├── .gitattributes ├── .github └── workflows │ ├── build-crashing-app.yml │ ├── build-dummy-logger.yml │ ├── build-go-calc-backend.yml │ ├── build-java-calc-requester.yml │ ├── build-js-calc-backend.yml │ └── build-js-calc-frontend.yml ├── .gitignore ├── .vscode ├── launch.json ├── settings.json └── tasks.json ├── ACNS.md ├── ACSEngine.md ├── AKS.md ├── AKSEngine.md ├── AKSMaintenance.md ├── APIM.md ├── ASOF.md ├── AzureContainerRegistry.md ├── AzureRedhatManagedOpenShift.md ├── BashCliSetup.md ├── Bicep.md ├── Certificates.md ├── CiPrometheusNginx.md ├── CommonIssues.md ├── ContainerCICDACI.md ├── ContainerHelloWorld.md ├── Controllers.md ├── CostManagement.md ├── CreateServicePrincipal.md ├── DNS.md ├── Demos.md ├── Docker.md ├── EasyAuth.md ├── Egress.md ├── Features.md ├── Flagger.md ├── Fleet.md ├── Flux.md ├── GPU.md ├── Go.md ├── Helm.md ├── Ingress.md ├── Ingress_APIG.md ├── Ingress_Ambassador.md ├── Ingress_Approuting.md ├── Ingress_Kong.md ├── Ingress_Nginx.md ├── Ingress_Traefik.md ├── Istio.md ├── Jdk.md ├── Jenkins.md ├── JupyterHub.md ├── KernelBug.md ├── KubeFlow.md ├── Kubecost.md ├── Kubic.md ├── Kured.md ├── Links.md ├── Loading.md ├── MachineLearning.md ├── Monitoring.md ├── Monitoring_Grafana.md ├── Monitoring_Jaeger.md ├── Monitoring_Prometheus.md ├── Networking_Playground.md ├── OMSAKS.md ├── OSBA.md ├── OSM_full.md ├── Operators.md ├── Performance.md ├── RBAC.md ├── README.md ├── SMI.md ├── SM_Consul.md ├── SM_Istio.md ├── SM_LinkerdWS.md ├── SM_OSM.md ├── ScalingApps.md ├── Security_AAD.md ├── Security_AppGW.md ├── Security_Cillium.md ├── Security_Firewall.md ├── Security_Gatekeeper.md ├── Security_Guardrails.md ├── Security_HashicorpVault.md ├── Security_KeyVault.md ├── Security_NetworkPolicy.md ├── Security_PodSecurityPolicy.md ├── Security_PrivateAKS.md ├── Security_RBAC.md ├── Security_Rachner.md ├── Security_Scanner.md ├── Security_falco.md ├── Security_oAuth2Proxy.md ├── Services.md ├── Storage_ACS.md ├── Storage_Disk.md ├── Storage_Files.md ├── Storage_Kafka.md ├── Storage_MultiAttach.md ├── Storage_Postgres.md ├── Storage_Redis.md ├── Storage_Zones.md ├── Terraform.md ├── Tigera.md ├── Troubleshooting.md ├── Upgrades ├── VirtualKubelet.md ├── Vnet.md ├── Windows.md ├── aci-helloworld ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── app │ ├── index.html │ ├── index.js │ └── package.json ├── helloapp-depl.yaml ├── helloapp.yaml ├── helloingress.yaml ├── helloworld-pod.yaml ├── helloworld-svc.yaml ├── helloworld-win.yaml ├── iis-win-1803.yaml ├── ingress-win-1803.yaml ├── tm.yaml └── vk-pod.yaml ├── aci ├── helloworld.yaml ├── job.yaml ├── modk.yaml └── pod.yaml ├── apps ├── aci-helloworld │ ├── .gitignore │ ├── ACR.Dockerfile │ ├── Dockerfile │ ├── LICENSE │ ├── README.md │ └── app │ │ ├── .dockerignore │ │ ├── Dockerfile │ │ ├── charts │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── production.yaml │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ ├── namespace.yaml │ │ │ └── service.yaml │ │ └── values.yaml │ │ ├── index.html │ │ ├── index.js │ │ └── package.json ├── go-calc-backend │ ├── .gitignore │ ├── Dockerfile │ └── app │ │ └── main.go ├── grpc │ ├── .gitignore │ ├── Dockerfile │ ├── README.md │ └── app │ │ ├── client.js │ │ ├── package.json │ │ ├── server.js │ │ └── service_def.proto ├── java-calc-requester │ ├── .dockerignore │ ├── .gitignore │ ├── .mvn │ │ └── wrapper │ │ │ ├── MavenWrapperDownloader.java │ │ │ ├── maven-wrapper.jar │ │ │ └── maven-wrapper.properties │ ├── Dockerfile │ ├── README.md │ ├── applicationinsights.json │ ├── mvnw │ ├── mvnw.cmd │ ├── pom.xml │ └── src │ │ ├── main │ │ ├── docker │ │ │ ├── Dockerfile.jvm │ │ │ ├── Dockerfile.legacy-jar │ │ │ ├── Dockerfile.native │ │ │ └── Dockerfile.native-distroless │ │ ├── java │ │ │ └── org │ │ │ │ └── acme │ │ │ │ └── rest │ │ │ │ └── client │ │ │ │ ├── CalculationRequest.java │ │ │ │ ├── CalculationResource.java │ │ │ │ ├── CalculationResponse.java │ │ │ │ └── CalculationService.java │ │ └── resources │ │ │ └── application.properties │ │ └── test │ │ ├── java │ │ └── org │ │ │ └── acme │ │ │ └── rest │ │ │ └── client │ │ │ ├── CalculationResourceIT.java │ │ │ ├── CalculationResourceTest.java │ │ │ └── resources │ │ │ └── WireMockExtensions.java │ │ └── resources │ │ └── calculations.json ├── js-calc-backend │ ├── .dockerignore │ ├── Dockerfile │ └── app │ │ ├── .env_template │ │ ├── .gitignore │ │ ├── config.js │ │ ├── openapi-backend.yaml │ │ ├── package.json │ │ ├── server.js │ │ ├── swagger.json │ │ └── version │ │ └── info.txt ├── js-calc-frontend │ ├── .dockerignore │ ├── Dockerfile │ └── app │ │ ├── .env_template │ │ ├── .gitignore │ │ ├── config.js │ │ ├── openapi-frontend.yaml │ │ ├── package.json │ │ ├── public │ │ ├── angular.min.js │ │ ├── appinsights.js │ │ ├── bootstrap.min.css │ │ ├── client.js │ │ ├── favicon.ico │ │ └── index.html │ │ ├── server.js │ │ ├── swagger.json │ │ └── version │ │ └── info.txt ├── lifecycle-playground │ ├── Dockerfile │ ├── app │ │ ├── .env_template │ │ ├── .gitignore │ │ ├── config.js │ │ ├── package.json │ │ └── server.js │ └── depl-lifecycle.yaml └── quarkus-dapr-rest │ ├── .dockerignore │ ├── .gitignore │ ├── .mvn │ └── wrapper │ │ ├── .gitignore │ │ ├── MavenWrapperDownloader.java │ │ └── maven-wrapper.properties │ ├── README.md │ ├── mvnw │ ├── mvnw.cmd │ ├── pom.xml │ └── src │ ├── main │ ├── docker │ │ ├── Dockerfile.jvm │ │ ├── Dockerfile.legacy-jar │ │ ├── Dockerfile.native │ │ └── Dockerfile.native-micro │ ├── java │ │ └── qdapr │ │ │ └── acme │ │ │ ├── GreetingResource.java │ │ │ └── InvokeService.java │ └── resources │ │ ├── META-INF │ │ └── resources │ │ │ ├── client.js │ │ │ └── index.html │ │ └── application.properties │ └── test │ └── java │ └── qdapr │ └── acme │ ├── GreetingResourceIT.java │ └── GreetingResourceTest.java ├── architectures ├── application-observability.drawio ├── cluster-observability.drawio └── topology-observability.drawio ├── arm ├── azurecni_parameters.json ├── azurecni_template.json ├── cse-config.json ├── cse.sh ├── deploy-view-rbac.json ├── deploymultiaci.json ├── fullyprivate.json ├── insightsClusterOnboarding.json ├── insightsClusterParam.json ├── kubic.json ├── openshift_parameters.json ├── openshift_template.json ├── private_function.json ├── psp_parameters.json ├── psp_template.json ├── spot_parameters.json ├── spot_template.json ├── swagger.json ├── zones_parameters.json ├── zones_template.json └── zones_template_msi.json ├── bestpractices ├── azure-cni-networkmonitor.yaml ├── azurecli.yaml ├── azurerbac.md ├── blobfuse.yaml ├── checkreboot.yaml ├── cloudprovider-defaults.json ├── compute-resources.yaml ├── dashboard.yaml ├── exploitsp.yaml ├── gpu-drivers.yaml ├── mountsp.yaml ├── networkmonitor.md ├── podmeasure.yaml ├── setproxy.yaml ├── vault.yaml ├── zeroscaler-aks.yaml └── zeroscaler-vmss.yaml ├── bicep ├── README.md ├── aca.bicep ├── aks.bicep ├── create.sh ├── deploy.sh ├── logging.bicep └── main.bicep ├── charts ├── multicalculator │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── autoscalers.yaml │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── secrets.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml └── multicalculatorcanary │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── autoscalers.yaml │ ├── configmap.yaml │ ├── deployment.yaml │ ├── ingress.yaml │ ├── secrets.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml │ └── values.yaml ├── cilium ├── ama-metrics-settings-configmap.yaml ├── cilium-cm.yaml ├── cilium-full.yaml ├── dns-filter.yaml ├── goldpinger.yaml ├── hubble.yaml └── ui.yaml ├── consul ├── counting-dashboard.yaml ├── counting-minimal-pod.yaml ├── counting-minimal-svc.yaml ├── counting-service.yaml ├── demo-api.yaml ├── demo-web.yaml └── dns-verify-job.yaml ├── ctl-mng-restarter.sh ├── dapr ├── actors.md ├── calc-backend.yaml ├── calc-dapr-ingress.yaml ├── calc-frontend.yaml ├── eventhub.md ├── helloworld.md ├── ingress.md ├── install.md ├── kafka.md ├── otel.yaml ├── redis.md ├── security.md ├── servicebus.md ├── tracing.md ├── yaml │ └── ingress-annotations.yaml └── zipkin.yaml ├── database └── pgBouncerSidecar.yaml ├── extensions └── ctl-mng-restarter │ └── v1 │ ├── ctl-mng-restarter.sh │ ├── supported-orchestrators.json │ ├── template-link.json │ └── template.json ├── fleet.drawio ├── getmekube.sh ├── getmeterra.sh ├── getmevars.sh ├── grafana ├── grafana-disk.yaml ├── grafana-mysql-k8s.yaml ├── grafana-mysql-paas.yaml └── grafana-mysql-sidecar.yaml ├── grpc ├── grpcbin.yaml ├── grpcbin_kong.yaml └── httbin.yaml ├── grpcbin.proto ├── img ├── 2017-08-07-07-44-35.png ├── 2017-08-07-07-47-29.png ├── 2017-08-07-07-48-22.png ├── 2017-08-07-07-48-47.png ├── 2017-08-07-07-49-50.png ├── 2017-08-07-07-52-31.png ├── 2017-08-07-07-55-16.png ├── 2017-08-07-07-55-56.png ├── 2017-08-07-07-56-37.png ├── aks-firewall.png ├── basic-storage.png ├── cillium-calculator.png ├── copy-app-id.png ├── copy-key.png ├── create-app.png ├── fullyprivateaks.png ├── hcp-new.png ├── kubernetes.png ├── kubernetes_on_azure.png ├── multicalculator.png ├── multicalculatorarch.png ├── multicontainer.png ├── osba_multicalculator.png ├── save-key.png ├── select-active-directory.png ├── select-add-app.png ├── select-app-registrations.png ├── select-app.png ├── select-keys.png └── select-settings.png ├── kube-pod-helloworld ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── acihelloworldpod.yaml ├── app │ ├── index.html │ ├── index.js │ └── package.json ├── azure-vote.yml └── deployment.yaml ├── kubectl.md ├── logging ├── AzureFirewall.omsview ├── README.md ├── appgw-grafana.json ├── configmap-controlplane.yaml ├── container-azm-ms-agentconfig-v2.yaml ├── container-azm-ms-agentconfig.yaml ├── crashing-app │ ├── Dockerfile │ ├── app │ │ ├── .env_template │ │ ├── .gitignore │ │ ├── config.js │ │ ├── package.json │ │ └── server.js │ ├── crashing-app.yaml │ ├── crashing-depl.yaml │ ├── crashing-ing.yaml │ └── crashing-svc.yaml ├── dummy-logger │ ├── Dockerfile │ ├── app │ │ ├── .deployment │ │ ├── .env_template │ │ ├── .gitignore │ │ ├── config.js │ │ ├── package.json │ │ └── server.js │ ├── corp-logger.yaml │ ├── dapr-depl-logger.yaml │ ├── dapr-pod-logger.yaml │ ├── depl-echo.yaml │ ├── depl-explorer.yaml │ ├── depl-logger-timeouts.yaml │ ├── depl-logger.yaml │ ├── ing-appgw-logger.yaml │ ├── ing-approuting.yaml │ ├── ing-nginx-logger.yaml │ ├── ing-svc-logger.yaml │ ├── pod-logger.yaml │ ├── svc-cluster-explorer.yaml │ ├── svc-cluster-logger.yaml │ ├── svc-int-ing-logger.yaml │ ├── svc-int-logger.yaml │ ├── svc-lb-logger.yaml │ ├── svc-lb-pl-logger.yaml │ ├── svc-lb-rg-ing-logger.yaml │ ├── svc-logger.yaml │ ├── svc-node-logger.yaml │ ├── svc-pls-logger.yaml │ └── svc-rg-logger.yaml ├── echo-server.yaml ├── load-generator │ ├── .gitignore │ ├── Dockerfile │ └── app │ │ ├── index.js │ │ └── package.json ├── logging-format.csv ├── omsdaemonset.yaml ├── otel.yaml ├── postgres-amz-config.yaml ├── prometheus-config ├── prometheus-config-cilium ├── prometheus-config-dummy ├── python-details │ ├── Dockerfile │ ├── main.py │ └── requirements.txt ├── python-ip │ ├── Dockerfile │ ├── echo.py │ └── requirements.txt ├── random_logger.yaml └── ubuntuhost.yml ├── multi-stage-build-acr ├── Dockerfile └── src │ ├── package.json │ └── server.js ├── multicalchart ├── .helmignore ├── Chart.yaml ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── ingress.yaml │ ├── secrets.yaml │ └── service.yaml └── values.yaml ├── networkpolicies ├── calico-db-allow.yaml ├── cillium-egress.yaml ├── kube-router-firewall-daemonset-aks.yaml └── tigera.yaml ├── opentelemetry-collector-config.yml ├── operations ├── dns.yaml ├── mountconfig.yaml ├── revert-cgroups.yaml ├── set-upgrade-ds.yaml ├── set-upgrade-script.yaml ├── source-ip-ds.yaml └── source-ip-script.yaml ├── osm ├── bb-depl.yaml ├── bb-s.yaml ├── bb-sa.yaml ├── bs-depl.yaml ├── bs-s.yaml ├── bs-sa.yaml ├── jaeger.yaml ├── osm-full.yaml ├── route.yaml └── target.yaml ├── otel └── OtelDemo.md ├── policy.rego ├── policy ├── constraint_label.yaml ├── contraint_template_label.yaml ├── contraint_template_readiness.yaml ├── deployment_full.yaml ├── deployment_small.json ├── deployment_small.yaml ├── liveness │ ├── pod-logger.yaml │ └── pod-small.yaml ├── readiness │ ├── deployment_full.json │ └── require_deployment_readiness.rego ├── require_deployment_label.rego ├── require_selector.rego ├── runasnonroot.yaml └── whitelistcontainer.rego ├── scripts ├── aks_appgw.sh ├── aks_des_byo_vnet.sh ├── aks_firewall.sh ├── aks_firewall_appgw.sh ├── aks_lima.sh ├── aks_lima_v2.sh ├── aks_mtls_kv.sh ├── aks_udr_nsg_firewall.sh ├── aks_vnet.sh ├── aks_vnet2.sh ├── aks_wl_kv.sh ├── configure_acr_nginx_tls.sh ├── configure_appgw.sh ├── configure_eventgrid.sh ├── configure_kong_kuma.sh ├── configure_monitor.sh ├── configure_nginx_kv_tls_osm.sh ├── configure_nginx_pl.sh ├── configure_nginx_tls.sh ├── configure_nginx_tls_auth.sh ├── configure_osm.sh ├── deploy_calc.sh ├── function_create.sh ├── vm_node_logger.sh └── vm_python_ip.sh ├── secure ├── aadpodidentity.yaml ├── aadpodidentitybinding.yaml ├── app-deployment.yaml ├── secretprovider.yaml └── storageapp │ ├── Dockerfile │ ├── app.py │ ├── pod.yaml │ └── requirements.txt ├── services ├── aci-hello.yaml ├── bar-svc.yaml ├── blue-pod.yml ├── blue-rc.yml ├── blue │ ├── .gitignore │ ├── Dockerfile │ ├── LICENSE │ ├── README.md │ └── app │ │ ├── index.html │ │ ├── index.js │ │ └── package.json ├── color-ingress.yaml ├── colors-svc.yaml ├── default-backend.yaml ├── default-svc.yaml ├── deployment.yml ├── frontend-svc.yml ├── green-pod.yml ├── green │ ├── .gitignore │ ├── Dockerfile │ ├── LICENSE │ ├── README.md │ └── app │ │ ├── index.html │ │ ├── index.js │ │ └── package.json ├── health.yaml ├── ingres-values.yaml ├── ingress-ctl.yaml ├── ingress-svc.yaml ├── nginx-internal.yaml ├── ubuntu.yaml └── vistio.yaml ├── simple ├── azurecni.tf ├── containerregistry.tf ├── eventhub.tf ├── keyvault.tf ├── logs.tf ├── variables.tf └── vnet.tf ├── smi ├── ing-linkerd-podinfo.yaml ├── istio-gw.yaml ├── istio-podinfo-canary.yaml ├── istio-test.yaml └── linkerd-podinfo-canary.yaml ├── storage ├── ceph-pool.yaml ├── kv-flexvolume.yaml ├── pod-read-azurefile.yaml ├── pod-write-azuredisk.yaml ├── pod-write-azurefile.yaml ├── pv-azure-disk.yaml ├── pv-managed-disk.yaml ├── pvc-azure-disk.yaml ├── pvc-azurefile.yaml ├── pvc-managed-disk.yaml ├── pvc-managed-premium-disk.yaml ├── rook-all-cluster.yaml ├── rook-cluster.yaml ├── rook-operator.yaml ├── rook-toolbox.yaml ├── sc-azure-disk.yaml ├── sc-azure-file.yaml └── sc-secret.yaml ├── terraform ├── appgw.tf ├── azurecni.tf ├── backend.tf ├── containerregistry.tf ├── flux.tf ├── helm.tf ├── ingress_ambassador.tf ├── ingress_kong.tf ├── ingress_nginx.tf ├── ingress_traefik.tf ├── keyvault.tf ├── kubenet.tf ├── logs.tf ├── monitoring_grafana.tf ├── monitoring_loki.tf ├── serviceprincipal.tf ├── tooling_flagger.tf ├── traefik.yaml ├── variables.tf └── vnet.tf ├── terraform_agic ├── aadpodidentity.tf ├── agic.tf ├── aks.tf ├── appgw.tf ├── deploy.sh ├── helm.tf ├── logs.tf ├── main.tf ├── variables.tf └── vnet.tf ├── todos.md ├── tracing └── debugtracing.yaml ├── troublenet.md ├── v6.md ├── wasm.md ├── web ├── acr.json └── webtemplate.json └── yaml ├── aci-scale.yaml ├── anti-affinity.yaml ├── appinsightsecret.yml ├── backend-depl.yml ├── backend-js-pod.yml ├── backend-pod.yml ├── backend-svc.yml ├── calc-contour-gateway.yaml ├── calc-full-depl.yml ├── calc-min-depl.yaml ├── calc-requester.yml ├── centos.yaml ├── ciliumnp.yaml ├── color.yml ├── depl-calc-backend.yaml ├── depl-calc-frontend.yaml ├── depl-calc-requester.yaml ├── echoserver.yaml ├── frontend-depl.yml ├── frontend-pod.yml ├── frontend-svc.yml ├── hostreaddeploy.yaml ├── hostwriteds.yaml ├── hotrot.yaml ├── ingress.yml ├── keda-monitor.yaml └── nginx.yml /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | *.sln merge=union 7 | *.csproj merge=union 8 | *.vbproj merge=union 9 | *.fsproj merge=union 10 | *.dbproj merge=union 11 | 12 | # Standard to msysgit 13 | *.doc diff=astextplain 14 | *.DOC diff=astextplain 15 | *.docx diff=astextplain 16 | *.DOCX diff=astextplain 17 | *.dot diff=astextplain 18 | *.DOT diff=astextplain 19 | *.pdf diff=astextplain 20 | *.PDF diff=astextplain 21 | *.rtf diff=astextplain 22 | *.RTF diff=astextplain 23 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ################# 2 | ## Visual Studio 3 | ################# 4 | 5 | aad/* 6 | wa 7 | scripts/*_wa*.sh 8 | scripts/*pod*.sh 9 | todos.md 10 | SECURITY_FD.md 11 | GRPC.md 12 | ingress/* 13 | Ingress_EasyAuth.md 14 | table.csv 15 | Setup.md 16 | CustomAKS.md 17 | GlobalLB.md 18 | Permissions.md 19 | demo.md 20 | config.yaml 21 | terraform_agic/.terraform 22 | terraform_agic/*.plan 23 | Lima.md 24 | demos 25 | twistlock.md 26 | Jenkins-ACI.md 27 | appgw.yaml 28 | Presentation.md 29 | games/whack.yaml 30 | manifests/* 31 | logging/grafana-values.yaml 32 | deployment/acsengvnet_out.json 33 | multi-calculator/.DS_Store 34 | arm/kubic.json 35 | multi-calculator/go-calc-backend/.DS_Store 36 | multi-calculator/js-calc-backend/.DS_Store 37 | .DS_Store 38 | Jaeger.md 39 | CostAgent.md 40 | KCONFIG.md 41 | Postgres.md 42 | towatch.md 43 | cloudprovider.md 44 | AzureARC.md 45 | todos.md 46 | table.json 47 | Security_Private_Env.md 48 | workerapps.md 49 | yaml/aadpod2.yaml 50 | **/package-lock.json -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- 1 | // A launch configuration that compiles the extension and then opens it inside a new window 2 | // Use IntelliSense to learn about possible attributes. 3 | // Hover to view descriptions of existing attributes. 4 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 5 | { 6 | "version": "0.2.0", 7 | "configurations": [ 8 | { 9 | "preLaunchTask": "quarkus:dev (apps/java-calc-requester)", 10 | "type": "java", 11 | "request": "attach", 12 | "hostName": "localhost", 13 | "name": "Debug Quarkus application (apps/java-calc-requester)", 14 | "port": 5005 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "java.configuration.updateBuildConfiguration": "automatic" 3 | } -------------------------------------------------------------------------------- /AKSMaintenance.md: -------------------------------------------------------------------------------- 1 | # AKS Maintenance 2 | 3 | Get all upgrade versions 4 | ``` 5 | az aks get-upgrades --resource-group=$KUBE_GROUP --name=$KUBE_NAME --output table 6 | 7 | az aks nodepool get-upgrades --nodepool-name nodepool2 --resource-group=$KUBE_GROUP --cluster-name=$KUBE_NAME 8 | ``` 9 | 10 | 11 | Perform upgrade 12 | ``` 13 | 14 | az aks nodepool show --resource-group=$KUBE_GROUP --cluster-name=$KUBE_NAME --name nodepool1 --query nodeImageVersion 15 | 16 | az aks upgrade --resource-group=$KUBE_GROUP --name=$KUBE_NAME --kubernetes-version 1.22.6 17 | 18 | az aks nodepool upgrade --name nodepool2 --resource-group=$KUBE_GROUP --cluster-name=$KUBE_NAME --kubernetes-version 1.22.6 19 | 20 | az aks upgrade --resource-group=$KUBE_GROUP --name=$KUBE_NAME --node-image-only 21 | 22 | az aks update -g $KUBE_GROUP -n $KUBE_NAME --auto-upgrade-channel stable # patch stable rapid node-image 23 | az aks update -g $KUBE_GROUP -n $KUBE_NAME --auto-upgrade-channel node-image 24 | ``` 25 | 26 | 27 | ## Maintenance window 28 | 29 | 30 | ``` 31 | az aks maintenanceconfiguration add -g $KUBE_GROUP --cluster-name $KUBE_NAME -n default --weekday Tuesday --start-hour 12 32 | 33 | ``` 34 | -------------------------------------------------------------------------------- /ASOF.md: -------------------------------------------------------------------------------- 1 | # ASOF 2 | 3 | ``` 4 | 5 | kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.8.2/cert-manager.yaml 6 | 7 | 8 | 9 | ``` -------------------------------------------------------------------------------- /Bicep.md: -------------------------------------------------------------------------------- 1 | 2 | RG_NAME="dzaca67" # here the deployment 3 | LOCATION="westeurope" 4 | SUBNET_RESOURCE_ID=" 5 | 6 | az deployment group create -g $RG_NAME -f main.bicep -p internalOnly=true 7 | 8 | -------------------------------------------------------------------------------- /Certificates.md: -------------------------------------------------------------------------------- 1 | # Certificates 2 | 3 | ## Create self-signed certificate 4 | 5 | ``` 6 | echo "create private key" 7 | openssl genrsa -des3 -out CAPrivate.key 2048 8 | 9 | echo "create ca root certificate" 10 | openssl req -x509 -new -nodes -key CAPrivate.key -sha256 -days 365 -out CAPrivate.pem 11 | 12 | echo "create private key" 13 | openssl genrsa -out MyPrivate.key 2048 14 | 15 | echo "create signing request" 16 | openssl req -new -key MyPrivate.key -extensions v3_ca -out MyRequest.csr 17 | 18 | echo "create extensions file" 19 | touch openssl.ss.cnf 20 | 21 | basicConstraints=CA:FALSE 22 | subjectAltName=DNS:*.mydomain.tld 23 | extendedKeyUsage=serverAuth 24 | 25 | echo "generate certificate using CSR" 26 | openssl x509 -req -in MyRequest.csr -CA CAPrivate.pem -CAkey CAPrivate.key -CAcreateserial -extfile openssl.ss.cnf -out MyCert.crt -days 365 -sha256 27 | 28 | 29 | ``` -------------------------------------------------------------------------------- /CiPrometheusNginx.md: -------------------------------------------------------------------------------- 1 | # Scrapping Nginx metrics for Container insights 2 | https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-agent-config#overview-of-configurable-prometheus-scraping-settings 3 | 4 | ``` 5 | # HELP nginx_ingress_controller_nginx_process_requests_total total number of client requests 6 | # TYPE nginx_ingress_controller_nginx_process_requests_total counter 7 | nginx_ingress_controller_nginx_process_requests_total{controller_class="nginx",controller_namespace="kube-system",controller_pod="nginx-ingress-controller-95d976c8b-4km4p"} 566 8 | ``` 9 | 10 | 11 | ``` 12 | # HELP promhttp_metric_handler_requests_total Total number of scrapes by HTTP status code. 13 | # TYPE promhttp_metric_handler_requests_total counter 14 | promhttp_metric_handler_requests_total{code="200"} 6 15 | ``` 16 | 17 | wget https://raw.githubusercontent.com/microsoft/OMS-docker/ci_feature_prod/Kubernetes/container-azm-ms-agentconfig.yaml 18 | 19 | -------------------------------------------------------------------------------- /DNS.md: -------------------------------------------------------------------------------- 1 | # Azure DNS 2 | https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/azure.md 3 | https://github.com/helm/charts/tree/master/stable/external-dns 4 | 5 | ``` 6 | 7 | az network dns zone create -g $KUBE_GROUP -n example.com 8 | ``` 9 | 10 | 11 | https://stackoverflow.com/questions/53290626/can-aks-be-configured-to-work-with-an-azure-private-dns-zone 12 | 13 | publishInternalServices=true -------------------------------------------------------------------------------- /Flagger.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | kubectl -n linkerd logs deployment/flagger -f | jq .msg 5 | 6 | kubectl -n istio-system logs deployment/flagger -f | jq .msg 7 | 8 | 9 | kubectl -n test set image deployment/podinfo podinfod=quay.io/stefanprodan/podinfo:1.7.1 -------------------------------------------------------------------------------- /Flux.md: -------------------------------------------------------------------------------- 1 | # Flux 2 | https://www.weave.works/technologies/gitops/ 3 | https://github.com/fluxcd/flux 4 | 5 | https://github.com/fluxcd/flux/blob/master/docs/tutorials/get-started-helm.md 6 | 7 | https://github.com/denniszielke/flux-get-started 8 | 9 | https://helm.workshop.flagger.dev/ 10 | https://helm.workshop.flagger.dev/gitops-helm-workshop.png 11 | 12 | 13 | helm upgrade -i flux \ 14 | --set helmOperator.create=true \ 15 | --set helmOperator.createCRD=false \ 16 | --set git.url=git@github.com:denniszielke/flux-get-started \ 17 | --namespace flux \ 18 | fluxcd/flux 19 | 20 | 21 | kubectl -n flux logs deployment/flux | grep identity.pub | cut -d '"' -f2 22 | 23 | 24 | https://github.com/gbaeke/realtimeapp-infra/blob/master/deploy/bases/realtimeapp/kustomization.yaml 25 | 26 | https://github.com/cyrilbkr/flux2-multicluster-example/blob/main/infrastructure/common/ingress-nginx/nginx-ingress.yaml 27 | 28 | 29 | https://docs.microsoft.com/en-us/azure/azure-arc/kubernetes/tutorial-use-gitops-flux2#work-with-parameters 30 | 31 | https://docs.microsoft.com/en-us/cli/azure/k8s-configuration/flux?view=azure-cli-latest#az_k8s_configuration_flux_create -------------------------------------------------------------------------------- /Go.md: -------------------------------------------------------------------------------- 1 | # Building a go rest api 2 | 3 | ## Installing go on ubuntu bash 4 | https://stefanprodan.com/2016/golang-bash-on-windows-installer/ 5 | ``` 6 | GOURL=https://gist.githubusercontent.com/stefanprodan/29d738c3049a8714297a9bdd8353f31c/raw/1f3ae2cf97cb2faff52a8a3d98f0b6415d86c810/win10-bash-go-install.sh 7 | curl -s -L $GOURL | sudo bash 8 | ``` 9 | or on ubuntu 10 | 11 | https://github.com/golang/go/wiki/Ubuntu 12 | ``` 13 | sudo apt-get install golang-go 14 | export GOPATH=$HOME/go 15 | export PATH=$PATH:$GOROOT/bin:$GOPATH/bin 16 | ``` 17 | 18 | ## Running the demo 19 | ``` 20 | docker run -e "INSTRUMENTATIONKEY=4c3d38bd-58e3-480e-9fe1" -e "PORT=3001" -p 8080:3001 gocalcbackend 21 | 22 | docker ps 23 | 24 | docker stop 25 | ``` 26 | 27 | -------------------------------------------------------------------------------- /Jdk.md: -------------------------------------------------------------------------------- 1 | https://docs.microsoft.com/en-gb/java/openjdk/containers#create-a-custom-java-runtime -------------------------------------------------------------------------------- /Jenkins.md: -------------------------------------------------------------------------------- 1 | # 2 | 3 | kubectl create ns jenkins 4 | helm install my-jenkins stable/jenkins -n jenkins 5 | 6 | 7 | printf $(kubectl get secret --namespace jenkins my-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo 8 | 9 | export POD_NAME=$(kubectl get pods --namespace jenkins -l "app.kubernetes.io/component=jenkins-master" -l "app.kubernetes.io/instance=my-jenkins" -o jsonpath="{.items[0].metadata.name}") 10 | echo http://127.0.0.1:8080 11 | kubectl --namespace jenkins port-forward $POD_NAME 8080:8080 -------------------------------------------------------------------------------- /KubeFlow.md: -------------------------------------------------------------------------------- 1 | # Kubeflow 2 | 3 | ## Install 4 | https://operatorhub.io/operator/kubeflow 5 | ``` 6 | curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.20.0/install.sh | bash -s v0.20.0 7 | 8 | kubectl create -f https://operatorhub.io/install/kubeflow.yaml 9 | 10 | kubectl get csv -n operators 11 | kubectl get pod -n operators 12 | 13 | 14 | https://github.com/kubeflow/manifests/blob/v1.2-branch/kfdef/kfctl_azure_aad.v1.2.0.yaml 15 | ``` -------------------------------------------------------------------------------- /MachineLearning.md: -------------------------------------------------------------------------------- 1 | # Setup 2 | https://docs.microsoft.com/en-us/azure/machine-learning/tutorial-train-deploy-image-classification-model-vscode 3 | 4 | 5 | https://github.com/microsoft/MLOps 6 | 7 | 8 | cat < { 9 | res.sendFile(__dirname + '/index.html') 10 | }); 11 | 12 | app.post('/', function(req, res) { 13 | var endDate = new Date(); 14 | var remoteAddress = req.connection.remoteAddress; 15 | var serverResult = JSON.stringify({ timestamp: endDate, host: OS.hostname(), remote: remoteAddress } ); 16 | console.log(serverResult); 17 | res.send(serverResult.toString()); 18 | }); 19 | 20 | app.get('/ping', (req, res) => { 21 | var endDate = new Date(); 22 | var remoteAddress = req.connection.remoteAddress; 23 | var serverResult = JSON.stringify({ timestamp: endDate, host: OS.hostname(), remote: remoteAddress } ); 24 | console.log(serverResult); 25 | res.send(serverResult.toString()); 26 | }); 27 | 28 | var listener = app.listen(process.env.PORT || 80, function() { 29 | console.log('listening on port ' + listener.address().port); 30 | }); -------------------------------------------------------------------------------- /aci-helloworld/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "aci-helloworld", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "dependencies": { 7 | "express": "^4.18.1", 8 | "morgan": "^1.10.0" 9 | }, 10 | "devDependencies": {}, 11 | "author": "" 12 | } 13 | -------------------------------------------------------------------------------- /aci-helloworld/helloapp-depl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: helloworld-app 5 | spec: 6 | replicas: 1 7 | minReadySeconds: 5 8 | strategy: 9 | type: RollingUpdate 10 | rollingUpdate: 11 | maxUnavailable: 1 12 | maxSurge: 1 13 | selector: 14 | matchLabels: 15 | app: hello-app 16 | template: 17 | metadata: 18 | labels: 19 | app: hello-app 20 | spec: 21 | containers: 22 | - name: aci-helloworld 23 | image: denniszielke/aci-helloworld 24 | ports: 25 | - containerPort: 80 26 | imagePullPolicy: Always 27 | resources: 28 | requests: 29 | memory: "128Mi" 30 | cpu: "100m" 31 | limits: 32 | memory: "256Mi" 33 | livenessProbe: 34 | httpGet: 35 | path: /ping 36 | port: 80 37 | readinessProbe: 38 | httpGet: 39 | path: /ping 40 | port: 80 41 | initialDelaySeconds: 10 42 | periodSeconds: 5 -------------------------------------------------------------------------------- /aci-helloworld/helloapp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello-app 5 | spec: 6 | replicas: 1 7 | minReadySeconds: 10 8 | strategy: 9 | type: RollingUpdate 10 | rollingUpdate: 11 | maxUnavailable: 1 12 | maxSurge: 1 13 | selector: 14 | matchLabels: 15 | app: hello-app 16 | template: 17 | metadata: 18 | labels: 19 | app: hello-app 20 | spec: 21 | containers: 22 | - name: hello-app 23 | image: microsoft/aci-helloworld:latest 24 | ports: 25 | - containerPort: 80 26 | imagePullPolicy: Always -------------------------------------------------------------------------------- /aci-helloworld/helloingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: echoserver-ingress 5 | annotations: 6 | kubernetes.io/tls-acme: 'true' 7 | kubernetes.io/ingress.class: "nginx" 8 | spec: 9 | tls: 10 | - hosts: 11 | - echo.sbux.k8s.work 12 | secretName: echo-tls 13 | rules: 14 | - host: echo.sbux.k8s.work 15 | http: 16 | paths: 17 | - path: /echo 18 | backend: 19 | serviceName: echoserver 20 | servicePort: 8080 -------------------------------------------------------------------------------- /aci-helloworld/helloworld-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: helloworld 5 | labels: 6 | release: V76 7 | run: nginx 8 | spec: 9 | containers: 10 | - name: aci-helloworld 11 | image: dzkubereg.azurecr.io/aci-helloworld-ci:76 12 | ports: 13 | - containerPort: 80 14 | name: http 15 | protocol: TCP 16 | resources: 17 | requests: 18 | memory: "128Mi" 19 | cpu: "500m" 20 | limits: 21 | memory: "256Mi" 22 | cpu: "1000m" 23 | livenessProbe: 24 | httpGet: 25 | path: /ping 26 | port: 3000 27 | readinessProbe: 28 | httpGet: 29 | path: /ping 30 | port: 3000 31 | initialDelaySeconds: 10 32 | periodSeconds: 5 33 | -------------------------------------------------------------------------------- /aci-helloworld/helloworld-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: helloworld-demo 6 | release: V76 7 | name: helloworld 8 | namespace: default 9 | spec: 10 | externalTrafficPolicy: Cluster 11 | ports: 12 | - port: 80 13 | protocol: TCP 14 | targetPort: 80 15 | selector: 16 | app: helloworld-demo 17 | release: V76 18 | sessionAffinity: None 19 | type: LoadBalancer 20 | -------------------------------------------------------------------------------- /aci-helloworld/iis-win-1803.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: iis-1803 5 | labels: 6 | app: iis-1803 7 | city: amsterdam 8 | spec: 9 | replicas: 2 10 | template: 11 | metadata: 12 | name: iis-1803 13 | labels: 14 | app: iis-1803 15 | spec: 16 | containers: 17 | - name: iis 18 | image: microsoft/iis:windowsservercore-1803 19 | ports: 20 | - containerPort: 80 21 | nodeSelector: 22 | "beta.kubernetes.io/os": windows 23 | selector: 24 | matchLabels: 25 | app: iis-1803 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: iis 31 | spec: 32 | type: LoadBalancer 33 | ports: 34 | - protocol: TCP 35 | port: 80 36 | selector: 37 | app: iis-1803 -------------------------------------------------------------------------------- /aci-helloworld/ingress-win-1803.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | annotations: 5 | kubernetes.io/ingress.class: nginx 6 | name: iis-ingress 7 | namespace: default 8 | spec: 9 | rules: 10 | - host: dzwin1803.northeurope.cloudapp.azure.com 11 | http: 12 | paths: 13 | - backend: 14 | serviceName: iis 15 | servicePort: 80 16 | path: / 17 | - host: dzwin1809.northeurope.cloudapp.azure.com 18 | http: 19 | paths: 20 | - backend: 21 | serviceName: iis 22 | servicePort: 80 23 | path: / -------------------------------------------------------------------------------- /aci-helloworld/vk-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: helloworld1 5 | spec: 6 | containers: 7 | - image: microsoft/aci-helloworld 8 | imagePullPolicy: Always 9 | name: helloworld 10 | resources: 11 | requests: 12 | memory: 1G 13 | cpu: 1 14 | ports: 15 | - containerPort: 80 16 | name: http 17 | protocol: TCP 18 | - containerPort: 443 19 | name: https 20 | dnsPolicy: ClusterFirst 21 | nodeSelector: 22 | kubernetes.io/role: agent 23 | beta.kubernetes.io/os: linux 24 | type: virtual-kubelet 25 | tolerations: 26 | - key: virtual-kubelet.io/provider 27 | operator: Exists 28 | - key: azure.com/aci 29 | effect: NoSchedule -------------------------------------------------------------------------------- /aci/helloworld.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: aci-helloworld1 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: aci-helloworld1 10 | template: 11 | metadata: 12 | labels: 13 | app: aci-helloworld1 14 | spec: 15 | containers: 16 | - name: aci-helloworld 17 | image: microsoft/aci-helloworld 18 | ports: 19 | - containerPort: 80 20 | volumeMounts: 21 | - name: volume-fulltest-uuid-used-for1-testing23456 22 | mountPath: /input 23 | nodeSelector: 24 | kubernetes.io/role: agent 25 | beta.kubernetes.io/os: linux 26 | type: virtual-kubelet 27 | tolerations: 28 | - key: virtual-kubelet.io/provider 29 | operator: Exists 30 | volumes: 31 | - name: volume-fulltest-uuid-used-for1-testing23456 32 | azureFile: 33 | shareName: "job" 34 | readOnly: false 35 | secretName: azurefile-secret -------------------------------------------------------------------------------- /aci/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: dummy-logger 5 | labels: 6 | app: dummy-logger 7 | spec: 8 | nodeSelector: 9 | kubernetes.io/role: agent 10 | beta.kubernetes.io/os: linux 11 | type: virtual-kubelet 12 | tolerations: 13 | - key: virtual-kubelet.io/provider 14 | operator: Exists 15 | - key: azure.com/aci 16 | effect: NoSchedule 17 | containers: 18 | - name: samples-tf-mnist-demo 19 | image: microsoft/samples-tf-mnist-demo:gpu 20 | command: 21 | - sleep 22 | - "3600" 23 | args: ["--max_steps", "500"] 24 | imagePullPolicy: IfNotPresent 25 | env: 26 | - name: INPUT_FOLDER 27 | value: /input/fulltest-uuid-used-for1-testing23456 28 | - name: OUTPUT_FOLDER 29 | value: /input/fulltest-uuid-used-for1-testing23456/masks 30 | volumeMounts: 31 | - name: volume-fulltest-uuid-used-for1-testing23456 32 | mountPath: /input 33 | restartPolicy: OnFailure 34 | volumes: 35 | - name: volume-fulltest-uuid-used-for1-testing23456 36 | azureFile: 37 | shareName: "job" 38 | readOnly: false 39 | secretName: azurefile-secret -------------------------------------------------------------------------------- /apps/aci-helloworld/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | 8 | # Runtime data 9 | pids 10 | *.pid 11 | *.seed 12 | *.pid.lock 13 | 14 | # Directory for instrumented libs generated by jscoverage/JSCover 15 | lib-cov 16 | 17 | # Coverage directory used by tools like istanbul 18 | coverage 19 | 20 | # nyc test coverage 21 | .nyc_output 22 | 23 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 24 | .grunt 25 | 26 | # Bower dependency directory (https://bower.io/) 27 | bower_components 28 | 29 | # node-waf configuration 30 | .lock-wscript 31 | 32 | # Compiled binary addons (http://nodejs.org/api/addons.html) 33 | build/Release 34 | 35 | # Dependency directories 36 | node_modules/ 37 | jspm_packages/ 38 | 39 | # Typescript v1 declaration files 40 | typings/ 41 | 42 | # Optional npm cache directory 43 | .npm 44 | 45 | # Optional eslint cache 46 | .eslintcache 47 | 48 | # Optional REPL history 49 | .node_repl_history 50 | 51 | # Output of 'npm pack' 52 | *.tgz 53 | 54 | # Yarn Integrity file 55 | .yarn-integrity 56 | 57 | # dotenv environment variables file 58 | .env 59 | 60 | -------------------------------------------------------------------------------- /apps/aci-helloworld/ACR.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:alpine 2 | ARG basedir="apps/aci-helloworld/app" 3 | ARG build_info="Docker container build" 4 | ENV NODE_ENV production 5 | ENV BUILD_INFO $build_info 6 | # Place our app here 7 | WORKDIR /home/app 8 | 9 | # NPM install packages 10 | COPY ${basedir}/package*.json ./ 11 | RUN npm install --production --silent 12 | 13 | # NPM is done, now copy in the the whole project to the workdir 14 | COPY ${basedir}/ ./ 15 | 16 | EXPOSE 80 17 | CMD node index.js -------------------------------------------------------------------------------- /apps/aci-helloworld/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:alpine 2 | RUN mkdir -p /usr/src/app 3 | COPY ./app/* /usr/src/app/ 4 | WORKDIR /usr/src/app 5 | RUN npm install 6 | EXPOSE 80 7 | CMD node /usr/src/app/index.js -------------------------------------------------------------------------------- /apps/aci-helloworld/app/.dockerignore: -------------------------------------------------------------------------------- 1 | Dockerfile 2 | charts/ 3 | -------------------------------------------------------------------------------- /apps/aci-helloworld/app/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:10 2 | ENV PORT 3000 3 | EXPOSE 3000 4 | 5 | RUN mkdir -p /usr/src/app 6 | WORKDIR /usr/src/app 7 | COPY package.json . 8 | RUN npm install 9 | COPY . . 10 | 11 | CMD ["npm", "start"] 12 | -------------------------------------------------------------------------------- /apps/aci-helloworld/app/charts/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /apps/aci-helloworld/app/charts/production.yaml: -------------------------------------------------------------------------------- 1 | imageKey: 2 | repository: "helloworld" 3 | pullPolicy: IfNotPresent 4 | tag: "latest" 5 | service: 6 | annotations: {} 7 | type: LoadBalancer 8 | port: 80 9 | -------------------------------------------------------------------------------- /apps/aci-helloworld/app/charts/templates/namespace.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | metadata: 4 | name: default 5 | labels: 6 | {{- include "helloworld.labels" . | nindent 4 }} 7 | openservicemesh.io/monitored-by: osm 8 | annotations: 9 | openservicemesh.io/sidecar-injection: enabled 10 | 11 | -------------------------------------------------------------------------------- /apps/aci-helloworld/app/charts/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "helloworld.fullname" . }} 5 | labels: 6 | {{- include "helloworld.labels" . | nindent 4 }} 7 | annotations: 8 | {{ toYaml .Values.service.annotations | nindent 4 }} 9 | spec: 10 | type: {{ .Values.service.type }} 11 | ports: 12 | - port: {{ .Values.service.port }} 13 | targetPort: {{ .Values.containerPort }} 14 | protocol: TCP 15 | name: svchttp 16 | selector: 17 | {{- include "helloworld.selectorLabels" . | nindent 4 }} 18 | -------------------------------------------------------------------------------- /apps/aci-helloworld/app/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express'); 2 | const morgan = require('morgan'); 3 | const OS = require('os'); 4 | const app = express(); 5 | app.use(morgan('combined')); 6 | 7 | 8 | app.get('/', (req, res) => { 9 | res.sendFile(__dirname + '/index.html') 10 | }); 11 | 12 | app.post('/', function(req, res) { 13 | var endDate = new Date(); 14 | var remoteAddress = req.connection.remoteAddress; 15 | var serverResult = JSON.stringify({ timestamp: endDate, host: OS.hostname(), remote: remoteAddress } ); 16 | console.log(serverResult); 17 | res.send(serverResult.toString()); 18 | }); 19 | 20 | app.get('/ping', (req, res) => { 21 | var endDate = new Date(); 22 | var remoteAddress = req.connection.remoteAddress; 23 | var serverResult = JSON.stringify({ timestamp: endDate, host: OS.hostname(), remote: remoteAddress } ); 24 | console.log(serverResult); 25 | res.send(serverResult.toString()); 26 | }); 27 | 28 | var listener = app.listen(process.env.PORT || 80, function() { 29 | console.log('listening on port ' + listener.address().port); 30 | }); 31 | 32 | -------------------------------------------------------------------------------- /apps/aci-helloworld/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "aci-helloworld", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "dependencies": { 7 | "express": "^4.17.1", 8 | "morgan": "^1.9.1" 9 | }, 10 | "devDependencies": {}, 11 | "author": "" 12 | } 13 | -------------------------------------------------------------------------------- /apps/go-calc-backend/.gitignore: -------------------------------------------------------------------------------- 1 | src -------------------------------------------------------------------------------- /apps/go-calc-backend/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine AS builder 2 | RUN adduser -D -g '' appuser 3 | ARG appfolder="app" 4 | RUN apk update && apk add --no-cache git ca-certificates tzdata && update-ca-certificates 5 | WORKDIR /go/src/phoenix/go-calc-backend 6 | COPY ${appfolder}/ . 7 | RUN go get -d -v 8 | RUN GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o /go/bin/go-calc-backend 9 | 10 | FROM alpine:latest as go-calc-backend 11 | COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo 12 | COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ 13 | COPY --from=builder /etc/passwd /etc/passwd 14 | COPY --from=builder /go/bin/go-calc-backend /go/bin/go-calc-backend 15 | EXPOSE 8080 16 | USER appuser 17 | ENTRYPOINT ["/go/bin/go-calc-backend"] -------------------------------------------------------------------------------- /apps/grpc/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | 8 | # Runtime data 9 | pids 10 | *.pid 11 | *.seed 12 | *.pid.lock 13 | 14 | # Directory for instrumented libs generated by jscoverage/JSCover 15 | lib-cov 16 | 17 | # Coverage directory used by tools like istanbul 18 | coverage 19 | 20 | # nyc test coverage 21 | .nyc_output 22 | 23 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 24 | .grunt 25 | 26 | # Bower dependency directory (https://bower.io/) 27 | bower_components 28 | 29 | # node-waf configuration 30 | .lock-wscript 31 | 32 | # Compiled binary addons (http://nodejs.org/api/addons.html) 33 | build/Release 34 | 35 | # Dependency directories 36 | node_modules/ 37 | jspm_packages/ 38 | 39 | # Typescript v1 declaration files 40 | typings/ 41 | 42 | # Optional npm cache directory 43 | .npm 44 | 45 | # Optional eslint cache 46 | .eslintcache 47 | 48 | # Optional REPL history 49 | .node_repl_history 50 | 51 | # Output of 'npm pack' 52 | *.tgz 53 | 54 | # Yarn Integrity file 55 | .yarn-integrity 56 | 57 | # dotenv environment variables file 58 | .env 59 | 60 | -------------------------------------------------------------------------------- /apps/grpc/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:alpine 2 | RUN mkdir -p /usr/src/app 3 | COPY ./app/* /usr/src/app/ 4 | WORKDIR /usr/src/app 5 | RUN npm install 6 | EXPOSE 9001 7 | CMD node /usr/src/app/server.js -------------------------------------------------------------------------------- /apps/grpc/README.md: -------------------------------------------------------------------------------- 1 | https://nordicapis.com/how-to-create-an-api-using-grpc-and-node-js/ -------------------------------------------------------------------------------- /apps/grpc/app/client.js: -------------------------------------------------------------------------------- 1 | //dependencies 2 | const grpc = require("@grpc/grpc-js"); 3 | const protoLoader = require("@grpc/proto-loader"); 4 | 5 | //path to our proto file 6 | const PROTO_FILE = "./service_def.proto"; 7 | 8 | //options needed for loading Proto file 9 | const options = { 10 | keepCase: true, 11 | longs: String, 12 | enums: String, 13 | defaults: true, 14 | oneofs: true, 15 | }; 16 | 17 | const pkgDefs = protoLoader.loadSync(PROTO_FILE, options); 18 | 19 | //load Definition into gRPC 20 | const UserService = grpc.loadPackageDefinition(pkgDefs).UserService; 21 | 22 | //create the Client 23 | const client = new UserService( 24 | "127.0.0.1:9001", 25 | grpc.credentials.createInsecure() 26 | ); 27 | 28 | //make a call to GetUser 29 | client.GetUser({}, (error, user) => { 30 | if (error) { 31 | console.log(error); 32 | } else { 33 | console.log(user); 34 | } 35 | }); -------------------------------------------------------------------------------- /apps/grpc/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "dependencies": { 3 | "@grpc/grpc-js": "^1.8.8", 4 | "@grpc/proto-loader": "^0.7.5" 5 | }, 6 | "name": "grpc-server", 7 | "version": "1.0.0", 8 | "main": "index.js", 9 | "devDependencies": {}, 10 | "scripts": { 11 | "test": "echo \"Error: no test specified\" && exit 1" 12 | }, 13 | "keywords": [], 14 | "author": "", 15 | "license": "ISC", 16 | "description": "" 17 | } 18 | -------------------------------------------------------------------------------- /apps/grpc/app/service_def.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | 3 | message Empty {} 4 | 5 | message User { 6 | string name = 1; 7 | int32 age = 2; 8 | } 9 | 10 | service UserService { 11 | rpc GetUser (Empty) returns (User) {} 12 | } -------------------------------------------------------------------------------- /apps/java-calc-requester/.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/apps/java-calc-requester/.dockerignore -------------------------------------------------------------------------------- /apps/java-calc-requester/.gitignore: -------------------------------------------------------------------------------- 1 | #Maven 2 | target/ 3 | pom.xml.tag 4 | pom.xml.releaseBackup 5 | pom.xml.versionsBackup 6 | release.properties 7 | 8 | applicationinsights-agent-*.jar 9 | 10 | # Eclipse 11 | .project 12 | .classpath 13 | .settings/ 14 | bin/ 15 | .mvn/ 16 | 17 | # IntelliJ 18 | .idea 19 | *.ipr 20 | *.iml 21 | *.iws 22 | 23 | # NetBeans 24 | nb-configuration.xml 25 | 26 | # Visual Studio Code 27 | .vscode 28 | .factorypath 29 | 30 | # OSX 31 | .DS_Store 32 | 33 | # Vim 34 | *.swp 35 | *.swo 36 | 37 | # patch 38 | *.orig 39 | *.rej 40 | 41 | # Local environment 42 | .env 43 | -------------------------------------------------------------------------------- /apps/java-calc-requester/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/apps/java-calc-requester/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /apps/java-calc-requester/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.1/apache-maven-3.8.1-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar 3 | -------------------------------------------------------------------------------- /apps/java-calc-requester/applicationinsights.json: -------------------------------------------------------------------------------- 1 | { 2 | "role": { 3 | "name": "calc-requester" 4 | } 5 | } -------------------------------------------------------------------------------- /apps/java-calc-requester/src/main/docker/Dockerfile.native-distroless: -------------------------------------------------------------------------------- 1 | #### 2 | # This Dockerfile is used in order to build a distroless container that runs the Quarkus application in native (no JVM) mode 3 | # 4 | # Before building the container image run: 5 | # 6 | # ./mvnw package -Pnative 7 | # 8 | # Then, build the image with: 9 | # 10 | # docker build -f src/main/docker/Dockerfile.native-distroless -t quarkus/java-calc-requester . 11 | # 12 | # Then run the container using: 13 | # 14 | # docker run -i --rm -p 8080:8080 quarkus/java-calc-requester 15 | # 16 | ### 17 | FROM quay.io/quarkus/quarkus-distroless-image:1.0 18 | COPY target/*-runner /application 19 | 20 | EXPOSE 8080 21 | USER nonroot 22 | 23 | CMD ["./application", "-Dquarkus.http.host=0.0.0.0"] 24 | -------------------------------------------------------------------------------- /apps/java-calc-requester/src/main/java/org/acme/rest/client/CalculationRequest.java: -------------------------------------------------------------------------------- 1 | package org.acme.rest.client; 2 | 3 | import java.util.List; 4 | 5 | public class CalculationRequest { 6 | 7 | public String number; 8 | public Boolean randomvictim; 9 | 10 | } -------------------------------------------------------------------------------- /apps/java-calc-requester/src/main/java/org/acme/rest/client/CalculationResponse.java: -------------------------------------------------------------------------------- 1 | package org.acme.rest.client; 2 | 3 | import java.util.List; 4 | 5 | public class CalculationResponse { 6 | 7 | public String timestamp; 8 | public String value; 9 | public String error; 10 | public String host; 11 | public String remote; 12 | 13 | public String toString() { 14 | return this.timestamp + " " + this.value + " " + this.host + " " + this.remote + " " + this.error; 15 | } 16 | 17 | } -------------------------------------------------------------------------------- /apps/java-calc-requester/src/main/java/org/acme/rest/client/CalculationService.java: -------------------------------------------------------------------------------- 1 | package org.acme.rest.client; 2 | 3 | import org.eclipse.microprofile.rest.client.inject.RegisterRestClient; 4 | import org.jboss.resteasy.annotations.jaxrs.HeaderParam; 5 | 6 | import javax.ws.rs.POST; 7 | import javax.ws.rs.Path; 8 | 9 | import java.util.concurrent.CompletionStage; 10 | 11 | @Path("/api") 12 | @RegisterRestClient(configKey="calculation-api") 13 | public interface CalculationService { 14 | 15 | @POST 16 | @Path("/calculation") 17 | CalculationResponse Calculate(@HeaderParam String number, @HeaderParam Boolean victim); 18 | 19 | @POST 20 | @Path("/calculation") 21 | CompletionStage CalculateAsync(@HeaderParam String number, @HeaderParam Boolean victim); 22 | } -------------------------------------------------------------------------------- /apps/java-calc-requester/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | # Your configuration properties 2 | quarkus.rest-client.calculation-api.url=http://${ENDPOINT_HOST:localhost}:${ENDPOINT_PORT:80} 3 | quarkus.rest-client.calculation-api.scope=javax.inject.Singleton 4 | quarkus.rest-client.calculation-api.hostname-verifier=io.quarkus.restclient.NoopHostnameVerifier 5 | #quarkus.tls.trust-all=true 6 | quarkus.http.port=8080 7 | quarkus.log.level=INFO 8 | quarkus.native.container-build=true 9 | #quarkus.package.type=uber-jar 10 | quarkus.native.native-image-xmx=4096m -------------------------------------------------------------------------------- /apps/java-calc-requester/src/test/java/org/acme/rest/client/CalculationResourceIT.java: -------------------------------------------------------------------------------- 1 | // package org.acme.rest.client; 2 | 3 | // import io.quarkus.test.junit.NativeImageTest; 4 | 5 | // @NativeImageTest 6 | // public class CalculationResourceIT extends CalculationResourceTest { 7 | 8 | // // Run the same tests 9 | 10 | // } -------------------------------------------------------------------------------- /apps/java-calc-requester/src/test/resources/calculations.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "id": "io.quarkus:quarkus-rest-client", 4 | "keywords": [ 5 | "call", 6 | "microprofile-rest-client", 7 | "quarkus-rest-client", 8 | "rest", 9 | "rest-client", 10 | "services", 11 | "web-client" 12 | ], 13 | "name": "REST Client", 14 | "shortName": "REST Client" 15 | }, 16 | { 17 | "id": "io.quarkus:quarkus-resteasy", 18 | "keywords": [ 19 | "endpoint", 20 | "framework", 21 | "jax", 22 | "jaxrs", 23 | "quarkus-resteasy", 24 | "rest", 25 | "resteasy", 26 | "web" 27 | ], 28 | "name": "RESTEasy JAX-RS", 29 | "shortName": "jax-rs" 30 | } 31 | ] -------------------------------------------------------------------------------- /apps/js-calc-backend/.dockerignore: -------------------------------------------------------------------------------- 1 | app/.env* 2 | app/node_modules 3 | app/package-lock.json 4 | app/version/* -------------------------------------------------------------------------------- /apps/js-calc-backend/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:alpine 2 | ARG appversion=1.0.0 3 | ARG appfolder="app" 4 | RUN mkdir -p /home/node/app/node_modules && chown -R node:node /home/node/app 5 | WORKDIR /home/node/app 6 | COPY ${appfolder}/* ./ 7 | USER node 8 | RUN sed -i "s/1.0.0/$appversion/g" package.json 9 | RUN npm install 10 | COPY --chown=node:node . . 11 | EXPOSE 8080 12 | CMD [ "npm", "start" ] -------------------------------------------------------------------------------- /apps/js-calc-backend/app/.env_template: -------------------------------------------------------------------------------- 1 | AIC_STRING= 2 | PORT= -------------------------------------------------------------------------------- /apps/js-calc-backend/app/.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | 3 | # git ls-files --others --exclude-from=.git/info/exclude 4 | # Lines that start with '#' are comments. 5 | # For a project mostly in C, the following would be a good set of 6 | # exclude patterns (uncomment them if you want to use them): 7 | # *.[oa] 8 | # *~ 9 | .env 10 | # Logs 11 | logs 12 | *.log 13 | npm-debug.log* 14 | package-lock.json 15 | lifecycle.txt 16 | 17 | # Runtime data 18 | pids 19 | *.pid 20 | *.seed 21 | 22 | # Directory for instrumented libs generated by jscoverage/JSCover 23 | lib-cov 24 | 25 | # Coverage directory used by tools like istanbul 26 | coverage 27 | 28 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 29 | .grunt 30 | 31 | # node-waf configuration 32 | .lock-wscript 33 | 34 | # Compiled binary addons (http://nodejs.org/api/addons.html) 35 | build/Release 36 | 37 | # Dependency directory 38 | node_modules 39 | 40 | # Optional npm cache directory 41 | .npm 42 | 43 | # Optional REPL history 44 | .node_repl_history 45 | 46 | #Azure 47 | iisnode.yml 48 | 49 | .vscode 50 | -------------------------------------------------------------------------------- /apps/js-calc-backend/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "calc-backend-node", 3 | "version": "1.0.0", 4 | "description": "calculator backend node", 5 | "main": "server.js", 6 | "scripts": { 7 | "start": "node server.js", 8 | "dapr": "dapr run --app-id js-calc-backend --dapr-http-port 3500 --app-port 8080 node server.js" 9 | }, 10 | "author": { 11 | "name": "dzielke" 12 | }, 13 | "dependencies": { 14 | "express": "^4.18.2", 15 | "applicationinsights": "^2.3.6", 16 | "morgan": "^1.10.0", 17 | "dotenv-extended": "^2.9.0", 18 | "swagger-ui-express": "^4.5.0" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /apps/js-calc-backend/app/version/info.txt: -------------------------------------------------------------------------------- 1 | backend blue - 1.0.2 -------------------------------------------------------------------------------- /apps/js-calc-frontend/.dockerignore: -------------------------------------------------------------------------------- 1 | app/.env* 2 | app/node_modules 3 | app/package-lock.json 4 | app/version/* -------------------------------------------------------------------------------- /apps/js-calc-frontend/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:alpine 2 | ARG appversion=1.0.0 3 | ARG appfolder="app" 4 | RUN mkdir -p /home/node/app/node_modules && chown -R node:node /home/node/app 5 | WORKDIR /home/node/app 6 | COPY ${appfolder} . 7 | USER node 8 | RUN sed -i "s/1.0.0/$appversion/g" package.json 9 | RUN npm install 10 | COPY --chown=node:node . . 11 | EXPOSE 8080 12 | CMD [ "npm", "start" ] -------------------------------------------------------------------------------- /apps/js-calc-frontend/app/.env_template: -------------------------------------------------------------------------------- 1 | ENDPOINT= 2 | CACHEENDPOINT=http://localhost:3500/v1.0/state/statestore 3 | AIC_STRING= 4 | PORT= 5 | REDIS_HOST= 6 | REDIS_AUTH= 7 | PORT=8080 8 | VERSION=green 1 -------------------------------------------------------------------------------- /apps/js-calc-frontend/app/.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | 3 | # git ls-files --others --exclude-from=.git/info/exclude 4 | # Lines that start with '#' are comments. 5 | # For a project mostly in C, the following would be a good set of 6 | # exclude patterns (uncomment them if you want to use them): 7 | # *.[oa] 8 | # *~ 9 | 10 | # Logs 11 | logs 12 | *.log 13 | npm-debug.log* 14 | package-lock.json 15 | lifecycle.txt 16 | 17 | # Runtime data 18 | pids 19 | *.pid 20 | *.seed 21 | 22 | # Directory for instrumented libs generated by jscoverage/JSCover 23 | lib-cov 24 | 25 | # Coverage directory used by tools like istanbul 26 | coverage 27 | 28 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 29 | .grunt 30 | 31 | # node-waf configuration 32 | .lock-wscript 33 | 34 | # Compiled binary addons (http://nodejs.org/api/addons.html) 35 | build/Release 36 | 37 | # Dependency directory 38 | node_modules 39 | 40 | # Optional npm cache directory 41 | .npm 42 | 43 | # Optional REPL history 44 | .node_repl_history 45 | 46 | #Azure 47 | iisnode.yml 48 | 49 | .vscode 50 | -------------------------------------------------------------------------------- /apps/js-calc-frontend/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "calc-frontend-node", 3 | "version": "1.0.0", 4 | "description": "calculator frontend node", 5 | "main": "server.js", 6 | "scripts": { 7 | "start": "node server.js", 8 | "dapr": "dapr run --app-id js-calc-frontend --dapr-http-port 3500 --app-port 8081 node server.js" 9 | }, 10 | "author": { 11 | "name": "dzielke" 12 | }, 13 | "dependencies": { 14 | "express": "^4.18.2", 15 | "applicationinsights": "^2.5.1", 16 | "morgan": "^1.10.0", 17 | "dotenv-extended": "^2.9.0", 18 | "swagger-ui-express": "^4.6.2", 19 | "axios": "^1.0.0" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /apps/js-calc-frontend/app/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/apps/js-calc-frontend/app/public/favicon.ico -------------------------------------------------------------------------------- /apps/js-calc-frontend/app/version/info.txt: -------------------------------------------------------------------------------- 1 | frontend blue - 1.0.2 -------------------------------------------------------------------------------- /apps/lifecycle-playground/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:8-alpine 2 | ARG basedir="app" 3 | ARG build_info="Docker container build" 4 | ENV NODE_ENV production 5 | ENV BUILD_INFO $build_info 6 | # Place our app here 7 | WORKDIR /home/app 8 | 9 | # NPM install packages 10 | COPY ${basedir}/package*.json ./ 11 | RUN npm install --production --silent 12 | 13 | # NPM is done, now copy in the the whole project to the workdir 14 | COPY ${basedir}/*.js ./ 15 | 16 | STOPSIGNAL SIGQUIT 17 | 18 | EXPOSE 80 19 | ENTRYPOINT [ "npm" , "start" ] 20 | -------------------------------------------------------------------------------- /apps/lifecycle-playground/app/.env_template: -------------------------------------------------------------------------------- 1 | PORT= -------------------------------------------------------------------------------- /apps/lifecycle-playground/app/.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | 3 | # git ls-files --others --exclude-from=.git/info/exclude 4 | # Lines that start with '#' are comments. 5 | # For a project mostly in C, the following would be a good set of 6 | # exclude patterns (uncomment them if you want to use them): 7 | # *.[oa] 8 | # *~ 9 | .env 10 | # Logs 11 | logs 12 | *.log 13 | npm-debug.log* 14 | package-lock.json 15 | 16 | # Runtime data 17 | pids 18 | *.pid 19 | *.seed 20 | 21 | # Directory for instrumented libs generated by jscoverage/JSCover 22 | lib-cov 23 | 24 | # Coverage directory used by tools like istanbul 25 | coverage 26 | 27 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 28 | .grunt 29 | 30 | # node-waf configuration 31 | .lock-wscript 32 | 33 | # Compiled binary addons (http://nodejs.org/api/addons.html) 34 | build/Release 35 | 36 | # Dependency directory 37 | node_modules 38 | 39 | # Optional npm cache directory 40 | .npm 41 | 42 | # Optional REPL history 43 | .node_repl_history 44 | 45 | #Azure 46 | iisnode.yml 47 | 48 | .vscode 49 | -------------------------------------------------------------------------------- /apps/lifecycle-playground/app/config.js: -------------------------------------------------------------------------------- 1 | var config = {} 2 | 3 | config.port = process.env.PORT || 80; 4 | config.metricReset = process.env.METRICRESET || 2; 5 | 6 | module.exports = config; 7 | -------------------------------------------------------------------------------- /apps/lifecycle-playground/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "dummy-logger-node", 3 | "version": "1.0.0", 4 | "description": "dummy logger", 5 | "main": "server.js", 6 | "scripts": { 7 | "start": "node server.js" 8 | }, 9 | "author": { 10 | "name": "dzielke" 11 | }, 12 | "dependencies": { 13 | "express": "^4.17.1", 14 | "morgan": "^1.9.1", 15 | "dotenv-extended": "^2.4.0" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !target/*-runner 3 | !target/*-runner.jar 4 | !target/lib/* 5 | !target/quarkus-app/* -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/.gitignore: -------------------------------------------------------------------------------- 1 | #Maven 2 | target/ 3 | pom.xml.tag 4 | pom.xml.releaseBackup 5 | pom.xml.versionsBackup 6 | release.properties 7 | .flattened-pom.xml 8 | 9 | # Eclipse 10 | .project 11 | .classpath 12 | .settings/ 13 | bin/ 14 | 15 | # IntelliJ 16 | .idea 17 | *.ipr 18 | *.iml 19 | *.iws 20 | 21 | # NetBeans 22 | nb-configuration.xml 23 | 24 | # Visual Studio Code 25 | .vscode 26 | .factorypath 27 | 28 | # OSX 29 | .DS_Store 30 | 31 | # Vim 32 | *.swp 33 | *.swo 34 | 35 | # patch 36 | *.orig 37 | *.rej 38 | 39 | # Local environment 40 | .env 41 | 42 | # Plugin directory 43 | /.quarkus/cli/plugins/ 44 | -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/.mvn/wrapper/.gitignore: -------------------------------------------------------------------------------- 1 | maven-wrapper.jar 2 | -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.8/apache-maven-3.8.8-bin.zip 18 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar 19 | -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/src/main/docker/Dockerfile.native: -------------------------------------------------------------------------------- 1 | #### 2 | # This Dockerfile is used in order to build a container that runs the Quarkus application in native (no JVM) mode. 3 | # 4 | # Before building the container image run: 5 | # 6 | # ./mvnw package -Pnative 7 | # 8 | # Then, build the image with: 9 | # 10 | # docker build -f src/main/docker/Dockerfile.native -t quarkus/quarkus-dapr-rest . 11 | # 12 | # Then run the container using: 13 | # 14 | # docker run -i --rm -p 8080:8080 quarkus/quarkus-dapr-rest 15 | # 16 | ### 17 | FROM registry.access.redhat.com/ubi8/ubi-minimal:8.6 18 | WORKDIR /work/ 19 | RUN chown 1001 /work \ 20 | && chmod "g+rwX" /work \ 21 | && chown 1001:root /work 22 | COPY --chown=1001:root target/*-runner /work/application 23 | 24 | EXPOSE 8080 25 | USER 1001 26 | 27 | CMD ["./application", "-Dquarkus.http.host=0.0.0.0"] 28 | -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/src/main/docker/Dockerfile.native-micro: -------------------------------------------------------------------------------- 1 | #### 2 | # This Dockerfile is used in order to build a container that runs the Quarkus application in native (no JVM) mode. 3 | # It uses a micro base image, tuned for Quarkus native executables. 4 | # It reduces the size of the resulting container image. 5 | # Check https://quarkus.io/guides/quarkus-runtime-base-image for further information about this image. 6 | # 7 | # Before building the container image run: 8 | # 9 | # ./mvnw package -Pnative 10 | # 11 | # Then, build the image with: 12 | # 13 | # docker build -f src/main/docker/Dockerfile.native-micro -t quarkus/quarkus-dapr-rest . 14 | # 15 | # Then run the container using: 16 | # 17 | # docker run -i --rm -p 8080:8080 quarkus/quarkus-dapr-rest 18 | # 19 | ### 20 | FROM quay.io/quarkus/quarkus-micro-image:2.0 21 | WORKDIR /work/ 22 | RUN chown 1001 /work \ 23 | && chmod "g+rwX" /work \ 24 | && chown 1001:root /work 25 | COPY --chown=1001:root target/*-runner /work/application 26 | 27 | EXPOSE 8080 28 | USER 1001 29 | 30 | CMD ["./application", "-Dquarkus.http.host=0.0.0.0"] 31 | -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/src/main/java/qdapr/acme/GreetingResource.java: -------------------------------------------------------------------------------- 1 | package qdapr.acme; 2 | 3 | import org.eclipse.microprofile.rest.client.RestClientBuilder; 4 | import org.eclipse.microprofile.rest.client.inject.RestClient; 5 | 6 | import jakarta.ws.rs.DELETE; 7 | import jakarta.ws.rs.GET; 8 | import jakarta.ws.rs.POST; 9 | import jakarta.ws.rs.Path; 10 | import jakarta.ws.rs.Produces; 11 | import jakarta.ws.rs.core.MediaType; 12 | 13 | @Path("/hello") 14 | public class GreetingResource { 15 | 16 | @RestClient 17 | InvokeService invokeService; 18 | 19 | @GET 20 | @Produces(MediaType.TEXT_PLAIN) 21 | public String hello() { 22 | return "Hello from RESTEasy Reactive"; 23 | } 24 | 25 | @POST 26 | @Path("/invoke/{id}") 27 | public String post(S id) { 28 | return "invoked " + Integer.toString(id); 29 | } 30 | 31 | @DELETE 32 | public String delete(int id) { 33 | return "deleted " + Integer.toString(id); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/src/main/java/qdapr/acme/InvokeService.java: -------------------------------------------------------------------------------- 1 | package qdapr.acme; 2 | 3 | import org.eclipse.microprofile.rest.client.inject.RegisterRestClient; 4 | 5 | import jakarta.ws.rs.GET; 6 | import jakarta.ws.rs.POST; 7 | import jakarta.ws.rs.HEAD; 8 | import jakarta.ws.rs.DELETE; 9 | import jakarta.ws.rs.Path; 10 | import jakarta.ws.rs.PathParam; 11 | import java.util.Set; 12 | 13 | @Path("/extensions") 14 | @RegisterRestClient(configKey = "invoke") 15 | public interface InvokeService { 16 | 17 | @GET 18 | @Path("/messages") 19 | Set all(); 20 | 21 | @GET 22 | @Path("/messages/{id}") 23 | Set getById(@PathParam("id") String stream); 24 | 25 | @HEAD 26 | @Path("/messages/{id}") 27 | Set headById(@PathParam("id") String stream); 28 | 29 | @POST 30 | @Path("/messages/{id}") 31 | Set postById(@PathParam("id") String stream); 32 | 33 | @DELETE 34 | @Path("/messages/{id}") 35 | Set deleteById(@PathParam("id") String stream); 36 | } 37 | -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/src/main/resources/META-INF/resources/client.js: -------------------------------------------------------------------------------- 1 | (function() { 2 | $(document).ready(function(){ 3 | $("button").click(function(){ 4 | var text = $("#message").val(); 5 | var uid = uuidv4(); 6 | $.ajax({ 7 | url: 'publish', 8 | contentType : 'application/json', 9 | dataType: 'json', 10 | data: JSON.stringify({ "message": text, "guid": uid}), 11 | type: 'post', 12 | success: function(data) { // check if available 13 | $("#result").text("Result: " + data.message + " " + data.guid); 14 | }, 15 | error: function(e) { // error logging 16 | $("#result").text("Result: " + e.statusText); 17 | } 18 | }); 19 | }); 20 | }); 21 | 22 | function uuidv4() { 23 | return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { 24 | var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8); 25 | return v.toString(16); 26 | }); 27 | }; -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | quarkus.rest-client.invoke.url=http://localhost:8080 -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/src/test/java/qdapr/acme/GreetingResourceIT.java: -------------------------------------------------------------------------------- 1 | package qdapr.acme; 2 | 3 | import io.quarkus.test.junit.QuarkusIntegrationTest; 4 | 5 | @QuarkusIntegrationTest 6 | public class GreetingResourceIT extends GreetingResourceTest { 7 | // Execute the same tests but in packaged mode. 8 | } 9 | -------------------------------------------------------------------------------- /apps/quarkus-dapr-rest/src/test/java/qdapr/acme/GreetingResourceTest.java: -------------------------------------------------------------------------------- 1 | package qdapr.acme; 2 | 3 | import io.quarkus.test.junit.QuarkusTest; 4 | import org.junit.jupiter.api.Test; 5 | 6 | import static io.restassured.RestAssured.given; 7 | import static org.hamcrest.CoreMatchers.is; 8 | 9 | @QuarkusTest 10 | public class GreetingResourceTest { 11 | 12 | @Test 13 | public void testHelloEndpoint() { 14 | given() 15 | .when().get("/hello") 16 | .then() 17 | .statusCode(200) 18 | .body(is("Hello from RESTEasy Reactive")); 19 | } 20 | 21 | } -------------------------------------------------------------------------------- /architectures/application-observability.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/architectures/application-observability.drawio -------------------------------------------------------------------------------- /architectures/topology-observability.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/architectures/topology-observability.drawio -------------------------------------------------------------------------------- /arm/cse-config.json: -------------------------------------------------------------------------------- 1 | { 2 | "fileUris": ["https://raw.githubusercontent.com/denniszielke/container_demos/master/arm/cse.sh"], 3 | "commandToExecute": "./cse.sh" 4 | } -------------------------------------------------------------------------------- /arm/cse.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sudo mkdir /opt/music 4 | sudo cp /etc/kubernetes/azure.json /opt/music -------------------------------------------------------------------------------- /arm/deploy-view-rbac.json: -------------------------------------------------------------------------------- 1 | { 2 | "Name": "AKS Deployment Viewer", 3 | "Description": "Lets you view all deployments in cluster/namespace.", 4 | "Actions": [], 5 | "NotActions": [], 6 | "DataActions": [ 7 | "Microsoft.ContainerService/managedClusters/apps/deployments/read" 8 | ], 9 | "NotDataActions": [], 10 | "assignableScopes": [ 11 | "/subscriptions/165165156//namespaces/aadsecured" 12 | ] 13 | } -------------------------------------------------------------------------------- /arm/insightsClusterParam.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "aksResourceId": { 6 | "value": "/subscriptions/SUBSCRIPTION_ID/resourcegroups/GROUP/providers/Microsoft.ContainerService/managedClusters/KUBE_NAME" 7 | }, 8 | "aksResourceLocation": { 9 | "value": "northeurope" 10 | }, 11 | "workspaceResourceId": { 12 | "value": "/subscriptions/SUBSCRIPTION_ID/resourceGroups/GROUP/providers/Microsoft.OperationalInsights/workspaces/WORKSPACE" 13 | }, 14 | "workspaceLocation": { 15 | "value": "northeurope" 16 | }, 17 | "resourceTagValues": { 18 | "value": { 19 | "project": "accounting" 20 | } 21 | }, 22 | "dataCollectionInterval": { 23 | "value" : "5m" 24 | }, 25 | "excludeNamespacesForDataCollection": { 26 | "value": [ "kube-system"] 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /arm/openshift_parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "resourceName": { 6 | "value": "pspaks101" 7 | }, 8 | "location": { 9 | "value": "westeurope" 10 | }, 11 | "fqdn": { 12 | "value": "dzosa123.westeurope.cloudapp.azure.com" 13 | }, 14 | "agentCount": { 15 | "value": 5 16 | }, 17 | "servicePrincipalClientId": { 18 | "value": "dummy" 19 | }, 20 | "servicePrincipalClientSecret": { 21 | "value": "dummy" 22 | }, 23 | "tenantId": { 24 | "value": "dummy" 25 | }, 26 | "customerAdminGroupId": { 27 | "value": "dummy" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /arm/psp_parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "resourceName": { 6 | "value": "pspaks101" 7 | }, 8 | "location": { 9 | "value": "eastus" 10 | }, 11 | "dnsPrefix": { 12 | "value": "pspaks101" 13 | }, 14 | "agentCount": { 15 | "value": 2 16 | }, 17 | "agentVMSize": { 18 | "value": "Standard_DS2_v2" 19 | }, 20 | "servicePrincipalClientId": { 21 | "value": "dummy" 22 | }, 23 | "servicePrincipalClientSecret": { 24 | "value": "dummy" 25 | }, 26 | "kubernetesVersion": { 27 | "value": "1.12.6" 28 | }, 29 | "networkPlugin": { 30 | "value": "azure" 31 | }, 32 | "networkPolicy": { 33 | "value": "calico" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /arm/spot_parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "resourceName": { 6 | "value": "aksmsi" 7 | }, 8 | "location": { 9 | "value": "westeurope" 10 | }, 11 | "dnsPrefix": { 12 | "value": "aksmsi" 13 | }, 14 | "agentCount": { 15 | "value": 3 16 | }, 17 | "agentVMSize": { 18 | "value": "Standard_DS2_v2" 19 | }, 20 | "kubernetesVersion": { 21 | "value": "1.15.7" 22 | }, 23 | "networkPlugin": { 24 | "value": "azure" 25 | }, 26 | "servicePrincipalClientId": { 27 | "value": "dummy" 28 | }, 29 | "servicePrincipalClientSecret": { 30 | "value": "dummy" 31 | }, 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /arm/zones_parameters.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", 3 | "contentVersion": "1.0.0.0", 4 | "parameters": { 5 | "resourceName": { 6 | "value": "aksmsi" 7 | }, 8 | "location": { 9 | "value": "westeurope" 10 | }, 11 | "dnsPrefix": { 12 | "value": "aksmsi" 13 | }, 14 | "agentCount": { 15 | "value": 3 16 | }, 17 | "agentVMSize": { 18 | "value": "Standard_DS2_v2" 19 | }, 20 | "kubernetesVersion": { 21 | "value": "1.15." 22 | }, 23 | "networkPlugin": { 24 | "value": "azure" 25 | }, 26 | "vnetSubnetID": { 27 | "value": "" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /bestpractices/azurecli.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: azure-cli 5 | spec: 6 | containers: 7 | - image: mcr.microsoft.com/azure-cli 8 | name: sp-app 9 | command: ["/bin/sh", "-c", "--"] 10 | args: ['while true; echo "retrieving login credentials"; az login --identity --username $MANAGED_IDENTITY; az account set --subscription $SUBSCRIPTION_ID; echo "\nyour credentials have the following roles:"; az role assignment list --subscription $SUBSCRIPTION_ID; echo "\nyour credentials have access to the following resource groups:"; az group list --subscription $SUBSCRIPTION_ID -o table; echo "\nyour credentials have access to the following resources:"; az resource list -o table; do sleep 10; done;'] 11 | env: 12 | - name: "MANAGED_IDENTITY" 13 | value: "6a12" 14 | - name: "SUBSCRIPTION_ID" 15 | value: "57e5" 16 | -------------------------------------------------------------------------------- /bestpractices/compute-resources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: compute-resources 5 | spec: 6 | hard: 7 | pods: "4" 8 | requests.cpu: "1" 9 | requests.memory: 1Gi 10 | limits.cpu: "2" 11 | limits.memory: 2Gi -------------------------------------------------------------------------------- /bestpractices/mountsp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: get-sp 5 | spec: 6 | containers: 7 | - image: mcr.microsoft.com/azure-cli 8 | securityContext: 9 | privileged: true 10 | name: sp-app 11 | command: ["/bin/sh", "-c", "--"] 12 | args: ["while true; do sleep 5; done;"] 13 | volumeMounts: 14 | - name: host-sp 15 | mountPath: /host/azure.json 16 | readOnly: false 17 | volumes: 18 | - name: host-sp 19 | hostPath: 20 | # this file contains the cluster service-principal, it exists on every node by default 21 | path: /etc/kubernetes/azure.json 22 | type: File -------------------------------------------------------------------------------- /bestpractices/networkmonitor.md: -------------------------------------------------------------------------------- 1 | # Fix DNS issue by deploying networkmonitor as a daemonset in cluster 2 | 3 | 1. Take networkmonitor image from 4 | https://hub.docker.com/r/containernetworking/networkmonitor/ 5 | 6 | Latest value should be 7 | ``` 8 | containernetworking/networkmonitor:v0.0.4 9 | ``` 10 | 11 | 2. Take latest version and replace with it. Deploy as a daemonset using the template from here 12 | 13 | https://github.com/Azure/acs-engine/blob/master/parts/k8s/addons/azure-cni-networkmonitor.yaml 14 | 15 | 3. Alternative deploy directly 16 | 17 | ``` 18 | kubectl apply -f https://raw.githubusercontent.com/denniszielke/container_demos/master/bestpractices/azure-cni-networkmonitor.yaml 19 | ``` -------------------------------------------------------------------------------- /bestpractices/podmeasure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: Pod 3 | metadata: 4 | name: kmeasure 5 | labels: 6 | name: kmeasure 7 | spec: 8 | containers: 9 | - name: calcbackend 10 | image: danielmeixner/kmeasure:latest 11 | env: 12 | - name: "MEASURE_NAMESPACE" 13 | value: "calculator" 14 | - name: "MEASURE_PODNAME" 15 | value: "multicalchart-frontend-54d4b8cd4c-4njlz" 16 | - name: "MEASURE_INTERVAL" 17 | value: "5000" 18 | - name: "MEASURE_TIME" 19 | value: "60" -------------------------------------------------------------------------------- /bicep/README.md: -------------------------------------------------------------------------------- 1 | # Deploy Azure resources 2 | 3 | ## Create vnet and identity (optional) 4 | 5 | This script will create a controller manager identity and a vnet with subnets, nsg 6 | ``` 7 | PROJECT_NAME="myaks2" 8 | LOCATION="westeurope" 9 | CONTROLLER_IDENTITY_NAME="my-controller" 10 | bash ./create.sh $PROJECT_NAME $LOCATION $CONTROLLER_IDENTITY_NAME 11 | 12 | ``` 13 | 14 | ## Deploy resources with bicep (vnet and identity must exist) 15 | 16 | This will deploy an AKS cluster using the template and require controller manager identity, aad group and vnet to be already created 17 | 18 | ``` 19 | PROJECT_NAME="myaks3" 20 | LOCATION="westeurope" 21 | CONTROLLER_IDENTITY_NAME="my-controller" 22 | SUBSCRIPTION_ID=$(az account show --query id -o tsv) 23 | AKS_SUBNET_RESOURCE_ID="/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$PROJECT_NAME/providers/Microsoft.Network/virtualNetworks/$PROJECT_NAME-vnet/subnets/$PROJECT_NAME-aks" 24 | AAD_GROUP_ID="0644b510-7b35-41aa-a9c6-4bfc3f644c58" 25 | bash ./deploy.sh $PROJECT_NAME $LOCATION $CONTROLLER_IDENTITY_NAME $AKS_SUBNET_RESOURCE_ID $AAD_GROUP_ID 26 | ``` 27 | -------------------------------------------------------------------------------- /bicep/aca.bicep: -------------------------------------------------------------------------------- 1 | resource environment 'Microsoft.App/managedEnvironments@2023-02-01' = { 2 | name: 'privateaca1' 3 | location: 'westeurope' 4 | properties: { 5 | appLogsConfiguration: { 6 | destination: 'log-analytics' 7 | logAnalyticsConfiguration: { 8 | customerId: '' 9 | sharedKey: '' 10 | } 11 | } 12 | workloadProfiles: [ 13 | { 14 | name: 'consumption' 15 | workloadProfileType: 'Consumption' 16 | } 17 | { 18 | name: 'd4-compute' 19 | workloadProfileType: 'D4' 20 | MinimumCount: 1 21 | MaximumCount: 3 22 | } 23 | ] 24 | vnetConfiguration: { 25 | infrastructureSubnetId: '/subnets/aks-5-subnet' 26 | internal: true 27 | } 28 | zoneRedundant: false 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /bicep/logging.bicep: -------------------------------------------------------------------------------- 1 | 2 | @description('Specifies the Azure location for all resources.') 3 | param location string = resourceGroup().location 4 | 5 | param logAnalyticsWorkspaceName string 6 | 7 | resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-10-01' = { 8 | name: logAnalyticsWorkspaceName 9 | location: location 10 | properties: any({ 11 | retentionInDays: 30 12 | features: { 13 | searchVersion: 1 14 | legacy: 0 15 | enableLogAccessUsingOnlyResourcePermissions: true 16 | } 17 | sku: { 18 | name: 'PerGB2018' 19 | } 20 | }) 21 | } 22 | 23 | output logAnalyticsWorkspaceId string = logAnalyticsWorkspace.id 24 | -------------------------------------------------------------------------------- /bicep/main.bicep: -------------------------------------------------------------------------------- 1 | @description('Datacenter location.') 2 | param location string = resourceGroup().location 3 | 4 | @description('Specifies a project name that is used to generate the Event Hub name and the Namespace name.') 5 | param projectName string 6 | 7 | @description('Resource Id of the managed identity for the AKS Controller Identity.') 8 | param controllerIdentity string 9 | 10 | @description('Resource Id of the subnet that will be used for the AKS cluster.') 11 | param nodePoolSubnetId string 12 | 13 | @description('Object id of the subnet that will be used for the AKS cluster.') 14 | param aksAdminGroupId string 15 | 16 | module logging 'logging.bicep' = { 17 | name: 'logging' 18 | params: { 19 | location: location 20 | logAnalyticsWorkspaceName: 'log-${projectName}' 21 | } 22 | } 23 | 24 | module aks 'aks.bicep' = { 25 | name: 'aks' 26 | params: { 27 | location: location 28 | clusterName: projectName 29 | controllerIdentity: controllerIdentity 30 | nodePoolSubnetId: nodePoolSubnetId 31 | aksAdminGroupId: aksAdminGroupId 32 | workspaceResourceId: logging.outputs.logAnalyticsWorkspaceId 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /charts/multicalculator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/multicalculator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: multicalculator 3 | description: Multicalculator helm chart for helm3 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 0.1.0 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 3.0.0 22 | -------------------------------------------------------------------------------- /charts/multicalculator/templates/autoscalers.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizonalPodAutoscaler }} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "multicalculator.fullname" . }}-backend-hpa 6 | labels: 7 | {{- include "multicalculator.labels" . | nindent 4 }} 8 | role: backend 9 | spec: 10 | maxReplicas: 5 11 | minReplicas: 1 12 | scaleTargetRef: 13 | apiVersion: extensions/v1beta1 14 | kind: Deployment 15 | name: {{ include "multicalculator.fullname" . }}-backend 16 | targetCPUUtilizationPercentage: 40 17 | --- 18 | apiVersion: autoscaling/v1 19 | kind: HorizontalPodAutoscaler 20 | metadata: 21 | name: {{ include "multicalculator.fullname" . }}-frontend-hpa 22 | labels: 23 | {{- include "multicalculator.labels" . | nindent 4 }} 24 | role: frontend 25 | spec: 26 | maxReplicas: 5 27 | minReplicas: 1 28 | scaleTargetRef: 29 | apiVersion: extensions/v1beta1 30 | kind: Deployment 31 | name: {{ include "multicalculator.fullname" . }}-frontend 32 | targetCPUUtilizationPercentage: 40 33 | {{- end }} -------------------------------------------------------------------------------- /charts/multicalculator/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | info.txt: "{{ .Chart.AppVersion }}" 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "multicalculator.fullname" . }} -------------------------------------------------------------------------------- /charts/multicalculator/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1beta1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "multicalculator.fullname" . }} 6 | labels: 7 | {{- include "multicalculator.labels" . | nindent 4 }} 8 | {{- with .Values.ingress.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | {{- if .Values.ingress.tls }} 14 | tls: 15 | - hosts: 16 | - {{ .Values.ingress.host | quote }} 17 | secretName: {{ include "multicalculator.fullname" . }}-tls 18 | {{- end }} 19 | rules: 20 | - host: {{ .Values.ingress.host | quote }} 21 | http: 22 | paths: 23 | - path: 24 | backend: 25 | serviceName: {{ include "multicalculator.fullname" . }}-frontend-svc 26 | servicePort: {{ .Values.service.port }} 27 | {{- end }} 28 | -------------------------------------------------------------------------------- /charts/multicalculator/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dependencies.useAppInsights }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "multicalculator.fullname" . }}-appin-secret 6 | type: Opaque 7 | data: 8 | appinsightskey: {{ .Values.dependencies.appInsightsSecretValue | b64enc }} 9 | {{- end }} 10 | --- 11 | {{- if .Values.dependencies.useAzureRedis }} 12 | apiVersion: v1 13 | kind: Secret 14 | metadata: 15 | name: {{ include "multicalculator.fullname" . }}-redis-secret 16 | type: Opaque 17 | data: 18 | redishostkey: {{ .Values.dependencies.redisHostValue | b64enc }} 19 | redisauthkey: {{ .Values.dependencies.redisKeyValue | b64enc }} 20 | {{- end }} -------------------------------------------------------------------------------- /charts/multicalculator/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "multicalculator.fullname" . }}-frontend-svc 5 | labels: 6 | {{- include "multicalculator.labels" . | nindent 4 }} 7 | role: frontend 8 | spec: 9 | type: {{ .Values.service.type }} 10 | ports: 11 | - port: {{ .Values.service.port }} 12 | targetPort: http 13 | protocol: TCP 14 | name: http 15 | selector: 16 | {{- include "multicalculator.selectorLabels" . | nindent 4 }} 17 | role: frontend 18 | --- 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ include "multicalculator.fullname" . }}-backend-svc 23 | labels: 24 | {{- include "multicalculator.labels" . | nindent 4 }} 25 | role: backend 26 | spec: 27 | type: ClusterIP 28 | ports: 29 | - port: {{ .Values.service.port }} 30 | targetPort: http 31 | protocol: TCP 32 | name: http 33 | selector: 34 | {{- include "multicalculator.selectorLabels" . | nindent 4 }} 35 | role: backend 36 | 37 | 38 | -------------------------------------------------------------------------------- /charts/multicalculator/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "multicalculator.serviceAccountName" . }} 6 | labels: 7 | {{ include "multicalculator.labels" . | nindent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /charts/multicalculator/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "multicalculator.fullname" . }}-test-connection" 5 | labels: 6 | {{ include "multicalculator.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "multicalculator.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/multicalculatorcanary/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /charts/multicalculatorcanary/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: multicalculatorcanary 3 | description: Multicalculator canary helm chart for helm3 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | version: 0.1.0 18 | 19 | # This is the version number of the application being deployed. This version number should be 20 | # incremented each time you make changes to the application. 21 | appVersion: 3.1.0 22 | -------------------------------------------------------------------------------- /charts/multicalculatorcanary/templates/autoscalers.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.horizonalPodAutoscaler }} 2 | apiVersion: autoscaling/v1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "multicalculatorcanary.fullname" . }}-backend-hpa 6 | labels: 7 | {{- include "multicalculatorcanary.labels" . | nindent 4 }} 8 | role: backend 9 | spec: 10 | maxReplicas: 5 11 | minReplicas: 1 12 | scaleTargetRef: 13 | apiVersion: extensions/v1beta1 14 | kind: Deployment 15 | name: {{ include "multicalculatorcanary.fullname" . }}-backend 16 | targetCPUUtilizationPercentage: 40 17 | --- 18 | apiVersion: autoscaling/v1 19 | kind: HorizontalPodAutoscaler 20 | metadata: 21 | name: {{ include "multicalculatorcanary.fullname" . }}-frontend-hpa 22 | labels: 23 | {{- include "multicalculatorcanary.labels" . | nindent 4 }} 24 | role: frontend 25 | spec: 26 | maxReplicas: 5 27 | minReplicas: 1 28 | scaleTargetRef: 29 | apiVersion: extensions/v1beta1 30 | kind: Deployment 31 | name: {{ include "multicalculatorcanary.fullname" . }}-frontend 32 | targetCPUUtilizationPercentage: 40 33 | {{- end }} -------------------------------------------------------------------------------- /charts/multicalculatorcanary/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | info.txt: "{{ .Values.slot }} - {{ .Chart.AppVersion }}" 4 | kind: ConfigMap 5 | metadata: 6 | name: {{ include "multicalculatorcanary.fullname" . }} -------------------------------------------------------------------------------- /charts/multicalculatorcanary/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dependencies.useAppInsights }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "multicalculatorcanary.fullname" . }}-appin-secret 6 | type: Opaque 7 | data: 8 | appinsightskey: {{ .Values.dependencies.appInsightsSecretValue | b64enc }} 9 | {{- end }} 10 | --- 11 | {{- if .Values.dependencies.useAzureRedis }} 12 | apiVersion: v1 13 | kind: Secret 14 | metadata: 15 | name: {{ include "multicalculatorcanary.fullname" . }}-redis-secret 16 | type: Opaque 17 | data: 18 | redishostkey: {{ .Values.dependencies.redisHostValue | b64enc }} 19 | redisauthkey: {{ .Values.dependencies.redisKeyValue | b64enc }} 20 | {{- end }} -------------------------------------------------------------------------------- /charts/multicalculatorcanary/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "multicalculatorcanary.fullname" . }}-frontend-svc 5 | labels: 6 | {{- include "multicalculatorcanary.labels" . | nindent 4 }} 7 | role: frontend 8 | spec: 9 | type: {{ .Values.service.type }} 10 | ports: 11 | - port: {{ .Values.service.port }} 12 | targetPort: http 13 | protocol: TCP 14 | name: http 15 | selector: 16 | {{- include "multicalculatorcanary.selectorLabels" . | nindent 4 }} 17 | role: frontend 18 | --- 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | name: {{ include "multicalculatorcanary.fullname" . }}-backend-svc 23 | labels: 24 | {{- include "multicalculatorcanary.labels" . | nindent 4 }} 25 | role: backend 26 | spec: 27 | type: ClusterIP 28 | ports: 29 | - port: {{ .Values.service.port }} 30 | targetPort: http 31 | protocol: TCP 32 | name: http 33 | selector: 34 | {{- include "multicalculatorcanary.selectorLabels" . | nindent 4 }} 35 | role: backend 36 | 37 | 38 | -------------------------------------------------------------------------------- /charts/multicalculatorcanary/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "multicalculatorcanary.serviceAccountName" . }} 6 | labels: 7 | {{ include "multicalculatorcanary.labels" . | nindent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /charts/multicalculatorcanary/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "multicalculatorcanary.fullname" . }}-test-connection" 5 | labels: 6 | {{ include "multicalculatorcanary.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "multicalculatorcanary.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /cilium/cilium-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: cilium 5 | --- 6 | apiVersion: v1 7 | kind: ConfigMap 8 | metadata: 9 | name: cni-configuration 10 | namespace: cilium 11 | data: 12 | cni-config: |- 13 | { 14 | "cniVersion": "0.3.0", 15 | "name": "azure", 16 | "plugins": [ 17 | { 18 | "type": "azure-vnet", 19 | "mode": "transparent", 20 | "bridge": "azure0", 21 | "ipam": { 22 | "type": "azure-vnet-ipam" 23 | } 24 | }, 25 | { 26 | "type": "portmap", 27 | "capabilities": {"portMappings": true}, 28 | "snat": true 29 | }, 30 | { 31 | "name": "cilium", 32 | "type": "cilium-cni" 33 | } 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /cilium/dns-filter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cilium.io/v2" 2 | kind: CiliumNetworkPolicy 3 | metadata: 4 | name: "to-fqdn" 5 | spec: 6 | endpointSelector: 7 | matchLabels: 8 | app: test-app 9 | egress: 10 | - toEndpoints: 11 | - matchLabels: 12 | "k8s:io.kubernetes.pod.namespace": kube-system 13 | "k8s:k8s-app": kube-dns 14 | toPorts: 15 | - ports: 16 | - port: "53" 17 | protocol: ANY 18 | rules: 19 | dns: 20 | - matchPattern: "*" 21 | - toFQDNs: 22 | - matchName: "my-remote-service.com" 23 | -------------------------------------------------------------------------------- /consul/counting-minimal-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: counting-minimal-pod 5 | labels: 6 | app: counting-service 7 | spec: 8 | containers: 9 | - name: counting-service 10 | image: topfunky/counting-service:0.0.1 11 | ports: 12 | - containerPort: 9001 -------------------------------------------------------------------------------- /consul/counting-minimal-svc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: counting-minimal-load-balancer 6 | spec: 7 | ports: 8 | - protocol: "TCP" 9 | port: 80 10 | targetPort: 9001 11 | selector: 12 | app: counting-service 13 | type: LoadBalancer -------------------------------------------------------------------------------- /consul/counting-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: counting 5 | annotations: 6 | "consul.hashicorp.com/connect-inject": "true" 7 | spec: 8 | containers: 9 | - name: counting 10 | image: hashicorp/counting-service:0.0.2 11 | ports: 12 | - containerPort: 9001 13 | name: http 14 | initContainers: 15 | - name: counting-init 16 | image: hashicorp/counting-init:0.0.9 17 | env: 18 | - name: POD_IP 19 | valueFrom: 20 | fieldRef: 21 | fieldPath: status.podIP 22 | - name: HOST_IP 23 | valueFrom: 24 | fieldRef: 25 | fieldPath: status.hostIP -------------------------------------------------------------------------------- /consul/demo-api.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: api-deployment-v1 5 | labels: 6 | app: api-v1 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: api-v1 12 | template: 13 | metadata: 14 | labels: 15 | app: api-v1 16 | annotations: 17 | 'consul.hashicorp.com/connect-inject': 'true' 18 | spec: 19 | containers: 20 | - name: api 21 | image: nicholasjackson/fake-service:v0.7.8 22 | ports: 23 | - containerPort: 9090 24 | env: 25 | - name: 'LISTEN_ADDR' 26 | value: '127.0.0.1:9090' 27 | - name: 'NAME' 28 | value: 'api-v1' 29 | - name: 'MESSAGE' 30 | value: 'Response from API v1' -------------------------------------------------------------------------------- /consul/demo-web.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: web-deployment 5 | labels: 6 | app: web 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: web 12 | template: 13 | metadata: 14 | labels: 15 | app: web 16 | annotations: 17 | 'consul.hashicorp.com/connect-inject': 'true' 18 | 'consul.hashicorp.com/connect-service-upstreams': 'api:9091' 19 | spec: 20 | containers: 21 | - name: web 22 | image: nicholasjackson/fake-service:v0.7.8 23 | ports: 24 | - containerPort: 9090 25 | env: 26 | - name: 'LISTEN_ADDR' 27 | value: '0.0.0.0:9090' 28 | - name: 'UPSTREAM_URIS' 29 | value: 'http://localhost:9091' 30 | - name: 'NAME' 31 | value: 'web' 32 | - name: 'MESSAGE' 33 | value: 'Hello World' 34 | 35 | --- 36 | apiVersion: v1 37 | kind: Service 38 | metadata: 39 | name: web 40 | spec: 41 | selector: 42 | app: web 43 | ports: 44 | - name: http 45 | protocol: TCP 46 | port: 9090 47 | targetPort: 9090 -------------------------------------------------------------------------------- /consul/dns-verify-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: dns 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: dns 10 | image: anubhavmishra/tiny-tools 11 | command: ["dig", "consul.service.consul"] 12 | restartPolicy: Never 13 | backoffLimit: 4 -------------------------------------------------------------------------------- /dapr/calc-backend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: js-calc-backend 5 | namespace: dapr-calc 6 | labels: 7 | app: js-calc-backend 8 | spec: 9 | replicas: 2 10 | selector: 11 | matchLabels: 12 | app: js-calc-backend 13 | template: 14 | metadata: 15 | labels: 16 | app: js-calc-backend 17 | annotations: 18 | dapr.io/enabled: "true" 19 | dapr.io/app-id: "js-calc-backend" 20 | dapr.io/app-port: "8080" 21 | dapr.io/config: "appconfig" 22 | spec: 23 | containers: 24 | - name: js-calc-backend 25 | image: ghcr.io/denniszielke/container-apps/js-calc-backend:1423319071 26 | ports: 27 | - containerPort: 8080 28 | imagePullPolicy: Always 29 | env: 30 | - name: "PORT" 31 | value: "8080" 32 | - name: "VERSION" 33 | value: "k8s-blue" -------------------------------------------------------------------------------- /dapr/calc-dapr-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: js-calc-frontend 5 | namespace: dapr-calc 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 8080 10 | selector: 11 | app: js-calc-frontend 12 | type: LoadBalancer 13 | externalTrafficPolicy: Local -------------------------------------------------------------------------------- /dapr/calc-frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: js-calc-frontend 5 | namespace: dapr-calc 6 | labels: 7 | app: js-calc-frontend 8 | spec: 9 | replicas: 2 10 | selector: 11 | matchLabels: 12 | app: js-calc-frontend 13 | template: 14 | metadata: 15 | labels: 16 | app: js-calc-frontend 17 | annotations: 18 | dapr.io/enabled: "true" 19 | dapr.io/app-id: "js-calc-frontend" 20 | dapr.io/app-port: "8080" 21 | dapr.io/config: "appconfig" 22 | spec: 23 | containers: 24 | - name: js-calc-frontend 25 | image: ghcr.io/denniszielke/container-apps/js-calc-frontend:1423319071 26 | ports: 27 | - containerPort: 8080 28 | imagePullPolicy: Always 29 | env: 30 | - name: "PORT" 31 | value: "8080" 32 | - name: "VERSION" 33 | value: "k8s-blue" 34 | - name: "ENDPOINT" 35 | value: "http://localhost:3500/v1.0/invoke/js-calc-backend/method" -------------------------------------------------------------------------------- /dapr/helloworld.md: -------------------------------------------------------------------------------- 1 | # Hello world 2 | https://github.com/dapr/samples/tree/master/2.hello-kubernetes 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /dapr/install.md: -------------------------------------------------------------------------------- 1 | # Install 2 | https://github.com/dapr/docs/blob/master/getting-started/environment-setup.md#installing-dapr-on-a-kubernetes-cluster 3 | 4 | helm repo add dapr https://daprio.azurecr.io/helm/v1/repo 5 | helm repo update 6 | kubectl create namespace dapr-system 7 | 8 | helm install dapr dapr/dapr --namespace dapr-system --set dapr_operator.logLevel=debug --set dapr_placement.logLevel=debug --set dapr_sidecar_injector.logLevel=debug 9 | kubectl get pods -n dapr-system -w 10 | helm uninstall dapr -n dapr-system 11 | 12 | 13 | -------------------------------------------------------------------------------- /dapr/kafka.md: -------------------------------------------------------------------------------- 1 | # Setting up Kafka 2 | https://github.com/dapr/samples/tree/master/5.bindings 3 | 4 | helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator 5 | helm repo update 6 | kubectl create namespace kafka 7 | helm install dapr-kafka --namespace kafka incubator/kafka --set replicas=1 8 | 9 | cat <>~/.bash_profile 30 | 31 | source ~/.bash_profile 32 | -------------------------------------------------------------------------------- /grafana/grafana-disk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: pvc-azuredisk 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: managed-premium 9 | resources: 10 | requests: 11 | storage: 5Gi 12 | --- 13 | apiVersion: v1 14 | kind: Pod 15 | metadata: 16 | name: grafana-disk 17 | spec: 18 | containers: 19 | - image: grafana/grafana 20 | name: grafana 21 | volumeMounts: 22 | - name: grafana 23 | mountPath: /var/lib/grafana 24 | volumes: 25 | - name: grafana 26 | persistentVolumeClaim: 27 | claimName: pvc-azuredisk -------------------------------------------------------------------------------- /grafana/grafana-mysql-paas.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: grafana-mysql 5 | spec: 6 | containers: 7 | - image: grafana/grafana 8 | name: grafana 9 | ports: 10 | - containerPort: 3000 11 | protocol: TCP 12 | env: 13 | - name: "GF_DATABASE_TYPE" 14 | value: "mysql" 15 | - name: "GF_DATABASE_HOST" 16 | value: "dzgrafana.mysql.database.azure.com" 17 | - name: "GF_DATABASE_USER" 18 | value: "dzgrafad@dzgrafana" 19 | - name: "GF_DATABASE_PASSWORD" 20 | value: "Aj98dFj.1234" 21 | - name: "GF_DATABASE_db" 22 | value: "grafana" 23 | - name: "GF_DATABASE_PORT" 24 | value: "3306" -------------------------------------------------------------------------------- /grpc/grpcbin.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: grpcbin 6 | labels: 7 | app: grpcbin 8 | annotations: 9 | konghq.com/protocols: grpc,grpcs 10 | spec: 11 | ports: 12 | - name: grpc 13 | port: 9001 14 | targetPort: 9001 15 | selector: 16 | app: grpcbin 17 | --- 18 | apiVersion: apps/v1 19 | kind: Deployment 20 | metadata: 21 | name: grpcbin 22 | spec: 23 | replicas: 1 24 | selector: 25 | matchLabels: 26 | app: grpcbin 27 | template: 28 | metadata: 29 | labels: 30 | app: grpcbin 31 | spec: 32 | containers: 33 | - image: moul/grpcbin 34 | name: grpcbin 35 | ports: 36 | - containerPort: 9001 -------------------------------------------------------------------------------- /grpc/grpcbin_kong.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: demo 5 | annotations: 6 | kubernetes.io/ingress.class: kong 7 | konghq.com/protocols: grpc,grpcs 8 | spec: 9 | rules: 10 | - http: 11 | paths: 12 | - path: / 13 | backend: 14 | serviceName: grpcbin 15 | servicePort: 9001 -------------------------------------------------------------------------------- /grpc/httbin.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: httpbin 6 | labels: 7 | app: httpbin 8 | spec: 9 | ports: 10 | - name: http 11 | port: 80 12 | targetPort: 80 13 | selector: 14 | app: httpbin 15 | --- 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | metadata: 19 | name: httpbin 20 | spec: 21 | replicas: 1 22 | selector: 23 | matchLabels: 24 | app: httpbin 25 | template: 26 | metadata: 27 | labels: 28 | app: httpbin 29 | spec: 30 | containers: 31 | - image: docker.io/kennethreitz/httpbin 32 | name: httpbin 33 | ports: 34 | - containerPort: 80 -------------------------------------------------------------------------------- /img/2017-08-07-07-44-35.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/2017-08-07-07-44-35.png -------------------------------------------------------------------------------- /img/2017-08-07-07-47-29.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/2017-08-07-07-47-29.png -------------------------------------------------------------------------------- /img/2017-08-07-07-48-22.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/2017-08-07-07-48-22.png -------------------------------------------------------------------------------- /img/2017-08-07-07-48-47.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/2017-08-07-07-48-47.png -------------------------------------------------------------------------------- /img/2017-08-07-07-49-50.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/2017-08-07-07-49-50.png -------------------------------------------------------------------------------- /img/2017-08-07-07-52-31.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/2017-08-07-07-52-31.png -------------------------------------------------------------------------------- /img/2017-08-07-07-55-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/2017-08-07-07-55-16.png -------------------------------------------------------------------------------- /img/2017-08-07-07-55-56.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/2017-08-07-07-55-56.png -------------------------------------------------------------------------------- /img/2017-08-07-07-56-37.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/2017-08-07-07-56-37.png -------------------------------------------------------------------------------- /img/aks-firewall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/aks-firewall.png -------------------------------------------------------------------------------- /img/basic-storage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/basic-storage.png -------------------------------------------------------------------------------- /img/cillium-calculator.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/cillium-calculator.png -------------------------------------------------------------------------------- /img/copy-app-id.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/copy-app-id.png -------------------------------------------------------------------------------- /img/copy-key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/copy-key.png -------------------------------------------------------------------------------- /img/create-app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/create-app.png -------------------------------------------------------------------------------- /img/fullyprivateaks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/fullyprivateaks.png -------------------------------------------------------------------------------- /img/hcp-new.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/hcp-new.png -------------------------------------------------------------------------------- /img/kubernetes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/kubernetes.png -------------------------------------------------------------------------------- /img/kubernetes_on_azure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/kubernetes_on_azure.png -------------------------------------------------------------------------------- /img/multicalculator.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/multicalculator.png -------------------------------------------------------------------------------- /img/multicalculatorarch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/multicalculatorarch.png -------------------------------------------------------------------------------- /img/multicontainer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/multicontainer.png -------------------------------------------------------------------------------- /img/osba_multicalculator.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/osba_multicalculator.png -------------------------------------------------------------------------------- /img/save-key.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/save-key.png -------------------------------------------------------------------------------- /img/select-active-directory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/select-active-directory.png -------------------------------------------------------------------------------- /img/select-add-app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/select-add-app.png -------------------------------------------------------------------------------- /img/select-app-registrations.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/select-app-registrations.png -------------------------------------------------------------------------------- /img/select-app.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/select-app.png -------------------------------------------------------------------------------- /img/select-keys.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/select-keys.png -------------------------------------------------------------------------------- /img/select-settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/img/select-settings.png -------------------------------------------------------------------------------- /kube-pod-helloworld/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | 8 | # Runtime data 9 | pids 10 | *.pid 11 | *.seed 12 | *.pid.lock 13 | 14 | # Directory for instrumented libs generated by jscoverage/JSCover 15 | lib-cov 16 | 17 | # Coverage directory used by tools like istanbul 18 | coverage 19 | 20 | # nyc test coverage 21 | .nyc_output 22 | 23 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 24 | .grunt 25 | 26 | # Bower dependency directory (https://bower.io/) 27 | bower_components 28 | 29 | # node-waf configuration 30 | .lock-wscript 31 | 32 | # Compiled binary addons (http://nodejs.org/api/addons.html) 33 | build/Release 34 | 35 | # Dependency directories 36 | node_modules/ 37 | jspm_packages/ 38 | 39 | # Typescript v1 declaration files 40 | typings/ 41 | 42 | # Optional npm cache directory 43 | .npm 44 | 45 | # Optional eslint cache 46 | .eslintcache 47 | 48 | # Optional REPL history 49 | .node_repl_history 50 | 51 | # Output of 'npm pack' 52 | *.tgz 53 | 54 | # Yarn Integrity file 55 | .yarn-integrity 56 | 57 | # dotenv environment variables file 58 | .env 59 | 60 | -------------------------------------------------------------------------------- /kube-pod-helloworld/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:8.2.0-alpine 2 | RUN mkdir -p /usr/src/app 3 | COPY ./app/* /usr/src/app/ 4 | WORKDIR /usr/src/app 5 | RUN npm install 6 | EXPOSE 80 7 | CMD node /usr/src/app/index.js 8 | -------------------------------------------------------------------------------- /kube-pod-helloworld/acihelloworldpod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: aci-helloworld 5 | spec: 6 | ports: 7 | - port: 80 8 | selector: 9 | app: aci-helloworld 10 | type: LoadBalancer 11 | --- 12 | apiVersion: extensions/v1beta1 13 | kind: Deployment 14 | metadata: 15 | name: aci-helloworld 16 | spec: 17 | replicas: 1 18 | strategy: 19 | type: Recreate 20 | template: 21 | metadata: 22 | labels: 23 | app: router 24 | spec: 25 | containers: 26 | - image: myveryownregistry-on.azurecr.io/image:latest 27 | name: aci-helloworld 28 | ports: 29 | - containerPort: 80 30 | imagePullSecrets: 31 | - name: registrykey 32 | nodeSelector: 33 | beta.kubernetes.io/os: linux -------------------------------------------------------------------------------- /kube-pod-helloworld/app/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express'); 2 | const morgan = require('morgan'); 3 | 4 | const app = express(); 5 | app.use(morgan('combined')); 6 | 7 | 8 | app.get('/', (req, res) => { 9 | res.sendFile(__dirname + '/index.html') 10 | }); 11 | 12 | var listener = app.listen(process.env.PORT || 80, function() { 13 | console.log('listening on port ' + listener.address().port); 14 | }); 15 | 16 | -------------------------------------------------------------------------------- /kube-pod-helloworld/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "aci-helloworld", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "dependencies": { 7 | "express": "^4.14.0", 8 | "morgan": "^1.8.2" 9 | }, 10 | "devDependencies": {}, 11 | "author": "" 12 | } 13 | -------------------------------------------------------------------------------- /kube-pod-helloworld/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: hello # Name of the deployment, just for reference purposes 5 | spec: 6 | replicas: 1 # Number of instances for the given application 7 | template: 8 | metadata: 9 | labels: 10 | app: hello 11 | spec: 12 | containers: 13 | - name: ner-uk-ms # Name of container, could be anything you like 14 | image: chaliy/ner-ms:uk # Docker image to run 15 | ports: 16 | - containerPort: 8080 -------------------------------------------------------------------------------- /logging/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Azure Monitor scrape config 3 | https://review.learn.microsoft.com/en-us/azure/azure-monitor/essentials/prometheus-metrics-scrape-configuration?branch=pr-en-us-210933 4 | 5 | 6 | ## Create prometheus config 7 | https://review.learn.microsoft.com/en-us/azure/azure-monitor/essentials/prometheus-metrics-scrape-validate?branch=pr-en-us-210933#apply-config-file 8 | 9 | https://github.com/Azure/prometheus-collector/blob/main/otelcollector/configmaps/ama-metrics-prometheus-config-node-windows-configmap.yaml 10 | ``` 11 | 12 | kubectl create configmap ama-metrics-prometheus-config --from-file=prometheus-config -n kube-system 13 | ``` -------------------------------------------------------------------------------- /logging/crashing-app/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:alpine 2 | ARG basedir="app" 3 | ARG build_info="Docker container build" 4 | ENV NODE_ENV production 5 | ENV BUILD_INFO $build_info 6 | # Place our app here 7 | WORKDIR /home/app 8 | 9 | # NPM install packages 10 | COPY ${basedir}/package*.json ./ 11 | RUN npm install --production --silent 12 | 13 | # NPM is done, now copy in the the whole project to the workdir 14 | COPY ${basedir}/*.js ./ 15 | 16 | EXPOSE 8080 17 | ENTRYPOINT [ "npm" , "start" ] -------------------------------------------------------------------------------- /logging/crashing-app/app/.env_template: -------------------------------------------------------------------------------- 1 | PORT= -------------------------------------------------------------------------------- /logging/crashing-app/app/.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | 3 | # git ls-files --others --exclude-from=.git/info/exclude 4 | # Lines that start with '#' are comments. 5 | # For a project mostly in C, the following would be a good set of 6 | # exclude patterns (uncomment them if you want to use them): 7 | # *.[oa] 8 | # *~ 9 | .env 10 | # Logs 11 | logs 12 | *.log 13 | npm-debug.log* 14 | package-lock.json 15 | 16 | # Runtime data 17 | pids 18 | *.pid 19 | *.seed 20 | 21 | # Directory for instrumented libs generated by jscoverage/JSCover 22 | lib-cov 23 | 24 | # Coverage directory used by tools like istanbul 25 | coverage 26 | 27 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 28 | .grunt 29 | 30 | # node-waf configuration 31 | .lock-wscript 32 | 33 | # Compiled binary addons (http://nodejs.org/api/addons.html) 34 | build/Release 35 | 36 | # Dependency directory 37 | node_modules 38 | 39 | # Optional npm cache directory 40 | .npm 41 | 42 | # Optional REPL history 43 | .node_repl_history 44 | 45 | #Azure 46 | iisnode.yml 47 | 48 | .vscode 49 | -------------------------------------------------------------------------------- /logging/crashing-app/app/config.js: -------------------------------------------------------------------------------- 1 | var config = {} 2 | 3 | config.port = process.env.PORT || 8080; 4 | 5 | module.exports = config; 6 | -------------------------------------------------------------------------------- /logging/crashing-app/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "crashing-app-node", 3 | "version": "1.0.0", 4 | "description": "crash logger", 5 | "main": "server.js", 6 | "scripts": { 7 | "start": "node server.js" 8 | }, 9 | "author": { 10 | "name": "dzielke" 11 | }, 12 | "dependencies": { 13 | "dotenv-extended": "^2.9.0", 14 | "express": "^4.18.2", 15 | "morgan": "^1.10.0", 16 | "prom-client": "^14.2.0" 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /logging/crashing-app/crashing-ing.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: https-crashing-app 5 | namespace: crashing-app 6 | annotations: 7 | cert-manager.io/cluster-issuer: letsencrypt 8 | nginx.ingress.kubernetes.io/rewrite-target: / 9 | spec: 10 | tls: 11 | - hosts: 12 | - dzobsdemo4.westeurope.cloudapp.azure.com 13 | secretName: dummy-cert-secret 14 | ingressClassName: nginx 15 | rules: 16 | - host: dzobsdemo4.westeurope.cloudapp.azure.com 17 | http: 18 | paths: 19 | - path: /crashing 20 | pathType: Prefix 21 | backend: 22 | service: 23 | name: crashing-app 24 | port: 25 | number: 80 -------------------------------------------------------------------------------- /logging/crashing-app/crashing-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: crashing-app 5 | namespace: crashing-app 6 | spec: 7 | ports: 8 | - port: 80 9 | targetPort: 80 10 | selector: 11 | app: crashing-app 12 | type: ClusterIP -------------------------------------------------------------------------------- /logging/dummy-logger/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:alpine 2 | ARG basedir="app" 3 | ARG build_info="Docker container build" 4 | ENV NODE_ENV production 5 | ENV BUILD_INFO $build_info 6 | # Place our app here 7 | WORKDIR /home/app 8 | 9 | # NPM install packages 10 | COPY ${basedir}/package*.json ./ 11 | RUN npm install --production --silent 12 | 13 | # NPM is done, now copy in the the whole project to the workdir 14 | COPY ${basedir}/*.js ./ 15 | 16 | EXPOSE 80 17 | ENTRYPOINT [ "npm" , "start" ] 18 | -------------------------------------------------------------------------------- /logging/dummy-logger/app/.deployment: -------------------------------------------------------------------------------- 1 | [config] 2 | SCM_DO_BUILD_DURING_DEPLOYMENT=true -------------------------------------------------------------------------------- /logging/dummy-logger/app/.env_template: -------------------------------------------------------------------------------- 1 | PORT= -------------------------------------------------------------------------------- /logging/dummy-logger/app/.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | 3 | # git ls-files --others --exclude-from=.git/info/exclude 4 | # Lines that start with '#' are comments. 5 | # For a project mostly in C, the following would be a good set of 6 | # exclude patterns (uncomment them if you want to use them): 7 | # *.[oa] 8 | # *~ 9 | .env 10 | # Logs 11 | logs 12 | *.log 13 | npm-debug.log* 14 | package-lock.json 15 | 16 | # Runtime data 17 | pids 18 | *.pid 19 | *.seed 20 | 21 | # Directory for instrumented libs generated by jscoverage/JSCover 22 | lib-cov 23 | 24 | # Coverage directory used by tools like istanbul 25 | coverage 26 | 27 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 28 | .grunt 29 | 30 | # node-waf configuration 31 | .lock-wscript 32 | 33 | # Compiled binary addons (http://nodejs.org/api/addons.html) 34 | build/Release 35 | 36 | # Dependency directory 37 | node_modules 38 | 39 | # Optional npm cache directory 40 | .npm 41 | 42 | # Optional REPL history 43 | .node_repl_history 44 | 45 | #Azure 46 | iisnode.yml 47 | 48 | .vscode 49 | -------------------------------------------------------------------------------- /logging/dummy-logger/app/config.js: -------------------------------------------------------------------------------- 1 | var config = {} 2 | 3 | config.port = process.env.PORT || 80; 4 | config.metricReset = process.env.METRICRESET || 2; 5 | config.name = process.env.NAME || "default"; 6 | module.exports = config; 7 | -------------------------------------------------------------------------------- /logging/dummy-logger/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "dummy-logger-node", 3 | "version": "1.0.0", 4 | "description": "dummy logger", 5 | "main": "server.js", 6 | "scripts": { 7 | "start": "node server.js" 8 | }, 9 | "author": { 10 | "name": "dzielke" 11 | }, 12 | "dependencies": { 13 | "express": "^4.18.2", 14 | "morgan": "^1.10.0", 15 | "dotenv-extended": "^2.9.0" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /logging/dummy-logger/corp-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: dummy-logger 5 | labels: 6 | app: dummy-logger 7 | spec: 8 | containers: 9 | - name: dummy-logger 10 | image: dzcorp.azurecr.io/dummy-logger:latest 11 | imagePullPolicy: Always 12 | ports: 13 | - containerPort: 80 14 | name: http 15 | protocol: TCP 16 | resources: 17 | requests: 18 | memory: "128Mi" 19 | cpu: "100m" 20 | limits: 21 | memory: "256Mi" 22 | cpu: "200m" -------------------------------------------------------------------------------- /logging/dummy-logger/dapr-pod-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: west-dummy-logger 5 | namespace: default 6 | labels: 7 | app: dummy-logger 8 | annotations: 9 | dapr.io/enabled: "true" 10 | dapr.io/app-id: "dummy-logger" 11 | dapr.io/app-port: "80" 12 | dapr.io/config: "appconfig" 13 | spec: 14 | containers: 15 | - name: west-dummy-logger 16 | image: denniszielke/dummy-logger:latest 17 | imagePullPolicy: Always 18 | env: 19 | - name: "METRICRESET" 20 | value: "5" 21 | ports: 22 | - containerPort: 80 23 | name: http 24 | protocol: TCP 25 | resources: 26 | requests: 27 | memory: "30Mi" 28 | cpu: "50m" 29 | limits: 30 | memory: "100Mi" 31 | cpu: "100m" -------------------------------------------------------------------------------- /logging/dummy-logger/depl-echo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: echoserver13 5 | spec: 6 | replicas: 1 7 | minReadySeconds: 10 8 | strategy: 9 | type: RollingUpdate 10 | rollingUpdate: 11 | maxUnavailable: 1 12 | maxSurge: 1 13 | selector: 14 | matchLabels: 15 | app: echoserver 16 | template: 17 | metadata: 18 | labels: 19 | app: echoserver 20 | spec: 21 | containers: 22 | - name: echoserver 23 | image: k8s.gcr.io/echoserver:1.10 24 | ports: 25 | - containerPort: 8080 26 | imagePullPolicy: Always 27 | resources: 28 | requests: 29 | memory: "128Mi" 30 | cpu: "100m" 31 | limits: 32 | memory: "256Mi" 33 | cpu: "200m" -------------------------------------------------------------------------------- /logging/dummy-logger/ing-appgw-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: logger-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: azure/application-gateway 7 | appgw.ingress.kubernetes.io/connection-draining: "true" 8 | appgw.ingress.kubernetes.io/connection-draining-timeout: "30" 9 | cert-manager.io/cluster-issuer: letsencrypt 10 | cert-manager.io/acme-challenge-type: http01 11 | spec: 12 | tls: 13 | - hosts: 14 | - dzgw4.northeurope.cloudapp.azure.com 15 | secretName: dummy-logger-secret-name 16 | rules: 17 | - host: dzgw4.northeurope.cloudapp.azure.com 18 | http: 19 | paths: 20 | - backend: 21 | serviceName: dummy-logger-cluster 22 | servicePort: 80 -------------------------------------------------------------------------------- /logging/dummy-logger/ing-approuting.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: creator 5 | annotations: 6 | nginx.ingress.kubernetes.io/rewrite-target: / 7 | spec: 8 | ingressClassName: webapprouting.kubernetes.azure.com 9 | rules: 10 | - host: app. 11 | http: 12 | paths: 13 | - path: / 14 | pathType: Prefix 15 | backend: 16 | service: 17 | name: dummy-logger 18 | port: 19 | number: 80 -------------------------------------------------------------------------------- /logging/dummy-logger/ing-nginx-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: https-dummy-logger 5 | namespace: dummy-logger 6 | annotations: 7 | cert-manager.io/cluster-issuer: letsencrypt 8 | nginx.ingress.kubernetes.io/rewrite-target: / 9 | spec: 10 | tls: 11 | - hosts: 12 | - $DNS 13 | secretName: dummy-cert-secret 14 | ingressClassName: nginx 15 | rules: 16 | - host: $DNS 17 | http: 18 | paths: 19 | - path: /logger 20 | pathType: Prefix 21 | backend: 22 | service: 23 | name: dummy-logger 24 | port: 25 | number: 80 -------------------------------------------------------------------------------- /logging/dummy-logger/ing-svc-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: logger-ingress 5 | annotations: 6 | kubernetes.io/ingress.class: nginx 7 | nginx.ingress.kubernetes.io/rewrite-target: /$2 8 | spec: 9 | rules: 10 | - host: 13.70.120.200.xip.io 11 | http: 12 | paths: 13 | - path: / 14 | backend: 15 | serviceName: dummy-logger 16 | servicePort: 80 17 | - path: /dummy-logger-cluster(/|$)(.*) 18 | backend: 19 | serviceName: dummy-logger-cluster 20 | servicePort: 80 21 | - path: /dummy-logger-int-lb(/|$)(.*) 22 | backend: 23 | serviceName: dummy-logger-int-lb 24 | servicePort: 80 25 | - path: /dummy-logger-pub-lb(/|$)(.*) 26 | backend: 27 | serviceName: dummy-logger-pub-lb 28 | servicePort: 80 29 | - path: /dummy-logger-pl-pub(/|$)(.*) 30 | backend: 31 | serviceName: dummy-logger-pl-pub 32 | servicePort: 80 33 | - path: /dummy-logger-node(/|$)(.*) 34 | backend: 35 | serviceName: dummy-logger-node 36 | servicePort: 80 -------------------------------------------------------------------------------- /logging/dummy-logger/pod-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: west-dummy-logger 5 | namespace: default 6 | labels: 7 | app: dummy-logger 8 | spec: 9 | containers: 10 | - name: west-dummy-logger 11 | image: denniszielke/dummy-logger:latest 12 | imagePullPolicy: Always 13 | env: 14 | - name: "METRICRESET" 15 | value: "5" 16 | - name: "NAME" 17 | value: "south" 18 | ports: 19 | - containerPort: 80 20 | name: http 21 | protocol: TCP 22 | resources: 23 | requests: 24 | memory: "128Mi" 25 | cpu: "100m" 26 | limits: 27 | memory: "256Mi" 28 | cpu: "200m" -------------------------------------------------------------------------------- /logging/dummy-logger/svc-cluster-explorer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: explorer-cluster 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: 3000 9 | selector: 10 | app: explorer 11 | type: ClusterIP 12 | --- 13 | apiVersion: v1 14 | kind: Service 15 | metadata: 16 | name: explorer 17 | spec: 18 | ports: 19 | - port: 80 20 | targetPort: 3000 21 | selector: 22 | app: explorer 23 | type: LoadBalancer -------------------------------------------------------------------------------- /logging/dummy-logger/svc-cluster-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger-cluster 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: 80 9 | selector: 10 | app: dummy-logger 11 | type: ClusterIP 12 | --- 13 | apiVersion: v1 14 | kind: Service 15 | metadata: 16 | name: dummy-logger 17 | spec: 18 | ports: 19 | - port: 80 20 | targetPort: 80 21 | selector: 22 | app: dummy-logger 23 | type: ClusterIP -------------------------------------------------------------------------------- /logging/dummy-logger/svc-int-ing-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger-int-ing-lb 5 | namespace: default 6 | annotations: 7 | service.beta.kubernetes.io/azure-load-balancer-internal: "true" 8 | service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "ing-4-subnet" 9 | spec: 10 | ports: 11 | - port: 80 12 | targetPort: 80 13 | selector: 14 | app: dummy-logger 15 | type: LoadBalancer 16 | externalTrafficPolicy: Local -------------------------------------------------------------------------------- /logging/dummy-logger/svc-int-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger-int-lb 5 | annotations: 6 | service.beta.kubernetes.io/azure-load-balancer-internal: "true" 7 | spec: 8 | ports: 9 | - port: 80 10 | targetPort: 80 11 | selector: 12 | app: dummy-logger 13 | type: LoadBalancer 14 | externalTrafficPolicy: Local -------------------------------------------------------------------------------- /logging/dummy-logger/svc-lb-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger-pub-lb 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: 80 9 | selector: 10 | app: dummy-logger 11 | type: LoadBalancer -------------------------------------------------------------------------------- /logging/dummy-logger/svc-lb-pl-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger-pl-pub 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: 80 9 | selector: 10 | app: dummy-logger 11 | type: LoadBalancer 12 | externalTrafficPolicy: Local -------------------------------------------------------------------------------- /logging/dummy-logger/svc-lb-rg-ing-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger-lb-ing-lb 5 | annotations: 6 | service.beta.kubernetes.io/azure-load-balancer-resource-group: "kub_ter_a_m_appgw5" 7 | spec: 8 | ports: 9 | - port: 80 10 | targetPort: 80 11 | selector: 12 | app: dummy-logger 13 | type: LoadBalancer 14 | externalTrafficPolicy: Local -------------------------------------------------------------------------------- /logging/dummy-logger/svc-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: 80 9 | selector: 10 | app: dummy-logger 11 | type: ClusterIP 12 | --- 13 | apiVersion: v1 14 | kind: Service 15 | metadata: 16 | name: dummy-logger-metrics 17 | spec: 18 | ports: 19 | - port: 80 20 | targetPort: 80 21 | selector: 22 | app: dummy-logger 23 | type: ClusterIP -------------------------------------------------------------------------------- /logging/dummy-logger/svc-node-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger-node 5 | spec: 6 | ports: 7 | - port: 80 8 | targetPort: 80 9 | selector: 10 | app: dummy-logger 11 | type: NodePort -------------------------------------------------------------------------------- /logging/dummy-logger/svc-pls-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger-int-pls-lb 5 | namespace: default 6 | annotations: 7 | service.beta.kubernetes.io/azure-load-balancer-internal: "true" 8 | service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "ing-4-subnet" 9 | service.beta.kubernetes.io/azure-pls-create: "true" 10 | service.beta.kubernetes.io/azure-pls-name: "plsinternal" 11 | service.beta.kubernetes.io/azure-pls-ip-configuration-subnet: "ing-4-subnet" 12 | service.beta.kubernetes.io/azure-pls-ip-configuration-ip-address-count: "4" 13 | service.beta.kubernetes.io/azure-pls-visibility: "*" 14 | service.beta.kubernetes.io/azure-pls-fqdns: "dzadf3llk2" 15 | spec: 16 | ports: 17 | - port: 80 18 | targetPort: 80 19 | selector: 20 | app: dummy-logger 21 | type: LoadBalancer 22 | externalTrafficPolicy: Local -------------------------------------------------------------------------------- /logging/dummy-logger/svc-rg-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: dummy-logger-rg-lb 5 | annotations: 6 | service.beta.kubernetes.io/azure-load-balancer-resource-group: "kub_ter_a_m_dzmonitoring" 7 | spec: 8 | loadBalancerIP: 52.142.80.245 9 | ports: 10 | - port: 80 11 | targetPort: 80 12 | selector: 13 | app: dummy-logger 14 | type: LoadBalancer 15 | externalTrafficPolicy: Local -------------------------------------------------------------------------------- /logging/echo-server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: echo-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: echo-server 10 | template: 11 | metadata: 12 | labels: 13 | app: echo-server 14 | spec: 15 | containers: 16 | - name: echo-server 17 | image: jmalloc/echo-server 18 | ports: 19 | - name: http-port 20 | containerPort: 8080 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: echo-service 26 | spec: 27 | ports: 28 | - name: http-port 29 | port: 80 30 | targetPort: http-port 31 | protocol: TCP 32 | selector: 33 | app: echo-server -------------------------------------------------------------------------------- /logging/load-generator/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | 8 | # Runtime data 9 | pids 10 | *.pid 11 | *.seed 12 | *.pid.lock 13 | 14 | # Directory for instrumented libs generated by jscoverage/JSCover 15 | lib-cov 16 | 17 | # Coverage directory used by tools like istanbul 18 | coverage 19 | 20 | # nyc test coverage 21 | .nyc_output 22 | 23 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 24 | .grunt 25 | 26 | # Bower dependency directory (https://bower.io/) 27 | bower_components 28 | 29 | # node-waf configuration 30 | .lock-wscript 31 | 32 | # Compiled binary addons (http://nodejs.org/api/addons.html) 33 | build/Release 34 | 35 | # Dependency directories 36 | node_modules/ 37 | jspm_packages/ 38 | 39 | # Typescript v1 declaration files 40 | typings/ 41 | 42 | # Optional npm cache directory 43 | .npm 44 | 45 | # Optional eslint cache 46 | .eslintcache 47 | 48 | # Optional REPL history 49 | .node_repl_history 50 | 51 | # Output of 'npm pack' 52 | *.tgz 53 | 54 | # Yarn Integrity file 55 | .yarn-integrity 56 | 57 | # dotenv environment variables file 58 | .env 59 | 60 | -------------------------------------------------------------------------------- /logging/load-generator/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:alpine 2 | RUN mkdir -p /usr/src/app 3 | COPY ./app/* /usr/src/app/ 4 | WORKDIR /usr/src/app 5 | RUN npm install 6 | CMD node /usr/src/app/index.js 7 | -------------------------------------------------------------------------------- /logging/load-generator/app/index.js: -------------------------------------------------------------------------------- 1 | const request = require('request'); 2 | 3 | function intervalFuncPost() { 4 | var randomNumber = Math.floor((Math.random() * 10000000) + 1); 5 | var headers = { 6 | 'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8;', 7 | 'number': randomNumber 8 | }; 9 | var options = { 10 | 'url': process.env.POST_ENDPOINT, 11 | 'headers': headers 12 | }; 13 | 14 | request.post(options, function(err, res, body) { 15 | var endDate = new Date(); 16 | console.log(endDate.getTime() + " " + body); 17 | }); 18 | } 19 | 20 | function intervalFuncGet() { 21 | request.get(process.env.GET_ENDPOINT, function(err, res, body) { 22 | var endDate = new Date(); 23 | console.log(endDate.getTime() + " " + body); 24 | }); 25 | } 26 | 27 | function noop() { 28 | var endDate = new Date(); 29 | console.log(endDate.getTime() + " doing nothing"); 30 | } 31 | 32 | if ( process.env.GET_ENDPOINT ) { 33 | setInterval(intervalFuncGet, 10); 34 | } else if (process.env.GET_ENDPOINT) 35 | { 36 | setInterval(intervalFuncPost, 10); 37 | } 38 | else { 39 | setInterval(noop, 10000); 40 | } -------------------------------------------------------------------------------- /logging/load-generator/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "load-generator", 3 | "version": "1.0.0", 4 | "description": "calculator load generator node", 5 | "main": "server.js", 6 | "scripts": { 7 | "start": "node index.js" 8 | }, 9 | "author": { 10 | "name": "dzielke" 11 | }, 12 | "dependencies": { 13 | "request": "^2.88.0" 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /logging/logging-format.csv: -------------------------------------------------------------------------------- 1 | 2018-09-21 08:03:33,7235,dummy-logger,::ffff:10.1.3.45,hallo 2 | 2018-09-21 08:05:33,75,dummy-logger,::ffff:10.0.3.45,hi 3 | 2018-09-21 08:06:33,7235,dummy-logger1,::ffff:10.1.3.35,hallo welt -------------------------------------------------------------------------------- /logging/prometheus-config: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 30s 3 | scrape_configs: 4 | - job_name: "istio-wl" 5 | scheme: http 6 | kubernetes_sd_configs: 7 | - role: endpoints 8 | relabel_configs: 9 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] 10 | action: keep 11 | regex: true 12 | - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] 13 | action: replace 14 | target_label: __metrics_path__ 15 | regex: (.+) 16 | - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 17 | separator: ":" 18 | regex: ([^:]+)(?::\d+)?;(\d+) 19 | target_label: __address__ 20 | replacement: $1:$2 21 | action: replace -------------------------------------------------------------------------------- /logging/prometheus-config-dummy: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 60s 3 | scrape_configs: 4 | - job_name: dummy-logger-metrics 5 | scrape_interval: 30s 6 | scheme: http 7 | metrics_path: /metrics 8 | static_configs: 9 | - targets: ['dummy-logger.test-infra.svc.cluster.local:80'] -------------------------------------------------------------------------------- /logging/python-details/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3 2 | 3 | WORKDIR /app 4 | 5 | ADD main.py /app/ 6 | ADD requirements.txt /app/ 7 | 8 | RUN pip install -r requirements.txt 9 | 10 | CMD ["python main.py"] -------------------------------------------------------------------------------- /logging/python-details/main.py: -------------------------------------------------------------------------------- 1 | from fastapi import FastAPI, Header, Request, status 2 | from fastapi.responses import HTMLResponse, FileResponse, RedirectResponse 3 | import uvicorn 4 | 5 | app = FastAPI() 6 | 7 | @app.get('/') 8 | async def default(request: Request): 9 | return { 'remoteip': request.client.host, 'realip': request.headers.get('x-real-ip', request.client.host), 'remoteaddr': request.client.host} 10 | 11 | @app.get('/ip') 12 | async def ip(request: Request): 13 | return { 'remoteip': request.client.host, 'realip': request.headers.get('x-real-ip', request.client.host), 'remoteaddr': request.client.host} 14 | 15 | @app.get('/headers') 16 | async def header(request: Request): 17 | return request.headers 18 | 19 | if __name__ == '__main__': 20 | uvicorn.run('main:app', host='0.0.0.0', port=8080) -------------------------------------------------------------------------------- /logging/python-details/requirements.txt: -------------------------------------------------------------------------------- 1 | fastapi 2 | uvicorn 3 | jsonify -------------------------------------------------------------------------------- /logging/python-ip/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:2.7-alpine 2 | 3 | WORKDIR /app 4 | 5 | ADD echo.py /app/ 6 | ADD requirements.txt /app/ 7 | 8 | RUN pip install -r requirements.txt 9 | 10 | CMD ["python echo.py"] -------------------------------------------------------------------------------- /logging/python-ip/echo.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, request, jsonify 2 | 3 | app = Flask(__name__) 4 | 5 | @app.route('/ip', methods=['GET']) 6 | def name(): 7 | return jsonify({'remoteip': request.remote_addr, 'realip': request.environ.get('HTTP_X_REAL_IP', request.remote_addr), 'remoteaddr': request.environ['REMOTE_ADDR'] }), 200 8 | 9 | if __name__ == '__main__': 10 | app.run(host='0.0.0.0', port=8080) -------------------------------------------------------------------------------- /logging/python-ip/requirements.txt: -------------------------------------------------------------------------------- 1 | flask -------------------------------------------------------------------------------- /logging/random_logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: random-logger 5 | spec: 6 | containers: 7 | - name: random-logger 8 | image: chentex/random-logger 9 | -------------------------------------------------------------------------------- /logging/ubuntuhost.yml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: ubuntuhost 5 | labels: 6 | run: demo 7 | spec: 8 | containers: 9 | - name: ubuntu 10 | image: tutum/curl 11 | command: ["tail"] 12 | args: ["-f", "/dev/null"] -------------------------------------------------------------------------------- /multi-stage-build-acr/Dockerfile: -------------------------------------------------------------------------------- 1 | 2 | # ---- Base Node ---- 3 | FROM node:carbon AS base 4 | # Create app directory 5 | WORKDIR /app 6 | 7 | # ---- Dependencies ---- 8 | FROM base AS dependencies 9 | # A wildcard is used to ensure both package.json AND package-lock.json are copied 10 | COPY src/package*.json ./ 11 | # install app dependencies including 'devDependencies' 12 | RUN npm install 13 | 14 | # ---- Copy Files/Build ---- 15 | FROM dependencies AS build 16 | WORKDIR /app 17 | COPY src /app 18 | # Build react/vue/angular bundle static files 19 | # RUN npm run build 20 | 21 | # --- Release with Alpine ---- 22 | FROM node:8.9-alpine AS release 23 | # Create app directory 24 | WORKDIR /app 25 | # optional 26 | # RUN npm -g install serve 27 | COPY --from=dependencies /app/package.json ./ 28 | # Install app dependencies 29 | RUN npm install --only=production 30 | COPY --from=build /app ./ 31 | #CMD ["serve", "-s", "dist", "-p", "8080"] 32 | EXPOSE 80 33 | CMD ["node", "server.js"] -------------------------------------------------------------------------------- /multi-stage-build-acr/src/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "helloworld", 3 | "version": "1.0.0", 4 | "description": "Sample app for ACR Build", 5 | "main": "server.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1", 8 | "start": "node server.js" 9 | }, 10 | "license": "MIT" 11 | } -------------------------------------------------------------------------------- /multi-stage-build-acr/src/server.js: -------------------------------------------------------------------------------- 1 | const http = require('http') 2 | 3 | const port = 80 4 | 5 | const server = http.createServer((request, response) => { 6 | response.writeHead(200, {'Content-Type': 'text/plain'}) 7 | response.write('Hello World\n') 8 | response.end('Version: ' + process.env.NODE_VERSION + '\n') 9 | }) 10 | 11 | server.listen(port) 12 | 13 | console.log(`Server running at http://localhost: ${port}`) -------------------------------------------------------------------------------- /multicalchart/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /multicalchart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Multicalculator Helm chart 3 | name: multicalchart 4 | version: 0.2.0 5 | sources: 6 | - https://github.com/denniszielke/container_demos 7 | -------------------------------------------------------------------------------- /multicalchart/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | 3 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 4 | You can watch the status of by running 'kubectl get svc -w {{ template "multicalchart.fullname" . }}' 5 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "multicalchart.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') 6 | echo http://$SERVICE_IP:80 -------------------------------------------------------------------------------- /multicalchart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "multicalchart.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "multicalchart.fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /multicalchart/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dependencies.useIngress }} 2 | apiVersion: extensions/v1beta1 3 | kind: Ingress 4 | metadata: 5 | name: {{ template "multicalchart.name" . }}-ingress 6 | annotations: 7 | kubernetes.io/ingress.class: nginx 8 | nginx.ingress.kubernetes.io/rewrite-target: / 9 | spec: 10 | tls: 11 | - hosts: 12 | - {{ .Values.service.dnsName }} 13 | rules: 14 | - host: {{ .Values.service.dnsName }} 15 | http: 16 | paths: 17 | - path: / 18 | backend: 19 | serviceName: {{ .Release.Name }}-calc-frontend-svc 20 | servicePort: 80 21 | {{- end }} -------------------------------------------------------------------------------- /multicalchart/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.dependencies.useAppInsights }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: appinsightsecret 6 | type: Opaque 7 | data: 8 | appinsightskey: {{ .Values.dependencies.appInsightsSecretValue | b64enc }} 9 | {{- end }} 10 | {{- if .Values.dependencies.useAzureRedis }} 11 | apiVersion: v1 12 | kind: Secret 13 | metadata: 14 | name: rediscachesecret 15 | type: Opaque 16 | data: 17 | redishostkey: {{ .Values.dependencies.redisHostValue | b64enc }} 18 | redisauthkey: {{ .Values.dependencies.redisKeyValue | b64enc }} 19 | {{- end }} -------------------------------------------------------------------------------- /multicalchart/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ .Release.Name }}-calc-frontend-svc 5 | labels: 6 | name: calc-frontend-svc 7 | app: {{ template "multicalchart.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | version: {{ .Release.Name }} 11 | spec: 12 | type: {{ .Values.service.frontendType }} 13 | selector: 14 | name: calc-frontend 15 | release: {{ .Release.Name }} 16 | ports: 17 | - port: 80 18 | name: http-calcfront 19 | targetPort: 8080 20 | protocol: TCP 21 | --- 22 | apiVersion: v1 23 | kind: Service 24 | metadata: 25 | name: {{ .Release.Name }}-calc-backend-svc 26 | labels: 27 | name: calc-backend-svc 28 | app: {{ template "multicalchart.name" . }} 29 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 30 | release: {{ .Release.Name }} 31 | version: {{ .Release.Name }} 32 | spec: 33 | type: {{ .Values.service.backendType }} 34 | selector: 35 | name: calc-backend 36 | release: {{ .Release.Name }} 37 | ports: 38 | - port: 80 39 | protocol: TCP 40 | name: http-calcback 41 | targetPort: 8080 -------------------------------------------------------------------------------- /networkpolicies/calico-db-allow.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: projectcalico.org/v3 2 | kind: NetworkPolicy 3 | metadata: 4 | name: allow-tcp-6379 5 | namespace: production 6 | spec: 7 | selector: role == 'database' 8 | types: 9 | - Ingress 10 | - Egress 11 | ingress: 12 | - action: Allow 13 | protocol: TCP 14 | source: 15 | selector: role == 'frontend' 16 | destination: 17 | ports: 18 | - 6379 19 | egress: 20 | - action: Allow -------------------------------------------------------------------------------- /networkpolicies/cillium-egress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "cilium.io/v2" 2 | kind: CiliumNetworkPolicy 3 | metadata: 4 | name: "fqdn" 5 | spec: 6 | endpointSelector: 7 | matchLabels: 8 | sec: allow 9 | egress: 10 | - toFQDNs: 11 | - matchName: "ipinfo.io" 12 | toPorts: 13 | - ports: 14 | - port: "443" 15 | protocol: TCP 16 | - toEndpoints: 17 | - matchLabels: 18 | "k8s:k8s-app": kube-dns 19 | toPorts: 20 | - ports: 21 | - port: "53" 22 | protocol: ANY 23 | rules: 24 | dns: 25 | - matchPattern: "*" -------------------------------------------------------------------------------- /opentelemetry-collector-config.yml: -------------------------------------------------------------------------------- 1 | mode: deployment 2 | config: 3 | exporters: 4 | prometheus: 5 | endpoint: "0.0.0.0:8889" 6 | namespace: azure_apim 7 | send_timestamps: true 8 | service: 9 | pipelines: 10 | metrics: 11 | exporters: 12 | - prometheus 13 | service: 14 | type: LoadBalancer 15 | ports: 16 | jaeger-compact: 17 | enabled: false 18 | prom-exporter: 19 | enabled: true 20 | containerPort: 8889 21 | servicePort: 8889 22 | protocol: TCP -------------------------------------------------------------------------------- /operations/dns.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: demo2-service 5 | annotations: 6 | external-dns.alpha.kubernetes.io/hostname: demo2.d-code.de 7 | spec: 8 | type: ExternalName 9 | externalName: 111.2.2.1 -------------------------------------------------------------------------------- /operations/mountconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: mount-config 5 | spec: 6 | replicas: 1 7 | template: 8 | metadata: 9 | labels: 10 | app: mount-config 11 | spec: 12 | containers: 13 | - image: alpine:latest 14 | name: test-app 15 | command: ["/bin/sh", "-c", "--"] 16 | args: ["while true; do sleep 5; done;"] 17 | volumeMounts: 18 | - mountPath: /config 19 | name: upgradeconfig 20 | readOnly: false 21 | volumes: 22 | - name: upgradeconfig 23 | hostPath: 24 | path: /etc/apt/apt.conf.d/20auto-upgrades 25 | type: File -------------------------------------------------------------------------------- /operations/set-upgrade-script.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: set-upgrade-script 5 | data: 6 | run.sh: | 7 | #!/bin/sh 8 | 9 | echo "reading upgrade config" 10 | less /config 11 | 12 | # Deactivate upgrades 13 | sed -e 's/Update-Package-Lists "1"/Update-Package-Lists "0"/ ; s/Unattended-Upgrade "1"/Unattended-Upgrade "0"/' /config > /config_out 14 | # Activate upgrades 15 | #sed -e 's/Update-Package-Lists "0"/Update-Package-Lists "1"/ ; s/Unattended-Upgrade "0"/Unattended-Upgrade "1"/' /config > /config_out 16 | 17 | cat /config_out > /config 18 | 19 | echo "new config:" 20 | 21 | less /config 22 | 23 | exit 0 -------------------------------------------------------------------------------- /osm/bb-depl.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: bookbuyer 5 | namespace: bookbuyer 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | app: bookbuyer 11 | template: 12 | metadata: 13 | labels: 14 | app: bookbuyer 15 | version: v1 16 | spec: 17 | containers: 18 | - name: bookbuyer 19 | image: openservicemesh/bookbuyer:latest 20 | imagePullPolicy: Always 21 | command: 22 | - /bookbuyer 23 | env: 24 | - name: BOOKSTORE_NAMESPACE 25 | value: bookstore 26 | serviceAccount: bookbuyer 27 | serviceAccountName: bookbuyer -------------------------------------------------------------------------------- /osm/bb-s.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: bookbuyer 6 | name: bookbuyer 7 | namespace: bookbuyer 8 | spec: 9 | ports: 10 | - name: dummy-unused-port 11 | port: 9999 12 | protocol: TCP 13 | targetPort: 9999 14 | selector: 15 | app: bookbuyer -------------------------------------------------------------------------------- /osm/bb-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: bookbuyer 5 | namespace: bookbuyer -------------------------------------------------------------------------------- /osm/bs-s.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: bookstore 5 | namespace: bookstore 6 | spec: 7 | ports: 8 | - port: 80 9 | name: bookstore-port 10 | selector: 11 | app: bookstore-v1 12 | --- 13 | apiVersion: v1 14 | kind: Service 15 | metadata: 16 | name: bookstore-v1 17 | namespace: bookstore 18 | spec: 19 | ports: 20 | - port: 80 21 | name: bookstore-port 22 | selector: 23 | app: bookstore-v1 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: bookstore-v2 29 | namespace: bookstore 30 | spec: 31 | ports: 32 | - port: 80 33 | name: bookstore-port 34 | selector: 35 | app: bookstore-v2 -------------------------------------------------------------------------------- /osm/bs-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: bookstore 5 | namespace: bookstore -------------------------------------------------------------------------------- /osm/route.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: specs.smi-spec.io/v1alpha3 2 | kind: HTTPRouteGroup 3 | metadata: 4 | name: bookstore-service-routes 5 | namespace: bookstore 6 | spec: 7 | matches: 8 | - name: books-bought 9 | pathRegex: /books-bought 10 | methods: 11 | - GET 12 | headers: 13 | - "user-agent": ".*-http-client/*.*" 14 | - "client-app": "bookbuyer" 15 | - name: buy-a-book 16 | pathRegex: ".*a-book.*new" 17 | methods: 18 | - GET 19 | - name: update-books-bought 20 | pathRegex: /update-books-bought 21 | methods: 22 | - POST -------------------------------------------------------------------------------- /osm/target.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: access.smi-spec.io/v1alpha2 2 | kind: TrafficTarget 3 | metadata: 4 | name: bookbuyer-access-bookstore-v1 5 | namespace: bookstore 6 | spec: 7 | destination: 8 | kind: ServiceAccount 9 | name: bookstore 10 | namespace: bookstore 11 | rules: 12 | - kind: HTTPRouteGroup 13 | name: bookstore-service-routes 14 | matches: 15 | - buy-a-book 16 | - books-bought 17 | sources: 18 | - kind: ServiceAccount 19 | name: bookbuyer 20 | namespace: bookbuyer -------------------------------------------------------------------------------- /policy.rego: -------------------------------------------------------------------------------- 1 | package envoy.authz 2 | 3 | import input.attributes.request.http as http_request 4 | 5 | default allow = false 6 | 7 | token = {"valid": valid, "payload": payload} { 8 | [_, encoded] := split(http_request.headers.authorization, " ") 9 | [valid, _, payload] := io.jwt.decode_verify(encoded, {"secret": "secret"}) 10 | } 11 | 12 | allow { 13 | is_token_valid 14 | action_allowed 15 | } 16 | 17 | is_token_valid { 18 | token.valid 19 | now := time.now_ns() / 1000000000 20 | token.payload.nbf <= now 21 | now < token.payload.exp 22 | } 23 | 24 | action_allowed { 25 | startswith(http_request.path, base64url.decode(token.payload.path)) 26 | } 27 | -------------------------------------------------------------------------------- /policy/constraint_label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: constraints.gatekeeper.sh/v1beta1 2 | kind: K8sRequiredLabels 3 | metadata: 4 | name: ns-must-have-gk 5 | spec: 6 | match: 7 | kinds: 8 | - apiGroups: [""] 9 | kinds: ["Namespace"] 10 | parameters: 11 | labels: ["gatekeeper"] -------------------------------------------------------------------------------- /policy/contraint_template_label.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: templates.gatekeeper.sh/v1beta1 2 | kind: ConstraintTemplate 3 | metadata: 4 | name: k8srequiredlabels 5 | spec: 6 | crd: 7 | spec: 8 | names: 9 | kind: K8sRequiredLabels 10 | listKind: K8sRequiredLabelsList 11 | plural: k8srequiredlabels 12 | singular: k8srequiredlabels 13 | validation: 14 | # Schema for the `parameters` field 15 | openAPIV3Schema: 16 | properties: 17 | labels: 18 | type: array 19 | items: string 20 | targets: 21 | - target: admission.k8s.gatekeeper.sh 22 | rego: | 23 | package k8srequiredlabels 24 | 25 | violation[{"msg": msg, "details": {"missing_labels": missing}}] { 26 | provided := {label | input.review.object.metadata.labels[label]} 27 | required := {label | label := input.parameters.labels[_]} 28 | missing := required - provided 29 | count(missing) > 0 30 | msg := sprintf("you must provide labels: %v", [missing]) 31 | } -------------------------------------------------------------------------------- /policy/contraint_template_readiness.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: templates.gatekeeper.sh/v1beta1 2 | kind: ConstraintTemplate 3 | metadata: 4 | name: k8srequiredlabels 5 | spec: 6 | crd: 7 | spec: 8 | names: 9 | kind: K8sRequiredLabels 10 | listKind: K8sRequiredLabelsList 11 | plural: k8srequiredlabels 12 | singular: k8srequiredlabels 13 | validation: 14 | # Schema for the `parameters` field 15 | openAPIV3Schema: 16 | properties: 17 | labels: 18 | type: array 19 | items: string 20 | targets: 21 | - target: admission.k8s.gatekeeper.sh 22 | rego: | 23 | package k8srequiredlabels 24 | 25 | violation[{"msg": msg, "details": {"missing_labels": missing}}] { 26 | provided := {label | input.review.object.metadata.labels[label]} 27 | required := {label | label := input.parameters.labels[_]} 28 | missing := required - provided 29 | count(missing) > 0 30 | msg := sprintf("you must provide labels: %v", [missing]) 31 | } -------------------------------------------------------------------------------- /policy/deployment_full.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: dummy-logger-full 5 | spec: 6 | replicas: 5 7 | minReadySeconds: 10 8 | strategy: 9 | type: RollingUpdate 10 | rollingUpdate: 11 | maxUnavailable: 1 12 | maxSurge: 1 13 | selector: 14 | matchLabels: 15 | app: dummy-logger-full 16 | template: 17 | metadata: 18 | labels: 19 | app: dummy-logger-full 20 | spec: 21 | containers: 22 | - name: dummy-logger 23 | image: denniszielke/dummy-logger:latest 24 | ports: 25 | - containerPort: 80 26 | imagePullPolicy: Always 27 | livenessProbe: 28 | httpGet: 29 | path: /ping 30 | port: 80 31 | readinessProbe: 32 | httpGet: 33 | path: /ping 34 | port: 80 35 | initialDelaySeconds: 10 36 | periodSeconds: 5 37 | resources: 38 | requests: 39 | memory: "128Mi" 40 | cpu: "100m" 41 | limits: 42 | memory: "256Mi" 43 | cpu: "200m" -------------------------------------------------------------------------------- /policy/deployment_small.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: dummy-logger-small 5 | spec: 6 | replicas: 5 7 | minReadySeconds: 10 8 | strategy: 9 | type: RollingUpdate 10 | rollingUpdate: 11 | maxUnavailable: 1 12 | maxSurge: 1 13 | selector: 14 | matchLabels: 15 | app: dummy-logger-small 16 | template: 17 | metadata: 18 | labels: 19 | app: dummy-logger-small 20 | spec: 21 | containers: 22 | - name: dummy-logger 23 | image: denniszielke/dummy-logger:latest 24 | ports: 25 | - containerPort: 80 26 | imagePullPolicy: Always 27 | resources: 28 | requests: 29 | memory: "128Mi" 30 | cpu: "100m" 31 | limits: 32 | memory: "256Mi" 33 | cpu: "200m" -------------------------------------------------------------------------------- /policy/liveness/pod-logger.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: west-dummy-logger 5 | namespace: default 6 | labels: 7 | app: dummy-logger 8 | spec: 9 | containers: 10 | - name: west-dummy-logger 11 | image: denniszielke/dummy-logger:latest 12 | imagePullPolicy: Always 13 | env: 14 | - name: "METRICRESET" 15 | value: "5" 16 | ports: 17 | - containerPort: 80 18 | name: http 19 | protocol: TCP 20 | livenessProbe: 21 | httpGet: 22 | path: /ping 23 | port: 80 24 | readinessProbe: 25 | httpGet: 26 | path: /ping 27 | port: 80 28 | initialDelaySeconds: 10 29 | periodSeconds: 5 30 | resources: 31 | requests: 32 | memory: "128Mi" 33 | cpu: "100m" 34 | limits: 35 | memory: "256Mi" 36 | cpu: "200m" -------------------------------------------------------------------------------- /policy/liveness/pod-small.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: west-dummy-logger 5 | namespace: default 6 | labels: 7 | app: dummy-logger 8 | spec: 9 | containers: 10 | - name: west-dummy-logger 11 | image: denniszielke/dummy-logger:latest 12 | imagePullPolicy: Always 13 | env: 14 | - name: "METRICRESET" 15 | value: "5" 16 | ports: 17 | - containerPort: 80 18 | name: http 19 | protocol: TCP 20 | resources: 21 | requests: 22 | memory: "128Mi" 23 | cpu: "100m" 24 | limits: 25 | memory: "256Mi" 26 | cpu: "200m" -------------------------------------------------------------------------------- /policy/readiness/require_deployment_readiness.rego: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import data.k8s.matches 4 | 5 | deny[msg] { 6 | input.kind == "Deployment" # true 7 | not input.spec.template.spec.containers[0].livenessProbe # true 8 | msg = "Deployment container must provide an owner" 9 | } -------------------------------------------------------------------------------- /policy/require_deployment_label.rego: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | deny[msg] { 4 | input.kind == "Deployment" # true 5 | not input.metadata.labels.owner # true 6 | msg = "Deployment container must provide an owner" 7 | } -------------------------------------------------------------------------------- /policy/require_selector.rego: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | deny[msg] { 4 | input.kind == "Deployment" # true 5 | not input.spec.selector.matchLabels.app # false 6 | msg = "Containers must provide app label for pod selectors" 7 | } -------------------------------------------------------------------------------- /policy/runasnonroot.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: constraints.gatekeeper.sh/v1beta1 2 | kind: K8sAzureAllowedUsersGroups 3 | metadata: 4 | name: psp-allowed-users-groups 5 | spec: 6 | match: 7 | excludedNamespaces: 8 | - kube-system 9 | - gatekeeper-system 10 | - azure-arc 11 | kinds: 12 | - apiGroups: [""] 13 | kinds: ["Pod"] 14 | parameters: 15 | runAsUser: 16 | ranges: 17 | - max: 9999 18 | min: 30 19 | rule: MustRunAsNonRoot 20 | runAsGroup: 21 | ranges: 22 | - max: 9999 23 | min: 30 24 | rule: RunAsAny 25 | supplementalGroups: 26 | ranges: [] 27 | rule: RunAsAny 28 | fsGroup: 29 | ranges: [] 30 | rule: RunAsAny -------------------------------------------------------------------------------- /scripts/function_create.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Function app and storage account names must be unique. 4 | storageName=mystorageaccount$RANDOM 5 | functionAppName=myappsvcpfunc$RANDOM 6 | region=westeurope 7 | 8 | # Create a resource resourceGroupName 9 | az group create \ 10 | --name myResourceGroup \ 11 | --location $region 12 | 13 | # Create an azure storage account 14 | az storage account create \ 15 | --name $storageName \ 16 | --location $region \ 17 | --resource-group myResourceGroup \ 18 | --sku Standard_LRS 19 | 20 | # Create a Premium plan 21 | az functionapp plan create \ 22 | --name mypremiumplan \ 23 | --resource-group myResourceGroup \ 24 | --location $region \ 25 | --sku EP1 26 | 27 | # Create a Function App 28 | az functionapp create \ 29 | --name $functionAppName \ 30 | --storage-account $storageName \ 31 | --plan mypremiumplan \ 32 | --resource-group myResourceGroup \ 33 | --functions-version 2 -------------------------------------------------------------------------------- /scripts/vm_node_logger.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -euqq 4 | 5 | sudo apt update 6 | sudo apt install nodejs 7 | sudo apt install npm -------------------------------------------------------------------------------- /scripts/vm_python_ip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -euqq 4 | 5 | sudo apt update 6 | sudo apt --assume-yes install python-pip 7 | 8 | wget https://raw.githubusercontent.com/denniszielke/container_demos/master/logging/python-ip/requirements.txt 9 | wget https://raw.githubusercontent.com/denniszielke/container_demos/master/logging/python-ip/echo.py 10 | 11 | pip install -r requirements.txt 12 | 13 | chmod +x echo.py 14 | 15 | python echo.py 16 | 17 | #nohup python /home/azureuser/echo.py & 18 | -------------------------------------------------------------------------------- /secure/aadpodidentity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aadpodidentity.k8s.io/v1 2 | kind: AzureIdentity 3 | metadata: 4 | name: keyvault-secrets-identity 5 | spec: 6 | type: 0 7 | ResourceID: {{AZUREIDENTITY_RESOURCEID}} 8 | ClientID: {{AZUREIDENTITY_CLIENTID}} -------------------------------------------------------------------------------- /secure/aadpodidentitybinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: aadpodidentity.k8s.io/v1 2 | kind: AzureIdentityBinding 3 | metadata: 4 | name: keyvault-secrets-identitybinding 5 | spec: 6 | AzureIdentity: {{AZUREIDENTITY_NAME}} 7 | Selector: {{POD_LABEL_SELECTOR}} -------------------------------------------------------------------------------- /secure/app-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: secrets-store-app 5 | namespace: demo-secrets 6 | spec: 7 | replicas: 1 8 | selector: 9 | matchLabels: 10 | app: secrets-store 11 | template: 12 | metadata: 13 | labels: 14 | app: secrets-store 15 | aadpodidbinding: keyvault-secrets 16 | spec: 17 | containers: 18 | - image: busybox 19 | name: demo 20 | args: 21 | - sleep 22 | - "86400" 23 | volumeMounts: 24 | - name: application-secrets 25 | mountPath: "/mnt/secrets-store" 26 | readOnly: true 27 | volumes: 28 | - name: application-secrets 29 | csi: 30 | driver: secrets-store.csi.k8s.io 31 | readOnly: true 32 | volumeAttributes: 33 | secretProviderClass: app-secrets -------------------------------------------------------------------------------- /secure/secretprovider.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 2 | kind: SecretProviderClass 3 | metadata: 4 | name: app-secrets 5 | spec: 6 | provider: azure 7 | parameters: 8 | usePodIdentity: "true" 9 | keyvaultName: {{KEYVAULT_NAME}} 10 | objects: | 11 | array: 12 | - | 13 | objectName: mysecret 14 | objectType: secret 15 | objectVersion: "" 16 | tenantId: {{AZURE_TENANTID}} -------------------------------------------------------------------------------- /secure/storageapp/Dockerfile: -------------------------------------------------------------------------------- 1 | ARG PYTHON_VERSION=3.8.10 2 | FROM python:${PYTHON_VERSION}-slim as base 3 | 4 | # Set environment variables 5 | ENV VIRTUAL_ENV=/venv 6 | RUN python3 -m venv $VIRTUAL_ENV 7 | ENV PATH="$VIRTUAL_ENV/bin:$PATH" 8 | 9 | # Copy the source code into the container. 10 | COPY . . 11 | 12 | # Install dependencies within the virtual environment. 13 | RUN pip install --upgrade pip && \ 14 | pip install -r requirements.txt 15 | 16 | # Run the application within the virtual environment. 17 | CMD ["python", "app.py"] -------------------------------------------------------------------------------- /secure/storageapp/app.py: -------------------------------------------------------------------------------- 1 | import os 2 | from azure.storage.blob import BlobServiceClient 3 | from azure.identity import DefaultAzureCredential 4 | 5 | 6 | def connect_to_storage_with_identity(): 7 | try: 8 | # the envs are from the secret reference defined in pod.yaml. And the secret is created by Service Connector 9 | # when creating the connection between the AKS cluster and the Azure OpenAI service 10 | client_identity = BlobServiceClient( 11 | account_url=os.environ.get("AZURE_STORAGEBLOB_RESOURCEENDPOINT"), 12 | credential=DefaultAzureCredential() 13 | ) 14 | containers = client_identity.list_containers() 15 | print("Connect to Azure Storage succeeded. Find {} containers".format(len(list(containers)))) 16 | except Exception as e: 17 | print("Connect to Azure Storage failed: {}".format(e)) 18 | 19 | 20 | if __name__ == "__main__": 21 | connect_to_storage_with_identity() -------------------------------------------------------------------------------- /secure/storageapp/pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: sc-demo-storage-identity 5 | namespace: storageapp 6 | labels: 7 | azure.workload.identity/use: "true" 8 | spec: 9 | restartPolicy: Never 10 | serviceAccountName: sc-account-c3a34c7d-07cf-4840-8493-388728cb2f68 # E.g., sc-account-ccd6321c-c451-4936-8407-2d382f4fc850 11 | containers: 12 | - name: demoapp 13 | image: denniszielke/storageapp # E.g., mydemo.azurecr.io/sc-demo-storage-identity:latest 14 | ports: 15 | - containerPort: 80 16 | envFrom: 17 | - secretRef: 18 | name: sc-storageblob6d1f4-secret # E.g., sc-account412a8-secret 19 | resources: 20 | requests: 21 | cpu: 100m 22 | memory: 128Mi 23 | limits: 24 | cpu: 250m 25 | memory: 256Mi -------------------------------------------------------------------------------- /secure/storageapp/requirements.txt: -------------------------------------------------------------------------------- 1 | azure-storage-blob==12.18.3 2 | azure-identity==1.15.0 -------------------------------------------------------------------------------- /services/aci-hello.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: Pod 3 | metadata: 4 | name: abluelabelimage 5 | labels: 6 | name: abluelabel 7 | spec: 8 | containers: 9 | - name: blue 10 | image: apmworkshop.azurecr.io/blue:latest 11 | ports: 12 | - containerPort: 80 13 | name: http 14 | protocol: TCP 15 | imagePullSecrets: 16 | - name: kuberegistry 17 | -------------------------------------------------------------------------------- /services/blue-pod.yml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: Pod 3 | metadata: 4 | name: bluedemo2 5 | labels: 6 | name: servicedemo 7 | color: blue 8 | demo: colorsdemo 9 | spec: 10 | containers: 11 | - name: blue 12 | image: denniszielke/blue:latest 13 | ports: 14 | - containerPort: 80 15 | name: http 16 | protocol: TCP -------------------------------------------------------------------------------- /services/blue-rc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: colorsdemo 5 | spec: 6 | replicas: 5 7 | selector: 8 | name: servicedemo 9 | color: blue 10 | demo: colorsdemo 11 | template: 12 | metadata: 13 | labels: 14 | name: servicedemo 15 | color: blue 16 | demo: colorsdemo 17 | spec: 18 | containers: 19 | - name: blue 20 | image: denniszielke/blue:latest 21 | ports: 22 | - containerPort: 80 23 | name: http 24 | protocol: TCP -------------------------------------------------------------------------------- /services/blue/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | 8 | # Runtime data 9 | pids 10 | *.pid 11 | *.seed 12 | *.pid.lock 13 | 14 | # Directory for instrumented libs generated by jscoverage/JSCover 15 | lib-cov 16 | 17 | # Coverage directory used by tools like istanbul 18 | coverage 19 | 20 | # nyc test coverage 21 | .nyc_output 22 | 23 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 24 | .grunt 25 | 26 | # Bower dependency directory (https://bower.io/) 27 | bower_components 28 | 29 | # node-waf configuration 30 | .lock-wscript 31 | 32 | # Compiled binary addons (http://nodejs.org/api/addons.html) 33 | build/Release 34 | 35 | # Dependency directories 36 | node_modules/ 37 | jspm_packages/ 38 | 39 | # Typescript v1 declaration files 40 | typings/ 41 | 42 | # Optional npm cache directory 43 | .npm 44 | 45 | # Optional eslint cache 46 | .eslintcache 47 | 48 | # Optional REPL history 49 | .node_repl_history 50 | 51 | # Output of 'npm pack' 52 | *.tgz 53 | 54 | # Yarn Integrity file 55 | .yarn-integrity 56 | 57 | # dotenv environment variables file 58 | .env 59 | 60 | -------------------------------------------------------------------------------- /services/blue/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:8.2.0-alpine 2 | RUN mkdir -p /usr/src/app 3 | COPY ./app/* /usr/src/app/ 4 | WORKDIR /usr/src/app 5 | RUN npm install 6 | EXPOSE 80 7 | CMD node /usr/src/app/index.js 8 | -------------------------------------------------------------------------------- /services/blue/app/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express'); 2 | const morgan = require('morgan'); 3 | 4 | const app = express(); 5 | app.use(morgan('combined')); 6 | 7 | 8 | app.get('/', (req, res) => { 9 | res.sendFile(__dirname + '/index.html') 10 | }); 11 | 12 | var listener = app.listen(process.env.PORT || 80, function() { 13 | console.log('listening on port ' + listener.address().port); 14 | }); 15 | 16 | -------------------------------------------------------------------------------- /services/blue/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "aci-helloworld", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "dependencies": { 7 | "express": "^4.14.0", 8 | "morgan": "^1.8.2" 9 | }, 10 | "devDependencies": {}, 11 | "author": "" 12 | } 13 | -------------------------------------------------------------------------------- /services/color-ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | annotations: 5 | kubernetes.io/ingress.class: nginx 6 | name: coloringress 7 | namespace: default 8 | spec: 9 | rules: 10 | - host: "13.82.238.54.xip.io" 11 | http: 12 | paths: 13 | - backend: 14 | serviceName: blue-svc 15 | servicePort: 80 16 | path: / 17 | - backend: 18 | serviceName: blue-svc 19 | servicePort: 80 20 | path: /blue 21 | - backend: 22 | serviceName: green-svc 23 | servicePort: 80 24 | path: /green -------------------------------------------------------------------------------- /services/colors-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: blue-svc 5 | labels: 6 | name: blueservice 7 | spec: 8 | selector: 9 | color: blue 10 | type: ClusterIP 11 | ports: 12 | - port: 80 13 | name: http 14 | targetPort: 80 15 | protocol: TCP -------------------------------------------------------------------------------- /services/default-backend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ReplicationController 3 | metadata: 4 | name: default-http-backend 5 | spec: 6 | replicas: 1 7 | selector: 8 | app: default-http-backend 9 | template: 10 | metadata: 11 | labels: 12 | app: default-http-backend 13 | spec: 14 | terminationGracePeriodSeconds: 60 15 | containers: 16 | - name: default-http-backend 17 | # Any image is permissable as long as: 18 | # 1. It serves a 404 page at / 19 | # 2. It serves 200 on a /healthz endpoint 20 | image: k8s.gcr.io/defaultbackend:1.0 21 | livenessProbe: 22 | httpGet: 23 | path: /healthz 24 | port: 8080 25 | scheme: HTTP 26 | initialDelaySeconds: 30 27 | timeoutSeconds: 5 28 | ports: 29 | - containerPort: 8080 30 | resources: 31 | limits: 32 | cpu: 10m 33 | memory: 20Mi 34 | requests: 35 | cpu: 10m 36 | memory: 20Mi -------------------------------------------------------------------------------- /services/default-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: default-http-backend 5 | spec: 6 | type: ClusterIP 7 | ports: 8 | - port: 80 9 | targetPort: 8080 10 | name: http 11 | selector: 12 | app: default-http-backend -------------------------------------------------------------------------------- /services/deployment.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | name: colorsdemo 5 | spec: 6 | replicas: 5 7 | minReadySeconds: 5 8 | strategy: 9 | type: RollingUpdate 10 | rollingUpdate: 11 | maxSurge: 1 12 | maxUnavailable: 1 13 | template: 14 | metadata: 15 | labels: 16 | name: servicedemo 17 | color: blue 18 | demo: colorsdemo 19 | spec: 20 | containers: 21 | - name: blue 22 | image: denniszielke/green:latest 23 | ports: 24 | - containerPort: 80 25 | name: http 26 | protocol: TCP 27 | # imagePullSecrets: 28 | # - name: kuberegistry -------------------------------------------------------------------------------- /services/frontend-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: colorservice 5 | labels: 6 | name: colorservice 7 | spec: 8 | selector: 9 | demo: colorsdemo 10 | type: ClusterIP 11 | ports: 12 | - port: 80 13 | name: http 14 | targetPort: 80 15 | protocol: TCP 16 | -------------------------------------------------------------------------------- /services/green-pod.yml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: Pod 3 | metadata: 4 | name: greendemo 5 | labels: 6 | name: servicedemo 7 | color: green 8 | demo: colorsdemo 9 | spec: 10 | containers: 11 | - name: green 12 | image: denniszielke/green:latest 13 | ports: 14 | - containerPort: 80 15 | name: http 16 | protocol: TCP 17 | # imagePullSecrets: 18 | # - name: kuberegistry -------------------------------------------------------------------------------- /services/green/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | 8 | # Runtime data 9 | pids 10 | *.pid 11 | *.seed 12 | *.pid.lock 13 | 14 | # Directory for instrumented libs generated by jscoverage/JSCover 15 | lib-cov 16 | 17 | # Coverage directory used by tools like istanbul 18 | coverage 19 | 20 | # nyc test coverage 21 | .nyc_output 22 | 23 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) 24 | .grunt 25 | 26 | # Bower dependency directory (https://bower.io/) 27 | bower_components 28 | 29 | # node-waf configuration 30 | .lock-wscript 31 | 32 | # Compiled binary addons (http://nodejs.org/api/addons.html) 33 | build/Release 34 | 35 | # Dependency directories 36 | node_modules/ 37 | jspm_packages/ 38 | 39 | # Typescript v1 declaration files 40 | typings/ 41 | 42 | # Optional npm cache directory 43 | .npm 44 | 45 | # Optional eslint cache 46 | .eslintcache 47 | 48 | # Optional REPL history 49 | .node_repl_history 50 | 51 | # Output of 'npm pack' 52 | *.tgz 53 | 54 | # Yarn Integrity file 55 | .yarn-integrity 56 | 57 | # dotenv environment variables file 58 | .env 59 | 60 | -------------------------------------------------------------------------------- /services/green/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM node:8.2.0-alpine 2 | RUN mkdir -p /usr/src/app 3 | COPY ./app/* /usr/src/app/ 4 | WORKDIR /usr/src/app 5 | RUN npm install 6 | EXPOSE 80 7 | CMD node /usr/src/app/index.js 8 | -------------------------------------------------------------------------------- /services/green/app/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express'); 2 | const morgan = require('morgan'); 3 | 4 | const app = express(); 5 | app.use(morgan('combined')); 6 | 7 | 8 | app.get('/', (req, res) => { 9 | res.sendFile(__dirname + '/index.html') 10 | }); 11 | 12 | var listener = app.listen(process.env.PORT || 80, function() { 13 | console.log('listening on port ' + listener.address().port); 14 | }); 15 | 16 | -------------------------------------------------------------------------------- /services/green/app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "aci-helloworld", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "dependencies": { 7 | "express": "^4.14.0", 8 | "morgan": "^1.8.2" 9 | }, 10 | "devDependencies": {}, 11 | "author": "" 12 | } 13 | -------------------------------------------------------------------------------- /services/health.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx 5 | #namespace: default 6 | spec: 7 | containers: 8 | - name: nginx 9 | image: nginx:1.7.9 10 | ports: 11 | - containerPort: 80 12 | env: 13 | - name: "SOMEVARIABLE" 14 | value: "somevalue" 15 | livenessProbe: 16 | httpGet: 17 | path: / 18 | port: 80 19 | initialDelaySeconds: 15 20 | timeoutSeconds: 1 21 | -------------------------------------------------------------------------------- /services/ingress-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx-ingress 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - port: 80 9 | name: http 10 | selector: 11 | app: nginx-ingress-lb -------------------------------------------------------------------------------- /services/nginx-internal.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: Pod 3 | metadata: 4 | name: nginx 5 | labels: 6 | name: nginx 7 | net: internal 8 | spec: 9 | containers: 10 | - name: nginx 11 | image: nginx 12 | ports: 13 | - containerPort: 80 14 | name: http 15 | protocol: TCP 16 | --- 17 | apiVersion: v1 18 | kind: Service 19 | metadata: 20 | name: nginx-ingress 21 | annotations: 22 | service.beta.kubernetes.io/azure-load-balancer-internal: "true" 23 | spec: 24 | type: LoadBalancer 25 | ports: 26 | - port: 80 27 | name: http 28 | selector: 29 | name: nginx 30 | --- 31 | apiVersion: v1 32 | kind: Service 33 | metadata: 34 | name: nginx-ingress-subnet 35 | annotations: 36 | service.beta.kubernetes.io/azure-load-balancer-internal: "true" 37 | service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "ing-4-subnet" 38 | spec: 39 | type: LoadBalancer 40 | loadBalancerIP: 10.0.4.24 41 | ports: 42 | - port: 80 43 | name: http 44 | selector: 45 | name: nginx -------------------------------------------------------------------------------- /services/ubuntu.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: ubuntuhost 5 | spec: 6 | containers: 7 | - name: ubuntu 8 | image: tutum/curl 9 | command: ["tail"] 10 | args: ["-f", "/dev/null"] 11 | -------------------------------------------------------------------------------- /simple/containerregistry.tf: -------------------------------------------------------------------------------- 1 | # https://www.terraform.io/docs/providers/azurerm/r/role_assignment.html 2 | resource "azurerm_role_assignment" "aksacrrole" { 3 | scope = azurerm_container_registry.aksacr.id 4 | role_definition_name = "Reader" 5 | principal_id = var.aks_client_id 6 | 7 | depends_on = [azurerm_container_registry.aksacr, azurerm_subnet.aksnet] 8 | } 9 | 10 | # https://www.terraform.io/docs/providers/azurerm/r/container_registry.html 11 | 12 | resource "azurerm_container_registry" "aksacr" { 13 | name = "${var.dns_prefix}acr" 14 | resource_group_name = azurerm_resource_group.aksrg.name 15 | location = azurerm_resource_group.aksrg.location 16 | sku = "Standard" 17 | admin_enabled = true 18 | 19 | tags = { 20 | Environment = var.environment 21 | } 22 | } -------------------------------------------------------------------------------- /simple/eventhub.tf: -------------------------------------------------------------------------------- 1 | # https://www.terraform.io/docs/providers/azurerm/r/eventhub.html 2 | resource "azurerm_eventhub_namespace" "eventhubns" { 3 | name = "${var.dns_prefix}ns" 4 | location = azurerm_resource_group.aksrg.location 5 | resource_group_name = azurerm_resource_group.aksrg.name 6 | sku = "Standard" 7 | capacity = 1 8 | 9 | tags = { 10 | Environment = var.environment 11 | } 12 | } 13 | 14 | resource "azurerm_eventhub" "eventhub" { 15 | name = "${var.dns_prefix}ns" 16 | namespace_name = azurerm_eventhub_namespace.eventhubns.name 17 | resource_group_name = azurerm_resource_group.aksrg.name 18 | partition_count = 2 19 | message_retention = 1 20 | } -------------------------------------------------------------------------------- /simple/keyvault.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_key_vault" "aksvauls" { 2 | name = "${var.dns_prefix}-vault" 3 | location = azurerm_resource_group.aksrg.location 4 | resource_group_name = azurerm_resource_group.aksrg.name 5 | enabled_for_disk_encryption = false 6 | tenant_id = var.tenant_id 7 | 8 | sku_name = "standard" 9 | 10 | network_acls { 11 | default_action = "Deny" 12 | bypass = "AzureServices" 13 | } 14 | 15 | tags = { 16 | Environment = var.environment 17 | } 18 | } -------------------------------------------------------------------------------- /simple/logs.tf: -------------------------------------------------------------------------------- 1 | # https://www.terraform.io/docs/providers/azurerm/d/log_analytics_workspace.html 2 | resource "azurerm_log_analytics_workspace" "akslogs" { 3 | name = "${var.dns_prefix}-lga" 4 | location = azurerm_resource_group.aksrg.location 5 | resource_group_name = azurerm_resource_group.aksrg.name 6 | sku = "PerGB2018" 7 | } 8 | 9 | resource "azurerm_log_analytics_solution" "akslogs" { 10 | solution_name = "ContainerInsights" 11 | location = azurerm_resource_group.aksrg.location 12 | resource_group_name = azurerm_resource_group.aksrg.name 13 | workspace_resource_id = azurerm_log_analytics_workspace.akslogs.id 14 | workspace_name = azurerm_log_analytics_workspace.akslogs.name 15 | 16 | plan { 17 | publisher = "Microsoft" 18 | product = "OMSGallery/ContainerInsights" 19 | } 20 | } -------------------------------------------------------------------------------- /smi/ing-linkerd-podinfo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: podinfo 5 | namespace: test 6 | labels: 7 | app: podinfo 8 | annotations: 9 | kubernetes.io/ingress.class: "nginx" 10 | certmanager.k8s.io/cluster-issuer: letsencrypt-prod 11 | nginx.ingress.kubernetes.io/configuration-snippet: | 12 | proxy_set_header l5d-dst-override $service_name.$namespace.svc.cluster.local:9898; 13 | proxy_hide_header l5d-remote-ip; 14 | proxy_hide_header l5d-server-id; 15 | spec: 16 | tls: 17 | - hosts: 18 | - linkderdsmi.westeurope.cloudapp.azure.com 19 | secretName: hello-tls-secret 20 | rules: 21 | - host: linkderdsmi.westeurope.cloudapp.azure.com 22 | http: 23 | paths: 24 | - backend: 25 | serviceName: podinfo 26 | servicePort: 9898 -------------------------------------------------------------------------------- /smi/istio-gw.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: public-gateway 5 | namespace: istio-system 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | number: 80 12 | name: http 13 | protocol: HTTP 14 | hosts: 15 | - "*" -------------------------------------------------------------------------------- /storage/ceph-pool.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ceph.rook.io/v1 2 | kind: CephBlockPool 3 | metadata: 4 | name: replicapool 5 | namespace: rook-ceph 6 | spec: 7 | failureDomain: host 8 | replicated: 9 | size: 3 10 | --- 11 | apiVersion: storage.k8s.io/v1 12 | kind: StorageClass 13 | metadata: 14 | name: rook-ceph-block 15 | provisioner: ceph.rook.io/block 16 | parameters: 17 | blockPool: replicapool 18 | # The value of "clusterNamespace" MUST be the same as the one in which your rook cluster exist 19 | clusterNamespace: rook-ceph 20 | # Specify the filesystem type of the volume. If not specified, it will use `ext4`. 21 | fstype: xfs 22 | # Optional, default reclaimPolicy is "Delete". Other options are: "Retain", "Recycle" as documented in https://kubernetes.io/docs/concepts/storage/storage-classes/ 23 | reclaimPolicy: Retain% -------------------------------------------------------------------------------- /storage/pod-read-azurefile.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: write-file-test 5 | spec: 6 | containers: 7 | - image: nginx 8 | name: nginx 9 | volumeMounts: 10 | - name: azure 11 | mountPath: /mnt/azure 12 | volumes: 13 | - name: azure 14 | azureFile: 15 | secretName: azure-secret 16 | shareName: k8swrite 17 | readOnly: false -------------------------------------------------------------------------------- /storage/pod-write-azuredisk.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: mypod 5 | spec: 6 | containers: 7 | - name: mypod 8 | image: nginx:1.15.5 9 | resources: 10 | requests: 11 | cpu: 100m 12 | memory: 128Mi 13 | limits: 14 | cpu: 250m 15 | memory: 256Mi 16 | volumeMounts: 17 | - mountPath: "/mnt/azure" 18 | name: volume 19 | volumes: 20 | - name: volume 21 | persistentVolumeClaim: 22 | claimName: azure-managed-disk -------------------------------------------------------------------------------- /storage/pod-write-azurefile.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: write-file-test 5 | spec: 6 | containers: 7 | - name: myfrontend 8 | image: nginx 9 | volumeMounts: 10 | - mountPath: "/var/www/html" 11 | name: volume 12 | volumes: 13 | - name: volume 14 | persistentVolumeClaim: 15 | claimName: pvc-azurefile -------------------------------------------------------------------------------- /storage/pv-azure-disk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv-azuredisk 5 | spec: 6 | capacity: 7 | storage: 5Gi 8 | accessModes: 9 | - ReadWriteOnce 10 | azureDisk: 11 | diskName: test.vhd 12 | diskURI: https://someaccount.blob.microsoft.net/vhds/test.vhd -------------------------------------------------------------------------------- /storage/pv-managed-disk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: pv-manageddisk 5 | spec: 6 | capacity: 7 | storage: 10Gi 8 | storageClassName: default 9 | azureDisk: 10 | kind: Managed 11 | diskName: mydisk 12 | diskURI: /subscriptions/{subscription-id}/resourceGroups/{aks-controlled-resource-group-name}/providers/Microsoft.Compute/disks/mydisk 13 | fsType: ext4 14 | accessModes: 15 | - ReadWriteOnce 16 | persistentVolumeReclaimPolicy: Retain 17 | claimRef: 18 | name: pvc-managed-disk 19 | namespace: default -------------------------------------------------------------------------------- /storage/pvc-azure-disk.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: pvc-azuredisk 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 5Gi 11 | storageClassName: hdd -------------------------------------------------------------------------------- /storage/pvc-azurefile.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: pvc-azurefile 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: azurefile 9 | resources: 10 | requests: 11 | storage: 5Gi -------------------------------------------------------------------------------- /storage/pvc-managed-disk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: pvc-managed-disk 5 | annotations: 6 | volume.beta.kubernetes.io/storage-class: default 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 10Gi 13 | storageClassName: default -------------------------------------------------------------------------------- /storage/pvc-managed-premium-disk.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: azure-managed-disk 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | storageClassName: managed-premium 9 | resources: 10 | requests: 11 | storage: 5Gi -------------------------------------------------------------------------------- /storage/sc-azure-disk.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: hdd 5 | provisioner: kubernetes.io/azure-disk 6 | parameters: 7 | skuname: Standard_LRS 8 | location: westus 9 | cachingmode: None -------------------------------------------------------------------------------- /storage/sc-azure-file.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: azurefile 5 | provisioner: kubernetes.io/azure-file 6 | parameters: 7 | storageAccount: ACCOUNT_NAME -------------------------------------------------------------------------------- /storage/sc-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: azure-secret 5 | type: Opaque 6 | data: 7 | azurestorageaccountname: ACCOUNT_NAME 8 | azurestorageaccountkey: STORAGE_ACCOUNT_KEY -------------------------------------------------------------------------------- /terraform/backend.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/denniszielke/container_demos/c71172d1bafe4f2f6e20602378116f8bf29f1062/terraform/backend.tf -------------------------------------------------------------------------------- /terraform/containerregistry.tf: -------------------------------------------------------------------------------- 1 | # https://www.terraform.io/docs/providers/azurerm/r/role_assignment.html 2 | resource "azurerm_role_assignment" "aksacrrole" { 3 | scope = azurerm_container_registry.aksacr.id 4 | role_definition_name = "Reader" 5 | principal_id = azurerm_kubernetes_cluster.akstf.kubelet_identity[0].object_id 6 | # principal_id = var.aks_client_id 7 | 8 | depends_on = [azurerm_container_registry.aksacr, azurerm_subnet.aksnet, azurerm_kubernetes_cluster.akstf] 9 | } 10 | 11 | # https://www.terraform.io/docs/providers/azurerm/r/container_registry.html 12 | 13 | resource "azurerm_container_registry" "aksacr" { 14 | name = "${var.dns_prefix}acr" 15 | resource_group_name = azurerm_resource_group.aksrg.name 16 | location = azurerm_resource_group.aksrg.location 17 | sku = "Premium" 18 | admin_enabled = true 19 | # network_rule_set = { 20 | # default_action = Deny 21 | # subnet_id = azurerm_subnet.aksnet.id 22 | # } 23 | 24 | tags = { 25 | environment = var.environment 26 | } 27 | } -------------------------------------------------------------------------------- /terraform/flux.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "flux_ns" { 2 | metadata { 3 | name = "flux" 4 | } 5 | 6 | depends_on = [azurerm_kubernetes_cluster.akstf] 7 | } 8 | 9 | # https://www.terraform.io/docs/providers/kubernetes/r/secret.html 10 | resource "kubernetes_secret" "flux_auth" { 11 | metadata { 12 | name = "flux-git-auth" 13 | namespace = kubernetes_namespace.flux_ns.metadata.0.name 14 | } 15 | 16 | data = { 17 | GIT_AUTHUSER = var.git_user 18 | GIT_AUTHKEY = var.git_key 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /terraform/keyvault.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_key_vault" "aksvauls" { 2 | name = "${var.dns_prefix}-vault" 3 | location = azurerm_resource_group.aksrg.location 4 | resource_group_name = azurerm_resource_group.aksrg.name 5 | enabled_for_disk_encryption = false 6 | tenant_id = var.tenant_id 7 | 8 | sku_name = "standard" 9 | 10 | network_acls { 11 | default_action = "Deny" 12 | bypass = "AzureServices" 13 | } 14 | 15 | tags = { 16 | environment = var.environment 17 | } 18 | } -------------------------------------------------------------------------------- /terraform/logs.tf: -------------------------------------------------------------------------------- 1 | # https://www.terraform.io/docs/providers/azurerm/d/log_analytics_workspace.html 2 | resource "azurerm_log_analytics_workspace" "akslogs" { 3 | name = "${var.dns_prefix}-lga" 4 | location = azurerm_resource_group.aksrg.location 5 | resource_group_name = azurerm_resource_group.aksrg.name 6 | sku = "PerGB2018" 7 | } 8 | 9 | resource "azurerm_log_analytics_solution" "akslogs" { 10 | solution_name = "ContainerInsights" 11 | location = azurerm_resource_group.aksrg.location 12 | resource_group_name = azurerm_resource_group.aksrg.name 13 | workspace_resource_id = azurerm_log_analytics_workspace.akslogs.id 14 | workspace_name = azurerm_log_analytics_workspace.akslogs.name 15 | 16 | plan { 17 | publisher = "Microsoft" 18 | product = "OMSGallery/ContainerInsights" 19 | } 20 | } -------------------------------------------------------------------------------- /terraform/monitoring_loki.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "loki_ns" { 2 | metadata { 3 | name = "loki" 4 | } 5 | 6 | depends_on = [azurerm_kubernetes_cluster.akstf] 7 | } 8 | 9 | # Install Loki chart 10 | # https://github.com/grafana/loki/blob/master/docs/installation/helm.md 11 | # https://www.terraform.io/docs/providers/helm/release.html 12 | resource "helm_release" "my_loki" { 13 | name = "my-loki" 14 | repository = "https://grafana.github.io/loki/charts" 15 | chart = "loki-stack" 16 | namespace = kubernetes_namespace.loki_ns.metadata.0.name 17 | force_update = "true" 18 | timeout = "500" 19 | 20 | set { 21 | name = "grafana.enabled" 22 | value = "true" 23 | } 24 | 25 | set { 26 | name = "prometheus.enabled" 27 | value = "true" 28 | } 29 | 30 | set { 31 | name = "prometheus.alertmanager.persistentVolume.enabled" 32 | value = "false" 33 | } 34 | 35 | set { 36 | name = "prometheus.server.persistentVolume.enabled" 37 | value = "true" 38 | } 39 | 40 | set { 41 | name = "persistence.enabled" 42 | value = "true" 43 | } 44 | 45 | depends_on = [azurerm_kubernetes_cluster.akstf, null_resource.after_charts] 46 | } -------------------------------------------------------------------------------- /terraform_agic/logs.tf: -------------------------------------------------------------------------------- 1 | # https://www.terraform.io/docs/providers/azurerm/d/log_analytics_workspace.html 2 | resource "azurerm_log_analytics_workspace" "akslogs" { 3 | name = "${var.deployment_name}-lga" 4 | location = azurerm_resource_group.aksrg.location 5 | resource_group_name = azurerm_resource_group.aksrg.name 6 | sku = "PerGB2018" 7 | } 8 | 9 | resource "azurerm_log_analytics_solution" "akslogs" { 10 | solution_name = "ContainerInsights" 11 | location = azurerm_resource_group.aksrg.location 12 | resource_group_name = azurerm_resource_group.aksrg.name 13 | workspace_resource_id = azurerm_log_analytics_workspace.akslogs.id 14 | workspace_name = azurerm_log_analytics_workspace.akslogs.name 15 | 16 | plan { 17 | publisher = "Microsoft" 18 | product = "OMSGallery/ContainerInsights" 19 | } 20 | } -------------------------------------------------------------------------------- /terraform_agic/main.tf: -------------------------------------------------------------------------------- 1 | 2 | provider "azurerm" { 3 | subscription_id = var.subscription_id 4 | # client_id = var.terraform_client_id 5 | # client_secret = var.terraform_client_secret 6 | tenant_id = var.tenant_id 7 | features {} 8 | } 9 | 10 | # https://www.terraform.io/docs/providers/azurerm/d/resource_group.html 11 | resource "azurerm_resource_group" "aksrg" { 12 | name = var.resource_group_name 13 | location = var.location 14 | 15 | tags = { 16 | environment = var.environment 17 | } 18 | } -------------------------------------------------------------------------------- /yaml/aci-scale.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: aci-helloworld 5 | spec: 6 | replicas: 3000 7 | selector: 8 | matchLabels: 9 | app: aci-helloworld 10 | template: 11 | metadata: 12 | labels: 13 | app: aci-helloworld 14 | spec: 15 | containers: 16 | - name: aci-helloworld 17 | image: mcr.microsoft.com/azuredocs/aci-helloworld 18 | ports: 19 | - containerPort: 80 20 | nodeSelector: 21 | kubernetes.io/role: agent 22 | beta.kubernetes.io/os: linux 23 | type: virtual-kubelet 24 | tolerations: 25 | - key: virtual-kubelet.io/provider 26 | operator: Exists 27 | - key: azure.com/aci 28 | effect: NoSchedule -------------------------------------------------------------------------------- /yaml/anti-affinity.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | run: pause 6 | name: pause 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | run: pause 12 | strategy: {} 13 | template: 14 | metadata: 15 | labels: 16 | run: pause 17 | spec: 18 | affinity: 19 | podAntiAffinity: 20 | requiredDuringSchedulingIgnoredDuringExecution: 21 | - labelSelector: 22 | matchExpressions: 23 | - key: run 24 | operator: In 25 | values: 26 | - pause 27 | topologyKey: kubernetes.io/hostname 28 | containers: 29 | - image: mcr.microsoft.com/oss/kubernetes/pause:3.6 30 | name: pause 31 | resources: 32 | limits: 33 | memory: "20Mi" 34 | cpu: "20m" 35 | requests: 36 | memory: "10Mi" 37 | cpu: "10m" -------------------------------------------------------------------------------- /yaml/appinsightsecret.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: appinsightsecret 5 | type: Opaque 6 | data: 7 | appinsightskey: NG0ODBlLTlmZTEtZmFiZDkyMTdiMzNi -------------------------------------------------------------------------------- /yaml/backend-js-pod.yml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: Pod 3 | metadata: 4 | name: js-calc-backend 5 | labels: 6 | name: calc-backend 7 | app: calculator 8 | language: js 9 | spec: 10 | containers: 11 | - name: js-calc-backend 12 | image: denniszielke/js-calc-backend:latest 13 | ports: 14 | - containerPort: 8080 15 | name: calc-backend 16 | protocol: TCP 17 | env: 18 | - name: "PORT" 19 | value: "8080" -------------------------------------------------------------------------------- /yaml/backend-pod.yml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: Pod 3 | metadata: 4 | name: js-calc-backend 5 | labels: 6 | name: js-calc-backend 7 | app: calculator 8 | spec: 9 | containers: 10 | - name: js-calc-backend 11 | image: denniszielke/js-calc-backend:latest 12 | ports: 13 | - containerPort: 8080 14 | name: calc-backend 15 | protocol: TCP 16 | env: 17 | - name: "INSTRUMENTATIONKEY" 18 | value: "dummyValue" 19 | - name: "PORT" 20 | value: "8080" -------------------------------------------------------------------------------- /yaml/backend-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: calc-backend-svc 5 | labels: 6 | name: calc-backend-svc 7 | app: calculator 8 | spec: 9 | ports: 10 | - port: 80 11 | name: calc-backend 12 | targetPort: 8080 13 | selector: 14 | name: calc-backend 15 | app: calculator -------------------------------------------------------------------------------- /yaml/calc-contour-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: calculator 5 | --- 6 | kind: HTTPRoute 7 | apiVersion: gateway.networking.k8s.io/v1beta1 8 | metadata: 9 | name: calculator 10 | namespace: calculator 11 | labels: 12 | app: calculator 13 | spec: 14 | parentRefs: 15 | - group: gateway.networking.k8s.io 16 | kind: Gateway 17 | name: contour 18 | namespace: projectcontour 19 | hostnames: 20 | - "{.hostname}" 21 | rules: 22 | - matches: 23 | - path: 24 | type: PathPrefix 25 | value: / 26 | backendRefs: 27 | - kind: Service 28 | name: http-frontend 29 | namespace: calculator 30 | port: 80 -------------------------------------------------------------------------------- /yaml/calc-requester.yml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: Pod 3 | metadata: 4 | name: java-calc-requester-jvm 5 | labels: 6 | name: java-calc-requester-jvm 7 | app: calculator 8 | spec: 9 | containers: 10 | - name: java-calc-requester-jvm 11 | image: denniszielke/java-calc-requester-jvm:latest 12 | ports: 13 | - containerPort: 8080 14 | name: calc-requester 15 | protocol: TCP 16 | env: 17 | - name: "ENDPOINT_HOST" 18 | value: "localhost" 19 | - name: "ENDPOINT_PORT" 20 | value: "8080" 21 | - name: "APPLICATIONINSIGHTS_CONNECTION_STRING" 22 | value: "INSTRUMENTATIONKEY=" -------------------------------------------------------------------------------- /yaml/centos.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: centos 5 | spec: 6 | containers: 7 | - name: centos 8 | image: centos 9 | ports: 10 | - containerPort: 80 11 | command: 12 | - sleep 13 | - "3600" -------------------------------------------------------------------------------- /yaml/frontend-pod.yml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: Pod 3 | metadata: 4 | name: calc-frontend 5 | labels: 6 | name: calc-frontend 7 | app: calculator 8 | spec: 9 | containers: 10 | - name: js-calc-frontend 11 | image: denniszielke/js-calc-frontend:latest 12 | ports: 13 | - containerPort: 8080 14 | name: calc-frontend 15 | protocol: TCP 16 | env: 17 | - name: "ENDPOINT" 18 | value: "calc-backend-svc" 19 | - name: "PORT" 20 | value: "8080" -------------------------------------------------------------------------------- /yaml/frontend-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: calc-frontend-svc 5 | labels: 6 | name: calc-frontend-svc 7 | app: calculator 8 | spec: 9 | selector: 10 | name: calc-frontend 11 | type: LoadBalancer 12 | ports: 13 | - port: 80 14 | name: calc-frontend 15 | targetPort: 8080 16 | protocol: TCP -------------------------------------------------------------------------------- /yaml/ingress.yml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Ingress 3 | metadata: 4 | name: frontend-ingress 5 | spec: 6 | rules: 7 | - host: mysite.com 8 | http: 9 | paths: 10 | - backend: 11 | serviceName: nginx 12 | servicePort: 80 13 | --- 14 | apiVersion: v1 15 | kind: Service 16 | metadata: 17 | name: nginx 18 | spec: 19 | ports: 20 | - port: 80 21 | targetPort: 80 22 | selector: 23 | app: nginx 24 | --- 25 | apiVersion: extensions/v1beta1 26 | kind: Deployment 27 | metadata: 28 | name: nginx 29 | spec: 30 | replicas: 1 31 | template: 32 | metadata: 33 | labels: 34 | app: nginx 35 | spec: 36 | containers: 37 | - name: echoserver 38 | image: nginx 39 | ports: 40 | - containerPort: 80 -------------------------------------------------------------------------------- /yaml/nginx.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx 5 | labels: 6 | name: nginx 7 | spec: 8 | ports: 9 | - port: 30101 10 | name: http 11 | targetPort: 80 12 | - port: 30102 13 | name: udp 14 | targetPort: 15503 15 | selector: 16 | name: nginx 17 | type: NodePort 18 | --- 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | name: nginx 23 | spec: 24 | replicas: 1 25 | selector: 26 | matchLabels: 27 | name: nginx 28 | template: 29 | metadata: 30 | labels: 31 | name: nginx 32 | spec: 33 | containers: 34 | - name: nginx 35 | image: nginx 36 | ports: 37 | - containerPort: 80 38 | name: http 39 | protocol: TCP 40 | - containerPort: 15503 41 | name: udp 42 | protocol: UDP 43 | env: 44 | - name: "PORT" 45 | value: "80" --------------------------------------------------------------------------------