├── server ├── .gitignore ├── go.mod ├── kubernetes │ └── base │ │ ├── kustomization.yaml │ │ └── deployment.yaml ├── Dockerfile ├── README.adoc ├── .devcontainer │ ├── devcontainer.json │ └── Dockerfile └── main.go ├── compose ├── isolated │ ├── src │ │ ├── main │ │ │ ├── resources │ │ │ │ └── application.properties │ │ │ └── java │ │ │ │ └── com │ │ │ │ └── example │ │ │ │ └── isolated │ │ │ │ └── DemoApplication.java │ │ └── test │ │ │ └── java │ │ │ └── com │ │ │ └── example │ │ │ └── demo │ │ │ └── DemoApplicationTests.java │ ├── .mvn │ │ └── wrapper │ │ │ ├── maven-wrapper.jar │ │ │ └── maven-wrapper.properties │ ├── .gitignore │ ├── docker-compose.yml │ ├── root │ │ └── .m2 │ │ │ └── settings.xml │ ├── pom.xml │ ├── mvnw.cmd │ └── mvnw ├── tagtest │ └── Dockerfile ├── httpd │ ├── htdocs │ │ ├── index.html │ │ ├── index.cgi │ │ └── test.cgi │ ├── Dockerfile │ ├── docker-compose.yml │ └── hello.yml ├── mongo │ └── docker-compose.yml ├── zookeeper │ └── docker-compose.yml ├── beaker │ └── docker-compose.yml ├── run │ ├── Dockerfile.run │ └── Dockerfile ├── test │ ├── README.md │ ├── docker-compose.yml │ ├── run.sh │ └── Dockerfile ├── squid │ ├── docker-compose.yml │ ├── start.sh │ ├── README.md │ └── Dockerfile ├── plantuml │ └── docker-compose.yml ├── neo4j │ └── docker-compose.yml ├── proxy │ ├── docker-compose.yml │ ├── README.md │ └── conf │ │ ├── nginx.conf │ │ ├── proxy.conf │ │ └── mime.types ├── guides │ └── Dockerfile ├── rabbit │ ├── docker-compose.yml │ └── README.md ├── elastic │ ├── docker-compose.yml │ ├── config │ │ └── logging.yml │ ├── docker-entrypoint.sh │ └── Dockerfile ├── artifactory │ ├── docker-compose.yml │ └── README.md ├── etcd │ └── docker-compose.yml ├── stomp │ ├── docker-compose.yml │ ├── Dockerfile │ └── README.md ├── nginx │ ├── docker-compose.yml │ ├── conf │ │ ├── conf.d │ │ │ └── default.conf │ │ ├── nginx.conf │ │ ├── server.csr │ │ ├── server.crt │ │ ├── server.key │ │ └── mime.types │ └── README.md ├── redis │ └── docker-compose.yml ├── postgres │ ├── docker-compose.yml │ └── README.md ├── mysql │ ├── docker-compose.yml │ └── README.md ├── kafka │ ├── README.md │ └── docker-compose.yml ├── multi │ ├── settings.xml │ └── Dockerfile ├── wurst │ └── docker-compose.yml ├── h2 │ └── docker-compose.yml ├── elk │ ├── docker-compose.yml │ ├── logstash │ │ └── conf │ │ │ └── logstash.conf │ └── README.md ├── petclinic │ └── docker-compose.yml ├── hydra │ └── docker-compose.yml └── k3s │ ├── docker-compose.yml │ ├── kubeconfig.yaml │ └── README.md ├── demo ├── src │ ├── main │ │ ├── resources │ │ │ ├── application.properties │ │ │ └── META-INF │ │ │ │ └── thin-k8s.properties │ │ └── java │ │ │ └── com │ │ │ └── example │ │ │ └── demo │ │ │ └── DemoApplication.java │ ├── test │ │ └── java │ │ │ └── com │ │ │ └── example │ │ │ └── demo │ │ │ └── DemoApplicationTests.java │ └── build │ │ └── extra-libs.sh ├── k8s │ ├── node │ │ ├── service.yaml │ │ └── kustomization.yaml │ ├── libs │ │ ├── env.yaml │ │ └── kustomization.yaml │ ├── gcr │ │ └── kustomization.yaml │ ├── dev │ │ └── kustomization.yaml │ └── prod │ │ └── kustomization.yaml ├── .mvn │ └── wrapper │ │ ├── maven-wrapper.jar │ │ ├── maven-wrapper.properties │ │ └── MavenWrapperDownloader.java ├── .gitignore ├── deployment.yaml ├── Dockerfile ├── pom.xml ├── mvnw.cmd └── mvnw ├── qemu ├── .gitignore ├── default.nix ├── run.sh ├── ttfr.sh ├── init.sh └── README.md ├── bootable ├── .gitignore ├── README.md ├── Dockerfile ├── ttfr.sh ├── simple.sh └── build.sh ├── layers ├── kafka │ ├── varreference.yaml │ ├── config.yaml │ ├── kustomization.yaml │ └── deployment.yaml ├── samples │ ├── config │ │ ├── application.yml │ │ ├── kustomization.yaml │ │ └── config.yaml │ ├── proxy │ │ ├── config.yaml │ │ ├── kustomization.yaml │ │ ├── service.yaml │ │ ├── nginx.conf │ │ ├── proxy.conf │ │ └── mime.types │ ├── petclinic │ │ ├── mysql.yaml │ │ └── kustomization.yaml │ ├── service │ │ ├── kustomization.yaml │ │ └── service.yaml │ ├── sidecar │ │ ├── kustomization.yaml │ │ └── service.yaml │ ├── job │ │ ├── kustomization.yaml │ │ └── job.yaml │ ├── kpack │ │ ├── system │ │ │ ├── kustomization.yaml │ │ │ └── builder.yaml │ │ ├── server │ │ │ ├── kustomization.yaml │ │ │ └── service.yaml │ │ └── image.yaml │ ├── simple │ │ └── kustomization.yaml │ ├── nginx-ingress │ │ ├── deployment.yaml │ │ └── kustomization.yaml │ ├── init │ │ ├── kustomization.yaml │ │ └── init.yaml │ ├── enhanced │ │ └── kustomization.yaml │ └── secure │ │ └── kustomization.yaml ├── mysql │ ├── config.yaml │ ├── application.env │ ├── transformer │ │ ├── kustomization.yaml │ │ └── app.yaml │ ├── pvc.yaml │ ├── kustomization.yaml │ ├── pv.yaml │ └── deployment.yaml ├── base │ ├── config.yaml │ ├── kustomization.yaml │ └── deployment.yaml ├── env │ ├── kustomization.yaml │ └── env.yaml ├── actuator │ ├── kustomization.yaml │ └── probes.yaml ├── secure │ ├── kustomization.yaml │ ├── service.yaml │ └── env.yaml ├── theia │ ├── kustomization.yaml │ ├── pv.yaml │ ├── pvc.yaml │ └── deployment.yaml ├── prometheus │ ├── kustomization.yaml │ ├── annotations.yaml │ └── mount.yaml ├── tunnel │ ├── kustomization.yaml │ ├── service.yaml │ └── mandatory.yaml └── metrics │ └── manifest.yaml ├── sidecar ├── Dockerfile ├── settings.conf ├── run.sh ├── nginx.conf ├── proxy.conf └── mime.types ├── envoy ├── kustomization.yaml ├── service.yaml ├── ambassador.yaml └── crds.yaml ├── Vagrantfile ├── .gitignore ├── kata ├── runtime-class.yaml ├── rbac.yaml └── deploy.yaml ├── default.nix ├── skaffold.yaml ├── .devcontainer ├── devcontainer.json └── Dockerfile ├── metrics └── manifest.yaml └── nix └── extensions.nix /server/.gitignore: -------------------------------------------------------------------------------- 1 | .vscode/ 2 | server -------------------------------------------------------------------------------- /compose/isolated/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /compose/tagtest/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine 2 | RUN echo hello 3 | -------------------------------------------------------------------------------- /demo/src/main/resources/application.properties: -------------------------------------------------------------------------------- 1 | info.name="foo" 2 | -------------------------------------------------------------------------------- /server/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/dsyer/server 2 | 3 | go 1.13 4 | -------------------------------------------------------------------------------- /qemu/.gitignore: -------------------------------------------------------------------------------- 1 | *.iso 2 | *.qcow 3 | *.img 4 | vmlinuz 5 | initramfs 6 | -------------------------------------------------------------------------------- /bootable/.gitignore: -------------------------------------------------------------------------------- 1 | *.iso 2 | *.qcow 3 | *.img 4 | vmlinuz 5 | initramfs 6 | -------------------------------------------------------------------------------- /layers/kafka/varreference.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: data/host 3 | kind: ConfigMap -------------------------------------------------------------------------------- /layers/samples/config/application.yml: -------------------------------------------------------------------------------- 1 | logging: 2 | level: 3 | org.springframework: DEBUG -------------------------------------------------------------------------------- /layers/mysql/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: mysql-config -------------------------------------------------------------------------------- /compose/httpd/htdocs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |

Hello World

4 | 5 | 6 | -------------------------------------------------------------------------------- /compose/mongo/docker-compose.yml: -------------------------------------------------------------------------------- 1 | mongodb: 2 | image: mongo:3.2 3 | ports: 4 | - "27017:27017" 5 | -------------------------------------------------------------------------------- /compose/zookeeper/docker-compose.yml: -------------------------------------------------------------------------------- 1 | zookeeper: 2 | image: zookeeper 3 | ports: 4 | - "2181:2181" -------------------------------------------------------------------------------- /compose/beaker/docker-compose.yml: -------------------------------------------------------------------------------- 1 | beaker: 2 | image: beakernotebook/beaker 3 | ports: 4 | - "8800:8800" -------------------------------------------------------------------------------- /layers/samples/proxy/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: nginx-config 5 | -------------------------------------------------------------------------------- /compose/run/Dockerfile.run: -------------------------------------------------------------------------------- 1 | FROM cfbuildpacks/cflinuxfs3-cnb-experimental:run 2 | 3 | ENTRYPOINT /lifecycle/launcher -------------------------------------------------------------------------------- /demo/k8s/node/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: app 5 | spec: 6 | type: NodePort -------------------------------------------------------------------------------- /compose/test/README.md: -------------------------------------------------------------------------------- 1 | ``` 2 | $ docker build -t demo . 3 | $ docker run --privileged -i -t demo --storage-driver=bitrfs 4 | -------------------------------------------------------------------------------- /demo/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsyer/docker-services/HEAD/demo/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /compose/squid/docker-compose.yml: -------------------------------------------------------------------------------- 1 | squid: 2 | image: dsyer/squid 3 | expose: 4 | - 3128 5 | ports: 6 | - "3128:3128" 7 | -------------------------------------------------------------------------------- /compose/plantuml/docker-compose.yml: -------------------------------------------------------------------------------- 1 | plantuml: 2 | image: plantuml/plantuml-server:tomcat 3 | ports: 4 | - "8989:8080" 5 | 6 | -------------------------------------------------------------------------------- /compose/test/docker-compose.yml: -------------------------------------------------------------------------------- 1 | rabbitmq: 2 | image: rabbitmq:management 3 | ports: 4 | - "5672:5672" 5 | - "15672:15672" 6 | -------------------------------------------------------------------------------- /layers/base/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: env-config 5 | data: 6 | SPRING_KUSTOMIZER: "true" -------------------------------------------------------------------------------- /compose/neo4j/docker-compose.yml: -------------------------------------------------------------------------------- 1 | neo4j: 2 | image: neo4j 3 | ports: 4 | - "7474:7474" 5 | - "7473:7473" 6 | - "7687:7687" 7 | -------------------------------------------------------------------------------- /compose/proxy/docker-compose.yml: -------------------------------------------------------------------------------- 1 | nginx: 2 | image: nginx 3 | ports: 4 | - "80:80" 5 | volumes: 6 | - "./conf:/etc/nginx:ro" 7 | -------------------------------------------------------------------------------- /compose/squid/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | tail -qF /var/log/squid/access.log /var/log/squid/cache.log 2> /dev/null & 4 | 5 | exec "$@" 6 | -------------------------------------------------------------------------------- /compose/guides/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM rabbitmq:management-alpine 2 | 3 | ENV LANG C.UTF-8 4 | 5 | RUN apk add --no-cache openjdk8 6 | 7 | CMD ["/bin/sh"] -------------------------------------------------------------------------------- /compose/rabbit/docker-compose.yml: -------------------------------------------------------------------------------- 1 | rabbitmq: 2 | image: rabbitmq:management-alpine 3 | ports: 4 | - "5672:5672" 5 | - "15672:15672" 6 | -------------------------------------------------------------------------------- /layers/samples/petclinic/mysql.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: app 5 | labels: 6 | services: mysql 7 | -------------------------------------------------------------------------------- /layers/samples/service/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - service.yaml 5 | -------------------------------------------------------------------------------- /server/kubernetes/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - deployment.yaml -------------------------------------------------------------------------------- /sidecar/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM nginx 2 | 3 | COPY mime.types /etc/nginx/ 4 | COPY *.conf /etc/nginx/ 5 | COPY run.sh / 6 | 7 | ENTRYPOINT [ "/run.sh" ] -------------------------------------------------------------------------------- /compose/isolated/.mvn/wrapper/maven-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsyer/docker-services/HEAD/compose/isolated/.mvn/wrapper/maven-wrapper.jar -------------------------------------------------------------------------------- /envoy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - crds.yaml 5 | - ambassador.yaml 6 | -------------------------------------------------------------------------------- /layers/mysql/application.env: -------------------------------------------------------------------------------- 1 | type=mysql 2 | provider=local 3 | jdbc-url=jdbc:mysql://${MYSQL_HOST:mysql}/test 4 | username=root 5 | password=password 6 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | config.vm.box = "cedricblondeau/ubuntu-xenial64-docker" 3 | config.vm.box_version = "0.0.1" 4 | end 5 | -------------------------------------------------------------------------------- /compose/httpd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM httpd:alpine 2 | COPY conf /usr/local/apache2/conf 3 | COPY htdocs /usr/local/apache2/htdocs 4 | ENV PORT 80 5 | expose 80 6 | -------------------------------------------------------------------------------- /compose/run/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM dsyer/builder 2 | 3 | LABEL io.buildpacks.stack.id=org.cloudfoundry.stacks.cflinuxfs3 4 | ENV PACK_USER_ID=2000 PACK_USER_GID=2000 -------------------------------------------------------------------------------- /compose/elastic/docker-compose.yml: -------------------------------------------------------------------------------- 1 | elasticsearch: 2 | image: quay.io/trackmaven/elasticsearch:1.7 3 | ports: 4 | - "9200:9200" 5 | # - "9300:9300" 6 | -------------------------------------------------------------------------------- /compose/httpd/htdocs/index.cgi: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -f 3 | 4 | echo "Content-type: text/plain; charset=iso-8859-1" 5 | echo 6 | 7 | echo -n "Hello " 8 | cat 9 | echo -------------------------------------------------------------------------------- /demo/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.0/apache-maven-3.6.0-bin.zip 2 | -------------------------------------------------------------------------------- /compose/artifactory/docker-compose.yml: -------------------------------------------------------------------------------- 1 | artifactory: 2 | image: jfrog-docker-reg2.bintray.io/artifactory/artifactory-oss:latest 3 | ports: 4 | - "8081:8081" 5 | -------------------------------------------------------------------------------- /compose/etcd/docker-compose.yml: -------------------------------------------------------------------------------- 1 | etcd: 2 | image: microbox/etcd 3 | ports: 4 | - "4001:4001" 5 | - "7001:7001" 6 | command: "--name test --data-dir=/data" -------------------------------------------------------------------------------- /compose/stomp/docker-compose.yml: -------------------------------------------------------------------------------- 1 | stomp: 2 | build: . 3 | ports: 4 | - "5672:5672" 5 | - "15672:15672" 6 | - "61613:61613" 7 | - "15674:15674" 8 | -------------------------------------------------------------------------------- /compose/isolated/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=http://nexus:8081/repository/maven-central/org/apache/maven/apache-maven/3.5.4/apache-maven-3.5.4-bin.zip 2 | -------------------------------------------------------------------------------- /compose/test/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | dockerd --config-file=/etc/docker/daemon.json -p /var/run/docker-bootstrap.pid & 4 | 5 | docker-compose create 6 | docker-compose start 7 | -------------------------------------------------------------------------------- /layers/kafka/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: kafka-metadata 5 | --- 6 | apiVersion: v1 7 | kind: Secret 8 | metadata: 9 | name: kafka-secret -------------------------------------------------------------------------------- /layers/samples/sidecar/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - service.yaml 5 | commonLabels: 6 | app: app 7 | -------------------------------------------------------------------------------- /layers/env/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - env.yaml 6 | -------------------------------------------------------------------------------- /compose/nginx/docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | nginx: 3 | image: nginx 4 | ports: 5 | - "80:80" 6 | - "443:443" 7 | volumes: 8 | - "./conf:/etc/nginx:ro" 9 | -------------------------------------------------------------------------------- /layers/actuator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - probes.yaml 6 | -------------------------------------------------------------------------------- /layers/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app: app 5 | resources: 6 | - deployment.yaml 7 | - config.yaml 8 | -------------------------------------------------------------------------------- /compose/redis/docker-compose.yml: -------------------------------------------------------------------------------- 1 | redis: 2 | image: redis 3 | ports: 4 | - "6379:6379" 5 | 6 | cli: 7 | image: redis 8 | links: 9 | - redis 10 | command: redis-cli -h redis -------------------------------------------------------------------------------- /layers/samples/job/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namePrefix: demo- 4 | commonLabels: 5 | app: demo-job 6 | resources: 7 | - job.yaml 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | .#* 3 | *# 4 | target 5 | bin 6 | .vagrant 7 | log/ 8 | /data 9 | .DS_Store 10 | .github/workflows/fats 11 | containerd* 12 | .vscode/ 13 | .attach_pid* 14 | dive.log 15 | /gce 16 | -------------------------------------------------------------------------------- /compose/postgres/docker-compose.yml: -------------------------------------------------------------------------------- 1 | postgres: 2 | image: postgres 3 | ports: 4 | - "5432:5432" 5 | environment: 6 | - POSTGRES_PASSWORD=postgres 7 | 8 | # jdbc:postgresql://localhost/postgres -------------------------------------------------------------------------------- /demo/src/main/resources/META-INF/thin-k8s.properties: -------------------------------------------------------------------------------- 1 | dependencies.spring-boot-actuator=org.springframework.boot:spring-boot-starter-actuator 2 | dependencies.prometheus=io.micrometer:micrometer-registry-prometheus -------------------------------------------------------------------------------- /layers/secure/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - env.yaml 6 | - service.yaml 7 | -------------------------------------------------------------------------------- /layers/theia/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc.yaml 6 | - deployment.yaml 7 | -------------------------------------------------------------------------------- /layers/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - mount.yaml 6 | - annotations.yaml 7 | -------------------------------------------------------------------------------- /layers/tunnel/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - mandatory.yaml 6 | - service.yaml 7 | -------------------------------------------------------------------------------- /compose/artifactory/README.md: -------------------------------------------------------------------------------- 1 | Put this in your `~.m2/settings.xml`: 2 | 3 | ``` 4 | 5 | artifactory-local 6 | admin 7 | password 8 | 9 | ``` 10 | -------------------------------------------------------------------------------- /compose/mysql/docker-compose.yml: -------------------------------------------------------------------------------- 1 | mysql: 2 | image: mysql 3 | ports: 4 | - "3306:3306" 5 | environment: 6 | - MYSQL_ROOT_PASSWORD=root 7 | - MYSQL_DATABASE=test 8 | volumes: 9 | - "./conf.d:/etc/mysql/conf.d:ro" -------------------------------------------------------------------------------- /layers/samples/kpack/system/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Creates a server that can be used to store jar files to building images from 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - builder.yaml 6 | - ../server 7 | -------------------------------------------------------------------------------- /server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine as build 2 | 3 | WORKDIR /root 4 | 5 | COPY . . 6 | 7 | RUN CGO_ENABLED=0 go build -a -installsuffix cgo 8 | 9 | from ubuntu:bionic 10 | 11 | COPY --from=build /root/server . 12 | 13 | ENTRYPOINT ["/server"] -------------------------------------------------------------------------------- /compose/postgres/README.md: -------------------------------------------------------------------------------- 1 | The default database name is "postgres" so this should work (on localhost): 2 | 3 | ``` 4 | spring.datasource.url: jdbc:postgresql:postgres 5 | spring.datasource.username: postgres 6 | spring.datasource.password: postgres 7 | ``` 8 | -------------------------------------------------------------------------------- /qemu/default.nix: -------------------------------------------------------------------------------- 1 | with import {}; 2 | stdenv.mkDerivation { 3 | name = "env"; 4 | buildInputs = [ 5 | qemu 6 | ]; 7 | } 8 | # ~/.nix-defexpr/channels/nixpkgs/pkgs/misc/vscode-extensions/update_installed_exts.sh | tee nix/extensions.nix 9 | -------------------------------------------------------------------------------- /compose/httpd/docker-compose.yml: -------------------------------------------------------------------------------- 1 | httpd: 2 | image: httpd:alpine 3 | environment: 4 | - PORT=8080 5 | ports: 6 | - "8080:8080" 7 | volumes: 8 | - "./conf:/usr/local/apache2/conf:ro" 9 | - "./htdocs:/usr/local/apache2/htdocs:ro" 10 | -------------------------------------------------------------------------------- /compose/stomp/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM rabbitmq 2 | 3 | RUN rabbitmq-plugins enable --offline rabbitmq_management 4 | RUN rabbitmq-plugins enable --offline rabbitmq_stomp 5 | RUN rabbitmq-plugins enable --offline rabbitmq_web_stomp 6 | 7 | EXPOSE 15671 15672 15674 61613 8 | 9 | -------------------------------------------------------------------------------- /demo/k8s/libs/env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: app 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: app 10 | env: 11 | - name: EXT_LIBS 12 | value: /app/ext 13 | -------------------------------------------------------------------------------- /layers/theia/pv.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | name: theia 5 | labels: 6 | type: theia 7 | spec: 8 | capacity: 9 | storage: 8Gi 10 | accessModes: 11 | - ReadWriteOnce 12 | hostPath: 13 | path: "/mnt/data" -------------------------------------------------------------------------------- /kata/runtime-class.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: RuntimeClass 3 | apiVersion: node.k8s.io/v1beta1 4 | metadata: 5 | name: kata 6 | handler: kata 7 | --- 8 | kind: RuntimeClass 9 | apiVersion: node.k8s.io/v1beta1 10 | metadata: 11 | name: kata-qemu 12 | handler: kata-qemu 13 | -------------------------------------------------------------------------------- /layers/samples/simple/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namePrefix: demo- 4 | commonLabels: 5 | app: demo-app 6 | resources: 7 | - ../../base 8 | images: 9 | - name: dsyer/template 10 | newName: dsyer/demo 11 | -------------------------------------------------------------------------------- /compose/mysql/README.md: -------------------------------------------------------------------------------- 1 | To connect you need to use an IP address or not "localhost": 2 | 3 | $ mysql -h 127.0.0.1 -u root -p test 4 | 5 | (password is "root"). 6 | 7 | Poke around... 8 | 9 | mysql> show databases; 10 | mysql> use test; 11 | mysql> show tables; 12 | -------------------------------------------------------------------------------- /demo/k8s/libs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../vendor/base 6 | patchesStrategicMerge: 7 | - env.yaml 8 | images: 9 | - name: dsyer/template 10 | newName: dsyer/demo -------------------------------------------------------------------------------- /layers/samples/nginx-ingress/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-tunnel 5 | namespace: ingress-nginx 6 | annotations: 7 | # has to be unique (and >3 chars) 8 | # ingress with host rules in *.wood.test.dsyer.com will work 9 | domain: wood -------------------------------------------------------------------------------- /bootable/README.md: -------------------------------------------------------------------------------- 1 | Attempt to build a bootable VM from a docker image. Almost works. Fails to boot when it can't mount /dev/sda1, so you can make progress by manually running `mount -t ext3 /dev/sda1 /sysroot` and `exit`. Then the app runs but very slow and the network isn't working (e.g. `/etc/hosts` is empty). -------------------------------------------------------------------------------- /default.nix: -------------------------------------------------------------------------------- 1 | with import {}; 2 | stdenv.mkDerivation { 3 | name = "env"; 4 | buildInputs = [ 5 | jdk24 6 | kind 7 | kubectl 8 | skaffold 9 | ]; 10 | } 11 | # ~/.nix-defexpr/channels/nixpkgs/pkgs/misc/vscode-extensions/update_installed_exts.sh | tee nix/extensions.nix 12 | -------------------------------------------------------------------------------- /demo/k8s/gcr/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../vendor/base 6 | transformers: 7 | - ../vendor/env 8 | images: 9 | - name: dsyer/template 10 | newName: gcr.io/cf-sandbox-dsyer/demo -------------------------------------------------------------------------------- /compose/rabbit/README.md: -------------------------------------------------------------------------------- 1 | == Testing STOMP 2 | 3 | ``` 4 | $ docker-compose up stomp 5 | $ nc localhost 61613 6 | CONNECT 7 | 8 | 9 | ^@ 10 | CONNECTED 11 | session:session-1tQu9gpqUadfHCdKu4A6hw 12 | heart-beat:0,0 13 | server:RabbitMQ/3.5.1 14 | version:1.0 15 | 16 | DISCONNECT 17 | 18 | 19 | ^@ 20 | ``` 21 | -------------------------------------------------------------------------------- /compose/stomp/README.md: -------------------------------------------------------------------------------- 1 | == Testing STOMP 2 | 3 | ``` 4 | $ docker-compose up stomp 5 | $ nc localhost 61613 6 | CONNECT 7 | 8 | 9 | ^@ 10 | CONNECTED 11 | session:session-1tQu9gpqUadfHCdKu4A6hw 12 | heart-beat:0,0 13 | server:RabbitMQ/3.5.1 14 | version:1.0 15 | 16 | DISCONNECT 17 | 18 | 19 | ^@ 20 | ``` 21 | -------------------------------------------------------------------------------- /layers/mysql/transformer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - app.yaml 6 | vars: 7 | - name: MYSQL_HOST 8 | objref: 9 | apiVersion: v1 10 | kind: Service 11 | name: mysql -------------------------------------------------------------------------------- /compose/kafka/README.md: -------------------------------------------------------------------------------- 1 | ``` 2 | $ fig up 3 | ``` 4 | 5 | Send a message: 6 | 7 | ``` 8 | $ curl localhost:8082/topics/input -H "Content-Type: application/vnd.kafka.json.v2+json" --data '{"records":[{"value":{"name": "testUser"}}]}' 9 | ``` 10 | 11 | Links: 12 | 13 | * https://github.com/confluentinc/kafka-rest 14 | -------------------------------------------------------------------------------- /compose/multi/settings.xml: -------------------------------------------------------------------------------- 1 | 5 | true 6 | 7 | -------------------------------------------------------------------------------- /layers/mysql/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: mysql 5 | labels: 6 | app: mysql 7 | annotations: 8 | volume.alpha.kubernetes.io/storage-class: default 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 8Gi -------------------------------------------------------------------------------- /layers/samples/init/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | # Can replace ../.. with github.com/dsyer/docker-services/layers/ 5 | - ../../base 6 | patchesStrategicMerge: 7 | - init.yaml 8 | images: 9 | - name: dsyer/template 10 | newName: dsyer/demo 11 | -------------------------------------------------------------------------------- /layers/samples/proxy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - service.yaml 5 | - config.yaml 6 | configMapGenerator: 7 | - name: nginx-config 8 | behavior: merge 9 | files: 10 | - nginx.conf 11 | - proxy.conf 12 | - mime.types 13 | -------------------------------------------------------------------------------- /layers/theia/pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: theia 5 | labels: 6 | app: theia 7 | annotations: 8 | volume.alpha.kubernetes.io/storage-class: default 9 | spec: 10 | accessModes: 11 | - ReadWriteOnce 12 | resources: 13 | requests: 14 | storage: 8Gi -------------------------------------------------------------------------------- /layers/mysql/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - pvc.yaml 6 | - deployment.yaml 7 | - config.yaml 8 | secretGenerator: 9 | - name: mysql-config 10 | behavior: merge 11 | envs: 12 | - application.env -------------------------------------------------------------------------------- /layers/samples/enhanced/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namePrefix: demo- 4 | 5 | commonLabels: 6 | app: demo 7 | 8 | resources: 9 | - ../../base 10 | transformers: 11 | - ../../env 12 | - ../../actuator 13 | 14 | images: 15 | - name: dsyer/template 16 | newName: dsyer/demo 17 | -------------------------------------------------------------------------------- /layers/samples/secure/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namePrefix: demo- 4 | commonLabels: 5 | app: demo 6 | resources: 7 | - ../../base 8 | transformers: 9 | - ../../env 10 | - ../../secure 11 | - ../../actuator 12 | images: 13 | - name: dsyer/template 14 | newName: dsyer/demo 15 | -------------------------------------------------------------------------------- /layers/samples/kpack/server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Creates a server that can be used to store jar files to building images from 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namePrefix: server- 5 | commonLabels: 6 | app: server-app 7 | resources: 8 | - service.yaml 9 | images: 10 | - name: dsyer/template 11 | newName: dsyer/server -------------------------------------------------------------------------------- /compose/nginx/conf/conf.d/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | http2 on; 3 | listen 80; 4 | listen 443 ssl; 5 | server_name foo; 6 | ssl_certificate server.crt; 7 | ssl_certificate_key server.key; 8 | 9 | location / { 10 | grpc_pass grpc://172.17.0.1:9090; 11 | } 12 | 13 | } 14 | 15 | -------------------------------------------------------------------------------- /layers/mysql/pv.yaml: -------------------------------------------------------------------------------- 1 | # ssh into the nodes, mkdir /mnt/data and then apply this on clusters without a default pv (e.g. katacoda) 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: mysql 6 | labels: 7 | type: mysql 8 | spec: 9 | capacity: 10 | storage: 8Gi 11 | accessModes: 12 | - ReadWriteOnce 13 | hostPath: 14 | path: "/mnt/data" 15 | -------------------------------------------------------------------------------- /layers/samples/job/job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: job 5 | spec: 6 | parallelism: 2 7 | completions: 2 8 | template: 9 | spec: 10 | containers: 11 | - name: hello 12 | image: busybox 13 | args: 14 | - /bin/sh 15 | - -c 16 | - date; env; find /var/run 17 | restartPolicy: Never -------------------------------------------------------------------------------- /layers/secure/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: builtin 2 | kind: PatchTransformer 3 | metadata: 4 | name: switch-service 5 | target: 6 | version: v1 7 | kind: Service 8 | name: app 9 | patch: |- 10 | apiVersion: v1 11 | kind: Service 12 | metadata: 13 | name: app 14 | spec: 15 | ports: 16 | - protocol: TCP 17 | port: 80 18 | targetPort: 80 19 | -------------------------------------------------------------------------------- /demo/k8s/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namePrefix: dev- 5 | commonLabels: 6 | app: dev-demo 7 | resources: 8 | - ../vendor/base 9 | transformers: 10 | - ../vendor/actuator 11 | - ../vendor/env 12 | images: 13 | - name: dsyer/template 14 | newName: dsyer/demo -------------------------------------------------------------------------------- /compose/httpd/hello.yml: -------------------------------------------------------------------------------- 1 | apiVersion: projectriff.io/v1 2 | kind: Function 3 | metadata: 4 | name: hello 5 | spec: 6 | protocol: http 7 | input: names 8 | container: 9 | image: gcr.io/cf-sandbox-dsyer/hello-cgi:latest 10 | env: 11 | - name: PORT 12 | value: 8080 13 | --- 14 | 15 | apiVersion: projectriff.io/v1 16 | kind: Topic 17 | metadata: 18 | name: names 19 | -------------------------------------------------------------------------------- /layers/samples/service/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: demo 5 | spec: 6 | ports: 7 | - protocol: TCP 8 | port: 80 9 | targetPort: 80 10 | --- 11 | 12 | apiVersion: v1 13 | kind: Endpoints 14 | metadata: 15 | name: demo 16 | subsets: 17 | - addresses: 18 | # httpbin.org 19 | - ip: 54.172.95.6 20 | ports: 21 | - port: 80 -------------------------------------------------------------------------------- /layers/samples/nginx-ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../tunnel 5 | patchesStrategicMerge: 6 | - deployment.yaml 7 | vars: 8 | - name: DOMAIN 9 | objref: 10 | apiVersion: apps/v1 11 | kind: Deployment 12 | name: nginx-tunnel 13 | fieldref: 14 | fieldpath: metadata.annotations.domain 15 | -------------------------------------------------------------------------------- /demo/k8s/prod/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namePrefix: dev- 5 | commonLabels: 6 | app: dev-demo 7 | resources: 8 | - ../vendor/base 9 | transformers: 10 | - ../vendor/actuator 11 | - ../vendor/prometheus 12 | - ../vendor/env 13 | images: 14 | - name: dsyer/template 15 | newName: dsyer/demo -------------------------------------------------------------------------------- /sidecar/settings.conf: -------------------------------------------------------------------------------- 1 | proxy_set_header X-Real-IP $remote_addr; 2 | proxy_redirect off; 3 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 4 | proxy_set_header Host $http_host; 5 | proxy_redirect off; 6 | proxy_set_header X-Forwarded-Proto $scheme; 7 | proxy_set_header X-NginX-Proxy true; 8 | proxy_connect_timeout 600; 9 | proxy_send_timeout 600; 10 | proxy_read_timeout 600; 11 | send_timeout 600; 12 | -------------------------------------------------------------------------------- /bootable/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM dsyer/demo as build 2 | 3 | FROM openjdk:8-jdk-alpine as base 4 | RUN apk update 5 | RUN apk add linux-virt 6 | RUN apk add openrc 7 | RUN echo root:root | chpasswd 8 | 9 | FROM base 10 | VOLUME /tmp 11 | WORKDIR / 12 | COPY --from=build /app app 13 | ENTRYPOINT ["sh", "-c", "java -noverify -XX:TieredStopAtLevel=1 -cp /app:/app/lib/*:${EXT_LIBS}/* com.example.demo.DemoApplication ${0} ${@}"] -------------------------------------------------------------------------------- /demo/k8s/node/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # $ kustomize build k8s/dev | kubectl apply -f - 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namePrefix: dev- 5 | commonLabels: 6 | app: dev-demo 7 | resources: 8 | - ../vendor/base 9 | patchesStrategicMerge: 10 | - service.yaml 11 | transformers: 12 | - ../vendor/actuator 13 | - ../vendor/env 14 | images: 15 | - name: dsyer/template 16 | newName: dsyer/demo -------------------------------------------------------------------------------- /compose/isolated/src/main/java/com/example/isolated/DemoApplication.java: -------------------------------------------------------------------------------- 1 | package com.example.isolated; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class DemoApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(DemoApplication.class, args); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /compose/wurst/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | zookeeper: 4 | image: wurstmeister/zookeeper 5 | ports: 6 | - "2181:2181" 7 | kafka: 8 | image: wurstmeister/kafka 9 | ports: 10 | - "9092:9092" 11 | environment: 12 | KAFKA_ADVERTISED_HOST_NAME: localhost 13 | KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 14 | volumes: 15 | - /var/run/docker.sock:/var/run/docker.sock -------------------------------------------------------------------------------- /layers/samples/config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namePrefix: demo- 4 | commonLabels: 5 | app: demo-app 6 | resources: 7 | - ../../base 8 | patchesStrategicMerge: 9 | - config.yaml 10 | images: 11 | - name: dsyer/template 12 | newName: dsyer/demo 13 | configMapGenerator: 14 | - name: env-config 15 | behavior: merge 16 | files: 17 | - application.yml -------------------------------------------------------------------------------- /sidecar/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -e /var/run/secrets/kubernetes.io/serviceaccount/token ]; then 4 | token=`cat /var/run/secrets/kubernetes.io/serviceaccount/token` 5 | cat > /etc/nginx/token.conf << EOF 6 | map \$host \$token { 7 | default "$token"; 8 | } 9 | EOF 10 | else 11 | cat > /etc/nginx/token.conf << EOF 12 | map \$host \$token { 13 | default letmein; 14 | } 15 | EOF 16 | fi 17 | 18 | nginx -g 'daemon off;' -------------------------------------------------------------------------------- /layers/samples/kpack/server/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: app 5 | spec: 6 | replicas: 1 7 | template: 8 | spec: 9 | containers: 10 | - name: static 11 | image: dsyer/template 12 | 13 | --- 14 | 15 | apiVersion: v1 16 | kind: Service 17 | metadata: 18 | name: app 19 | spec: 20 | ports: 21 | - protocol: TCP 22 | port: 3001 23 | targetPort: 3001 24 | -------------------------------------------------------------------------------- /layers/samples/kpack/image.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: build.pivotal.io/v1alpha1 2 | kind: Image 3 | metadata: 4 | name: demo 5 | spec: 6 | tag: dsyer/demo 7 | serviceAccount: service-account 8 | builder: 9 | name: default-builder 10 | kind: ClusterBuilder 11 | source: 12 | blob: 13 | # Build a fat jar and push it to this server using `curl server:3001/app.0.jar --data-binary @myapp.jar ...` 14 | url: http://server-app:3001/app.0.jar -------------------------------------------------------------------------------- /demo/src/test/java/com/example/demo/DemoApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.example.demo; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringRunner; 7 | 8 | @RunWith(SpringRunner.class) 9 | @SpringBootTest 10 | public class DemoApplicationTests { 11 | 12 | @Test 13 | public void contextLoads() { 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /compose/h2/docker-compose.yml: -------------------------------------------------------------------------------- 1 | h2: 2 | image: oscarfonts/h2 3 | ports: 4 | - "9092:9092" 5 | - "9093:9093" 6 | volumes: 7 | - /root/tmp 8 | command: 9 | - sh 10 | - -c 11 | - > 12 | java -cp /opt/h2/bin/h2*.jar org.h2.tools.Server 13 | -ifNotExists -web -webAllowOthers -webPort 9093 14 | -tcp -tcpAllowOthers -tcpPort 9092 -baseDir /root/tmp 15 | working_dir: /root/tmp 16 | 17 | # jdbc:h2://localhost:9092/test 18 | -------------------------------------------------------------------------------- /compose/isolated/src/test/java/com/example/demo/DemoApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.example.demo; 2 | 3 | import org.junit.Test; 4 | import org.junit.runner.RunWith; 5 | import org.springframework.boot.test.context.SpringBootTest; 6 | import org.springframework.test.context.junit4.SpringRunner; 7 | 8 | @RunWith(SpringRunner.class) 9 | @SpringBootTest 10 | public class DemoApplicationTests { 11 | 12 | @Test 13 | public void contextLoads() { 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /layers/env/env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: builtin 2 | kind: PatchTransformer 3 | metadata: 4 | name: set-env 5 | target: 6 | group: apps 7 | version: v1 8 | kind: Deployment 9 | name: app 10 | patch: |- 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | metadata: 14 | name: app 15 | spec: 16 | template: 17 | spec: 18 | containers: 19 | - name: app 20 | env: 21 | - name: EXT_LIBS 22 | value: /app/ext 23 | -------------------------------------------------------------------------------- /compose/isolated/.gitignore: -------------------------------------------------------------------------------- 1 | root/.ash* 2 | root/.m2/repository/ 3 | root/.m2/wrapper/ 4 | 5 | /target/ 6 | !.mvn/wrapper/maven-wrapper.jar 7 | 8 | ### STS ### 9 | .apt_generated 10 | .classpath 11 | .factorypath 12 | .project 13 | .settings 14 | .springBeans 15 | .sts4-cache 16 | 17 | ### IntelliJ IDEA ### 18 | .idea 19 | *.iws 20 | *.iml 21 | *.ipr 22 | 23 | ### NetBeans ### 24 | /nbproject/private/ 25 | /build/ 26 | /nbbuild/ 27 | /dist/ 28 | /nbdist/ 29 | /.nb-gradle/ 30 | -------------------------------------------------------------------------------- /demo/.gitignore: -------------------------------------------------------------------------------- 1 | vendor/ 2 | 3 | HELP.md 4 | target/ 5 | !.mvn/wrapper/maven-wrapper.jar 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | 30 | ### VS Code ### 31 | .vscode/ 32 | !**/src/** 33 | -------------------------------------------------------------------------------- /compose/elk/docker-compose.yml: -------------------------------------------------------------------------------- 1 | elasticsearch: 2 | image: elasticsearch:6.8.0 3 | ports: 4 | - "9200:9200" 5 | - "9300:9300" 6 | 7 | logstash: 8 | image: logstash 9 | command: ["logstash", "-f", "/etc/logstash/conf.d/logstash.conf"] 10 | volumes: 11 | - ./logstash/conf:/etc/logstash/conf.d 12 | ports: 13 | - "5000:5000" 14 | links: 15 | - elasticsearch 16 | 17 | kibana: 18 | image: kibana 19 | ports: 20 | - "5601:5601" 21 | links: 22 | - elasticsearch -------------------------------------------------------------------------------- /layers/samples/config/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: app 5 | spec: 6 | replicas: 1 7 | template: 8 | spec: 9 | containers: 10 | - name: app 11 | volumeMounts: 12 | - mountPath: /app/config 13 | name: env-config 14 | env: 15 | - name: VERSION 16 | value: green 17 | volumes: 18 | - name: env-config 19 | configMap: 20 | name: env-config -------------------------------------------------------------------------------- /bootable/ttfr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | start_time="$(date -u +%s.%N)" 4 | qemu-system-x86_64 -hda disk.qcow -boot d -net nic -net user,hostfwd=tcp::8080-:8080 -localtime -m 4096 -smp 8 -loadvm petclinic4 -nographic & 5 | while ! curl localhost:8080 2>&1 > /dev/null; do 6 | sleep 0.01 7 | done 8 | end_time="$(date -u +%s.%N)" 9 | curl -w '\n' localhost:8080 10 | elapsed="$(bc <<< $end_time-$start_time)" 11 | echo "Total of $elapsed seconds elapsed for process" 12 | echo "Run 'pkill qemu' to kill the VM" 13 | -------------------------------------------------------------------------------- /compose/isolated/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "2" 2 | services: 3 | 4 | nexus: 5 | image: sonatype/nexus3 6 | ports: 7 | - "8081:8081" 8 | networks: 9 | - isolated 10 | - default 11 | 12 | app: 13 | image: openjdk:8-jdk-alpine 14 | command: ["./mvnw", "package"] 15 | working_dir: "/app" 16 | volumes: 17 | - ".:/app" 18 | - "./root:/root" 19 | networks: 20 | - isolated 21 | 22 | networks: 23 | isolated: 24 | driver: bridge 25 | internal: true 26 | -------------------------------------------------------------------------------- /compose/test/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM docker:dind 2 | ENV LANG C.UTF-8 3 | ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk 4 | ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin 5 | 6 | ENV JAVA_VERSION 8u131 7 | 8 | RUN apk add --no-cache py-pip curl 9 | RUN pip install docker-compose 10 | RUN apk add --no-cache openjdk8 11 | 12 | ADD run.sh /run.sh 13 | ADD docker-compose.yml /docker-compose.yml 14 | 15 | RUN mkdir /etc/docker && echo '{"debug":true}' > /etc/docker/daemon.json 16 | 17 | CMD ["/bin/sh"] -------------------------------------------------------------------------------- /layers/prometheus/annotations.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: builtin 2 | kind: PatchTransformer 3 | metadata: 4 | name: set-prometheus-annotations 5 | target: 6 | group: apps 7 | version: v1 8 | kind: Deployment 9 | name: app 10 | patch: |- 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | metadata: 14 | name: app 15 | spec: 16 | template: 17 | metadata: 18 | annotations: 19 | prometheus.io/path: /actuator/prometheus 20 | prometheus.io/port: "8080" 21 | prometheus.io/scrape: "true" 22 | -------------------------------------------------------------------------------- /qemu/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if ! [ -f disk.qcow ]; then 4 | echo No disk prepared. Use init.sh to create a VM and copy it to disk.qcow. 5 | exit 1 6 | else 7 | echo Using existing disk.qcow disk 8 | fi 9 | 10 | echo Ready to go. Exposing ssh on port 2222 of host. 11 | echo Use 'CTRL-A C' to switch to monitor. 12 | if qemu-img snapshot -l disk.qcow | grep init; then 13 | snapshot="-loadvm init" 14 | fi 15 | qemu-system-x86_64 -hda disk.qcow -net nic -net user,hostfwd=tcp::2222-:22,hostfwd=tcp::8080-:8080 -m 1024 -nographic $snapshot -------------------------------------------------------------------------------- /compose/elastic/config/logging.yml: -------------------------------------------------------------------------------- 1 | # you can override this using by setting a system property, for example -Des.logger.level=DEBUG 2 | es.logger.level: INFO 3 | rootLogger: ${es.logger.level}, console 4 | logger: 5 | # log action execution errors for easier debugging 6 | action: DEBUG 7 | # reduce the logging for aws, too much is logged under the default INFO 8 | com.amazonaws: WARN 9 | 10 | appender: 11 | console: 12 | type: console 13 | layout: 14 | type: consolePattern 15 | conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" -------------------------------------------------------------------------------- /qemu/ttfr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | start_time="$(date -u +%s.%N)" 4 | if qemu-img snapshot -l disk.qcow | grep init; then 5 | snapshot="-loadvm init" 6 | fi 7 | qemu-system-x86_64 -hda disk.qcow -net nic -net user,hostfwd=tcp::2222-:22,hostfwd=tcp::8080-:8080 -localtime -m 1024 -nographic $snapshot & 8 | while ! curl localhost:8080 2>&1 > /dev/null; do 9 | sleep 0.01 10 | done 11 | end_time="$(date -u +%s.%N)" 12 | curl -w '\n' localhost:8080 13 | elapsed="$(bc <<< $end_time-$start_time)" 14 | echo "Total of $elapsed seconds elapsed for process" 15 | pkill qemu 16 | -------------------------------------------------------------------------------- /compose/isolated/root/.m2/settings.xml: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | nexus 7 | * 8 | Local Nexus Sonatype Repository Mirror 9 | http://nexus:8081/repository/maven-central/ 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /layers/prometheus/mount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: builtin 2 | kind: PatchTransformer 3 | metadata: 4 | name: set-config-mount 5 | target: 6 | group: apps 7 | version: v1 8 | kind: Deployment 9 | name: app 10 | patch: |- 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | metadata: 14 | name: app 15 | spec: 16 | template: 17 | spec: 18 | containers: 19 | - name: app 20 | env: 21 | # TODO: This is kind of disappointing: 22 | - name: MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE 23 | value: prometheus,info,health 24 | -------------------------------------------------------------------------------- /compose/multi/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine as build 2 | WORKDIR /workspace/app 3 | COPY settings.xml . 4 | RUN mkdir /root/.m2 && cp settings.xml /root/.m2 5 | RUN mkdir target && echo {"foo":"bar"} > foo.json && echo foo > target/foo 6 | VOLUME /root/.m2 7 | 8 | FROM alpine as native 9 | WORKDIR /workspace/app 10 | COPY --from=build /workspace/app/target target 11 | COPY --from=build /workspace/app/*.json ./ 12 | RUN ls && ls /root/.m2 && echo foo > target/demo && chmod +x target/demo 13 | 14 | FROM alpine 15 | WORKDIR /workspace/app 16 | VOLUME /tmp 17 | COPY --from=native /workspace/app/target/demo ./ 18 | -------------------------------------------------------------------------------- /compose/petclinic/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | mysql: 4 | image: mysql 5 | ports: 6 | - "3306:3306" 7 | environment: 8 | - MYSQL_ROOT_PASSWORD=petclinic 9 | - MYSQL_DATABASE=petclinic 10 | volumes: 11 | - "./conf.d:/etc/mysql/conf.d:ro" 12 | petclinic: 13 | image: springdeveloper/spring-petclinic:2.0.0.BUILD-SNAPSHOT 14 | ports: 15 | - "8080:8080" 16 | depends_on: 17 | - mysql 18 | environment: 19 | - SPRING_PROFILES_ACTIVE=kubernetes 20 | - MYSQL_HOST=mysql 21 | - MYSQL_USERNAME=root 22 | - MYSQL_PASSWORD=petclinic 23 | -------------------------------------------------------------------------------- /bootable/simple.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | docker rm bootable 4 | docker build -t dsyer/bootable . 5 | docker create --name=bootable dsyer/bootable 6 | 7 | rm disk.* 8 | 9 | qemu-img create -f raw disk.img 1G 10 | mkfs.ext4 -F disk.img 11 | 12 | sudo mount -o loop disk.img /mnt 13 | 14 | docker export bootable | sudo tar x -C /mnt 15 | 16 | sudo umount /mnt 17 | 18 | qemu-img convert -f raw -O qcow2 disk.img disk.qcow 19 | 20 | # Boots (with manual mount of /dev/sda) but no networking 21 | # qemu-system-x86_64 -hda disk.qcow -initrd initramfs -kernel vmlinuz -net nic -net user,hostfwd=tcp::8080-:8080 -m 4096 -localtime -append root=/dev/sda -------------------------------------------------------------------------------- /layers/base/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: app 5 | spec: 6 | replicas: 1 7 | template: 8 | spec: 9 | containers: 10 | - name: app 11 | image: dsyer/template 12 | envFrom: 13 | - configMapRef: 14 | name: env-config 15 | resources: 16 | limits: 17 | memory: "1024Mi" 18 | requests: 19 | memory: "1024Mi" 20 | 21 | --- 22 | 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: app 27 | spec: 28 | ports: 29 | - protocol: TCP 30 | port: 80 31 | targetPort: 8080 32 | name: http 33 | -------------------------------------------------------------------------------- /server/README.adoc: -------------------------------------------------------------------------------- 1 | A simple HTTP server that creates and serves static content from a temp directory. 2 | 3 | * *GET* Serves content from /tmp/static. E.g. `GET /index.html` serves a file `/tmp/static/index.html` (if it exists). 4 | 5 | * *POST* Uploads content. E.g. 6 | 7 | $ curl http://localhost:3001/foo.json 8 | 404 page not found 9 | $ curl http://localhost:3001/foo.json -d @- 10 | {"Hello":"Foo"} 11 | $ curl http://localhost:3001/foo.json 12 | {"Hello":"Foo"} 13 | 14 | * *DELETE* Deletes content (recursively). 15 | 16 | If you POST a binary file (like a jar) remember to use `curl ... --data-binary` (not `-d`). -------------------------------------------------------------------------------- /layers/samples/petclinic/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | patches: 4 | - mysql.yaml 5 | resources: 6 | - ../../base 7 | - ../../mysql 8 | namePrefix: petclinic- 9 | # You can either include ../../mysql or use commonLabels here, but not both, 10 | # otherwise the app service selects the mysql pods 11 | # commonLabels: 12 | # app: petclinic 13 | transformers: 14 | - ../../mysql/transformer 15 | - ../../actuator 16 | images: 17 | - name: dsyer/template 18 | newName: springio/petclinic 19 | vars: 20 | - name: MYSQL_HOST 21 | objref: 22 | apiVersion: v1 23 | kind: Service 24 | name: mysql -------------------------------------------------------------------------------- /compose/squid/README.md: -------------------------------------------------------------------------------- 1 | Docker container for a forward proxy to the internet. 2 | 3 | For some reason `docker-compose` doesn't work if you use the `build` directive, but it does work with a named image. So you can 4 | 5 | ``` 6 | $ docker build -t dsyer/squid . 7 | $ docker-compose up 8 | ``` 9 | 10 | Then set env vars `https_proxy=http://localhost:3128` (or `git config 11 | http.proxy http://localhost:3128` for git only), or for Java processes 12 | use `-Dhttps.proxyHost=localhost`, `-Dhttps.proxyPort=3128`. If you 13 | curl a remote site or clone a remote repo the traffic will go through 14 | squid and you will see the access logs on stdout of the docker 15 | container. 16 | -------------------------------------------------------------------------------- /demo/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: demo 6 | name: demo 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: demo 11 | template: 12 | metadata: 13 | labels: 14 | app: demo 15 | spec: 16 | runtimeClassName: kata-qemu 17 | containers: 18 | - image: localhost:5000/apps/demo 19 | name: demo 20 | --- 21 | apiVersion: v1 22 | kind: Service 23 | metadata: 24 | labels: 25 | app: demo 26 | name: demo 27 | spec: 28 | ports: 29 | - name: 80-8080 30 | port: 80 31 | protocol: TCP 32 | targetPort: 8080 33 | selector: 34 | app: demo 35 | -------------------------------------------------------------------------------- /kata/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: kata-label-node 6 | namespace: kube-system 7 | --- 8 | kind: ClusterRole 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | metadata: 11 | name: node-labeler 12 | rules: 13 | - apiGroups: [""] 14 | resources: ["nodes"] 15 | verbs: ["get", "patch"] 16 | --- 17 | kind: ClusterRoleBinding 18 | apiVersion: rbac.authorization.k8s.io/v1 19 | metadata: 20 | name: kata-label-node-rb 21 | roleRef: 22 | apiGroup: rbac.authorization.k8s.io 23 | kind: ClusterRole 24 | name: node-labeler 25 | subjects: 26 | - kind: ServiceAccount 27 | name: kata-label-node 28 | namespace: kube-system 29 | 30 | -------------------------------------------------------------------------------- /layers/secure/env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: builtin 2 | kind: PatchTransformer 3 | metadata: 4 | name: add-sidecar 5 | target: 6 | group: apps 7 | version: v1 8 | kind: Deployment 9 | name: app 10 | patch: |- 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | metadata: 14 | name: app 15 | spec: 16 | template: 17 | spec: 18 | containers: 19 | - name: app 20 | ports: 21 | - containerPort: 8080 22 | env: 23 | - name: MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE 24 | value: '*' 25 | - name: sidecar 26 | image: dsyer/sidecar 27 | ports: 28 | - containerPort: 80 29 | -------------------------------------------------------------------------------- /layers/samples/sidecar/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: app 5 | spec: 6 | ports: 7 | - protocol: TCP 8 | port: 80 9 | targetPort: 80 10 | --- 11 | 12 | apiVersion: apps/v1 13 | kind: Deployment 14 | metadata: 15 | name: app 16 | spec: 17 | replicas: 1 18 | template: 19 | spec: 20 | containers: 21 | - name: app 22 | image: dsyer/petclinic 23 | ports: 24 | - containerPort: 8080 25 | env: 26 | - name: MANAGEMENT_ENDPOINTS_WEB_BASEPATH 27 | value: /actuator 28 | - name: sidecar 29 | image: dsyer/sidecar 30 | ports: 31 | - containerPort: 80 -------------------------------------------------------------------------------- /layers/samples/kpack/system/builder.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: build.pivotal.io/v1alpha1 2 | kind: ClusterBuilder 3 | metadata: 4 | name: default-builder 5 | spec: 6 | image: cloudfoundry/cnb:bionic 7 | 8 | --- 9 | 10 | apiVersion: v1 11 | kind: ServiceAccount 12 | metadata: 13 | name: service-account 14 | secrets: 15 | - name: registry-credentials 16 | 17 | --- 18 | 19 | apiVersion: v1 20 | kind: Secret 21 | metadata: 22 | name: registry-credentials 23 | annotations: 24 | build.pivotal.io/docker: index.docker.io 25 | type: kubernetes.io/basic-auth 26 | stringData: 27 | # cat builder.yaml | DOCKERHUB_USER=... DOCKERHUB_PASSWORD=... envsubst 28 | username: ${DOCKERHUB_USER} 29 | password: ${DOCKERHUB_PASSWORD} 30 | -------------------------------------------------------------------------------- /qemu/init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if ! [ -f alpine.iso ]; then 4 | curl -L -o alpine.iso http://dl-cdn.alpinelinux.org/alpine/v3.22/releases/x86_64/alpine-virt-3.22.1-x86_64.iso 5 | else 6 | echo Using existing alpine.iso CD 7 | fi 8 | 9 | if ! [ -f alpine.qcow ]; then 10 | qemu-img create -f qcow2 alpine.qcow 2G 11 | qemu-system-x86_64 -hda alpine.qcow -cdrom alpine.iso -net nic -net user -m 1024 12 | else 13 | echo Using existing alpine.qcow disk 14 | fi 15 | 16 | echo Ready to go. Exposing ssh on port 2222 of host. 17 | if qemu-img snapshot -l alpine.qcow | grep init; then 18 | snapshot="-loadvm init" 19 | fi 20 | qemu-system-x86_64 -hda alpine.qcow -net nic -net user,hostfwd=tcp::2222-:22 -m 1024 $snapshot -------------------------------------------------------------------------------- /skaffold.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: skaffold/v2beta5 2 | kind: Config 3 | build: 4 | artifacts: 5 | - image: dsyer/demo 6 | context: ./demo 7 | custom: 8 | buildCommand: ./mvnw spring-boot:build-image -D spring-boot.build-image.imageName=$IMAGE && docker push $IMAGE 9 | dependencies: 10 | paths: 11 | - pom.xml 12 | - src/main/resources 13 | - target/classes 14 | sync: 15 | manual: 16 | - src: "src/main/resources/**/*" 17 | dest: /workspace/BOOT-INF/classes 18 | strip: src/main/resources/ 19 | - src: "target/classes/**/*" 20 | dest: /workspace/BOOT-INF/classes 21 | strip: target/classes/ 22 | deploy: 23 | kustomize: 24 | paths: 25 | - "layers/samples/simple" -------------------------------------------------------------------------------- /layers/kafka/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - deployment.yaml 5 | - config.yaml 6 | configMapGenerator: 7 | - name: kafka-metadata 8 | behavior: merge 9 | literals: 10 | # Has to be a config map (not a secret) because of kustomize vars restrictions 11 | - host=$(KAFKA_HOST) 12 | - kind=kafka 13 | - provider=dsyer 14 | - | 15 | tags=messaging 16 | kafka 17 | secretGenerator: 18 | - name: kafka-secret 19 | behavior: merge 20 | literals: 21 | - port=29092 22 | vars: 23 | - name: KAFKA_HOST 24 | objref: 25 | apiVersion: v1 26 | kind: Service 27 | name: kafka-broker 28 | configurations: 29 | - varreference.yaml -------------------------------------------------------------------------------- /compose/proxy/README.md: -------------------------------------------------------------------------------- 1 | Docker container for a reverse proxy routing to 2 backends based on a cookie or header. 2 | 3 | Requests go to the first service listed by default, and can be sent to other services by adding an HTTP header `X-Server-Select` equal to the service name. Routing by a cookie is also supported: 4 | 5 | ``` 6 | $ curl localhost:8080 -H "Cookie: backend=blue" 7 | Blue 8 | $ curl localhost:8080 -H "Cookie: backend=green" 9 | Green 10 | $ curl localhost:8080 11 | Green 12 | ``` 13 | 14 | The responses have headers that recor the routing decision: 15 | 16 | ``` 17 | $ curl -v localhost:8080 -H "Cookie: backend=blue" 18 | ... 19 | < X-Server: blue 20 | < X-Route: cookie 21 | ... 22 | ``` 23 | 24 | In a browser there is an endpoint you can visit `/choose/{route}` to set the cookie. 25 | -------------------------------------------------------------------------------- /compose/nginx/conf/nginx.conf: -------------------------------------------------------------------------------- 1 | 2 | user nginx; 3 | worker_processes 1; 4 | 5 | error_log /var/log/nginx/error.log warn; 6 | pid /var/run/nginx.pid; 7 | 8 | 9 | events { 10 | worker_connections 1024; 11 | } 12 | 13 | 14 | http { 15 | include /etc/nginx/mime.types; 16 | default_type application/octet-stream; 17 | 18 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 19 | '$status $body_bytes_sent "$http_referer" ' 20 | '"$http_user_agent" "$http_x_forwarded_for"'; 21 | 22 | access_log /var/log/nginx/access.log main; 23 | 24 | sendfile on; 25 | #tcp_nopush on; 26 | 27 | keepalive_timeout 65; 28 | 29 | #gzip on; 30 | 31 | include /etc/nginx/conf.d/*.conf; 32 | } 33 | -------------------------------------------------------------------------------- /layers/mysql/transformer/app.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: builtin 2 | kind: PatchTransformer 3 | metadata: 4 | name: set-volumes 5 | target: 6 | group: apps 7 | version: v1 8 | kind: Deployment 9 | matchLabels: 10 | services: mysql 11 | patch: |- 12 | apiVersion: apps/v1 13 | kind: Deployment 14 | metadata: 15 | name: irrelevant 16 | spec: 17 | template: 18 | spec: 19 | containers: 20 | - name: app 21 | volumeMounts: 22 | - name: mysql 23 | mountPath: /config/bindings/mysql 24 | env: 25 | - name: SERVICE_BINDING_ROOT 26 | value: /config/bindings 27 | - name: MYSQL_HOST 28 | value: $(MYSQL_HOST) 29 | volumes: 30 | - name: mysql 31 | secret: 32 | secretName: mysql-config 33 | -------------------------------------------------------------------------------- /layers/samples/proxy/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: proxy 5 | labels: 6 | proxy: proxy 7 | spec: 8 | selector: 9 | proxy: proxy 10 | ports: 11 | - protocol: TCP 12 | port: 80 13 | targetPort: 80 14 | --- 15 | 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | metadata: 19 | name: proxy 20 | labels: 21 | proxy: proxy 22 | spec: 23 | replicas: 1 24 | selector: 25 | matchLabels: 26 | proxy: proxy 27 | template: 28 | metadata: 29 | labels: 30 | proxy: proxy 31 | spec: 32 | containers: 33 | - name: app 34 | image: nginx 35 | volumeMounts: 36 | - name: nginx 37 | mountPath: /etc/nginx 38 | volumes: 39 | - name: nginx 40 | configMap: 41 | name: nginx-config 42 | -------------------------------------------------------------------------------- /layers/actuator/probes.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: builtin 2 | kind: PatchTransformer 3 | metadata: 4 | name: set-probes 5 | target: 6 | group: apps 7 | version: v1 8 | kind: Deployment 9 | name: app 10 | patch: |- 11 | apiVersion: apps/v1 12 | kind: Deployment 13 | metadata: 14 | name: app 15 | spec: 16 | template: 17 | spec: 18 | containers: 19 | - name: app 20 | livenessProbe: 21 | httpGet: 22 | path: /actuator/info 23 | port: 8080 24 | initialDelaySeconds: 60 25 | periodSeconds: 3 26 | timeoutSeconds: 30 27 | readinessProbe: 28 | initialDelaySeconds: 60 29 | periodSeconds: 10 30 | httpGet: 31 | path: /actuator/health 32 | port: 8080 33 | -------------------------------------------------------------------------------- /compose/elastic/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | # Add elasticsearch as command if needed 6 | if [ "${1:0:1}" = '-' ]; then 7 | set -- elasticsearch "$@" 8 | fi 9 | 10 | # Drop root privileges if we are running elasticsearch 11 | # allow the container to be started with `--user` 12 | if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then 13 | # Change the ownership of user-mutable directories to elasticsearch 14 | for path in \ 15 | /usr/share/elasticsearch/data \ 16 | /usr/share/elasticsearch/logs \ 17 | ; do 18 | chown -R elasticsearch:elasticsearch "$path" 19 | done 20 | 21 | set -- su-exec elasticsearch "$@" 22 | #exec su-exec elasticsearch "$BASH_SOURCE" "$@" 23 | fi 24 | 25 | # As argument is not related to elasticsearch, 26 | # then assume that user wants to run his own process, 27 | # for example a `bash` shell to explore this image 28 | exec "$@" 29 | -------------------------------------------------------------------------------- /compose/elk/logstash/conf/logstash.conf: -------------------------------------------------------------------------------- 1 | input { 2 | tcp { 3 | port => 5000 4 | } 5 | } 6 | 7 | filter { 8 | 9 | # pattern matching logback pattern 10 | grok { 11 | match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+\[%{DATA:service},%{DATA:trace},%{DATA:span},%{DATA:exportable}\]\s+%{DATA:pid}---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest}" } 12 | } 13 | 14 | # Without sleuth: 15 | # %{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+[0-9]+\s+---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest} 16 | 17 | # With sleuth: 18 | # %{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+\[%{DATA:service},%{DATA:trace},%{DATA:span},%{DATA:exportable}\]\s+[0-9]+\s+---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest} 19 | 20 | } 21 | 22 | output { 23 | elasticsearch { 24 | hosts => "elasticsearch:9200" 25 | } 26 | } -------------------------------------------------------------------------------- /demo/src/main/java/com/example/demo/DemoApplication.java: -------------------------------------------------------------------------------- 1 | package com.example.demo; 2 | 3 | import java.util.function.Function; 4 | 5 | import org.springframework.boot.SpringApplication; 6 | import org.springframework.boot.autoconfigure.SpringBootApplication; 7 | import org.springframework.stereotype.Component; 8 | import org.springframework.web.bind.annotation.GetMapping; 9 | import org.springframework.web.bind.annotation.RestController; 10 | 11 | @SpringBootApplication 12 | @RestController 13 | public class DemoApplication { 14 | 15 | @GetMapping("/") 16 | public String home() { 17 | return "Hello World!"; 18 | } 19 | 20 | public static void main(String[] args) { 21 | SpringApplication.run(DemoApplication.class, args); 22 | } 23 | 24 | } 25 | 26 | @Component 27 | class Listener implements Function { 28 | 29 | @Override 30 | public String apply(String value) { 31 | return value.toUpperCase(); 32 | } 33 | 34 | } -------------------------------------------------------------------------------- /envoy/service.yaml: -------------------------------------------------------------------------------- 1 | # kubectl apply -f https://www.getambassador.io/yaml/ambassador/ambassador-rbac.yaml 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | service: ambassador 7 | name: ambassador 8 | spec: 9 | # type: LoadBalancer 10 | ports: 11 | - port: 80 12 | targetPort: 8080 13 | selector: 14 | service: ambassador 15 | --- 16 | apiVersion: v1 17 | kind: Service 18 | metadata: 19 | name: google 20 | annotations: 21 | getambassador.io/config: | 22 | --- 23 | apiVersion: ambassador/v0 24 | kind: Mapping 25 | name: google_mapping 26 | prefix: /google/ 27 | service: https://example.com 28 | host_rewrite: www.example.com 29 | spec: 30 | type: ClusterIP 31 | clusterIP: None 32 | 33 | --- 34 | apiVersion: getambassador.io/v2 35 | kind: Mapping 36 | metadata: 37 | name: httpbin-mapping 38 | spec: 39 | prefix: /httpbin/ 40 | service: http://httpbin.org -------------------------------------------------------------------------------- /demo/src/build/extra-libs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | BASE=`dirname $0`/../.. 4 | TARGET=${BASE}/target 5 | 6 | if [ -z ${THIN_VERSION} ]; then THIN_VERSION=1.0.23.RELEASE; fi 7 | if [ -z ${JAR_FILE} ]; then JAR_FILE=${TARGET}/docker-demo-0.0.1-SNAPSHOT.jar; fi 8 | THIN_JAR=~/.m2/repository/org/springframework/boot/experimental/spring-boot-thin-launcher/${THIN_VERSION}/spring-boot-thin-launcher-${THIN_VERSION}-exec.jar 9 | 10 | $BASE/mvnw dependency:get -Dartifact=org.springframework.boot.experimental:spring-boot-thin-launcher:${THIN_VERSION}:jar:exec -Dtransitive=false 11 | CPPARENT=`java -Dthin.trace=true -jar ${THIN_JAR} --thin.archive=${JAR_FILE} --thin.classpath` 12 | CPCHILD=`java -Dthin.trace=true -jar ${THIN_JAR} --thin.archive=${JAR_FILE} --thin.classpath --thin.parent=${JAR_FILE} --thin.profile=k8s` 13 | 14 | mkdir -p ${TARGET}/dependency/ext 15 | for f in `echo ${CPCHILD#${CPPARENT}*} | tr ':' ' '`; do 16 | cp $f ${TARGET}/dependency/ext; 17 | done -------------------------------------------------------------------------------- /compose/hydra/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | services: 4 | 5 | hydra: 6 | image: oryd/hydra:latest 7 | ports: 8 | - "4444:4444" # Public port 9 | - "4445:4445" # Admin port 10 | - "5555:5555" # Port for hydra token user 11 | command: 12 | serve all --dangerous-force-http 13 | environment: 14 | - URLS_SELF_ISSUER=http://127.0.0.1:4444 15 | - URLS_CONSENT=http://127.0.0.1:3000/consent 16 | - URLS_LOGIN=http://127.0.0.1:3000/login 17 | - URLS_LOGOUT=http://127.0.0.1:3000/logout 18 | - DSN=memory 19 | - SECRETS_SYSTEM=youReallyNeedToChangeThis 20 | - OIDC_SUBJECT_TYPES_SUPPORTED=public,pairwise 21 | - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=youReallyNeedToChangeThis 22 | restart: unless-stopped 23 | 24 | consent: 25 | environment: 26 | - HYDRA_ADMIN_URL=http://hydra:4445 27 | image: oryd/hydra-login-consent-node:v1.0.0-rc.10 28 | ports: 29 | - "3000:3000" 30 | restart: unless-stopped -------------------------------------------------------------------------------- /layers/samples/init/init.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: app 5 | spec: 6 | template: 7 | spec: 8 | initContainers: 9 | - name: jar 10 | volumeMounts: 11 | - mountPath: /app/thin 12 | name: app 13 | image: tutum/curl 14 | command: 15 | - curl 16 | - -L 17 | - -o 18 | - /app/thin/launcher.jar 19 | - http://repo1.maven.org/maven2/org/springframework/boot/experimental/spring-boot-thin-launcher/1.0.23.RELEASE/spring-boot-thin-launcher-1.0.23.RELEASE-exec.jar 20 | containers: 21 | - name: app 22 | volumeMounts: 23 | - mountPath: /app/thin 24 | name: app 25 | command: 26 | - java 27 | - -jar 28 | - /app/thin/launcher.jar 29 | - --thin.archive=/app 30 | - --thin.trace=true 31 | - --thin.profile=k8s 32 | volumes: 33 | - name: app 34 | emptyDir: {} -------------------------------------------------------------------------------- /compose/squid/Dockerfile: -------------------------------------------------------------------------------- 1 | # encoding: UTF-8 2 | # 3 | # Author: Dave Syer 4 | # License: Apache License, Version 2.0 5 | # Copyright: (C) 2014-2015 Dave Syer 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | 20 | FROM alpine:3.2 21 | MAINTAINER Dave Syer 22 | 23 | RUN apk add --update squid 24 | RUN rm -rf /var/cache/apk/* 25 | 26 | COPY start.sh / 27 | 28 | ENTRYPOINT ["/start.sh"] 29 | CMD ["squid", "-N"] 30 | -------------------------------------------------------------------------------- /demo/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:experimental 2 | FROM openjdk:8-jdk-alpine as build 3 | WORKDIR /workspace/app 4 | 5 | COPY mvnw . 6 | COPY .mvn .mvn 7 | COPY pom.xml . 8 | COPY src src 9 | 10 | RUN --mount=type=cache,target=/root/.m2 ./mvnw install -DskipTests 11 | RUN mkdir -p target/dependency && (cd target/dependency; jar -xf ../*.jar) 12 | RUN --mount=type=cache,target=/root/.m2 src/build/extra-libs.sh 13 | 14 | FROM openjdk:8-jdk-alpine 15 | RUN addgroup -S demo && adduser -S demo -G demo 16 | VOLUME /tmp 17 | ARG DEPENDENCY=/workspace/app/target/dependency 18 | COPY --from=build ${DEPENDENCY}/BOOT-INF/lib /app/lib 19 | COPY --from=build ${DEPENDENCY}/ext /app/ext 20 | COPY --from=build ${DEPENDENCY}/META-INF /app/META-INF 21 | COPY --from=build ${DEPENDENCY}/BOOT-INF/classes /app 22 | RUN chown -R demo:demo /app 23 | USER demo 24 | ENV MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=info,health,metrics,prometheus 25 | ENTRYPOINT ["sh", "-c", "java -noverify -XX:TieredStopAtLevel=1 -cp /app:/app/lib/*:${EXT_LIBS}/* \ 26 | com.example.demo.DemoApplication ${0} ${@}"] 27 | -------------------------------------------------------------------------------- /bootable/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | docker rm bootable 4 | docker build -t dsyer/bootable . 5 | docker create --name=bootable dsyer/bootable 6 | 7 | rm disk.* 8 | 9 | qemu-img create -f raw disk.img 1G 10 | 11 | sfdisk disk.img < Preferences > Settings > Remote. 17 | "settings": { 18 | "terminal.integrated.shell.linux": "/bin/bash", 19 | "go.gopath": "/go" 20 | }, 21 | 22 | // Uncomment the next line if you want to publish any ports. 23 | "appPort": [3001], 24 | 25 | // Uncomment the next line to run commands after the container is created. 26 | // "postCreateCommand": "go version", 27 | 28 | // Add the IDs of extensions you want installed when the container is created in the array below. 29 | "extensions": [ 30 | "ms-vscode.go" 31 | ] 32 | } -------------------------------------------------------------------------------- /compose/proxy/conf/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes 1; 3 | 4 | error_log stderr warn; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | include /etc/nginx/mime.types; 13 | default_type application/octet-stream; 14 | 15 | log_format main '$remote_addr - "$http_x_server_select":$remote_user [$time_local] "$request" ' 16 | '$status $body_bytes_sent "$http_referer" ' 17 | '"$http_user_agent" "$http_x_forwarded_for"'; 18 | 19 | access_log /dev/stdout main; 20 | 21 | sendfile off; 22 | #tcp_nopush on; 23 | tcp_nodelay on; 24 | 25 | keepalive_timeout 65; 26 | 27 | gzip on; 28 | gzip_http_version 1.1; 29 | gzip_comp_level 5; 30 | gzip_min_length 256; 31 | gzip_proxied any; 32 | gzip_vary on; 33 | 34 | gzip_types 35 | application/atom+xml 36 | application/javascript 37 | application/json 38 | application/rss+xml 39 | application/vnd.ms-fontobject 40 | application/x-font-ttf 41 | application/x-web-app-manifest+json 42 | application/xhtml+xml 43 | application/xml 44 | font/opentype 45 | image/svg+xml 46 | image/x-icon 47 | text/css 48 | text/plain 49 | text/x-component; 50 | # text/html is always compressed by HttpGzipModule 51 | 52 | include proxy.conf; 53 | } -------------------------------------------------------------------------------- /layers/samples/proxy/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes 1; 3 | 4 | error_log stderr warn; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | include /etc/nginx/mime.types; 13 | default_type application/octet-stream; 14 | 15 | log_format main '$remote_addr - "$http_x_server_select":$remote_user [$time_local] "$request" ' 16 | '$status $body_bytes_sent "$http_referer" ' 17 | '"$http_user_agent" "$http_x_forwarded_for"'; 18 | 19 | access_log /dev/stdout main; 20 | 21 | sendfile off; 22 | #tcp_nopush on; 23 | tcp_nodelay on; 24 | 25 | keepalive_timeout 65; 26 | 27 | gzip on; 28 | gzip_http_version 1.1; 29 | gzip_comp_level 5; 30 | gzip_min_length 256; 31 | gzip_proxied any; 32 | gzip_vary on; 33 | 34 | gzip_types 35 | application/atom+xml 36 | application/javascript 37 | application/json 38 | application/rss+xml 39 | application/vnd.ms-fontobject 40 | application/x-font-ttf 41 | application/x-web-app-manifest+json 42 | application/xhtml+xml 43 | application/xml 44 | font/opentype 45 | image/svg+xml 46 | image/x-icon 47 | text/css 48 | text/plain 49 | text/x-component; 50 | # text/html is always compressed by HttpGzipModule 51 | 52 | include /etc/nginx/proxy.conf; 53 | } -------------------------------------------------------------------------------- /qemu/README.md: -------------------------------------------------------------------------------- 1 | Scripts to set up and run a qemu image. 2 | 3 | * Run `init.sh` and follow instructions to install Alpine on the VM. Remember the root password. 4 | * Log off, go to the monitor (`Alt-Ctrl-2`) and quit `q`. 5 | * Start again with `init.sh` and it will boot from the disk image intead of CD. 6 | * Any time you get to a savepoint, go to the monitor and `savevm init`. 7 | 8 | > NOTE: Instead of the manual process above you can use a script from https://github.com/alpinelinux/alpine-make-vm-image. 9 | 10 | At this point you can iterate until you have a basic VM image you can run apps from. 11 | Things to do maybe: 12 | 13 | * Enable `PermitRootLogin` in `/etc/ssh/sshd_config` and `service sshd restart` 14 | * Uncomment the "community" entry in `/etc/apk/repositories` 15 | * Install JVM with `apk add openjdk21` 16 | * Add `JAVA_HOME` env var and `$JAVA_HOME/bin` to `PATH` in `/etc/profile.d/java.sh` 17 | 18 | If you open up `sshd` then you can `ssh -p 2222 root@192.168.68.144` (your local IP address) or `scp -P 2222 app.jar root@192.168.68.144:~` (for instance). 19 | 20 | Once you have a base image ready, copy or rename the `alpine.qcow` disk image to `disk.qcow` and use `run.sh` to run it headless. 21 | 22 | * Login using `ssh` from the host and get the app running. 23 | * Go into the Qemu monitor (`Ctrl-A C` toggles between monitor and VM) 24 | * Create a snapshot: `savevm init` -------------------------------------------------------------------------------- /sidecar/proxy.conf: -------------------------------------------------------------------------------- 1 | upstream backend { 2 | server localhost:8080; 3 | } 4 | 5 | include token.conf; 6 | 7 | server { 8 | listen 80; 9 | server_name _; 10 | location /actuator/health { 11 | proxy_pass http://backend; 12 | include settings.conf; 13 | } 14 | location /actuator/info { 15 | proxy_pass http://backend; 16 | include settings.conf; 17 | } 18 | location = /actuator/ { 19 | proxy_pass http://backend; 20 | include settings.conf; 21 | } 22 | location = /actuator { 23 | proxy_pass http://backend; 24 | include settings.conf; 25 | } 26 | location /actuator/ { 27 | auth_request /_check_token; 28 | proxy_pass http://backend; 29 | include settings.conf; 30 | error_page 401 = @unauthorized; 31 | } 32 | location @unauthorized { 33 | add_header WWW-Authenticate "Bearer Kubernetes Token" always; 34 | return 401 '{"error": "unauthenticated"}'; 35 | } 36 | location / { 37 | proxy_pass http://backend; 38 | include settings.conf; 39 | } 40 | location /_check_token { 41 | internal; 42 | if ($http_authorization = "Bearer ${token}") { 43 | return 200 "OK"; 44 | } 45 | return 401 "Access token processed"; 46 | } 47 | } -------------------------------------------------------------------------------- /layers/samples/proxy/proxy.conf: -------------------------------------------------------------------------------- 1 | upstream demo { 2 | server demo; 3 | } 4 | 5 | upstream staging { 6 | server staging; 7 | } 8 | 9 | # map to different upstream backends based on header 10 | map $http_cookie $pool { 11 | default "demo"; 12 | ~.*backend=staging.* "staging"; 13 | } 14 | 15 | server { 16 | listen 80; 17 | server_name example.com; 18 | location /choose/staging { 19 | add_header Set-Cookie "backend=staging;Path=/"; 20 | rewrite ^/.*$ $scheme://$http_host/ redirect; 21 | } 22 | location /choose/ { 23 | add_header Set-Cookie "backend=default;Path=/"; 24 | rewrite ^/.*$ $scheme://$http_host/ redirect; 25 | } 26 | location / { 27 | proxy_pass http://$pool; 28 | add_header X-Server $pool; 29 | 30 | proxy_set_header X-Server-Select $pool; 31 | #standard proxy settings 32 | proxy_set_header X-Real-IP $remote_addr; 33 | proxy_redirect off; 34 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 35 | proxy_set_header Host $http_host; 36 | proxy_redirect off; 37 | proxy_set_header X-Forwarded-Proto $scheme; 38 | proxy_set_header X-NginX-Proxy true; 39 | proxy_connect_timeout 600; 40 | proxy_send_timeout 600; 41 | proxy_read_timeout 600; 42 | send_timeout 600; 43 | } 44 | } -------------------------------------------------------------------------------- /compose/httpd/htdocs/test.cgi: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # To permit this cgi, replace # on the first line above with the 4 | # appropriate #!/path/to/sh shebang, and set this script executable 5 | # with chmod 755. 6 | # 7 | # ***** !!! WARNING !!! ***** 8 | # This script echoes the server environment variables and therefore 9 | # leaks information - so NEVER use it in a live server environment! 10 | # It is provided only for testing purpose. 11 | # Also note that it is subject to cross site scripting attacks on 12 | # MS IE and any other browser which fails to honor RFC2616. 13 | 14 | # disable filename globbing 15 | set -f 16 | 17 | echo "Content-type: text/plain; charset=iso-8859-1" 18 | echo 19 | 20 | echo CGI/1.0 test script report: 21 | echo 22 | 23 | echo argc is $#. argv is "$*". 24 | echo 25 | 26 | echo SERVER_SOFTWARE = $SERVER_SOFTWARE 27 | echo SERVER_NAME = $SERVER_NAME 28 | echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE 29 | echo SERVER_PROTOCOL = $SERVER_PROTOCOL 30 | echo SERVER_PORT = $SERVER_PORT 31 | echo REQUEST_METHOD = $REQUEST_METHOD 32 | echo HTTP_ACCEPT = "$HTTP_ACCEPT" 33 | echo PATH_INFO = "$PATH_INFO" 34 | echo PATH_TRANSLATED = "$PATH_TRANSLATED" 35 | echo SCRIPT_NAME = "$SCRIPT_NAME" 36 | echo QUERY_STRING = "$QUERY_STRING" 37 | echo REMOTE_HOST = $REMOTE_HOST 38 | echo REMOTE_ADDR = $REMOTE_ADDR 39 | echo REMOTE_USER = $REMOTE_USER 40 | echo AUTH_TYPE = $AUTH_TYPE 41 | echo CONTENT_TYPE = $CONTENT_TYPE 42 | echo CONTENT_LENGTH = $CONTENT_LENGTH 43 | 44 | cat 45 | 46 | echo -------------------------------------------------------------------------------- /compose/nginx/README.md: -------------------------------------------------------------------------------- 1 | Docker container for a reverse proxy (with self-signed SSL) to 2 | localhost. Serves content on ports 80 and 443 from a backend on the 3 | host running on port 8080. 4 | 5 | The docker host is usually `172.*` and this needs to be hard-coded in 6 | the server configuration. Edit `conf/conf.d/server.conf` and change 7 | the address to make it work if it isn't sending traffic your way. You 8 | can use this command to check 9 | 10 | ``` 11 | $ docker run -i ubuntu /sbin/ip route|awk '/default/ { print $3 }' 12 | ``` 13 | 14 | or you can just start the proxy and hit it from curl or a browser on 15 | the host and look at the access logs on the console of docker-compose: 16 | 17 | ``` 18 | $ docker-compose up 19 | Creating nginx_nginx_1... 20 | Attaching to nginx_nginx_1 21 | nginx_1 | 172.17.42.1 - - [14/May/2015:09:35:26 +0000] "GET / HTTP/1.1" 502 537 "-" "curl/7.35.0" "-" 22 | ... 23 | ``` 24 | 25 | The port of the backend server is also hard coded (to 8080) in the 26 | same place. 27 | 28 | > TIP: you can edit the nginx configuration and restart the server without killing the docker container. Just `docker kill -s HUP ` where `` is something like `nginx_nginx_1` (generated by docker-compose). 29 | 30 | Useful links: 31 | 32 | * [https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination](https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination) 33 | * [https://blog.docker.com/2015/04/tips-for-deploying-nginx-official-image-with-docker](https://blog.docker.com/2015/04/tips-for-deploying-nginx-official-image-with-docker/) -------------------------------------------------------------------------------- /server/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | import ( 3 | "os" 4 | "io" 5 | "path/filepath" 6 | "fmt" 7 | "net/http" 8 | ) 9 | func handle(w http.ResponseWriter, r *http.Request) { 10 | fmt.Println(r.Method + ": " + r.URL.Path) 11 | switch r.Method { 12 | case http.MethodGet: 13 | fs := http.FileServer(http.Dir("/tmp/static/")) 14 | fs.ServeHTTP(w,r) 15 | case http.MethodPost: 16 | path := filepath.Join("/tmp/static", r.URL.Path) 17 | if info, err := os.Stat(path); err == nil && info.IsDir() { 18 | w.WriteHeader(http.StatusConflict) 19 | fmt.Fprintf(w, "NOK: Directory exists [" + path + "]") 20 | break 21 | } 22 | os.MkdirAll(filepath.Dir(path), 0755) 23 | file,err := os.OpenFile(path, os.O_RDWR|os.O_CREATE, 0644) 24 | if err != nil { 25 | w.WriteHeader(http.StatusInternalServerError) 26 | fmt.Fprintf(w, "NOK: Cannot open") 27 | break 28 | } 29 | if _, err := io.Copy(file, r.Body); err!=nil { 30 | w.WriteHeader(http.StatusInternalServerError) 31 | fmt.Fprintf(w, "NOK: Cannot write") 32 | break 33 | } 34 | fmt.Fprintf(w, "OK") 35 | case http.MethodDelete: 36 | path := filepath.Join("/tmp/static", r.URL.Path) 37 | err := os.RemoveAll(path) 38 | if err != nil { 39 | w.WriteHeader(http.StatusInternalServerError) 40 | fmt.Fprintf(w, "NOK: Cannot delete [" + path + "]") 41 | break 42 | } 43 | fmt.Fprintf(w, "OK") 44 | default: 45 | w.WriteHeader(http.StatusBadRequest) 46 | fmt.Fprintf(w, "NOK: Only GET and POST methods are supported.") 47 | } 48 | } 49 | func main() { 50 | http.HandleFunc("/", handle) 51 | fmt.Println("Starting...") 52 | http.ListenAndServe(":3001", nil) 53 | } -------------------------------------------------------------------------------- /compose/kafka/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | zookeeper: 4 | image: confluentinc/cp-zookeeper:5.3.0 5 | hostname: zookeeper 6 | container_name: zookeeper 7 | ports: 8 | - "2181:2181" 9 | environment: 10 | ZOOKEEPER_CLIENT_PORT: 2181 11 | ZOOKEEPER_TICK_TIME: 2000 12 | 13 | broker: 14 | image: confluentinc/cp-enterprise-kafka:5.3.0 15 | hostname: broker 16 | container_name: broker 17 | depends_on: 18 | - zookeeper 19 | ports: 20 | - "29092:29092" 21 | - "9092:9092" 22 | environment: 23 | KAFKA_BROKER_ID: 1 24 | KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181' 25 | KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT 26 | KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker:29092,PLAINTEXT_HOST://localhost:9092 27 | KAFKA_METRIC_REPORTERS: io.confluent.metrics.reporter.ConfluentMetricsReporter 28 | KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 29 | KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0 30 | CONFLUENT_METRICS_REPORTER_BOOTSTRAP_SERVERS: broker:29092 31 | CONFLUENT_METRICS_REPORTER_ZOOKEEPER_CONNECT: zookeeper:2181 32 | CONFLUENT_METRICS_REPORTER_TOPIC_REPLICAS: 1 33 | CONFLUENT_METRICS_ENABLE: 'true' 34 | CONFLUENT_SUPPORT_CUSTOMER_ID: 'anonymous' 35 | 36 | rest-proxy: 37 | image: confluentinc/cp-kafka-rest:5.3.0 38 | depends_on: 39 | - zookeeper 40 | - broker 41 | ports: 42 | - 8082:8082 43 | hostname: rest-proxy 44 | container_name: rest-proxy 45 | environment: 46 | KAFKA_REST_HOST_NAME: rest-proxy 47 | KAFKA_REST_BOOTSTRAP_SERVERS: 'broker:29092' 48 | KAFKA_REST_LISTENERS: "http://0.0.0.0:8082" 49 | -------------------------------------------------------------------------------- /compose/proxy/conf/proxy.conf: -------------------------------------------------------------------------------- 1 | upstream demo { 2 | server httpbin.org; 3 | } 4 | 5 | upstream staging { 6 | server httpbin.org; 7 | } 8 | 9 | # map to different upstream backends based on header 10 | map $http_cookie $cookie_pool { 11 | default "demo"; 12 | ~.*backend=staging.* "staging"; 13 | } 14 | 15 | # map to different upstream backends based on cookie 16 | map $http_x_server_select $server_pool { 17 | default "demo"; 18 | staging "staging"; 19 | } 20 | 21 | map $http_x_server_select $server_select { 22 | default "cookies"; 23 | ~[a-zA-Z0-9]+.* "headers"; 24 | } 25 | 26 | map $server_select $backend { 27 | cookies $cookie_pool; 28 | headers $server_pool; 29 | } 30 | 31 | server { 32 | listen 80; 33 | server_name _; 34 | location ~ /choose/(?(.*))$ { 35 | add_header Set-Cookie "backend=$route;Path=/"; 36 | rewrite ^/.*$ $scheme://$http_host/ redirect; 37 | } 38 | location / { 39 | proxy_pass http://$backend; 40 | add_header X-Server $backend; 41 | add_header X-Route $server_select; 42 | 43 | proxy_set_header X-Server-Select $backend; 44 | #standard proxy settings 45 | proxy_set_header X-Real-IP $remote_addr; 46 | proxy_redirect off; 47 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 48 | proxy_set_header Host $http_host; 49 | proxy_redirect off; 50 | proxy_set_header X-Forwarded-Proto $scheme; 51 | proxy_set_header X-NginX-Proxy true; 52 | proxy_connect_timeout 600; 53 | proxy_send_timeout 600; 54 | proxy_read_timeout 600; 55 | send_timeout 600; 56 | } 57 | 58 | } -------------------------------------------------------------------------------- /compose/nginx/conf/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAsVkujp0kjCMlEiYwff2nGHrgk12v0XcQrhwN1PrhlIC6KrB7 3 | UXmiRCtgnB9hvpath1kBGBMf+YQpKLr81BYonW0sWz85GpgJ3ZgeDj1YzvuqnmIO 4 | 4rocVKNPfM0tF1cno6LYxa7SGCMbvQ1XHgE8FrFpP6F1J5ck+yN2DIeK8i0Em9fw 5 | 5IqniwLZTr9y6y6UwExDtPlMkBziTLcaVfoTnap63qTIAAfXoWjO3HkdvpM5LAxz 6 | BTR6AnaGDvMnYkez0kMxYwzOYbK7xw44LQfJv3yBvqeQG/zXc+47QZEMMU0pGGT6 7 | DHa1EE7owjwRpE2m5o/53TIsKCMqv+ERiSsusQIDAQABAoIBAHSILC5rlVM72KUH 8 | UP/Ih15vh1dtzRRvDxfIuVIEE+vXdfyNAEr2CKiQdCfB+yEXsyhnVG+0SWNT8xOf 9 | Yngdo0xmKyo97dDKrFjeFom2x78h4Oe3eR6Dug/nS1ivHPzkONiuLZAfok9X6mcb 10 | 9+1wVEJ5CrZT6j48c4FNuMjc23DrCa1xjoLoZyNH2knLWPYFqyW6KKlt7EmlveB8 11 | ObfYCplpylB6SB779WRehi74oSOXBtN9wGIZ0PAUtriuiQU1uD5N8qJoab4TfEH+ 12 | IboXszfehD80Z8rnYPVdYXqfDxUEqtAc58MInn5jvkGmce3oKLTq0Cu2FlFRSr3T 13 | NCAU95ECgYEA2kbOOz3UVD2DFURvfY89KcdwMiTtg8o1UplNFpw2MYUadK/YI9et 14 | K75i0Gjypa0gh4UdE0pFsEVU+FmYT1f4kTfw75Z6OnujoLNUFWm3bcZARL42/yjj 15 | 0HNDUbvoIbRnzwCX8CbnHOmVHrZFjodTAq7oeYZX3J3hhnmeinl5EH0CgYEAz/+X 16 | nJjfjuCSrb5XGX1EBoba1GxO+U2HTmn3PM0RvUPtbJeH7AdG5x5e4ghDxh2oWVtu 17 | 1Ku7FINI1PXOftKSilI72f1BC1CBPlg27iT11hZ8NZifRjvZVHJfE1l8pyUcYLd9 18 | woSkE7CN1Gf42FLVERuCNY6JNjyXF3KpaIDiQUUCgYEAmWxlbyyRfzjRV3SH7Thu 19 | ZFxj10svi4/pFQreLYNVcE8/fj9PbDof5Xxn1le+HofnMnp1KmbtPu4swHexYCvU 20 | crZgavdZKJxZMg56jqaFIOrVp7wPyiACqTUrX1r12iMFSHIBWfLuRdtFTpYNpBYo 21 | Wd15WFn+jfqHV89KicjCOL0CgYAGbUZY/1xBBO1jUvNMBVPZw8b1M1eJWnzozltm 22 | VIvMxlGKvm/juiHVuFmEMG8vqvDtueaFybyhGKFieynjP0xp27qftLSSze0AaSdh 23 | WmECOXWjDlE1kVnYwyPu7B/u5jWnQ2QuY3zSYu0u9/t3a6/LtIbkcsAInfypK9DS 24 | OtFC5QKBgQDQ1OwLhZuRe3e1ZqpymGKZjzGVSHUWX4QShqCNsg9WkU+oue+B4ndj 25 | k0COA+g3cjlQ8piGHpJg77lMPbvg9uPd3Z1YyeHaz2y8hssFLwTnPpBv6Mgjc7bp 26 | tZcm5BcElfavvJaXwmG3L+qdrTJqqynEgBb/jfBdx6VgZTAsaMSpKA== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | // For format details, see https://aka.ms/vscode-remote/devcontainer.json or the definition README at 2 | // https://github.com/microsoft/vscode-dev-containers/tree/master/containers/go 3 | { 4 | "name": "Bionic", 5 | "dockerFile": "Dockerfile", 6 | "runArgs": [ 7 | // Uncomment the next line to use a non-root user. On Linux, this will prevent 8 | // new files getting created as root, but you may need to update the USER_UID 9 | // and USER_GID in .devcontainer/Dockerfile to match your user if not 1000. 10 | "-u", "vscode", 11 | 12 | "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", 13 | 14 | "-v","/var/run/docker.sock:/var/run/docker.sock", 15 | "--mount", "type=bind,source=${env:HOME}/.docker,target=/home/vscode/.docker", 16 | "--mount", "type=bind,source=${env:HOME}/.kube,target=/home/vscode/.kube", 17 | // On the host: kind get kubeconfig --internal > ~/.kube/kind-config-internal 18 | "-e", "KUBECONFIG=/home/vscode/.kube/kind-config-internal", 19 | 20 | "-e", "CLUSTER=kind", 21 | "-e", "REGISTRY=docker-daemon", 22 | "-e", "CI=container" 23 | ], 24 | 25 | // Use 'settings' to set *default* container specific settings.json values on container create. 26 | // You can edit these settings after create using File > Preferences > Settings > Remote. 27 | "settings": { 28 | "terminal.integrated.shell.linux": "/bin/bash" 29 | }, 30 | 31 | // Uncomment the next line if you want to publish any ports. 32 | // "appPort": [3001], 33 | 34 | // Uncomment the next line to run commands after the container is created. 35 | // "postCreateCommand": "echo Done", 36 | 37 | // Add the IDs of extensions you want installed when the container is created in the array below. 38 | "extensions": [ 39 | "joaompinto.asciidoctor-vscode" 40 | ] 41 | } 42 | -------------------------------------------------------------------------------- /compose/k3s/kubeconfig.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | clusters: 3 | - cluster: 4 | certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1RENDQWN5Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFqTVJBd0RnWURWUVFLRXdkck0zTXQKYjNKbk1ROHdEUVlEVlFRREV3WnJNM010WTJFd0hoY05NVGt3TlRBNE1EZ3lNakExV2hjTk1qa3dOVEExTURneQpNakExV2pBak1SQXdEZ1lEVlFRS0V3ZHJNM010YjNKbk1ROHdEUVlEVlFRREV3WnJNM010WTJFd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFERzhiVzZvK3hOMFVtcFQrOTd0aG1vQS9Qc3g3MUkKUDNOV2V4cEw1U2U0LzVaYUFtUjBEQ1gzUW05azMza3R1Y3dTVlRxeWtBOTVabU5JUStPY01XUy85aTlPelpOLwpvQmNkaWd5eG8rN09UelgzUkxzOU4za3F3ZzZkWVBRcHBaYzFnR0FPOGxJMUZaTG4yODJuTExiL3ZhMWtid1MxCndVdGFiNFJDK29vTHQ0WWxUK1Jnb3B5QWk1alU3TytTVFBvakNuanp3S2I1b1R0aVRJZFNTSGZ0amo0T0o3K1QKSDRVVm1Ha0drbC9WVzU0R3NBZ1YxNitzdFhOVUduektkeFErNE1JRTJtbGtEdTFVMTFXUituOVF6b0ZzRkdRTwpWUFJNSEVqSFljZEJnZFJuRHcybEcwZVJCN2diUnJBanI2MW1GVnpOSFZ5S3JXcnlRZmV0ZXByQkFnTUJBQUdqCkl6QWhNQTRHQTFVZER3RUIvd1FFQXdJQ3BEQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUIKQ3dVQUE0SUJBUUJwbC9ScVZtTU9DL1lZMkxaaVRORWc3SVlPYjUzVEpHSTZzU2U1N3REMHVHcnNqZk9oNWdlWgpPYUFLRzhha3VteGtuWlBURUErdE9oWEpkaTJTd3VSc2pqRHYzNDVrM2xUblJUVmwzU01CQ3JxQ3dJTXBkM09JCm1tcUhtQWxmWm5EcHFoNS8rODZmM29rMzgyLzV3U2wrU0tWaTJFaFE5Wm8wWmFVeFJNV0EzM0lqdHgzSFhvK2gKSkxiYjNKb0RQZUFnWVA5VDR6SzA4c0JVYnFyRkJxZ1ZHNXdlenl2SGZidm1MenhodGliR2ZNUDRLMkxvVVJyNQo2Z0ZSRzBOVzArZUJzRThkMXdORWRBa3pSREpJRzlvMDhRM3VaWlppc3RsZE9sOWIzZWg3OU9Ic3ZYOGF5T3ZCClJ0S29HQXJSNUxoOVV2Z0VEcXhmWkdvN0pTZnJlSlMyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 5 | server: https://localhost:6443 6 | name: default 7 | contexts: 8 | - context: 9 | cluster: default 10 | user: default 11 | name: default 12 | current-context: default 13 | kind: Config 14 | preferences: {} 15 | users: 16 | - name: default 17 | user: 18 | password: 65a8cb218a558082f6d733d370eca83c 19 | username: admin 20 | -------------------------------------------------------------------------------- /kata/deploy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: DaemonSet 4 | metadata: 5 | name: kata-deploy 6 | namespace: kube-system 7 | spec: 8 | selector: 9 | matchLabels: 10 | name: kata-deploy 11 | template: 12 | metadata: 13 | labels: 14 | name: kata-deploy 15 | spec: 16 | serviceAccountName: kata-label-node 17 | containers: 18 | - name: kube-kata 19 | image: katadocker/kata-deploy 20 | imagePullPolicy: Always 21 | lifecycle: 22 | preStop: 23 | exec: 24 | command: ["bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh cleanup"] 25 | command: [ "bash", "-c", "/opt/kata-artifacts/scripts/kata-deploy.sh install" ] 26 | env: 27 | - name: NODE_NAME 28 | valueFrom: 29 | fieldRef: 30 | fieldPath: spec.nodeName 31 | securityContext: 32 | privileged: false 33 | volumeMounts: 34 | - name: crio-conf 35 | mountPath: /etc/crio/ 36 | - name: containerd-conf 37 | mountPath: /etc/containerd/ 38 | - name: kata-artifacts 39 | mountPath: /opt/kata/ 40 | - name: dbus 41 | mountPath: /var/run/dbus 42 | - name: systemd 43 | mountPath: /run/systemd 44 | - name: local-bin 45 | mountPath: /usr/local/bin/ 46 | volumes: 47 | - name: crio-conf 48 | hostPath: 49 | path: /etc/crio/ 50 | - name: containerd-conf 51 | hostPath: 52 | path: /etc/containerd/ 53 | - name: kata-artifacts 54 | hostPath: 55 | path: /opt/kata/ 56 | type: DirectoryOrCreate 57 | - name: dbus 58 | hostPath: 59 | path: /var/run/dbus 60 | - name: systemd 61 | hostPath: 62 | path: /run/systemd 63 | - name: local-bin 64 | hostPath: 65 | path: /usr/local/bin/ 66 | updateStrategy: 67 | rollingUpdate: 68 | maxUnavailable: 1 69 | type: RollingUpdate 70 | -------------------------------------------------------------------------------- /compose/elk/README.md: -------------------------------------------------------------------------------- 1 | Run the containers: 2 | 3 | ``` 4 | $ docker-compose up 5 | ``` 6 | 7 | and pipe some logs into logstash 8 | 9 | ``` 10 | $ java -jar target/*.jar | nc localhost 5000 11 | ``` 12 | 13 | Kibana runs on port 5601 (http://localhost:5601). 14 | 15 | Example vanilla Spring Boot log: 16 | 17 | ``` 18 | 2016-03-01 14:26:09.749 INFO 9063 --- [ main] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/metrics/field-value-counters],methods=[GET]}" onto public org.springframework.hateoas.PagedResources org.springframework.cloud.dataflow.admin.controller.FieldValueCounterController.list(org.springframework.data.web.PagedResourcesAssembler) 19 | ``` 20 | 21 | Example matching logstash pattern: 22 | 23 | ``` 24 | %{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+%{DATA:pid}---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest} 25 | ``` 26 | 27 | Add Sleuth: 28 | 29 | ``` 30 | %{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+\[%{DATA:service},%{DATA:trace},%{DATA:span},%{DATA:exportable}\]\s+%{DATA:pid}---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest} 31 | ``` 32 | 33 | From a Cloud Foundry app into logstash: 34 | 35 | ``` 36 | $ cf logs voter-module | nc localhost 5000 37 | ``` 38 | 39 | Example log from cf with Sleuth: 40 | 41 | ``` 42 | 2015-12-22T15:54:57.19+0000 [APP/0] OUT 2015-12-22 15:54:57.199 DEBUG [service,02bec129fad4d7e,99a76311a8eb222,false] 22 --- [nio-8080-exec-6] o.s.integration.channel.DirectChannel : postSend (sent=true) on channel 'output', message: GenericMessage [payload={"election":0,"candidate":0,"score":1}, headers={X-Span-Id=99a76311-b3de-4d77-bfe8-146f5a8eb222, X-Span-Name=http/votes, id=31fe6f08-d5e5-7c30-0aba-b2fec41ff779, contentType=application/json, X-Trace-Id=02bec129-d7b9-496e-ad94-75c0dfad4d7e, timestamp=1450799697196}] 43 | ``` 44 | 45 | Example matching logstash pattern: 46 | 47 | ``` 48 | (?m)OUT\s+%{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+\[%{DATA:service},%{DATA:trace},%{DATA:span},%{DATA:exportable}\]\s+%{DATA:pid}---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest} 49 | ``` 50 | 51 | This is really useful: http://grokdebug.herokuapp.com/ 52 | 53 | -------------------------------------------------------------------------------- /compose/k3s/README.md: -------------------------------------------------------------------------------- 1 | When you 2 | 3 | ``` 4 | $ docker-compose up 5 | ``` 6 | 7 | it writes a `k8s` config file in the current directory. 8 | 9 | So you can 10 | 11 | ``` 12 | $ kubectl --kubeconfig kubeconfig.yaml get all 13 | NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 14 | service/kubernetes ClusterIP 10.43.0.1 443/TCP 2m17s 15 | ``` 16 | 17 | Also you can copy the `kubeconfig.yaml` into `~/.kube/config` (don't overwrite it, copy the sections from the YAML individually), and then 18 | 19 | ``` 20 | $ kubectl use-context default 21 | $ kubectl get all 22 | NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 23 | service/kubernetes ClusterIP 10.43.0.1 443/TCP 2m17s 24 | ``` 25 | 26 | To clean up you need to delete the volume (specified in the `docker-compose.yml`): 27 | 28 | ``` 29 | $ docker-compose rm -fvs 30 | $ docker volume rm k3s_k3s-server 31 | ``` 32 | 33 | If you don't delete the volume you don't have to change the `kubeconfig.yaml` when you run again, but you might have some cluster state from the previous run. 34 | 35 | The cluster has an ingress controller using [Traefik](https://docs.traefik.io/user-guide/kubernetes/): 36 | 37 | ``` 38 | $ kubectl get service --namespace=kube-system 39 | NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 40 | kube-dns ClusterIP 10.43.0.10 53/UDP,53/TCP,9153/TCP 11m 41 | traefik LoadBalancer 10.43.37.208 172.19.0.3 80:31193/TCP,443:30831/TCP 9m8s 42 | $ curl 172.19.0.3 -v 43 | 404 page not found 44 | ``` 45 | 46 | so deploy a "doubler" service and expose it as a service on port 80: 47 | 48 | ``` 49 | kind: Service 50 | apiVersion: v1 51 | metadata: 52 | name: doubler 53 | labels: 54 | app: doubler 55 | spec: 56 | ports: 57 | - name: http 58 | port: 80 59 | targetPort: 8080 60 | selector: 61 | app: doubler 62 | ``` 63 | 64 | and then set up an ingress rule: 65 | 66 | ``` 67 | apiVersion: extensions/v1beta1 68 | kind: Ingress 69 | metadata: 70 | name: doubler 71 | spec: 72 | rules: 73 | - host: doubler 74 | http: 75 | paths: 76 | - path: / 77 | backend: 78 | serviceName: doubler 79 | servicePort: 80 80 | 81 | ``` 82 | 83 | and you can curl it on the traefik endpoint: 84 | 85 | ``` 86 | $ curl 172.19.0.3 -H "Host: doubler" -H "Content-Type: text/plain" -d 30 87 | 60 88 | ``` 89 | -------------------------------------------------------------------------------- /compose/elastic/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM openjdk:8-jre-alpine 2 | 3 | # ensure elasticsearch user exists 4 | RUN addgroup -S elasticsearch && adduser -S -G elasticsearch elasticsearch 5 | 6 | # grab su-exec for easy step-down from root 7 | # and bash for "bin/elasticsearch" among others 8 | RUN apk add --no-cache 'su-exec>=0.2' bash 9 | 10 | # https://artifacts.elastic.co/GPG-KEY-elasticsearch 11 | ENV GPG_KEY 46095ACC8548582C1A2699A9D27D666CD88E42B4 12 | 13 | WORKDIR /usr/share/elasticsearch 14 | ENV PATH /usr/share/elasticsearch/bin:$PATH 15 | 16 | ENV ELASTICSEARCH_VERSION 1.7.6 17 | ENV ELASTICSEARCH_TARBALL="https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.6.tar.gz" \ 18 | ELASTICSEARCH_TARBALL_ASC="" \ 19 | ELASTICSEARCH_TARBALL_SHA1="0b6ec9fe34b29e6adc4d8481630bf1f69cb04aa9" 20 | 21 | RUN set -ex; \ 22 | \ 23 | apk add --no-cache --virtual .fetch-deps \ 24 | ca-certificates \ 25 | gnupg \ 26 | openssl \ 27 | tar \ 28 | ; \ 29 | \ 30 | wget -O elasticsearch.tar.gz "$ELASTICSEARCH_TARBALL"; \ 31 | \ 32 | if [ "$ELASTICSEARCH_TARBALL_SHA1" ]; then \ 33 | echo "$ELASTICSEARCH_TARBALL_SHA1 *elasticsearch.tar.gz" | sha1sum -c -; \ 34 | fi; \ 35 | \ 36 | if [ "$ELASTICSEARCH_TARBALL_ASC" ]; then \ 37 | wget -O elasticsearch.tar.gz.asc "$ELASTICSEARCH_TARBALL_ASC"; \ 38 | export GNUPGHOME="$(mktemp -d)"; \ 39 | gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY"; \ 40 | gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ 41 | rm -r "$GNUPGHOME" elasticsearch.tar.gz.asc; \ 42 | fi; \ 43 | \ 44 | tar -xf elasticsearch.tar.gz --strip-components=1; \ 45 | rm elasticsearch.tar.gz; \ 46 | \ 47 | apk del .fetch-deps; \ 48 | \ 49 | mkdir -p ./plugins; \ 50 | for path in \ 51 | ./data \ 52 | ./logs \ 53 | ./config \ 54 | ./config/scripts \ 55 | ; do \ 56 | mkdir -p "$path"; \ 57 | chown -R elasticsearch:elasticsearch "$path"; \ 58 | done; \ 59 | \ 60 | # we shouldn't need much RAM to test --version (default is 2gb, which gets Jenkins in trouble sometimes) 61 | export ES_JAVA_OPTS='-Xms32m -Xmx32m'; \ 62 | if [ "${ELASTICSEARCH_VERSION%%.*}" -gt 1 ]; then \ 63 | elasticsearch --version; \ 64 | else \ 65 | # elasticsearch 1.x doesn't support --version 66 | # but in 5.x, "-v" is verbose (and "-V" is --version) 67 | elasticsearch -v; \ 68 | fi 69 | 70 | COPY config ./config 71 | 72 | VOLUME /usr/share/elasticsearch/data 73 | 74 | COPY docker-entrypoint.sh / 75 | 76 | EXPOSE 9200 9300 77 | ENTRYPOINT ["/docker-entrypoint.sh"] 78 | CMD ["elasticsearch"] -------------------------------------------------------------------------------- /layers/kafka/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: kafka 5 | labels: 6 | app: kafka 7 | spec: 8 | serviceName: kafka-broker 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | kafka: kafka 13 | template: 14 | metadata: 15 | labels: 16 | kafka: kafka 17 | spec: 18 | containers: 19 | - image: confluentinc/cp-enterprise-kafka:5.3.0 20 | name: kafka 21 | env: 22 | - name: KAFKA_BROKER_ID 23 | value: '1' 24 | - name: KAFKA_ZOOKEEPER_CONNECT 25 | value: zookeeper:2181 26 | - name: KAFKA_LISTENERS 27 | value: INTERNAL://0.0.0.0:29092,EXTERNAL://0.0.0.0:9092 28 | - name: KAFKA_ADVERTISED_LISTENERS 29 | value: INTERNAL://kafka-broker:29092,EXTERNAL://localhost:9092 30 | - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP 31 | value: INTERNAL:PLAINTEXT,EXTERNAL:PLAINTEXT 32 | - name: KAFKA_INTER_BROKER_LISTENER_NAME 33 | value: INTERNAL 34 | - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR 35 | value: '1' 36 | - name: KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR 37 | value: '1' 38 | - name: KAFKA_TRANSACTION_STATE_LOG_MIN_ISR 39 | value: '1' 40 | 41 | 42 | --- 43 | apiVersion: apps/v1 44 | kind: StatefulSet 45 | metadata: 46 | name: zookeeper 47 | labels: 48 | app: zookeeper 49 | spec: 50 | serviceName: zookeeper 51 | replicas: 1 52 | selector: 53 | matchLabels: 54 | kafka: zookeeper 55 | template: 56 | metadata: 57 | labels: 58 | kafka: zookeeper 59 | spec: 60 | containers: 61 | - image: confluentinc/cp-zookeeper:5.3.0 62 | name: kafka 63 | env: 64 | - name: ZOOKEEPER_CLIENT_PORT 65 | value: '2181' 66 | - name: ZOOKEEPER_TICK_TIME 67 | value: '2000' 68 | 69 | --- 70 | 71 | apiVersion: v1 72 | kind: Service 73 | metadata: 74 | name: kafka-broker 75 | labels: 76 | kafka: kafka 77 | spec: 78 | ports: 79 | - port: 9092 80 | name: internal 81 | - port: 29092 82 | name: external 83 | selector: 84 | kafka: kafka 85 | 86 | --- 87 | 88 | apiVersion: v1 89 | kind: Service 90 | metadata: 91 | name: zookeeper 92 | labels: 93 | kafka: zookeeper 94 | spec: 95 | ports: 96 | - port: 2181 97 | selector: 98 | kafka: zookeeper 99 | -------------------------------------------------------------------------------- /compose/isolated/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4 | 4.0.0 5 | 6 | com.example 7 | demo 8 | 0.0.1-SNAPSHOT 9 | jar 10 | 11 | demo 12 | Demo project for Spring Boot 13 | 14 | 15 | org.springframework.boot 16 | spring-boot-starter-parent 17 | 2.0.4.RELEASE 18 | 19 | 20 | 21 | 22 | UTF-8 23 | UTF-8 24 | 1.8 25 | 1.0.14.RELEASE 26 | 27 | 28 | 29 | 30 | org.springframework.boot 31 | spring-boot-starter 32 | 33 | 34 | 35 | org.springframework.boot 36 | spring-boot-starter-test 37 | test 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | org.springframework.boot.experimental 46 | spring-boot-thin-maven-plugin 47 | ${wrapper.version} 48 | 49 | 50 | org.springframework.boot.experimental 51 | spring-boot-thin-launcher 52 | exec 53 | ${wrapper.version} 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | org.springframework.boot 62 | spring-boot-maven-plugin 63 | 64 | 65 | org.springframework.boot.experimental 66 | spring-boot-thin-layout 67 | ${wrapper.version} 68 | 69 | 70 | 71 | 72 | org.apache.maven.plugins 73 | maven-surefire-plugin 74 | 2.18.1 75 | 76 | 77 | 78 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /server/.devcontainer/Dockerfile: -------------------------------------------------------------------------------- 1 | #------------------------------------------------------------------------------------------------------------- 2 | # Copyright (c) Microsoft Corporation. All rights reserved. 3 | # Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information. 4 | #------------------------------------------------------------------------------------------------------------- 5 | 6 | FROM golang:1 7 | 8 | # Avoid warnings by switching to noninteractive 9 | ENV DEBIAN_FRONTEND=noninteractive 10 | 11 | # This Dockerfile adds a non-root 'vscode' user with sudo access. However, for Linux, 12 | # this user's GID/UID must match your local user UID/GID to avoid permission issues 13 | # with bind mounts. Update USER_UID / USER_GID if yours is not 1000. See 14 | # https://aka.ms/vscode-remote/containers/non-root-user for details. 15 | ARG USERNAME=vscode 16 | ARG USER_UID=1000 17 | ARG USER_GID=$USER_UID 18 | 19 | # Configure apt, install packages and tools 20 | RUN apt-get update \ 21 | && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \ 22 | # 23 | # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed 24 | && apt-get -y install git iproute2 procps lsb-release \ 25 | # 26 | # Install gocode-gomod 27 | && go get -x -d github.com/stamblerre/gocode 2>&1 \ 28 | && go build -o gocode-gomod github.com/stamblerre/gocode \ 29 | && mv gocode-gomod $GOPATH/bin/ \ 30 | # 31 | # Install Go tools 32 | && go get -u -v \ 33 | github.com/mdempsky/gocode \ 34 | github.com/uudashr/gopkgs/cmd/gopkgs \ 35 | github.com/ramya-rao-a/go-outline \ 36 | github.com/acroca/go-symbols \ 37 | github.com/godoctor/godoctor \ 38 | golang.org/x/tools/cmd/guru \ 39 | golang.org/x/tools/cmd/gorename \ 40 | github.com/rogpeppe/godef \ 41 | github.com/zmb3/gogetdoc \ 42 | github.com/haya14busa/goplay/cmd/goplay \ 43 | github.com/sqs/goreturns \ 44 | github.com/josharian/impl \ 45 | github.com/davidrjenni/reftools/cmd/fillstruct \ 46 | github.com/fatih/gomodifytags \ 47 | github.com/cweill/gotests/... \ 48 | golang.org/x/tools/cmd/goimports \ 49 | golang.org/x/lint/golint \ 50 | golang.org/x/tools/cmd/gopls \ 51 | github.com/alecthomas/gometalinter \ 52 | honnef.co/go/tools/... \ 53 | github.com/golangci/golangci-lint/cmd/golangci-lint \ 54 | github.com/mgechev/revive \ 55 | github.com/derekparker/delve/cmd/dlv 2>&1 \ 56 | # 57 | # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. 58 | && groupadd --gid $USER_GID $USERNAME \ 59 | && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ 60 | # [Optional] Add sudo support 61 | && apt-get install -y sudo \ 62 | && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ 63 | && chmod 0440 /etc/sudoers.d/$USERNAME \ 64 | && chown -R $USER_UID:$USER_GID /go \ 65 | # 66 | # Clean up 67 | && apt-get autoremove -y \ 68 | && apt-get clean -y \ 69 | && rm -rf /var/lib/apt/lists/* -------------------------------------------------------------------------------- /.devcontainer/Dockerfile: -------------------------------------------------------------------------------- 1 | #------------------------------------------------------------------------------------------------------------- 2 | # Copyright (c) Microsoft Corporation. All rights reserved. 3 | # Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information. 4 | #------------------------------------------------------------------------------------------------------------- 5 | 6 | FROM ubuntu:bionic 7 | 8 | # Avoid warnings by switching to noninteractive 9 | ENV DEBIAN_FRONTEND=noninteractive 10 | 11 | # This Dockerfile adds a non-root 'vscode' user with sudo access. However, for Linux, 12 | # this user's GID/UID must match your local user UID/GID to avoid permission issues 13 | # with bind mounts. Update USER_UID / USER_GID if yours is not 1000. See 14 | # https://aka.ms/vscode-remote/containers/non-root-user for details. 15 | ARG USERNAME=vscode 16 | ARG USER_UID=1000 17 | ARG USER_GID=$USER_UID 18 | ARG DOCKER_GID=130 19 | 20 | # Configure apt, install packages and tools 21 | RUN apt-get update \ 22 | && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \ 23 | # 24 | # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed 25 | && apt-get -y install git iproute2 procps lsb-release curl \ 26 | # 27 | # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user. 28 | && groupadd --gid $USER_GID $USERNAME \ 29 | && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \ 30 | # [Optional] Add sudo support 31 | && apt-get install -y sudo \ 32 | && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ 33 | && chmod 0440 /etc/sudoers.d/$USERNAME \ 34 | # 35 | # Clean up 36 | && apt-get autoremove -y \ 37 | && apt-get clean -y \ 38 | && rm -rf /var/lib/apt/lists/* 39 | 40 | # Install Docker CE CLI 41 | RUN apt-get update \ 42 | && apt-get install -y apt-transport-https ca-certificates curl jq gnupg-agent software-properties-common lsb-release \ 43 | && curl -fsSL https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]')/gpg | apt-key add - 2>/dev/null \ 44 | && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable" \ 45 | && apt-get update \ 46 | && apt-get install -y docker-ce-cli \ 47 | && curl -sSL "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose \ 48 | && chmod +x /usr/local/bin/docker-compose \ 49 | # Clean up 50 | && apt-get autoremove -y \ 51 | && apt-get clean -y \ 52 | && rm -rf /var/lib/apt/lists/* \ 53 | && groupadd --gid $DOCKER_GID docker \ 54 | && usermod -aG docker $USER 55 | 56 | RUN curl -sSL -o /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl \ 57 | && chmod +x /usr/local/bin/kubectl 58 | 59 | RUN curl -Lo /usr/local/bin/skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 \ 60 | && chmod +x /usr/local/bin/skaffold -------------------------------------------------------------------------------- /metrics/manifest.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: system:aggregated-metrics-reader 5 | labels: 6 | rbac.authorization.k8s.io/aggregate-to-view: "true" 7 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 8 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 9 | rules: 10 | - apiGroups: ["metrics.k8s.io"] 11 | resources: ["pods"] 12 | verbs: ["get", "list", "watch"] 13 | --- 14 | apiVersion: rbac.authorization.k8s.io/v1beta1 15 | kind: ClusterRoleBinding 16 | metadata: 17 | name: metrics-server:system:auth-delegator 18 | roleRef: 19 | apiGroup: rbac.authorization.k8s.io 20 | kind: ClusterRole 21 | name: system:auth-delegator 22 | subjects: 23 | - kind: ServiceAccount 24 | name: metrics-server 25 | namespace: kube-system 26 | --- 27 | apiVersion: rbac.authorization.k8s.io/v1beta1 28 | kind: RoleBinding 29 | metadata: 30 | name: metrics-server-auth-reader 31 | namespace: kube-system 32 | roleRef: 33 | apiGroup: rbac.authorization.k8s.io 34 | kind: Role 35 | name: extension-apiserver-authentication-reader 36 | subjects: 37 | - kind: ServiceAccount 38 | name: metrics-server 39 | namespace: kube-system 40 | --- 41 | apiVersion: apiregistration.k8s.io/v1beta1 42 | kind: APIService 43 | metadata: 44 | name: v1beta1.metrics.k8s.io 45 | spec: 46 | service: 47 | name: metrics-server 48 | namespace: kube-system 49 | group: metrics.k8s.io 50 | version: v1beta1 51 | insecureSkipTLSVerify: true 52 | groupPriorityMinimum: 100 53 | versionPriority: 100 54 | --- 55 | apiVersion: v1 56 | kind: ServiceAccount 57 | metadata: 58 | name: metrics-server 59 | namespace: kube-system 60 | --- 61 | apiVersion: apps/v1 62 | kind: Deployment 63 | metadata: 64 | name: metrics-server 65 | namespace: kube-system 66 | labels: 67 | k8s-app: metrics-server 68 | spec: 69 | selector: 70 | matchLabels: 71 | k8s-app: metrics-server 72 | template: 73 | metadata: 74 | name: metrics-server 75 | labels: 76 | k8s-app: metrics-server 77 | spec: 78 | serviceAccountName: metrics-server 79 | serviceAccount: metrics-server 80 | volumes: 81 | # mount in tmp so we can safely use from-scratch images and/or read-only containers 82 | - name: tmp-dir 83 | emptyDir: {} 84 | containers: 85 | - name: metrics-server 86 | image: k8s.gcr.io/metrics-server-amd64:v0.3.1 87 | args: 88 | - --kubelet-insecure-tls 89 | - --kubelet-preferred-address-types=InternalIP 90 | imagePullPolicy: Always 91 | terminationMessagePath: /dev/termination-log 92 | terminationMessagePolicy: File 93 | volumeMounts: 94 | - name: tmp-dir 95 | mountPath: /tmp 96 | 97 | --- 98 | apiVersion: v1 99 | kind: Service 100 | metadata: 101 | name: metrics-server 102 | namespace: kube-system 103 | labels: 104 | kubernetes.io/name: "Metrics-server" 105 | spec: 106 | selector: 107 | k8s-app: metrics-server 108 | ports: 109 | - port: 443 110 | protocol: TCP 111 | targetPort: 443 112 | --- 113 | apiVersion: rbac.authorization.k8s.io/v1 114 | kind: ClusterRole 115 | metadata: 116 | name: system:metrics-server 117 | rules: 118 | - apiGroups: 119 | - "" 120 | resources: 121 | - pods 122 | - nodes 123 | - nodes/stats 124 | verbs: 125 | - get 126 | - list 127 | - watch 128 | --- 129 | apiVersion: rbac.authorization.k8s.io/v1 130 | kind: ClusterRoleBinding 131 | metadata: 132 | name: system:metrics-server 133 | roleRef: 134 | apiGroup: rbac.authorization.k8s.io 135 | kind: ClusterRole 136 | name: system:metrics-server 137 | subjects: 138 | - kind: ServiceAccount 139 | name: metrics-server 140 | namespace: kube-system 141 | -------------------------------------------------------------------------------- /nix/extensions.nix: -------------------------------------------------------------------------------- 1 | { extensions = [ 2 | { 3 | name = "Nix"; 4 | publisher = "bbenoist"; 5 | version = "1.0.1"; 6 | sha256 = "0zd0n9f5z1f0ckzfjr38xw2zzmcxg1gjrava7yahg5cvdcw6l35b"; 7 | } 8 | { 9 | name = "path-intellisense"; 10 | publisher = "christian-kohler"; 11 | version = "1.4.2"; 12 | sha256 = "0i2b896cnlk1d23w3jgy8wdqsww2lz201iym5c1rqbjzg1g3v3r4"; 13 | } 14 | { 15 | name = "asciidoctor-vscode"; 16 | publisher = "joaompinto"; 17 | version = "2.7.13"; 18 | sha256 = "1qld65w6qnlch1z3hzxlw434a8jwgq1m0bv7rarshzr0xfr2zkm2"; 19 | } 20 | { 21 | name = "vscode-docker"; 22 | publisher = "ms-azuretools"; 23 | version = "0.10.0"; 24 | sha256 = "1n4pviahpr67y6zz3nvj6841dv0vpdrg9wi9w5viv9vc3psj5mkp"; 25 | } 26 | { 27 | name = "vscode-kubernetes-tools"; 28 | publisher = "ms-kubernetes-tools"; 29 | version = "1.1.0"; 30 | sha256 = "0yaw6rkig2h0vnad30h22r80gr0l890yah23xh66pa25wvc9f88v"; 31 | } 32 | { 33 | name = "remote-containers"; 34 | publisher = "ms-vscode-remote"; 35 | version = "0.106.0"; 36 | sha256 = "0m607fg3z6p9x28jib2q98qi3vqym8b5q2fwi7lyjdfvcp5zwsnx"; 37 | } 38 | { 39 | name = "remote-ssh"; 40 | publisher = "ms-vscode-remote"; 41 | version = "0.49.0"; 42 | sha256 = "0v9g06wwvisndsbi0m75915vkf1xsqgjnglv6y9p1yyj59cwj5kx"; 43 | } 44 | { 45 | name = "remote-ssh-edit"; 46 | publisher = "ms-vscode-remote"; 47 | version = "0.49.0"; 48 | sha256 = "0vjs6s6w1n5pjwfiscw1zaf8i1mlnvx50dkwhiszi74v5lmbawrn"; 49 | } 50 | { 51 | name = "vscode-spring-boot"; 52 | publisher = "Pivotal"; 53 | version = "1.15.0"; 54 | sha256 = "138r5ayx964a20j4pis1454zz399qzx81g43xj6rbv7s3rmhgsvn"; 55 | } 56 | { 57 | name = "java"; 58 | publisher = "redhat"; 59 | version = "0.58.0"; 60 | sha256 = "1knxz10lx3cmfkb4sivwqx5hi9kd2vi9rab4lyp3z08pzcxzagha"; 61 | } 62 | { 63 | name = "vscode-xml"; 64 | publisher = "redhat"; 65 | version = "0.10.1"; 66 | sha256 = "13ip9vh0qyvxgg1c0sswp6xk6wvy1cmc5pzslcaymk63m4yaacax"; 67 | } 68 | { 69 | name = "vscode-yaml"; 70 | publisher = "redhat"; 71 | version = "0.7.2"; 72 | sha256 = "1grpvg0wgf838lr45psdb1zm6fhr3vr5cgp3bvql4jl3pm46mma0"; 73 | } 74 | { 75 | name = "vscodeintellicode"; 76 | publisher = "VisualStudioExptTeam"; 77 | version = "1.2.6"; 78 | sha256 = "087rdcypaa1cwxbrfgdkg3n9rmxr0lb41jdz8y82nigs7a705b0q"; 79 | } 80 | { 81 | name = "vscode-java-debug"; 82 | publisher = "vscjava"; 83 | version = "0.25.1"; 84 | sha256 = "1cma1m9ig1r64ss60dkiyjdpk65achvfzq2sld5dmhvp5jdqmif8"; 85 | } 86 | { 87 | name = "vscode-java-dependency"; 88 | publisher = "vscjava"; 89 | version = "0.9.0"; 90 | sha256 = "1i2mf4wz31rlw4f8a5hbrv6iz337b9sskfxvsaa28wmlibsyfl1b"; 91 | } 92 | { 93 | name = "vscode-java-pack"; 94 | publisher = "vscjava"; 95 | version = "0.8.1"; 96 | sha256 = "1xa35bbx6xdxvz15fpjsa5j4f6aas5zxsmpd4dv6hkzlzizafrfr"; 97 | } 98 | { 99 | name = "vscode-java-test"; 100 | publisher = "vscjava"; 101 | version = "0.22.2"; 102 | sha256 = "0cwr53drbr9bix9qfwm42c61icj81jn3q9fldin96418h32bf9fb"; 103 | } 104 | { 105 | name = "vscode-maven"; 106 | publisher = "vscjava"; 107 | version = "0.21.0"; 108 | sha256 = "0c7ydyjj4m5mxgyi7yqqb8vd20d5mag230blah9bw6xw68y2fg40"; 109 | } 110 | { 111 | name = "vscode-spring-boot-dashboard"; 112 | publisher = "vscjava"; 113 | version = "0.1.8"; 114 | sha256 = "0fphcmmayi2v22ixdfvgk42yvw96vq2w8j9vxd7fzx986a1r6x53"; 115 | } 116 | { 117 | name = "vscode-spring-initializr"; 118 | publisher = "vscjava"; 119 | version = "0.4.6"; 120 | sha256 = "0qcfck4jzpc6y6sjjc1s5bhg3hdn817ky5xyvrj5flrpdxi93v40"; 121 | } 122 | ]; 123 | } -------------------------------------------------------------------------------- /envoy/ambassador.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | labels: 6 | service: ambassador-admin 7 | name: ambassador-admin 8 | spec: 9 | type: NodePort 10 | ports: 11 | - name: ambassador-admin 12 | port: 8877 13 | targetPort: 8877 14 | selector: 15 | service: ambassador 16 | --- 17 | apiVersion: rbac.authorization.k8s.io/v1beta1 18 | kind: ClusterRole 19 | metadata: 20 | name: ambassador 21 | rules: 22 | - apiGroups: [""] 23 | resources: [ "endpoints", "namespaces", "secrets", "services" ] 24 | verbs: ["get", "list", "watch"] 25 | - apiGroups: [ "getambassador.io" ] 26 | resources: [ "*" ] 27 | verbs: ["get", "list", "watch"] 28 | - apiGroups: [ "getambassador.io" ] 29 | resources: [ "mappings/status" ] 30 | verbs: ["update"] 31 | - apiGroups: [ "apiextensions.k8s.io" ] 32 | resources: [ "customresourcedefinitions" ] 33 | verbs: ["get", "list", "watch"] 34 | - apiGroups: [ "networking.internal.knative.dev" ] 35 | resources: [ "clusteringresses", "ingresses" ] 36 | verbs: ["get", "list", "watch"] 37 | - apiGroups: [ "networking.internal.knative.dev" ] 38 | resources: [ "ingresses/status", "clusteringresses/status" ] 39 | verbs: ["update"] 40 | - apiGroups: [ "extensions", "networking.k8s.io" ] 41 | resources: [ "ingresses" ] 42 | verbs: ["get", "list", "watch"] 43 | - apiGroups: [ "extensions", "networking.k8s.io" ] 44 | resources: [ "ingresses/status" ] 45 | verbs: ["update"] 46 | --- 47 | apiVersion: v1 48 | kind: ServiceAccount 49 | metadata: 50 | name: ambassador 51 | --- 52 | apiVersion: rbac.authorization.k8s.io/v1beta1 53 | kind: ClusterRoleBinding 54 | metadata: 55 | name: ambassador 56 | roleRef: 57 | apiGroup: rbac.authorization.k8s.io 58 | kind: ClusterRole 59 | name: ambassador 60 | subjects: 61 | - kind: ServiceAccount 62 | name: ambassador 63 | namespace: default 64 | --- 65 | apiVersion: apps/v1 66 | kind: Deployment 67 | metadata: 68 | name: ambassador 69 | spec: 70 | selector: 71 | matchLabels: 72 | service: ambassador 73 | template: 74 | metadata: 75 | annotations: 76 | consul.hashicorp.com/connect-inject: 'false' 77 | sidecar.istio.io/inject: 'false' 78 | labels: 79 | service: ambassador 80 | spec: 81 | affinity: 82 | podAntiAffinity: 83 | preferredDuringSchedulingIgnoredDuringExecution: 84 | - podAffinityTerm: 85 | labelSelector: 86 | matchLabels: 87 | service: ambassador 88 | topologyKey: kubernetes.io/hostname 89 | weight: 100 90 | containers: 91 | - env: 92 | - name: AMBASSADOR_NAMESPACE 93 | valueFrom: 94 | fieldRef: 95 | fieldPath: metadata.namespace 96 | image: quay.io/datawire/ambassador:1.3.1 97 | livenessProbe: 98 | httpGet: 99 | path: /ambassador/v0/check_alive 100 | port: 8877 101 | initialDelaySeconds: 30 102 | periodSeconds: 3 103 | name: ambassador 104 | ports: 105 | - containerPort: 8080 106 | name: http 107 | - containerPort: 8443 108 | name: https 109 | - containerPort: 8877 110 | name: admin 111 | readinessProbe: 112 | httpGet: 113 | path: /ambassador/v0/check_ready 114 | port: 8877 115 | initialDelaySeconds: 30 116 | periodSeconds: 3 117 | resources: 118 | limits: 119 | cpu: 1 120 | memory: 400Mi 121 | requests: 122 | cpu: 200m 123 | memory: 100Mi 124 | volumeMounts: 125 | - mountPath: /tmp/ambassador-pod-info 126 | name: ambassador-pod-info 127 | restartPolicy: Always 128 | securityContext: 129 | runAsUser: 8888 130 | serviceAccountName: ambassador 131 | volumes: 132 | - downwardAPI: 133 | items: 134 | - fieldRef: 135 | fieldPath: metadata.labels 136 | path: labels 137 | name: ambassador-pod-info 138 | -------------------------------------------------------------------------------- /compose/nginx/conf/mime.types: -------------------------------------------------------------------------------- 1 | 2 | types { 3 | text/html html htm shtml; 4 | text/css css; 5 | text/xml xml; 6 | image/gif gif; 7 | image/jpeg jpeg jpg; 8 | application/javascript js; 9 | application/atom+xml atom; 10 | application/rss+xml rss; 11 | 12 | text/mathml mml; 13 | text/plain txt; 14 | text/vnd.sun.j2me.app-descriptor jad; 15 | text/vnd.wap.wml wml; 16 | text/x-component htc; 17 | 18 | image/png png; 19 | image/tiff tif tiff; 20 | image/vnd.wap.wbmp wbmp; 21 | image/x-icon ico; 22 | image/x-jng jng; 23 | image/x-ms-bmp bmp; 24 | image/svg+xml svg svgz; 25 | image/webp webp; 26 | 27 | application/font-woff woff; 28 | application/java-archive jar war ear; 29 | application/json json; 30 | application/mac-binhex40 hqx; 31 | application/msword doc; 32 | application/pdf pdf; 33 | application/postscript ps eps ai; 34 | application/rtf rtf; 35 | application/vnd.apple.mpegurl m3u8; 36 | application/vnd.ms-excel xls; 37 | application/vnd.ms-fontobject eot; 38 | application/vnd.ms-powerpoint ppt; 39 | application/vnd.wap.wmlc wmlc; 40 | application/vnd.google-earth.kml+xml kml; 41 | application/vnd.google-earth.kmz kmz; 42 | application/x-7z-compressed 7z; 43 | application/x-cocoa cco; 44 | application/x-java-archive-diff jardiff; 45 | application/x-java-jnlp-file jnlp; 46 | application/x-makeself run; 47 | application/x-perl pl pm; 48 | application/x-pilot prc pdb; 49 | application/x-rar-compressed rar; 50 | application/x-redhat-package-manager rpm; 51 | application/x-sea sea; 52 | application/x-shockwave-flash swf; 53 | application/x-stuffit sit; 54 | application/x-tcl tcl tk; 55 | application/x-x509-ca-cert der pem crt; 56 | application/x-xpinstall xpi; 57 | application/xhtml+xml xhtml; 58 | application/xspf+xml xspf; 59 | application/zip zip; 60 | 61 | application/octet-stream bin exe dll; 62 | application/octet-stream deb; 63 | application/octet-stream dmg; 64 | application/octet-stream iso img; 65 | application/octet-stream msi msp msm; 66 | 67 | application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; 68 | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; 69 | application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; 70 | 71 | audio/midi mid midi kar; 72 | audio/mpeg mp3; 73 | audio/ogg ogg; 74 | audio/x-m4a m4a; 75 | audio/x-realaudio ra; 76 | 77 | video/3gpp 3gpp 3gp; 78 | video/mp2t ts; 79 | video/mp4 mp4; 80 | video/mpeg mpeg mpg; 81 | video/quicktime mov; 82 | video/webm webm; 83 | video/x-flv flv; 84 | video/x-m4v m4v; 85 | video/x-mng mng; 86 | video/x-ms-asf asx asf; 87 | video/x-ms-wmv wmv; 88 | video/x-msvideo avi; 89 | } 90 | -------------------------------------------------------------------------------- /demo/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 4.0.0 6 | 7 | org.springframework.boot 8 | spring-boot-starter-parent 9 | 2.3.0.RC1 10 | 11 | 12 | com.example 13 | docker-demo 14 | 0.0.1-SNAPSHOT 15 | docker-demo 16 | Demo project for Spring Boot 17 | 18 | 19 | 1.8 20 | dsyer/demo 21 | 22 | 23 | 24 | 25 | org.springframework.boot 26 | spring-boot-starter-webflux 27 | 28 | 29 | 30 | org.springframework.boot 31 | spring-boot-starter-test 32 | test 33 | 34 | 35 | org.springframework.boot 36 | spring-boot-devtools 37 | runtime 38 | 39 | 40 | io.projectreactor 41 | reactor-test 42 | test 43 | 44 | 45 | 46 | 47 | 48 | 49 | org.springframework.cloud 50 | spring-cloud-dependencies 51 | Hoxton.SR1 52 | import 53 | pom 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | org.springframework.boot 62 | spring-boot-maven-plugin 63 | 64 | false 65 | 66 | true 67 | 68 | 69 | 70 | 71 | maven-clean-plugin 72 | 73 | 74 | 75 | k8s/vendor 76 | 77 | 78 | 79 | 80 | 81 | maven-antrun-plugin 82 | 83 | 84 | package 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | run 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | spring-snapshots 105 | Spring Snapshots 106 | https://repo.spring.io/snapshot 107 | 108 | true 109 | 110 | 111 | 112 | spring-milestones 113 | Spring Milestones 114 | https://repo.spring.io/milestone 115 | 116 | false 117 | 118 | 119 | 120 | 121 | 122 | spring-snapshots 123 | Spring Snapshots 124 | https://repo.spring.io/snapshot 125 | 126 | true 127 | 128 | 129 | 130 | spring-milestones 131 | Spring Milestones 132 | https://repo.spring.io/milestone 133 | 134 | false 135 | 136 | 137 | 138 | 139 | 140 | -------------------------------------------------------------------------------- /demo/.mvn/wrapper/MavenWrapperDownloader.java: -------------------------------------------------------------------------------- 1 | /* 2 | Licensed to the Apache Software Foundation (ASF) under one 3 | or more contributor license agreements. See the NOTICE file 4 | distributed with this work for additional information 5 | regarding copyright ownership. The ASF licenses this file 6 | to you under the Apache License, Version 2.0 (the 7 | "License"); you may not use this file except in compliance 8 | with the License. You may obtain a copy of the License at 9 | 10 | https://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, 13 | software distributed under the License is distributed on an 14 | "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | KIND, either express or implied. See the License for the 16 | specific language governing permissions and limitations 17 | under the License. 18 | */ 19 | 20 | import java.io.File; 21 | import java.io.FileInputStream; 22 | import java.io.FileOutputStream; 23 | import java.io.IOException; 24 | import java.net.URL; 25 | import java.nio.channels.Channels; 26 | import java.nio.channels.ReadableByteChannel; 27 | import java.util.Properties; 28 | 29 | public class MavenWrapperDownloader { 30 | 31 | /** 32 | * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided. 33 | */ 34 | private static final String DEFAULT_DOWNLOAD_URL = 35 | "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar"; 36 | 37 | /** 38 | * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to 39 | * use instead of the default one. 40 | */ 41 | private static final String MAVEN_WRAPPER_PROPERTIES_PATH = 42 | ".mvn/wrapper/maven-wrapper.properties"; 43 | 44 | /** 45 | * Path where the maven-wrapper.jar will be saved to. 46 | */ 47 | private static final String MAVEN_WRAPPER_JAR_PATH = 48 | ".mvn/wrapper/maven-wrapper.jar"; 49 | 50 | /** 51 | * Name of the property which should be used to override the default download url for the wrapper. 52 | */ 53 | private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl"; 54 | 55 | public static void main(String args[]) { 56 | System.out.println("- Downloader started"); 57 | File baseDirectory = new File(args[0]); 58 | System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath()); 59 | 60 | // If the maven-wrapper.properties exists, read it and check if it contains a custom 61 | // wrapperUrl parameter. 62 | File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH); 63 | String url = DEFAULT_DOWNLOAD_URL; 64 | if(mavenWrapperPropertyFile.exists()) { 65 | FileInputStream mavenWrapperPropertyFileInputStream = null; 66 | try { 67 | mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile); 68 | Properties mavenWrapperProperties = new Properties(); 69 | mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream); 70 | url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url); 71 | } catch (IOException e) { 72 | System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'"); 73 | } finally { 74 | try { 75 | if(mavenWrapperPropertyFileInputStream != null) { 76 | mavenWrapperPropertyFileInputStream.close(); 77 | } 78 | } catch (IOException e) { 79 | // Ignore ... 80 | } 81 | } 82 | } 83 | System.out.println("- Downloading from: : " + url); 84 | 85 | File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH); 86 | if(!outputFile.getParentFile().exists()) { 87 | if(!outputFile.getParentFile().mkdirs()) { 88 | System.out.println( 89 | "- ERROR creating output direcrory '" + outputFile.getParentFile().getAbsolutePath() + "'"); 90 | } 91 | } 92 | System.out.println("- Downloading to: " + outputFile.getAbsolutePath()); 93 | try { 94 | downloadFileFromURL(url, outputFile); 95 | System.out.println("Done"); 96 | System.exit(0); 97 | } catch (Throwable e) { 98 | System.out.println("- Error downloading"); 99 | e.printStackTrace(); 100 | System.exit(1); 101 | } 102 | } 103 | 104 | private static void downloadFileFromURL(String urlString, File destination) throws Exception { 105 | URL website = new URL(urlString); 106 | ReadableByteChannel rbc; 107 | rbc = Channels.newChannel(website.openStream()); 108 | FileOutputStream fos = new FileOutputStream(destination); 109 | fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE); 110 | fos.close(); 111 | rbc.close(); 112 | } 113 | 114 | } 115 | -------------------------------------------------------------------------------- /sidecar/mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | text/html html htm shtml; 3 | text/css css; 4 | text/xml xml; 5 | image/gif gif; 6 | image/jpeg jpeg jpg; 7 | application/javascript js; 8 | application/atom+xml atom; 9 | application/rss+xml rss; 10 | 11 | text/mathml mml; 12 | text/plain txt; 13 | text/vnd.sun.j2me.app-descriptor jad; 14 | text/vnd.wap.wml wml; 15 | text/x-component htc; 16 | 17 | image/png png; 18 | image/svg+xml svg svgz; 19 | image/tiff tif tiff; 20 | image/vnd.wap.wbmp wbmp; 21 | image/webp webp; 22 | image/x-icon ico; 23 | image/x-jng jng; 24 | image/x-ms-bmp bmp; 25 | 26 | font/woff woff; 27 | font/woff2 woff2; 28 | 29 | application/java-archive jar war ear; 30 | application/json json; 31 | application/mac-binhex40 hqx; 32 | application/msword doc; 33 | application/pdf pdf; 34 | application/postscript ps eps ai; 35 | application/rtf rtf; 36 | application/vnd.apple.mpegurl m3u8; 37 | application/vnd.google-earth.kml+xml kml; 38 | application/vnd.google-earth.kmz kmz; 39 | application/vnd.ms-excel xls; 40 | application/vnd.ms-fontobject eot; 41 | application/vnd.ms-powerpoint ppt; 42 | application/vnd.oasis.opendocument.graphics odg; 43 | application/vnd.oasis.opendocument.presentation odp; 44 | application/vnd.oasis.opendocument.spreadsheet ods; 45 | application/vnd.oasis.opendocument.text odt; 46 | application/vnd.openxmlformats-officedocument.presentationml.presentation 47 | pptx; 48 | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet 49 | xlsx; 50 | application/vnd.openxmlformats-officedocument.wordprocessingml.document 51 | docx; 52 | application/vnd.wap.wmlc wmlc; 53 | application/x-7z-compressed 7z; 54 | application/x-cocoa cco; 55 | application/x-java-archive-diff jardiff; 56 | application/x-java-jnlp-file jnlp; 57 | application/x-makeself run; 58 | application/x-perl pl pm; 59 | application/x-pilot prc pdb; 60 | application/x-rar-compressed rar; 61 | application/x-redhat-package-manager rpm; 62 | application/x-sea sea; 63 | application/x-shockwave-flash swf; 64 | application/x-stuffit sit; 65 | application/x-tcl tcl tk; 66 | application/x-x509-ca-cert der pem crt; 67 | application/x-xpinstall xpi; 68 | application/xhtml+xml xhtml; 69 | application/xspf+xml xspf; 70 | application/zip zip; 71 | 72 | application/octet-stream bin exe dll; 73 | application/octet-stream deb; 74 | application/octet-stream dmg; 75 | application/octet-stream iso img; 76 | application/octet-stream msi msp msm; 77 | 78 | audio/midi mid midi kar; 79 | audio/mpeg mp3; 80 | audio/ogg ogg; 81 | audio/x-m4a m4a; 82 | audio/x-realaudio ra; 83 | 84 | video/3gpp 3gpp 3gp; 85 | video/mp2t ts; 86 | video/mp4 mp4; 87 | video/mpeg mpeg mpg; 88 | video/quicktime mov; 89 | video/webm webm; 90 | video/x-flv flv; 91 | video/x-m4v m4v; 92 | video/x-mng mng; 93 | video/x-ms-asf asx asf; 94 | video/x-ms-wmv wmv; 95 | video/x-msvideo avi; 96 | } 97 | -------------------------------------------------------------------------------- /compose/proxy/conf/mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | text/html html htm shtml; 3 | text/css css; 4 | text/xml xml; 5 | image/gif gif; 6 | image/jpeg jpeg jpg; 7 | application/javascript js; 8 | application/atom+xml atom; 9 | application/rss+xml rss; 10 | 11 | text/mathml mml; 12 | text/plain txt; 13 | text/vnd.sun.j2me.app-descriptor jad; 14 | text/vnd.wap.wml wml; 15 | text/x-component htc; 16 | 17 | image/png png; 18 | image/svg+xml svg svgz; 19 | image/tiff tif tiff; 20 | image/vnd.wap.wbmp wbmp; 21 | image/webp webp; 22 | image/x-icon ico; 23 | image/x-jng jng; 24 | image/x-ms-bmp bmp; 25 | 26 | font/woff woff; 27 | font/woff2 woff2; 28 | 29 | application/java-archive jar war ear; 30 | application/json json; 31 | application/mac-binhex40 hqx; 32 | application/msword doc; 33 | application/pdf pdf; 34 | application/postscript ps eps ai; 35 | application/rtf rtf; 36 | application/vnd.apple.mpegurl m3u8; 37 | application/vnd.google-earth.kml+xml kml; 38 | application/vnd.google-earth.kmz kmz; 39 | application/vnd.ms-excel xls; 40 | application/vnd.ms-fontobject eot; 41 | application/vnd.ms-powerpoint ppt; 42 | application/vnd.oasis.opendocument.graphics odg; 43 | application/vnd.oasis.opendocument.presentation odp; 44 | application/vnd.oasis.opendocument.spreadsheet ods; 45 | application/vnd.oasis.opendocument.text odt; 46 | application/vnd.openxmlformats-officedocument.presentationml.presentation 47 | pptx; 48 | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet 49 | xlsx; 50 | application/vnd.openxmlformats-officedocument.wordprocessingml.document 51 | docx; 52 | application/vnd.wap.wmlc wmlc; 53 | application/x-7z-compressed 7z; 54 | application/x-cocoa cco; 55 | application/x-java-archive-diff jardiff; 56 | application/x-java-jnlp-file jnlp; 57 | application/x-makeself run; 58 | application/x-perl pl pm; 59 | application/x-pilot prc pdb; 60 | application/x-rar-compressed rar; 61 | application/x-redhat-package-manager rpm; 62 | application/x-sea sea; 63 | application/x-shockwave-flash swf; 64 | application/x-stuffit sit; 65 | application/x-tcl tcl tk; 66 | application/x-x509-ca-cert der pem crt; 67 | application/x-xpinstall xpi; 68 | application/xhtml+xml xhtml; 69 | application/xspf+xml xspf; 70 | application/zip zip; 71 | 72 | application/octet-stream bin exe dll; 73 | application/octet-stream deb; 74 | application/octet-stream dmg; 75 | application/octet-stream iso img; 76 | application/octet-stream msi msp msm; 77 | 78 | audio/midi mid midi kar; 79 | audio/mpeg mp3; 80 | audio/ogg ogg; 81 | audio/x-m4a m4a; 82 | audio/x-realaudio ra; 83 | 84 | video/3gpp 3gpp 3gp; 85 | video/mp2t ts; 86 | video/mp4 mp4; 87 | video/mpeg mpeg mpg; 88 | video/quicktime mov; 89 | video/webm webm; 90 | video/x-flv flv; 91 | video/x-m4v m4v; 92 | video/x-mng mng; 93 | video/x-ms-asf asx asf; 94 | video/x-ms-wmv wmv; 95 | video/x-msvideo avi; 96 | } 97 | -------------------------------------------------------------------------------- /layers/samples/proxy/mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | text/html html htm shtml; 3 | text/css css; 4 | text/xml xml; 5 | image/gif gif; 6 | image/jpeg jpeg jpg; 7 | application/javascript js; 8 | application/atom+xml atom; 9 | application/rss+xml rss; 10 | 11 | text/mathml mml; 12 | text/plain txt; 13 | text/vnd.sun.j2me.app-descriptor jad; 14 | text/vnd.wap.wml wml; 15 | text/x-component htc; 16 | 17 | image/png png; 18 | image/svg+xml svg svgz; 19 | image/tiff tif tiff; 20 | image/vnd.wap.wbmp wbmp; 21 | image/webp webp; 22 | image/x-icon ico; 23 | image/x-jng jng; 24 | image/x-ms-bmp bmp; 25 | 26 | font/woff woff; 27 | font/woff2 woff2; 28 | 29 | application/java-archive jar war ear; 30 | application/json json; 31 | application/mac-binhex40 hqx; 32 | application/msword doc; 33 | application/pdf pdf; 34 | application/postscript ps eps ai; 35 | application/rtf rtf; 36 | application/vnd.apple.mpegurl m3u8; 37 | application/vnd.google-earth.kml+xml kml; 38 | application/vnd.google-earth.kmz kmz; 39 | application/vnd.ms-excel xls; 40 | application/vnd.ms-fontobject eot; 41 | application/vnd.ms-powerpoint ppt; 42 | application/vnd.oasis.opendocument.graphics odg; 43 | application/vnd.oasis.opendocument.presentation odp; 44 | application/vnd.oasis.opendocument.spreadsheet ods; 45 | application/vnd.oasis.opendocument.text odt; 46 | application/vnd.openxmlformats-officedocument.presentationml.presentation 47 | pptx; 48 | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet 49 | xlsx; 50 | application/vnd.openxmlformats-officedocument.wordprocessingml.document 51 | docx; 52 | application/vnd.wap.wmlc wmlc; 53 | application/x-7z-compressed 7z; 54 | application/x-cocoa cco; 55 | application/x-java-archive-diff jardiff; 56 | application/x-java-jnlp-file jnlp; 57 | application/x-makeself run; 58 | application/x-perl pl pm; 59 | application/x-pilot prc pdb; 60 | application/x-rar-compressed rar; 61 | application/x-redhat-package-manager rpm; 62 | application/x-sea sea; 63 | application/x-shockwave-flash swf; 64 | application/x-stuffit sit; 65 | application/x-tcl tcl tk; 66 | application/x-x509-ca-cert der pem crt; 67 | application/x-xpinstall xpi; 68 | application/xhtml+xml xhtml; 69 | application/xspf+xml xspf; 70 | application/zip zip; 71 | 72 | application/octet-stream bin exe dll; 73 | application/octet-stream deb; 74 | application/octet-stream dmg; 75 | application/octet-stream iso img; 76 | application/octet-stream msi msp msm; 77 | 78 | audio/midi mid midi kar; 79 | audio/mpeg mp3; 80 | audio/ogg ogg; 81 | audio/x-m4a m4a; 82 | audio/x-realaudio ra; 83 | 84 | video/3gpp 3gpp 3gp; 85 | video/mp2t ts; 86 | video/mp4 mp4; 87 | video/mpeg mpeg mpg; 88 | video/quicktime mov; 89 | video/webm webm; 90 | video/x-flv flv; 91 | video/x-m4v m4v; 92 | video/x-mng mng; 93 | video/x-ms-asf asx asf; 94 | video/x-ms-wmv wmv; 95 | video/x-msvideo avi; 96 | } 97 | -------------------------------------------------------------------------------- /compose/isolated/mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM http://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 39 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 40 | 41 | @REM set %HOME% to equivalent of $HOME 42 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 43 | 44 | @REM Execute a user defined script before this one 45 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 46 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 47 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 48 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 49 | :skipRcPre 50 | 51 | @setlocal 52 | 53 | set ERROR_CODE=0 54 | 55 | @REM To isolate internal variables from possible post scripts, we use another setlocal 56 | @setlocal 57 | 58 | @REM ==== START VALIDATION ==== 59 | if not "%JAVA_HOME%" == "" goto OkJHome 60 | 61 | echo. 62 | echo Error: JAVA_HOME not found in your environment. >&2 63 | echo Please set the JAVA_HOME variable in your environment to match the >&2 64 | echo location of your Java installation. >&2 65 | echo. 66 | goto error 67 | 68 | :OkJHome 69 | if exist "%JAVA_HOME%\bin\java.exe" goto init 70 | 71 | echo. 72 | echo Error: JAVA_HOME is set to an invalid directory. >&2 73 | echo JAVA_HOME = "%JAVA_HOME%" >&2 74 | echo Please set the JAVA_HOME variable in your environment to match the >&2 75 | echo location of your Java installation. >&2 76 | echo. 77 | goto error 78 | 79 | @REM ==== END VALIDATION ==== 80 | 81 | :init 82 | 83 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 84 | @REM Fallback to current working directory if not found. 85 | 86 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 87 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 88 | 89 | set EXEC_DIR=%CD% 90 | set WDIR=%EXEC_DIR% 91 | :findBaseDir 92 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 93 | cd .. 94 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 95 | set WDIR=%CD% 96 | goto findBaseDir 97 | 98 | :baseDirFound 99 | set MAVEN_PROJECTBASEDIR=%WDIR% 100 | cd "%EXEC_DIR%" 101 | goto endDetectBaseDir 102 | 103 | :baseDirNotFound 104 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 105 | cd "%EXEC_DIR%" 106 | 107 | :endDetectBaseDir 108 | 109 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 110 | 111 | @setlocal EnableExtensions EnableDelayedExpansion 112 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 113 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 114 | 115 | :endReadAdditionalConfig 116 | 117 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 118 | 119 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 120 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 121 | 122 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 123 | if ERRORLEVEL 1 goto error 124 | goto end 125 | 126 | :error 127 | set ERROR_CODE=1 128 | 129 | :end 130 | @endlocal & set ERROR_CODE=%ERROR_CODE% 131 | 132 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 133 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 134 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 135 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 136 | :skipRcPost 137 | 138 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 139 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 140 | 141 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 142 | 143 | exit /B %ERROR_CODE% 144 | -------------------------------------------------------------------------------- /demo/mvnw.cmd: -------------------------------------------------------------------------------- 1 | @REM ---------------------------------------------------------------------------- 2 | @REM Licensed to the Apache Software Foundation (ASF) under one 3 | @REM or more contributor license agreements. See the NOTICE file 4 | @REM distributed with this work for additional information 5 | @REM regarding copyright ownership. The ASF licenses this file 6 | @REM to you under the Apache License, Version 2.0 (the 7 | @REM "License"); you may not use this file except in compliance 8 | @REM with the License. You may obtain a copy of the License at 9 | @REM 10 | @REM https://www.apache.org/licenses/LICENSE-2.0 11 | @REM 12 | @REM Unless required by applicable law or agreed to in writing, 13 | @REM software distributed under the License is distributed on an 14 | @REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | @REM KIND, either express or implied. See the License for the 16 | @REM specific language governing permissions and limitations 17 | @REM under the License. 18 | @REM ---------------------------------------------------------------------------- 19 | 20 | @REM ---------------------------------------------------------------------------- 21 | @REM Maven2 Start Up Batch script 22 | @REM 23 | @REM Required ENV vars: 24 | @REM JAVA_HOME - location of a JDK home dir 25 | @REM 26 | @REM Optional ENV vars 27 | @REM M2_HOME - location of maven2's installed home dir 28 | @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands 29 | @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending 30 | @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven 31 | @REM e.g. to debug Maven itself, use 32 | @REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 33 | @REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files 34 | @REM ---------------------------------------------------------------------------- 35 | 36 | @REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' 37 | @echo off 38 | @REM set title of command window 39 | title %0 40 | @REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' 41 | @if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% 42 | 43 | @REM set %HOME% to equivalent of $HOME 44 | if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") 45 | 46 | @REM Execute a user defined script before this one 47 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre 48 | @REM check for pre script, once with legacy .bat ending and once with .cmd ending 49 | if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" 50 | if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" 51 | :skipRcPre 52 | 53 | @setlocal 54 | 55 | set ERROR_CODE=0 56 | 57 | @REM To isolate internal variables from possible post scripts, we use another setlocal 58 | @setlocal 59 | 60 | @REM ==== START VALIDATION ==== 61 | if not "%JAVA_HOME%" == "" goto OkJHome 62 | 63 | echo. 64 | echo Error: JAVA_HOME not found in your environment. >&2 65 | echo Please set the JAVA_HOME variable in your environment to match the >&2 66 | echo location of your Java installation. >&2 67 | echo. 68 | goto error 69 | 70 | :OkJHome 71 | if exist "%JAVA_HOME%\bin\java.exe" goto init 72 | 73 | echo. 74 | echo Error: JAVA_HOME is set to an invalid directory. >&2 75 | echo JAVA_HOME = "%JAVA_HOME%" >&2 76 | echo Please set the JAVA_HOME variable in your environment to match the >&2 77 | echo location of your Java installation. >&2 78 | echo. 79 | goto error 80 | 81 | @REM ==== END VALIDATION ==== 82 | 83 | :init 84 | 85 | @REM Find the project base dir, i.e. the directory that contains the folder ".mvn". 86 | @REM Fallback to current working directory if not found. 87 | 88 | set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% 89 | IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir 90 | 91 | set EXEC_DIR=%CD% 92 | set WDIR=%EXEC_DIR% 93 | :findBaseDir 94 | IF EXIST "%WDIR%"\.mvn goto baseDirFound 95 | cd .. 96 | IF "%WDIR%"=="%CD%" goto baseDirNotFound 97 | set WDIR=%CD% 98 | goto findBaseDir 99 | 100 | :baseDirFound 101 | set MAVEN_PROJECTBASEDIR=%WDIR% 102 | cd "%EXEC_DIR%" 103 | goto endDetectBaseDir 104 | 105 | :baseDirNotFound 106 | set MAVEN_PROJECTBASEDIR=%EXEC_DIR% 107 | cd "%EXEC_DIR%" 108 | 109 | :endDetectBaseDir 110 | 111 | IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig 112 | 113 | @setlocal EnableExtensions EnableDelayedExpansion 114 | for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a 115 | @endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% 116 | 117 | :endReadAdditionalConfig 118 | 119 | SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" 120 | set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" 121 | set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 122 | 123 | set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar" 124 | FOR /F "tokens=1,2 delims==" %%A IN (%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties) DO ( 125 | IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B 126 | ) 127 | 128 | @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 129 | @REM This allows using the maven wrapper in projects that prohibit checking in binary data. 130 | if exist %WRAPPER_JAR% ( 131 | echo Found %WRAPPER_JAR% 132 | ) else ( 133 | echo Couldn't find %WRAPPER_JAR%, downloading it ... 134 | echo Downloading from: %DOWNLOAD_URL% 135 | powershell -Command "(New-Object Net.WebClient).DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')" 136 | echo Finished downloading %WRAPPER_JAR% 137 | ) 138 | @REM End of extension 139 | 140 | %MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* 141 | if ERRORLEVEL 1 goto error 142 | goto end 143 | 144 | :error 145 | set ERROR_CODE=1 146 | 147 | :end 148 | @endlocal & set ERROR_CODE=%ERROR_CODE% 149 | 150 | if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost 151 | @REM check for post script, once with legacy .bat ending and once with .cmd ending 152 | if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" 153 | if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" 154 | :skipRcPost 155 | 156 | @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' 157 | if "%MAVEN_BATCH_PAUSE%" == "on" pause 158 | 159 | if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% 160 | 161 | exit /B %ERROR_CODE% 162 | -------------------------------------------------------------------------------- /envoy/crds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: authservices.getambassador.io 5 | spec: 6 | group: getambassador.io 7 | names: 8 | categories: 9 | - ambassador-crds 10 | kind: AuthService 11 | plural: authservices 12 | singular: authservice 13 | scope: Namespaced 14 | version: v2 15 | versions: 16 | - name: v2 17 | served: true 18 | storage: true 19 | - name: v1 20 | served: true 21 | storage: false 22 | --- 23 | apiVersion: apiextensions.k8s.io/v1beta1 24 | kind: CustomResourceDefinition 25 | metadata: 26 | name: consulresolvers.getambassador.io 27 | spec: 28 | group: getambassador.io 29 | names: 30 | categories: 31 | - ambassador-crds 32 | kind: ConsulResolver 33 | plural: consulresolvers 34 | singular: consulresolver 35 | scope: Namespaced 36 | version: v2 37 | versions: 38 | - name: v2 39 | served: true 40 | storage: true 41 | - name: v1 42 | served: true 43 | storage: false 44 | --- 45 | apiVersion: apiextensions.k8s.io/v1beta1 46 | kind: CustomResourceDefinition 47 | metadata: 48 | name: hosts.getambassador.io 49 | spec: 50 | additionalPrinterColumns: 51 | - JSONPath: .spec.hostname 52 | name: Hostname 53 | type: string 54 | - JSONPath: .status.state 55 | name: State 56 | type: string 57 | - JSONPath: .status.phaseCompleted 58 | name: Phase Completed 59 | type: string 60 | - JSONPath: .status.phasePending 61 | name: Phase Pending 62 | type: string 63 | - JSONPath: .metadata.creationTimestamp 64 | name: Age 65 | type: date 66 | group: getambassador.io 67 | names: 68 | categories: 69 | - ambassador-crds 70 | kind: Host 71 | plural: hosts 72 | singular: host 73 | scope: Namespaced 74 | subresources: 75 | status: {} 76 | version: v2 77 | versions: 78 | - name: v2 79 | served: true 80 | storage: true 81 | --- 82 | apiVersion: apiextensions.k8s.io/v1beta1 83 | kind: CustomResourceDefinition 84 | metadata: 85 | name: kubernetesendpointresolvers.getambassador.io 86 | spec: 87 | group: getambassador.io 88 | names: 89 | categories: 90 | - ambassador-crds 91 | kind: KubernetesEndpointResolver 92 | plural: kubernetesendpointresolvers 93 | singular: kubernetesendpointresolver 94 | scope: Namespaced 95 | version: v2 96 | versions: 97 | - name: v2 98 | served: true 99 | storage: true 100 | - name: v1 101 | served: true 102 | storage: false 103 | --- 104 | apiVersion: apiextensions.k8s.io/v1beta1 105 | kind: CustomResourceDefinition 106 | metadata: 107 | name: kubernetesserviceresolvers.getambassador.io 108 | spec: 109 | group: getambassador.io 110 | names: 111 | categories: 112 | - ambassador-crds 113 | kind: KubernetesServiceResolver 114 | plural: kubernetesserviceresolvers 115 | singular: kubernetesserviceresolver 116 | scope: Namespaced 117 | version: v2 118 | versions: 119 | - name: v2 120 | served: true 121 | storage: true 122 | - name: v1 123 | served: true 124 | storage: false 125 | --- 126 | apiVersion: apiextensions.k8s.io/v1beta1 127 | kind: CustomResourceDefinition 128 | metadata: 129 | name: logservices.getambassador.io 130 | spec: 131 | group: getambassador.io 132 | names: 133 | categories: 134 | - ambassador-crds 135 | kind: LogService 136 | plural: logservices 137 | singular: logservice 138 | scope: Namespaced 139 | version: v2 140 | versions: 141 | - name: v2 142 | served: true 143 | storage: true 144 | - name: v1 145 | served: true 146 | storage: false 147 | --- 148 | apiVersion: apiextensions.k8s.io/v1beta1 149 | kind: CustomResourceDefinition 150 | metadata: 151 | name: mappings.getambassador.io 152 | spec: 153 | additionalPrinterColumns: 154 | - JSONPath: .spec.prefix 155 | name: Prefix 156 | type: string 157 | - JSONPath: .spec.service 158 | name: Service 159 | type: string 160 | - JSONPath: .status.state 161 | name: State 162 | type: string 163 | - JSONPath: .status.reason 164 | name: Reason 165 | type: string 166 | group: getambassador.io 167 | names: 168 | categories: 169 | - ambassador-crds 170 | kind: Mapping 171 | plural: mappings 172 | singular: mapping 173 | scope: Namespaced 174 | subresources: 175 | status: {} 176 | version: v2 177 | versions: 178 | - name: v2 179 | served: true 180 | storage: true 181 | - name: v1 182 | served: true 183 | storage: false 184 | --- 185 | apiVersion: apiextensions.k8s.io/v1beta1 186 | kind: CustomResourceDefinition 187 | metadata: 188 | name: modules.getambassador.io 189 | spec: 190 | group: getambassador.io 191 | names: 192 | categories: 193 | - ambassador-crds 194 | kind: Module 195 | plural: modules 196 | singular: module 197 | scope: Namespaced 198 | version: v2 199 | versions: 200 | - name: v2 201 | served: true 202 | storage: true 203 | - name: v1 204 | served: true 205 | storage: false 206 | --- 207 | apiVersion: apiextensions.k8s.io/v1beta1 208 | kind: CustomResourceDefinition 209 | metadata: 210 | name: ratelimitservices.getambassador.io 211 | spec: 212 | group: getambassador.io 213 | names: 214 | categories: 215 | - ambassador-crds 216 | kind: RateLimitService 217 | plural: ratelimitservices 218 | singular: ratelimitservice 219 | scope: Namespaced 220 | version: v2 221 | versions: 222 | - name: v2 223 | served: true 224 | storage: true 225 | - name: v1 226 | served: true 227 | storage: false 228 | --- 229 | apiVersion: apiextensions.k8s.io/v1beta1 230 | kind: CustomResourceDefinition 231 | metadata: 232 | name: tcpmappings.getambassador.io 233 | spec: 234 | group: getambassador.io 235 | names: 236 | categories: 237 | - ambassador-crds 238 | kind: TCPMapping 239 | plural: tcpmappings 240 | singular: tcpmapping 241 | scope: Namespaced 242 | version: v2 243 | versions: 244 | - name: v2 245 | served: true 246 | storage: true 247 | - name: v1 248 | served: true 249 | storage: false 250 | --- 251 | apiVersion: apiextensions.k8s.io/v1beta1 252 | kind: CustomResourceDefinition 253 | metadata: 254 | name: tlscontexts.getambassador.io 255 | spec: 256 | group: getambassador.io 257 | names: 258 | categories: 259 | - ambassador-crds 260 | kind: TLSContext 261 | plural: tlscontexts 262 | singular: tlscontext 263 | scope: Namespaced 264 | version: v2 265 | versions: 266 | - name: v2 267 | served: true 268 | storage: true 269 | - name: v1 270 | served: true 271 | storage: false 272 | --- 273 | apiVersion: apiextensions.k8s.io/v1beta1 274 | kind: CustomResourceDefinition 275 | metadata: 276 | name: tracingservices.getambassador.io 277 | spec: 278 | group: getambassador.io 279 | names: 280 | categories: 281 | - ambassador-crds 282 | kind: TracingService 283 | plural: tracingservices 284 | singular: tracingservice 285 | scope: Namespaced 286 | version: v2 287 | versions: 288 | - name: v2 289 | served: true 290 | storage: true 291 | - name: v1 292 | served: true 293 | storage: false 294 | -------------------------------------------------------------------------------- /compose/isolated/mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 59 | if [ -z "$JAVA_HOME" ]; then 60 | if [ -x "/usr/libexec/java_home" ]; then 61 | export JAVA_HOME="`/usr/libexec/java_home`" 62 | else 63 | export JAVA_HOME="/Library/Java/Home" 64 | fi 65 | fi 66 | ;; 67 | esac 68 | 69 | if [ -z "$JAVA_HOME" ] ; then 70 | if [ -r /etc/gentoo-release ] ; then 71 | JAVA_HOME=`java-config --jre-home` 72 | fi 73 | fi 74 | 75 | if [ -z "$M2_HOME" ] ; then 76 | ## resolve links - $0 may be a link to maven's home 77 | PRG="$0" 78 | 79 | # need this for relative symlinks 80 | while [ -h "$PRG" ] ; do 81 | ls=`ls -ld "$PRG"` 82 | link=`expr "$ls" : '.*-> \(.*\)$'` 83 | if expr "$link" : '/.*' > /dev/null; then 84 | PRG="$link" 85 | else 86 | PRG="`dirname "$PRG"`/$link" 87 | fi 88 | done 89 | 90 | saveddir=`pwd` 91 | 92 | M2_HOME=`dirname "$PRG"`/.. 93 | 94 | # make it fully qualified 95 | M2_HOME=`cd "$M2_HOME" && pwd` 96 | 97 | cd "$saveddir" 98 | # echo Using m2 at $M2_HOME 99 | fi 100 | 101 | # For Cygwin, ensure paths are in UNIX format before anything is touched 102 | if $cygwin ; then 103 | [ -n "$M2_HOME" ] && 104 | M2_HOME=`cygpath --unix "$M2_HOME"` 105 | [ -n "$JAVA_HOME" ] && 106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 107 | [ -n "$CLASSPATH" ] && 108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 109 | fi 110 | 111 | # For Migwn, ensure paths are in UNIX format before anything is touched 112 | if $mingw ; then 113 | [ -n "$M2_HOME" ] && 114 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 115 | [ -n "$JAVA_HOME" ] && 116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 117 | # TODO classpath? 118 | fi 119 | 120 | if [ -z "$JAVA_HOME" ]; then 121 | javaExecutable="`which javac`" 122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 123 | # readlink(1) is not available as standard on Solaris 10. 124 | readLink=`which readlink` 125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 126 | if $darwin ; then 127 | javaHome="`dirname \"$javaExecutable\"`" 128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 129 | else 130 | javaExecutable="`readlink -f \"$javaExecutable\"`" 131 | fi 132 | javaHome="`dirname \"$javaExecutable\"`" 133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 134 | JAVA_HOME="$javaHome" 135 | export JAVA_HOME 136 | fi 137 | fi 138 | fi 139 | 140 | if [ -z "$JAVACMD" ] ; then 141 | if [ -n "$JAVA_HOME" ] ; then 142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 143 | # IBM's JDK on AIX uses strange locations for the executables 144 | JAVACMD="$JAVA_HOME/jre/sh/java" 145 | else 146 | JAVACMD="$JAVA_HOME/bin/java" 147 | fi 148 | else 149 | JAVACMD="`which java`" 150 | fi 151 | fi 152 | 153 | if [ ! -x "$JAVACMD" ] ; then 154 | echo "Error: JAVA_HOME is not defined correctly." >&2 155 | echo " We cannot execute $JAVACMD" >&2 156 | exit 1 157 | fi 158 | 159 | if [ -z "$JAVA_HOME" ] ; then 160 | echo "Warning: JAVA_HOME environment variable is not set." 161 | fi 162 | 163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 164 | 165 | # traverses directory structure from process work directory to filesystem root 166 | # first directory with .mvn subdirectory is considered project base directory 167 | find_maven_basedir() { 168 | 169 | if [ -z "$1" ] 170 | then 171 | echo "Path not specified to find_maven_basedir" 172 | return 1 173 | fi 174 | 175 | basedir="$1" 176 | wdir="$1" 177 | while [ "$wdir" != '/' ] ; do 178 | if [ -d "$wdir"/.mvn ] ; then 179 | basedir=$wdir 180 | break 181 | fi 182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 183 | if [ -d "${wdir}" ]; then 184 | wdir=`cd "$wdir/.."; pwd` 185 | fi 186 | # end of workaround 187 | done 188 | echo "${basedir}" 189 | } 190 | 191 | # concatenates all lines of a file 192 | concat_lines() { 193 | if [ -f "$1" ]; then 194 | echo "$(tr -s '\n' ' ' < "$1")" 195 | fi 196 | } 197 | 198 | BASE_DIR=`find_maven_basedir "$(pwd)"` 199 | if [ -z "$BASE_DIR" ]; then 200 | exit 1; 201 | fi 202 | 203 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 204 | echo $MAVEN_PROJECTBASEDIR 205 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 206 | 207 | # For Cygwin, switch paths to Windows format before running java 208 | if $cygwin; then 209 | [ -n "$M2_HOME" ] && 210 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 211 | [ -n "$JAVA_HOME" ] && 212 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 213 | [ -n "$CLASSPATH" ] && 214 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 215 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 216 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 217 | fi 218 | 219 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 220 | 221 | exec "$JAVACMD" \ 222 | $MAVEN_OPTS \ 223 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 224 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 225 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 226 | -------------------------------------------------------------------------------- /layers/tunnel/mandatory.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ingress-nginx 5 | labels: 6 | app.kubernetes.io/name: ingress-nginx 7 | app.kubernetes.io/part-of: ingress-nginx 8 | 9 | --- 10 | 11 | kind: ConfigMap 12 | apiVersion: v1 13 | metadata: 14 | name: nginx-configuration 15 | namespace: ingress-nginx 16 | labels: 17 | app.kubernetes.io/name: ingress-nginx 18 | app.kubernetes.io/part-of: ingress-nginx 19 | 20 | --- 21 | kind: ConfigMap 22 | apiVersion: v1 23 | metadata: 24 | name: tcp-services 25 | namespace: ingress-nginx 26 | labels: 27 | app.kubernetes.io/name: ingress-nginx 28 | app.kubernetes.io/part-of: ingress-nginx 29 | 30 | --- 31 | kind: ConfigMap 32 | apiVersion: v1 33 | metadata: 34 | name: udp-services 35 | namespace: ingress-nginx 36 | labels: 37 | app.kubernetes.io/name: ingress-nginx 38 | app.kubernetes.io/part-of: ingress-nginx 39 | 40 | --- 41 | apiVersion: v1 42 | kind: ServiceAccount 43 | metadata: 44 | name: nginx-ingress-serviceaccount 45 | namespace: ingress-nginx 46 | labels: 47 | app.kubernetes.io/name: ingress-nginx 48 | app.kubernetes.io/part-of: ingress-nginx 49 | 50 | --- 51 | apiVersion: rbac.authorization.k8s.io/v1beta1 52 | kind: ClusterRole 53 | metadata: 54 | name: nginx-ingress-clusterrole 55 | labels: 56 | app.kubernetes.io/name: ingress-nginx 57 | app.kubernetes.io/part-of: ingress-nginx 58 | rules: 59 | - apiGroups: 60 | - "" 61 | resources: 62 | - configmaps 63 | - endpoints 64 | - nodes 65 | - pods 66 | - secrets 67 | verbs: 68 | - list 69 | - watch 70 | - apiGroups: 71 | - "" 72 | resources: 73 | - nodes 74 | verbs: 75 | - get 76 | - apiGroups: 77 | - "" 78 | resources: 79 | - services 80 | verbs: 81 | - get 82 | - list 83 | - watch 84 | - apiGroups: 85 | - "" 86 | resources: 87 | - events 88 | verbs: 89 | - create 90 | - patch 91 | - apiGroups: 92 | - "extensions" 93 | - "networking.k8s.io" 94 | resources: 95 | - ingresses 96 | verbs: 97 | - get 98 | - list 99 | - watch 100 | - apiGroups: 101 | - "extensions" 102 | - "networking.k8s.io" 103 | resources: 104 | - ingresses/status 105 | verbs: 106 | - update 107 | 108 | --- 109 | apiVersion: rbac.authorization.k8s.io/v1beta1 110 | kind: Role 111 | metadata: 112 | name: nginx-ingress-role 113 | namespace: ingress-nginx 114 | labels: 115 | app.kubernetes.io/name: ingress-nginx 116 | app.kubernetes.io/part-of: ingress-nginx 117 | rules: 118 | - apiGroups: 119 | - "" 120 | resources: 121 | - configmaps 122 | - pods 123 | - secrets 124 | - namespaces 125 | verbs: 126 | - get 127 | - apiGroups: 128 | - "" 129 | resources: 130 | - configmaps 131 | resourceNames: 132 | # Defaults to "-" 133 | # Here: "-" 134 | # This has to be adapted if you change either parameter 135 | # when launching the nginx-ingress-controller. 136 | - "ingress-controller-leader-nginx" 137 | verbs: 138 | - get 139 | - update 140 | - apiGroups: 141 | - "" 142 | resources: 143 | - configmaps 144 | verbs: 145 | - create 146 | - apiGroups: 147 | - "" 148 | resources: 149 | - endpoints 150 | verbs: 151 | - get 152 | 153 | --- 154 | apiVersion: rbac.authorization.k8s.io/v1beta1 155 | kind: RoleBinding 156 | metadata: 157 | name: nginx-ingress-role-nisa-binding 158 | namespace: ingress-nginx 159 | labels: 160 | app.kubernetes.io/name: ingress-nginx 161 | app.kubernetes.io/part-of: ingress-nginx 162 | roleRef: 163 | apiGroup: rbac.authorization.k8s.io 164 | kind: Role 165 | name: nginx-ingress-role 166 | subjects: 167 | - kind: ServiceAccount 168 | name: nginx-ingress-serviceaccount 169 | namespace: ingress-nginx 170 | 171 | --- 172 | apiVersion: rbac.authorization.k8s.io/v1beta1 173 | kind: ClusterRoleBinding 174 | metadata: 175 | name: nginx-ingress-clusterrole-nisa-binding 176 | labels: 177 | app.kubernetes.io/name: ingress-nginx 178 | app.kubernetes.io/part-of: ingress-nginx 179 | roleRef: 180 | apiGroup: rbac.authorization.k8s.io 181 | kind: ClusterRole 182 | name: nginx-ingress-clusterrole 183 | subjects: 184 | - kind: ServiceAccount 185 | name: nginx-ingress-serviceaccount 186 | namespace: ingress-nginx 187 | 188 | --- 189 | 190 | apiVersion: apps/v1 191 | kind: Deployment 192 | metadata: 193 | name: nginx-ingress-controller 194 | namespace: ingress-nginx 195 | labels: 196 | app.kubernetes.io/name: ingress-nginx 197 | app.kubernetes.io/part-of: ingress-nginx 198 | spec: 199 | replicas: 1 200 | selector: 201 | matchLabels: 202 | app.kubernetes.io/name: ingress-nginx 203 | app.kubernetes.io/part-of: ingress-nginx 204 | template: 205 | metadata: 206 | labels: 207 | app.kubernetes.io/name: ingress-nginx 208 | app.kubernetes.io/part-of: ingress-nginx 209 | annotations: 210 | prometheus.io/port: "10254" 211 | prometheus.io/scrape: "true" 212 | spec: 213 | # wait up to five minutes for the drain of connections 214 | terminationGracePeriodSeconds: 300 215 | serviceAccountName: nginx-ingress-serviceaccount 216 | nodeSelector: 217 | kubernetes.io/os: linux 218 | containers: 219 | - name: nginx-ingress-controller 220 | image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0 221 | args: 222 | - /nginx-ingress-controller 223 | - --configmap=$(POD_NAMESPACE)/nginx-configuration 224 | - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services 225 | - --udp-services-configmap=$(POD_NAMESPACE)/udp-services 226 | - --publish-service=$(POD_NAMESPACE)/ingress-nginx 227 | - --annotations-prefix=nginx.ingress.kubernetes.io 228 | securityContext: 229 | allowPrivilegeEscalation: true 230 | capabilities: 231 | drop: 232 | - ALL 233 | add: 234 | - NET_BIND_SERVICE 235 | # www-data -> 101 236 | runAsUser: 101 237 | env: 238 | - name: POD_NAME 239 | valueFrom: 240 | fieldRef: 241 | fieldPath: metadata.name 242 | - name: POD_NAMESPACE 243 | valueFrom: 244 | fieldRef: 245 | fieldPath: metadata.namespace 246 | ports: 247 | - name: http 248 | containerPort: 80 249 | protocol: TCP 250 | - name: https 251 | containerPort: 443 252 | protocol: TCP 253 | livenessProbe: 254 | failureThreshold: 3 255 | httpGet: 256 | path: /healthz 257 | port: 10254 258 | scheme: HTTP 259 | initialDelaySeconds: 10 260 | periodSeconds: 10 261 | successThreshold: 1 262 | timeoutSeconds: 10 263 | readinessProbe: 264 | failureThreshold: 3 265 | httpGet: 266 | path: /healthz 267 | port: 10254 268 | scheme: HTTP 269 | periodSeconds: 10 270 | successThreshold: 1 271 | timeoutSeconds: 10 272 | lifecycle: 273 | preStop: 274 | exec: 275 | command: 276 | - /wait-shutdown 277 | 278 | --- 279 | 280 | apiVersion: v1 281 | kind: LimitRange 282 | metadata: 283 | name: ingress-nginx 284 | namespace: ingress-nginx 285 | labels: 286 | app.kubernetes.io/name: ingress-nginx 287 | app.kubernetes.io/part-of: ingress-nginx 288 | spec: 289 | limits: 290 | - min: 291 | memory: 90Mi 292 | cpu: 100m 293 | type: Container -------------------------------------------------------------------------------- /layers/metrics/manifest.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | items: 3 | - apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | annotations: 7 | kubectl.kubernetes.io/last-applied-configuration: | 8 | {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"labels":{"rbac.authorization.k8s.io/aggregate-to-admin":"true","rbac.authorization.k8s.io/aggregate-to-edit":"true","rbac.authorization.k8s.io/aggregate-to-view":"true"},"name":"system:aggregated-metrics-reader"},"rules":[{"apiGroups":["metrics.k8s.io"],"resources":["pods","nodes"],"verbs":["get","list","watch"]}]} 9 | labels: 10 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 11 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 12 | rbac.authorization.k8s.io/aggregate-to-view: "true" 13 | name: system:aggregated-metrics-reader 14 | rules: 15 | - apiGroups: 16 | - metrics.k8s.io 17 | resources: 18 | - pods 19 | - nodes 20 | verbs: 21 | - get 22 | - list 23 | - watch 24 | - apiVersion: rbac.authorization.k8s.io/v1 25 | kind: ClusterRoleBinding 26 | metadata: 27 | annotations: 28 | kubectl.kubernetes.io/last-applied-configuration: | 29 | {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"metrics-server:system:auth-delegator"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"system:auth-delegator"},"subjects":[{"kind":"ServiceAccount","name":"metrics-server","namespace":"kube-system"}]} 30 | name: metrics-server:system:auth-delegator 31 | roleRef: 32 | apiGroup: rbac.authorization.k8s.io 33 | kind: ClusterRole 34 | name: system:auth-delegator 35 | subjects: 36 | - kind: ServiceAccount 37 | name: metrics-server 38 | namespace: kube-system 39 | - apiVersion: rbac.authorization.k8s.io/v1 40 | kind: RoleBinding 41 | metadata: 42 | annotations: 43 | kubectl.kubernetes.io/last-applied-configuration: | 44 | {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"RoleBinding","metadata":{"annotations":{},"name":"metrics-server-auth-reader","namespace":"kube-system"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role","name":"extension-apiserver-authentication-reader"},"subjects":[{"kind":"ServiceAccount","name":"metrics-server","namespace":"kube-system"}]} 45 | name: metrics-server-auth-reader 46 | namespace: kube-system 47 | roleRef: 48 | apiGroup: rbac.authorization.k8s.io 49 | kind: Role 50 | name: extension-apiserver-authentication-reader 51 | subjects: 52 | - kind: ServiceAccount 53 | name: metrics-server 54 | namespace: kube-system 55 | - apiVersion: apiregistration.k8s.io/v1beta1 56 | kind: APIService 57 | metadata: 58 | annotations: 59 | kubectl.kubernetes.io/last-applied-configuration: | 60 | {"apiVersion":"apiregistration.k8s.io/v1beta1","kind":"APIService","metadata":{"annotations":{},"name":"v1beta1.metrics.k8s.io"},"spec":{"group":"metrics.k8s.io","groupPriorityMinimum":100,"insecureSkipTLSVerify":true,"service":{"name":"metrics-server","namespace":"kube-system"},"version":"v1beta1","versionPriority":100}} 61 | name: v1beta1.metrics.k8s.io 62 | spec: 63 | group: metrics.k8s.io 64 | groupPriorityMinimum: 100 65 | insecureSkipTLSVerify: true 66 | service: 67 | name: metrics-server 68 | namespace: kube-system 69 | version: v1beta1 70 | versionPriority: 100 71 | - apiVersion: v1 72 | kind: ServiceAccount 73 | metadata: 74 | annotations: 75 | kubectl.kubernetes.io/last-applied-configuration: | 76 | {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"metrics-server","namespace":"kube-system"}} 77 | name: metrics-server 78 | namespace: kube-system 79 | - apiVersion: apps/v1 80 | kind: Deployment 81 | metadata: 82 | annotations: 83 | kubectl.kubernetes.io/last-applied-configuration: | 84 | {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"k8s-app":"metrics-server"},"name":"metrics-server","namespace":"kube-system"},"spec":{"selector":{"matchLabels":{"k8s-app":"metrics-server"}},"template":{"metadata":{"labels":{"k8s-app":"metrics-server"},"name":"metrics-server"},"spec":{"containers":[{"args":["--cert-dir=/tmp","--secure-port=4443"],"image":"k8s.gcr.io/metrics-server-amd64:v0.3.6","imagePullPolicy":"IfNotPresent","name":"metrics-server","ports":[{"containerPort":4443,"name":"main-port","protocol":"TCP"}],"securityContext":{"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000},"volumeMounts":[{"mountPath":"/tmp","name":"tmp-dir"}]}],"nodeSelector":{"kubernetes.io/arch":"amd64","kubernetes.io/os":"linux"},"serviceAccountName":"metrics-server","volumes":[{"emptyDir":{},"name":"tmp-dir"}]}}}} 85 | labels: 86 | k8s-app: metrics-server 87 | name: metrics-server 88 | namespace: kube-system 89 | spec: 90 | selector: 91 | matchLabels: 92 | k8s-app: metrics-server 93 | template: 94 | metadata: 95 | labels: 96 | k8s-app: metrics-server 97 | name: metrics-server 98 | spec: 99 | containers: 100 | - args: 101 | - --cert-dir=/tmp 102 | - --secure-port=4443 103 | image: k8s.gcr.io/metrics-server-amd64:v0.3.6 104 | imagePullPolicy: IfNotPresent 105 | name: metrics-server 106 | ports: 107 | - containerPort: 4443 108 | name: main-port 109 | protocol: TCP 110 | securityContext: 111 | readOnlyRootFilesystem: true 112 | runAsNonRoot: true 113 | runAsUser: 1000 114 | volumeMounts: 115 | - mountPath: /tmp 116 | name: tmp-dir 117 | nodeSelector: 118 | kubernetes.io/arch: amd64 119 | kubernetes.io/os: linux 120 | serviceAccountName: metrics-server 121 | volumes: 122 | - emptyDir: {} 123 | name: tmp-dir 124 | - apiVersion: v1 125 | kind: Service 126 | metadata: 127 | annotations: 128 | kubectl.kubernetes.io/last-applied-configuration: | 129 | {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"kubernetes.io/cluster-service":"true","kubernetes.io/name":"Metrics-server"},"name":"metrics-server","namespace":"kube-system"},"spec":{"ports":[{"port":443,"protocol":"TCP","targetPort":"main-port"}],"selector":{"k8s-app":"metrics-server"}}} 130 | labels: 131 | kubernetes.io/cluster-service: "true" 132 | kubernetes.io/name: Metrics-server 133 | name: metrics-server 134 | namespace: kube-system 135 | spec: 136 | ports: 137 | - port: 443 138 | protocol: TCP 139 | targetPort: main-port 140 | selector: 141 | k8s-app: metrics-server 142 | - apiVersion: rbac.authorization.k8s.io/v1 143 | kind: ClusterRole 144 | metadata: 145 | annotations: 146 | kubectl.kubernetes.io/last-applied-configuration: | 147 | {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"name":"system:metrics-server"},"rules":[{"apiGroups":[""],"resources":["pods","nodes","nodes/stats","namespaces","configmaps"],"verbs":["get","list","watch"]}]} 148 | name: system:metrics-server 149 | rules: 150 | - apiGroups: 151 | - "" 152 | resources: 153 | - pods 154 | - nodes 155 | - nodes/stats 156 | - namespaces 157 | - configmaps 158 | verbs: 159 | - get 160 | - list 161 | - watch 162 | - apiVersion: rbac.authorization.k8s.io/v1 163 | kind: ClusterRoleBinding 164 | metadata: 165 | annotations: 166 | kubectl.kubernetes.io/last-applied-configuration: | 167 | {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"name":"system:metrics-server"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"system:metrics-server"},"subjects":[{"kind":"ServiceAccount","name":"metrics-server","namespace":"kube-system"}]} 168 | name: system:metrics-server 169 | roleRef: 170 | apiGroup: rbac.authorization.k8s.io 171 | kind: ClusterRole 172 | name: system:metrics-server 173 | subjects: 174 | - kind: ServiceAccount 175 | name: metrics-server 176 | namespace: kube-system 177 | kind: List 178 | metadata: {} 179 | -------------------------------------------------------------------------------- /demo/mvnw: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # ---------------------------------------------------------------------------- 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # https://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | # ---------------------------------------------------------------------------- 20 | 21 | # ---------------------------------------------------------------------------- 22 | # Maven2 Start Up Batch script 23 | # 24 | # Required ENV vars: 25 | # ------------------ 26 | # JAVA_HOME - location of a JDK home dir 27 | # 28 | # Optional ENV vars 29 | # ----------------- 30 | # M2_HOME - location of maven2's installed home dir 31 | # MAVEN_OPTS - parameters passed to the Java VM when running Maven 32 | # e.g. to debug Maven itself, use 33 | # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 34 | # MAVEN_SKIP_RC - flag to disable loading of mavenrc files 35 | # ---------------------------------------------------------------------------- 36 | 37 | if [ -z "$MAVEN_SKIP_RC" ] ; then 38 | 39 | if [ -f /etc/mavenrc ] ; then 40 | . /etc/mavenrc 41 | fi 42 | 43 | if [ -f "$HOME/.mavenrc" ] ; then 44 | . "$HOME/.mavenrc" 45 | fi 46 | 47 | fi 48 | 49 | # OS specific support. $var _must_ be set to either true or false. 50 | cygwin=false; 51 | darwin=false; 52 | mingw=false 53 | case "`uname`" in 54 | CYGWIN*) cygwin=true ;; 55 | MINGW*) mingw=true;; 56 | Darwin*) darwin=true 57 | # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home 58 | # See https://developer.apple.com/library/mac/qa/qa1170/_index.html 59 | if [ -z "$JAVA_HOME" ]; then 60 | if [ -x "/usr/libexec/java_home" ]; then 61 | export JAVA_HOME="`/usr/libexec/java_home`" 62 | else 63 | export JAVA_HOME="/Library/Java/Home" 64 | fi 65 | fi 66 | ;; 67 | esac 68 | 69 | if [ -z "$JAVA_HOME" ] ; then 70 | if [ -r /etc/gentoo-release ] ; then 71 | JAVA_HOME=`java-config --jre-home` 72 | fi 73 | fi 74 | 75 | if [ -z "$M2_HOME" ] ; then 76 | ## resolve links - $0 may be a link to maven's home 77 | PRG="$0" 78 | 79 | # need this for relative symlinks 80 | while [ -h "$PRG" ] ; do 81 | ls=`ls -ld "$PRG"` 82 | link=`expr "$ls" : '.*-> \(.*\)$'` 83 | if expr "$link" : '/.*' > /dev/null; then 84 | PRG="$link" 85 | else 86 | PRG="`dirname "$PRG"`/$link" 87 | fi 88 | done 89 | 90 | saveddir=`pwd` 91 | 92 | M2_HOME=`dirname "$PRG"`/.. 93 | 94 | # make it fully qualified 95 | M2_HOME=`cd "$M2_HOME" && pwd` 96 | 97 | cd "$saveddir" 98 | # echo Using m2 at $M2_HOME 99 | fi 100 | 101 | # For Cygwin, ensure paths are in UNIX format before anything is touched 102 | if $cygwin ; then 103 | [ -n "$M2_HOME" ] && 104 | M2_HOME=`cygpath --unix "$M2_HOME"` 105 | [ -n "$JAVA_HOME" ] && 106 | JAVA_HOME=`cygpath --unix "$JAVA_HOME"` 107 | [ -n "$CLASSPATH" ] && 108 | CLASSPATH=`cygpath --path --unix "$CLASSPATH"` 109 | fi 110 | 111 | # For Mingw, ensure paths are in UNIX format before anything is touched 112 | if $mingw ; then 113 | [ -n "$M2_HOME" ] && 114 | M2_HOME="`(cd "$M2_HOME"; pwd)`" 115 | [ -n "$JAVA_HOME" ] && 116 | JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" 117 | # TODO classpath? 118 | fi 119 | 120 | if [ -z "$JAVA_HOME" ]; then 121 | javaExecutable="`which javac`" 122 | if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then 123 | # readlink(1) is not available as standard on Solaris 10. 124 | readLink=`which readlink` 125 | if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then 126 | if $darwin ; then 127 | javaHome="`dirname \"$javaExecutable\"`" 128 | javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" 129 | else 130 | javaExecutable="`readlink -f \"$javaExecutable\"`" 131 | fi 132 | javaHome="`dirname \"$javaExecutable\"`" 133 | javaHome=`expr "$javaHome" : '\(.*\)/bin'` 134 | JAVA_HOME="$javaHome" 135 | export JAVA_HOME 136 | fi 137 | fi 138 | fi 139 | 140 | if [ -z "$JAVACMD" ] ; then 141 | if [ -n "$JAVA_HOME" ] ; then 142 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 143 | # IBM's JDK on AIX uses strange locations for the executables 144 | JAVACMD="$JAVA_HOME/jre/sh/java" 145 | else 146 | JAVACMD="$JAVA_HOME/bin/java" 147 | fi 148 | else 149 | JAVACMD="`which java`" 150 | fi 151 | fi 152 | 153 | if [ ! -x "$JAVACMD" ] ; then 154 | echo "Error: JAVA_HOME is not defined correctly." >&2 155 | echo " We cannot execute $JAVACMD" >&2 156 | exit 1 157 | fi 158 | 159 | if [ -z "$JAVA_HOME" ] ; then 160 | echo "Warning: JAVA_HOME environment variable is not set." 161 | fi 162 | 163 | CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher 164 | 165 | # traverses directory structure from process work directory to filesystem root 166 | # first directory with .mvn subdirectory is considered project base directory 167 | find_maven_basedir() { 168 | 169 | if [ -z "$1" ] 170 | then 171 | echo "Path not specified to find_maven_basedir" 172 | return 1 173 | fi 174 | 175 | basedir="$1" 176 | wdir="$1" 177 | while [ "$wdir" != '/' ] ; do 178 | if [ -d "$wdir"/.mvn ] ; then 179 | basedir=$wdir 180 | break 181 | fi 182 | # workaround for JBEAP-8937 (on Solaris 10/Sparc) 183 | if [ -d "${wdir}" ]; then 184 | wdir=`cd "$wdir/.."; pwd` 185 | fi 186 | # end of workaround 187 | done 188 | echo "${basedir}" 189 | } 190 | 191 | # concatenates all lines of a file 192 | concat_lines() { 193 | if [ -f "$1" ]; then 194 | echo "$(tr -s '\n' ' ' < "$1")" 195 | fi 196 | } 197 | 198 | BASE_DIR=`find_maven_basedir "$(pwd)"` 199 | if [ -z "$BASE_DIR" ]; then 200 | exit 1; 201 | fi 202 | 203 | ########################################################################################## 204 | # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central 205 | # This allows using the maven wrapper in projects that prohibit checking in binary data. 206 | ########################################################################################## 207 | if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then 208 | if [ "$MVNW_VERBOSE" = true ]; then 209 | echo "Found .mvn/wrapper/maven-wrapper.jar" 210 | fi 211 | else 212 | if [ "$MVNW_VERBOSE" = true ]; then 213 | echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." 214 | fi 215 | jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.4.2/maven-wrapper-0.4.2.jar" 216 | while IFS="=" read key value; do 217 | case "$key" in (wrapperUrl) jarUrl="$value"; break ;; 218 | esac 219 | done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" 220 | if [ "$MVNW_VERBOSE" = true ]; then 221 | echo "Downloading from: $jarUrl" 222 | fi 223 | wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" 224 | 225 | if command -v wget > /dev/null; then 226 | if [ "$MVNW_VERBOSE" = true ]; then 227 | echo "Found wget ... using wget" 228 | fi 229 | wget "$jarUrl" -O "$wrapperJarPath" 230 | elif command -v curl > /dev/null; then 231 | if [ "$MVNW_VERBOSE" = true ]; then 232 | echo "Found curl ... using curl" 233 | fi 234 | curl -o "$wrapperJarPath" "$jarUrl" 235 | else 236 | if [ "$MVNW_VERBOSE" = true ]; then 237 | echo "Falling back to using Java to download" 238 | fi 239 | javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" 240 | if [ -e "$javaClass" ]; then 241 | if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 242 | if [ "$MVNW_VERBOSE" = true ]; then 243 | echo " - Compiling MavenWrapperDownloader.java ..." 244 | fi 245 | # Compiling the Java class 246 | ("$JAVA_HOME/bin/javac" "$javaClass") 247 | fi 248 | if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then 249 | # Running the downloader 250 | if [ "$MVNW_VERBOSE" = true ]; then 251 | echo " - Running MavenWrapperDownloader.java ..." 252 | fi 253 | ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") 254 | fi 255 | fi 256 | fi 257 | fi 258 | ########################################################################################## 259 | # End of extension 260 | ########################################################################################## 261 | 262 | export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} 263 | if [ "$MVNW_VERBOSE" = true ]; then 264 | echo $MAVEN_PROJECTBASEDIR 265 | fi 266 | MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" 267 | 268 | # For Cygwin, switch paths to Windows format before running java 269 | if $cygwin; then 270 | [ -n "$M2_HOME" ] && 271 | M2_HOME=`cygpath --path --windows "$M2_HOME"` 272 | [ -n "$JAVA_HOME" ] && 273 | JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` 274 | [ -n "$CLASSPATH" ] && 275 | CLASSPATH=`cygpath --path --windows "$CLASSPATH"` 276 | [ -n "$MAVEN_PROJECTBASEDIR" ] && 277 | MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` 278 | fi 279 | 280 | WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain 281 | 282 | exec "$JAVACMD" \ 283 | $MAVEN_OPTS \ 284 | -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ 285 | "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ 286 | ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" 287 | --------------------------------------------------------------------------------