 | selector:
31 | app: http-server-default
32 | ports:
33 | - protocol: TCP
34 | port: 80
35 | targetPort: 8000
36 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0.2"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 3.72"
8 | }
9 | kubernetes = {
10 | source = "hashicorp/kubernetes"
11 | version = ">= 2.10"
12 | }
13 | tls = {
14 | source = "hashicorp/tls"
15 | version = "~> 3.0"
16 | }
17 | helm = {
18 | source = "hashicorp/helm"
19 | version = ">= 2.4"
20 | }
21 | gitlab = {
22 | source = "gitlabhq/gitlab"
23 | version = "~> 3.16.1"
24 | }
25 | kubectl = {
26 | source = "gavinbunney/kubectl"
27 | version = ">= 1.14"
28 | }
29 | random = {
30 | source = "hashicorp/random"
31 | version = ">= 3.1"
32 | }
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/lesson-26/example-5/README.md:
--------------------------------------------------------------------------------
1 | Create a Kubernetes Configmap with custom nginx.conf using kubectl:
2 |
3 | ```bash
4 | kubectl create configmap nginx-config --from-file=nginx.conf
5 | ```
6 |
7 | ## Create ConfigMaps from literal values
8 |
9 | You can use kubectl create configmap with the --from-literal argument to define a literal value from the command line:
10 | ```bash
11 | kubectl create configmap config --from-literal=interval=7 --from-literal=count=3 --from-literal=config.ini="Hello from ConfigMap"
12 | ```
13 |
14 | ## Create ConfigMaps from folder:
15 |
16 | ```bash
17 | kubectl create configmap my-config --from-file=configs/
18 | ```
19 |
20 | ## Use the option --from-env-file to create a ConfigMap from an env-file, for example:
21 |
22 | ```bash
23 | kubectl create configmap config-env-file --from-env-file=env-file.properties
24 | ```
--------------------------------------------------------------------------------
/lesson-15/kuber-deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-args
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-args
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-args
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0-args
20 | args:
21 | - "3"
22 | - "2"
23 | - text-temp
24 | ports:
25 | - containerPort: 8000
26 | ---
27 | apiVersion: v1
28 | kind: Service
29 | metadata:
30 | name: kuber-args-service
31 | spec:
32 | selector:
33 | app: http-server-args
34 | ports:
35 | - protocol: TCP
36 | port: 80
37 | targetPort: 8000
38 | nodePort: 30001
39 | type: NodePort
--------------------------------------------------------------------------------
/lesson-25/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region"
3 | default = "eu-north-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource"
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment"
20 | type = string
21 | default = "demo"
22 | }
23 |
24 | variable "aws_route53_hosted_zone_id" {
25 | description = "AWS Route53 Hosted zone ID"
26 | type = string
27 | default = "Z04182373OABFAT240LL1"
28 | }
29 |
--------------------------------------------------------------------------------
/lesson-27/example-1/deploy-2.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-2
5 | labels:
6 | app: kuber-2
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-2
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-2
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v2.0
20 | ports:
21 | - containerPort: 8000
22 | env:
23 | - name: SECRET_USERNAME
24 | valueFrom:
25 | secretKeyRef:
26 | name: secret-stringdata
27 | key: username
28 | - name: SECRET_PASSWORD
29 | valueFrom:
30 | secretKeyRef:
31 | name: secret-stringdata
32 | key: password
--------------------------------------------------------------------------------
/lesson-39/k8s/example-2/with-prefer-no-schedule-taint.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: with-prefer-no-schedule-taint
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 4
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | resources:
23 | limits:
24 | cpu: 1
25 | memory: 2Gi
26 | requests:
27 | cpu: 1
28 | memory: 512Mi
29 | tolerations:
30 | - key: node.k8s/app-role
31 | operator: Exists
32 | effect: PreferNoSchedule
33 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-1/deploy.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: example-1
6 | ---
7 | apiVersion: apps/v1
8 | kind: Deployment
9 | metadata:
10 | name: kuber
11 | namespace: example-1
12 | labels:
13 | app: kuber
14 | spec:
15 | replicas: 2
16 | selector:
17 | matchLabels:
18 | app: http-server
19 | template:
20 | metadata:
21 | labels:
22 | app: http-server
23 | spec:
24 | containers:
25 | - name: kuber-app
26 | image: bakavets/kuber
27 | ports:
28 | - containerPort: 8000
29 | ---
30 | apiVersion: v1
31 | kind: Service
32 | metadata:
33 | name: kuber-service
34 | namespace: example-1
35 | spec:
36 | selector:
37 | app: http-server
38 | ports:
39 | - protocol: TCP
40 | port: 80
41 | targetPort: 8000
42 |
--------------------------------------------------------------------------------
/lesson-30/argocd/applications/ingress-nginx.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: ingress-nginx
5 | namespace: argocd
6 | finalizers:
7 | - resources-finalizer.argocd.argoproj.io
8 | spec:
9 | project: infrastructure
10 |
11 | source:
12 | repoURL: 'https://kubernetes.github.io/ingress-nginx'
13 | targetRevision: 4.1.1
14 | chart: ingress-nginx
15 | helm:
16 | parameters:
17 | - name: "controller.replicaCount"
18 | value: "2"
19 | - name: "controller.service.type"
20 | value: "NodePort"
21 |
22 | destination:
23 | namespace: ingress-nginx
24 | server: https://kubernetes.default.svc
25 |
26 | # Sync policy
27 | syncPolicy:
28 | automated:
29 | prune: true
30 | selfHeal: true
31 | syncOptions:
32 | - CreateNamespace=true
33 |
--------------------------------------------------------------------------------
/lesson-25/k8s/prod-clusterissuer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: ClusterIssuer
3 | metadata:
4 | name: letsencrypt-prod
5 | spec:
6 | acme:
7 | # You must replace this email address with your own.
8 | # Let's Encrypt will use this to contact you about expiring
9 | # certificates, and issues related to your account.
10 | email: bakavets.com@gmail.com
11 | server: https://acme-v02.api.letsencrypt.org/directory
12 | privateKeySecretRef:
13 | # Secret resource that will be used to store the ACME account's private key.
14 | name: letsencrypt-prod-private-key
15 | solvers:
16 | # this solver handles kubxr.com challenges
17 | - selector:
18 | dnsZones:
19 | - "kubxr.com"
20 | dns01:
21 | route53:
22 | region: eu-north-1
23 | hostedZoneID: Z04182373OABFAT240LL1
24 |
--------------------------------------------------------------------------------
/lesson-43/k8s/example-2/deploy.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: example-2
6 | ---
7 | apiVersion: apps/v1
8 | kind: Deployment
9 | metadata:
10 | name: kuber-2
11 | namespace: example-2
12 | labels:
13 | app: kuber-2
14 | spec:
15 | replicas: 1
16 | selector:
17 | matchLabels:
18 | app: http-server-2
19 | template:
20 | metadata:
21 | labels:
22 | app: http-server-2
23 | spec:
24 | containers:
25 | - name: kuber-app
26 | image: bakavets/kuber:v2.0
27 | ports:
28 | - containerPort: 8000
29 | ---
30 | apiVersion: v1
31 | kind: Service
32 | metadata:
33 | name: kuber-service-2
34 | namespace: example-2
35 | spec:
36 | selector:
37 | app: http-server-2
38 | ports:
39 | - protocol: TCP
40 | port: 80
41 | targetPort: 8000
42 |
--------------------------------------------------------------------------------
/lesson-39/k8s/example-3/with-no-execute-taint.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: with-no-execute-taint
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 3
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | resources:
23 | limits:
24 | cpu: 1
25 | memory: 2Gi
26 | requests:
27 | cpu: 1
28 | memory: 512Mi
29 | tolerations:
30 | - key: "gpu"
31 | operator: "Equal"
32 | value: "true"
33 | effect: "NoExecute"
34 | # tolerationSeconds: 180
35 |
--------------------------------------------------------------------------------
/lesson-25/k8s/staging-clusterissuer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: ClusterIssuer
3 | metadata:
4 | name: letsencrypt-staging
5 | spec:
6 | acme:
7 | # You must replace this email address with your own.
8 | # Let's Encrypt will use this to contact you about expiring
9 | # certificates, and issues related to your account.
10 | email: bakavets.com@gmail.com
11 | server: https://acme-staging-v02.api.letsencrypt.org/directory
12 | privateKeySecretRef:
13 | # Secret resource that will be used to store the ACME account's private key.
14 | name: letsencrypt-staging-private-key
15 | solvers:
16 | # this solver handles kubxr.com challenges
17 | - selector:
18 | dnsZones:
19 | - "kubxr.com"
20 | dns01:
21 | route53:
22 | region: eu-north-1
23 | hostedZoneID: Z04182373OABFAT240LL1
24 |
--------------------------------------------------------------------------------
/lesson-34/example-3/app.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: example-3
6 | ---
7 | apiVersion: apps/v1
8 | kind: Deployment
9 | metadata:
10 | name: kuber
11 | namespace: example-3
12 | labels:
13 | app: kuber
14 | spec:
15 | replicas: 1
16 | selector:
17 | matchLabels:
18 | app: http-server
19 | template:
20 | metadata:
21 | labels:
22 | app: http-server
23 | spec:
24 | serviceAccountName: app-sa-3
25 | containers:
26 | - name: kuber-app
27 | image: bakavets/kuber
28 | ports:
29 | - containerPort: 8000
30 | ---
31 | apiVersion: v1
32 | kind: Service
33 | metadata:
34 | name: kuber-service
35 | namespace: example-3
36 | spec:
37 | selector:
38 | app: http-server
39 | ports:
40 | - protocol: TCP
41 | port: 80
42 | targetPort: 8000
43 |
--------------------------------------------------------------------------------
/lesson-13/kuber-deploy-readinessProbe-http.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-http-readinessprobe
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-default
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-default
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0-unhealthy
20 | ports:
21 | - containerPort: 8000
22 | readinessProbe:
23 | httpGet:
24 | path: /healthcheck
25 | port: 8000
26 | initialDelaySeconds: 5
27 | periodSeconds: 5
28 | livenessProbe:
29 | httpGet:
30 | path: /healthcheck
31 | port: 8000
32 | initialDelaySeconds: 5
33 | periodSeconds: 5
34 |
35 |
--------------------------------------------------------------------------------
/lesson-27/example-1/README.md:
--------------------------------------------------------------------------------
1 | ### Create a Secret using kubectl from-file:
2 |
3 | ```bash
4 | echo -n 'admin' > ./username.txt
5 | echo -n 'superpass12345&*' > ./password.txt
6 | ```
7 |
8 | ```bash
9 | kubectl create secret generic db-user-pass-from-file \
10 | --from-file=./username.txt \
11 | --from-file=./password.txt
12 | ```
13 |
14 | ```bash
15 | kubectl get secret db-user-pass-from-file -o yaml
16 | ```
17 |
18 | ### Create a Secret using kubectl from-literal:
19 |
20 | ```bash
21 | kubectl create secret generic db-user-pass-from-literal \
22 | --from-literal=username=devuser \
23 | --from-literal=password='P!S?*r$zDsY'
24 | ```
25 |
26 | ### Decoding the Secret:
27 |
28 | ```bash
29 | kubectl get secret db-user-pass-from-file -o jsonpath='{.data}'
30 | ```
31 |
32 | ```bash
33 | kubectl get secret db-user-pass-from-literal -o jsonpath='{.data.password}' | base64 --decode
34 | ```
35 |
--------------------------------------------------------------------------------
/lesson-34/example-1/app.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: example-1
6 | ---
7 | apiVersion: apps/v1
8 | kind: Deployment
9 | metadata:
10 | name: kuber-1
11 | namespace: example-1
12 | labels:
13 | app: kuber-1
14 | spec:
15 | replicas: 1
16 | selector:
17 | matchLabels:
18 | app: http-server-1
19 | template:
20 | metadata:
21 | labels:
22 | app: http-server-1
23 | spec:
24 | serviceAccountName: app-sa
25 | containers:
26 | - name: kuber-app
27 | image: bakavets/kuber:v1.0
28 | ports:
29 | - containerPort: 8000
30 | ---
31 | apiVersion: v1
32 | kind: Service
33 | metadata:
34 | name: kuber-service-1
35 | namespace: example-1
36 | spec:
37 | selector:
38 | app: http-server-1
39 | ports:
40 | - protocol: TCP
41 | port: 80
42 | targetPort: 8000
43 |
--------------------------------------------------------------------------------
/lesson-35/k8s/development/templates/app.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: demo-app
5 | finalizers:
6 | - resources-finalizer.argocd.argoproj.io
7 | spec:
8 | project: development
9 | source:
10 | repoURL: {{ .Values.source.repoURL }}
11 | targetRevision: {{ .Values.source.targetRevision }}
12 | path: {{ .Values.source.path }}
13 | helm:
14 | values: |
15 | hosts:
16 | app1: {{ .Values.appHosts.app1 }}
17 | app2: {{ .Values.appHosts.app2 }}
18 |
19 | clusterIssuer:
20 | name: {{ .Values.clusterIssuer.name }}
21 |
22 | destination:
23 | namespace: {{ .Values.namespace }}
24 | server: {{ .Values.spec.destination.server }}
25 |
26 | syncPolicy:
27 | automated:
28 | prune: true
29 | selfHeal: true
30 | syncOptions:
31 | - CreateNamespace=true
32 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-4/prod-issuer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: Issuer
3 | metadata:
4 | name: letsencrypt-prod-issuer
5 | namespace: demo
6 | spec:
7 | acme:
8 | # You must replace this email address with your own.
9 | # Let's Encrypt will use this to contact you about expiring
10 | # certificates, and issues related to your account.
11 | email: bakavets.com@gmail.com
12 | server: https://acme-v02.api.letsencrypt.org/directory
13 | privateKeySecretRef:
14 | # Secret resource that will be used to store the ACME account's private key.
15 | name: letsencrypt-prod-issuer-private-key
16 | solvers:
17 | # this solver handles k8s.bakavets.com challenges
18 | - selector:
19 | dnsZones:
20 | - "k8s.bakavets.com"
21 | dns01:
22 | route53:
23 | region: eu-north-1
24 | hostedZoneID: Z00382002AO1UBHWVUQZY
--------------------------------------------------------------------------------
/lesson-34/example-2/app.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 | name: example-2
6 | ---
7 | apiVersion: apps/v1
8 | kind: Deployment
9 | metadata:
10 | name: kuber-2
11 | namespace: example-2
12 | labels:
13 | app: kuber-2
14 | spec:
15 | replicas: 1
16 | selector:
17 | matchLabels:
18 | app: http-server-2
19 | template:
20 | metadata:
21 | labels:
22 | app: http-server-2
23 | spec:
24 | serviceAccountName: app-sa-2
25 | containers:
26 | - name: kuber-app
27 | image: bakavets/kuber:v2.0
28 | ports:
29 | - containerPort: 8000
30 | ---
31 | apiVersion: v1
32 | kind: Service
33 | metadata:
34 | name: kuber-service-2
35 | namespace: example-2
36 | spec:
37 | selector:
38 | app: http-server-2
39 | ports:
40 | - protocol: TCP
41 | port: 80
42 | targetPort: 8000
43 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/development/templates/app.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: demo-app
5 | finalizers:
6 | - resources-finalizer.argocd.argoproj.io
7 | spec:
8 | project: development
9 | source:
10 | repoURL: {{ .Values.source.repoURL }}
11 | targetRevision: {{ .Values.source.targetRevision }}
12 | path: {{ .Values.source.path }}
13 | helm:
14 | values: |
15 | hosts:
16 | app1: {{ .Values.appHosts.app1 }}
17 | app2: {{ .Values.appHosts.app2 }}
18 |
19 | clusterIssuer:
20 | name: {{ .Values.clusterIssuer.name }}
21 |
22 | destination:
23 | namespace: {{ .Values.namespace }}
24 | server: {{ .Values.spec.destination.server }}
25 |
26 | syncPolicy:
27 | automated:
28 | prune: true
29 | selfHeal: true
30 | syncOptions:
31 | - CreateNamespace=true
32 |
--------------------------------------------------------------------------------
/lesson-21-22/0-deploy-kuber.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 3
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app-1
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | volumeMounts:
23 | - mountPath: /cache-1
24 | name: cache-volume
25 | - name: nginx
26 | image: nginx
27 | ports:
28 | - containerPort: 80
29 | volumeMounts:
30 | - mountPath: /usr/share/nginx/html/data
31 | # - mountPath: /cache-2
32 | name: cache-volume
33 | subPath: data
34 | volumes:
35 | - name: cache-volume
36 | emptyDir: {}
37 |
--------------------------------------------------------------------------------
/lesson-35/k8s/infrastructure/applications/values.yaml:
--------------------------------------------------------------------------------
1 | aws:
2 | region: us-east-1
3 | route53:
4 | dnsZone: example.com
5 | hostedZoneID: Z123456789EXAMPLE
6 |
7 | clusterName: eks-cluster
8 |
9 | source:
10 | repoURL: git@gitlab.com:example/example.git
11 | targetRevision: main
12 |
13 | bootstrapApp:
14 | certManager:
15 | serviceAccountName: cert-manager-route53
16 | serviceAccountNamespace: cert-manager
17 | eksRoleArn: arn:aws:iam::123456789123:role/role-name
18 |
19 | certManagerConfigs:
20 | acme:
21 | email: example.com@gmail.com
22 |
23 | awsLBController:
24 | serviceAccountName: aws-load-balancer-controller
25 | namespace: kube-system
26 | eksRoleArn: arn:aws:iam::123456789123:role/role-name
27 |
28 | externalDNS:
29 | serviceAccountName: external-dns
30 | namespace: external-dns
31 | eksRoleArn: arn:aws:iam::123456789123:role/role-name
32 |
--------------------------------------------------------------------------------
/lesson-23/0-pv-kuber.yaml:
--------------------------------------------------------------------------------
1 | # https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/
2 | apiVersion: v1
3 | kind: PersistentVolume
4 | metadata:
5 | name: aws-pv-kuber
6 | labels:
7 | type: aws-pv-kuber
8 | spec:
9 | capacity:
10 | storage: 3Gi
11 | accessModes: # https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes
12 | - ReadWriteOnce
13 | persistentVolumeReclaimPolicy: Retain # https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/#PersistentVolumeSpec # https://kubernetes.io/docs/concepts/storage/persistent-volumes/#recycle
14 | storageClassName: "" # Empty value means that this volume does not belong to any StorageClass. https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1
15 | awsElasticBlockStore:
16 | volumeID: "vol-02a71cfd076eac916"
17 | fsType: ext4
--------------------------------------------------------------------------------
/lesson-25/k8s/example-4/staging-issuer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: Issuer
3 | metadata:
4 | name: letsencrypt-staging-issuer
5 | namespace: demo
6 | spec:
7 | acme:
8 | # You must replace this email address with your own.
9 | # Let's Encrypt will use this to contact you about expiring
10 | # certificates, and issues related to your account.
11 | email: bakavets.com@gmail.com
12 | server: https://acme-staging-v02.api.letsencrypt.org/directory
13 | privateKeySecretRef:
14 | # Secret resource that will be used to store the ACME account's private key.
15 | name: letsencrypt-staging-issuer-private-key
16 | solvers:
17 | # this solver handles k8s.bakavets.com challenges
18 | - selector:
19 | dnsZones:
20 | - "k8s.bakavets.com"
21 | dns01:
22 | route53:
23 | region: eu-north-1
24 | hostedZoneID: Z00382002AO1UBHWVUQZY
--------------------------------------------------------------------------------
/lesson-37/terraform/irsa-ebs-csi-driver.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | ebs_csi_driver = {
3 | namespace = "kube-system"
4 | service_account_name = "ebs-csi-controller-sa"
5 | }
6 | }
7 |
8 | module "irsa_ebs_csi_driver" {
9 | source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
10 | version = "5.3.0"
11 | create_role = true
12 | role_name = "${local.cluster_name}-ebs-csi-driver-role"
13 | provider_url = replace(module.eks.cluster_oidc_issuer_url, "https://", "")
14 | role_policy_arns = [data.aws_iam_policy.ebs_csi_driver.arn]
15 | oidc_fully_qualified_subjects = ["system:serviceaccount:${local.ebs_csi_driver.namespace}:${local.ebs_csi_driver.service_account_name}"]
16 | }
17 |
18 | data "aws_iam_policy" "ebs_csi_driver" {
19 | name = "AmazonEBSCSIDriverPolicy"
20 | }
21 |
--------------------------------------------------------------------------------
/lesson-16/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: Ingress
3 | metadata:
4 | name: main-ingress
5 | annotations:
6 | kubernetes.io/ingress.class: nginx
7 | cert-manager.io/cluster-issuer: "letsencrypt-prod"
8 | spec:
9 | tls:
10 | - hosts:
11 | - app-1.bakavets.com
12 | - app-2.bakavets.com
13 | secretName: app-tls
14 | rules:
15 | - host: app-1.bakavets.com
16 | http:
17 | paths:
18 | - pathType: Prefix
19 | path: /
20 | backend:
21 | service:
22 | name: kuber-service-1
23 | port:
24 | number: 80
25 | - host: app-2.bakavets.com
26 | http:
27 | paths:
28 | - pathType: Prefix
29 | path: /
30 | backend:
31 | service:
32 | name: kuber-service-2
33 | port:
34 | number: 80
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/bootstrap-app/templates/external-secrets.yaml:
--------------------------------------------------------------------------------
1 | {{ if .Values.externalSecrets.enabled }}
2 | apiVersion: argoproj.io/v1alpha1
3 | kind: Application
4 | metadata:
5 | name: external-secrets
6 | annotations:
7 | argocd.argoproj.io/sync-wave: "-20"
8 | finalizers:
9 | - resources-finalizer.argocd.argoproj.io
10 | spec:
11 | project: infrastructure
12 | source:
13 | repoURL: https://charts.external-secrets.io
14 | targetRevision: {{ .Values.externalSecrets.version }}
15 | chart: external-secrets
16 | helm:
17 | values: |
18 | installCRDs: true
19 |
20 | destination:
21 | namespace: {{ .Values.externalSecrets.namespace }}
22 | server: {{ .Values.spec.destination.server }}
23 |
24 | syncPolicy:
25 | automated:
26 | prune: true
27 | selfHeal: true
28 | syncOptions:
29 | - CreateNamespace=true
30 | {{ end }}
31 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/irsa-ebs-csi-driver.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | ebs_csi_driver = {
3 | namespace = "kube-system"
4 | service_account_name = "ebs-csi-controller-sa"
5 | }
6 | }
7 |
8 | module "irsa_ebs_csi_driver" {
9 | source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
10 | version = "5.3.0"
11 | create_role = true
12 | role_name = "${local.cluster_name}-ebs-csi-driver-role"
13 | provider_url = replace(module.eks.cluster_oidc_issuer_url, "https://", "")
14 | role_policy_arns = [data.aws_iam_policy.ebs_csi_driver.arn]
15 | oidc_fully_qualified_subjects = ["system:serviceaccount:${local.ebs_csi_driver.namespace}:${local.ebs_csi_driver.service_account_name}"]
16 | }
17 |
18 | data "aws_iam_policy" "ebs_csi_driver" {
19 | name = "AmazonEBSCSIDriverPolicy"
20 | }
21 |
--------------------------------------------------------------------------------
/lesson-36/k8s/example-2/mysql-secrets-manager.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ExternalSecret
3 | metadata:
4 | name: mysql-secrets-manager
5 | namespace: default
6 | spec:
7 | refreshInterval: '0'
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: aws-secrets-manager
11 | target:
12 | name: mysql-secrets-manager
13 | creationPolicy: Owner
14 | data:
15 | - secretKey: MYSQL_HOST
16 | remoteRef:
17 | key: demo-mysql
18 | property: MYSQL_HOST
19 | - secretKey: MYSQL_PORT
20 | remoteRef:
21 | key: demo-mysql
22 | property: MYSQL_PORT
23 | - secretKey: MYSQL_DB
24 | remoteRef:
25 | key: demo-mysql
26 | property: MYSQL_DATABASE
27 | - secretKey: MYSQL_USER
28 | remoteRef:
29 | key: demo-mysql
30 | property: MYSQL_USER
31 | - secretKey: MYSQL_PASSWORD
32 | remoteRef:
33 | key: demo-mysql
34 | property: MYSQL_PASSWORD
35 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/gitlab/runners/internal/external-secrets.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name: gitlab-runner-secret
6 | namespace: gitlab-space
7 | spec:
8 | refreshInterval: "0"
9 | secretStoreRef:
10 | kind: ClusterSecretStore
11 | name: aws-parameter-store
12 | target:
13 | name: gitlab-runner-secret
14 | creationPolicy: Owner
15 | template:
16 | data:
17 | # DEPRECATED: The Registration Token(runner-registration-token) for adding new Runners to the GitLab Server.
18 | # ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
19 | runner-registration-token: "" # need to leave as an empty string for compatibility reasons
20 | runner-token: '{{ index . "runner-token" }}'
21 | data:
22 | - secretKey: runner-token
23 | remoteRef:
24 | key: demo-gitlab
25 | property: runner.tokens.internal
26 |
--------------------------------------------------------------------------------
/lesson-13/kuber-deploy-livenessProbe-http.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: kuber-http
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: http-server-http
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server-http
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber:v1.0-unhealthy
20 | ports:
21 | - containerPort: 8000
22 | livenessProbe:
23 | httpGet:
24 | path: /healthcheck
25 | port: 8000
26 | initialDelaySeconds: 5
27 | periodSeconds: 5
28 | ---
29 | apiVersion: v1
30 | kind: Service
31 | metadata:
32 | name: kuber-service-http
33 | spec:
34 | selector:
35 | app: http-server-http
36 | ports:
37 | - protocol: TCP
38 | port: 80
39 | targetPort: 8000
40 | nodePort: 30003
41 | type: NodePort
--------------------------------------------------------------------------------
/lesson-42/k8s/example-3/deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: efs-app-ap
5 | labels:
6 | app: efs-app-ap
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: efs-app-ap
12 | template:
13 | metadata:
14 | labels:
15 | app: efs-app-ap
16 | spec:
17 | # securityContext:
18 | # runAsUser: 10
19 | # runAsGroup: 30
20 | # fsGroup: 20
21 | containers:
22 | - name: app
23 | image: centos
24 | command: ["/bin/sh"]
25 | args:
26 | [
27 | "-c",
28 | "while true; do echo $(date -u) - $HOSTNAME >> /data/out.txt; sleep 3; done",
29 | ]
30 | volumeMounts:
31 | - name: efs-volume
32 | mountPath: /data
33 | volumes:
34 | - name: efs-volume
35 | persistentVolumeClaim:
36 | claimName: efs-claim-ap
37 |
--------------------------------------------------------------------------------
/lesson-40/k8s/example-4/topology.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: az-spread-topology
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 21
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | version: v1
17 | spec:
18 | containers:
19 | - name: kuber-app
20 | image: bakavets/kuber
21 | ports:
22 | - containerPort: 8000
23 | resources:
24 | limits:
25 | cpu: 400m
26 | memory: 256Mi
27 | requests:
28 | cpu: 400m
29 | memory: 256Mi
30 | topologySpreadConstraints:
31 | - maxSkew: 1
32 | topologyKey: topology.kubernetes.io/zone
33 | whenUnsatisfiable: DoNotSchedule
34 | labelSelector:
35 | matchLabels:
36 | app: http-server
37 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/gitlab/runners/external/external-secrets.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: external-secrets.io/v1beta1
3 | kind: ExternalSecret
4 | metadata:
5 | name: gitlab-runner-secret
6 | namespace: gitlab-space-external
7 | spec:
8 | refreshInterval: "0"
9 | secretStoreRef:
10 | kind: ClusterSecretStore
11 | name: aws-parameter-store
12 | target:
13 | name: gitlab-runner-secret
14 | creationPolicy: Owner
15 | template:
16 | data:
17 | # DEPRECATED: The Registration Token(runner-registration-token) for adding new Runners to the GitLab Server.
18 | # ref: https://docs.gitlab.com/ee/ci/runners/new_creation_workflow.html
19 | runner-registration-token: "" # need to leave as an empty string for compatibility reasons
20 | runner-token: '{{ index . "runner-token" }}'
21 | data:
22 | - secretKey: runner-token
23 | remoteRef:
24 | key: demo-gitlab
25 | property: runner.tokens.external
26 |
--------------------------------------------------------------------------------
/lesson-25/k8s/example-1/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: Ingress
3 | metadata:
4 | name: main-ingress
5 | annotations:
6 | cert-manager.io/cluster-issuer: "letsencrypt-prod"
7 | spec:
8 | ingressClassName: nginx # replacement of annotation: kubernetes.io/ingress.class: nginx
9 | tls:
10 | - hosts:
11 | - app-1.kubxr.com
12 | - app-2.kubxr.com
13 | secretName: app-tls
14 | rules:
15 | - host: app-1.kubxr.com
16 | http:
17 | paths:
18 | - pathType: Prefix
19 | path: /
20 | backend:
21 | service:
22 | name: kuber-service-1
23 | port:
24 | number: 80
25 | - host: app-2.kubxr.com
26 | http:
27 | paths:
28 | - pathType: Prefix
29 | path: /
30 | backend:
31 | service:
32 | name: kuber-service-2
33 | port:
34 | number: 80
35 |
--------------------------------------------------------------------------------
/lesson-35/k8s/charts/app/templates/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: Ingress
3 | metadata:
4 | name: main-ingress
5 | annotations:
6 | cert-manager.io/cluster-issuer: {{ .Values.clusterIssuer.name }}
7 | spec:
8 | ingressClassName: nginx
9 | tls:
10 | - hosts:
11 | - {{ .Values.hosts.app1 }}
12 | - {{ .Values.hosts.app2 }}
13 | secretName: app-tls
14 | rules:
15 | - host: {{ .Values.hosts.app1 }}
16 | http:
17 | paths:
18 | - pathType: Prefix
19 | path: /
20 | backend:
21 | service:
22 | name: kuber-service-1
23 | port:
24 | number: 80
25 | - host: {{ .Values.hosts.app2 }}
26 | http:
27 | paths:
28 | - pathType: Prefix
29 | path: /
30 | backend:
31 | service:
32 | name: kuber-service-2
33 | port:
34 | number: 80
35 |
--------------------------------------------------------------------------------
/lesson-35/k8s/infrastructure/charts/cert-manager-configs/templates/cluster-issuer-prod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: ClusterIssuer
3 | metadata:
4 | name: letsencrypt-prod
5 | spec:
6 | acme:
7 | # You must replace this email address with your own.
8 | # Let's Encrypt will use this to contact you about expiring
9 | # certificates, and issues related to your account.
10 | email: {{ .Values.acme.email }}
11 | server: https://acme-v02.api.letsencrypt.org/directory
12 | privateKeySecretRef:
13 | # Secret resource that will be used to store the ACME account's private key.
14 | name: letsencrypt-prod-private-key
15 | solvers:
16 | - selector:
17 | dnsZones:
18 | {{- range .Values.acme.dnsZones }}
19 | - {{ . }}
20 | {{- end }}
21 | dns01:
22 | route53:
23 | region: {{ .Values.acme.route53.region }}
24 | hostedZoneID: {{ .Values.acme.route53.hostedZoneID }}
25 |
--------------------------------------------------------------------------------
/lesson-35/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
24 | variable "gitlab_token" {
25 | type = string
26 | sensitive = true
27 | description = "The OAuth2 Token, Project, Group, Personal Access Token or CI Job Token used to connect to GitLab. The OAuth method is used in this provider for authentication (using Bearer authorization token)."
28 | }
29 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/charts/app/templates/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: Ingress
3 | metadata:
4 | name: main-ingress
5 | annotations:
6 | cert-manager.io/cluster-issuer: {{ .Values.clusterIssuer.name }}
7 | spec:
8 | ingressClassName: nginx
9 | tls:
10 | - hosts:
11 | - {{ .Values.hosts.app1 }}
12 | - {{ .Values.hosts.app2 }}
13 | secretName: app-tls
14 | rules:
15 | - host: {{ .Values.hosts.app1 }}
16 | http:
17 | paths:
18 | - pathType: Prefix
19 | path: /
20 | backend:
21 | service:
22 | name: kuber-service-1
23 | port:
24 | number: 80
25 | - host: {{ .Values.hosts.app2 }}
26 | http:
27 | paths:
28 | - pathType: Prefix
29 | path: /
30 | backend:
31 | service:
32 | name: kuber-service-2
33 | port:
34 | number: 80
35 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/k8s/infrastructure/charts/cert-manager-configs/templates/cluster-issuer-prod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: ClusterIssuer
3 | metadata:
4 | name: letsencrypt-prod
5 | spec:
6 | acme:
7 | # You must replace this email address with your own.
8 | # Let's Encrypt will use this to contact you about expiring
9 | # certificates, and issues related to your account.
10 | email: {{ .Values.acme.email }}
11 | server: https://acme-v02.api.letsencrypt.org/directory
12 | privateKeySecretRef:
13 | # Secret resource that will be used to store the ACME account's private key.
14 | name: letsencrypt-prod-private-key
15 | solvers:
16 | - selector:
17 | dnsZones:
18 | {{- range .Values.acme.dnsZones }}
19 | - {{ . }}
20 | {{- end }}
21 | dns01:
22 | route53:
23 | region: {{ .Values.acme.route53.region }}
24 | hostedZoneID: {{ .Values.acme.route53.hostedZoneID }}
25 |
--------------------------------------------------------------------------------
/lesson-44-45-46-47-48/terraform/variables.tf:
--------------------------------------------------------------------------------
1 | variable "aws_region" {
2 | description = "AWS Region."
3 | default = "eu-west-1"
4 | }
5 |
6 | variable "default_tags" {
7 | type = map(string)
8 | description = "Default tags for AWS that will be attached to each resource."
9 | default = {
10 | "TerminationDate" = "Permanent",
11 | "Environment" = "Development",
12 | "Team" = "DevOps",
13 | "DeployedBy" = "Terraform",
14 | "OwnerEmail" = "devops@example.com"
15 | }
16 | }
17 |
18 | variable "deployment_prefix" {
19 | description = "Prefix of the deployment."
20 | type = string
21 | default = "demo"
22 | }
23 |
24 | variable "gitlab_token" {
25 | type = string
26 | sensitive = true
27 | description = "The OAuth2 Token, Project, Group, Personal Access Token or CI Job Token used to connect to GitLab. The OAuth method is used in this provider for authentication (using Bearer authorization token)."
28 | }
29 |
--------------------------------------------------------------------------------
/lesson-40/k8s/common/nginx.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: nginx
5 | namespace: kube-system
6 | labels:
7 | app: nginx
8 | spec:
9 | replicas: 8
10 | selector:
11 | matchLabels:
12 | app: nginx
13 | template:
14 | metadata:
15 | labels:
16 | app: nginx
17 | spec:
18 | containers:
19 | - name: nginx
20 | image: nginx
21 | resources:
22 | limits:
23 | cpu: 1000m
24 | memory: 1Gi
25 | requests:
26 | cpu: 1000m
27 | memory: 512Mi
28 | affinity:
29 | nodeAffinity:
30 | requiredDuringSchedulingIgnoredDuringExecution:
31 | nodeSelectorTerms:
32 | - matchExpressions:
33 | - key: topology.kubernetes.io/zone
34 | operator: In
35 | values:
36 | - eu-west-1a
37 | - eu-west-1c
38 |
--------------------------------------------------------------------------------
/lesson-39/k8s/example-1/with-no-schedule-taint.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: with-no-schedule-taint
5 | labels:
6 | app: kuber
7 | spec:
8 | replicas: 2
9 | selector:
10 | matchLabels:
11 | app: http-server
12 | template:
13 | metadata:
14 | labels:
15 | app: http-server
16 | spec:
17 | containers:
18 | - name: kuber-app
19 | image: bakavets/kuber
20 | ports:
21 | - containerPort: 8000
22 | affinity:
23 | nodeAffinity:
24 | requiredDuringSchedulingIgnoredDuringExecution:
25 | nodeSelectorTerms:
26 | - matchExpressions:
27 | - key: node.k8s/role
28 | operator: In
29 | values:
30 | - app-worker
31 | tolerations:
32 | - key: node.k8s/app-role
33 | operator: Equal # Exists
34 | value: worker
35 | effect: NoSchedule
36 |
--------------------------------------------------------------------------------
/lesson-33/k8s/external-dns-values.yaml:
--------------------------------------------------------------------------------
1 | domainFilters: ["kubxr.com"] # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
2 | registry: txt # Registry method to use. TXT records signify that the corresponding ALIAS records are managed by ExternalDNS.
3 | txtOwnerId: my-demo-identifier # set to a unique value that doesn't change for the lifetime of your cluster. A name that identifies this instance of ExternalDNS.
4 | provider: aws # DNS provider where the DNS records will be created.
5 | policy: upsert-only # would prevent ExternalDNS from deleting any records. (options: sync, upsert-only )
6 | sources: ["service", "ingress"] # K8s resources type to be observed for new DNS entries by ExternalDNS
7 | serviceAccount:
8 | create: true
9 | name: external-dns
10 | annotations:
11 | eks.amazonaws.com/role-arn: arn:aws:iam::849634744839:role/demo-eks-cluster-external-dns-role
12 | aws:
13 | region: eu-north-1
14 | zoneType: public # only look at public hosted zones
--------------------------------------------------------------------------------
/lesson-30/charts/demo/templates/hpa.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.autoscaling.enabled }}
2 | apiVersion: autoscaling/v2beta1
3 | kind: HorizontalPodAutoscaler
4 | metadata:
5 | name: {{ include "demo.fullname" . }}
6 | labels:
7 | {{- include "demo.labels" . | nindent 4 }}
8 | spec:
9 | scaleTargetRef:
10 | apiVersion: apps/v1
11 | kind: Deployment
12 | name: {{ include "demo.fullname" . }}
13 | minReplicas: {{ .Values.autoscaling.minReplicas }}
14 | maxReplicas: {{ .Values.autoscaling.maxReplicas }}
15 | metrics:
16 | {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
17 | - type: Resource
18 | resource:
19 | name: cpu
20 | targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
21 | {{- end }}
22 | {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
23 | - type: Resource
24 | resource:
25 | name: memory
26 | targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
27 | {{- end }}
28 | {{- end }}
29 |
--------------------------------------------------------------------------------
/lesson-36/k8s/example-2/mysql-parameter-store.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: external-secrets.io/v1beta1
2 | kind: ExternalSecret
3 | metadata:
4 | name: mysql-parameter-store
5 | namespace: default
6 | spec:
7 | refreshInterval: 1h
8 | secretStoreRef:
9 | kind: ClusterSecretStore
10 | name: aws-parameter-store
11 | target:
12 | name: mysql-parameter-store
13 | creationPolicy: Owner
14 | data:
15 | - secretKey: MYSQL_HOST
16 | remoteRef:
17 | key: demo-mysql
18 | property: MYSQL_HOST
19 | - secretKey: MYSQL_PORT
20 | remoteRef:
21 | key: demo-mysql
22 | property: MYSQL_PORT
23 | - secretKey: MYSQL_DB
24 | remoteRef:
25 | key: demo-mysql
26 | property: MYSQL_DATABASE
27 | - secretKey: MYSQL_USER
28 | remoteRef:
29 | key: demo-mysql
30 | property: MYSQL_USER
31 | - secretKey: MYSQL_PASSWORD
32 | remoteRef:
33 | key: demo-mysql
34 | property: MYSQL_PASSWORD
35 | - secretKey: DEMO
36 | remoteRef:
37 | key: demo-mysql
38 | property: name.last
39 |
--------------------------------------------------------------------------------
/lesson-32/k8s/example-2/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: Ingress
3 | metadata:
4 | name: main-ingress
5 | namespace: example-2
6 | annotations:
7 | alb.ingress.kubernetes.io/scheme: internet-facing
8 | alb.ingress.kubernetes.io/target-type: instance # service must be of type "NodePort" or "LoadBalancer" to use instance mode
9 | alb.ingress.kubernetes.io/tags: Environment=Development,Team=DevOps,Project=app
10 | spec:
11 | ingressClassName: alb
12 | rules:
13 | - host: app-1.kubxr.com
14 | http:
15 | paths:
16 | - pathType: Prefix
17 | path: /
18 | backend:
19 | service:
20 | name: kuber-service-1
21 | port:
22 | number: 80
23 | - host: app-2.kubxr.com
24 | http:
25 | paths:
26 | - pathType: Prefix
27 | path: /
28 | backend:
29 | service:
30 | name: kuber-service-2
31 | port:
32 | number: 80
33 |
--------------------------------------------------------------------------------
/lesson-13/kuber-deploy-livenessProbe-exec.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: ubuntu
5 | labels:
6 | app: ubuntu
7 | spec:
8 | replicas: 1
9 | selector:
10 | matchLabels:
11 | app: ubuntu
12 | template:
13 | metadata:
14 | labels:
15 | app: ubuntu
16 | spec:
17 | containers:
18 | - name: ubuntu
19 | image: ubuntu
20 | args:
21 | - /bin/sh
22 | - -c
23 | - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600
24 | livenessProbe:
25 | exec:
26 | command:
27 | - cat
28 | - /tmp/healthy
29 | initialDelaySeconds: 5 # Defaults to 0 seconds. Minimum value is 0.
30 | periodSeconds: 5 # Default to 10 seconds. Minimum value is 1.
31 | timeoutSeconds: 1 # Defaults to 1 second. Minimum value is 1.
32 | successThreshold: 1 # Defaults to 1. Must be 1 for liveness and startup Probes. Minimum value is 1.
33 | failureThreshold: 3 # Defaults to 3. Minimum value is 1.
--------------------------------------------------------------------------------