├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── DCO ├── LICENSE ├── NOTICE ├── README.md ├── advanced_operations_of_kubernetes_with_kubeone ├── .99_todos │ └── todos.md ├── .gitignore ├── .images │ ├── gce_k1_instances.png │ └── restic_yaml_diff_s3_vs_gs.png ├── 00_setup │ ├── README.md │ └── setup.sh ├── 01_create-cloud-credentials │ └── README.md ├── 02_initial-cloud-infra-with-terraform │ └── README.md ├── 03_first-kubeone-cluster │ └── README.md ├── 04_deploy-app-01-simple │ └── README.md ├── 05_HA-master │ └── README.md ├── 06_HA-worker │ └── README.md ├── 07_deploy-app-02-external-access │ ├── README.md │ ├── ingress-backup-manifests │ │ ├── cert-manager.yaml │ │ └── nginx.deploy.yaml │ └── manifests │ │ ├── app.deployment.yaml │ │ ├── app.ingress.yaml │ │ ├── app.service.yaml │ │ └── lb.cluster-issuer.yaml ├── 08_optimize-workers │ └── README.md ├── 09_backup_velero │ ├── README.md │ └── gs-bucket.tf ├── 10_addons-sc-and-restic-etcd-backup │ ├── README.md │ ├── pvc.test.yaml │ └── template.backups-restic.yaml ├── 11_kubeone_upgrade │ └── README.md ├── 12_cluster-autoscaling │ ├── README.md │ └── deploy.scale.yaml ├── 90_bonus │ └── README.md ├── 99_cluster-cleanup-or-pause │ └── README.md ├── README.md ├── src │ └── gce │ │ ├── kubeone.yaml │ │ └── tf-infra │ │ ├── README.md │ │ ├── README.md.in │ │ ├── main.tf │ │ ├── output.tf │ │ ├── terraform.tfvars │ │ ├── variables.tf │ │ └── versions.tf └── todos.md ├── container_fundamentals ├── .99_todos │ ├── labs.md │ └── slides.md ├── 00_setup │ └── README.md ├── 01_hello-docker │ └── README.md ├── 02_images │ └── README.md ├── 03_container-lifecycle │ └── README.md ├── 04_interact │ └── README.md ├── 05_layers │ └── README.md ├── 06_dockerfile │ ├── Dockerfile │ └── README.md ├── 07_dockerfile_webserver │ ├── Dockerfile │ ├── README.md │ └── index.html ├── 08_build-ignore │ ├── Dockerfile │ ├── README.md │ ├── passwords.txt │ └── some-large-image.jpg ├── 09_entrypoint-vs-cmd │ ├── Dockerfile │ └── README.md ├── 10_shell-vs-exec-form-variable-substitution │ ├── Dockerfile │ └── README.md ├── 11_shell-vs-exec-form-PID1 │ ├── Dockerfile │ └── README.md ├── 12_multistaged-builds │ ├── Dockerfile │ ├── README.md │ └── main.go ├── 13_caching │ ├── .gitignore │ ├── Dockerfile │ ├── README.md │ ├── package-lock.json │ ├── package.json │ └── server.js ├── 14_linting │ ├── .solution │ │ └── Dockerfile │ ├── Dockerfile │ └── README.md ├── 15_logs │ └── README.md ├── 16_networking │ └── README.md ├── 17_volumes │ ├── .gitignore │ ├── Dockerfile │ └── README.md ├── 18_docker-compose │ ├── README.md │ ├── docker-compose.yaml │ └── prometheus.yaml ├── 19_privileged-container │ └── README.md ├── README.md ├── cloudinit.yaml └── makefile ├── kubermatic_kubernetes_platform_administration ├── .99_todos │ ├── .09_oauth │ │ └── README.md │ ├── .10_master_seed_clusters_mla │ │ └── README.md │ ├── labs.md │ └── slides.md ├── .gitignore ├── .trainingrc ├── 01_create_kubeone_cluster │ ├── README.md │ └── makefile ├── 02_setup_kkp_master │ ├── README.md │ └── makefile ├── 03_setup_kkp_seed │ ├── README.md │ └── makefile ├── 04_create_user_cluster │ └── README.md ├── 05_applications │ └── README.md ├── 06_upgrade_user_cluster │ └── README.md ├── 07_upgrade_kkp │ ├── README.md │ └── makefile ├── 08_templating │ └── README.md ├── README.md ├── img │ ├── addons.png │ ├── admin_panel.png │ ├── choose_project.png │ ├── cookies_01.png │ ├── cookies_02.png │ ├── cookies_03.png │ ├── dashboard.png │ ├── get_kubeconfig.png │ ├── open_home_workspace.png │ └── upgrade_user_clusters.png ├── kkp │ ├── applications │ │ ├── echoserver.yaml │ │ └── ingress-nginx.yaml │ ├── clusterissuer.yaml │ ├── my-addon.yaml │ ├── preset-gce.yaml │ ├── seed.yaml │ ├── storageclass-backup.yaml │ └── storageclass-fast.yaml ├── kubeone │ ├── kubeone.yaml │ └── terraform.tfvars └── makefile ├── kubernetes_fundamentals ├── .99_todos │ ├── labs.md │ └── slides.md ├── 01_hello-k8s │ ├── README.md │ ├── index.html │ ├── pod.yaml │ └── service.yaml ├── 02_pods │ ├── README.md │ └── pod.yaml ├── 03_commands-and-args │ ├── .solution │ │ └── pod.yaml │ ├── README.md │ └── pod.yaml ├── 04_multi-container-pods │ ├── README.md │ ├── pod-v1.yaml │ └── pod-v2.yaml ├── 05_replicasets │ ├── .solution │ │ └── replicaset.yaml │ ├── README.md │ └── replicaset.yaml ├── 06_deployments │ ├── README.md │ ├── deployment-v1.yaml │ └── deployment-v2.yaml ├── 07_revision-history │ ├── README.md │ └── deployment.yaml ├── 08_services │ ├── README.md │ ├── deployment.yaml │ ├── service-v1.yaml │ ├── service-v2.yaml │ └── service-v3.yaml ├── 09_configmaps │ ├── .solution │ │ ├── configmap.yaml │ │ └── pod.yaml │ ├── README.md │ ├── configmap.yaml │ └── pod.yaml ├── 10_secrets │ ├── .solution │ │ ├── pod.yaml │ │ └── secret.yaml │ ├── README.md │ ├── pod.yaml │ └── secret.yaml ├── 11_persistence-static │ ├── .solution │ │ ├── pv.yaml │ │ └── pvc.yaml │ ├── README.md │ ├── pv.yaml │ └── pvc.yaml ├── 12_persistence-dynamic │ ├── README.md │ ├── pvc.yaml │ ├── storageclass-v1.yaml │ └── storageclass-v2.yaml ├── 13_persistence-use-volume │ ├── .solution │ │ ├── pod.yaml │ │ └── pvc.yaml │ ├── README.md │ ├── pod.yaml │ └── pvc.yaml ├── 14_statefulsets │ ├── README.md │ ├── service.yaml │ └── sts.yaml ├── 15_hpas │ ├── README.md │ ├── deployment.yaml │ ├── hpa.yaml │ ├── load-deployment.yaml │ └── service.yaml ├── 16_daemonsets │ ├── README.md │ └── daemonset.yaml ├── 17_jobs │ ├── .solution │ │ └── job.yaml │ ├── README.md │ └── job.yaml ├── 18_cronjobs │ ├── README.md │ └── cronjob.yaml ├── 19_scheduling-node-selector │ ├── README.md │ └── deployment.yaml ├── 20_scheduling-affinity │ ├── README.md │ ├── fire-deployment.yaml │ └── water-pod.yaml ├── 21_scheduling-taints-and-tolerations │ ├── README.md │ ├── deployment.yaml │ └── pod.yaml ├── 22_ingress │ ├── README.md │ ├── blue.yaml │ ├── ingress.yaml │ └── red.yaml ├── 26_authorization │ ├── README.md │ ├── clusterrole.yaml │ ├── clusterrolebinding.yaml │ ├── pod.yaml │ └── serviceaccount.yaml ├── 27_networkpolicies │ ├── README.md │ ├── bob.yaml │ ├── networkpolicy-allow-susan.yaml │ ├── networkpolicy-deny-all.yaml │ └── susan.yaml ├── 28_helm │ ├── README.md │ ├── my-chart │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ └── service.yaml │ │ └── values.yaml │ └── my-values.yaml ├── 29_prometheus │ ├── README.md │ ├── grafana-values.yaml │ ├── pod.yaml │ └── prometheus-values.yaml ├── 43_mysql │ ├── README.md │ ├── deployment.yaml │ ├── pvc.yaml │ └── service.yaml ├── README.md ├── makefile ├── setup_cluster.sh └── teardown_cluster.sh ├── kubernetes_fundamentals_for_developers ├── .99_todos │ ├── general.md │ ├── labs.md │ └── slides.md ├── 00_app │ ├── .dockerignore │ ├── .gitignore │ ├── Dockerfile │ ├── Dockerfile-A │ ├── Dockerfile-B │ ├── Dockerfile-distroless │ ├── Makefile │ ├── README.md │ ├── conf │ │ └── app.conf │ ├── go.mod │ ├── go.sum │ └── main.go ├── 01_configmaps │ ├── README.md │ └── k8s │ │ ├── configmap.yaml │ │ ├── ingress.yaml │ │ ├── pod.yaml │ │ └── service.yaml ├── 02_downward_api │ ├── README.md │ └── k8s │ │ ├── ingress.yaml │ │ ├── pod.yaml │ │ └── service.yaml ├── 04_probing │ ├── README.md │ └── k8s │ │ ├── ingress.yaml │ │ ├── pod.yaml │ │ └── service.yaml ├── 05_graceful_shutdown │ ├── README.md │ └── k8s │ │ └── pod.yaml ├── 06_graceful_shutdown_dragons │ ├── README.md │ └── k8s │ │ ├── pod-A.yaml │ │ └── pod-B.yaml ├── 07_resources │ ├── README.md │ └── k8s │ │ └── pod.yaml ├── 08_init_containers │ ├── README.md │ └── k8s │ │ ├── pod-A.yaml │ │ ├── pod-B.yaml │ │ └── service-B.yaml ├── 09_debugging_containers │ ├── README.md │ └── k8s │ │ └── pod.yaml ├── 10_secrets │ ├── README.md │ └── k8s │ │ ├── configmap.yaml │ │ └── pod.yaml ├── README.md ├── makefile ├── setup.sh └── teardown.sh ├── kubernetes_fundamentals_for_operators ├── .99_todos │ ├── labs.md │ └── slides.md ├── 01_magicless-kubernetes │ ├── .gitignore │ ├── 000_func.sh │ ├── 010_network.sh │ ├── 020_instances.sh │ ├── 030_pki.sh │ ├── 040_kubeconfigs.sh │ ├── 050_encryption.sh │ ├── 100_master-files.sh │ ├── 110_master-tmux.sh │ ├── 120_master-etcd.sh │ ├── 130_master-kube-services-preps.sh │ ├── 140_master-kube-apiserver.sh │ ├── 150_master-kube-controller-manager.sh │ ├── 160_master-kube-scheduler.sh │ ├── 170_master-kubelet-rbac.sh │ ├── 200_worker-files.sh │ ├── 210_worker-tmux.sh │ ├── 220_worker_cre.sh │ ├── 230_worker_kubelet.sh │ ├── 240_worker_kube-proxy.sh │ ├── 250_worker_cni.sh │ ├── 300_routes.sh │ ├── 410_smoke-test-deployment.sh │ ├── 420_smoke-test-secret.sh │ ├── README.md │ ├── configs │ │ ├── 10-bridge.conf │ │ ├── 99-loopback.conf │ │ ├── containerd-config.toml │ │ ├── crictl.yaml │ │ ├── kube-apiserver-to-kubelet.yaml │ │ ├── kube-proxy-config.yaml │ │ ├── kube-scheduler.yaml │ │ └── kubelet-config.yaml │ ├── secrets │ │ ├── ca-config.json │ │ └── ca-csr.json │ └── services │ │ ├── containerd.service │ │ ├── etcd.service │ │ ├── kube-apiserver.service │ │ ├── kube-controller-manager.service │ │ ├── kube-proxy.service │ │ ├── kube-scheduler.service │ │ └── kubelet.service ├── 02_etcd │ └── README.md ├── 03_authentication │ ├── README.md │ └── bob-csr-template.yaml ├── 04_no_restart │ ├── README.md │ ├── deployment.yaml │ └── pod.yaml ├── README.md ├── makefile ├── setup_trainingrc_file.sh ├── setup_trainingrc_file_nodes.sh └── teardown.sh ├── kubernetes_helm ├── .99_todos │ ├── labs.md │ └── slides.md ├── 00_setup │ ├── README.md │ └── setup_cluster.sh ├── 01_apps-with-only-manifests │ ├── README.md │ ├── dev │ │ ├── blue │ │ │ ├── blue-configmap.yaml │ │ │ ├── blue-deployment.yaml │ │ │ ├── blue-ingress.yaml │ │ │ └── blue-service.yaml │ │ └── red │ │ │ ├── red-configmap.yaml │ │ │ ├── red-deployment.yaml │ │ │ ├── red-ingress.yaml │ │ │ └── red-service.yaml │ └── prod │ │ ├── blue │ │ ├── blue-configmap.yaml │ │ ├── blue-deployment.yaml │ │ ├── blue-ingress.yaml │ │ └── blue-service.yaml │ │ └── red │ │ ├── red-configmap.yaml │ │ ├── red-deployment.yaml │ │ ├── red-ingress.yaml │ │ └── red-service.yaml ├── 02_deploy-with-kustomize │ ├── README.md │ ├── base │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── kustomization.yaml │ │ └── service.yaml │ └── overlays │ │ ├── dev │ │ └── kustomization.yaml │ │ └── prod │ │ ├── configmap.yaml │ │ ├── deployment-patch.yaml │ │ ├── ingress-patch.yaml │ │ └── kustomization.yaml ├── 03_apps-with-helm │ ├── README.md │ ├── color-viewer │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ └── service.yaml │ │ └── values.yaml │ └── prod-values.yaml ├── 04_rollback │ ├── README.md │ └── color-viewer │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml │ │ └── values.yaml ├── 05_variables │ ├── .solution │ │ └── color-viewer │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ └── service.yaml │ │ │ └── values.yaml │ ├── README.md │ └── color-viewer │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml │ │ └── values.yaml ├── 06_functions │ ├── .solution │ │ └── my-chart │ │ │ ├── Chart.yaml │ │ │ └── templates │ │ │ ├── _helpers.tpl │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ └── service.yaml │ ├── README.md │ └── my-chart │ │ ├── Chart.yaml │ │ └── templates │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml ├── 07_includes │ ├── .solution │ │ └── my-chart │ │ │ ├── Chart.yaml │ │ │ └── templates │ │ │ ├── _helpers.tpl │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ └── service.yaml │ ├── README.md │ └── my-chart │ │ ├── Chart.yaml │ │ └── templates │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml ├── 08_ifs │ ├── .solution │ │ └── my-chart │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── hpa.yaml │ │ │ ├── ingress.yaml │ │ │ └── service.yaml │ │ │ └── values.yaml │ ├── README.md │ └── my-chart │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── hpa.yaml │ │ ├── ingress.yaml │ │ └── service.yaml │ │ └── values.yaml ├── 09_required │ ├── .solution │ │ └── my-chart │ │ │ ├── Chart.yaml │ │ │ └── templates │ │ │ ├── _helpers.tpl │ │ │ ├── configmap.yaml │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ └── service.yaml │ ├── README.md │ └── my-chart │ │ ├── Chart.yaml │ │ └── templates │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml ├── 10_tests │ ├── README.md │ └── my-app │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── pod.yaml │ │ ├── service.yaml │ │ └── tests │ │ │ └── test-my-app.yaml │ │ └── values.yaml ├── 11_hooks │ ├── .solution │ │ └── my-app │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── hook-pre-delete.yaml │ │ │ ├── hook-pre-install-1.yaml │ │ │ ├── hook-pre-install-2.yaml │ │ │ └── pod.yaml │ │ │ └── values.yaml │ ├── README.md │ └── my-app │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── hook-pre-delete.yaml │ │ ├── hook-pre-install.yaml │ │ └── pod.yaml │ │ └── values.yaml ├── 12_dependencies │ ├── .gitignore │ ├── README.md │ ├── my-app │ │ ├── Chart.yaml │ │ ├── templates │ │ │ └── pod.yaml │ │ └── values.yaml │ └── my-dependency │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ └── service.yaml │ │ └── values.yaml ├── 99_teardown │ ├── README.md │ └── teardown_cluster.sh └── README.md ├── kubernetes_security ├── .99_todos │ ├── general.md │ ├── labs.md │ ├── setup.md │ └── slides.md ├── 01_kubelet │ └── README.md ├── 02_serviceaccount-token │ └── README.md ├── 03_network_policies │ ├── README.md │ ├── backend.yaml │ ├── frontend.yaml │ ├── networkpolicy-allow-be-ingress.yaml │ ├── networkpolicy-allow-dns.yaml │ ├── networkpolicy-allow-fe-egress.yaml │ └── networkpolicy-deny-all.yaml ├── 04_encryption_at_usage │ └── README.md ├── 05_encryption_at_transport │ └── README.md ├── 06_encryption_at_rest │ ├── README.md │ └── encryption-config.yaml ├── 07_encryption_at_backup │ └── README.md ├── 08_kubesec │ └── README.md ├── 09_trivy │ └── README.md ├── 10_kyverno │ ├── README.md │ └── disallow-latest-tag.yaml ├── 11_apparmor │ ├── README.md │ └── my-apparmor-profile ├── 12_gvisor │ ├── README.md │ ├── nginx-gvisor-pod.yaml │ ├── nginx-pod.yaml │ └── runtimeclass.yaml ├── 13_auditing │ ├── README.md │ └── my-policy.yaml ├── 14_falco │ └── README.md ├── 15_kube-bench │ ├── README.md │ └── job.yaml ├── README.md ├── cloudinit.yaml ├── makefile ├── pod.yaml ├── setup_training.sh └── setup_trainingrc_file.sh ├── kubernetes_servicemesh ├── .99_todos │ ├── labs.md │ ├── slides.md │ └── todos.md ├── .gitignore ├── 00_install_addons │ └── README.md ├── 00_install_apps │ ├── README.md │ ├── backend │ │ ├── .dockerignore │ │ ├── .gitignore │ │ ├── Dockerfile │ │ ├── build.gradle │ │ ├── gradle │ │ │ └── wrapper │ │ │ │ ├── gradle-wrapper.jar │ │ │ │ └── gradle-wrapper.properties │ │ ├── settings.gradle │ │ └── src │ │ │ ├── main │ │ │ ├── java │ │ │ │ ├── .DS_Store │ │ │ │ └── training │ │ │ │ │ ├── .DS_Store │ │ │ │ │ └── cloudnative │ │ │ │ │ └── servicemesh │ │ │ │ │ └── backend │ │ │ │ │ ├── Application.java │ │ │ │ │ └── Controller.java │ │ │ └── resources │ │ │ │ ├── application.properties │ │ │ │ └── banner.txt │ │ │ └── test │ │ │ └── java │ │ │ └── training │ │ │ └── cloudnative │ │ │ └── servicemesh │ │ │ └── backend │ │ │ └── ApplicationTests.java │ ├── build_backend_1.0.0.sh │ ├── build_frontend_1.0.0.sh │ ├── build_frontend_2.0.0.sh │ ├── frontend │ │ ├── .dockerignore │ │ ├── .gitignore │ │ ├── Dockerfile │ │ ├── build.gradle │ │ ├── gradle │ │ │ └── wrapper │ │ │ │ ├── gradle-wrapper.jar │ │ │ │ └── gradle-wrapper.properties │ │ ├── settings.gradle │ │ └── src │ │ │ ├── main │ │ │ ├── java │ │ │ │ ├── .DS_Store │ │ │ │ └── training │ │ │ │ │ ├── .DS_Store │ │ │ │ │ └── cloudnative │ │ │ │ │ ├── .DS_Store │ │ │ │ │ └── servicemesh │ │ │ │ │ ├── .DS_Store │ │ │ │ │ └── frontend │ │ │ │ │ ├── Application.java │ │ │ │ │ └── Controller.java │ │ │ └── resources │ │ │ │ ├── application.properties │ │ │ │ └── banner.txt │ │ │ └── test │ │ │ └── java │ │ │ └── training │ │ │ ├── .DS_Store │ │ │ └── cloudnative │ │ │ ├── .DS_Store │ │ │ └── servicemesh │ │ │ ├── .DS_Store │ │ │ └── frontend │ │ │ └── ApplicationTests.java │ └── k8s │ │ ├── backend-1.0.0-deployment.yaml │ │ ├── backend-service.yaml │ │ ├── frontend-1.0.0-deployment.yaml │ │ ├── frontend-2.0.0-deployment.yaml │ │ ├── frontend-service.yaml │ │ └── namespace.yaml ├── 00_setup_cluster │ ├── README.md │ ├── fix_repo_location.sh │ ├── install_istioctl.sh │ └── setup_cluster.sh ├── 01_hello-world │ ├── README.MD │ ├── backend-virtualservice.yaml │ └── gateway.yaml ├── 02_routing-via-percent │ ├── README.MD │ ├── frontend-destinationrule.yaml │ ├── frontend-virtualservice.yaml │ └── gateway.yaml ├── 03_routing-via-http-header │ ├── README.MD │ ├── frontend-destinationrule.yaml │ ├── frontend-virtualservice.yaml │ └── gateway.yaml ├── 04_timeouts │ ├── README.MD │ ├── backend-virtualservice.yaml │ └── gateway.yaml ├── 05_retries │ ├── README.MD │ ├── backend-virtualservice.yaml │ └── gateway.yaml ├── 06_circuit-breaker │ ├── README.md │ ├── backend-destinationrule.yaml │ ├── backend-virtualservice.yaml │ └── gateway.yaml ├── 07_fault-injection │ ├── README.md │ ├── backend-virtualservice.yaml │ └── gateway.yaml ├── 08_mtls │ ├── README.md │ ├── backend-virtualservice.yaml │ ├── frontend-virtualservice.yaml │ └── gateway.yaml ├── 09_ingress-tls │ ├── .gitignore │ ├── README.md │ ├── frontend-virtualservice.yaml │ └── gateway.yaml ├── 10_egress │ ├── README.md │ ├── backend-virtualservice.yaml │ └── gateway.yaml ├── 11_visualization │ ├── README.md │ ├── backend-virtualservice.yaml │ ├── catapi-serviceentry.yaml │ ├── frontend-virtualservice.yaml │ └── gateway.yaml └── 99_teardown │ ├── README.md │ └── teardown_cluster.sh └── linux_fundamentals ├── .99_todos ├── labs.md ├── slides.md └── todos.md ├── .gitignore ├── 00_setup ├── README.md └── setup.sh ├── 01_hello-linux └── README.md ├── 02_package-management └── README.md ├── 03_executables ├── README.md └── my-executable.go ├── 04_files └── README.md ├── 05_users └── README.md ├── 06_networking └── README.md ├── 07_bash-scripts └── README.md ├── 08_cron └── README.md ├── 09_ssh └── README.md ├── 10_bash └── README.md ├── 11_zsh └── README.md ├── 99_teardown ├── README.md └── teardown.sh └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | .project 3 | *.key 4 | *.crt 5 | *.csr 6 | *.pem 7 | .kube 8 | /k1_fundamentals/src/ 9 | /k1_fundamentals/src/gce/ 10 | /kkp_fundamentals/src/ 11 | .vscode 12 | .DS_Store 13 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Kubermatic Project 2 | Copyright 2020 Kubermatic GmbH 3 | 4 | This product includes software developed at Kubermatic GmbH. 5 | (http://www.kubermatic.com/). 6 | -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/.99_todos/todos.md: -------------------------------------------------------------------------------- 1 | 2 | # labs 3 | 4 | eval `ssh-agent` 5 | ssh-add 6 | /home/student_00_datagroup/trainings/advanced_operations_of_kubernetes_with_kubeone/.secrets/id_rsa 7 | 8 | export PROJECT_ID=$GCP_PROJECT_ID 9 | 10 | gcloud config set project $GCP_PROJECT_ID 11 | 12 | preemptible nodes are a problem 13 | 14 | reconnect issue - make use of jump host 15 | 16 | ## missing in .bashrc 17 | gcloud config set project [PROJECT_ID] 18 | 19 | 20 | ## scale masters 21 | im lab passen die pfade nicht bei k1 apply => funkt nicht, schlechte fehlermeldung 22 | tf.json vs tf-infra/ 23 | kubeone.yaml 24 | 25 | kexp does not exist!!! 26 | 27 | # slides 28 | 29 | slides about addons -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/.gitignore: -------------------------------------------------------------------------------- 1 | .terraform/ 2 | terraform.tfstate.backup 3 | terraform.tfstate 4 | .terraform.* 5 | .keys 6 | .secrets 7 | *.tar.gz 8 | *-kubeconfig -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/.images/gce_k1_instances.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/advanced_operations_of_kubernetes_with_kubeone/.images/gce_k1_instances.png -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/.images/restic_yaml_diff_s3_vs_gs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/advanced_operations_of_kubernetes_with_kubeone/.images/restic_yaml_diff_s3_vs_gs.png -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/07_deploy-app-02-external-access/manifests/app.deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: helloweb 5 | labels: 6 | app: hello 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: hello 11 | tier: web 12 | template: 13 | metadata: 14 | labels: 15 | app: hello 16 | tier: web 17 | spec: 18 | containers: 19 | - name: hello-app 20 | image: gcr.io/google-samples/hello-app:1.0 21 | ports: 22 | - containerPort: 8080 -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/07_deploy-app-02-external-access/manifests/app.ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: helloweb 5 | annotations: 6 | cert-manager.io/cluster-issuer: "letsencrypt-issuer" 7 | labels: 8 | app: hello 9 | spec: 10 | ingressClassName: 'nginx' 11 | tls: 12 | - hosts: 13 | - app-ext.TODO-YOUR-DNS-ZONE.cloud-native.training 14 | secretName: kubermatic-dev-tls 15 | rules: 16 | - host: app-ext.TODO-YOUR-DNS-ZONE.cloud-native.training 17 | http: 18 | paths: 19 | - pathType: Prefix 20 | path: / 21 | backend: 22 | service: 23 | name: helloweb 24 | port: 25 | number: 80 -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/07_deploy-app-02-external-access/manifests/app.service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: helloweb 5 | labels: 6 | app: hello 7 | spec: 8 | selector: 9 | app: hello 10 | tier: web 11 | ports: 12 | - port: 80 13 | targetPort: 8080 -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/07_deploy-app-02-external-access/manifests/lb.cluster-issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-issuer 5 | namespace: cert-manager 6 | spec: 7 | acme: 8 | # The ACME server URL 9 | server: https://acme-v02.api.letsencrypt.org/directory 10 | # Email address used for ACME registration 11 | email: "your-email@example.com" 12 | # Name of a secret used to store the ACME account private key 13 | privateKeySecretRef: 14 | name: letsencrypt-staging-dns 15 | solvers: 16 | # Enable the HTTP-01 challenge provider 17 | - http01: 18 | ingress: 19 | class: nginx -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/09_backup_velero/gs-bucket.tf: -------------------------------------------------------------------------------- 1 | ### S3 bucket for tf-state 2 | resource "google_storage_bucket" "gs-storage" { 3 | name = "k1-backup-bucket-${var.project}" 4 | storage_class = "STANDARD" 5 | location = var.region 6 | force_destroy = true 7 | } 8 | 9 | ### create SA binding 10 | # gcloud projects add-iam-policy-binding $GCP_PROJECT_ID --member serviceAccount:$GCP_SERVICE_ACCOUNT_ID --role='roles/storage.admin' 11 | 12 | ### PUBLIC read/write not recommended for production 13 | //resource "google_storage_bucket_access_control" "public_rule" { 14 | // bucket = google_storage_bucket.gs-storage.name 15 | // role = "WRITER" 16 | // entity = "allUsers" 17 | //} 18 | 19 | output "gs" { 20 | value = { 21 | name = google_storage_bucket.gs-storage.name 22 | url = google_storage_bucket.gs-storage.url 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/10_addons-sc-and-restic-etcd-backup/pvc.test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-pvc 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 1Gi 11 | --- 12 | apiVersion: v1 13 | kind: Pod 14 | metadata: 15 | name: my-pod 16 | spec: 17 | containers: 18 | - name: busybox 19 | image: busybox:1.32.0 20 | command: 21 | - "/bin/sh" 22 | args: 23 | - "-c" 24 | - "while true; do echo $(date) >> /app/buffer; cat /app/buffer; sleep 5; done;" 25 | volumeMounts: 26 | - name: my-volume 27 | mountPath: /app 28 | volumes: 29 | - name: my-volume 30 | persistentVolumeClaim: 31 | claimName: my-pvc 32 | -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/90_bonus/README.md: -------------------------------------------------------------------------------- 1 | ## Bonus Tasks 2 | 3 | - Used for simplified cluster file management and gitops automation purposes [Community Component - KubeOne Makefile](https://github.com/kubermatic/community-components/tree/master/helper/kubeone-makefile) 4 | - Apply cluster autoscaler addon: [kubeone - addons/cluster-autoscaler](https://github.com/kubermatic/kubeone/tree/main/addons/cluster-autoscaler) 5 | - Simulate a control plane outage and execute a [manual cluster repair](https://docs.kubermatic.com/kubeone/main/guides/manual-cluster-repair/) 6 | - [Cluster Restore Procedure](https://docs.kubermatic.com/kubeone/main/guides/manual-cluster-recovery/) 7 | 8 | 9 | Jump > [**Home**](../README.md) | Previous > [**Cluster AutoScaling**](../12_cluster-autoscaling/README.md) | Next > [**Cleanup**](../99_cluster-cleanup-or-pause/README.md) -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/src/gce/kubeone.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubeone.k8c.io/v1beta2 2 | kind: KubeOneCluster 3 | name: k1 4 | versions: 5 | kubernetes: "1.31.8" 6 | cloudProvider: 7 | gce: {} 8 | cloudConfig: |- 9 | [global] 10 | regional = true 11 | -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/src/gce/tf-infra/README.md.in: -------------------------------------------------------------------------------- 1 | # GCE Quickstart Terraform configs 2 | 3 | The GCE Quickstart Terraform configs can be used to create the needed 4 | infrastructure for a Kubernetes HA cluster. Check out the following 5 | [Creating Infrastructure guide][docs-infrastructure] to learn more about how to 6 | use the configs and how to provision a Kubernetes cluster using KubeOne. 7 | 8 | [docs-infrastructure]: https://docs.kubermatic.com/kubeone/v1.6/guides/using-terraform-configs/ 9 | 10 | ## GCE Provider configuration 11 | 12 | ### Credentials 13 | 14 | Per 15 | either of the following ENV variables should be accessible: 16 | 17 | * `GOOGLE_CREDENTIALS` 18 | * `GOOGLE_CLOUD_KEYFILE_JSON` 19 | * `GCLOUD_KEYFILE_JSON` 20 | 21 | -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/src/gce/tf-infra/terraform.tfvars: -------------------------------------------------------------------------------- 1 | # Update the cluster name 2 | cluster_name = "k1" 3 | 4 | # Echo $GCP_PROJECT_ID and update the project id 5 | project = "TODO-ADD-YOUR-PROJECT" 6 | 7 | region = "europe-west4" 8 | 9 | # instance to create of the control plane 10 | control_plane_vm_count = 1 11 | 12 | # listeners of the Loadbalancer. Default is NOT HA, but ensure the bootstrapping works -> after bootstrapping increase to e.g. 3 13 | control_plane_target_pool_members_count = 1 14 | 15 | # Update to your SSH public key location 16 | ssh_public_key_file = "/path/to/.secrets/id_rsa.pub" 17 | 18 | # Update to your SSH private key location 19 | ssh_private_key_file = "/path/to/.secrets/id_rsa" 20 | -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/src/gce/tf-infra/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | required_providers { 4 | google = { 5 | source = "hashicorp/google" 6 | version = "~> 4.27.0" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /advanced_operations_of_kubernetes_with_kubeone/todos.md: -------------------------------------------------------------------------------- 1 | go on a jump vm to avoid problems on reconnect 2 | done via ~/bin folder 3 | 4 | upgrade kubeone lab??? 5 | 6 | verify everything in google shell, also get rid of the tooling container 7 | 8 | -------------------------------------------------------------------------------- /container_fundamentals/.99_todos/labs.md: -------------------------------------------------------------------------------- 1 | # setup VM: install countdown tool (only for trainer) 2 | 3 | # new lab: add wormhole pattern lab 4 | 5 | # new lab: creating a base image from scratch => golden image 6 | 7 | # move podman lab after hadolint 8 | -------------------------------------------------------------------------------- /container_fundamentals/.99_todos/slides.md: -------------------------------------------------------------------------------- 1 | # remove duplicate infos and reorder slides 2 | 3 | # lab slides do not have the same look and feel 4 | 5 | # make use of tags everywhere 6 | 7 | # make sure entrypoint/cmd used properly everywhere 8 | 9 | # 05_interacting_with_containers 10 | docker logs should also be in there 11 | 12 | # CRI visualisations 13 | https://www.inovex.de/de/blog/containers-docker-containerd-nabla-kata-firecracker/ 14 | 15 | # golden image discussion 16 | scratch or ubuntu way of doing things 17 | 18 | # caching 19 | https://docs.google.com/presentation/d/1NoTZFbm0R59J_vnun3M4l4N30lxtkqHsO4nGlduMs2c/edit#slide=id.ga0187a22eb_0_397 => the Dockerfile file is simply wrong!!! => copy the app before mvn install does not make sense 20 | 21 | # advanced dockerfiles slides 22 | redundant info and order is broken 23 | -------------------------------------------------------------------------------- /container_fundamentals/06_dockerfile/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | ENTRYPOINT [ "/bin/sh" ] 3 | CMD [ "-c", "while true; do echo $(date); sleep 1; done;" ] -------------------------------------------------------------------------------- /container_fundamentals/07_dockerfile_webserver/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:23.10 2 | RUN apt-get -y update && apt-get -y install nginx 3 | COPY index.html /var/www/html/index.html 4 | ENTRYPOINT ["/usr/sbin/nginx" ] 5 | CMD [ "-g", "daemon off;" ] -------------------------------------------------------------------------------- /container_fundamentals/07_dockerfile_webserver/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | This is a title 5 | 6 | 7 |

Hello world!

8 | 9 | -------------------------------------------------------------------------------- /container_fundamentals/08_build-ignore/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.16.2 2 | ADD . /app 3 | ENTRYPOINT [ "ls" ] 4 | CMD [ "-alh", "/app/" ] 5 | -------------------------------------------------------------------------------- /container_fundamentals/08_build-ignore/passwords.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/container_fundamentals/08_build-ignore/passwords.txt -------------------------------------------------------------------------------- /container_fundamentals/08_build-ignore/some-large-image.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/container_fundamentals/08_build-ignore/some-large-image.jpg -------------------------------------------------------------------------------- /container_fundamentals/09_entrypoint-vs-cmd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | CMD [ "echo", "hello docker" ] 3 | -------------------------------------------------------------------------------- /container_fundamentals/10_shell-vs-exec-form-variable-substitution/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | ENV FOO bar 3 | ENTRYPOINT [ "/bin/echo", "$FOO" ] 4 | -------------------------------------------------------------------------------- /container_fundamentals/11_shell-vs-exec-form-PID1/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | ENTRYPOINT [ "ps", "aux" ] 3 | -------------------------------------------------------------------------------- /container_fundamentals/12_multistaged-builds/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.19.1-alpine3.16 2 | RUN mkdir /build 3 | ADD main.go /build/ 4 | WORKDIR /build 5 | RUN go mod init myapp && CGO_ENABLED=0 GOOS=linux go build -o main . 6 | ENTRYPOINT [ "./main" ] 7 | -------------------------------------------------------------------------------- /container_fundamentals/12_multistaged-builds/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | ) 6 | 7 | func main() { 8 | fmt.Println("Hello Docker from Go") 9 | } 10 | -------------------------------------------------------------------------------- /container_fundamentals/13_caching/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules -------------------------------------------------------------------------------- /container_fundamentals/13_caching/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:12 2 | WORKDIR /app 3 | COPY . . 4 | RUN npm install 5 | ENTRYPOINT [ "npm" ] 6 | CMD [ "start" ] 7 | -------------------------------------------------------------------------------- /container_fundamentals/13_caching/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "caching", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "main.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "", 10 | "license": "ISC", 11 | "dependencies": { 12 | "express": "^4.17.1" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /container_fundamentals/13_caching/server.js: -------------------------------------------------------------------------------- 1 | const express = require('express') 2 | const app = express() 3 | const message = 'Hello Docker from JS' 4 | 5 | app.get('/', (req, res) => { 6 | res.send(message) 7 | }) 8 | 9 | app.listen(80, () => { 10 | console.log(`Example app listening at http://localhost:80`) 11 | }) -------------------------------------------------------------------------------- /container_fundamentals/14_linting/.solution/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:23.10 2 | 3 | RUN apt-get update && \ 4 | apt-get upgrade -y && \ 5 | apt-get install --no-install-recommends nginx=1.20.1 -y && \ 6 | apt-get clean && \ 7 | rm -rf /var/lib/apt/lists/* 8 | 9 | CMD [ "nginx", "-g", "daemon off;" ] 10 | -------------------------------------------------------------------------------- /container_fundamentals/14_linting/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu 2 | 3 | RUN apt-get update 4 | RUN apt-get upgrade -y 5 | RUN apt-get install nginx -y 6 | 7 | CMD nginx -g daemon off; 8 | -------------------------------------------------------------------------------- /container_fundamentals/17_volumes/.gitignore: -------------------------------------------------------------------------------- 1 | data -------------------------------------------------------------------------------- /container_fundamentals/17_volumes/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:22.04 2 | RUN mkdir /data 3 | ENTRYPOINT [ "/bin/sh" ] 4 | CMD [ "-c", "while true; do echo $(date) >> /data/file.txt; sleep 10; done;" ] 5 | -------------------------------------------------------------------------------- /container_fundamentals/18_docker-compose/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.4" 2 | services: 3 | grafana: 4 | image: grafana/grafana:7.4.3 5 | container_name: grafana 6 | ports: 7 | - "80:3000" 8 | prometheus: 9 | image: prom/prometheus:v2.25.0 10 | container_name: prometheus 11 | volumes: 12 | - ./prometheus.yaml:/etc/prometheus/prometheus.yaml 13 | command: 14 | - "--config.file=/etc/prometheus/prometheus.yaml" 15 | ports: 16 | - "9090:9090" 17 | cadvisor: 18 | image: gcr.io/cadvisor/cadvisor:v0.45.0 19 | container_name: cadvisor 20 | volumes: 21 | - /:/rootfs:ro 22 | - /var/run:/var/run:ro 23 | - /sys:/sys:ro 24 | - /var/lib/docker/:/var/lib/docker:ro 25 | - /dev/disk:/dev/disk/:ro 26 | ports: 27 | - "8080:8080" 28 | -------------------------------------------------------------------------------- /container_fundamentals/18_docker-compose/prometheus.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 15s 3 | evaluation_interval: 15s 4 | scrape_configs: 5 | - job_name: "cadvisor" 6 | static_configs: 7 | - targets: ["cadvisor:8080"] 8 | labels: 9 | alias: "cadvisor" 10 | -------------------------------------------------------------------------------- /container_fundamentals/19_privileged-container/README.md: -------------------------------------------------------------------------------- 1 | # Privileged Container 2 | 3 | In this training, we will get full access to the host. 4 | 5 | ## Check processes in a container 6 | 7 | ```bash 8 | docker run -it --rm ubuntu:22.04 ps aux 9 | ``` 10 | 11 | >Note that you see only the process of the container. 12 | 13 | ## Check the processes of a privileged container 14 | 15 | ```bash 16 | docker run -it --rm --privileged --pid host ubuntu:22.04 ps aux 17 | ``` 18 | 19 | >Note that you see all processes of the host. 20 | 21 | ## Check the filesystem of a privileged container 22 | 23 | ```bash 24 | docker run -it --rm --privileged -v /:/host ubuntu:22.04 ls -alh /host 25 | ``` 26 | 27 | >Note that you see the filesystem of the host. 28 | 29 | ## Cleanup 30 | 31 | * Remove all the images 32 | 33 | ```bash 34 | docker rmi -f $(docker images -qa) 35 | ``` 36 | -------------------------------------------------------------------------------- /container_fundamentals/README.md: -------------------------------------------------------------------------------- 1 | # Container Fundamentals 2 | 3 | ## Setting up the lab environment 4 | 5 | 1. Navigate and login to [Google Cloud Shell](https://ssh.cloud.google.com ) via web browser. 6 | 7 | 2. Clone the Kubermatic trainings git repository: 8 | 9 | ```bash 10 | git clone https://github.com/cloudnativetrainings/trainings.git 11 | ``` 12 | 13 | 3. Navigate to Container Fundamentals training folder to get started 14 | 15 | ```bash 16 | cd trainings/container_fundamentals/ 17 | ``` 18 | 19 | 4. Create the VM via 20 | 21 | ```bash 22 | make create 23 | ``` 24 | 25 | 4. Connect to the VM via 26 | 27 | ```bash 28 | make connect 29 | ``` 30 | 31 | ## Destroying the lab environment 32 | 33 | ```bash 34 | make destroy 35 | ``` 36 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/.99_todos/slides.md: -------------------------------------------------------------------------------- 1 | EE vs CE difference => at least link to it -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/.gitignore: -------------------------------------------------------------------------------- 1 | .vscode 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/03_setup_kkp_seed/makefile: -------------------------------------------------------------------------------- 1 | .PHONY: create_seed_dns_record 2 | create_seed_dns_record: 3 | gcloud dns record-sets transaction start --zone=$(GCP_DNS_ZONE) 4 | gcloud dns record-sets transaction add --zone=$(GCP_DNS_ZONE) --ttl 60 --name="*.kubermatic.$(GCP_DOMAIN)." --type A $(IP) 5 | gcloud dns record-sets transaction execute --zone $(GCP_DNS_ZONE) 6 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/07_upgrade_kkp/makefile: -------------------------------------------------------------------------------- 1 | .PHONY: install_new_kkp 2 | install_new_kkp: 3 | curl -L https://github.com/kubermatic/kubermatic/releases/download/v$(KKP_VERSION_NEW)/kubermatic-ce-v$(KKP_VERSION_NEW)-linux-amd64.tar.gz --output ~/.tmp/kubermatic-ce-$(KKP_VERSION_NEW).tar.gz 4 | mkdir -p ~/.tmp/kubermatic-ce-$(KKP_VERSION_NEW) 5 | rm -rf ~/.tmp/kubermatic-ce-$(KKP_VERSION_NEW)/* 6 | tar -xvf ~/.tmp/kubermatic-ce-$(KKP_VERSION_NEW).tar.gz -C ~/.tmp/kubermatic-ce-$(KKP_VERSION_NEW) 7 | chmod +x ~/.tmp/kubermatic-ce-$(KKP_VERSION_NEW)/kubermatic-installer 8 | sudo cp ~/.tmp/kubermatic-ce-$(KKP_VERSION_NEW)/kubermatic-installer ~/bin/kubermatic-installer 9 | rm -rf ~/kkp/charts 10 | cp -r ~/.tmp/kubermatic-ce-$(KKP_VERSION_NEW)/charts ~/kkp 11 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/addons.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/addons.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/admin_panel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/admin_panel.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/choose_project.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/choose_project.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/cookies_01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/cookies_01.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/cookies_02.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/cookies_02.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/cookies_03.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/cookies_03.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/dashboard.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/get_kubeconfig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/get_kubeconfig.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/open_home_workspace.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/open_home_workspace.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/img/upgrade_user_clusters.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubermatic_kubernetes_platform_administration/img/upgrade_user_clusters.png -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/kkp/applications/echoserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps.kubermatic.k8c.io/v1 2 | kind: ApplicationDefinition 3 | metadata: 4 | name: echoserver 5 | spec: 6 | description: An echo server is a server that replicates the request sent by the client and sends it back. 7 | documentationURL: https://ealenn.github.io/Echo-Server/ 8 | sourceURL: https://github.com/Ealenn/charts/tree/master/charts/echo-server 9 | method: helm 10 | versions: 11 | - template: 12 | source: 13 | helm: 14 | chartName: echo-server 15 | chartVersion: 0.5.0 16 | url: https://ealenn.github.io/charts 17 | version: 0.7.0 18 | defaultValues: 19 | replicaCount: 3 20 | ingress: 21 | enabled: true 22 | ingressClassName: "nginx" 23 | hosts: 24 | - paths: 25 | - / 26 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/kkp/applications/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps.kubermatic.k8c.io/v1 2 | kind: ApplicationDefinition 3 | metadata: 4 | name: ingress-nginx 5 | spec: 6 | description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer. 7 | documentationURL: https://kubernetes.github.io/ingress-nginx/ 8 | sourceURL: https://github.com/kubernetes/ingress-nginx 9 | method: helm 10 | versions: 11 | - template: 12 | source: 13 | helm: 14 | chartName: ingress-nginx 15 | chartVersion: 4.9.1 16 | url: https://kubernetes.github.io/ingress-nginx 17 | version: 1.9.6 18 | defaultValues: 19 | controller: 20 | replicaCount: 3 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/kkp/clusterissuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt-prod 5 | spec: 6 | acme: 7 | email: TODO-STUDENT-EMAIL@cloud-native.training 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | privateKeySecretRef: 10 | name: letsencrypt-prod-acme-account-key 11 | solvers: 12 | - http01: 13 | ingress: 14 | class: nginx 15 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/kkp/preset-gce.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubermatic.k8s.io/v1 2 | kind: Preset 3 | metadata: 4 | name: kubermatic 5 | spec: 6 | requiredEmailDomain: cloud-native.training 7 | gcp: 8 | serviceAccount: TODO 9 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/kkp/seed.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubermatic.k8c.io/v1 2 | kind: Seed 3 | metadata: 4 | name: kubermatic 5 | namespace: kubermatic 6 | spec: 7 | country: DE 8 | location: Frankfurt 9 | datacenters: 10 | gcp-frankfurt: 11 | country: DE 12 | location: Frankfurt 13 | spec: 14 | gcp: 15 | region: "europe-west3" 16 | regional: false 17 | zoneSuffixes: [a, b, c] 18 | kubeconfig: 19 | name: seed-kubeconfig 20 | namespace: kubermatic 21 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/kkp/storageclass-backup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: kubermatic-backup 5 | provisioner: kubernetes.io/gce-pd 6 | reclaimPolicy: Delete 7 | volumeBindingMode: WaitForFirstConsumer 8 | parameters: 9 | type: pd-standard 10 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/kkp/storageclass-fast.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: kubermatic-fast 5 | annotations: 6 | storageclass.kubernetes.io/is-default-class: "true" 7 | provisioner: kubernetes.io/gce-pd 8 | reclaimPolicy: Delete 9 | volumeBindingMode: WaitForFirstConsumer 10 | parameters: 11 | type: pd-ssd 12 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/kubeone/kubeone.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubeone.k8c.io/v1beta2 2 | kind: KubeOneCluster 3 | versions: 4 | kubernetes: 1.32.4 5 | cloudProvider: 6 | gce: {} 7 | cloudConfig: | 8 | [global] 9 | regional = true 10 | -------------------------------------------------------------------------------- /kubermatic_kubernetes_platform_administration/kubeone/terraform.tfvars: -------------------------------------------------------------------------------- 1 | project = "GCP_PROJECT" 2 | cluster_name = "kkp-master-seed-cluster" 3 | region = "europe-west3" 4 | 5 | ssh_private_key_file = "~/secrets/kkp_admin_training" 6 | ssh_public_key_file = "~/secrets/kkp_admin_training.pub" 7 | 8 | control_plane_image_family = "ubuntu-2404-lts-amd64" 9 | control_plane_type = "n1-standard-4" 10 | 11 | worker_os = "ubuntu" 12 | workers_type = "n1-standard-4" 13 | initial_machinedeployment_replicas = 1 -------------------------------------------------------------------------------- /kubernetes_fundamentals/.99_todos/labs.md: -------------------------------------------------------------------------------- 1 | # new lab sealed secrets / alternatives to secrets 2 | 3 | # new lab PSP alternatives -> kyverno, opa 4 | 5 | # new lab specific debug container lab => new feature in K8s debug containers 6 | 7 | # new lab (copy the one from 7sins talk) for schedulung - resource requests and limits 8 | 9 | # simple authorization lab in here 10 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/01_hello-k8s/index.html: -------------------------------------------------------------------------------- 1 | hello kubernetes -------------------------------------------------------------------------------- /kubernetes_fundamentals/01_hello-k8s/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | labels: 6 | app: my-pod 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: nginx:1.19.2 11 | ports: 12 | - containerPort: 80 13 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/01_hello-k8s/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-service 5 | spec: 6 | type: LoadBalancer 7 | selector: 8 | app: my-pod 9 | ports: 10 | - port: 80 11 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/02_pods/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx:1.19.2 9 | ports: 10 | - containerPort: 80 11 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/03_commands-and-args/.solution/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: busybox 8 | image: busybox:1.32.0 9 | command: [ "sleep" ] 10 | args: [ "600" ] 11 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/03_commands-and-args/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: busybox 8 | image: busybox:1.32.0 9 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/04_multi-container-pods/pod-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: container-a 8 | image: busybox:1.32.0 9 | command: 10 | - "/bin/sh" 11 | args: 12 | - "-c" 13 | - "while true; do echo hello A; sleep 1; done;" 14 | - name: container-b 15 | image: busybox:1.32.0 16 | command: 17 | - "/bin/sh" 18 | args: 19 | - "-c" 20 | - "while true; do echo hello B; sleep 1; done;" 21 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/04_multi-container-pods/pod-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: container-a 8 | image: busybox:1.32.0 9 | command: 10 | - "/bin/sh" 11 | args: 12 | - "-c" 13 | - "while true; do echo $(date) > /tmp/buffer; sleep 1; done;" 14 | volumeMounts: 15 | - name: buffer 16 | mountPath: /tmp 17 | - name: container-b 18 | image: busybox:1.32.0 19 | command: 20 | - "/bin/sh" 21 | args: 22 | - "-c" 23 | - "while true; do cat /tmp/buffer; sleep 1; done;" 24 | volumeMounts: 25 | - name: buffer 26 | mountPath: /tmp 27 | volumes: 28 | - name: buffer 29 | emptyDir: {} 30 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/05_replicasets/.solution/replicaset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: my-replicaset 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: my-app 10 | template: 11 | metadata: 12 | labels: 13 | app: my-app 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx:1.19.2 18 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/05_replicasets/replicaset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: my-replicaset 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: my-app 10 | template: 11 | metadata: 12 | labels: 13 | app: another-app 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginy:1.19.2 18 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/06_deployments/deployment-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-deployment 5 | spec: 6 | replicas: 1 7 | strategy: 8 | type: Recreate 9 | selector: 10 | matchLabels: 11 | app: my-deployment 12 | template: 13 | metadata: 14 | labels: 15 | app: my-deployment 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:1.19.2 20 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/06_deployments/deployment-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-deployment 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: my-deployment 10 | template: 11 | metadata: 12 | labels: 13 | app: my-deployment 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx:1.19.2 -------------------------------------------------------------------------------- /kubernetes_fundamentals/07_revision-history/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: my-deployment 10 | template: 11 | metadata: 12 | labels: 13 | app: my-deployment 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx:1.19.2 18 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/08_services/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: my-deployment 10 | template: 11 | metadata: 12 | labels: 13 | app: my-deployment 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx:1.19.2 18 | ports: 19 | - name: http 20 | protocol: TCP 21 | containerPort: 80 22 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/08_services/service-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-service 5 | spec: 6 | selector: 7 | app: my-deployment 8 | ports: 9 | - name: http 10 | protocol: TCP 11 | port: 80 12 | targetPort: 80 13 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/08_services/service-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-service 5 | spec: 6 | type: NodePort 7 | selector: 8 | app: my-deployment 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: 80 14 | nodePort: 30000 15 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/08_services/service-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-service 5 | spec: 6 | type: LoadBalancer 7 | selector: 8 | app: my-deployment 9 | ports: 10 | - name: http 11 | protocol: TCP 12 | port: 80 13 | targetPort: 80 14 | nodePort: 30000 15 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/09_configmaps/.solution/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: my-configmap 5 | data: 6 | foo: bar 7 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/09_configmaps/.solution/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: busybox 8 | image: busybox:1.32.0 9 | command: 10 | - /bin/sh 11 | - -c 12 | - "echo $MY_ENV_VAR && sleep 99d" 13 | env: 14 | - name: MY_ENV_VAR 15 | valueFrom: 16 | configMapKeyRef: 17 | key: foo 18 | name: my-configmap 19 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/09_configmaps/README.md: -------------------------------------------------------------------------------- 1 | # ConfigMaps 2 | 3 | In the training, we will learn about Configmaps. 4 | 5 | > Navigate to the folder `09_configmaps` from CLI, before you get started. 6 | 7 | ## Inspect configmap.yaml definition file and create the configmap 8 | 9 | ```bash 10 | cat configmap.yaml 11 | kubectl create -f configmap.yaml 12 | ``` 13 | 14 | ## Inspect pod.yaml definition file and create the pod 15 | 16 | > Note that, there are errors in the yaml files. Try to fix them. Check the output of `kubectl describe pod my-pod` to debug the issues. 17 | 18 | ```bash 19 | cat pod.yaml 20 | kubectl create -f pod.yaml 21 | ``` 22 | 23 | ## Verify everything works fine 24 | 25 | ```bash 26 | kubectl logs my-pod 27 | ``` 28 | 29 | Output: 30 | 31 | ```bash 32 | bar 33 | ``` 34 | 35 | ## Cleanup 36 | 37 | ```bash 38 | kubectl delete po,cm --all 39 | ``` 40 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/09_configmaps/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: my-configmap 5 | data: 6 | foo: bar 7 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/09_configmaps/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: busybox 8 | image: busybox:1.32.0 9 | command: 10 | - /bin/sh 11 | - -c 12 | - "echo $MY_ENV_VAR && sleep 99d" 13 | env: 14 | - name: MY_ENV_VAR 15 | valueFrom: 16 | configMapKeyRef: 17 | key: a-key 18 | name: a-configmap 19 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/10_secrets/.solution/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: vol-printer 8 | image: busybox:1.32.0 9 | command: 10 | - /bin/sh 11 | - -c 12 | - "sleep 99d" 13 | volumeMounts: 14 | - name: my-volume 15 | mountPath: /opt/my-volume 16 | volumes: 17 | - name: my-volume 18 | secret: 19 | secretName: my-secret 20 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/10_secrets/.solution/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: my-secret 5 | stringData: 6 | foo: bar 7 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/10_secrets/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: vol-printer 8 | image: busybox:1.32.0 9 | command: 10 | - /bin/sh 11 | - -c 12 | - "sleep 99d" 13 | volumeMounts: 14 | - name: my-volume 15 | mountPath: /opt/my-volume 16 | volumes: 17 | - name: my-volume 18 | secret: 19 | secretName: a-secret 20 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/10_secrets/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: my-secret 5 | stringData: 6 | foo: bar 7 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/11_persistence-static/.solution/pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: my-pv 5 | labels: 6 | type: my-pv 7 | spec: 8 | storageClassName: "" 9 | capacity: 10 | storage: 2Gi 11 | accessModes: 12 | - ReadWriteMany 13 | persistentVolumeReclaimPolicy: Retain 14 | hostPath: 15 | path: "/tmp/my-pv" 16 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/11_persistence-static/.solution/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-pvc 5 | spec: 6 | storageClassName: "" 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 2Gi 12 | selector: 13 | matchLabels: 14 | type: my-pv 15 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/11_persistence-static/README.md: -------------------------------------------------------------------------------- 1 | # Persistence without StorageClass 2 | 3 | In the training, we will learn about Static Persistence. 4 | 5 | > Navigate to the folder `11_persistence-static` from CLI, before you get started. 6 | 7 | ## Inspect pv.yaml definition file and create the pv 8 | 9 | ```bash 10 | cat pv.yaml 11 | kubectl create -f pv.yaml 12 | ``` 13 | 14 | ## Inspect pvc.yaml definition file and create the pvc 15 | 16 | ```bash 17 | cat pvc.yaml 18 | kubectl create -f pvc.yaml 19 | ``` 20 | 21 | > There are some issues with this structure. Try to fix these erros and verify via `kubectl get pv,pvc`. You are finished when yhour pvc is in state `Bound` 22 | 23 | ```bash 24 | kubectl get pv,pvc 25 | ``` 26 | 27 | ## Cleanup 28 | 29 | ```bash 30 | kubectl delete pvc my-pvc 31 | kubectl delete pv my-pv 32 | ``` 33 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/11_persistence-static/pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: my-pv 5 | labels: 6 | type: my-pv 7 | spec: 8 | storageClassName: "" 9 | capacity: 10 | storage: 10Gi 11 | accessModes: 12 | - ReadWriteMany 13 | persistentVolumeReclaimPolicy: Retain 14 | hostPath: 15 | path: "/tmp/my-pv" 16 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/11_persistence-static/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-pvc 5 | spec: 6 | storageClassName: "" 7 | accessModes: 8 | - ReadWriteMany 9 | resources: 10 | requests: 11 | storage: 2Gi 12 | selector: 13 | matchLabels: 14 | type: a-pv 15 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/12_persistence-dynamic/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-pvc 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: my-storageclass 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/12_persistence-dynamic/storageclass-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: my-storageclass 5 | provisioner: kubernetes.io/gce-pd 6 | parameters: 7 | type: pd-standard 8 | zones: europe-west3-a 9 | reclaimPolicy: Delete 10 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/12_persistence-dynamic/storageclass-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: my-storageclass 5 | provisioner: kubernetes.io/gce-pd 6 | parameters: 7 | type: pd-standard 8 | zones: europe-west3-a 9 | reclaimPolicy: Retain 10 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/13_persistence-use-volume/.solution/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: busybox 8 | image: busybox:1.32.0 9 | command: 10 | - "/bin/sh" 11 | args: 12 | - "-c" 13 | - "while true; do echo $(date) >> /app/buffer; sleep 5; done;" 14 | volumeMounts: 15 | - name: my-volume 16 | mountPath: /app 17 | volumes: 18 | - name: my-volume 19 | persistentVolumeClaim: 20 | claimName: my-pvc 21 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/13_persistence-use-volume/.solution/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-pvc 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: standard 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/13_persistence-use-volume/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: busybox 8 | image: busybox:1.32.0 9 | command: 10 | - "/bin/sh" 11 | args: 12 | - "-c" 13 | - "while true; do echo $(date) >> /app/buffer; sleep 5; done;" 14 | volumeMounts: 15 | - name: a-volume 16 | mountPath: /app 17 | volumes: 18 | - name: my-volume 19 | persistentVolumeClaim: 20 | claimName: a-pvc 21 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/13_persistence-use-volume/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-pvc 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: standard 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/14_statefulsets/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-service 5 | spec: 6 | ports: 7 | - port: 80 8 | clusterIP: None 9 | selector: 10 | app: my-sts 11 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/15_hpas/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: my-deployment 6 | name: my-deployment 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: my-deployment 12 | template: 13 | metadata: 14 | labels: 15 | app: my-deployment 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:1.19.2 20 | resources: 21 | limits: 22 | cpu: 100m 23 | requests: 24 | cpu: 100m 25 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/15_hpas/hpa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: my-autoscaler 5 | spec: 6 | maxReplicas: 5 7 | minReplicas: 1 8 | scaleTargetRef: 9 | apiVersion: apps/v1 10 | kind: Deployment 11 | name: my-deployment 12 | targetCPUUtilizationPercentage: 5 13 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/15_hpas/load-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: load-deployment 6 | name: load-deployment 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: load-deployment 12 | template: 13 | metadata: 14 | labels: 15 | app: load-deployment 16 | spec: 17 | containers: 18 | - name: curl 19 | image: curlimages/curl:7.72.0 20 | command: 21 | - "/bin/sh" 22 | args: 23 | - "-c" 24 | - "while true; do curl http://my-service; done;" 25 | resources: 26 | limits: 27 | cpu: 50m 28 | requests: 29 | cpu: 50m 30 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/15_hpas/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-service 5 | spec: 6 | ports: 7 | - port: 80 8 | selector: 9 | app: my-deployment 10 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/16_daemonsets/README.md: -------------------------------------------------------------------------------- 1 | # DaemonSets 2 | 3 | In the training, we will learn about Daemonsets. 4 | 5 | > Navigate to the folder `16_daemonsets` from CLI, before you get started. 6 | 7 | ## Inspect daemonset.yaml definition file and create the daemonset 8 | 9 | ```bash 10 | cat daemonset.yaml 11 | kubectl create -f daemonset.yaml 12 | ``` 13 | 14 | ## Take a look at your Pods and Nodes 15 | 16 | ```bash 17 | kubectl get po,no 18 | ``` 19 | 20 | > The number of pods for the daemonset has to match the number of nodes. 21 | 22 | ## Choose one Pod and take a look at its logging 23 | 24 | ```bash 25 | kubectl logs 26 | ``` 27 | 28 | ## Clean up 29 | 30 | ```bash 31 | kubectl delete ds --all 32 | ``` 33 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/16_daemonsets/daemonset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: DaemonSet 3 | metadata: 4 | name: my-daemonset 5 | spec: 6 | selector: 7 | matchLabels: 8 | name: my-daemonset 9 | template: 10 | metadata: 11 | labels: 12 | name: my-daemonset 13 | spec: 14 | containers: 15 | - name: busybox 16 | image: busybox:1.32.0 17 | command: 18 | - "/bin/sh" 19 | args: 20 | - "-c" 21 | - "while true; do echo $MY_NODE_NAME running pod $MY_POD_NAME; sleep 10; done;" 22 | env: 23 | - name: MY_NODE_NAME 24 | valueFrom: 25 | fieldRef: 26 | fieldPath: spec.nodeName 27 | - name: MY_POD_NAME 28 | valueFrom: 29 | fieldRef: 30 | fieldPath: metadata.name -------------------------------------------------------------------------------- /kubernetes_fundamentals/17_jobs/.solution/job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: my-job 5 | spec: 6 | completions: 10 7 | parallelism: 5 8 | template: 9 | spec: 10 | containers: 11 | - name: busybox 12 | image: busybox:1.32.0 13 | command: ["sleep"] 14 | args: ["10"] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/17_jobs/job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: my-job 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: busybox 10 | image: busybox:1.32.0 11 | command: ["sleep"] 12 | args: ["10"] 13 | restartPolicy: Never 14 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/18_cronjobs/README.md: -------------------------------------------------------------------------------- 1 | # CronJob 2 | 3 | In this training course, we will create a job which will run every minute. 4 | 5 | > Navigate to the folder `18_cronjobs` from CLI, before you get started. 6 | 7 | ## Inspect cronjob.yaml definition file and create the cronjob 8 | 9 | ```bash 10 | cat cronjob.yaml 11 | kubectl create -f cronjob.yaml 12 | ``` 13 | 14 | ## Take a look at running cronjobs and the pods 15 | 16 | > It can take a while that the job is completed. 17 | 18 | ```bash 19 | kubectl get cronjobs,jobs,pods 20 | ``` 21 | 22 | ## Cleanup 23 | 24 | ```bash 25 | kubectl delete cronjobs --all 26 | ``` 27 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/18_cronjobs/cronjob.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: CronJob 3 | metadata: 4 | name: my-cronjob 5 | spec: 6 | schedule: "*/1 * * * *" 7 | jobTemplate: 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: busybox 13 | image: busybox:1.32.0 14 | command: [ "/bin/sh" ] 15 | args: [ "-c", "date" ] 16 | restartPolicy: OnFailure -------------------------------------------------------------------------------- /kubernetes_fundamentals/19_scheduling-node-selector/README.md: -------------------------------------------------------------------------------- 1 | # Node Selector 2 | 3 | In this training course, we will learn about Node Selector. 4 | 5 | > Navigate to the folder `19_scheduling-node-selector` from CLI, before you get started. 6 | 7 | ## Show all Nodes with its Labels 8 | 9 | ```bash 10 | kubectl get nodes --show-labels 11 | ``` 12 | 13 | ## Add a Label to a node 14 | 15 | ```bash 16 | kubectl label node preferred=true 17 | ``` 18 | 19 | ## Inspect deployment.yaml definition file and create the deployment 20 | 21 | ```bash 22 | cat deployment.yaml 23 | kubectl create -f deployment.yaml 24 | ``` 25 | 26 | ## Verify that all the pods of the deployment are running on the labeled node 27 | 28 | ```bash 29 | kubectl get pods -o wide 30 | ``` 31 | 32 | ## Cleanup 33 | 34 | ```bash 35 | kubectl label node preferred- 36 | kubectl delete deployment my-deployment 37 | ``` 38 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/19_scheduling-node-selector/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-deployment 5 | spec: 6 | replicas: 5 7 | strategy: 8 | type: Recreate 9 | selector: 10 | matchLabels: 11 | app: my-deployment 12 | template: 13 | metadata: 14 | labels: 15 | app: my-deployment 16 | spec: 17 | containers: 18 | - name: nginx 19 | image: nginx:1.19.2 20 | nodeSelector: 21 | preferred: "true" 22 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/20_scheduling-affinity/fire-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: fire 5 | spec: 6 | replicas: 10 7 | selector: 8 | matchLabels: 9 | app: fire 10 | template: 11 | metadata: 12 | labels: 13 | app: fire 14 | spec: 15 | containers: 16 | - name: fire 17 | image: nginx:1.19.2 18 | resources: 19 | limits: 20 | cpu: 25m 21 | requests: 22 | cpu: 25m 23 | affinity: 24 | podAntiAffinity: 25 | requiredDuringSchedulingIgnoredDuringExecution: 26 | - labelSelector: 27 | matchExpressions: 28 | - key: app 29 | operator: In 30 | values: 31 | - water 32 | topologyKey: "kubernetes.io/hostname" 33 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/20_scheduling-affinity/water-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: water 5 | labels: 6 | app: water 7 | spec: 8 | containers: 9 | - name: water 10 | image: nginx:1.19.2 11 | resources: 12 | limits: 13 | cpu: 25m 14 | requests: 15 | cpu: 25m 16 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/21_scheduling-taints-and-tolerations/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-deployment 5 | spec: 6 | replicas: 10 7 | selector: 8 | matchLabels: 9 | app: my-deployment 10 | template: 11 | metadata: 12 | labels: 13 | app: my-deployment 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx:1.19.2 18 | resources: 19 | limits: 20 | cpu: 25m 21 | requests: 22 | cpu: 25m 23 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/21_scheduling-taints-and-tolerations/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: my-pod 8 | image: nginx:1.19.2 9 | resources: 10 | limits: 11 | cpu: 25m 12 | requests: 13 | cpu: 25m 14 | tolerations: 15 | - key: "foo" 16 | operator: "Equal" 17 | value: "bar" 18 | effect: "NoSchedule" 19 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/22_ingress/blue.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: blue 5 | labels: 6 | app: blue 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: nginx:1.19.2 11 | volumeMounts: 12 | - name: html 13 | mountPath: /usr/share/nginx/html 14 | volumes: 15 | - name: html 16 | configMap: 17 | name: blue 18 | items: 19 | - key: body 20 | path: index.html 21 | --- 22 | apiVersion: v1 23 | kind: ConfigMap 24 | metadata: 25 | name: blue 26 | data: 27 | body: 28 | --- 29 | apiVersion: v1 30 | kind: Service 31 | metadata: 32 | name: blue 33 | spec: 34 | selector: 35 | app: blue 36 | ports: 37 | - port: 80 38 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/22_ingress/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: my-ingress 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: "nginx" 10 | rules: 11 | - http: 12 | paths: 13 | - path: /red 14 | pathType: Exact 15 | backend: 16 | service: 17 | name: red 18 | port: 19 | number: 80 20 | - path: /blue 21 | pathType: Exact 22 | backend: 23 | service: 24 | name: blue 25 | port: 26 | number: 80 27 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/22_ingress/red.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: red 5 | labels: 6 | app: red 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: nginx:1.19.2 11 | volumeMounts: 12 | - name: html 13 | mountPath: /usr/share/nginx/html 14 | volumes: 15 | - name: html 16 | configMap: 17 | name: red 18 | items: 19 | - key: body 20 | path: index.html 21 | --- 22 | apiVersion: v1 23 | kind: ConfigMap 24 | metadata: 25 | name: red 26 | data: 27 | body: 28 | --- 29 | apiVersion: v1 30 | kind: Service 31 | metadata: 32 | name: red 33 | spec: 34 | selector: 35 | app: red 36 | ports: 37 | - port: 80 38 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/26_authorization/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: my-clusterrole 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - pods 10 | verbs: 11 | - get 12 | - list 13 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/26_authorization/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: my-clusterrolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: my-clusterrole 9 | subjects: 10 | - kind: ServiceAccount 11 | name: my-serviceaccount 12 | namespace: default 13 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/26_authorization/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | serviceAccountName: my-serviceaccount 7 | containers: 8 | - name: curl 9 | image: curlimages/curl:7.72.0 10 | command: ["sleep", "1h"] 11 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/26_authorization/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: my-serviceaccount 5 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/27_networkpolicies/bob.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: bob 5 | labels: 6 | app: bob 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: nginx:1.19.2 11 | ports: 12 | - containerPort: 80 13 | --- 14 | apiVersion: v1 15 | kind: Service 16 | metadata: 17 | name: bob 18 | spec: 19 | ports: 20 | - port: 80 21 | selector: 22 | app: bob 23 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/27_networkpolicies/networkpolicy-allow-susan.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: allow-susan 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | app: bob 9 | policyTypes: 10 | - Ingress 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | app: susan 16 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/27_networkpolicies/networkpolicy-deny-all.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: deny-all 5 | spec: 6 | podSelector: {} 7 | policyTypes: 8 | - Ingress 9 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/27_networkpolicies/susan.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: susan 5 | labels: 6 | app: susan 7 | spec: 8 | containers: 9 | - name: curl 10 | image: curlimages/curl:7.72.0 11 | command: ["sleep", "1h"] -------------------------------------------------------------------------------- /kubernetes_fundamentals/28_helm/my-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-chart 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/28_helm/my-chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: my-{{ .Values.color }}-configmap 5 | data: 6 | body: 7 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/28_helm/my-chart/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-{{ .Values.color }}-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: my-{{ .Values.color }}-deployment 10 | template: 11 | metadata: 12 | labels: 13 | app: my-{{ .Values.color }}-deployment 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx:1.19.2 18 | volumeMounts: 19 | - name: html 20 | mountPath: /usr/share/nginx/html 21 | volumes: 22 | - name: html 23 | configMap: 24 | name: my-{{ .Values.color }}-configmap 25 | items: 26 | - key: body 27 | path: index.html 28 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/28_helm/my-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-{{ .Values.color }}-service 5 | spec: 6 | selector: 7 | app: my-{{ .Values.color }}-deployment 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/28_helm/my-chart/values.yaml: -------------------------------------------------------------------------------- 1 | color: cyan 2 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/28_helm/my-values.yaml: -------------------------------------------------------------------------------- 1 | color: magenta 2 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/29_prometheus/grafana-values.yaml: -------------------------------------------------------------------------------- 1 | adminPassword: myPassw0rd 2 | service: 3 | type: LoadBalancer 4 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/29_prometheus/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx:1.19.2 9 | resources: 10 | limits: 11 | cpu: 50m 12 | memory: 50Mi 13 | requests: 14 | cpu: 50m 15 | memory: 50Mi 16 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/29_prometheus/prometheus-values.yaml: -------------------------------------------------------------------------------- 1 | server: 2 | service: 3 | type: LoadBalancer -------------------------------------------------------------------------------- /kubernetes_fundamentals/43_mysql/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: my-mysql-pvc 5 | spec: 6 | storageClassName: standard 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 1Gi 12 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/43_mysql/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-mysql 5 | spec: 6 | ports: 7 | - port: 3306 8 | selector: 9 | app: my-mysql 10 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Fundamentals 2 | 3 | ## Setup training environment 4 | 5 | 1. Navigate and login to [Google Cloud Shell](https://ssh.cloud.google.com) via web browser. 6 | 7 | 2. Clone the Kubermatic trainings git repository: 8 | 9 | ```bash 10 | git clone https://github.com/cloudnativetrainings/trainings.git 11 | ``` 12 | 13 | 3. Navigate to Kubernetes Fundamentals training folder to get started 14 | 15 | ```bash 16 | cd trainings/kubernetes_fundamentals/ 17 | ``` 18 | 19 | 4. Create the training environment 20 | 21 | ```bash 22 | make setup 23 | ``` 24 | 25 | 5. Bring in some convenience into training environment 26 | 27 | ```bash 28 | source ~/.trainingrc 29 | ``` 30 | 31 | ## Verify training environment 32 | 33 | ```bash 34 | make verify 35 | ``` 36 | 37 | ## Teardown training environment 38 | 39 | ```bash 40 | make teardown 41 | ``` 42 | -------------------------------------------------------------------------------- /kubernetes_fundamentals/makefile: -------------------------------------------------------------------------------- 1 | TRAINING_RC_FILE=~/.trainingrc 2 | 3 | .PHONY create-cluster: 4 | create-cluster: 5 | ./setup_cluster.sh 6 | 7 | .PHONY setup: 8 | setup: create-cluster 9 | grep -qxF "source <(kubectl completion bash)" $(TRAINING_RC_FILE) || echo "source <(kubectl completion bash)" >> $(TRAINING_RC_FILE) 10 | grep -qxF "source $(TRAINING_RC_FILE)" ~/.bashrc || echo "source $(TRAINING_RC_FILE)" >> ~/.bashrc 11 | 12 | POD_NAME=test-pod 13 | .PHONY verify: 14 | verify: 15 | kubectl delete pod $(POD_NAME) --ignore-not-found=true 16 | kubectl run $(POD_NAME) --image=nginx 17 | kubectl wait --for=condition=Ready pod/$(POD_NAME) 18 | kubectl delete pod $(POD_NAME) 19 | 20 | .PHONY teardown-cluster: 21 | teardown-cluster: 22 | ./teardown_cluster.sh 23 | 24 | .PHONY teardown: 25 | teardown: teardown-cluster 26 | > $(TRAINING_RC_FILE) 27 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/.99_todos/general.md: -------------------------------------------------------------------------------- 1 | https://www.telepresence.io/docs/latest/quick-start/ 2 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/.99_todos/labs.md: -------------------------------------------------------------------------------- 1 | # Mismatch with official Agenda 2 | 3 | https://www.cloud-native.com/trainings/kubernetes-fundamentals-for-developers/ 4 | 5 | * Providing custom Metrics from your Application 6 | * Manage Logs of a legacy Application 7 | * Troubleshooting 8 | * Why you should not deploy your Application via Pods? => is in the KF4O 9 | * Debugging Ingress Issues 10 | 11 | # Fix Loki 12 | and use it in the labs, eg on graceful_shutdown_dragons 13 | 14 | # Installation of ingress-nginx 15 | does not work if the same cluster like in Kubernetes Fundamentals is used and teardown was not done properly => namespace already exists, helm install fail 16 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/.99_todos/slides.md: -------------------------------------------------------------------------------- 1 | 2 | !!! Slides do not exist yet => only the ones from the 7 deadly sins talk 3 | 4 | Order of labs does not fit to the slides 5 | 6 | # Motivation 7 | 8 | why are secrets not secret? => table 3 layers of encryption also in slides 9 | 10 | # move downward api ## Available Fields towards slides 11 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/00_app/.dockerignore: -------------------------------------------------------------------------------- 1 | .gitignore 2 | Dockerfile* 3 | training-application 4 | makefile 5 | README.md -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/00_app/.gitignore: -------------------------------------------------------------------------------- 1 | training-application 2 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/00_app/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 golang:alpine3.15 as builder 2 | WORKDIR /src 3 | COPY go.mod go.sum ./ 4 | RUN go mod download 5 | COPY main.go ./ 6 | RUN go build -o training-application 7 | 8 | FROM --platform=linux/amd64 alpine:3.15 9 | WORKDIR /app 10 | COPY --from=builder /src/training-application /app/training-application 11 | COPY conf/app.conf ./conf/ 12 | ENTRYPOINT [ "./training-application" ] 13 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/00_app/Dockerfile-A: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 golang:1.21.4-bookworm as builder 2 | WORKDIR /src 3 | COPY go.mod go.sum ./ 4 | RUN go mod download 5 | COPY main.go ./ 6 | RUN go build -o training-application 7 | 8 | FROM --platform=linux/amd64 ubuntu:22.04 9 | WORKDIR /app 10 | COPY --from=builder /src/training-application /app/training-application 11 | COPY conf/app.conf ./conf/ 12 | ENTRYPOINT [ "./training-application" ] 13 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/00_app/Dockerfile-B: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 golang:1.21.4-bookworm as builder 2 | WORKDIR /src 3 | COPY go.mod go.sum ./ 4 | RUN go mod download 5 | COPY main.go ./ 6 | RUN go build -o training-application 7 | 8 | FROM --platform=linux/amd64 ubuntu:22.04 9 | WORKDIR /app 10 | COPY --from=builder /src/training-application /app/training-application 11 | COPY conf/app.conf ./conf/ 12 | ENTRYPOINT ./training-application 13 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/00_app/Dockerfile-distroless: -------------------------------------------------------------------------------- 1 | FROM golang:alpine3.15 as builder 2 | WORKDIR /src 3 | COPY go.mod go.sum ./ 4 | RUN go mod download 5 | COPY *.go ./ 6 | RUN CGO_ENABLED=0 go build -o training-application 7 | 8 | FROM gcr.io/distroless/static-debian12 9 | COPY --from=builder /src/training-application / 10 | COPY conf/app.conf /conf/ 11 | ENTRYPOINT [ "/training-application" ] 12 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/00_app/README.md: -------------------------------------------------------------------------------- 1 | # Build Applications 2 | 3 | Build and push Go applications: 4 | 5 | ```bash 6 | cd 00_apps/golang 7 | make docker-push-all 8 | ``` 9 | 10 | These container images with tags will be created: 11 | 12 | - `quay.io/kubermatic-labs/training-application:2.0.0-distroless` 13 | - `quay.io/kubermatic-labs/training-application:2.0.0-A` 14 | - `quay.io/kubermatic-labs/training-application:2.0.0-B` 15 | - `quay.io/kubermatic-labs/training-application:2.0.0` 16 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/00_app/conf/app.conf: -------------------------------------------------------------------------------- 1 | message = Message from Docker Container -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/00_app/go.mod: -------------------------------------------------------------------------------- 1 | module application 2 | 3 | go 1.21 4 | 5 | require ( 6 | github.com/magiconair/properties v1.8.7 7 | github.com/sirupsen/logrus v1.9.3 8 | ) 9 | 10 | require golang.org/x/sys v0.19.0 // indirect 11 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/01_configmaps/k8s/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: default 5 | name: my-configmap 6 | data: 7 | app.conf: |- 8 | message = Message from ConfigMap 9 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/01_configmaps/k8s/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: my-app 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: /my-app 14 | pathType: Exact 15 | backend: 16 | service: 17 | name: my-app 18 | port: 19 | number: 8080 -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/01_configmaps/k8s/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | namespace: default 5 | name: my-app 6 | labels: 7 | app: my-app 8 | spec: 9 | terminationGracePeriodSeconds: 0 10 | containers: 11 | - name: my-app 12 | image: quay.io/kubermatic-labs/training-application:2.0.0 13 | ports: 14 | - containerPort: 8080 15 | imagePullPolicy: Always 16 | volumeMounts: 17 | - name: my-volume 18 | mountPath: /app/conf/ 19 | volumes: 20 | - name: my-volume 21 | configMap: 22 | name: my-configmap 23 | 24 | # TODO resource requests and limits everywhere, keep it consistant, format 25 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/01_configmaps/k8s/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: default 5 | name: my-app 6 | spec: 7 | type: ClusterIP 8 | selector: 9 | app: my-app 10 | ports: 11 | - port: 8080 12 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/02_downward_api/k8s/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: my-app 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: /$2 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: /my-app(/|$)(.*) 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: my-app 18 | port: 19 | number: 8080 20 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/02_downward_api/k8s/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: default 5 | name: my-app 6 | spec: 7 | type: ClusterIP 8 | selector: 9 | app: my-app 10 | ports: 11 | - port: 8080 12 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/04_probing/k8s/ingress.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: probe-app 6 | annotations: 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/rewrite-target: /$2 9 | spec: 10 | ingressClassName: nginx 11 | rules: 12 | - http: 13 | paths: 14 | - path: /probe-app(/|$)(.*) 15 | pathType: ImplementationSpecific 16 | backend: 17 | service: 18 | name: probe-app 19 | port: 20 | number: 8080 21 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/04_probing/k8s/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: probe-app 6 | spec: 7 | selector: 8 | app: probe-app 9 | ports: 10 | - name: http 11 | port: 8080 12 | targetPort: http 13 | type: ClusterIP 14 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/05_graceful_shutdown/k8s/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: app 5 | spec: 6 | terminationGracePeriodSeconds: 5 7 | containers: 8 | - name: app 9 | image: quay.io/kubermatic-labs/training-application:2.0.0 10 | imagePullPolicy: Always 11 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/06_graceful_shutdown_dragons/k8s/pod-A.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: app-a 5 | labels: 6 | app: app-a 7 | spec: 8 | terminationGracePeriodSeconds: 12 9 | containers: 10 | - name: app-a 11 | image: quay.io/kubermatic-labs/training-application:2.0.0-A 12 | imagePullPolicy: Always 13 | affinity: 14 | podAffinity: 15 | preferredDuringSchedulingIgnoredDuringExecution: 16 | - weight: 100 17 | podAffinityTerm: 18 | labelSelector: 19 | matchExpressions: 20 | - key: app 21 | operator: In 22 | values: 23 | - app-b 24 | topologyKey: kubernetes.io/hostname 25 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/06_graceful_shutdown_dragons/k8s/pod-B.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: app-b 5 | labels: 6 | app: app-b 7 | spec: 8 | terminationGracePeriodSeconds: 12 9 | containers: 10 | - name: app-b 11 | image: quay.io/kubermatic-labs/training-application:2.0.0-B 12 | imagePullPolicy: Always 13 | affinity: 14 | podAffinity: 15 | preferredDuringSchedulingIgnoredDuringExecution: 16 | - weight: 100 17 | podAffinityTerm: 18 | labelSelector: 19 | matchExpressions: 20 | - key: app 21 | operator: In 22 | values: 23 | - app-a 24 | topologyKey: kubernetes.io/hostname 25 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/07_resources/k8s/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-app 5 | spec: 6 | terminationGracePeriodSeconds: 12 7 | containers: 8 | - name: my-app 9 | image: quay.io/kubermatic-labs/training-application:2.0.0 10 | imagePullPolicy: Always 11 | tty: true 12 | stdin: true 13 | resources: 14 | limits: 15 | cpu: 30m 16 | memory: 10Mi 17 | requests: 18 | cpu: 30m 19 | memory: 10Mi 20 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/08_init_containers/k8s/pod-A.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: pod-a 6 | spec: 7 | initContainers: 8 | - name: wait-for-pod-b 9 | image: curlimages/curl:8.1.1 10 | imagePullPolicy: IfNotPresent 11 | command: ["/bin/sh"] 12 | args: 13 | [ 14 | "-c", 15 | 'until [[ "$(curl -s -o /dev/null -w "%{http_code}" http://pod-b-svc:8080/liveness)" == "200" ]]; do echo "Sleeping a bit..."; sleep 3; done; echo "pod-b is ready!";', 16 | ] 17 | containers: 18 | - name: app 19 | image: quay.io/kubermatic-labs/training-application:2.0.0 20 | imagePullPolicy: Always 21 | ports: 22 | - name: http 23 | containerPort: 8080 24 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/08_init_containers/k8s/pod-B.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Pod 4 | metadata: 5 | name: pod-b 6 | labels: 7 | app: pod-b 8 | spec: 9 | containers: 10 | - name: app 11 | image: quay.io/kubermatic-labs/training-application:2.0.0 12 | imagePullPolicy: Always 13 | ports: 14 | - name: http 15 | containerPort: 8080 -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/08_init_containers/k8s/service-B.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: pod-b-svc 5 | spec: 6 | selector: 7 | app: pod-b 8 | ports: 9 | - name: http 10 | port: 8080 11 | targetPort: http 12 | type: ClusterIP 13 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/09_debugging_containers/k8s/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-app 5 | labels: 6 | app: my-app 7 | spec: 8 | terminationGracePeriodSeconds: 0 9 | containers: 10 | - name: my-app 11 | image: quay.io/kubermatic-labs/training-application:2.0.0-distroless 12 | imagePullPolicy: Always 13 | tty: true 14 | stdin: true 15 | ports: 16 | - name: http 17 | containerPort: 8080 18 | env: 19 | - name: POD_IP 20 | valueFrom: 21 | fieldRef: 22 | fieldPath: status.podIP 23 | - name: POD_NAME 24 | valueFrom: 25 | fieldRef: 26 | fieldPath: metadata.name 27 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/10_secrets/k8s/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | namespace: default 5 | name: my-configmap 6 | data: 7 | application.properties: |- 8 | management.endpoints.web.exposure.include=prometheus,liveness,readiness 9 | server.port=8080 10 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_developers/teardown.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PROJECT_COUNT=$(gcloud projects list --format json | jq .[].name | tr -d \" | wc -l) 4 | if (( PROJECT_COUNT == 1)); then 5 | PROJECT_NAME=$(gcloud projects list --format json | jq .[].name | tr -d \" ) 6 | echo "Using project $PROJECT_NAME" 7 | fi 8 | if [[ -z $PROJECT_NAME ]]; then 9 | echo "INPUT: Type PROJECT_NAME:" && read PROJECT_NAME 10 | fi 11 | 12 | export REGION=europe-west3 13 | export ZONE=europe-west3-a 14 | export IP_NAME=training-ingress 15 | 16 | set -euxo pipefail 17 | 18 | # set gcloud params 19 | gcloud config set project $PROJECT_NAME 20 | gcloud config set compute/region $REGION 21 | gcloud config set compute/zone $ZONE 22 | 23 | # delete resources 24 | gcloud compute addresses delete $IP_NAME --region=$REGION --quiet 25 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/.99_todos/labs.md: -------------------------------------------------------------------------------- 1 | # add not really optional k8s stuff 2 | 3 | * metrics server 4 | * ccm 5 | * ... 6 | 7 | # 000_func.sh 8 | coud func() not be part of .trainingrc mechanisms... eg public ip 9 | 10 | # teardown 11 | make teardown.sh idempotent 12 | 13 | # Add more content to READMEs 14 | * attendees should do "manual" verification step 15 | 16 | # kubeconfig for doing later labs should be automated in some way 17 | 18 | # teardown persistent disks in gcp 19 | as it looks they are not deleted 20 | 21 | # single source of truth 22 | export REGION=europe-west3 23 | export ZONE=europe-west3-a 24 | 25 | should be done in the makefile to be passed into the shell scripts 26 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/.99_todos/slides.md: -------------------------------------------------------------------------------- 1 | # LB 2 | explain why do we need one public ip for a master node? 3 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/.gitignore: -------------------------------------------------------------------------------- 1 | *.pki 2 | *.pem 3 | *.csr 4 | *.kubeconfig 5 | encryption-config.yaml 6 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/000_func.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | node_sans() { 4 | node="$1";shift 5 | gcloud compute instances describe $node \ 6 | --format 'csv(name, 7 | networkInterfaces[0].accessConfigs[0].natIP, 8 | networkInterfaces[0].networkIP 9 | )[no-heading]' 10 | } 11 | 12 | public_ip() { 13 | gcloud compute addresses describe magicless-ip-address \ 14 | --region $(gcloud config get-value compute/region) \ 15 | --format 'value(address)' 16 | } 17 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/050_encryption.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euxo pipefail 4 | 5 | source ~/.trainingrc 6 | 7 | ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64) 8 | cat > secrets/encryption-config.yaml < kube-apiserver.service.subst 13 | sudo install -o root -m 0644 kube-apiserver.service.subst /etc/systemd/system/kube-apiserver.service 14 | 15 | # start kube-apiserver service 16 | sudo systemctl daemon-reload 17 | sudo systemctl enable kube-apiserver 18 | sudo systemctl start kube-apiserver 19 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/150_master-kube-controller-manager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/false 2 | 3 | # this is meant to be run on each master node 4 | 5 | set -euxo pipefail 6 | 7 | source ~/.trainingrc 8 | 9 | # create kube-apiserver service file 10 | sudo install -o root -m 0644 kube-controller-manager.service /etc/systemd/system/kube-controller-manager.service 11 | 12 | # start kube-controller-manager service 13 | sudo systemctl daemon-reload 14 | sudo systemctl enable kube-controller-manager 15 | sudo systemctl start kube-controller-manager 16 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/160_master-kube-scheduler.sh: -------------------------------------------------------------------------------- 1 | #!/bin/false 2 | 3 | # this is meant to be run on each master node 4 | 5 | set -euxo pipefail 6 | 7 | source ~/.trainingrc 8 | 9 | # create folders 10 | sudo mkdir -p /etc/kubernetes/config/ 11 | 12 | # create kube-scheduler service file 13 | sudo install -o root -m 0644 kube-scheduler.service /etc/systemd/system/kube-scheduler.service 14 | 15 | # copy the kube-scheduler config 16 | sudo install -o root -m 0644 kube-scheduler.yaml /etc/kubernetes/config/kube-scheduler.yaml 17 | 18 | # start kube-scheduler service 19 | sudo systemctl daemon-reload 20 | sudo systemctl enable kube-scheduler 21 | sudo systemctl start kube-scheduler 22 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/170_master-kubelet-rbac.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euxo pipefail 4 | 5 | source ~/.trainingrc 6 | 7 | kubectl apply --kubeconfig secrets/admin.kubeconfig -f configs/kube-apiserver-to-kubelet.yaml 8 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/210_worker-tmux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ### NOTE!!! 4 | # on gcloud shell, disable tmux!!! 5 | 6 | set -euxo pipefail 7 | 8 | source ~/.trainingrc 9 | 10 | tmux new-session -d -s magicless-worker 11 | tmux split-window -t magicless-worker:0.0 12 | tmux split-window -t magicless-worker:0.0 13 | tmux select-layout -t magicless-worker:0 even-vertical 14 | 15 | tmux send-keys -t magicless-worker:0.0 'gcloud compute ssh worker-0' C-m 16 | tmux send-keys -t magicless-worker:0.1 'gcloud compute ssh worker-1' C-m 17 | tmux send-keys -t magicless-worker:0.2 'gcloud compute ssh worker-2' C-m 18 | 19 | tmux setw synchronize-panes on 20 | 21 | tmux att -t magicless-worker 22 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/300_routes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euxo pipefail 4 | 5 | source ~/.trainingrc 6 | 7 | for x in {0..2}; do 8 | gcloud compute routes create k8s-pod-route-192-168-1${x}-0-24 \ 9 | --network magicless-vpc \ 10 | --next-hop-address 10.254.254.20${x} \ 11 | --destination-range 192.168.1${x}.0/24 12 | done 13 | 14 | gcloud compute routes list --filter "network: magicless-vpc" 15 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/410_smoke-test-deployment.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euxo pipefail 4 | 5 | source ~/.trainingrc 6 | 7 | export KUBECONFIG=secrets/admin.kubeconfig 8 | 9 | kubectl run nginx --image=nginx 10 | sleep 3 11 | kubectl get pods -l run=nginx -o wide 12 | 13 | echo "" 14 | echo "-----------POD running ?-------------------" 15 | echo "" 16 | 17 | POD_NAME=$(kubectl get pods -l run=nginx -o jsonpath="{.items[0].metadata.name}") 18 | kubectl wait --for=condition=Ready pod/$POD_NAME 19 | 20 | kubectl port-forward $POD_NAME 8080:80 & 21 | 22 | echo "" 23 | echo "-----------POD reachable ?------------------" 24 | echo "" 25 | 26 | sleep 5 27 | curl --head http://127.0.0.1:8080 28 | 29 | kill %1 30 | 31 | echo "" 32 | echo "-----------POD logs ?------------------" 33 | echo "" 34 | 35 | kubectl logs $POD_NAME --tail=10 36 | 37 | exit 0 38 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/420_smoke-test-secret.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euxo pipefail 4 | 5 | source ~/.trainingrc 6 | 7 | kubectl --kubeconfig secrets/admin.kubeconfig create secret generic "magicless" \ 8 | --from-literal="mykey=mydata" 9 | 10 | # print hexdump etcd value 11 | gcloud compute ssh master-0 \ 12 | --command \ 13 | "sudo ETCDCTL_API=3 etcdctl get \ 14 | --endpoints=https://127.0.0.1:2379 \ 15 | --cacert=/etc/etcd/ca.pem \ 16 | --cert=/etc/etcd/kubernetes.pem \ 17 | --key=/etc/etcd/kubernetes-key.pem \ 18 | /registry/secrets/default/magicless | hexdump -C" 19 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/configs/10-bridge.conf: -------------------------------------------------------------------------------- 1 | { 2 | "cniVersion": "1.0.0", 3 | "name": "bridge", 4 | "type": "bridge", 5 | "bridge": "cni0", 6 | "isGateway": true, 7 | "ipMasq": true, 8 | "ipam": { 9 | "type": "host-local", 10 | "ranges": [ 11 | [{"subnet": "$POD_CIDR"}] 12 | ], 13 | "routes": [{"dst": "0.0.0.0/0"}] 14 | } 15 | } -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/configs/99-loopback.conf: -------------------------------------------------------------------------------- 1 | { 2 | "cniVersion": "1.1.0", 3 | "name": "lo", 4 | "type": "loopback" 5 | } -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/configs/containerd-config.toml: -------------------------------------------------------------------------------- 1 | version = 2 2 | 3 | [plugins."io.containerd.grpc.v1.cri"] 4 | [plugins."io.containerd.grpc.v1.cri".containerd] 5 | snapshotter = "overlayfs" 6 | default_runtime_name = "runc" 7 | [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] 8 | runtime_type = "io.containerd.runc.v2" 9 | [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] 10 | SystemdCgroup = true 11 | [plugins."io.containerd.grpc.v1.cri".cni] 12 | bin_dir = "/opt/cni/bin" 13 | conf_dir = "/etc/cni/net.d" -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/configs/crictl.yaml: -------------------------------------------------------------------------------- 1 | runtime-endpoint: unix:///run/containerd/containerd.sock 2 | image-endpoint: unix:///run/containerd/containerd.sock 3 | timeout: 2 4 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/configs/kube-proxy-config.yaml: -------------------------------------------------------------------------------- 1 | kind: KubeProxyConfiguration 2 | apiVersion: kubeproxy.config.k8s.io/v1alpha1 3 | clientConnection: 4 | kubeconfig: "/var/lib/kube-proxy/kubeconfig" 5 | mode: "iptables" 6 | clusterCIDR: "10.200.0.0/16" 7 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/configs/kube-scheduler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubescheduler.config.k8s.io/v1 2 | kind: KubeSchedulerConfiguration 3 | clientConnection: 4 | kubeconfig: "/var/lib/kubernetes/kube-scheduler.kubeconfig" 5 | leaderElection: 6 | leaderElect: true 7 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/configs/kubelet-config.yaml: -------------------------------------------------------------------------------- 1 | kind: KubeletConfiguration 2 | apiVersion: kubelet.config.k8s.io/v1beta1 3 | authentication: 4 | anonymous: 5 | enabled: false 6 | webhook: 7 | enabled: true 8 | x509: 9 | clientCAFile: "/var/lib/kubelet/ca.pem" 10 | authorization: 11 | mode: Webhook 12 | clusterDomain: "cluster.local" 13 | clusterDNS: 14 | - "10.32.0.10" 15 | cgroupDriver: systemd 16 | containerRuntimeEndpoint: "unix:///var/run/containerd/containerd.sock" 17 | podCIDR: "$POD_CIDR" 18 | resolvConf: "/etc/resolv.conf" 19 | runtimeRequestTimeout: "15m" 20 | tlsCertFile: "/var/lib/kubelet/kubelet.pem" 21 | tlsPrivateKeyFile: "/var/lib/kubelet/kubelet-key.pem" 22 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/secrets/ca-config.json: -------------------------------------------------------------------------------- 1 | { 2 | "signing": { 3 | "default": { 4 | "expiry": "720h" 5 | }, 6 | "profiles": { 7 | "kubernetes": { 8 | "usages": [ 9 | "signing", 10 | "key encipherment", 11 | "server auth", 12 | "client auth" 13 | ], 14 | "expiry": "720h" 15 | } 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/secrets/ca-csr.json: -------------------------------------------------------------------------------- 1 | { 2 | "CN": "Kubernetes", 3 | "key": { 4 | "algo": "rsa", 5 | "size": 2048 6 | }, 7 | "names": [ 8 | { 9 | "C": "DE", 10 | "L": "Hamburg", 11 | "O": "Kubernetes", 12 | "OU": "CA", 13 | "ST": "Hamburg" 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/services/containerd.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=containerd container runtime 3 | Documentation=https://containerd.io 4 | After=network.target 5 | 6 | [Service] 7 | ExecStartPre=/sbin/modprobe overlay 8 | ExecStart=/usr/local/bin/containerd 9 | Restart=always 10 | RestartSec=5 11 | Delegate=yes 12 | KillMode=process 13 | OOMScoreAdjust=-999 14 | LimitNOFILE=1048576 15 | LimitNPROC=infinity 16 | LimitCORE=infinity 17 | 18 | [Install] 19 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/services/kube-proxy.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Kubernetes Kube Proxy 3 | Documentation=https://github.com/kubernetes/kubernetes 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/kube-proxy \ 7 | --config=/var/lib/kube-proxy/kube-proxy-config.yaml 8 | Restart=on-failure 9 | RestartSec=5 10 | 11 | [Install] 12 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/services/kube-scheduler.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Kubernetes Scheduler 3 | Documentation=https://github.com/kubernetes/kubernetes 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/kube-scheduler \ 7 | --config=/etc/kubernetes/config/kube-scheduler.yaml \ 8 | --v=2 9 | Restart=on-failure 10 | RestartSec=5 11 | 12 | [Install] 13 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/01_magicless-kubernetes/services/kubelet.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Kubernetes Kubelet 3 | Documentation=https://github.com/kubernetes/kubernetes 4 | After=containerd.service 5 | Requires=containerd.service 6 | 7 | [Service] 8 | ExecStart=/usr/local/bin/kubelet \ 9 | --config=/var/lib/kubelet/kubelet-config.yaml \ 10 | --kubeconfig=/var/lib/kubelet/kubeconfig \ 11 | --register-node=true \ 12 | --v=2 13 | Restart=on-failure 14 | RestartSec=5 15 | 16 | [Install] 17 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/03_authentication/bob-csr-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: certificates.k8s.io/v1 2 | kind: CertificateSigningRequest 3 | metadata: 4 | name: bob 5 | spec: 6 | signerName: kubernetes.io/kube-apiserver-client 7 | request: $CSR 8 | usages: 9 | - digital signature 10 | - key encipherment 11 | - client auth 12 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/04_no_restart/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: my-deployment 6 | name: my-deployment 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: my-deployment 12 | template: 13 | metadata: 14 | labels: 15 | app: my-deployment 16 | spec: 17 | containers: 18 | - name: seven-sins-application 19 | image: quay.io/kubermatic-labs/seven-sins-application:0.0.3 20 | imagePullPolicy: Always 21 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/04_no_restart/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: my-pod 5 | spec: 6 | terminationGracePeriodSeconds: 12 7 | containers: 8 | - name: seven-sins-application 9 | image: quay.io/kubermatic-labs/seven-sins-application:0.0.3 10 | imagePullPolicy: Always 11 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Fundamentals 2 | 3 | ## Setup training environment 4 | 5 | 1. Navigate and login to [Google Cloud Shell](https://ssh.cloud.google.com) via web browser. 6 | 1. Clone the Kubermatic trainings git repository: `git clone https://github.com/cloudnativetrainings/trainings.git` 7 | 1. Navigate to Kubernetes Fundamentals training folder to get started: `cd trainings/kubernetes_fundamentals_for_operators/` 8 | 1. Please deactivate Tmux in the Google Cloud Shell. 9 | 1. Create the training environment: `make setup` 10 | 1. Bring in some convenience into training environment`source ~/.trainingrc` 11 | 12 | ## Verify training environment 13 | 14 | ```bash 15 | make verify 16 | ``` 17 | 18 | ## Teardown training environment 19 | 20 | ```bash 21 | make teardown 22 | ``` 23 | -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/makefile: -------------------------------------------------------------------------------- 1 | export ETCD_VERSION=3.5.8 2 | export KUBERNETES_VERSION=1.28.9 3 | export RUNC_VERSION=1.1.12 4 | export CONTAINERD_VERSION=1.7.16 5 | export CRICTL_VERSION=1.30.0 6 | export CNI_PLUGINS_VERSION=1.4.1 7 | 8 | .PHONY setup: 9 | setup: 10 | ./setup_trainingrc_file.sh 11 | ./setup_trainingrc_file_nodes.sh 12 | go install github.com/cloudflare/cfssl/cmd/{cfssl,cfssljson}@v1.6.5 13 | 14 | .PHONY verify: 15 | verify: 16 | cfssl version 17 | cfssljson --version 18 | echo "Training Environment successfully verified" 19 | 20 | .PHONY teardown: 21 | teardown: 22 | ./teardown.sh 23 | rm -rf secrets/*.pem 24 | rm -rf secrets/*.csr 25 | rm -rf secrets/*.kubeconfig 26 | rm -rf secrets/*.yaml -------------------------------------------------------------------------------- /kubernetes_fundamentals_for_operators/teardown.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euxo pipefail 4 | 5 | # machines 6 | gcloud -q compute instances delete \ 7 | master-0 master-1 master-2 \ 8 | worker-0 worker-1 worker-2 9 | 10 | # networking 11 | gcloud -q compute addresses delete magicless-ip-address 12 | 13 | # firewall 14 | gcloud -q compute firewall-rules delete \ 15 | magicless-internal \ 16 | magicless-inbound 17 | 18 | # routes if created 19 | for x in {0..2}; do 20 | gcloud compute routes delete -q k8s-pod-route-192-168-1${x}-0-24 21 | done 22 | 23 | # networks 24 | gcloud -q compute networks subnets delete magicless-subnet 25 | gcloud -q compute networks delete magicless-vpc 26 | -------------------------------------------------------------------------------- /kubernetes_helm/.99_todos/labs.md: -------------------------------------------------------------------------------- 1 | # labs 2 | 3 | ## helm chart verification 4 | 5 | https://www.douglashellinger.com/how-to/proxy-public-chart-repositories-as-oci-artefacts/ 6 | https://kodekloud.com/blog/package-sign-and-verify-charts/ 7 | https://helm.sh/docs/topics/provenance/ 8 | 9 | ## Input from Archana for new labs 10 | 11 | Create and package helm charts. Use OCI registry 12 | Helm Templates 13 | Chart security - sign and verify charts. 14 | -------------------------------------------------------------------------------- /kubernetes_helm/.99_todos/slides.md: -------------------------------------------------------------------------------- 1 | # slides 2 | 3 | ## add go templating slides 4 | 5 | ## helm test slides - shouldn't it be a job instead of a pod? 6 | 7 | ## Slides deps 8 | * no dep resolution shown 9 | * problem with values from dep chart 10 | 11 | ## Kostumize slides... re-order... there are elements which is not only for kostumize 12 | 13 | ## Scoping 14 | https://docs.google.com/presentation/d/1w-0nXHO5iCmBfWv--TdQoda_BH1b7eVCzI_zeIE5TlU/edit#slide=id.g184bfc764f3_1_114 15 | => field "repository" does not exist in values.yaml 16 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/dev/blue/blue-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: blue 5 | namespace: dev 6 | data: 7 | body:

DEV

8 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/dev/blue/blue-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: blue 5 | namespace: dev 6 | annotations: 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/rewrite-target: "/" 9 | spec: 10 | ingressClassName: nginx 11 | rules: 12 | - http: 13 | paths: 14 | - path: /dev/blue 15 | pathType: Exact 16 | backend: 17 | service: 18 | name: blue 19 | port: 20 | number: 80 21 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/dev/blue/blue-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: blue 5 | namespace: dev 6 | spec: 7 | selector: 8 | app: blue 9 | ports: 10 | - port: 80 11 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/dev/red/red-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: red 5 | namespace: dev 6 | data: 7 | body:

DEV

8 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/dev/red/red-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: red 5 | namespace: dev 6 | labels: 7 | app: red 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: red 13 | template: 14 | metadata: 15 | labels: 16 | app: red 17 | spec: 18 | containers: 19 | - name: red 20 | image: nginx:1.19.2 21 | volumeMounts: 22 | - name: html 23 | mountPath: /usr/share/nginx/html 24 | resources: 25 | requests: 26 | cpu: 100m 27 | memory: 100Mi 28 | limits: 29 | cpu: 100m 30 | memory: 100Mi 31 | volumes: 32 | - name: html 33 | configMap: 34 | name: red 35 | items: 36 | - key: body 37 | path: index.html 38 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/dev/red/red-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: red 5 | namespace: dev 6 | annotations: 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/rewrite-target: "/" 9 | spec: 10 | ingressClassName: nginx 11 | rules: 12 | - http: 13 | paths: 14 | - path: /dev/red 15 | pathType: Exact 16 | backend: 17 | service: 18 | name: red 19 | port: 20 | number: 80 21 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/dev/red/red-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: red 5 | namespace: dev 6 | spec: 7 | selector: 8 | app: red 9 | ports: 10 | - port: 80 11 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/prod/blue/blue-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: blue 5 | namespace: prod 6 | data: 7 | body:

PROD

8 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/prod/blue/blue-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: blue 5 | namespace: prod 6 | annotations: 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/rewrite-target: "/" 9 | spec: 10 | ingressClassName: nginx 11 | rules: 12 | - http: 13 | paths: 14 | - path: /prod/blue 15 | pathType: Exact 16 | backend: 17 | service: 18 | name: blue 19 | port: 20 | number: 80 21 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/prod/blue/blue-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: blue 5 | namespace: prod 6 | spec: 7 | selector: 8 | app: blue 9 | ports: 10 | - port: 80 11 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/prod/red/red-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: red 5 | namespace: prod 6 | data: 7 | body:

PROD

8 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/prod/red/red-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: red 5 | namespace: prod 6 | labels: 7 | app: red 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | app: red 13 | template: 14 | metadata: 15 | labels: 16 | app: red 17 | spec: 18 | containers: 19 | - name: red 20 | image: nginx:1.19.2 21 | volumeMounts: 22 | - name: html 23 | mountPath: /usr/share/nginx/html 24 | resources: 25 | requests: 26 | cpu: 100m 27 | memory: 100Mi 28 | limits: 29 | cpu: 100m 30 | memory: 100Mi 31 | volumes: 32 | - name: html 33 | configMap: 34 | name: red 35 | items: 36 | - key: body 37 | path: index.html 38 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/prod/red/red-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: red 5 | namespace: prod 6 | annotations: 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/rewrite-target: "/" 9 | spec: 10 | ingressClassName: nginx 11 | rules: 12 | - http: 13 | paths: 14 | - path: /prod/red 15 | pathType: Exact 16 | backend: 17 | service: 18 | name: red 19 | port: 20 | number: 80 21 | -------------------------------------------------------------------------------- /kubernetes_helm/01_apps-with-only-manifests/prod/red/red-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: red 5 | namespace: prod 6 | spec: 7 | selector: 8 | app: red 9 | ports: 10 | - port: 80 11 | -------------------------------------------------------------------------------- /kubernetes_helm/02_deploy-with-kustomize/base/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: my-deployment 10 | template: 11 | metadata: 12 | labels: 13 | app: my-deployment 14 | spec: 15 | containers: 16 | - name: my-nginx 17 | image: nginx:1.25.2 18 | volumeMounts: 19 | - name: html 20 | mountPath: /usr/share/nginx/html 21 | resources: 22 | requests: 23 | cpu: 100m 24 | memory: 100Mi 25 | limits: 26 | cpu: 100m 27 | memory: 100Mi 28 | volumes: 29 | - name: html 30 | configMap: 31 | name: my-configmap 32 | items: 33 | - key: body 34 | path: index.html 35 | -------------------------------------------------------------------------------- /kubernetes_helm/02_deploy-with-kustomize/base/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: my-ingress 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: /demo-app 14 | pathType: Exact 15 | backend: 16 | service: 17 | name: my-service 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/02_deploy-with-kustomize/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | commonLabels: 5 | app: demo 6 | 7 | resources: 8 | - deployment.yaml 9 | - service.yaml 10 | - ingress.yaml -------------------------------------------------------------------------------- /kubernetes_helm/02_deploy-with-kustomize/base/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-service 5 | spec: 6 | selector: 7 | app: my-deployment 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/02_deploy-with-kustomize/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base 3 | 4 | commonLabels: 5 | environment: dev 6 | 7 | namespace: dev 8 | 9 | patches: 10 | - patch: |- 11 | - op: replace 12 | path: /spec/rules/0/http/paths/0/path 13 | value: /dev 14 | target: 15 | group: networking.k8s.io 16 | version: v1 17 | kind: Ingress 18 | name: my-ingress 19 | 20 | configMapGenerator: 21 | - name: my-configmap 22 | literals: 23 | - body=

DEV

24 | 25 | images: 26 | - name: nginx 27 | newTag: 1.25.2-alpine3.18-slim 28 | -------------------------------------------------------------------------------- /kubernetes_helm/02_deploy-with-kustomize/overlays/prod/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: my-configmap 5 | data: 6 | body:

PROD

7 | -------------------------------------------------------------------------------- /kubernetes_helm/02_deploy-with-kustomize/overlays/prod/deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: my-deployment 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: my-nginx 10 | resources: 11 | limits: 12 | memory: 200Mi 13 | requests: 14 | memory: 200Mi 15 | -------------------------------------------------------------------------------- /kubernetes_helm/02_deploy-with-kustomize/overlays/prod/ingress-patch.yaml: -------------------------------------------------------------------------------- 1 | - op: replace #action 2 | path: /spec/rules/0/http/paths/0/path #resouirce we want to change 3 | value: /prod #value we want to use for patching -------------------------------------------------------------------------------- /kubernetes_helm/02_deploy-with-kustomize/overlays/prod/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base 3 | - configmap.yaml 4 | 5 | commonLabels: 6 | environment: prod 7 | 8 | commonAnnotations: 9 | managed-by: kustomize 10 | 11 | namespace: prod 12 | 13 | replicas: 14 | - name: my-deployment 15 | count: 3 16 | 17 | patches: 18 | - path: ingress-patch.yaml 19 | target: 20 | group: networking.k8s.io 21 | version: v1 22 | kind: Ingress 23 | name: my-ingress 24 | - path: deployment-patch.yaml 25 | 26 | ## patchesStrategicMerge and patchesJson6902 are deprecated! 27 | # patchesStrategicMerge: 28 | # - deployment-patch.yaml 29 | -------------------------------------------------------------------------------- /kubernetes_helm/03_apps-with-helm/color-viewer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: color-viewer 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/03_apps-with-helm/color-viewer/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: my-configmap 5 | data: 6 | body:

{{ .Values.environment | upper }}

7 | -------------------------------------------------------------------------------- /kubernetes_helm/03_apps-with-helm/color-viewer/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: my-ingress 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: /{{ .Values.environment }} 14 | pathType: Exact 15 | backend: 16 | service: 17 | name: my-service 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/03_apps-with-helm/color-viewer/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-service 5 | spec: 6 | selector: 7 | app: my-deployment 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/03_apps-with-helm/color-viewer/values.yaml: -------------------------------------------------------------------------------- 1 | color: yellow 2 | 3 | environment: dev 4 | 5 | replicas: 1 6 | 7 | imagetag: 1.25.2-alpine3.18-slim 8 | 9 | resources: 10 | requests: 11 | cpu: 100m 12 | memory: 100Mi 13 | limits: 14 | cpu: 100m 15 | memory: 100Mi 16 | -------------------------------------------------------------------------------- /kubernetes_helm/03_apps-with-helm/prod-values.yaml: -------------------------------------------------------------------------------- 1 | color: green 2 | 3 | environment: prod 4 | 5 | replicas: 3 6 | 7 | imagetag: 1.25.2 8 | 9 | resources: 10 | requests: 11 | cpu: 100m 12 | memory: 200Mi 13 | limits: 14 | cpu: 100m 15 | memory: 200Mi 16 | -------------------------------------------------------------------------------- /kubernetes_helm/04_rollback/color-viewer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: color-viewer 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/04_rollback/color-viewer/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: my-{{ .Values.color }}-configmap 5 | data: 6 | body: 7 | -------------------------------------------------------------------------------- /kubernetes_helm/04_rollback/color-viewer/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: my-{{ .Values.color }}-ingress 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: /{{ .Values.color }} 14 | pathType: Exact 15 | backend: 16 | service: 17 | name: my-{{ .Values.color }}-service 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/04_rollback/color-viewer/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-{{ .Values.color }}-service 5 | spec: 6 | selector: 7 | app: my-{{ .Values.color }}-deployment 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/04_rollback/color-viewer/values.yaml: -------------------------------------------------------------------------------- 1 | color: red 2 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/.solution/color-viewer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: color-viewer 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/.solution/color-viewer/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: my-{{ .Values.color }}-configmap 5 | data: 6 | body: 7 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/.solution/color-viewer/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: my-{{ .Values.color }}-ingress 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: /{{ .Values.color }} 14 | pathType: Exact 15 | backend: 16 | service: 17 | name: my-{{ .Values.color }}-service 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/.solution/color-viewer/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-{{ .Values.color }}-service 5 | spec: 6 | selector: 7 | app: my-{{ .Values.color }}-deployment 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/.solution/color-viewer/values.yaml: -------------------------------------------------------------------------------- 1 | color: red 2 | replicas: 1 3 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/color-viewer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: color-viewer 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/color-viewer/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: my-{{ .Values.color }}-configmap 5 | data: 6 | body: 7 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/color-viewer/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: my-{{ .Values.color }}-ingress 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: /{{ .Values.color }} 14 | pathType: Exact 15 | backend: 16 | service: 17 | name: my-{{ .Values.color }}-service 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/color-viewer/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: my-{{ .Values.color }}-service 5 | spec: 6 | selector: 7 | app: my-{{ .Values.color }}-deployment 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/05_variables/color-viewer/values.yaml: -------------------------------------------------------------------------------- 1 | color: red 2 | -------------------------------------------------------------------------------- /kubernetes_helm/06_functions/.solution/my-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-chart 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/06_functions/.solution/my-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "id" }} 2 | {{- printf "%s-%s" .Chart.Name .Release.Name }} 3 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/06_functions/.solution/my-chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "id" . }} 5 | data: 6 | body: {{ template "id" . }} 7 | -------------------------------------------------------------------------------- /kubernetes_helm/06_functions/.solution/my-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "id" . }} 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: {{ template "id" . }} 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/06_functions/.solution/my-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "id" . }} 5 | spec: 6 | selector: 7 | app: {{ template "id" . }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/06_functions/my-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-chart 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/06_functions/my-chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ .Chart.Name }}-{{ .Release.Name }} 5 | data: 6 | body: {{ .Chart.Name }}-{{ .Release.Name }} 7 | -------------------------------------------------------------------------------- /kubernetes_helm/06_functions/my-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ .Chart.Name }}-{{ .Release.Name }} 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: {{ .Chart.Name }}-{{ .Release.Name }} 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/06_functions/my-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Chart.Name }}-{{ .Release.Name }} 5 | spec: 6 | selector: 7 | app: {{ .Chart.Name }}-{{ .Release.Name }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/.solution/my-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-chart 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/.solution/my-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "id" }} 2 | {{- $name := printf "%s-%s" .Chart.Name .Release.Name }} 3 | {{- default $name .Values.id | trunc 63 }} 4 | {{- end }} 5 | 6 | {{- define "labels" -}} 7 | helm.sh/chart: {{ .Chart.Name | quote }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service | quote }} 9 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 10 | app.kubernetes.io/name: {{ .Chart.Name | quote }} 11 | app.kubernetes.io/instance: {{ .Release.Name | quote }} 12 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/.solution/my-chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "id" . }} 5 | data: 6 | body: {{ template "id" . }} 7 | -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/.solution/my-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "id" . }} 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: {{ template "id" . }} 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/.solution/my-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "id" . }} 5 | spec: 6 | selector: 7 | {{- include "labels" . | nindent 4 }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/my-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-chart 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/my-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "id" }} 2 | {{- $name := printf "%s-%s" .Chart.Name .Release.Name }} 3 | {{- default $name .Values.id | trunc 63 }} 4 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/my-chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "id" . }} 5 | data: 6 | body: {{ template "id" . }} 7 | -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/my-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "id" . }} 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: {{ template "id" . }} 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/07_includes/my-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "id" . }} 5 | spec: 6 | selector: 7 | app: {{ template "id" . }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/.solution/my-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-chart 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/.solution/my-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "id" }} 2 | {{- $name := printf "%s-%s" .Chart.Name .Release.Name }} 3 | {{- default $name .Values.id | trunc 63 }} 4 | {{- end }} 5 | 6 | {{- define "labels" -}} 7 | helm.sh/chart: {{ .Chart.Name | quote }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service | quote }} 9 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 10 | app.kubernetes.io/name: {{ .Chart.Name | quote }} 11 | app.kubernetes.io/instance: {{ .Release.Name | quote }} 12 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/.solution/my-chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "id" . }} 5 | data: 6 | body: | 7 | {{- if not .Values.meta }} 8 | Hello Helm 9 | {{- else }} 10 | Chart: {{ .Chart.Name }} 11 | Description: {{ .Chart.Description }} 12 | Version: {{ .Chart.Version }} 13 | AppVersion: {{ .Chart.AppVersion }} 14 | Release: {{ .Release.Name }} 15 | Release.Namespace : {{ .Release.Namespace }} 16 | Release.IsUpgrade : {{ .Release.IsUpgrade }} 17 | Release.IsInstall : {{ .Release.IsInstall }} 18 | Release.Revision : {{ .Release.Revision }} 19 | Release.Service : {{ .Release.Service }} 20 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/.solution/my-chart/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizantalPodAutoscaler.enabled }} 2 | apiVersion: autoscaling/v2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "id" . }} 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: {{ template "id" . }} 11 | minReplicas: 1 12 | maxReplicas: 10 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | target: 18 | type: Utilization 19 | averageUtilization: 80 20 | - type: Resource 21 | resource: 22 | name: memory 23 | target: 24 | type: AverageValue 25 | averageValue: 80 26 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/.solution/my-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "id" . }} 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: {{ template "id" . }} 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/.solution/my-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "id" . }} 5 | spec: 6 | selector: 7 | {{- include "labels" . | nindent 4 }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/.solution/my-chart/values.yaml: -------------------------------------------------------------------------------- 1 | horizantalPodAutoscaler: 2 | enabled: false 3 | -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/my-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-chart 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/my-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "id" }} 2 | {{- $name := printf "%s-%s" .Chart.Name .Release.Name }} 3 | {{- default $name .Values.id | trunc 63 }} 4 | {{- end }} 5 | 6 | {{- define "labels" -}} 7 | helm.sh/chart: {{ .Chart.Name | quote }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service | quote }} 9 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 10 | app.kubernetes.io/name: {{ .Chart.Name | quote }} 11 | app.kubernetes.io/instance: {{ .Release.Name | quote }} 12 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/my-chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "id" . }} 5 | data: 6 | body: {{ template "id" . }} 7 | -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/my-chart/templates/hpa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizantalPodAutoscaler.enabled }} 2 | apiVersion: autoscaling/v2 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ template "id" . }} 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: {{ template "id" . }} 11 | minReplicas: 1 12 | maxReplicas: 10 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | target: 18 | type: Utilization 19 | averageUtilization: 80 20 | - type: Resource 21 | resource: 22 | name: memory 23 | target: 24 | type: AverageValue 25 | averageValue: 80 26 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/my-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "id" . }} 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: {{ template "id" . }} 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/my-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "id" . }} 5 | spec: 6 | selector: 7 | {{- include "labels" . | nindent 4 }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/08_ifs/my-chart/values.yaml: -------------------------------------------------------------------------------- 1 | horizantalPodAutoscaler: 2 | enabled: false 3 | -------------------------------------------------------------------------------- /kubernetes_helm/09_required/.solution/my-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-chart 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/09_required/.solution/my-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "id" }} 2 | {{- $name := printf "%s-%s" .Chart.Name .Release.Name }} 3 | {{- default $name .Values.id | trunc 63 }} 4 | {{- end }} 5 | 6 | {{- define "labels" -}} 7 | helm.sh/chart: {{ .Chart.Name | quote }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service | quote }} 9 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 10 | app.kubernetes.io/name: {{ .Chart.Name | quote }} 11 | app.kubernetes.io/instance: {{ .Release.Name | quote }} 12 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/09_required/.solution/my-chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "id" . }} 5 | data: 6 | body: | 7 | {{- if not .Values.meta }} 8 | Hello Helm 9 | {{- else }} 10 | Chart: {{ .Chart.Name }} 11 | Description: {{ .Chart.Description }} 12 | Version: {{ .Chart.Version }} 13 | AppVersion: {{ .Chart.AppVersion }} 14 | Release: {{ .Release.Name }} 15 | Release.Namespace : {{ .Release.Namespace }} 16 | Release.IsUpgrade : {{ .Release.IsUpgrade }} 17 | Release.IsInstall : {{ .Release.IsInstall }} 18 | Release.Revision : {{ .Release.Revision }} 19 | Release.Service : {{ .Release.Service }} 20 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/09_required/.solution/my-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "id" . }} 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: {{ template "id" . }} 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/09_required/.solution/my-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "id" . }} 5 | spec: 6 | selector: 7 | {{- include "labels" . | nindent 4 }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/09_required/my-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-chart 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/09_required/my-chart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{- define "id" }} 2 | {{- $name := printf "%s-%s" .Chart.Name .Release.Name }} 3 | {{- default $name .Values.id | trunc 63 }} 4 | {{- end }} 5 | 6 | {{- define "labels" -}} 7 | helm.sh/chart: {{ .Chart.Name | quote }} 8 | app.kubernetes.io/managed-by: {{ .Release.Service | quote }} 9 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 10 | app.kubernetes.io/name: {{ .Chart.Name | quote }} 11 | app.kubernetes.io/instance: {{ .Release.Name | quote }} 12 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/09_required/my-chart/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "id" . }} 5 | data: 6 | body: | 7 | {{- if not .Values.meta }} 8 | Hello Helm 9 | {{- else }} 10 | Chart: {{ .Chart.Name }} 11 | Description: {{ .Chart.Description }} 12 | Version: {{ .Chart.Version }} 13 | AppVersion: {{ .Chart.AppVersion }} 14 | Release: {{ .Release.Name }} 15 | Release.Namespace : {{ .Release.Namespace }} 16 | Release.IsUpgrade : {{ .Release.IsUpgrade }} 17 | Release.IsInstall : {{ .Release.IsInstall }} 18 | Release.Revision : {{ .Release.Revision }} 19 | Release.Service : {{ .Release.Service }} 20 | {{- end }} -------------------------------------------------------------------------------- /kubernetes_helm/09_required/my-chart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ template "id" . }} 5 | annotations: 6 | ingress.kubernetes.io/ssl-redirect: "false" 7 | nginx.ingress.kubernetes.io/rewrite-target: "/" 8 | spec: 9 | ingressClassName: nginx 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: {{ template "id" . }} 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /kubernetes_helm/09_required/my-chart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "id" . }} 5 | spec: 6 | selector: 7 | {{- include "labels" . | nindent 4 }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/10_tests/my-app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-app 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/10_tests/my-app/templates/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: {{ .Values.name }} 5 | labels: 6 | app: {{ .Values.name }} 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: nginx:1.19.2 11 | -------------------------------------------------------------------------------- /kubernetes_helm/10_tests/my-app/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Values.name }} 5 | spec: 6 | selector: 7 | app: {{ .Values.name }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/10_tests/my-app/templates/tests/test-my-app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: {{ .Values.name }}-test 5 | annotations: 6 | "helm.sh/hook": test 7 | spec: 8 | backoffLimit: 0 9 | template: 10 | spec: 11 | restartPolicy: Never 12 | containers: 13 | - name: test 14 | image: nicolaka/netshoot 15 | args: 16 | - curl 17 | - http://{{ .Values.name }}:80 18 | -------------------------------------------------------------------------------- /kubernetes_helm/10_tests/my-app/values.yaml: -------------------------------------------------------------------------------- 1 | name: "my-app" -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/.solution/my-app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-app 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/.solution/my-app/templates/hook-pre-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: {{ .Values.name }}-pre-delete 5 | annotations: 6 | "helm.sh/hook": "pre-delete" 7 | "helm.sh/hook-delete-policy": "hook-succeeded" 8 | spec: 9 | backoffLimit: 0 10 | template: 11 | spec: 12 | restartPolicy: Never 13 | containers: 14 | - name: pre-delete-hook 15 | image: ubuntu:20.04 16 | command: 17 | - echo 18 | args: 19 | - pre-delete-hook 20 | -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/.solution/my-app/templates/hook-pre-install-1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: {{ .Values.name }}-pre-install-1 5 | annotations: 6 | "helm.sh/hook": "pre-install" 7 | "helm.sh/hook-weight": "1" 8 | "helm.sh/hook-delete-policy": "hook-succeeded" 9 | spec: 10 | backoffLimit: 0 11 | template: 12 | spec: 13 | restartPolicy: Never 14 | containers: 15 | - name: pre-install-hook 16 | image: ubuntu:20.04 17 | command: 18 | - echo 19 | args: 20 | - pre-install-hook-1 21 | -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/.solution/my-app/templates/hook-pre-install-2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: {{ .Values.name }}-pre-install-2 5 | annotations: 6 | "helm.sh/hook": "pre-install" 7 | "helm.sh/hook-weight": "2" 8 | "helm.sh/hook-delete-policy": "hook-succeeded" 9 | spec: 10 | backoffLimit: 0 11 | template: 12 | spec: 13 | restartPolicy: Never 14 | containers: 15 | - name: pre-install-hook 16 | image: ubuntu:20.04 17 | command: 18 | - echo 19 | args: 20 | - pre-install-hook-2 21 | -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/.solution/my-app/templates/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: {{ .Values.name }} 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx:1.19.2 9 | -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/.solution/my-app/values.yaml: -------------------------------------------------------------------------------- 1 | name: "my-app" -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/my-app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-app 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/my-app/templates/hook-pre-delete.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: {{ .Values.name }}-pre-delete 5 | annotations: 6 | "helm.sh/hook": "pre-delete" 7 | spec: 8 | backoffLimit: 0 9 | template: 10 | spec: 11 | restartPolicy: Never 12 | containers: 13 | - name: pre-delete-hook 14 | image: ubuntu:20.04 15 | command: 16 | - echo 17 | args: 18 | - pre-delete-hook 19 | -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/my-app/templates/hook-pre-install.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: {{ .Values.name }}-pre-install 5 | annotations: 6 | "helm.sh/hook": "pre-install" 7 | spec: 8 | backoffLimit: 0 9 | template: 10 | spec: 11 | restartPolicy: Never 12 | containers: 13 | - name: pre-install-hook 14 | image: ubuntu:20.04 15 | command: 16 | - echo 17 | args: 18 | - pre-install-hook 19 | -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/my-app/templates/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: {{ .Values.name }} 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx:1.19.2 9 | -------------------------------------------------------------------------------- /kubernetes_helm/11_hooks/my-app/values.yaml: -------------------------------------------------------------------------------- 1 | name: "my-app" -------------------------------------------------------------------------------- /kubernetes_helm/12_dependencies/.gitignore: -------------------------------------------------------------------------------- 1 | my-app/Chart.lock 2 | my-app/charts/ -------------------------------------------------------------------------------- /kubernetes_helm/12_dependencies/my-app/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-app 3 | version: 0.1.0 4 | dependencies: 5 | - name: my-dependency 6 | version: "0.1.0" 7 | condition: my-dependency.enabled 8 | repository: "file://../my-dependency" 9 | -------------------------------------------------------------------------------- /kubernetes_helm/12_dependencies/my-app/templates/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: {{ .Chart.Name }} 5 | labels: 6 | app: {{ .Chart.Name }} 7 | spec: 8 | terminationGracePeriodSeconds: 0 9 | containers: 10 | - name: curl 11 | image: nicolaka/netshoot 12 | command: 13 | - "/bin/sh" 14 | - "-c" 15 | - "sleep infinity;" 16 | -------------------------------------------------------------------------------- /kubernetes_helm/12_dependencies/my-app/values.yaml: -------------------------------------------------------------------------------- 1 | my-dependency: 2 | enabled: false 3 | -------------------------------------------------------------------------------- /kubernetes_helm/12_dependencies/my-dependency/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-dependency 3 | version: 0.1.0 4 | -------------------------------------------------------------------------------- /kubernetes_helm/12_dependencies/my-dependency/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ .Chart.Name }} 5 | data: 6 | body: {{ .Values.content }} 7 | -------------------------------------------------------------------------------- /kubernetes_helm/12_dependencies/my-dependency/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Chart.Name }} 5 | spec: 6 | selector: 7 | app: {{ .Chart.Name }} 8 | ports: 9 | - port: 80 10 | -------------------------------------------------------------------------------- /kubernetes_helm/12_dependencies/my-dependency/values.yaml: -------------------------------------------------------------------------------- 1 | content: Hello from the Helm Dependency -------------------------------------------------------------------------------- /kubernetes_helm/99_teardown/README.md: -------------------------------------------------------------------------------- 1 | # Teardown Cluster 2 | 3 | ```bash 4 | cd $HOME/trainings/kubernetes_helm/99_teardown 5 | ./teardown_cluster.sh 6 | ``` 7 | -------------------------------------------------------------------------------- /kubernetes_security/.99_todos/general.md: -------------------------------------------------------------------------------- 1 | # add capture the flag from koray 2 | 3 | # https://madhuakula.com/kubernetes-goat/ 4 | 5 | -------------------------------------------------------------------------------- /kubernetes_security/.99_todos/labs.md: -------------------------------------------------------------------------------- 1 | # decrease the attack vector 2 | read-only pods 3 | small images 4 | distroless - show the pain points 5 | 6 | # container image signing 7 | => needs container registry... 8 | 9 | # verification of falco installation 10 | systemctl status falco does not work anymore 11 | 12 | # new lab to track syscalls before doing the linux kernel stuff 13 | 14 | # cilium tetragon vs falco 15 | -------------------------------------------------------------------------------- /kubernetes_security/.99_todos/setup.md: -------------------------------------------------------------------------------- 1 | # fix reboot at end of cloud init 2 | -------------------------------------------------------------------------------- /kubernetes_security/.99_todos/slides.md: -------------------------------------------------------------------------------- 1 | # container image signing 2 | => visualization of image scanning with registry, dev notebook,... 3 | 4 | # slides csi driver is not in alpha anymore 5 | 6 | PSP 7 | Volumes: ['*'] 8 | not capitalized 9 | 10 | ## psp 11 | https://kubernetes.io/docs/concepts/security/pod-security-admission/ 12 | 13 | ## secrets 14 | fix the order of the slides -> confusing -------------------------------------------------------------------------------- /kubernetes_security/03_network_policies/backend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: backend 5 | labels: 6 | app: backend 7 | spec: 8 | containers: 9 | - name: nginx 10 | image: nginx:1.19.2 11 | ports: 12 | - containerPort: 80 13 | --- 14 | apiVersion: v1 15 | kind: Service 16 | metadata: 17 | name: backend 18 | spec: 19 | ports: 20 | - port: 80 21 | selector: 22 | app: backend 23 | -------------------------------------------------------------------------------- /kubernetes_security/03_network_policies/frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: frontend 5 | labels: 6 | app: frontend 7 | spec: 8 | containers: 9 | - name: curl 10 | image: curlimages/curl:7.72.0 11 | command: ["sleep", "1h"] 12 | -------------------------------------------------------------------------------- /kubernetes_security/03_network_policies/networkpolicy-allow-be-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: allow-be-ingress 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | app: backend 9 | policyTypes: 10 | - Ingress 11 | ingress: 12 | - from: 13 | - podSelector: 14 | matchLabels: 15 | app: frontend 16 | -------------------------------------------------------------------------------- /kubernetes_security/03_network_policies/networkpolicy-allow-dns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: allow-dns-access 5 | spec: 6 | podSelector: 7 | matchLabels: {} 8 | policyTypes: 9 | - Egress 10 | egress: 11 | - to: 12 | - namespaceSelector: 13 | matchLabels: 14 | kubernetes.io/metadata.name: kube-system 15 | ports: 16 | - protocol: UDP 17 | port: 53 18 | -------------------------------------------------------------------------------- /kubernetes_security/03_network_policies/networkpolicy-allow-fe-egress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: allow-fe-egress 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | app: frontend 9 | policyTypes: 10 | - Egress 11 | egress: 12 | - to: 13 | - podSelector: 14 | matchLabels: 15 | app: backend 16 | -------------------------------------------------------------------------------- /kubernetes_security/03_network_policies/networkpolicy-deny-all.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: deny-all 5 | spec: 6 | podSelector: {} 7 | policyTypes: 8 | - Ingress 9 | - Egress 10 | -------------------------------------------------------------------------------- /kubernetes_security/05_encryption_at_transport/README.md: -------------------------------------------------------------------------------- 1 | # Encryption at Transport 2 | 3 | ## Verify Certs 4 | 5 | ### Certs for Master Components 6 | 7 | ```bash 8 | ls -alh /etc/kubernetes/pki/ 9 | ``` 10 | 11 | ### Cert for Worker Nodes 12 | 13 | ```bash 14 | cat /etc/kubernetes/kubelet.conf 15 | ``` 16 | 17 | ### Cert for Developer 18 | 19 | ```bash 20 | cat ~/.kube/config 21 | ``` 22 | 23 | ## Check Certs 24 | 25 | ```bash 26 | # verify expiration dates of certs 27 | kubeadm certs check-expiration 28 | 29 | # check renew possibilities of kubeadm 30 | kubeadm certs renew --help 31 | 32 | # verify expiration date via openssl 33 | openssl x509 -in /etc/kubernetes/pki/apiserver.crt -dates 34 | ``` 35 | -------------------------------------------------------------------------------- /kubernetes_security/06_encryption_at_rest/encryption-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiserver.config.k8s.io/v1 2 | kind: EncryptionConfiguration 3 | resources: 4 | - resources: 5 | - secrets 6 | providers: 7 | - aescbc: 8 | keys: 9 | - name: key1 10 | secret: VcPcNPU5z75x15ZNsVMxp+NJqcnZ4SNK5375cBnbBjo= 11 | - identity: {} 12 | -------------------------------------------------------------------------------- /kubernetes_security/09_trivy/README.md: -------------------------------------------------------------------------------- 1 | # Image Scanning via Trivy 2 | 3 | ## Verify Installation 4 | 5 | ```bash 6 | # check if trivy is installed on host level 7 | trivy --version 8 | ``` 9 | 10 | ## Scan Container Images 11 | 12 | ```bash 13 | # scan the latest image of nginx 14 | trivy image nginx 15 | 16 | # scan for critical issues of the latest image of nginx 17 | trivy image --severity CRITICAL nginx 18 | 19 | # scan the latest alpine image 20 | trivy image alpine 21 | 22 | # scan an older elasticsearch image 23 | # note that the report contains Log4Shell CVE-2021-44228 => so, also the dependencies of the application get scanned 24 | trivy image --severity CRITICAL elasticsearch:6.8.21 25 | ``` 26 | -------------------------------------------------------------------------------- /kubernetes_security/10_kyverno/README.md: -------------------------------------------------------------------------------- 1 | # Admission Control with Kyverno 2 | 3 | ## Verify Installation 4 | 5 | ```bash 6 | # check if kyverno is installed on cluster level 7 | helm list -n kyverno 8 | ``` 9 | 10 | ## Apply a ClusterPolicy 11 | 12 | ```bash 13 | # inspect the cluster policy 14 | cat 10_kyverno/disallow-latest-tag.yaml 15 | 16 | # apply the cluster policy 17 | kubectl apply -f 10_kyverno/disallow-latest-tag.yaml 18 | 19 | # delete the pod 20 | kubectl delete pod my-suboptimal-pod 21 | 22 | # try to apply the pod - note you will get an error due to no image tag is provided 23 | kubectl apply -f pod.yaml 24 | 25 | # add the image tag to the image, eg `image: ubuntu:22.04`. Re-run the apply command. Now it works again 26 | kubectl apply -f pod.yaml 27 | ``` 28 | -------------------------------------------------------------------------------- /kubernetes_security/11_apparmor/my-apparmor-profile: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | profile my-apparmor-profile flags=(attach_disconnected) { 4 | #include 5 | 6 | file, 7 | 8 | # Deny all file writes. 9 | deny /** w, 10 | } 11 | -------------------------------------------------------------------------------- /kubernetes_security/12_gvisor/nginx-gvisor-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-gvisor 5 | spec: 6 | runtimeClassName: gvisor 7 | containers: 8 | - image: nginx:1.23.0 9 | name: nginx 10 | -------------------------------------------------------------------------------- /kubernetes_security/12_gvisor/nginx-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx 5 | spec: 6 | containers: 7 | - image: nginx:1.23.0 8 | name: nginx 9 | -------------------------------------------------------------------------------- /kubernetes_security/12_gvisor/runtimeclass.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: node.k8s.io/v1 2 | kind: RuntimeClass 3 | metadata: 4 | name: gvisor 5 | handler: runsc 6 | -------------------------------------------------------------------------------- /kubernetes_security/13_auditing/my-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: audit.k8s.io/v1 2 | kind: Policy 3 | omitStages: ["RequestReceived"] 4 | rules: 5 | - namespaces: ["default"] 6 | verbs: ["get", "list", "watch"] 7 | resources: 8 | - groups: "" 9 | resources: ["secrets"] 10 | level: Request 11 | -------------------------------------------------------------------------------- /kubernetes_security/14_falco/README.md: -------------------------------------------------------------------------------- 1 | # Runtime Security with Falco 2 | 3 | ## Verify installation 4 | 5 | ```bash 6 | systemctl status falco 7 | ``` 8 | 9 | ## Configure Falco 10 | 11 | Edit the Falco configuration file 12 | 13 | ```bash 14 | vi /etc/falco/falco.yaml 15 | ``` 16 | 17 | Configure the `file_output` section to the following. 18 | 19 | ```yaml 20 | file_output: 21 | enabled: true 22 | keep_alive: false 23 | filename: /var/log/falco.log 24 | ``` 25 | 26 | ## Verify logging 27 | 28 | ```bash 29 | # exec into the pod (and exit afterwards) 30 | kubectl exec -it my-suboptimal-pod -- bash 31 | 32 | # verify that a line like this got logged 33 | cat /var/log/falco.log | grep 'Notice A shell was spawned in a container with an attached terminal' 34 | ``` 35 | -------------------------------------------------------------------------------- /kubernetes_security/15_kube-bench/README.md: -------------------------------------------------------------------------------- 1 | # Benchmarking via kubebench 2 | 3 | ```bash 4 | # inspect the kubebench job 5 | cat 15_kube-bench/job.yaml 6 | 7 | # run kubebench 8 | kubectl apply -f 15_kube-bench/job.yaml 9 | 10 | # inspect the logs of kubebench 11 | kubectl logs 12 | ``` 13 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/.99_todos/labs.md: -------------------------------------------------------------------------------- 1 | 2 | # fix setup 3 | update istio object versions in yamls v1beta3 => v1 4 | 5 | # istioctl 6 | gets downgraded due to GCP reconnect -------------------------------------------------------------------------------- /kubernetes_servicemesh/.99_todos/slides.md: -------------------------------------------------------------------------------- 1 | 2 | stackalytics und cncf deadlinks 3 | 4 | # envoy 5 | how do the enoy proxies configure the networking sniffing 6 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/.99_todos/todos.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/.99_todos/todos.md -------------------------------------------------------------------------------- /kubernetes_servicemesh/.gitignore: -------------------------------------------------------------------------------- 1 | *.key 2 | *.crt 3 | *.csr -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_addons/README.md: -------------------------------------------------------------------------------- 1 | # Setup addons 2 | 3 | ## Navigate to project folder to insatll addons 4 | ```bash 5 | cd 00_install_addons 6 | ``` 7 | 8 | ## Prometheus 9 | 10 | ```bash 11 | kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/addons/prometheus.yaml 12 | ``` 13 | 14 | ## Grafana 15 | 16 | ```bash 17 | kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/addons/grafana.yaml 18 | ``` 19 | 20 | ## Kiali 21 | 22 | Note, due to CRDs, you have to apply this yaml file twice. 23 | 24 | ```bash 25 | kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/addons/kiali.yaml 26 | ``` 27 | 28 | ## Jaeger 29 | 30 | ```bash 31 | kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.22/samples/addons/jaeger.yaml 32 | ``` 33 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/README.md: -------------------------------------------------------------------------------- 1 | # Setup apps 2 | 3 | ## Navigate to project folder to install the applications we would use before the addons 4 | ```bash 5 | cd 00_install_apps 6 | ``` 7 | 8 | ## Build and push the application images 9 | 10 | ```bash 11 | ./build_backend_1.0.0.sh 12 | ./build_frontend_1.0.0.sh 13 | ./build_frontend_2.0.0.sh 14 | ``` 15 | 16 | ## Create our training namespace in which istio injection is enabled 17 | 18 | ```bash 19 | kubectl create -f k8s/namespace.yaml 20 | ``` 21 | 22 | ## Switch to the namespace `training` 23 | 24 | ```bash 25 | kubens training 26 | ``` 27 | 28 | ## Create the Deployments and Services 29 | 30 | ```bash 31 | kubectl create -f ./k8s 32 | ``` 33 | 34 | ## Export the public ip of the istio-ingressgateway 35 | 36 | ```bash 37 | export INGRESS_HOST=$(kubectl -n istio-system get svc istio-ingressgateway -o jsonpath="{.status.loadBalancer.ingress[0].ip}") 38 | ``` 39 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/.dockerignore: -------------------------------------------------------------------------------- 1 | .gradle 2 | gradle 3 | gradlew 4 | build 5 | .vscode 6 | .project 7 | bin 8 | .gitignore 9 | build.sh 10 | Dockerfile 11 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/.gitignore: -------------------------------------------------------------------------------- 1 | .gradle/ 2 | build/ 3 | bin/ 4 | gradlew 5 | !**/src/main/** 6 | !**/src/test/** 7 | 8 | .vscode/ 9 | .project 10 | .settings 11 | .classpath 12 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gradle:8.6.0-jdk21 AS builder 2 | ARG BUILD_VERSION=0.0.0 3 | COPY --chown=gradle:gradle . /code 4 | WORKDIR /code 5 | RUN gradle build --no-daemon -Pversion=$BUILD_VERSION 6 | 7 | FROM openjdk:21-jdk-slim-bookworm 8 | RUN apt update && apt install curl -y 9 | ARG BUILD_VERSION=0.0.0 10 | ENV BUILD_VERSION=$BUILD_VERSION 11 | COPY --from=builder /code/build/libs/backend-$BUILD_VERSION.jar /srv/app/backend-$BUILD_VERSION.jar 12 | WORKDIR /srv/app 13 | 14 | ENTRYPOINT java -server -XshowSettings:vm -XX:InitialRAMPercentage=50 -XX:MaxRAMPercentage=70 -jar /srv/app/backend-$BUILD_VERSION.jar 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/backend/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-6.4.1-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'backend' 2 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/src/main/java/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/backend/src/main/java/.DS_Store -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/src/main/java/training/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/backend/src/main/java/training/.DS_Store -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/src/main/java/training/cloudnative/servicemesh/backend/Application.java: -------------------------------------------------------------------------------- 1 | package training.cloudnative.servicemesh.backend; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(Application.class, args); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | logging.level.root=WARN 2 | logging.level.training.cloudnative.servicemesh.backend=INFO 3 | 4 | management.endpoint.health.probes.enabled=true 5 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/src/main/resources/banner.txt: -------------------------------------------------------------------------------- 1 | _ _ _ 2 | | | | | | | 3 | | |__ __ _ ___ | | __ ___ _ __ __| | 4 | | '_ \ / _` | / __|| |/ / / _ \| '_ \ / _` | 5 | | |_) || (_| || (__ | < | __/| | | || (_| | 6 | |_.__/ \__,_| \___||_|\_\ \___||_| |_| \__,_| 7 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/backend/src/test/java/training/cloudnative/servicemesh/backend/ApplicationTests.java: -------------------------------------------------------------------------------- 1 | package training.cloudnative.servicemesh.backend; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class ApplicationTests { 8 | 9 | @Test 10 | void contextLoads() { 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/build_backend_1.0.0.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PROJECT_COUNT=$(gcloud projects list --format json | jq .[].name | tr -d \" | wc -l) 4 | if (( PROJECT_COUNT == 1)); then 5 | PROJECT_NAME=$(gcloud projects list --format json | jq .[].name | tr -d \" ) 6 | echo "Using project $PROJECT_NAME" 7 | fi 8 | if [[ -z $PROJECT_NAME ]]; then 9 | echo "INPUT: Type PROJECT_NAME (student-XX-project):" && read PROJECT_NAME 10 | fi 11 | export APP=backend 12 | export VERSION=1.0.0 13 | export CONTAINER_REGISTRY=eu.gcr.io/$PROJECT_NAME/kubernetes-servicemesh 14 | export IMAGE=$CONTAINER_REGISTRY/$APP:$VERSION 15 | 16 | set -euxo pipefail 17 | 18 | docker build -t $IMAGE ./backend/ --build-arg BUILD_VERSION=$VERSION 19 | docker push $IMAGE 20 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/build_frontend_1.0.0.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PROJECT_COUNT=$(gcloud projects list --format json | jq .[].name | tr -d \" | wc -l) 4 | if (( PROJECT_COUNT == 1)); then 5 | PROJECT_NAME=$(gcloud projects list --format json | jq .[].name | tr -d \" ) 6 | echo "Using project $PROJECT_NAME" 7 | fi 8 | if [[ -z $PROJECT_NAME ]]; then 9 | echo "INPUT: Type PROJECT_NAME (student-XX-project):" && read PROJECT_NAME 10 | fi 11 | export APP=frontend 12 | export VERSION=1.0.0 13 | export CONTAINER_REGISTRY=eu.gcr.io/$PROJECT_NAME/kubernetes-servicemesh 14 | export IMAGE=$CONTAINER_REGISTRY/$APP:$VERSION 15 | 16 | set -euxo pipefail 17 | 18 | docker build -t $IMAGE ./frontend --build-arg BUILD_VERSION=$VERSION 19 | docker push $IMAGE 20 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/build_frontend_2.0.0.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PROJECT_COUNT=$(gcloud projects list --format json | jq .[].name | tr -d \" | wc -l) 4 | if (( PROJECT_COUNT == 1)); then 5 | PROJECT_NAME=$(gcloud projects list --format json | jq .[].name | tr -d \" ) 6 | echo "Using project $PROJECT_NAME" 7 | fi 8 | if [[ -z $PROJECT_NAME ]]; then 9 | echo "INPUT: Type PROJECT_NAME (student-XX-project):" && read PROJECT_NAME 10 | fi 11 | export APP=frontend 12 | export VERSION=2.0.0 13 | export CONTAINER_REGISTRY=eu.gcr.io/$PROJECT_NAME/kubernetes-servicemesh 14 | export IMAGE=$CONTAINER_REGISTRY/$APP:$VERSION 15 | 16 | set -euxo pipefail 17 | 18 | docker build -t $IMAGE ./frontend --build-arg BUILD_VERSION=$VERSION 19 | docker push $IMAGE 20 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/.dockerignore: -------------------------------------------------------------------------------- 1 | .gradle 2 | gradle 3 | gradlew 4 | build 5 | .vscode 6 | .project 7 | bin 8 | .gitignore 9 | build.sh 10 | Dockerfile 11 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/.gitignore: -------------------------------------------------------------------------------- 1 | .gradle/ 2 | build/ 3 | bin/ 4 | gradlew 5 | !**/src/main/** 6 | !**/src/test/** 7 | 8 | .vscode/ 9 | .project 10 | .settings 11 | .classpath 12 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gradle:8.6.0-jdk21 AS builder 2 | ARG BUILD_VERSION=0.0.0 3 | COPY --chown=gradle:gradle . /code 4 | WORKDIR /code 5 | RUN gradle build --no-daemon -Pversion=$BUILD_VERSION 6 | 7 | FROM openjdk:21-jdk-slim-bookworm 8 | RUN apt update && apt install curl -y 9 | ARG BUILD_VERSION=0.0.0 10 | ENV BUILD_VERSION=$BUILD_VERSION 11 | COPY --from=builder /code/build/libs/frontend-$BUILD_VERSION.jar /srv/app/frontend-$BUILD_VERSION.jar 12 | WORKDIR /srv/app 13 | 14 | ENTRYPOINT java -server -XshowSettings:vm -XX:InitialRAMPercentage=50 -XX:MaxRAMPercentage=70 -jar /srv/app/frontend-$BUILD_VERSION.jar 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/frontend/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-6.4.1-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'frontend' 2 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/main/java/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/frontend/src/main/java/.DS_Store -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/main/java/training/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/frontend/src/main/java/training/.DS_Store -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/main/java/training/cloudnative/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/frontend/src/main/java/training/cloudnative/.DS_Store -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/main/java/training/cloudnative/servicemesh/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/frontend/src/main/java/training/cloudnative/servicemesh/.DS_Store -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/main/java/training/cloudnative/servicemesh/frontend/Application.java: -------------------------------------------------------------------------------- 1 | package training.cloudnative.servicemesh.frontend; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class Application { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(Application.class, args); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | logging.level.root=WARN 2 | logging.level.training.cloudnative.servicemesh.backend=INFO 3 | 4 | management.endpoint.health.probes.enabled=true 5 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/main/resources/banner.txt: -------------------------------------------------------------------------------- 1 | __ _ _ 2 | / _| | | | | 3 | | |_ _ __ ___ _ __ | |_ ___ _ __ __| | 4 | | _|| '__| / _ \ | '_ \ | __| / _ \| '_ \ / _` | 5 | | | | | | (_) || | | || |_ | __/| | | || (_| | 6 | |_| |_| \___/ |_| |_| \__| \___||_| |_| \__,_| 7 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/test/java/training/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/frontend/src/test/java/training/.DS_Store -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/test/java/training/cloudnative/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/frontend/src/test/java/training/cloudnative/.DS_Store -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/test/java/training/cloudnative/servicemesh/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cloudnativetrainings/trainings/ee41ee97e3cec03e632903abb6f7408f3130126f/kubernetes_servicemesh/00_install_apps/frontend/src/test/java/training/cloudnative/servicemesh/.DS_Store -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/frontend/src/test/java/training/cloudnative/servicemesh/frontend/ApplicationTests.java: -------------------------------------------------------------------------------- 1 | package training.cloudnative.servicemesh.frontend; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class ApplicationTests { 8 | 9 | @Test 10 | void contextLoads() { 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/k8s/backend-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | selector: 8 | app: backend 9 | ports: 10 | - name: http 11 | port: 8080 12 | targetPort: http 13 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/k8s/frontend-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | namespace: training 5 | name: frontend 6 | spec: 7 | selector: 8 | app: frontend 9 | ports: 10 | - name: http 11 | port: 8080 12 | targetPort: http 13 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_install_apps/k8s/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: training 5 | labels: 6 | istio-injection: enabled 7 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_setup_cluster/README.md: -------------------------------------------------------------------------------- 1 | # Setup training environment 2 | 3 | ## Navigate to project folder to create cluster first 4 | ```bash 5 | cd 00_setup_cluster 6 | ``` 7 | 8 | ## Fix the repo url in the yaml files 9 | 10 | ```bash 11 | ./fix_repo_location.sh 12 | ``` 13 | 14 | ## Create the cluster 15 | 16 | ```bash 17 | ./setup_cluster.sh 18 | . <(kubectl completion bash) 19 | kubectl get nodes 20 | ``` 21 | 22 | ## Install istioctl 23 | 24 | ```bash 25 | ./install_istioctl.sh 26 | istioctl version 27 | ``` 28 | 29 | ## Install istio into your cluster 30 | ```bash 31 | istioctl install --set profile=demo 32 | ``` 33 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_setup_cluster/fix_repo_location.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | PROJECT_COUNT=$(gcloud projects list --format json | jq .[].name | tr -d \" | wc -l) 4 | if (( PROJECT_COUNT == 1)); then 5 | PROJECT_NAME=$(gcloud projects list --format json | jq .[].name | tr -d \" ) 6 | echo "Using project $PROJECT_NAME" 7 | fi 8 | if [[ -z $PROJECT_NAME ]]; then 9 | echo "INPUT: Type PROJECT_NAME (student-XX-project):" && read PROJECT_NAME 10 | fi 11 | 12 | set -euxo pipefail 13 | 14 | # fix yaml files 15 | find ./.. -type f -name "*.yaml" -exec sed -i "s/kubermatic-training-playground/$PROJECT_NAME/g" {} + 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/00_setup_cluster/install_istioctl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euxo pipefail 4 | 5 | # variables 6 | export ISTIO_VERSION=1.22.1 7 | 8 | # install istioctl 9 | curl -L https://istio.io/downloadIstio | ISTIO_VERSION=$ISTIO_VERSION sh - 10 | sudo cp ./istio-$ISTIO_VERSION/bin/istioctl /usr/local/bin 11 | rm -rf ./istio-$ISTIO_VERSION 12 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/01_hello-world/backend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | hosts: 8 | - "*" 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: backend.training.svc.cluster.local 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/01_hello-world/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/02_routing-via-percent/README.MD: -------------------------------------------------------------------------------- 1 | 2 | # Routing via percent 3 | 4 | In this training you will learn how to route some traffic towards different versions of an application. 5 | 6 | ## Inspect and create the resources 7 | 8 | ```bash 9 | kubectl create -f . 10 | ``` 11 | 12 | ## Curl the application 13 | 14 | Verify that ~ 90 % of the requests are from Version 2.0.0 15 | 16 | ```bash 17 | while true; do curl $INGRESS_HOST; sleep 1; done; 18 | ``` 19 | 20 | ## Change the percentage in the VirtualService to eg 50 % per version and apply the changes 21 | 22 | ```bash 23 | vi frontend-virtualservice.yaml 24 | kubectl apply -f frontend-virtualservice.yaml 25 | ``` 26 | 27 | ## Curl the application 28 | 29 | Verify the change you made 30 | 31 | ```bash 32 | while true; do curl $INGRESS_HOST; sleep 1; done; 33 | ``` 34 | 35 | ## Clean up 36 | 37 | ```bash 38 | kubectl delete -f . 39 | ``` 40 | 41 | 42 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/02_routing-via-percent/frontend-destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | namespace: training 5 | name: frontend 6 | spec: 7 | host: frontend.training.svc.cluster.local 8 | subsets: 9 | - name: v1 10 | labels: 11 | version: 1.0.0 12 | - name: v2 13 | labels: 14 | version: 2.0.0 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/02_routing-via-percent/frontend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: frontend 6 | spec: 7 | hosts: 8 | - "*" 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: frontend.training.svc.cluster.local 15 | subset: v1 16 | weight: 10 17 | - destination: 18 | host: frontend.training.svc.cluster.local 19 | subset: v2 20 | weight: 90 21 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/02_routing-via-percent/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/03_routing-via-http-header/README.MD: -------------------------------------------------------------------------------- 1 | # Routing via HTTP header 2 | 3 | In this training we will setup routing based on a HTTP header. 4 | 5 | ## Inspect and create the resources 6 | 7 | ```bash 8 | kubectl create -f . 9 | ``` 10 | 11 | ## Make a request for user bob 12 | 13 | Verify that the response comes from frontend in version 1.0.0 14 | 15 | ```bash 16 | curl -H "user: bob" $INGRESS_HOST 17 | ``` 18 | 19 | ## Make an anonymous request 20 | 21 | Verify that the response comes from frontend in version 2.0.0 22 | 23 | ```bash 24 | curl $INGRESS_HOST 25 | ``` 26 | 27 | ## Clean up 28 | 29 | ```bash 30 | kubectl delete -f . 31 | ``` 32 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/03_routing-via-http-header/frontend-destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | namespace: training 5 | name: frontend 6 | spec: 7 | host: frontend.training.svc.cluster.local 8 | subsets: 9 | - name: v1 10 | labels: 11 | version: 1.0.0 12 | - name: v2 13 | labels: 14 | version: 2.0.0 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/03_routing-via-http-header/frontend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: frontend 6 | spec: 7 | hosts: 8 | - "*" 9 | gateways: 10 | - gateway 11 | http: 12 | - match: 13 | - headers: 14 | user: 15 | exact: bob 16 | route: 17 | - destination: 18 | host: frontend.training.svc.cluster.local 19 | subset: v1 20 | - route: 21 | - destination: 22 | host: frontend.training.svc.cluster.local 23 | subset: v2 24 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/03_routing-via-http-header/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/04_timeouts/backend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | hosts: 8 | - "*" 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: backend.training.svc.cluster.local 15 | # timeout: 5s 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/04_timeouts/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/05_retries/backend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | hosts: 8 | - "*" 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: backend.training.svc.cluster.local 15 | # timeout: 8s 16 | # retries: 17 | # attempts: 3 18 | # perTryTimeout: 2s 19 | # retryOn: 5xx 20 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/05_retries/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/06_circuit-breaker/backend-destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | host: backend.training.svc.cluster.local 8 | subsets: 9 | - name: v1 10 | labels: 11 | version: 1.0.0 12 | trafficPolicy: 13 | connectionPool: 14 | tcp: 15 | maxConnections: 1 16 | http: 17 | http1MaxPendingRequests: 1 18 | maxRequestsPerConnection: 1 19 | outlierDetection: 20 | consecutive5xxErrors: 3 21 | interval: 3s 22 | baseEjectionTime: 1m 23 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/06_circuit-breaker/backend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | hosts: 8 | - "*" 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: backend.training.svc.cluster.local 15 | subset: v1 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/06_circuit-breaker/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/07_fault-injection/README.md: -------------------------------------------------------------------------------- 1 | # Fault Injection 2 | 3 | In this task you will bring in some chaos into your cluster. 4 | 5 | ## Inspect and create the resources 6 | 7 | ```bash 8 | kubectl create -f . 9 | ``` 10 | 11 | ## Curl the api 12 | 13 | ```bash 14 | curl -i $INGRESS_HOST/api 15 | ``` 16 | 17 | ## Uncomment the `fault` section of the VirtualService and apply the changes 18 | 19 | ```bash 20 | kubectl apply -f backend-virtualservice.yaml 21 | ``` 22 | 23 | ## Curl the api 24 | 25 | Note that now we have some chaos in our cluster. 26 | 27 | ```bash 28 | curl -i $INGRESS_HOST/api 29 | ``` 30 | 31 | ## Clean up 32 | 33 | ```bash 34 | kubectl delete -f . 35 | ``` 36 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/07_fault-injection/backend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | hosts: 8 | - "*" 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: backend.training.svc.cluster.local 15 | # fault: 16 | # abort: 17 | # httpStatus: 500 18 | # percentage: 19 | # value: 50 20 | # delay: 21 | # fixedDelay: 3s 22 | # percentage: 23 | # value: 50 24 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/07_fault-injection/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/08_mtls/backend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | hosts: 8 | - backend.training.svc.cluster.local 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: backend.training.svc.cluster.local 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/08_mtls/frontend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: frontend 6 | spec: 7 | hosts: 8 | - frontend.training.svc.cluster.local 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: frontend.training.svc.cluster.local 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/08_mtls/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*.svc.cluster.local" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/09_ingress-tls/.gitignore: -------------------------------------------------------------------------------- 1 | *.key 2 | *.crt 3 | *.csr -------------------------------------------------------------------------------- /kubernetes_servicemesh/09_ingress-tls/frontend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: frontend 6 | spec: 7 | hosts: 8 | - frontend.cloud-native.training 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: frontend.training.svc.cluster.local 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/09_ingress-tls/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 443 13 | protocol: HTTPS 14 | tls: 15 | mode: SIMPLE 16 | credentialName: frontend.cloud-native.training 17 | hosts: 18 | - "frontend.cloud-native.training" 19 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/10_egress/backend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | hosts: 8 | - backend.training.svc.cluster.local 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: backend.training.svc.cluster.local 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/10_egress/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*.svc.cluster.local" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/11_visualization/backend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: backend 6 | spec: 7 | hosts: 8 | - backend.training.svc.cluster.local 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: backend.training.svc.cluster.local 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/11_visualization/catapi-serviceentry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: ServiceEntry 3 | metadata: 4 | name: cat-api 5 | spec: 6 | hosts: 7 | - api.thecatapi.com 8 | ports: 9 | - number: 443 10 | name: https 11 | protocol: HTTPS 12 | resolution: DNS 13 | location: MESH_EXTERNAL 14 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/11_visualization/frontend-virtualservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | namespace: training 5 | name: frontend 6 | spec: 7 | hosts: 8 | - frontend.training.svc.cluster.local 9 | gateways: 10 | - gateway 11 | http: 12 | - route: 13 | - destination: 14 | host: frontend.training.svc.cluster.local 15 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/11_visualization/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | namespace: training 5 | name: gateway 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | name: http 12 | number: 80 13 | protocol: HTTP 14 | hosts: 15 | - "*.svc.cluster.local" 16 | -------------------------------------------------------------------------------- /kubernetes_servicemesh/99_teardown/README.md: -------------------------------------------------------------------------------- 1 | # Teardown Cluster 2 | 3 | ```bash 4 | ./teardown_cluster.sh 5 | ``` -------------------------------------------------------------------------------- /linux_fundamentals/.99_todos/labs.md: -------------------------------------------------------------------------------- 1 | # labs 2 | installation of dive is missing in images lab 3 | cloudinit 4 | * do nearly everything of trainings 5 | * to show how cool these small programs are 6 | /etc/hosts => poor mans DNS 7 | -------------------------------------------------------------------------------- /linux_fundamentals/.99_todos/slides.md: -------------------------------------------------------------------------------- 1 | # slides 2 | secret files and directories 3 | extend ssh slides 4 | how to copy ssh key to destination machine 5 | 6 | ## https://docs.google.com/presentation/d/10GEOFRyE6uXhR7l00npkWPDpa-ioNKQowWWAp_rNcS0/edit#slide=id.g1dc4507b0c3_1_70 7 | trainings typo -------------------------------------------------------------------------------- /linux_fundamentals/.99_todos/todos.md: -------------------------------------------------------------------------------- 1 | # general 2 | magazine 3 | academy cloudinit stuff 4 | cks 5 | 6 | # init 7 | rebooting linux machines after cloud init 8 | 9 | # topics 10 | * file handling 04 => eof stuff 11 | * Linux Services 12 | * envsubst 13 | * while loop => while true; do echo $(date) >> my-file.txt; sleep 1; done; 14 | * bash completion 15 | * makefiles 16 | * reboot and shutdown 17 | * /dev/null 18 | * visudo 19 | * base64 20 | * grep regex 21 | * git 22 | * zip and tar 23 | * /dev/random 24 | * regex 25 | * file links 26 | * mot of the day 27 | * sed => sed -i 's/\(preemptible *=\).*/\1 true/' ~/kubeone/output.tf 28 | * advanced vi 29 | * bash scripting 30 | * set -euxo pipefail 31 | * more advanced example 32 | -------------------------------------------------------------------------------- /linux_fundamentals/.gitignore: -------------------------------------------------------------------------------- 1 | my-executable 2 | -------------------------------------------------------------------------------- /linux_fundamentals/00_setup/README.md: -------------------------------------------------------------------------------- 1 | # Provision VM 2 | 3 | ## Open Google Cloud Console Run the setup.sh bash script 4 | 5 | You will be asked to enter the project name. 6 | 7 | ```bash 8 | 00_setup/setup.sh 9 | ``` 10 | 11 | ## SSH into the new VM 12 | 13 | ```bash 14 | gcloud compute ssh root@training-lf --zone europe-west3-a 15 | ``` 16 | -------------------------------------------------------------------------------- /linux_fundamentals/03_executables/my-executable.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "time" 6 | ) 7 | 8 | func main() { 9 | for { 10 | fmt.Println("Hello Go!") 11 | time.Sleep(5 * time.Second) 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /linux_fundamentals/07_bash-scripts/README.md: -------------------------------------------------------------------------------- 1 | # Bash Scripts 2 | 3 | In this lab you will learn how to write your own bash scripts. 4 | 5 | ## Create your own bash script 6 | 7 | Create a file called `my-bash-script.sh` via vi with the following content 8 | >#!/bin/bash 9 | > 10 | >echo $(date) >> my-bash-script-file.txt 11 | 12 | ```bash 13 | # try to run the bash script (which will fail due to it is not executable yet) 14 | ./my-bash-script.sh 15 | 16 | # make the bash script executable 17 | ls -alh my-bash-script.sh 18 | chmod 700 my-bash-script.sh 19 | ls -alh my-bash-script.sh 20 | 21 | # run the bash script 22 | ./my-bash-script.sh 23 | 24 | # verify the bash script worked out 25 | cat my-bash-script-file.txt 26 | ``` 27 | -------------------------------------------------------------------------------- /linux_fundamentals/08_cron/README.md: -------------------------------------------------------------------------------- 1 | # Cronjobs 2 | 3 | In this lab you will learn how to schedule processes periodicaly. 4 | 5 | ```bash 6 | 7 | # list all existing cronjobs (none, yet) 8 | crontab -l 9 | 10 | # open the cronjob editor 11 | crontab -e 12 | 13 | # add a cronjob via appending the following line (which executes the command every minute) 14 | * * * * * echo $(date) >> ~/trainings/linux_fundamentals/cron_output.log 15 | 16 | # verify the cronjob is working (maybe you have to wait for a minute for it), you can exit the command `watch` via + 17 | watch -n 1 cat cron_output.log 18 | 19 | # remove the crontab file (this will delete all entries immediately) 20 | crontab -r 21 | ``` -------------------------------------------------------------------------------- /linux_fundamentals/99_teardown/README.md: -------------------------------------------------------------------------------- 1 | # Teardown the VM 2 | 3 | Perform this steps, if you have done the setup of Google Cloud VM instance as part of pre-requisites. Else skip! 4 | 5 | ## Run the teardown.sh bash script 6 | 7 | * You wil be asked about the project name. Perform this step from your previous Google Cloud Shell session. 8 | 9 | ```bash 10 | 99_teardown/teardown.sh 11 | ``` 12 | 13 | --------------------------------------------------------------------------------