├── Cert-Manager
    ├── README.md
    ├── cert-manager-ca-cert.yaml
    ├── cert-manager-private-ca-issuer.yaml
    ├── cert-manager-selfsigned-issuer.yaml
    ├── kube-root-ca
    │   ├── apiserver-user-client-cert-demo.yaml
    │   ├── kube-root-clusterissuer.yaml
    │   └── pod-with-ca-secret.yaml
    └── nginx-server-cert-demo.yaml
├── Cilium
    └── README.md
├── Kuboard
    ├── README.md
    ├── ingress.yaml
    ├── kuboard-ephemeral
    │   └── kuboard-v3.yaml
    ├── kuboard-persistent
    │   └── kuboard-v3.yaml
    └── kuboard_example.yaml
├── LICENSE
├── Loki-Stack
    ├── README.md
    ├── examples
    │   ├── 01-monolithic-mode
    │   │   ├── README.md
    │   │   ├── docker-compose.yaml
    │   │   ├── loki-config.yaml
    │   │   └── promtail-local-config.yaml
    │   ├── 02-loki-read-write-path-split
    │   │   ├── README.md
    │   │   ├── docker-compose.yaml
    │   │   ├── loki-config.yaml
    │   │   └── promtail-local-config.yaml
    │   ├── 03-simple-scalable
    │   │   ├── .gitignore
    │   │   ├── README.md
    │   │   ├── config
    │   │   │   ├── alertmanager.yml
    │   │   │   ├── datasources.yaml
    │   │   │   ├── loki.yaml
    │   │   │   ├── nginx.conf
    │   │   │   ├── prometheus.yaml
    │   │   │   └── promtail.yaml
    │   │   ├── docker-compose.yaml
    │   │   └── rules
    │   │   │   └── docker
    │   │   │       └── rules.yml
    │   └── quick-start
    │   │   ├── .gitignore
    │   │   ├── README.md
    │   │   ├── docker-compose.yaml
    │   │   ├── loki-config.yaml
    │   │   └── promtail-local-config.yaml
    ├── getting-started
    │   ├── .gitignore
    │   ├── README.md
    │   ├── docker-compose.yaml
    │   ├── loki-config.yaml
    │   └── promtail-local-config.yaml
    ├── kubernetes
    │   ├── alertmanager
    │   │   ├── README.md
    │   │   ├── alertmanager-values.yaml
    │   │   └── manifests
    │   │   │   ├── alertmanager-cfg.yaml
    │   │   │   ├── alertmanager-deployment.yaml
    │   │   │   ├── alertmanager-ingress.yaml
    │   │   │   └── alertmanager-service.yaml
    │   ├── grafana
    │   │   ├── README.md
    │   │   ├── grafana-values.yaml
    │   │   ├── manifests
    │   │   │   ├── 01-grafana-cfg.yaml
    │   │   │   ├── 02-grafana-service.yaml
    │   │   │   ├── 03-grafana-pvc.yaml
    │   │   │   ├── 04-grafana-deployment.yaml
    │   │   │   └── 05-grafana-ingress.yaml
    │   │   └── pictures
    │   │   │   └── grafana-loki-explore-data.png
    │   ├── loki
    │   │   ├── README.md
    │   │   ├── loki-values.yaml
    │   │   └── loki-with-alert-values.yaml
    │   ├── minio
    │   │   ├── README.md
    │   │   ├── minio-ingress.yaml
    │   │   ├── minio-operator-values.yaml
    │   │   ├── minio-tenant-values.yaml
    │   │   ├── pictures
    │   │   │   ├── create-tenant.png
    │   │   │   ├── minio-buckets-for-loki.png
    │   │   │   ├── minio-operator-login-page.png
    │   │   │   ├── tenant-configure.png
    │   │   │   ├── tenant-identity-provider.png
    │   │   │   ├── tenant-security.png
    │   │   │   ├── tenant-setup-page.png
    │   │   │   └── tenant-sumary.png
    │   │   └── tenant-example
    │   │   │   ├── minio-cfg.yaml
    │   │   │   └── tenant-minio.yaml
    │   └── promtail
    │   │   ├── README.md
    │   │   └── promtail-values.yaml
    ├── promtail
    │   ├── .gitignore
    │   ├── README.md
    │   ├── docker-compose.yaml
    │   ├── promtail.yaml
    │   └── tomcat
    │   │   ├── Dockerfile
    │   │   ├── context.xml
    │   │   ├── docs-context.xml
    │   │   ├── examples-context.xml
    │   │   ├── manager-context.xml
    │   │   ├── sources.list
    │   │   └── tomcat-users.xml
    └── simple-scalable
    │   ├── .gitignore
    │   ├── README.md
    │   ├── config
    │       ├── alertmanager.yml
    │       ├── datasources.yaml
    │       ├── loki.yaml
    │       ├── nginx.conf
    │       ├── prometheus.yaml
    │       └── promtail.yaml
    │   ├── docker-compose.yaml
    │   └── rules
    │       └── tenant1
    │           ├── rules.yml
    │           └── rules02.yml
├── MageEdu-Private-Cloud
    ├── README.md
    ├── csi-driver-nfs
    │   ├── README.md
    │   ├── nfs-csi-storageclass.yaml
    │   ├── nfs-pvc-dynamic.yaml
    │   ├── nfs-server.yaml
    │   └── v4.4.0
    │   │   ├── crd-csi-snapshot.yaml
    │   │   ├── csi-nfs-controller.yaml
    │   │   ├── csi-nfs-driverinfo.yaml
    │   │   ├── csi-nfs-node.yaml
    │   │   ├── csi-snapshot-controller.yaml
    │   │   ├── rbac-csi-nfs.yaml
    │   │   └── rbac-snapshot-controller.yaml
    ├── flannel
    │   └── kube-flannel.yml
    ├── infra-services-with-prometheus
    │   ├── 00-Prometheus
    │   │   ├── README.md
    │   │   ├── alertmanager
    │   │   │   ├── alertmanager-cfg.yaml
    │   │   │   ├── alertmanager-deployment.yaml
    │   │   │   ├── alertmanager-service.yaml
    │   │   │   └── alertmanager-templates-cfg.yaml
    │   │   ├── grafana
    │   │   │   ├── 01-grafana-cfg.yaml
    │   │   │   ├── 02-grafana-service.yaml
    │   │   │   ├── 03-grafana-pvc.yaml
    │   │   │   ├── 04-grafana-deployment.yaml
    │   │   │   └── 05-grafana-ingress.yaml
    │   │   ├── kube-state-metrics
    │   │   │   ├── kube-state-metrics-deploy.yaml
    │   │   │   ├── kube-state-metrics-rbac.yaml
    │   │   │   └── kube-state-metrics-svc.yaml
    │   │   ├── namespace.yaml
    │   │   ├── node_exporter
    │   │   │   ├── node-exporter-ds.yaml
    │   │   │   └── node-exporter-svc.yaml
    │   │   ├── prometheus-adpater
    │   │   │   ├── README.md
    │   │   │   ├── example-metrics
    │   │   │   │   ├── custom-metrics-config-map.yaml
    │   │   │   │   ├── metrics-app-hpa.yaml
    │   │   │   │   └── metrics-example-app.yaml
    │   │   │   ├── gencerts.sh
    │   │   │   └── manifests
    │   │   │   │   ├── custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml
    │   │   │   │   ├── custom-metrics-apiserver-auth-reader-role-binding.yaml
    │   │   │   │   ├── custom-metrics-apiserver-deployment.yaml
    │   │   │   │   ├── custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml
    │   │   │   │   ├── custom-metrics-apiserver-service-account.yaml
    │   │   │   │   ├── custom-metrics-apiserver-service.yaml
    │   │   │   │   ├── custom-metrics-apiservice.yaml
    │   │   │   │   ├── custom-metrics-cluster-role.yaml
    │   │   │   │   ├── custom-metrics-config-map.yaml
    │   │   │   │   ├── custom-metrics-resource-reader-cluster-role.yaml
    │   │   │   │   └── hpa-custom-metrics-cluster-role-binding.yaml
    │   │   └── prometheus-server
    │   │   │   ├── prometheus-cfg.yaml
    │   │   │   ├── prometheus-deploy.yaml
    │   │   │   ├── prometheus-ingress.yaml
    │   │   │   ├── prometheus-rbac.yaml
    │   │   │   ├── prometheus-rules.yaml
    │   │   │   └── prometheus-svc.yaml
    │   ├── 01-Nacos
    │   │   ├── 01-secrets-mysql.yaml
    │   │   ├── 02-mysql-persistent.yaml
    │   │   ├── 03-nacos-cfg.yaml
    │   │   ├── 04-nacos-persistent.yaml
    │   │   ├── 05-nacos-service.yaml
    │   │   ├── README.md
    │   │   └── examples
    │   │   │   ├── cloud-nacos-registry.yaml
    │   │   │   ├── nacos_config_20230806.zip
    │   │   │   ├── nacos_config_20230808.zip
    │   │   │   └── nacos_config_20231029.zip
    │   ├── 02-ElasticStack
    │   │   ├── 01-elasticsearch-cluster-persistent.yaml
    │   │   ├── 02-fluentbit.yaml
    │   │   ├── 03-kibana.yaml
    │   │   ├── README.md
    │   │   ├── filebeat
    │   │   │   └── 02-filebeat.yaml
    │   │   └── grafana-dashboards
    │   │   │   ├── README.md
    │   │   │   └── elasticsearch.json
    │   ├── 03-Redis
    │   │   ├── 00-configmap-redis.yaml
    │   │   ├── 01-configmap-sentinel.yaml
    │   │   ├── 02-secret-redis.yaml
    │   │   ├── 03-services-redis.yaml
    │   │   ├── 04-statefulset-redis.yaml
    │   │   ├── README.md
    │   │   └── sentinel
    │   │   │   ├── 01-configmap-sentinel.yaml
    │   │   │   └── 02-statefulset-sentinel.yaml
    │   ├── 04-RabbitMQ
    │   │   ├── 01-configmap-rabbitmq.yaml
    │   │   ├── 02-rbac-rabbitmq.yaml
    │   │   ├── 03-secret-rabbitmq.yaml
    │   │   ├── 04-service-rabbitmq.yaml
    │   │   ├── 05-statefulset-rabbitmq.yaml
    │   │   ├── 06-ingress-rabbitmq.yaml
    │   │   ├── README.md
    │   │   └── manifests
    │   │   │   └── 05-statefulset-rabbitmq.yaml
    │   ├── 05-MongoDB
    │   │   ├── 01-configmap-mongodb.yaml
    │   │   ├── 02-service-mongodb.yaml
    │   │   ├── 03-statefulset-mongodb.yaml
    │   │   └── README.md
    │   ├── 06-MinIO
    │   │   ├── 01-services-minio.yaml
    │   │   ├── 02-secret-minio.yaml
    │   │   ├── 03-statefulset-minio.yaml
    │   │   ├── 04-ingress-minio.yaml
    │   │   └── README.md
    │   └── 07-Skywalking
    │   │   ├── 01-skywalking-oap.yaml
    │   │   ├── 02-skywalking-ui.yaml
    │   │   └── README.md
    ├── infra-services
    │   ├── 01-Nacos
    │   │   ├── 01-secrets-mysql.yaml
    │   │   ├── 02-mysql-persistent.yaml
    │   │   ├── 03-nacos-persistent.yaml
    │   │   ├── 04-nacos-service.yaml
    │   │   ├── README.md
    │   │   └── examples
    │   │   │   ├── cloud-nacos-registry.yaml
    │   │   │   ├── nacos_config_20230806.zip
    │   │   │   ├── nacos_config_20230808.zip
    │   │   │   └── nacos_config_20231029.zip
    │   ├── 02-ElasticStack
    │   │   ├── 01-elasticsearch-cluster-persistent.yaml
    │   │   ├── 02-fluentbit.yaml
    │   │   ├── 03-kibana.yaml
    │   │   ├── README.md
    │   │   └── filebeat
    │   │   │   └── 02-filebeat.yaml
    │   ├── 03-Redis
    │   │   ├── 00-configmap-redis.yaml
    │   │   ├── 01-configmap-sentinel.yaml
    │   │   ├── 02-secret-redis.yaml
    │   │   ├── 03-services-redis.yaml
    │   │   ├── 04-statefulset-redis.yaml
    │   │   ├── README.md
    │   │   └── sentinel
    │   │   │   ├── 01-configmap-sentinel.yaml
    │   │   │   └── 02-statefulset-sentinel.yaml
    │   ├── 04-RabbitMQ
    │   │   ├── 01-configmap-rabbitmq.yaml
    │   │   ├── 02-rbac-rabbitmq.yaml
    │   │   ├── 03-secret-rabbitmq.yaml
    │   │   ├── 04-service-rabbitmq.yaml
    │   │   ├── 05-statefulset-rabbitmq.yaml
    │   │   ├── 06-ingress-rabbitmq.yaml
    │   │   └── README.md
    │   ├── 05-MongoDB
    │   │   ├── 01-configmap-mongodb.yaml
    │   │   ├── 02-service-mongodb.yaml
    │   │   ├── 03-statefulset-mongodb.yaml
    │   │   └── README.md
    │   ├── 06-MinIO
    │   │   ├── 01-services-minio.yaml
    │   │   ├── 02-secret-minio.yaml
    │   │   ├── 03-statefulset-minio.yaml
    │   │   ├── 04-ingress-minio.yaml
    │   │   └── README.md
    │   └── 07-Skywalking
    │   │   ├── 01-skywalking-oap.yaml
    │   │   └── 02-skywalking-ui.yaml
    ├── ingress-nginx
    │   └── deploy.yml
    ├── k8s-inst
    │   ├── README.md
    │   ├── ansible-k8s-install
    │   │   ├── cluster-install.sh
    │   │   ├── files
    │   │   │   ├── calico.yaml
    │   │   │   ├── containerd-config.toml
    │   │   │   ├── crictl.yaml
    │   │   │   └── kube-flannel.yml
    │   │   ├── install-k8s-calico.yaml
    │   │   ├── install-k8s-cilium.yaml
    │   │   ├── install-k8s-flannel.yaml
    │   │   ├── install-kubeadm.yaml
    │   │   ├── reset-kubeadm.yaml
    │   │   └── scripts
    │   │   │   └── cilium-gen-keys.sh
    │   ├── cluster_init_script
    │   │   ├── cluster-init.sh
    │   │   ├── kube-flannel.yml
    │   │   └── kubeadm-init-config.tmpl
    │   ├── generate-init-config.sh
    │   └── kubeadm-init-config.tmpl.yaml
    ├── kuboard
    │   ├── deploy.yaml
    │   └── ingress-kuboard.yaml
    ├── mall-and-skywalking
    │   ├── README.md
    │   ├── mall-admin-web.yaml
    │   ├── mall-admin.yaml
    │   ├── mall-auth.yaml
    │   ├── mall-gateway.yaml
    │   ├── mall-monitor.yaml
    │   ├── mall-portal.yaml
    │   └── mall-search.yaml
    ├── metrics-server
    │   └── components.yaml
    └── openstack-heat-templates
    │   ├── README.md
    │   ├── cluster-base-env-floatingip.tmpl
    │   ├── cluster-base-env.tmpl
    │   ├── cluster_nodes_number_on_damands.tmpl
    │   ├── floatingip-example-02.tmpl
    │   ├── floatingip-example.tmpl
    │   ├── images
    │       ├── cluster_nodes_on_demands.png
    │       ├── clusters_and_instances.png
    │       ├── three_base_nodes.png
    │       └── two_clusters.png
    │   ├── multi-clusters
    │       ├── README.md
    │       ├── cluster01.tmpl
    │       ├── cluster02.tmpl
    │       └── cluster03.tmpl
    │   └── two_clusters.tmpl
├── Mall-MicroService
    ├── README.md
    ├── infra-services-with-prometheus
    │   ├── 00-Prometheus
    │   │   ├── README.md
    │   │   ├── alertmanager
    │   │   │   ├── alertmanager-cfg.yaml
    │   │   │   ├── alertmanager-deployment.yaml
    │   │   │   ├── alertmanager-service.yaml
    │   │   │   └── alertmanager-templates-cfg.yaml
    │   │   ├── grafana
    │   │   │   ├── 01-grafana-cfg.yaml
    │   │   │   ├── 02-grafana-service.yaml
    │   │   │   ├── 03-grafana-pvc.yaml
    │   │   │   ├── 04-grafana-deployment.yaml
    │   │   │   └── 05-grafana-ingress.yaml
    │   │   ├── kube-state-metrics
    │   │   │   ├── kube-state-metrics-deploy.yaml
    │   │   │   ├── kube-state-metrics-rbac.yaml
    │   │   │   └── kube-state-metrics-svc.yaml
    │   │   ├── namespace.yaml
    │   │   ├── node_exporter
    │   │   │   ├── node-exporter-ds.yaml
    │   │   │   └── node-exporter-svc.yaml
    │   │   ├── prometheus-adpater
    │   │   │   ├── README.md
    │   │   │   ├── example-metrics
    │   │   │   │   ├── custom-metrics-config-map.yaml
    │   │   │   │   ├── metrics-app-hpa.yaml
    │   │   │   │   └── metrics-example-app.yaml
    │   │   │   ├── gencerts.sh
    │   │   │   └── manifests
    │   │   │   │   ├── custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml
    │   │   │   │   ├── custom-metrics-apiserver-auth-reader-role-binding.yaml
    │   │   │   │   ├── custom-metrics-apiserver-deployment.yaml
    │   │   │   │   ├── custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml
    │   │   │   │   ├── custom-metrics-apiserver-service-account.yaml
    │   │   │   │   ├── custom-metrics-apiserver-service.yaml
    │   │   │   │   ├── custom-metrics-apiservice.yaml
    │   │   │   │   ├── custom-metrics-cluster-role.yaml
    │   │   │   │   ├── custom-metrics-config-map.yaml
    │   │   │   │   ├── custom-metrics-resource-reader-cluster-role.yaml
    │   │   │   │   └── hpa-custom-metrics-cluster-role-binding.yaml
    │   │   └── prometheus-server
    │   │   │   ├── .prometheus-ingress.yaml.swp
    │   │   │   ├── prometheus-cfg.yaml
    │   │   │   ├── prometheus-deploy.yaml
    │   │   │   ├── prometheus-ingress.yaml
    │   │   │   ├── prometheus-rbac.yaml
    │   │   │   ├── prometheus-rules.yaml
    │   │   │   └── prometheus-svc.yaml
    │   ├── 01-Nacos
    │   │   ├── 01-secrets-mysql.yaml
    │   │   ├── 02-mysql-persistent.yaml
    │   │   ├── 03-nacos-cfg.yaml
    │   │   ├── 04-nacos-persistent.yaml
    │   │   ├── 05-nacos-service.yaml
    │   │   ├── 06-nacos-ingress.yaml
    │   │   ├── README.md
    │   │   └── examples
    │   │   │   ├── cloud-nacos-registry.yaml
    │   │   │   ├── nacos_config_20230806.zip
    │   │   │   ├── nacos_config_20230808.zip
    │   │   │   └── nacos_config_20231029.zip
    │   ├── 02-ElasticStack
    │   │   ├── 01-elasticsearch-cluster-persistent.yaml
    │   │   ├── 02-fluentbit.yaml
    │   │   ├── 03-kibana.yaml
    │   │   ├── README.md
    │   │   ├── filebeat
    │   │   │   └── 02-filebeat.yaml
    │   │   └── grafana-dashboards
    │   │   │   ├── README.md
    │   │   │   └── elasticsearch.json
    │   ├── 03-Redis
    │   │   ├── 00-configmap-redis.yaml
    │   │   ├── 01-configmap-sentinel.yaml
    │   │   ├── 02-secret-redis.yaml
    │   │   ├── 03-services-redis.yaml
    │   │   ├── 04-statefulset-redis.yaml
    │   │   ├── README.md
    │   │   └── sentinel
    │   │   │   ├── 01-configmap-sentinel.yaml
    │   │   │   └── 02-statefulset-sentinel.yaml
    │   ├── 04-RabbitMQ
    │   │   ├── 01-configmap-rabbitmq.yaml
    │   │   ├── 02-rbac-rabbitmq.yaml
    │   │   ├── 03-secret-rabbitmq.yaml
    │   │   ├── 04-service-rabbitmq.yaml
    │   │   ├── 05-statefulset-rabbitmq.yaml
    │   │   ├── 06-ingress-rabbitmq.yaml
    │   │   ├── README.md
    │   │   └── manifests
    │   │   │   └── 05-statefulset-rabbitmq.yaml
    │   ├── 05-MongoDB
    │   │   ├── 01-configmap-mongodb.yaml
    │   │   ├── 02-service-mongodb.yaml
    │   │   ├── 03-statefulset-mongodb.yaml
    │   │   └── README.md
    │   ├── 06-MinIO
    │   │   ├── 01-services-minio.yaml
    │   │   ├── 02-secret-minio.yaml
    │   │   ├── 03-statefulset-minio.yaml
    │   │   ├── 04-ingress-minio.yaml
    │   │   └── README.md
    │   ├── 07-Skywalking
    │   │   ├── 01-skywalking-oap.yaml
    │   │   ├── 02-skywalking-ui.yaml
    │   │   └── README.md
    │   └── README.md
    ├── infra-services
    │   ├── 01-Nacos
    │   │   ├── 01-secrets-mysql.yaml
    │   │   ├── 02-mysql-persistent.yaml
    │   │   ├── 03-nacos-persistent.yaml
    │   │   ├── README.md
    │   │   ├── examples
    │   │   │   ├── cloud-nacos-registry.yaml
    │   │   │   ├── nacos_config_20230806.zip
    │   │   │   ├── nacos_config_20230808.zip
    │   │   │   └── nacos_config_20231029.zip
    │   │   └── manifests
    │   │   │   ├── mysql
    │   │   │       ├── 01-configmap-mysql.yaml
    │   │   │       ├── 02-secrets-mysql.yaml
    │   │   │       ├── 03-services-mysql.yaml
    │   │   │       └── 04-statefulset-mysql.yaml
    │   │   │   └── nacos
    │   │   │       ├── 01-configmap-nacos.yaml
    │   │   │       ├── 02-service-nacos.yaml
    │   │   │       ├── 03-statefulset-nacos.yaml
    │   │   │       ├── 04-ingress-nacos.yaml
    │   │   │       └── README.md
    │   ├── 02-ElasticStack
    │   │   ├── 01-elasticsearch-cluster-persistent.yaml
    │   │   ├── 02-fluentbit.yaml
    │   │   ├── 03-kibana.yaml
    │   │   ├── README.md
    │   │   └── filebeat
    │   │   │   └── 02-filebeat.yaml
    │   ├── 03-Redis
    │   │   ├── 00-configmap-redis.yaml
    │   │   ├── 01-configmap-sentinel.yaml
    │   │   ├── 02-secret-redis.yaml
    │   │   ├── 03-services-redis.yaml
    │   │   ├── 04-statefulset-redis.yaml
    │   │   ├── README.md
    │   │   └── sentinel
    │   │   │   ├── 01-configmap-sentinel.yaml
    │   │   │   └── 02-statefulset-sentinel.yaml
    │   ├── 04-RabbitMQ
    │   │   ├── 01-configmap-rabbitmq.yaml
    │   │   ├── 02-rbac-rabbitmq.yaml
    │   │   ├── 03-secret-rabbitmq.yaml
    │   │   ├── 04-service-rabbitmq.yaml
    │   │   ├── 05-statefulset-rabbitmq.yaml
    │   │   ├── 06-ingress-rabbitmq.yaml
    │   │   └── README.md
    │   ├── 05-MongoDB
    │   │   ├── 01-configmap-mongodb.yaml
    │   │   ├── 02-service-mongodb.yaml
    │   │   ├── 03-statefulset-mongodb.yaml
    │   │   └── README.md
    │   ├── 06-MinIO
    │   │   ├── 01-services-minio.yaml
    │   │   ├── 02-secret-minio.yaml
    │   │   ├── 03-statefulset-minio.yaml
    │   │   ├── 04-ingress-minio.yaml
    │   │   └── README.md
    │   └── 07-Skywalking
    │   │   ├── 01-skywalking-oap.yaml
    │   │   └── 02-skywalking-ui.yaml
    └── mall-and-skywalking
    │   ├── README.md
    │   ├── mall-admin-web.yaml
    │   ├── mall-admin.yaml
    │   ├── mall-auth.yaml
    │   ├── mall-gateway.yaml
    │   ├── mall-monitor.yaml
    │   ├── mall-portal.yaml
    │   └── mall-search.yaml
├── MetalLB
    ├── README.md
    ├── metallb-ipaddresspool.yaml
    └── metallb-l2advertisement.yaml
├── OpenEBS
    ├── README.md
    ├── deployment
    │   ├── helm
    │   │   └── openebs-values.yaml
    │   ├── openebs-localpv-lvm-4.0.yaml
    │   ├── openebs-localpv-lvm-4.1.yaml
    │   ├── openebs-localpv-lvm-and-zfs-4.0.yaml
    │   └── storageclass-openebs-hostpath.yaml
    ├── jiva-csi
    │   ├── openebs-jiva-csi-pvc.yaml
    │   ├── openebs-jiva-csi-storageclass.yaml
    │   ├── openebs-jivavolumepolicy-demo.yaml
    │   └── redis-with-openebs-jiva-pvc.yaml
    ├── local-pv-hostpath
    │   ├── openebs-local-hostpath-pvc.yaml
    │   └── redis-with-openebs-local-hostpath.yaml
    ├── local-pv-lvm
    │   ├── openebs-local-lvm-pvc-restore.yaml
    │   ├── openebs-local-lvm-pvc.yaml
    │   ├── openebs-local-lvm-storageclass.yaml
    │   ├── openebs-local-lvm-volumesnapshot-demo.yaml
    │   ├── openebs-local-lvm-volumesnapshotclass.yaml
    │   └── redis-with-openebs-local-lvm.yaml
    └── nfs-pv
    │   ├── openebs-nfs-pv-storageclass.yaml
    │   └── openebs-nfs-pvc.yaml
├── OpenELB
    ├── README.md
    └── eip-pool.yaml
├── ProjectCalico
    ├── README.md
    ├── bgpconfiguration-default.yaml
    ├── bgppeer-rack-demo.yaml
    ├── bgppeer-with-rr.yaml
    └── calico-config-examples
    │   ├── calico-typha.yaml
    │   ├── calico.yaml
    │   └── default-ipv4-ippool.yaml
├── README.md
├── Velero
    ├── credentials-velero
    ├── csi-driver-nfs
    │   ├── nfs-csi-volumesnapshot-demo.yaml
    │   ├── nfs-csi-volumesnapshotclass.yaml
    │   ├── nfs-pvc-demo.yaml
    │   ├── nfs-pvc-restore-from-snap-demo.yaml
    │   ├── redis-with-nfs-pvc-restore.yaml
    │   └── redis-with-nfs-pvc.yaml
    ├── imgs
    │   ├── backup001.png
    │   ├── kopia_uploader.png
    │   └── kopia_uploader002.png
    ├── minio
    │   └── docker-compose.yml
    └── tests.md
├── ansible-k8s-install
    ├── README.md
    ├── cluster-install.sh
    ├── files
    │   ├── calico.yaml
    │   ├── containerd-config.toml
    │   ├── crictl.yaml
    │   └── kube-flannel.yml
    ├── install-k8s-calico.yaml
    ├── install-k8s-cilium.yaml
    ├── install-k8s-flannel.yaml
    ├── install-kubeadm.yaml
    ├── reboot-system.yaml
    ├── reset-kubeadm.yaml
    └── scripts
    │   └── cilium-gen-keys.sh
├── csi-driver-nfs
    ├── README.md
    ├── deploy
    │   ├── 01-nfs-server
    │   │   └── nfs-server.yaml
    │   ├── 02-csi-driver-nfs-4.1
    │   │   ├── 01-rbac-csi-nfs.yaml
    │   │   ├── 02-csi-nfs-driverinfo.yaml
    │   │   ├── 03-csi-nfs-controller.yaml
    │   │   └── 04-csi-nfs-node.yaml
    │   ├── 03-csi-driver-nfs-4.2
    │   │   ├── csi-nfs-controller.yaml
    │   │   ├── csi-nfs-driverinfo.yaml
    │   │   ├── csi-nfs-node.yaml
    │   │   └── rbac-csi-nfs.yaml
    │   └── 04-csi-driver-nfs-4.6.0
    │   │   ├── crd-csi-snapshot.yaml
    │   │   ├── csi-nfs-controller.yaml
    │   │   ├── csi-nfs-driverinfo.yaml
    │   │   ├── csi-nfs-node.yaml
    │   │   ├── csi-snapshot-controller.yaml
    │   │   ├── rbac-csi-nfs.yaml
    │   │   └── rbac-snapshot-controller.yaml
    ├── nfs-csi-storageclass.yaml
    ├── nfs-pvc-dynamic.yaml
    └── volumes-nfs-demo.yaml
├── dashboard
    └── ingress-kubernetes-dashboard.yaml
├── eck-operator
    ├── README.md
    ├── beats-filebeat.yaml
    ├── elasticsearch-myes-cluster.yaml
    ├── images
    │   └── kibana.png
    └── kibana-myes.yaml
├── examples
    ├── authn_and_authz
    │   └── certificate-sign-request-demo
    │   │   ├── README.md
    │   │   ├── certificatesignrequest-mason.yaml
    │   │   ├── mason.csr
    │   │   └── mason.key
    ├── configmaps_and_secrets
    │   ├── certs.d
    │   │   ├── nginx.crt
    │   │   └── nginx.key
    │   ├── configmap-nginx-cfg.yaml
    │   ├── configmaps-env-demo.yaml
    │   ├── configmaps-volume-demo.yaml
    │   ├── downwardapi-demo.yaml
    │   ├── nginx-conf.d
    │   │   ├── myserver-gzip.cfg
    │   │   ├── myserver-status.cfg
    │   │   └── myserver.conf
    │   ├── nginx-ssl-conf.d
    │   │   ├── myserver-gzip.cfg
    │   │   ├── myserver-status.cfg
    │   │   └── myserver.conf
    │   ├── projected-demo.yaml
    │   ├── secret-mysql.yaml
    │   ├── secret-nginx-certs.yaml
    │   ├── secrets-demo.yaml
    │   ├── secrets-env-demo.yaml
    │   └── secrets-volume-demo.yaml
    ├── daemonsets
    │   └── daemonset-demo.yaml
    ├── deployments
    │   ├── deployment-demo.yaml
    │   ├── jenkins.yaml
    │   └── replicaset-demo.yaml
    ├── jobs_and_cronjobs
    │   ├── cronjob-demo.yaml
    │   ├── job-demo.yaml
    │   └── job-para-demo.yaml
    ├── network-policy-examples
    │   ├── README.md
    │   ├── allow-all-ingress-traffic.yaml
    │   ├── allow-selected-ingress-traffic.yaml
    │   ├── deny-all-both-traffic.yaml
    │   ├── deny-all-ingress-traffic.yaml
    │   └── example-base-env.yaml
    ├── pods
    │   ├── adapter-container-demo.yaml
    │   ├── ambassador-container-demo.yaml
    │   ├── init-container-demo.yaml
    │   ├── liveness-exec-demo.yaml
    │   ├── liveness-httpget-demo.yaml
    │   ├── liveness-tcpsocket-demo.yaml
    │   ├── pod-demo-hostport.yaml
    │   ├── pod-demo-seccon-capability.yaml
    │   ├── pod-demo-seccon-privileged.yaml
    │   ├── pod-demo-seccon-runas.yaml
    │   ├── pod-demo-with-cmd-and-args.yaml
    │   ├── pod-demo.yaml
    │   ├── pod-resources-demo.yaml
    │   ├── pod-using-env.yaml
    │   ├── readiness-httpget-demo.yaml
    │   ├── resource-limits-demo.yaml
    │   ├── resource-requests-demo.yaml
    │   ├── securitycontext-capabilities-demo.yaml
    │   ├── sidecar-container-demo.yaml
    │   └── startup-exec-demo.yaml
    ├── services
    │   ├── configmap-coredns.yaml
    │   ├── demoapp-headless-svc.yaml
    │   ├── endpointslice-demo.yaml
    │   ├── externalname-redis-svc.yaml
    │   ├── mysql-endpoints-demo.yaml
    │   ├── pod-with-dnspolicy.yaml
    │   ├── services-clusterip-demo.yaml
    │   ├── services-externalip-demo.yaml
    │   ├── services-loadbalancer-demo.yaml
    │   ├── services-nodeport-demo.yaml
    │   └── services-readiness-demo.yaml
    ├── statefulsets
    │   ├── demodb.yaml
    │   ├── mysql
    │   │   ├── 01-configmap-mysql.yaml
    │   │   ├── 02-services-mysql.yaml
    │   │   ├── 03-statefulset-mysql.yaml
    │   │   └── README.md
    │   └── statefulset-demo.yaml
    ├── volumes
    │   ├── dynamic-pvc-demo.yaml
    │   ├── local-pv-demo
    │   │   ├── local-pv-demo.yaml
    │   │   ├── pod-with-localpv.yaml
    │   │   ├── pvc-localpv-demo.yaml
    │   │   └── storageclass-local.yaml
    │   ├── openebs
    │   │   ├── README.md
    │   │   ├── openebs-local-hostpath-pvc.yaml
    │   │   └── redis-with-openebs-local-hostpath.yaml
    │   ├── pod-demoapp.yaml
    │   ├── pod-with-emptyDir-vol-02.yaml
    │   ├── pod-with-emptyDir-vol.yaml
    │   ├── pod-with-hostpath-vol-02.yaml
    │   ├── pod-with-hostpath-vol.yaml
    │   ├── pod-with-nfs-vol.yaml
    │   ├── pod-with-pvc-demo.yaml
    │   ├── pv-nfs-demo.yaml
    │   ├── pvc-demo.yaml
    │   ├── storageclass-nfs.yaml
    │   └── volumes-nfs-demo.yaml
    └── wordpress
    │   ├── 01-namespace-blog.yaml
    │   ├── 02-mysql-secret.yaml
    │   ├── 03-mysql-service.yaml
    │   ├── 04-statefulset-mysql.yaml
    │   ├── 05-wordpress-service.yaml
    │   ├── 06-pvc-wordpress.yaml
    │   ├── 07-deployment-wordpress.yaml
    │   └── README.md
├── gitlab
    ├── README.md
    ├── deploy-persistent
    │   ├── gitlab.yaml
    │   ├── postgresq.yaml
    │   ├── pvc.yaml
    │   ├── redis.yaml
    │   └── secret.yaml
    └── deploy
    │   ├── gitlab.yaml
    │   ├── postgresq.yaml
    │   ├── redis.yaml
    │   └── secret.yaml
├── helm-examples
    ├── README.md
    ├── harbor
    │   ├── README.md
    │   ├── harbor-values-openebs.yaml
    │   └── harbor-values.yaml
    ├── kube-prometheus
    │   └── kube-prometheus-values.yaml
    ├── prometheus-adapter.yml
    └── wordpress
    │   └── README.md
├── ingress-canary-demo
    ├── 01-ingress-demoapp.yaml
    ├── 02-canary-by-header.yaml
    ├── 03-canary-by-header-value.yaml
    ├── 04-canary-by-header-pattern.yaml
    ├── 05-canary-by-weight.yaml
    ├── 06-canary-by-cookie.yaml
    ├── README.md
    ├── deploy-demoap-v1_0.yaml
    └── deploy-demoap-v1_1.yaml
├── jenkins
    ├── README.md
    └── deploy
    │   ├── 01-namespace-jenkins.yaml
    │   ├── 02-pvc-jenkins.yaml
    │   ├── 03-rbac-jenkins.yaml
    │   ├── 04-deploy-jenkins.yaml
    │   ├── 05-service-jenkins.yaml
    │   ├── 06-pvc-maven-cache.yaml
    │   └── 07-ingress-jenkins.yaml
├── karmada
    ├── 01-demoapp-deployment.yaml
    ├── 02-demoapp-propergation-policy.yaml
    ├── 03-demoapp-override-policy.yaml
    ├── 04-propagationpolicy-ha.yaml
    ├── 05-propagationpolicy-spread.yaml
    ├── 06-propagationpolicy-failover.yaml
    └── README.md
├── kube-prometheus
    ├── README.md
    ├── ingresses.yaml
    ├── probe-example.yaml
    └── servicemonitor-example.yaml
├── metrics-server
    ├── components.yaml
    ├── high-availability-1.21+.yaml
    └── metrics-example-app.yaml
├── tutorials
    ├── configmap-and-secret
    │   ├── ConfigMap和Secret.md
    │   ├── demoapp-conf.d
    │   │   ├── envoy.yaml
    │   │   └── lds.conf
    │   ├── nginx-conf.d
    │   │   ├── myserver-gzip.cfg
    │   │   ├── myserver-status.cfg
    │   │   └── myserver.conf
    │   └── nginx-ssl-conf.d
    │   │   ├── myserver-gzip.cfg
    │   │   ├── myserver-status.cfg
    │   │   └── myserver.conf
    ├── pod-in-practise
    │   ├── Pod及容器应用的管理接口.md
    │   └── 在Pod中运行应用.md
    └── volume-in-practise
    │   ├── envoy.yaml
    │   └── 存储卷实践.md
└── wordpress
    ├── README.md
    ├── mysql-ephemeral
        ├── 01-secret-mysql.yaml
        ├── 02-service-mysql.yaml
        └── 03-deploy-mysql.yaml
    ├── mysql
        ├── 01-secret-mysql.yaml
        ├── 02-pvc-mysql-data.yaml
        ├── 03-service-mysql.yaml
        └── 04-deploy-mysql.yaml
    ├── nginx
        ├── 01-configmap-nginx-conf.yaml
        ├── 02-service-nginx.yaml
        └── 03-deployment-nginx.yaml
    ├── wordpress-apache-ephemeral
        ├── 01-service-wordpress.yaml
        └── 02-deployment-wordpress.yaml
    └── wordpress
        ├── 01-service-wordpress.yaml
        ├── 02-pvc-wordpress-app-data.yaml
        └── 03-deployment-wordpress.yaml


/Cert-Manager/cert-manager-ca-cert.yaml:
--------------------------------------------------------------------------------
 1 | # CA Certificate
 2 | apiVersion: cert-manager.io/v1
 3 | kind: Certificate
 4 | metadata:
 5 |   name: private-ca
 6 | spec:
 7 |   isCA: true
 8 |   commonName: private-ca
 9 |   subject:
10 |     organizations:
11 |       - MageEdu
12 |     organizationalUnits:
13 |       - DevOps
14 |   secretName: private-ca-secret
15 |   privateKey:
16 |     algorithm: ECDSA
17 |     size: 256
18 |   issuerRef:
19 |     name: selfsigned-issuer
20 |     kind: Issuer
21 |     group: cert-manager.io
22 | 


--------------------------------------------------------------------------------
/Cert-Manager/cert-manager-private-ca-issuer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: Issuer
3 | metadata:
4 |   name: private-ca-issuer
5 |   namespace: default
6 | spec:
7 |   ca:
8 |     secretName: private-ca-secret
9 | 


--------------------------------------------------------------------------------
/Cert-Manager/cert-manager-selfsigned-issuer.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: cert-manager.io/v1
2 | kind: Issuer
3 | metadata:
4 |   name: selfsigned-issuer
5 |   namespace: default
6 | spec:
7 |   selfSigned: {}
8 | 


--------------------------------------------------------------------------------
/Cert-Manager/kube-root-ca/apiserver-user-client-cert-demo.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: cert-manager.io/v1
 3 | kind: Certificate
 4 | metadata:
 5 |   name: apiserver-user-kubeadm-cert
 6 | spec:
 7 |   secretName: apiserver-user-kubeadmin-tls
 8 |   privateKey:
 9 |     rotationPolicy: Always
10 |     algorithm: RSA
11 |     encoding: PKCS1
12 |     size: 4096
13 |   duration: 168h # 1 week
14 |   renewBefore: 48h # 2 days
15 |   subject:
16 |     organizations:
17 |       - system:masters
18 |   commonName: kubeadmin
19 |   isCA: false
20 |   usages:
21 |     - client auth
22 |   issuerRef:
23 |     name: kube-root-ca-issuer
24 |     kind: ClusterIssuer
25 | 


--------------------------------------------------------------------------------
/Cert-Manager/kube-root-ca/kube-root-clusterissuer.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: cert-manager.io/v1
 3 | kind: ClusterIssuer
 4 | metadata:
 5 |   name: kube-root-ca-issuer
 6 |   namespace: kube-system
 7 | spec:
 8 |   ca:
 9 |     secretName: kube-root-ca
10 | 


--------------------------------------------------------------------------------
/Cert-Manager/kube-root-ca/pod-with-ca-secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: pod-with-cert-secret
 5 | spec:
 6 |   containers:
 7 |   - name: kubectl
 8 |     image: bitnami/kubectl:1.28
 9 |     imagePullPolicy: IfNotPresent
10 |     command: ["/bin/sh","-c","sleep 99999"]
11 |     volumeMounts:
12 |     - name: cert
13 |       mountPath: "/certs"
14 |       readOnly: true
15 |   volumes:
16 |   - name: cert
17 |     secret:
18 |       secretName: apiserver-user-kubeadmin-tls
19 | 


--------------------------------------------------------------------------------
/Cert-Manager/nginx-server-cert-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: cert-manager.io/v1
 2 | kind: Certificate
 3 | metadata:
 4 |   name: nginx-server
 5 |   namespace: default
 6 | spec:
 7 |   secretName: nginx-server-tls
 8 |   isCA: false
 9 |   usages:
10 |     - server auth
11 |     - client auth
12 |   dnsNames:
13 |   - "nginx-server.default.svc.cluster.local"
14 |   - "nginx-server"
15 |   issuerRef:
16 |     name: private-ca-issuer
17 | ---
18 | apiVersion: cert-manager.io/v1
19 | kind: Certificate
20 | metadata:
21 |   name: nginx-client
22 |   namespace: default
23 | spec:
24 |   secretName: nginx-client-tls
25 |   isCA: false
26 |   usages:
27 |     - server auth
28 |     - client auth
29 |   dnsNames:
30 |   - "nginx-client.test.svc.cluster.local"
31 |   - "nginx-client"
32 |   issuerRef:
33 |     name: private-ca-issuer
34 | 


--------------------------------------------------------------------------------
/Kuboard/ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: kuboard-v3
 5 |   namespace: kuboard
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: kuboard.magedu.com
10 |     http:
11 |       paths:
12 |       - path: /
13 |         backend:
14 |           service:
15 |             name: kuboard-v3
16 |             port:
17 |               number: 80
18 |         pathType: Prefix
19 | 


--------------------------------------------------------------------------------
/Loki-Stack/README.md:
--------------------------------------------------------------------------------
 1 | # Loki Stack入门与实践示例
 2 | 
 3 | - getting-started: 单体部署，由docker-compose编排运行于单机环境，适合入门学习LogQL使用
 4 | - simple-scalable：简单可扩展模式部署，由docker-compose编排运行于单机环境，用于学习Loki Server的组件及功能
 5 | - promtail：在单独的主机上部署运行promtail，发现target并抓取其日志，并push到Loki Server
 6 | - kubernetes：在Kubernetes集群上部署Loki Stack的方式，主要基于helm进行
 7 |   - minio：基于MinIO Operator和CRD部署MinIO Cluster，支持持久存储，默认依赖于openebs-hostpath存储类；注意，MinIO要禁用tls；
 8 |   - loki：简单可扩展模式部署Loki Server，后端存储为部署于minio名称空间下的minio service，服务地址为“minio.minio.svc.cluster.local”；
 9 |   - promtail：基于DaemonSet部署promtail于Kubernetes集群，每个节点上的promtail pod部署基于容器日志文件的方式发现并抓取日志流；
10 |   - grafana：部署grafana，支持持久化，默认创建两个Datasource
11 |     - loki
12 |     - prometheus
13 | 
14 | 
15 | 
16 | ## 版权声明
17 | 
18 | 本文档由[马哥教育](http://www.magedu.com/)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。
19 | 
20 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/01-monolithic-mode/README.md:
--------------------------------------------------------------------------------
 1 | # 单体模式的Loki测试环境
 2 | 
 3 | 依赖于Docker和Docker Compose，由Docker Compose编排运行Loki、Grafana、MinIO和Promtail几个组件。
 4 | 
 5 | Loki Server的关键配置，在于“-target=all”。
 6 | 
 7 | ```yaml
 8 | services:
 9 |   loki:
10 |     image: grafana/loki:2.9.7
11 |     command: "-config.file=/etc/loki/config.yaml -target=all"
12 |     ports:
13 |       - 3100:3100
14 |       - 7946
15 |       - 9095
16 |     volumes:
17 |       - ./loki-config.yaml:/etc/loki/config.yaml
18 |     depends_on:
19 |       - minio
20 |     healthcheck:
21 |       test: [ "CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:3100/ready || exit 1" ]
22 |       interval: 10s
23 |       timeout: 5s
24 |       retries: 5
25 |     networks: &loki-dns
26 |       loki:
27 |         aliases:
28 |           - gateway
29 | 
30 | ```
31 | 
32 | 
33 | 
34 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/01-monolithic-mode/loki-config.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | server:
 3 |   http_listen_port: 3100
 4 | memberlist:
 5 |   join_members:
 6 |     - loki:7946
 7 | schema_config:
 8 |   configs:
 9 |     - from: 2021-08-01
10 |       store: tsdb
11 |       object_store: s3
12 |       schema: v13
13 |       index:
14 |         prefix: index_
15 |         period: 24h
16 | common:
17 |   path_prefix: /loki
18 |   replication_factor: 1
19 |   storage:
20 |     s3:
21 |       endpoint: minio:9000
22 |       insecure: true
23 |       bucketnames: loki-data
24 |       access_key_id: loki
25 |       secret_access_key: magedu.com
26 |       s3forcepathstyle: true
27 |   ring:
28 |     kvstore:
29 |       store: memberlist
30 | ruler:
31 |   storage:
32 |     s3:
33 |       bucketnames: loki-ruler
34 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/01-monolithic-mode/promtail-local-config.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | server:
 3 |   http_listen_port: 9080
 4 |   grpc_listen_port: 0
 5 | 
 6 | positions:
 7 |   filename: /tmp/positions.yaml
 8 | 
 9 | clients:
10 |   - url: http://loki:3100/loki/api/v1/push
11 |     tenant_id: tenant1
12 | 
13 | scrape_configs:
14 |   - job_name: container_scrape 
15 |     docker_sd_configs:
16 |       - host: unix:///var/run/docker.sock
17 |         refresh_interval: 5s
18 |     relabel_configs:
19 |       - source_labels: ['__meta_docker_container_name']
20 |         regex: '/(.*)'
21 |         target_label: 'container'
22 | 
23 |   - job_name: system
24 |     static_configs:
25 |       - targets:
26 |           - localhost
27 |         labels:
28 |           job: varlogs
29 |           __path__: /var/log/*log
30 | 
31 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/02-loki-read-write-path-split/README.md:
--------------------------------------------------------------------------------
1 | # Read path 和  Write path分离
2 | 
3 | 
4 | 
5 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/02-loki-read-write-path-split/loki-config.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | server:
 3 |   http_listen_port: 3100
 4 | memberlist:
 5 |   join_members:
 6 |     - loki:7946
 7 | schema_config:
 8 |   configs:
 9 |     - from: 2021-08-01
10 |       store: tsdb
11 |       object_store: s3
12 |       schema: v13
13 |       index:
14 |         prefix: index_
15 |         period: 24h
16 | common:
17 |   path_prefix: /loki
18 |   replication_factor: 1
19 |   storage:
20 |     s3:
21 |       endpoint: minio:9000
22 |       insecure: true
23 |       bucketnames: loki-data
24 |       access_key_id: loki
25 |       secret_access_key: magedu.com
26 |       s3forcepathstyle: true
27 |   ring:
28 |     kvstore:
29 |       store: memberlist
30 | ruler:
31 |   storage:
32 |     s3:
33 |       bucketnames: loki-ruler
34 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/02-loki-read-write-path-split/promtail-local-config.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | server:
 3 |   http_listen_port: 9080
 4 |   grpc_listen_port: 0
 5 | 
 6 | positions:
 7 |   filename: /tmp/positions.yaml
 8 | 
 9 | clients:
10 |   - url: http://loki:3100/loki/api/v1/push
11 |     tenant_id: tenant1
12 | 
13 | scrape_configs:
14 |   - job_name: container_scrape 
15 |     docker_sd_configs:
16 |       - host: unix:///var/run/docker.sock
17 |         refresh_interval: 5s
18 |     relabel_configs:
19 |       - source_labels: ['__meta_docker_container_name']
20 |         regex: '/(.*)'
21 |         target_label: 'container'
22 | 
23 |   - job_name: system
24 |     static_configs:
25 |       - targets:
26 |           - localhost
27 |         labels:
28 |           job: varlogs
29 |           __path__: /var/log/*log
30 | 
31 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/03-simple-scalable/.gitignore:
--------------------------------------------------------------------------------
1 | loki/
2 | .data
3 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/03-simple-scalable/config/alertmanager.yml:
--------------------------------------------------------------------------------
1 | route:
2 |   receiver: 'default-receiver'
3 |   group_wait: 30s
4 |   group_interval: 30m
5 |   group_by: [ alertname ]
6 | 
7 | receivers:
8 |   - name: 'default-receiver'


--------------------------------------------------------------------------------
/Loki-Stack/examples/03-simple-scalable/config/datasources.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: 1
 2 | datasources:
 3 |   - access: proxy
 4 |     basicAuth: false
 5 |     jsonData:
 6 |       httpHeaderName1: "X-Scope-OrgID"
 7 |     secureJsonData:
 8 |       httpHeaderValue1: "tenant1"
 9 |     editable: true
10 |     isDefault: true
11 |     name: loki
12 |     type: loki
13 |     uid: loki
14 |     url: http://loki-gateway
15 |     version: 1
16 | 
17 |   - access: proxy
18 |     basicAuth: false
19 |     editable: true
20 |     isDefault: false
21 |     name: prometheus
22 |     type: prometheus
23 |     uid: prometheus
24 |     url: http://prometheus:9090
25 |     version: 1
26 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/03-simple-scalable/config/prometheus.yaml:
--------------------------------------------------------------------------------
 1 | global:
 2 |   scrape_interval:     5s
 3 | 
 4 | scrape_configs:
 5 |   - job_name: 'prometheus'
 6 |     static_configs:
 7 |       - targets:
 8 |           - 'prometheus:9090'
 9 |   - job_name: 'loki'
10 |     dns_sd_configs:
11 |       - names:
12 |           - loki-read
13 |           - loki-write
14 |           - loki-backend
15 |         type: A
16 |         port: 3100
17 |   - job_name: 'promtail'
18 |     dns_sd_configs:
19 |       - names:
20 |           - promtail
21 |         type: A
22 |         port: 9080
23 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/03-simple-scalable/rules/docker/rules.yml:
--------------------------------------------------------------------------------
 1 | groups:
 2 |   - name: Sample Rule Group
 3 |     interval: 5s
 4 |     rules:
 5 |       - record: generated_logs:rate1m
 6 |         expr: sum by (http_method) (rate({job="generated-logs"}[1m]))
 7 |         labels:
 8 |           source: "recording rule"
 9 |       - record: scalar
10 |         expr: 10
11 |         labels:
12 |           source: "static"
13 |       - alert: NoGeneratedLogs
14 |         expr: absent_over_time({job="generated-logs"}[1m])
15 |         labels:
16 |           source: "alerting rule"
17 |       - alert: AlwaysFiring
18 |         expr: absent_over_time({job="blah"}[1m])
19 |         labels:
20 |           source: "alerting rule"


--------------------------------------------------------------------------------
/Loki-Stack/examples/quick-start/.gitignore:
--------------------------------------------------------------------------------
1 | loki/
2 | .data
3 | 


--------------------------------------------------------------------------------
/Loki-Stack/examples/quick-start/loki-config.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | server:
 3 |   http_listen_port: 3100
 4 | memberlist:
 5 |   join_members:
 6 |     - loki:7946
 7 | schema_config:
 8 |   configs:
 9 |     - from: 2021-08-01
10 |       store: tsdb
11 |       object_store: s3
12 |       schema: v13
13 |       index:
14 |         prefix: index_
15 |         period: 24h
16 | common:
17 |   path_prefix: /loki
18 |   replication_factor: 1
19 |   storage:
20 |     s3:
21 |       endpoint: minio:9000
22 |       insecure: true
23 |       bucketnames: loki-data
24 |       access_key_id: loki
25 |       secret_access_key: magedu.com
26 |       s3forcepathstyle: true
27 |   ring:
28 |     kvstore:
29 |       store: memberlist
30 | ruler:
31 |   storage:
32 |     s3:
33 |       bucketnames: loki-ruler
34 | 


--------------------------------------------------------------------------------
/Loki-Stack/getting-started/.gitignore:
--------------------------------------------------------------------------------
1 | loki/
2 | .data
3 | 


--------------------------------------------------------------------------------
/Loki-Stack/getting-started/loki-config.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | server:
 3 |   http_listen_port: 3100
 4 | memberlist:
 5 |   join_members:
 6 |     - loki:7946
 7 | schema_config:
 8 |   configs:
 9 |     - from: 2021-08-01
10 |       store: tsdb
11 |       object_store: s3
12 |       schema: v13
13 |       index:
14 |         prefix: index_
15 |         period: 24h
16 | common:
17 |   path_prefix: /loki
18 |   replication_factor: 1
19 |   storage:
20 |     s3:
21 |       endpoint: minio:9000
22 |       insecure: true
23 |       bucketnames: loki-data
24 |       access_key_id: loki
25 |       secret_access_key: magedu.com
26 |       s3forcepathstyle: true
27 |   ring:
28 |     kvstore:
29 |       store: memberlist
30 | ruler:
31 |   storage:
32 |     s3:
33 |       bucketnames: loki-ruler
34 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/alertmanager/README.md:
--------------------------------------------------------------------------------
 1 | # AlertManager
 2 | 
 3 | 添加AlertManager相关的Helm仓库。
 4 | 
 5 | ```bash
 6 | helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
 7 | 
 8 | helm update
 9 | ```
10 | 
11 | 
12 | 
13 | 运行如下命令，部署AlertManager于loki名称空间。
14 | 
15 | ```bash
16 | helm upgrade --install --values alertmanager-values.yaml alertmanager prometheus-community/alertmanager \
17 |              --namespace loki --create-namespace
18 | ```
19 | 
20 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/alertmanager/manifests/alertmanager-cfg.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | #
 3 | ---
 4 | kind: ConfigMap
 5 | apiVersion: v1
 6 | metadata:
 7 |   name: alertmanager-config
 8 | data:
 9 |   config.yml: |-
10 |     route:
11 |       receiver: 'default-receiver'
12 |       group_wait: 30s
13 |       group_interval: 30m
14 |       group_by: [ alertname ]
15 |     
16 |     receivers:
17 |       - name: 'default-receiver'
18 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/alertmanager/manifests/alertmanager-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: alertmanager
 5 |   labels:
 6 |     app: alertmanager
 7 |   annotations:
 8 |     ingress.cilium.io/loadbalancer-mode: 'shared'
 9 |     ingress.cilium.io/service-type: 'Loadbalancer'
10 | spec:
11 |   ingressClassName: 'cilium'
12 |   rules:
13 |   - host: alert.magedu.com
14 |     http:
15 |       paths:
16 |       - path: /
17 |         pathType: Prefix
18 |         backend:
19 |           service:
20 |             name: alertmanager
21 |             port:
22 |               number: 9093
23 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/alertmanager/manifests/alertmanager-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: alertmanager
 5 |   annotations:
 6 |       prometheus.io/scrape: 'true'
 7 |       prometheus.io/port:   '9093'
 8 | spec:
 9 |   selector: 
10 |     app: alertmanager
11 |   type: ClusterIP
12 |   ports:
13 |     - port: 9093
14 |       targetPort: 9093
15 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/grafana/README.md:
--------------------------------------------------------------------------------
 1 | ### 部署Grafana
 2 | 
 3 | 
 4 | 
 5 | 添加相关的Helm仓库garfana，而后更新索引。
 6 | 
 7 | ```bash
 8 | helm repo add grafana https://grafana.github.io/helm-charts
 9 | helm repo update
10 | ```
11 | 
12 | 
13 | 
14 | 使用helm命令，创建grafana release，部署Grafana实例。
15 | 
16 | ```bash
17 | helm upgrade --install --values grafana-values.yaml grafana grafana/grafana --namespace loki --create-namespace
18 | ```
19 | 
20 | 
21 | 
22 | 前面的部署过程，会自动创建Ingress资源对象Grafana，如下面的命令所示。
23 | 
24 | ```
25 | ~# kubectl get ingress grafana -n loki
26 | NAME      CLASS    HOSTS                ADDRESS       PORTS   AGE
27 | grafana   <none>   grafana.magedu.com   172.29.7.51   80      31s
28 | ```
29 | 
30 | 
31 | 
32 | 请确保将名称“grafana.magedu.com”解析到后面指示的地址上，而后即可通过该主机名访问Grafana。该示例中的部署，默认的用户名和密码是“admin/magedu.com”。
33 | 
34 | ![grafana-loki-explore-data](pictures/grafana-loki-explore-data.png)
35 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/grafana/manifests/02-grafana-service.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: grafana
 6 |   annotations:
 7 |       prometheus.io/scrape: 'true'
 8 |       prometheus.io/port:   '3000'
 9 | spec:
10 |   selector: 
11 |     app: grafana
12 |   type: NodePort  
13 |   ports:
14 |     - port: 3000
15 |       targetPort: 3000
16 | ---
17 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/grafana/manifests/03-grafana-pvc.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: grafana-pvc
 6 | spec:
 7 |   accessModes:
 8 |     - ReadWriteOnce
 9 |   resources:
10 |     requests:
11 |       storage: 5Gi
12 |   storageClassName: openebs-hostpath
13 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/grafana/manifests/05-grafana-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: grafana
 5 |   labels:
 6 |     app: grafana
 7 |   annotations:
 8 |     ingress.cilium.io/loadbalancer-mode: 'shared'
 9 |     ingress.cilium.io/service-type: 'Loadbalancer'
10 | spec:
11 |   ingressClassName: 'cilium'
12 |   rules:
13 |   - host: grafana.magedu.com
14 |     http:
15 |       paths:
16 |       - path: /
17 |         pathType: Prefix
18 |         backend:
19 |           service:
20 |             name: grafana
21 |             port:
22 |               number: 3000
23 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/grafana/pictures/grafana-loki-explore-data.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Loki-Stack/kubernetes/grafana/pictures/grafana-loki-explore-data.png


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/minio-ingress.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: minio
 6 |   annotations:
 7 |     ingress.cilium.io/loadbalancer-mode: 'shared'
 8 |     ingress.cilium.io/service-type: 'Loadbalancer'
 9 | spec:
10 |   ingressClassName: cilium
11 |   rules:
12 |   - host: minio.magedu.com
13 |     http:
14 |       paths:
15 |       - path: /
16 |         pathType: Prefix
17 |         backend:
18 |           service:
19 |             name: minio-console
20 |             port:
21 |               number: 9090
22 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/minio-operator-values.yaml:
--------------------------------------------------------------------------------
 1 | console:
 2 |   ingress:
 3 |     enabled: true
 4 |     ingressClassName: "cilium"
 5 |     labels: { }
 6 |     annotations:
 7 |       ingress.cilium.io/loadbalancer-mode: 'shared'
 8 |       ingress.cilium.io/service-type: 'LoadBalancer'
 9 |     host: miniooperator.magedu.com
10 |     path: /
11 |     pathType: Prefix
12 | 


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/pictures/create-tenant.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Loki-Stack/kubernetes/minio/pictures/create-tenant.png


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/pictures/minio-buckets-for-loki.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Loki-Stack/kubernetes/minio/pictures/minio-buckets-for-loki.png


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/pictures/minio-operator-login-page.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Loki-Stack/kubernetes/minio/pictures/minio-operator-login-page.png


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/pictures/tenant-configure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Loki-Stack/kubernetes/minio/pictures/tenant-configure.png


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/pictures/tenant-identity-provider.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Loki-Stack/kubernetes/minio/pictures/tenant-identity-provider.png


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/pictures/tenant-security.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Loki-Stack/kubernetes/minio/pictures/tenant-security.png


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/pictures/tenant-setup-page.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Loki-Stack/kubernetes/minio/pictures/tenant-setup-page.png


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/minio/pictures/tenant-sumary.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Loki-Stack/kubernetes/minio/pictures/tenant-sumary.png


--------------------------------------------------------------------------------
/Loki-Stack/kubernetes/promtail/README.md:
--------------------------------------------------------------------------------
 1 | # Promtail
 2 | 
 3 | 添加仓库，若该仓库已经存在，则不需要重复添加。
 4 | 
 5 | ```bash
 6 | helm repo add grafana https://grafana.github.io/helm-charts
 7 | helm repo update
 8 | ```
 9 | 
10 | 
11 | 
12 | 部署promtail。
13 | 
14 | ```bash
15 | helm upgrade --install promtail grafana/promtail --namespace=loki -f promtail-values.yaml --create-namespace
16 | ```
17 | 
18 | 
19 | 
20 | 


--------------------------------------------------------------------------------
/Loki-Stack/promtail/.gitignore:
--------------------------------------------------------------------------------
1 | loki/
2 | .data
3 | 


--------------------------------------------------------------------------------
/Loki-Stack/promtail/README.md:
--------------------------------------------------------------------------------
 1 | # Promtail示例
 2 | 
 3 | 基于Promtail发现、抓取主机或容器上的日志，并发送给loki server。
 4 | 
 5 | 本示例中，loki server的访问入口由“simple-scalable”示例中的loki-gateway提示，它通过宿主机的80和3100端口对外暴露Loki Server的API，因此，请确保将当前示例目录下docker-compose.yaml文件中的的promtail service的主机名称解析到正确的地址上。
 6 | 
 7 | ### 运行方式
 8 | 
 9 | ```bash
10 | docker-compose build
11 | docker-compose up -d
12 | ```
13 | 
14 | ## 版权声明
15 | 
16 | 本文档由[马哥教育](http://www.magedu.com/)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。
17 | 


--------------------------------------------------------------------------------
/Loki-Stack/promtail/tomcat/sources.list:
--------------------------------------------------------------------------------
1 | deb https://repo.huaweicloud.com/debian/ bullseye main non-free contrib
2 | deb-src https://repo.huaweicloud.com/debian/ bullseye main non-free contrib
3 | deb https://repo.huaweicloud.com/debian-security/ bullseye-security main
4 | deb-src https://repo.huaweicloud.com/debian-security/ bullseye-security main
5 | deb https://repo.huaweicloud.com/debian/ bullseye-updates main non-free contrib
6 | deb-src https://repo.huaweicloud.com/debian/ bullseye-updates main non-free contrib
7 | deb https://repo.huaweicloud.com/debian/ bullseye-backports main non-free contrib
8 | deb-src https://repo.huaweicloud.com/debian/ bullseye-backports main non-free contrib
9 | 


--------------------------------------------------------------------------------
/Loki-Stack/simple-scalable/.gitignore:
--------------------------------------------------------------------------------
1 | loki/
2 | .data
3 | 


--------------------------------------------------------------------------------
/Loki-Stack/simple-scalable/config/alertmanager.yml:
--------------------------------------------------------------------------------
1 | route:
2 |   receiver: 'default-receiver'
3 |   group_wait: 30s
4 |   group_interval: 30m
5 |   group_by: [ alertname ]
6 | 
7 | receivers:
8 |   - name: 'default-receiver'
9 | 


--------------------------------------------------------------------------------
/Loki-Stack/simple-scalable/config/datasources.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: 1
 2 | datasources:
 3 |   - access: proxy
 4 |     basicAuth: false
 5 |     jsonData:
 6 |       httpHeaderName1: "X-Scope-OrgID"
 7 |     secureJsonData:
 8 |       httpHeaderValue1: "tenant1"
 9 |     editable: true
10 |     isDefault: true
11 |     name: loki
12 |     type: loki
13 |     uid: loki
14 |     url: http://loki-gateway
15 |     version: 1
16 | 
17 |   - access: proxy
18 |     basicAuth: false
19 |     editable: true
20 |     isDefault: false
21 |     name: prometheus
22 |     type: prometheus
23 |     uid: prometheus
24 |     url: http://prometheus:9090
25 |     version: 1
26 | 


--------------------------------------------------------------------------------
/Loki-Stack/simple-scalable/config/prometheus.yaml:
--------------------------------------------------------------------------------
 1 | global:
 2 |   scrape_interval:     5s
 3 | 
 4 | scrape_configs:
 5 |   - job_name: 'prometheus'
 6 |     static_configs:
 7 |       - targets:
 8 |           - 'prometheus:9090'
 9 |   - job_name: 'loki'
10 |     dns_sd_configs:
11 |       - names:
12 |           - loki-read
13 |           - loki-write
14 |           - loki-backend
15 |         type: A
16 |         port: 3100
17 |   - job_name: 'promtail'
18 |     dns_sd_configs:
19 |       - names:
20 |           - promtail
21 |         type: A
22 |         port: 9080
23 | 


--------------------------------------------------------------------------------
/Loki-Stack/simple-scalable/rules/tenant1/rules.yml:
--------------------------------------------------------------------------------
 1 | groups:
 2 |   - name: Sample Rule Group
 3 |     interval: 5s
 4 |     rules:
 5 |       - record: generated_logs:rate1m
 6 |         expr: sum by (http_method) (rate({job="generated-logs"}[1m]))
 7 |         labels:
 8 |           source: "recording rule"
 9 |       - record: scalar
10 |         expr: 10
11 |         labels:
12 |           source: "static"
13 |       - alert: NoGeneratedLogs
14 |         expr: absent_over_time({job="generated-logs"}[1m])
15 |         labels:
16 |           source: "alerting rule"
17 |       - alert: AlwaysFiring
18 |         expr: absent_over_time({job="blah"}[1m])
19 |         labels:
20 |           source: "alerting rule"
21 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/csi-driver-nfs/nfs-csi-storageclass.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: storage.k8s.io/v1
 3 | kind: StorageClass
 4 | metadata:
 5 |   name: nfs-csi
 6 |   annotations:
 7 |     storageclass.kubernetes.io/is-default-class: "true"
 8 | provisioner: nfs.csi.k8s.io
 9 | parameters:
10 |   #server: nfs-server.default.svc.cluster.local
11 |   server: nfs-server.nfs.svc.cluster.local
12 |   share: /
13 | reclaimPolicy: Delete
14 | #reclaimPolicy: Retain
15 | volumeBindingMode: Immediate
16 | mountOptions:
17 |   - hard
18 |   - nfsvers=4.1
19 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/csi-driver-nfs/nfs-pvc-dynamic.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: pvc-nfs-dynamic
 6 | spec:
 7 |   accessModes:
 8 |     - ReadWriteMany
 9 |   resources:
10 |     requests:
11 |       storage: 10Gi
12 |   storageClassName: nfs-csi
13 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/csi-driver-nfs/v4.4.0/csi-nfs-driverinfo.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: storage.k8s.io/v1
 3 | kind: CSIDriver
 4 | metadata:
 5 |   name: nfs.csi.k8s.io
 6 | spec:
 7 |   attachRequired: false
 8 |   volumeLifecycleModes:
 9 |     - Persistent
10 |   fsGroupPolicy: File
11 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/alertmanager/alertmanager-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: alertmanager
 5 |   namespace: prom
 6 |   annotations:
 7 |       prometheus.io/scrape: 'true'
 8 |       prometheus.io/port:   '9093'
 9 | spec:
10 |   selector: 
11 |     app: alertmanager
12 |   type: LoadBalancer
13 |   ports:
14 |     - port: 9093
15 |       targetPort: 9093
16 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/grafana/01-grafana-cfg.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | apiVersion: v1
 3 | kind: ConfigMap
 4 | metadata:
 5 |   name: grafana-datasources
 6 |   namespace: prom
 7 | data:
 8 |   prometheus.yaml: |-
 9 |     {
10 |         "apiVersion": 1,
11 |         "datasources": [
12 |             {
13 |                "access":"proxy",
14 |                 "editable": true,
15 |                 "name": "prometheus",
16 |                 "orgId": 1,
17 |                 "type": "prometheus",
18 |                 "url": "http://prometheus.prom.svc.cluster.local.:9090",
19 |                 "version": 1
20 |             }
21 |         ]
22 |     }
23 | ---
24 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/grafana/02-grafana-service.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: grafana
 6 |   namespace: prom
 7 |   annotations:
 8 |       prometheus.io/scrape: 'true'
 9 |       prometheus.io/port:   '3000'
10 | spec:
11 |   selector: 
12 |     app: grafana
13 |   type: NodePort  
14 |   ports:
15 |     - port: 3000
16 |       targetPort: 3000
17 | ---
18 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/grafana/03-grafana-pvc.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: grafana-pvc
 6 |   namespace: prom
 7 | spec:
 8 |   accessModes:
 9 |     - ReadWriteMany
10 |   resources:
11 |     requests:
12 |       storage: 5Gi
13 |   storageClassName: nfs-csi
14 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/grafana/05-grafana-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: grafana
 5 |   namespace: prom
 6 |   labels:
 7 |     app: grafana
 8 | spec:
 9 |   ingressClassName: 'nginx'
10 |   rules:
11 |   - host: grafana.magedu.com
12 |     http:
13 |       paths:
14 |       - path: /
15 |         pathType: Prefix
16 |         backend:
17 |           service:
18 |             name: grafana
19 |             port:
20 |               number: 3000
21 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/kube-state-metrics/kube-state-metrics-deploy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: kube-state-metrics
 5 |   namespace: prom
 6 | spec:
 7 |   replicas: 1
 8 |   selector:
 9 |     matchLabels:
10 |       app: kube-state-metrics
11 |   template:
12 |     metadata:
13 |       labels:
14 |         app: kube-state-metrics
15 |     spec:
16 |       serviceAccountName: kube-state-metrics
17 |       containers:
18 |       - name: kube-state-metrics
19 |         #image: gcmirrors/kube-state-metrics-amd64:v1.7.1
20 |         image: registry.magedu.com/gcmirrors/kube-state-metrics-amd64:v1.7.1
21 |         ports:
22 |         - containerPort: 8080
23 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/kube-state-metrics/kube-state-metrics-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   annotations:
 5 |     prometheus.io/scrape: 'true'
 6 |     prometheus.io/port: '8080'
 7 |   name: kube-state-metrics
 8 |   namespace: prom
 9 |   labels:
10 |     app: kube-state-metrics
11 | spec:
12 |   ports:
13 |   - name: kube-state-metrics
14 |     port: 8080
15 |     protocol: TCP
16 |   selector:
17 |     app: kube-state-metrics
18 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/namespace.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 |   name: prom
6 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/node_exporter/node-exporter-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   annotations:
 5 |     prometheus.io/scrape: 'true'
 6 |   name: prometheus-node-exporter
 7 |   namespace: prom
 8 |   labels:
 9 |     app: prometheus
10 |     component: node-exporter
11 | spec:
12 |   clusterIP: None
13 |   ports:
14 |     - name: prometheus-node-exporter
15 |       port: 9100
16 |       protocol: TCP
17 |   selector:
18 |     app: prometheus
19 |     component: node-exporter
20 |   type: ClusterIP
21 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/example-metrics/metrics-app-hpa.yaml:
--------------------------------------------------------------------------------
 1 | kind: HorizontalPodAutoscaler
 2 | apiVersion: autoscaling/v2
 3 | metadata:
 4 |   name: metrics-app-hpa
 5 | spec:
 6 |   scaleTargetRef:
 7 |     apiVersion: apps/v1
 8 |     kind: Deployment
 9 |     name: metrics-app
10 |   minReplicas: 2
11 |   maxReplicas: 10
12 |   metrics:
13 |   - type: Pods
14 |     pods:
15 |       metric:
16 |         name: http_requests_per_second
17 |       target:
18 |         type: AverageValue
19 |         averageValue: 5
20 |   behavior:
21 |     scaleDown:
22 |       stabilizationWindowSeconds: 120
23 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: custom-metrics:system:auth-delegator
 5 | roleRef:
 6 |   apiGroup: rbac.authorization.k8s.io
 7 |   kind: ClusterRole
 8 |   name: system:auth-delegator
 9 | subjects:
10 | - kind: ServiceAccount
11 |   name: custom-metrics-apiserver
12 |   namespace: custom-metrics
13 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-auth-reader-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: RoleBinding
 3 | metadata:
 4 |   name: custom-metrics-auth-reader
 5 |   namespace: kube-system
 6 | roleRef:
 7 |   apiGroup: rbac.authorization.k8s.io
 8 |   kind: Role
 9 |   name: extension-apiserver-authentication-reader
10 | subjects:
11 | - kind: ServiceAccount
12 |   name: custom-metrics-apiserver
13 |   namespace: custom-metrics
14 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: custom-metrics-resource-reader
 5 | roleRef:
 6 |   apiGroup: rbac.authorization.k8s.io
 7 |   kind: ClusterRole
 8 |   name: custom-metrics-resource-reader
 9 | subjects:
10 | - kind: ServiceAccount
11 |   name: custom-metrics-apiserver
12 |   namespace: custom-metrics
13 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-service-account.yaml:
--------------------------------------------------------------------------------
1 | kind: ServiceAccount
2 | apiVersion: v1
3 | metadata:
4 |   name: custom-metrics-apiserver
5 |   namespace: custom-metrics
6 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: custom-metrics-apiserver
 5 |   namespace: custom-metrics
 6 | spec:
 7 |   ports:
 8 |   - port: 443
 9 |     targetPort: 6443
10 |   selector:
11 |     app: custom-metrics-apiserver
12 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-cluster-role.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRole
 3 | metadata:
 4 |   name: custom-metrics-server-resources
 5 | rules:
 6 | - apiGroups:
 7 |   - custom.metrics.k8s.io
 8 |   - external.metrics.k8s.io
 9 |   resources: ["*"]
10 |   verbs: ["*"]
11 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-resource-reader-cluster-role.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRole
 3 | metadata:
 4 |   name: custom-metrics-resource-reader
 5 | rules:
 6 | - apiGroups:
 7 |   - ""
 8 |   resources:
 9 |   - pods
10 |   - nodes
11 |   - nodes/stats
12 |   verbs:
13 |   - get
14 |   - list
15 |   - watch
16 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/hpa-custom-metrics-cluster-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: hpa-controller-custom-metrics
 5 | roleRef:
 6 |   apiGroup: rbac.authorization.k8s.io
 7 |   kind: ClusterRole
 8 |   name: custom-metrics-server-resources
 9 | subjects:
10 | - kind: ServiceAccount
11 |   name: horizontal-pod-autoscaler
12 |   namespace: kube-system
13 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-server/prometheus-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: prometheus
 5 |   namespace: prom
 6 |   labels:
 7 |     app: prometheus
 8 | spec:
 9 |   ingressClassName: 'nginx'
10 |   rules:
11 |   - host: prom.magedu.com
12 |     http:
13 |       paths:
14 |       - path: /
15 |         pathType: Prefix
16 |         backend:
17 |           service:
18 |             name: prometheus
19 |             port:
20 |               number: 9090
21 |   - host: prometheus.magedu.com
22 |     http:
23 |       paths:
24 |       - path: /
25 |         pathType: Prefix
26 |         backend:
27 |           service:
28 |             name: prometheus
29 |             port: 
30 |               number: 9090
31 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/00-Prometheus/prometheus-server/prometheus-svc.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: prometheus
 6 |   namespace: prom
 7 |   annotations:
 8 |     prometheus.io/scrape: 'true'
 9 |     prometheus.io/port: '9090'
10 |   labels:
11 |     app: prometheus
12 | spec:
13 |   type: NodePort
14 |   ports:
15 |     - port: 9090
16 |       targetPort: 9090
17 |       nodePort: 30090
18 |       protocol: TCP
19 |   selector:
20 |     app: prometheus
21 |     component: server
22 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/01-Nacos/01-secrets-mysql.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Secret
 4 | metadata:
 5 |   name: mysql-secret
 6 | data:
 7 |   database.name: bmFjb3NkYg==
 8 |   # DB name: nacosdb
 9 |   root.password: ""
10 |   # root password: null
11 |   user.name: bmFjb3M=
12 |   # username: nacos
13 |   user.password: bWFnZWR1LmNvbQo=
14 |   # password: magedu.com
15 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/01-Nacos/05-nacos-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: nacos
 5 |   labels:
 6 |     app: nacos 
 7 |   annotations: {}
 8 |     #prometheus.io/scrape: "true"
 9 |     #prometheus.io/port: "8848"
10 |     #prometheus.io/path: "/nacos/actuator/prometheus"  
11 | spec:
12 |   #type: LoadBalancer
13 |   ports:
14 |     - port: 8848
15 |       name: server
16 |       targetPort: 8848
17 |   selector:
18 |     app: nacos
19 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/01-Nacos/examples/cloud-nacos-registry.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: cloud-nacos-registry
 6 |   labels:
 7 |     app: nacos
 8 | spec:
 9 |   publishNotReadyAddresses: true
10 |   ports:
11 |     - port: 8848
12 |       name: server
13 |       targetPort: 8848
14 |     - port: 9848
15 |       name: client-rpc
16 |       targetPort: 9848
17 |     - port: 9849
18 |       name: raft-rpc
19 |       targetPort: 9849
20 |     ## 兼容1.4.x版本的选举端口
21 |     - port: 7848
22 |       name: old-raft-rpc
23 |       targetPort: 7848
24 |   clusterIP: None
25 |   selector:
26 |     app: nacos
27 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20230806.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20230806.zip


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20230808.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20230808.zip


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20231029.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20231029.zip


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/02-ElasticStack/grafana-dashboards/README.md:
--------------------------------------------------------------------------------
1 | # Grafana Dashboards
2 | 
3 | 地址: https://github.com/prometheus-community/elasticsearch_exporter/tree/master/examples/grafana
4 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/03-Redis/02-secret-redis.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # Site: http://www.magedu.com
 3 | #
 4 | ---
 5 | kind: Secret
 6 | apiVersion: v1
 7 | metadata:
 8 |   name: redis-secret
 9 | type: Opaque
10 | data:
11 |   REDIS_PASSWORD: "bWFnZWR1LmNvbQ=="
12 |   #REDIS_PASSWORD: "magedu.com"
13 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/04-RabbitMQ/01-configmap-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: rabbitmq-config
 5 | data:
 6 |   enabled_plugins: |
 7 |     [rabbitmq_federation,rabbitmq_management,rabbitmq_management_agent,rabbitmq_peer_discovery_k8s,rabbitmq_prometheus].
 8 |   rabbitmq.conf: |
 9 |     loopback_users.guest = false
10 |     listeners.tcp.default = 5672
11 |     cluster_formation.peer_discovery_backend  = rabbit_peer_discovery_k8s
12 |     cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
13 |     cluster_formation.k8s.address_type = hostname
14 |     cluster_formation.node_cleanup.only_log_warning = true
15 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/04-RabbitMQ/02-rbac-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: ServiceAccount
 4 | metadata:
 5 |   name: rabbitmq
 6 | ---
 7 | kind: Role
 8 | apiVersion: rbac.authorization.k8s.io/v1
 9 | metadata:
10 |   name: rabbitmq
11 | rules:
12 | - apiGroups:
13 |     - ""
14 |   resources:
15 |     - endpoints
16 |   verbs:
17 |     - get
18 |     - list
19 |     - watch
20 | ---
21 | kind: RoleBinding
22 | apiVersion: rbac.authorization.k8s.io/v1
23 | metadata:
24 |   name: rabbitmq
25 | subjects:
26 | - kind: ServiceAccount
27 |   name: rabbitmq
28 | roleRef:
29 |   apiGroup: rbac.authorization.k8s.io
30 |   kind: Role
31 |   name: rabbitmq
32 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/04-RabbitMQ/03-secret-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: rabbit-secret
 5 | type: Opaque
 6 | data:
 7 |   erlang_cookie: U2l0ZS9NYWdlRWR1LmNvbQo=
 8 |   # Default User admin
 9 |   default_user: "YWRtaW4="
10 |   # Default Pass magedu.com
11 |   default_pass: "bWFnZWR1LmNvbQ=="
12 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/04-RabbitMQ/04-service-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: rabbitmq
 6 |   annotations:
 7 |     prometheus.io/scrape: "true"
 8 |     prometheus.io/port: "15692"
 9 |     prometheus.io/path: "/metrics"
10 |     # Grafana Dashboard ID 10991 and 11340.
11 | spec:
12 |   clusterIP: None
13 |   ports:
14 |   - port: 15672
15 |     targetPort: 15672
16 |     name: discovery
17 |   - port: 15692
18 |     targetPort: 15692
19 |     name: prometheus
20 |   - port: 5672
21 |     targetPort: 5672
22 |     name: amqp
23 |   selector:
24 |     app: rabbitmq
25 | ---
26 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/04-RabbitMQ/06-ingress-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: rabbitmq
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: rabbitmq.magedu.com
10 |     http:
11 |       paths:
12 |       - path: /
13 |         pathType: Prefix
14 |         backend:
15 |           service:
16 |             name: rabbitmq
17 |             port:
18 |               number: 15672
19 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/04-RabbitMQ/README.md:
--------------------------------------------------------------------------------
 1 | # 部署Rabbit Cluster
 2 | 
 3 | 首先，运行如下命令，创建名称空间。
 4 | ```bash
 5 | kubectl create namespace rabbit
 6 | ```
 7 | 
 8 | 而后，运行如下命令，部署Rabbit Cluster。
 9 | ```bash
10 | kubectl apply -f ./ -n rabbit
11 | ```
12 | 
13 | 类似如下的URL可用于访问RabbitMQ内置的管理Web UI。
14 | http://rabbitmq.magedu.com
15 | 
16 | 默认的用户名和密码是“admin/magedu.com”。
17 | 
18 | 为mall-microservice提供服务时,需要创建新的用户malladmin/magedu.com,并创建新的vhost，名称为/mall，并授权给malladmin用户。
19 | 
20 | 
21 | ## 版权声明
22 | 
23 | 本项目由[马哥教育](www.magedu.com)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。欢迎扫描下面的二维码关注iKubernetes公众号，及时获取更多技术文章。
24 | 
25 | ![ikubernetes公众号二维码](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/iKubernetes%E5%85%AC%E4%BC%97%E5%8F%B7%E4%BA%8C%E7%BB%B4%E7%A0%81.jpg)
26 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/05-MongoDB/01-configmap-mongodb.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: mongo-config
 5 | data:
 6 |   script.sh: |-
 7 |     #!/bin/bash
 8 |     if [[ "$POD_NAME" = "mongodb-0" ]];
 9 |     then
10 |       export MONGODB_REPLICA_SET_MODE="primary"
11 |     else
12 |       export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="27017"
13 |       export MONGODB_REPLICA_SET_MODE="secondary"
14 |     fi
15 | 
16 |     exec /opt/bitnami/scripts/mongodb/entrypoint.sh /opt/bitnami/scripts/mongodb/run.sh
17 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/05-MongoDB/02-service-mongodb.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: mongodb
 5 | spec:
 6 |   clusterIP: None
 7 |   publishNotReadyAddresses: true
 8 |   ports:
 9 |   - name: mongodb
10 |     port: 27017
11 |     targetPort: 27017
12 |   selector:
13 |     app: mongodb
14 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/05-MongoDB/README.md:
--------------------------------------------------------------------------------
 1 | # 部署MongoDB ReplicaSet集群
 2 | 
 3 | 依赖条件：
 4 | - 一个支持动态PV置备的StorageClass，本示例使用”nfs-csi”
 5 | - 一个分布的Kubernetes集群
 6 | 
 7 | ### 部署方法
 8 | 直接将各配置文件创建在集群上即可，建议使用专用的namespace；
 9 | 
10 | ```bash
11 | kubectl create namespace mongo
12 | kubectl apply -f . -n mongo
13 | ```
14 | 
15 | ### 查看集群状态
16 | 
17 | ```bash
18 | kubectl exec -it mongodb-0 -n mongo
19 | mongo> rs.status()
20 | ```
21 | 
22 | ## 版权声明
23 | 
24 | 本项目由[马哥教育](www.magedu.com)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。欢迎扫描下面的二维码关注iKubernetes公众号，及时获取更多技术文章。
25 | 
26 | ![ikubernetes公众号二维码](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/iKubernetes%E5%85%AC%E4%BC%97%E5%8F%B7%E4%BA%8C%E7%BB%B4%E7%A0%81.jpg)
27 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/06-MinIO/01-services-minio.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | kind: Service
 3 | apiVersion: v1
 4 | metadata:
 5 |   name: minio-headless
 6 |   labels:
 7 |     app: minio
 8 | spec:
 9 |   clusterIP: None
10 |   #publishNotReadyAddresses: true
11 |   selector:
12 |     app: minio
13 |   ports:
14 |     - name: http
15 |       port: 9000
16 |       targetPort: 9000
17 | ---
18 | apiVersion: v1
19 | kind: Service
20 | metadata:
21 |   name: minio
22 | spec:
23 |   type: LoadBalancer
24 |   selector:
25 |     app: minio
26 |   ports:
27 |     - port: 9000
28 |       targetPort: 9000
29 |       name: http
30 |     - port: 9001
31 |       targetPort: 9001
32 |       name: console
33 | ---
34 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/06-MinIO/02-secret-minio.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: minio-secret
 5 | data:
 6 |   MINIO_ROOT_USER: bWluaW9hZG1pbgo=
 7 |   # username: minioadmin
 8 |   MINIO_ROOT_PASSWORD: bWFnZWR1LmNvbQ==
 9 |   # root password: magedu.com
10 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/06-MinIO/04-ingress-minio.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: minio
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: minio.magedu.com
10 |     http:
11 |       paths:
12 |       - path: /
13 |         pathType: ImplementationSpecific
14 |         backend:
15 |           service:
16 |             name: minio
17 |             port:
18 |               number: 9001
19 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services-with-prometheus/07-Skywalking/README.md:
--------------------------------------------------------------------------------
 1 | # 部署SkyWalking及UI
 2 | 
 3 | 首先，创建专用的名称空间，以部署Skywalking及相关组件。
 4 | 
 5 | ```bash 
 6 | kubectl create namespace tracing
 7 | ```
 8 | 
 9 | 而后，运行如下命令，部署Skywalking OAP。需要说明的是，下面命令中用到的配置文件，依赖于部署在elastic名称空间中的elasticsearch服务。
10 | 
11 | ```bash 
12 | kubectl apply -f 01-skywalking-oap.yaml -n tracing
13 | ```
14 | 
15 | 最后，运行如下命令，部署Skywalking UI。
16 | 
17 | ```bash 
18 | kubectl apply -f 01-skywalking-ui.yaml -n tracing
19 | ```
20 | 
21 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/01-Nacos/01-secrets-mysql.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Secret
 4 | metadata:
 5 |   name: mysql-secret
 6 | data:
 7 |   database.name: bmFjb3NkYg==
 8 |   # DB name: nacosdb
 9 |   root.password: ""
10 |   # root password: null
11 |   user.name: bmFjb3M=
12 |   # username: nacos
13 |   user.password: bWFnZWR1LmNvbQo=
14 |   # password: magedu.com
15 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/01-Nacos/04-nacos-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: nacos
 5 |   labels:
 6 |     app: nacos 
 7 | spec:
 8 |   type: LoadBalancer
 9 |   ports:
10 |     - port: 8848
11 |       name: server
12 |       targetPort: 8848
13 |   selector:
14 |     app: nacos
15 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/01-Nacos/examples/cloud-nacos-registry.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: cloud-nacos-registry
 6 |   labels:
 7 |     app: nacos
 8 | spec:
 9 |   publishNotReadyAddresses: true
10 |   ports:
11 |     - port: 8848
12 |       name: server
13 |       targetPort: 8848
14 |     - port: 9848
15 |       name: client-rpc
16 |       targetPort: 9848
17 |     - port: 9849
18 |       name: raft-rpc
19 |       targetPort: 9849
20 |     ## 兼容1.4.x版本的选举端口
21 |     - port: 7848
22 |       name: old-raft-rpc
23 |       targetPort: 7848
24 |   clusterIP: None
25 |   selector:
26 |     app: nacos
27 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/01-Nacos/examples/nacos_config_20230806.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/infra-services/01-Nacos/examples/nacos_config_20230806.zip


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/01-Nacos/examples/nacos_config_20230808.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/infra-services/01-Nacos/examples/nacos_config_20230808.zip


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/01-Nacos/examples/nacos_config_20231029.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/infra-services/01-Nacos/examples/nacos_config_20231029.zip


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/02-ElasticStack/README.md:
--------------------------------------------------------------------------------
 1 | # 部署Elasticsearch及相关组件
 2 | 
 3 | 创建名称空间
 4 | ```bash
 5 | kubectl create namespace elastic
 6 | ```
 7 | 
 8 | 部署elasticsearch
 9 | 
10 | ```bash
11 | kubectl apply -f 01-elasticsearch-cluster-persistent.yaml -n elastic
12 | ```
13 | 
14 | 待ES的相关Pod就绪后，即可部署fluentd
15 | 
16 | ```bash
17 | kubectl apply -f 02-fluentbit.yaml -n elastic
18 | ```
19 | 
20 | 部署kibana
21 | 
22 | ```bash
23 | kubectl apply -f 03-kibana.yaml -n elastic
24 | ```
25 | 
26 | 若要通过Ingress访问Kibana,请事先确保将kibana.magedu.com解析至ingress controller service的外部地址。
27 | http://kibana.magedu.com
28 | 
29 | 若要通过LoadBalancer Service访问Kibana，请事先确保有支持LoadBalancer Service的基础环境，而后修改service/kibana的spec.type字段的值为“LoadBalancer”，而后运行如下命令了解其获得的external IP地址。
30 | 
31 | ```bash
32 | kubectl get service kibana -n elastic
33 | ```
34 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/03-Redis/02-secret-redis.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # Site: http://www.magedu.com
 3 | #
 4 | ---
 5 | kind: Secret
 6 | apiVersion: v1
 7 | metadata:
 8 |   name: redis-secret
 9 | type: Opaque
10 | data:
11 |   REDIS_PASSWORD: "bWFnZWR1LmNvbQo="
12 |   #REDIS_PASSWORD: "magedu.com"
13 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/03-Redis/03-services-redis.yaml:
--------------------------------------------------------------------------------
 1 | # Headless service so sentinel could access redisses using syntax <pod-name>.<service-name>
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: redis
 6 |   labels:
 7 |     app: redis
 8 |     app.kubernetes.io/component: redis
 9 |     app.kubernetes.io/instance: redis
10 | spec:
11 |   clusterIP: None
12 |   ports:
13 |   - port: 6379
14 |     targetPort: 6379
15 |     name: redis
16 |   selector:
17 |     app: redis
18 | ---
19 | # Sentinel service used for project pod connection
20 | apiVersion: v1
21 | kind: Service
22 | metadata:
23 |   name: sentinel
24 |   labels:
25 |     app: sentinel
26 |     app.kubernetes.io/component: sentinel
27 |     app.kubernetes.io/instance: sentinel
28 | spec:
29 |   type: ClusterIP
30 |   sessionAffinity: None
31 |   ports:
32 |   - port: 5000
33 |     targetPort: 5000
34 |     name: sentinel
35 |   selector:
36 |     app: sentinel
37 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/03-Redis/README.md:
--------------------------------------------------------------------------------
 1 | ## 部署redis
 2 | 
 3 | 可以部署的独立的名称空间，也可以部署在目标应用的名称空间中，如redis。
 4 | 
 5 | #### 部署redis
 6 | 
 7 | 首先，运行如下命令，创建名称空间。
 8 | 
 9 | ```bash
10 | kubectl create namespace redis
11 | ```
12 | 
13 | 接着，运行如下命令，部署redis replication cluster。
14 | 
15 | ```bash
16 | kubectl apply -f . -n redis
17 | ```
18 | 
19 | 部署完成后，其master的访问地址为“redis-0.redis.redis.svc”，客户端可通过此地址向redis发起存取请求。
20 | 
21 | #### 部署sentinel（可选）
22 | 
23 | 最后，部署redis sentinel。此为可选步骤。
24 | 
25 | ```bash
26 | kubectl apply -f ./sentinel/ -n redis
27 | ```
28 | 
29 | ### 版权声明
30 | 
31 | 本示例由[马哥教育](http://www.magedu.com)原创，允许自由转载，商用必须经由马哥教育的书面同意。
32 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/04-RabbitMQ/01-configmap-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: rabbitmq-config
 5 | data:
 6 |   enabled_plugins: |
 7 |     [rabbitmq_federation,rabbitmq_management,rabbitmq_peer_discovery_k8s].
 8 |   rabbitmq.conf: |
 9 |     loopback_users.guest = false
10 |     listeners.tcp.default = 5672
11 |     cluster_formation.peer_discovery_backend  = rabbit_peer_discovery_k8s
12 |     cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
13 |     cluster_formation.k8s.address_type = hostname
14 |     cluster_formation.node_cleanup.only_log_warning = true
15 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/04-RabbitMQ/02-rbac-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: ServiceAccount
 4 | metadata:
 5 |   name: rabbitmq
 6 | ---
 7 | kind: Role
 8 | apiVersion: rbac.authorization.k8s.io/v1
 9 | metadata:
10 |   name: rabbitmq
11 | rules:
12 | - apiGroups:
13 |     - ""
14 |   resources:
15 |     - endpoints
16 |   verbs:
17 |     - get
18 |     - list
19 |     - watch
20 | ---
21 | kind: RoleBinding
22 | apiVersion: rbac.authorization.k8s.io/v1
23 | metadata:
24 |   name: rabbitmq
25 | subjects:
26 | - kind: ServiceAccount
27 |   name: rabbitmq
28 | roleRef:
29 |   apiGroup: rbac.authorization.k8s.io
30 |   kind: Role
31 |   name: rabbitmq
32 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/04-RabbitMQ/03-secret-rabbitmq.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 |   name: rabbit-secret
5 | type: Opaque
6 | data:
7 |   RABBITMQ_ERLANG_COOKIE: U2l0ZS9NYWdlRWR1LmNvbQo=
8 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/04-RabbitMQ/04-service-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: rabbitmq
 6 | spec:
 7 |   clusterIP: None
 8 |   ports:
 9 |   - port: 15672
10 |     targetPort: 15672
11 |     name: discovery
12 |   - port: 5672
13 |     targetPort: 5672
14 |     name: amqp
15 |   selector:
16 |     app: rabbitmq
17 | ---
18 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/04-RabbitMQ/06-ingress-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: rabbitmq
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: rabbitmq.magedu.com
10 |     http:
11 |       paths:
12 |       - path: /
13 |         pathType: Prefix
14 |         backend:
15 |           service:
16 |             name: rabbitmq
17 |             port:
18 |               number: 15672
19 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/04-RabbitMQ/README.md:
--------------------------------------------------------------------------------
 1 | # 部署Rabbit Cluster
 2 | 
 3 | 首先，运行如下命令，创建名称空间。
 4 | ```bash
 5 | kubectl create namespace rabbit
 6 | ```
 7 | 
 8 | 而后，运行如下命令，部署Rabbit Cluster。
 9 | ```bash
10 | kubectl apply -f ./ -n rabbit
11 | ```
12 | 
13 | 类似如下的URL可用于访问RabbitMQ内置的管理Web UI。
14 | http://rabbitmq.magedu.com
15 | 
16 | 默认的用户名和密码是“guest/guest”。安全起见，建议修改用户的密码，或者创建其它管理员账号后禁用该用户。
17 | 
18 | 为mall-microservice提供服务时,需要创建新的用户malladmin/magedu.com,并创建新的vhost，名称为/mall，并授权给malladmin用户。
19 | 
20 | 
21 | 
22 | ### 版权声明
23 | 
24 | 本示例由[马哥教育](http://www.magedu.com)原创，允许自由转载，商用必须经由马哥教育的书面同意。
25 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/05-MongoDB/01-configmap-mongodb.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: mongo-config
 5 | data:
 6 |   script.sh: |-
 7 |     #!/bin/bash
 8 |     if [[ "$POD_NAME" = "mongodb-0" ]];
 9 |     then
10 |       export MONGODB_REPLICA_SET_MODE="primary"
11 |     else
12 |       export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="27017"
13 |       export MONGODB_REPLICA_SET_MODE="secondary"
14 |     fi
15 | 
16 |     exec /opt/bitnami/scripts/mongodb/entrypoint.sh /opt/bitnami/scripts/mongodb/run.sh
17 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/05-MongoDB/02-service-mongodb.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: mongodb
 5 | spec:
 6 |   clusterIP: None
 7 |   publishNotReadyAddresses: true
 8 |   ports:
 9 |   - name: mongodb
10 |     port: 27017
11 |     targetPort: 27017
12 |   selector:
13 |     app: mongodb
14 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/05-MongoDB/README.md:
--------------------------------------------------------------------------------
 1 | # 部署MongoDB ReplicaSet集群
 2 | 
 3 | 依赖条件：
 4 | - 一个支持动态PV置备的StorageClass，本示例使用”nfs-csi”
 5 | - 一个分布的Kubernetes集群
 6 | 
 7 | ### 部署方法
 8 | 直接将各配置文件创建在集群上即可，建议使用专用的namespace；
 9 | 
10 | ```bash
11 | kubectl create namespace mongo
12 | kubectl apply -f . -n mongo
13 | ```
14 | 
15 | ### 查看集群状态
16 | 
17 | ```bash
18 | kubectl exec -it mongodb-0 -n mongo
19 | mongo> rs.status()
20 | ```
21 | 
22 | ## 版权声明
23 | 本示例由[马哥教育](http://www.magedu.com)原创，允许自由转载，商用必须经由马哥教育的书面同意。
24 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/06-MinIO/01-services-minio.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | kind: Service
 3 | apiVersion: v1
 4 | metadata:
 5 |   name: minio-headless
 6 |   labels:
 7 |     app: minio
 8 | spec:
 9 |   clusterIP: None
10 |   #publishNotReadyAddresses: true
11 |   selector:
12 |     app: minio
13 |   ports:
14 |     - name: http
15 |       port: 9000
16 |       targetPort: 9000
17 | ---
18 | apiVersion: v1
19 | kind: Service
20 | metadata:
21 |   name: minio
22 | spec:
23 |   type: LoadBalancer
24 |   selector:
25 |     app: minio
26 |   ports:
27 |     - port: 9000
28 |       targetPort: 9000
29 |       name: http
30 |     - port: 9001
31 |       targetPort: 9001
32 |       name: console
33 | ---
34 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/06-MinIO/02-secret-minio.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: minio-secret
 5 | data:
 6 |   MINIO_ROOT_USER: bWluaW9hZG1pbgo=
 7 |   # username: minioadmin
 8 |   MINIO_ROOT_PASSWORD: bWFnZWR1LmNvbQ==
 9 |   # root password: magedu.com
10 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/06-MinIO/04-ingress-minio.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: minio
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: minio.magedu.com
10 |     http:
11 |       paths:
12 |       - path: /
13 |         pathType: ImplementationSpecific
14 |         backend:
15 |           service:
16 |             name: minio
17 |             port:
18 |               number: 9001
19 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/infra-services/06-MinIO/README.md:
--------------------------------------------------------------------------------
 1 | # 部署MinIO
 2 | 
 3 | 依赖于一个支持PV动态置备的StorageClass，本示例中使用nfs-csi
 4 | 
 5 | ### 部署
 6 | 将配置清单中定义的资源对象部署于Kubernetes集群上即可，需要手动指定名称空间；
 7 | 
 8 | ```bash
 9 | kubectl create namespace minio
10 | kubectl apply -f ./ -n minio
11 | ```
12 | 
13 | ### 访问console
14 | 
15 | 通过Ingress定义的Host访问，地址如下，注意要使用https协议。
16 | https://minio.magedu.com/
17 | 
18 | 默认的用户名和密码是“minioadmin/magedu.com”。
19 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/k8s-inst/ansible-k8s-install/cluster-install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #
 3 | MASTER_IP='192.168.10.6'
 4 | NODE_01_IP='192.168.10.11'
 5 | NODE_02_IP='192.168.10.12'
 6 | NODE_03_IP='192.168.10.13'
 7 | 
 8 | # install ansible
 9 | sudo apt-add-repository -y ppa:ansible/ansible
10 | sudo apt update
11 | sudo apt install -y ansible
12 | 
13 | # generate ansible iventory hosts
14 | cat <<EOF >> /etc/ansible/hosts
15 | [master]
16 | ${MASTER_IP} node_ip=${MASTER_IP}
17 | 
18 | [nodes]
19 | ${NODE_01_IP} node_ip=${NODE_01_IP}
20 | ${NODE_02_IP} node_ip=${NODE_02_IP}
21 | #${NODE_03_IP} node_ip=${NODE_03_IP}
22 | EOF
23 | 
24 | # install containerd.io and kubeadm/kubelet/kubectl
25 | ansible-playbook install-kubeadm.yaml
26 | 
27 | # create kubernetes cluster control plane and add work nodes
28 | ansible-playbook install-k8s-cilium.yaml
29 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/k8s-inst/ansible-k8s-install/files/crictl.yaml:
--------------------------------------------------------------------------------
1 | runtime-endpoint: unix:///run/containerd/containerd.sock
2 | image-endpoint: unix:///run/containerd/containerd.sock
3 | timeout: 10
4 | debug: false
5 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/k8s-inst/ansible-k8s-install/reset-kubeadm.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: all
 3 |   become: true
 4 |   tasks:
 5 |     - name: Reset all kubeadm state
 6 |       command: "{{ item }}"
 7 |       with_items:
 8 |       - kubeadm reset -f
 9 |       - rm -rf /etc/cni/net.d
10 |       - rm -rf "$HOME/.kube" /etc/kubernetes/ /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/cni /var/lib/etcd
11 | 
12 |     # This is to reset:
13 |     # - mtu changes (we could store the original values or always set one)
14 |     # - bpf programms (we could call cilium cleanup)
15 |     - name: Reboot
16 |       reboot:
17 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/k8s-inst/ansible-k8s-install/scripts/cilium-gen-keys.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | kubectl create \
4 |     -n kube-system \
5 |     secret generic cilium-ipsec-keys \
6 |     --from-literal=keys="3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null| xxd -p -c 64)) 128"
7 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/k8s-inst/generate-init-config.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # export addresses and other vars
 3 | set -a
 4 | K8S_API_ENDPOINT=kubeapi.magedu.com
 5 | K8S_API_ADDVERTISE_IP=192.168.10.6
 6 | K8S_VERSION=1.28.2
 7 | K8S_CLUSTER_NAME=kubernetes
 8 | K8S_SERVICE_MODE=iptables
 9 | K8S_POD_SUBNET="10.244.0.0/16"
10 | K8S_SERVICE_SUBNET="10.96.0.0/12"
11 | K8S_DNS_DOMAIN="cluster.local"
12 | set +a
13 | 
14 | envsubst < kubeadm-init-config.tmpl.yaml > kubeadm-init-config.yaml
15 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/kuboard/ingress-kuboard.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: kuboard
 5 |   namespace: kuboard
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: kuboard.magedu.com
10 |     http:
11 |       paths:
12 |       - path: /
13 |         backend:
14 |           service:
15 |             name: kuboard-v3
16 |             port:
17 |               number: 80
18 |         pathType: Prefix
19 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/mall-and-skywalking/README.md:
--------------------------------------------------------------------------------
 1 | # mall microservice项目相关的部署文件
 2 | 
 3 | 本示例中，各service的配置中均启用了skywalking java agent，它们会将链路跟踪相关的数据发送至指定的Skywalking OAP服务中。
 4 | 
 5 | ### 依赖的基础环境
 6 | 
 7 | 本示例中的mall microservice依赖于MySQL、Nacos、Redis、MongoDB、RabbitMQ、ElasticSearch（需要部署中文分词插件）和MinIO等相关的服务。
 8 | 
 9 | 具体的过程，请参考infra-services或infra-services-with-prometheus目录中的部署方法。
10 | 
11 | ### 部署方法
12 | 
13 | 创建名称空间，用以部署各服务。
14 | 
15 | ```bash
16 | kubectl create namespace mall
17 | ```
18 | 
19 | 运行如下命令，部署各服务。
20 | 
21 | ```bash
22 | kubectl apply -f ./ -n mall
23 | ```
24 | 
25 | 
26 | 
27 | 
28 | 
29 | ## 版权声明
30 | 
31 | 本项目由[马哥教育](www.magedu.com)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。欢迎扫描下面的二维码关注iKubernetes公众号，及时获取更多技术文章。
32 | 
33 | ![ikubernetes公众号二维码](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/iKubernetes%E5%85%AC%E4%BC%97%E5%8F%B7%E4%BA%8C%E7%BB%B4%E7%A0%81.jpg)
34 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/openstack-heat-templates/README.md:
--------------------------------------------------------------------------------
 1 | # OpenStack Heat 模板
 2 | 
 3 | 该目录中的各模板文件，可用于在马哥教育私有云上快速初始化出基础环境，包括网络、子网、FloatingIP、安全组和主机实例等。
 4 | - cluster-base-env.tmpl：创建可用于部署Kubernetes集群的三个主机实例，包括一个master和两个worker，且各自都有固定的IP地址；
 5 | - cluster_nodes_number_on_damands.tmpl：创建可用于部署Kubernetes集群的主机实例，master节点数量可指定为1-3个，worker节点数量可指定为1-6个；但总体是否能创建成功，还可取决于总体可用的资源量；
 6 | - two_clusters.tmpl：创建可用于部署两个Kubernetes集群的主机实例，每个集群中的master固定为1个，而worker节点的数量可分别指定为1-3个；具体的配置过程在通过为参数赋值来完成。
 7 | 
 8 | ![two_clusters](./images/two_clusters.png)
 9 | 
10 | 


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/openstack-heat-templates/images/cluster_nodes_on_demands.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/openstack-heat-templates/images/cluster_nodes_on_demands.png


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/openstack-heat-templates/images/clusters_and_instances.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/openstack-heat-templates/images/clusters_and_instances.png


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/openstack-heat-templates/images/three_base_nodes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/openstack-heat-templates/images/three_base_nodes.png


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/openstack-heat-templates/images/two_clusters.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/MageEdu-Private-Cloud/openstack-heat-templates/images/two_clusters.png


--------------------------------------------------------------------------------
/MageEdu-Private-Cloud/openstack-heat-templates/multi-clusters/README.md:
--------------------------------------------------------------------------------
 1 | # 快速初始化多Kubernetes集群环境的Heat模板
 2 | 
 3 | ### 主机环境说明
 4 | 
 5 | 三个集群各自使用独立的安全组、网络和子网，它们通过同一个路由器彼此互联。
 6 | 
 7 | - cluster01.tmpl：集群Cluster01的模板
 8 |   - 它会创建c01-master01、c01-node01和c01-node02三个实例
 9 |   - 这些主机位于192.168.10.0/24网络中
10 |   - 各实例均有一个浮动IP地址与外部网络交互
11 | - cluster02.tmpl：集群Cluster02的模板
12 |   - 它会创建c02-master01、c02-node01和c02-node02三个实例
13 |   - 它们都位于192.168.20.0/24网络中
14 |   - 各实例均有一个浮动IP地址与外部网络交互
15 | - cluster03.tmpl：集群Cluster03的模板
16 |   - 它会创建c03-master01、c03-node01和c03-node02三个实例
17 |   - 位于192.168.30.0/24网络中
18 |   - 各实例均有一个浮动IP地址与外部网络交互
19 | 
20 | ### 拓扑示意图
21 | 
22 | ![clusters_and_instances](../images/clusters_and_instances.png)


--------------------------------------------------------------------------------
/Mall-MicroService/README.md:
--------------------------------------------------------------------------------
 1 | # 微服务商城
 2 | 
 3 | 教学案例，用于部署如下系统：
 4 | 
 5 | - 部署Kubernetes集群及基础组件；
 6 | - 部署微服务商城依赖的各类后端服务，相关配置文件及部署说明位于目录“infra-services-with-prometheus”目录中；
 7 |   - 00-Prometheus：Prometheus监控组件，及自定义指标流水线的相关部署配置；
 8 |   - 01-Nacos：MySQL和Nacos；
 9 |   - 02-ElasticStack：ElasticSearch、Fluent-Bit和Kibana；
10 |   - 03-Redis：Redis Master/Slave Cluster;
11 |   - 04-RabbitMQ：RabbitMQ Cluster；
12 |   - 05-MongoDB：MongoDB ReplicaSet Cluster；
13 |   - 06-MinIO：MinIO Cluster;
14 |   - 07-SkyWaling：SkyWalking和SkyWalking UI；
15 | - 部署微服务商城，相关配置文件位于目录“mall-and-skywalking”目录中；
16 | - 部署微服务商城商家端的Web UI，相关配置文件位于目录“mall-and-skywalking”目录中；
17 | 
18 | ### 依赖到的环境
19 | 
20 | 该示例提供的配置文件，依赖于满足如下条件的Kubernetes集群：
21 | 
22 | - 部署有Cilium网络插件，启用了Cilium Ingress；
23 | - 部署有MetalLB，支持LoadBalancer Service；
24 | - 部署有OpenEBS，提供了openebs-hostpath存储类；
25 | - （可选）部署有csi-driver-nfs和一个可用的NFS Server，提供了nfs-csi存储类；
26 | - （可选）部署有Metrics Server；
27 | 
28 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/alertmanager/alertmanager-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: alertmanager
 5 |   namespace: prom
 6 |   annotations:
 7 |       prometheus.io/scrape: 'true'
 8 |       prometheus.io/port:   '9093'
 9 | spec:
10 |   selector: 
11 |     app: alertmanager
12 |   type: LoadBalancer
13 |   ports:
14 |     - port: 9093
15 |       targetPort: 9093
16 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/grafana/01-grafana-cfg.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | apiVersion: v1
 3 | kind: ConfigMap
 4 | metadata:
 5 |   name: grafana-datasources
 6 |   namespace: prom
 7 | data:
 8 |   prometheus.yaml: |-
 9 |     {
10 |         "apiVersion": 1,
11 |         "datasources": [
12 |             {
13 |                "access":"proxy",
14 |                 "editable": true,
15 |                 "name": "prometheus",
16 |                 "orgId": 1,
17 |                 "type": "prometheus",
18 |                 "url": "http://prometheus.prom.svc.cluster.local.:9090",
19 |                 "version": 1
20 |             }
21 |         ]
22 |     }
23 | ---
24 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/grafana/02-grafana-service.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: grafana
 6 |   namespace: prom
 7 |   annotations:
 8 |       prometheus.io/scrape: 'true'
 9 |       prometheus.io/port:   '3000'
10 | spec:
11 |   selector: 
12 |     app: grafana
13 |   type: NodePort  
14 |   ports:
15 |     - port: 3000
16 |       targetPort: 3000
17 | ---
18 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/grafana/03-grafana-pvc.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: grafana-pvc
 6 |   namespace: prom
 7 | spec:
 8 |   accessModes:
 9 |     - ReadWriteMany
10 |   resources:
11 |     requests:
12 |       storage: 5Gi
13 |   storageClassName: nfs-csi
14 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/grafana/05-grafana-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: grafana
 5 |   namespace: prom
 6 |   labels:
 7 |     app: grafana
 8 |   annotations:
 9 |     ingress.cilium.io/loadbalancer-mode: 'shared'
10 |     ingress.cilium.io/service-type: 'Loadbalancer'
11 | spec:
12 |   ingressClassName: 'cilium'
13 |   rules:
14 |   - host: grafana.magedu.com
15 |     http:
16 |       paths:
17 |       - path: /
18 |         pathType: Prefix
19 |         backend:
20 |           service:
21 |             name: grafana
22 |             port:
23 |               number: 3000
24 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/kube-state-metrics/kube-state-metrics-deploy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: kube-state-metrics
 5 |   namespace: prom
 6 | spec:
 7 |   replicas: 1
 8 |   selector:
 9 |     matchLabels:
10 |       app: kube-state-metrics
11 |   template:
12 |     metadata:
13 |       labels:
14 |         app: kube-state-metrics
15 |     spec:
16 |       serviceAccountName: kube-state-metrics
17 |       containers:
18 |       - name: kube-state-metrics
19 |         image: gcmirrors/kube-state-metrics:v1.9.5
20 |         #image: registry.magedu.com/gcmirrors/kube-state-metrics-amd64:v1.7.1
21 |         ports:
22 |         - containerPort: 8080
23 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/kube-state-metrics/kube-state-metrics-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   annotations:
 5 |     prometheus.io/scrape: 'true'
 6 |     prometheus.io/port: '8080'
 7 |   name: kube-state-metrics
 8 |   namespace: prom
 9 |   labels:
10 |     app: kube-state-metrics
11 | spec:
12 |   ports:
13 |   - name: kube-state-metrics
14 |     port: 8080
15 |     protocol: TCP
16 |   selector:
17 |     app: kube-state-metrics
18 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/namespace.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 |   name: prom
6 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/node_exporter/node-exporter-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   annotations:
 5 |     prometheus.io/scrape: 'true'
 6 |   name: prometheus-node-exporter
 7 |   namespace: prom
 8 |   labels:
 9 |     app: prometheus
10 |     component: node-exporter
11 | spec:
12 |   clusterIP: None
13 |   ports:
14 |     - name: prometheus-node-exporter
15 |       port: 9100
16 |       protocol: TCP
17 |   selector:
18 |     app: prometheus
19 |     component: node-exporter
20 |   type: ClusterIP
21 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/example-metrics/metrics-app-hpa.yaml:
--------------------------------------------------------------------------------
 1 | kind: HorizontalPodAutoscaler
 2 | apiVersion: autoscaling/v2
 3 | metadata:
 4 |   name: metrics-app-hpa
 5 | spec:
 6 |   scaleTargetRef:
 7 |     apiVersion: apps/v1
 8 |     kind: Deployment
 9 |     name: metrics-app
10 |   minReplicas: 2
11 |   maxReplicas: 10
12 |   metrics:
13 |   - type: Pods
14 |     pods:
15 |       metric:
16 |         name: http_requests_per_second
17 |       target:
18 |         type: AverageValue
19 |         averageValue: 5
20 |   behavior:
21 |     scaleDown:
22 |       stabilizationWindowSeconds: 120
23 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: custom-metrics:system:auth-delegator
 5 | roleRef:
 6 |   apiGroup: rbac.authorization.k8s.io
 7 |   kind: ClusterRole
 8 |   name: system:auth-delegator
 9 | subjects:
10 | - kind: ServiceAccount
11 |   name: custom-metrics-apiserver
12 |   namespace: custom-metrics
13 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-auth-reader-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: RoleBinding
 3 | metadata:
 4 |   name: custom-metrics-auth-reader
 5 |   namespace: kube-system
 6 | roleRef:
 7 |   apiGroup: rbac.authorization.k8s.io
 8 |   kind: Role
 9 |   name: extension-apiserver-authentication-reader
10 | subjects:
11 | - kind: ServiceAccount
12 |   name: custom-metrics-apiserver
13 |   namespace: custom-metrics
14 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: custom-metrics-resource-reader
 5 | roleRef:
 6 |   apiGroup: rbac.authorization.k8s.io
 7 |   kind: ClusterRole
 8 |   name: custom-metrics-resource-reader
 9 | subjects:
10 | - kind: ServiceAccount
11 |   name: custom-metrics-apiserver
12 |   namespace: custom-metrics
13 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-service-account.yaml:
--------------------------------------------------------------------------------
1 | kind: ServiceAccount
2 | apiVersion: v1
3 | metadata:
4 |   name: custom-metrics-apiserver
5 |   namespace: custom-metrics
6 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-apiserver-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: custom-metrics-apiserver
 5 |   namespace: custom-metrics
 6 | spec:
 7 |   ports:
 8 |   - port: 443
 9 |     targetPort: 6443
10 |   selector:
11 |     app: custom-metrics-apiserver
12 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-cluster-role.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRole
 3 | metadata:
 4 |   name: custom-metrics-server-resources
 5 | rules:
 6 | - apiGroups:
 7 |   - custom.metrics.k8s.io
 8 |   - external.metrics.k8s.io
 9 |   resources: ["*"]
10 |   verbs: ["*"]
11 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/custom-metrics-resource-reader-cluster-role.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRole
 3 | metadata:
 4 |   name: custom-metrics-resource-reader
 5 | rules:
 6 | - apiGroups:
 7 |   - ""
 8 |   resources:
 9 |   - pods
10 |   - nodes
11 |   - nodes/stats
12 |   verbs:
13 |   - get
14 |   - list
15 |   - watch
16 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-adpater/manifests/hpa-custom-metrics-cluster-role-binding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: hpa-controller-custom-metrics
 5 | roleRef:
 6 |   apiGroup: rbac.authorization.k8s.io
 7 |   kind: ClusterRole
 8 |   name: custom-metrics-server-resources
 9 | subjects:
10 | - kind: ServiceAccount
11 |   name: horizontal-pod-autoscaler
12 |   namespace: kube-system
13 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-server/.prometheus-ingress.yaml.swp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-server/.prometheus-ingress.yaml.swp


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-server/prometheus-ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: prometheus
 5 |   namespace: prom
 6 |   labels:
 7 |     app: prometheus
 8 |   annotations:
 9 |     ingress.cilium.io/loadbalancer-mode: 'shared'
10 |     ingress.cilium.io/service-type: 'Loadbalancer'
11 | spec:
12 |   ingressClassName: 'cilium'
13 |   rules:
14 |   - host: prom.magedu.com
15 |     http:
16 |       paths:
17 |       - path: /
18 |         pathType: Prefix
19 |         backend:
20 |           service:
21 |             name: prometheus
22 |             port:
23 |               number: 9090
24 |   - host: prometheus.magedu.com
25 |     http:
26 |       paths:
27 |       - path: /
28 |         pathType: Prefix
29 |         backend:
30 |           service:
31 |             name: prometheus
32 |             port: 
33 |               number: 9090
34 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/00-Prometheus/prometheus-server/prometheus-svc.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: prometheus
 6 |   namespace: prom
 7 |   annotations:
 8 |     prometheus.io/scrape: 'true'
 9 |     prometheus.io/port: '9090'
10 |   labels:
11 |     app: prometheus
12 | spec:
13 |   type: NodePort
14 |   ports:
15 |     - port: 9090
16 |       targetPort: 9090
17 |       nodePort: 30090
18 |       protocol: TCP
19 |   selector:
20 |     app: prometheus
21 |     component: server
22 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/01-Nacos/01-secrets-mysql.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Secret
 4 | metadata:
 5 |   name: mysql-secret
 6 | data:
 7 |   database.name: bmFjb3NkYg==
 8 |   # DB name: nacosdb
 9 |   root.password: ""
10 |   # root password: null
11 |   user.name: bmFjb3M=
12 |   # username: nacos
13 |   user.password: bWFnZWR1LmNvbQo=
14 |   # password: magedu.com
15 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/01-Nacos/05-nacos-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: nacos
 5 |   labels:
 6 |     app: nacos 
 7 |   annotations: {}
 8 |     #prometheus.io/scrape: "true"
 9 |     #prometheus.io/port: "8848"
10 |     #prometheus.io/path: "/nacos/actuator/prometheus"  
11 | spec:
12 |   #type: LoadBalancer
13 |   ports:
14 |     - port: 8848
15 |       name: server
16 |       targetPort: 8848
17 |   selector:
18 |     app: nacos
19 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/01-Nacos/06-nacos-ingress.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: nacos
 6 |   annotations:
 7 |     ingress.cilium.io/loadbalancer-mode: 'shared'
 8 |     ingress.cilium.io/service-type: 'Loadbalancer'
 9 | spec:
10 |   ingressClassName: cilium
11 |   rules:
12 |   - host: nacos.magedu.com
13 |     http:
14 |       paths:
15 |       - path: /
16 |         pathType: Prefix
17 |         backend:
18 |           service:
19 |             name: nacos
20 |             port: 
21 |               number: 8848
22 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/01-Nacos/examples/cloud-nacos-registry.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: cloud-nacos-registry
 6 |   labels:
 7 |     app: nacos
 8 | spec:
 9 |   publishNotReadyAddresses: true
10 |   ports:
11 |     - port: 8848
12 |       name: server
13 |       targetPort: 8848
14 |     - port: 9848
15 |       name: client-rpc
16 |       targetPort: 9848
17 |     - port: 9849
18 |       name: raft-rpc
19 |       targetPort: 9849
20 |     ## 兼容1.4.x版本的选举端口
21 |     - port: 7848
22 |       name: old-raft-rpc
23 |       targetPort: 7848
24 |   clusterIP: None
25 |   selector:
26 |     app: nacos
27 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20230806.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Mall-MicroService/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20230806.zip


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20230808.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Mall-MicroService/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20230808.zip


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20231029.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Mall-MicroService/infra-services-with-prometheus/01-Nacos/examples/nacos_config_20231029.zip


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/02-ElasticStack/grafana-dashboards/README.md:
--------------------------------------------------------------------------------
1 | # Grafana Dashboards
2 | 
3 | 地址: https://github.com/prometheus-community/elasticsearch_exporter/tree/master/examples/grafana
4 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/03-Redis/02-secret-redis.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # Site: http://www.magedu.com
 3 | #
 4 | ---
 5 | kind: Secret
 6 | apiVersion: v1
 7 | metadata:
 8 |   name: redis-secret
 9 | type: Opaque
10 | data:
11 |   REDIS_PASSWORD: "bWFnZWR1LmNvbQ=="
12 |   #REDIS_PASSWORD: "magedu.com"
13 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/03-Redis/README.md:
--------------------------------------------------------------------------------
 1 | ## 部署redis
 2 | 
 3 | 可以部署的独立的名称空间，也可以部署在目标应用的名称空间中，如redis。
 4 | 
 5 | #### 部署redis
 6 | 
 7 | 首先，运行如下命令，创建名称空间。
 8 | 
 9 | ```bash
10 | kubectl create namespace redis
11 | ```
12 | 
13 | 接着，运行如下命令，部署redis replication cluster。
14 | 
15 | ```bash
16 | kubectl apply -f . -n redis
17 | ```
18 | 
19 | 部署完成后，其master的访问地址为“redis-0.redis.redis.svc”，客户端可通过此地址向redis发起存取请求。
20 | 
21 | #### 部署sentinel（可选）
22 | 
23 | 最后，部署redis sentinel。此为可选步骤。
24 | 
25 | ```bash
26 | kubectl apply -f ./sentinel/ -n redis
27 | ```
28 | 
29 | ### Grafana Dashboard
30 | 
31 | Dashboard ID: 763
32 | 
33 | 
34 | ## 版权声明
35 | 
36 | 本项目由[马哥教育](www.magedu.com)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。欢迎扫描下面的二维码关注iKubernetes公众号，及时获取更多技术文章。
37 | 
38 | ![ikubernetes公众号二维码](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/iKubernetes%E5%85%AC%E4%BC%97%E5%8F%B7%E4%BA%8C%E7%BB%B4%E7%A0%81.jpg)
39 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/04-RabbitMQ/01-configmap-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: rabbitmq-config
 5 | data:
 6 |   enabled_plugins: |
 7 |     [rabbitmq_federation,rabbitmq_management,rabbitmq_management_agent,rabbitmq_peer_discovery_k8s,rabbitmq_prometheus].
 8 |   rabbitmq.conf: |
 9 |     loopback_users.guest = false
10 |     listeners.tcp.default = 5672
11 |     cluster_formation.peer_discovery_backend  = rabbit_peer_discovery_k8s
12 |     cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
13 |     cluster_formation.k8s.address_type = hostname
14 |     cluster_formation.node_cleanup.only_log_warning = true
15 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/04-RabbitMQ/02-rbac-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: ServiceAccount
 4 | metadata:
 5 |   name: rabbitmq
 6 | ---
 7 | kind: Role
 8 | apiVersion: rbac.authorization.k8s.io/v1
 9 | metadata:
10 |   name: rabbitmq
11 | rules:
12 | - apiGroups:
13 |     - ""
14 |   resources:
15 |     - endpoints
16 |   verbs:
17 |     - get
18 |     - list
19 |     - watch
20 | ---
21 | kind: RoleBinding
22 | apiVersion: rbac.authorization.k8s.io/v1
23 | metadata:
24 |   name: rabbitmq
25 | subjects:
26 | - kind: ServiceAccount
27 |   name: rabbitmq
28 | roleRef:
29 |   apiGroup: rbac.authorization.k8s.io
30 |   kind: Role
31 |   name: rabbitmq
32 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/04-RabbitMQ/03-secret-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: rabbit-secret
 5 | type: Opaque
 6 | data:
 7 |   erlang_cookie: U2l0ZS9NYWdlRWR1LmNvbQo=
 8 |   # Default User admin
 9 |   default_user: "YWRtaW4="
10 |   # Default Pass magedu.com
11 |   default_pass: "bWFnZWR1LmNvbQ=="
12 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/04-RabbitMQ/04-service-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: rabbitmq
 6 |   annotations:
 7 |     prometheus.io/scrape: "true"
 8 |     prometheus.io/port: "15692"
 9 |     prometheus.io/path: "/metrics"
10 |     # Grafana Dashboard ID 10991 and 11340.
11 | spec:
12 |   clusterIP: None
13 |   ports:
14 |   - port: 15672
15 |     targetPort: 15672
16 |     name: discovery
17 |   - port: 15692
18 |     targetPort: 15692
19 |     name: prometheus
20 |   - port: 5672
21 |     targetPort: 5672
22 |     name: amqp
23 |   selector:
24 |     app: rabbitmq
25 | ---
26 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/04-RabbitMQ/README.md:
--------------------------------------------------------------------------------
 1 | # 部署Rabbit Cluster
 2 | 
 3 | 首先，运行如下命令，创建名称空间。
 4 | ```bash
 5 | kubectl create namespace rabbit
 6 | ```
 7 | 
 8 | 而后，运行如下命令，部署Rabbit Cluster。
 9 | ```bash
10 | kubectl apply -f ./ -n rabbit
11 | ```
12 | 
13 | 类似如下的URL可用于访问RabbitMQ内置的管理Web UI。
14 | http://rabbitmq.magedu.com
15 | 
16 | 默认的用户名和密码是“admin/magedu.com”。
17 | 
18 | 为mall-microservice提供服务时,需要创建新的用户malladmin/magedu.com,并创建新的vhost，名称为/mall，并授权给malladmin用户。
19 | 
20 | 
21 | ## 版权声明
22 | 
23 | 本项目由[马哥教育](www.magedu.com)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。欢迎扫描下面的二维码关注iKubernetes公众号，及时获取更多技术文章。
24 | 
25 | ![ikubernetes公众号二维码](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/iKubernetes%E5%85%AC%E4%BC%97%E5%8F%B7%E4%BA%8C%E7%BB%B4%E7%A0%81.jpg)
26 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/05-MongoDB/01-configmap-mongodb.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: mongo-config
 5 | data:
 6 |   script.sh: |-
 7 |     #!/bin/bash
 8 |     if [[ "$POD_NAME" = "mongodb-0" ]];
 9 |     then
10 |       export MONGODB_REPLICA_SET_MODE="primary"
11 |     else
12 |       export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="27017"
13 |       export MONGODB_REPLICA_SET_MODE="secondary"
14 |     fi
15 | 
16 |     exec /opt/bitnami/scripts/mongodb/entrypoint.sh /opt/bitnami/scripts/mongodb/run.sh
17 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/05-MongoDB/02-service-mongodb.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: mongodb
 5 | spec:
 6 |   clusterIP: None
 7 |   publishNotReadyAddresses: true
 8 |   ports:
 9 |   - name: mongodb
10 |     port: 27017
11 |     targetPort: 27017
12 |   selector:
13 |     app: mongodb
14 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/05-MongoDB/README.md:
--------------------------------------------------------------------------------
 1 | # 部署MongoDB ReplicaSet集群
 2 | 
 3 | 依赖条件：
 4 | - 一个支持动态PV置备的StorageClass，本示例使用"openebs-hostpath"
 5 | - 一个分布的Kubernetes集群
 6 | 
 7 | ### 部署方法
 8 | 直接将各配置文件创建在集群上即可，建议使用专用的namespace；
 9 | 
10 | ```bash
11 | kubectl create namespace mongo
12 | kubectl apply -f . -n mongo
13 | ```
14 | 
15 | ### 查看集群状态
16 | 
17 | ```bash
18 | kubectl exec -it mongodb-0 -n mongo -- mongo
19 | mongo> rs.status()
20 | ```
21 | 
22 | ## 版权声明
23 | 
24 | 本项目由[马哥教育](www.magedu.com)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。欢迎扫描下面的二维码关注iKubernetes公众号，及时获取更多技术文章。
25 | 
26 | ![ikubernetes公众号二维码](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/iKubernetes%E5%85%AC%E4%BC%97%E5%8F%B7%E4%BA%8C%E7%BB%B4%E7%A0%81.jpg)
27 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/06-MinIO/01-services-minio.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | kind: Service
 3 | apiVersion: v1
 4 | metadata:
 5 |   name: minio-headless
 6 |   labels:
 7 |     app: minio
 8 | spec:
 9 |   clusterIP: None
10 |   #publishNotReadyAddresses: true
11 |   selector:
12 |     app: minio
13 |   ports:
14 |     - name: http
15 |       port: 9000
16 |       targetPort: 9000
17 | ---
18 | apiVersion: v1
19 | kind: Service
20 | metadata:
21 |   name: minio
22 | spec:
23 |   type: LoadBalancer
24 |   selector:
25 |     app: minio
26 |   ports:
27 |     - port: 9000
28 |       targetPort: 9000
29 |       name: http
30 |     - port: 9001
31 |       targetPort: 9001
32 |       name: console
33 | ---
34 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/06-MinIO/02-secret-minio.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: minio-secret
 5 | data:
 6 |   MINIO_ROOT_USER: bWluaW9hZG1pbgo=
 7 |   # username: minioadmin
 8 |   MINIO_ROOT_PASSWORD: bWFnZWR1LmNvbQ==
 9 |   # root password: magedu.com
10 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/06-MinIO/04-ingress-minio.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: minio
 6 |   annotations:
 7 |     ingress.cilium.io/loadbalancer-mode: 'shared'
 8 |     ingress.cilium.io/service-type: 'Loadbalancer'
 9 | spec:
10 |   ingressClassName: cilium
11 |   rules:
12 |   - host: minio.magedu.com
13 |     http:
14 |       paths:
15 |       - path: /
16 |         pathType: Prefix
17 |         backend:
18 |           service:
19 |             name: minio
20 |             port:
21 |               number: 9001
22 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/07-Skywalking/README.md:
--------------------------------------------------------------------------------
 1 | # 部署SkyWalking及UI
 2 | 
 3 | 首先，创建专用的名称空间，以部署Skywalking及相关组件。
 4 | 
 5 | ```bash 
 6 | kubectl create namespace tracing
 7 | ```
 8 | 
 9 | 而后，运行如下命令，部署Skywalking OAP。需要说明的是，下面命令中用到的配置文件，依赖于部署在elastic名称空间中的elasticsearch服务。
10 | 
11 | ```bash 
12 | kubectl apply -f 01-skywalking-oap.yaml -n tracing
13 | ```
14 | 
15 | 最后，运行如下命令，部署Skywalking UI。
16 | 
17 | ```bash 
18 | kubectl apply -f 01-skywalking-ui.yaml -n tracing
19 | ```
20 | 
21 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services-with-prometheus/README.md:
--------------------------------------------------------------------------------
 1 | # 几个基础服务部署示例
 2 | 
 3 | ### 环境依赖说明
 4 | 
 5 | 1. 持久化存储依赖于两个存储类
 6 | 
 7 |    - csi-driver-nfs存储，存储类名称为“nfs-csi”；
 8 | 
 9 |    - openebs存储，存储类名称为“openebs-hostpath”
10 | 
11 | 2. Ingress依赖于Cilium ingressclass，需要部署Cilium网络插件，并同时启用Ingress功能；
12 | 
13 | ### 部署过程
14 | 
15 | 请参考每个服务的单独说明。
16 | 
17 | 
18 | 
19 | ## 版权声明
20 | 
21 | 本项目由[马哥教育](www.magedu.com)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。欢迎扫描下面的二维码关注iKubernetes公众号，及时获取更多技术文章。
22 | 
23 | ![ikubernetes公众号二维码](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/iKubernetes%E5%85%AC%E4%BC%97%E5%8F%B7%E4%BA%8C%E7%BB%B4%E7%A0%81.jpg)
24 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/01-secrets-mysql.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Secret
 4 | metadata:
 5 |   name: mysql-secret
 6 | data:
 7 |   database.name: bmFjb3NkYg==
 8 |   # DB name: nacosdb
 9 |   root.password: ""
10 |   # root password: null
11 |   user.name: bmFjb3M=
12 |   # username: nacos
13 |   user.password: bWFnZWR1LmNvbQo=
14 |   # password: magedu.com
15 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/examples/cloud-nacos-registry.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: cloud-nacos-registry
 6 |   labels:
 7 |     app: nacos
 8 | spec:
 9 |   publishNotReadyAddresses: true
10 |   ports:
11 |     - port: 8848
12 |       name: server
13 |       targetPort: 8848
14 |     - port: 9848
15 |       name: client-rpc
16 |       targetPort: 9848
17 |     - port: 9849
18 |       name: raft-rpc
19 |       targetPort: 9849
20 |     ## 兼容1.4.x版本的选举端口
21 |     - port: 7848
22 |       name: old-raft-rpc
23 |       targetPort: 7848
24 |   clusterIP: None
25 |   selector:
26 |     app: nacos
27 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/examples/nacos_config_20230806.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Mall-MicroService/infra-services/01-Nacos/examples/nacos_config_20230806.zip


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/examples/nacos_config_20230808.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Mall-MicroService/infra-services/01-Nacos/examples/nacos_config_20230808.zip


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/examples/nacos_config_20231029.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Mall-MicroService/infra-services/01-Nacos/examples/nacos_config_20231029.zip


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/manifests/mysql/01-configmap-mysql.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # Site: http://www.magedu.com
 3 | # MySQL Replication Cluster for Nacos
 4 | ---
 5 | apiVersion: v1
 6 | kind: ConfigMap
 7 | metadata:
 8 |   name: mysql
 9 | data:
10 |   primary.cnf: |
11 |     # Apply this config only on the primary.
12 |     [mysql]
13 |     default-character-set=utf8mb4
14 |     [mysqld]
15 |     log-bin
16 |     character-set-server=utf8mb4
17 |     #innodb-file-per-table=on
18 |     [client]
19 |     default-character-set=utf8mb4
20 | 
21 |   replica.cnf: |
22 |     # Apply this config only on replicas.
23 |     [mysql]
24 |     default-character-set=utf8mb4
25 |     [mysqld]
26 |     super-read-only    
27 |     character-set-server=utf8mb4
28 |     [client]
29 |     default-character-set=utf8mb4
30 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/manifests/mysql/02-secrets-mysql.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Secret
 4 | metadata:
 5 |   name: mysql-secret
 6 | data:
 7 |   database.name: bmFjb3NkYg==
 8 |   # DB name: nacosdb
 9 |   root.password: ""
10 |   # root password: null
11 |   user.name: bmFjb3M=
12 |   # username: nacos
13 |   user.password: bmFjb3M=
14 |   # password: nacos
15 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/manifests/mysql/03-services-mysql.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # Headless service for stable DNS entries of StatefulSet members.
 3 | apiVersion: v1
 4 | kind: Service
 5 | metadata:
 6 |   name: mysql
 7 | spec:
 8 |   ports:
 9 |   - name: mysql
10 |     port: 3306
11 |   clusterIP: None
12 |   selector:
13 |     app: mysql
14 | ---
15 | # Client service for connecting to any MySQL instance for reads.
16 | # For writes, you must instead connect to the primary: mysql-0.mysql.
17 | apiVersion: v1
18 | kind: Service
19 | metadata:
20 |   name: mysql-read
21 |   labels:
22 |     app: mysql
23 | spec:
24 |   ports:
25 |   - name: mysql
26 |     port: 3306
27 |   selector:
28 |     app: mysql
29 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/manifests/nacos/01-configmap-nacos.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # Site: http://www.magedu.com
 3 | # Nacos Cluster
 4 | ---
 5 | apiVersion: v1
 6 | kind: ConfigMap
 7 | metadata:
 8 |   name: nacos
 9 | data:
10 |   #mysql.host: "mysql-0.mysql.mall.svc.cluster.local"
11 |   mysql.host: "mysql-0.mysql"
12 |   # mysql master host
13 |   mysql.port: "3306"
14 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/manifests/nacos/02-service-nacos.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: nacos-headless
 6 |   labels:
 7 |     app: nacos
 8 | spec:
 9 |   publishNotReadyAddresses: true 
10 |   ports:
11 |     - port: 8848
12 |       name: server
13 |       targetPort: 8848
14 |     - port: 9848
15 |       name: client-rpc
16 |       targetPort: 9848
17 |     - port: 9849
18 |       name: raft-rpc
19 |       targetPort: 9849
20 |     ## 兼容1.4.x版本的选举端口
21 |     - port: 7848
22 |       name: old-raft-rpc
23 |       targetPort: 7848
24 |   clusterIP: None
25 |   selector:
26 |     app: nacos
27 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/manifests/nacos/04-ingress-nacos.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: nacos
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: nacos.magedu.com
10 |     http:
11 |       paths:
12 |       - path: /
13 |         pathType: ImplementationSpecific
14 |         backend:
15 |           service:
16 |             name: nacos-headless
17 |             port:
18 |               number: 8848
19 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/01-Nacos/manifests/nacos/README.md:
--------------------------------------------------------------------------------
1 | # Nacos
2 | 提示：Nacos需要先完成数据库初始化，而后才能正常运行。数据库初始化的方式有两种：
3 | - 使用非Nacos提供的MySQL数据库镜像，需要手动运行sql脚本；
4 |     脚本地址：https://raw.githubusercontent.com/alibaba/nacos/develop/distribution/conf/mysql-schema.sql
5 | - 使用由Nacos提供的MySQL镜像，能自动完成数据库初始化；
6 | 
7 | 说明：本示例中的Nacos依赖于一个部署完成的MySQL，且它默认访问的是主从架构MySQL服务中的主节点“mysql-0.mysql“，因此，需要事先手动进行Nacos数据库初始化。
8 | 
9 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/02-ElasticStack/README.md:
--------------------------------------------------------------------------------
 1 | # 部署Elasticsearch及相关组件
 2 | 
 3 | 创建名称空间
 4 | ```bash
 5 | kubectl create namespace elastic
 6 | ```
 7 | 
 8 | 部署elasticsearch
 9 | 
10 | ```bash
11 | kubectl apply -f 01-elasticsearch-cluster-persistent.yaml -n elastic
12 | ```
13 | 
14 | 待ES的相关Pod就绪后，即可部署fluentd
15 | 
16 | ```bash
17 | kubectl apply -f 02-fluentbit.yaml -n elastic
18 | ```
19 | 
20 | 部署kibana
21 | 
22 | ```bash
23 | kubectl apply -f 03-kibana.yaml -n elastic
24 | ```
25 | 
26 | 若要通过Ingress访问Kibana,请事先确保将kibana.magedu.com解析至ingress controller service的外部地址。
27 | http://kibana.magedu.com
28 | 
29 | 若要通过LoadBalancer Service访问Kibana，请事先确保有支持LoadBalancer Service的基础环境，而后修改service/kibana的spec.type字段的值为“LoadBalancer”，而后运行如下命令了解其获得的external IP地址。
30 | 
31 | ```bash
32 | kubectl get service kibana -n elastic
33 | ```
34 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/03-Redis/02-secret-redis.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # Site: http://www.magedu.com
 3 | #
 4 | ---
 5 | kind: Secret
 6 | apiVersion: v1
 7 | metadata:
 8 |   name: redis-secret
 9 | type: Opaque
10 | data:
11 |   REDIS_PASSWORD: "bWFnZWR1LmNvbQo="
12 |   #REDIS_PASSWORD: "magedu.com"
13 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/03-Redis/03-services-redis.yaml:
--------------------------------------------------------------------------------
 1 | # Headless service so sentinel could access redisses using syntax <pod-name>.<service-name>
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: redis
 6 |   labels:
 7 |     app: redis
 8 |     app.kubernetes.io/component: redis
 9 |     app.kubernetes.io/instance: redis
10 | spec:
11 |   clusterIP: None
12 |   ports:
13 |   - port: 6379
14 |     targetPort: 6379
15 |     name: redis
16 |   selector:
17 |     app: redis
18 | ---
19 | # Sentinel service used for project pod connection
20 | apiVersion: v1
21 | kind: Service
22 | metadata:
23 |   name: sentinel
24 |   labels:
25 |     app: sentinel
26 |     app.kubernetes.io/component: sentinel
27 |     app.kubernetes.io/instance: sentinel
28 | spec:
29 |   type: ClusterIP
30 |   sessionAffinity: None
31 |   ports:
32 |   - port: 5000
33 |     targetPort: 5000
34 |     name: sentinel
35 |   selector:
36 |     app: sentinel
37 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/03-Redis/README.md:
--------------------------------------------------------------------------------
 1 | ## 部署redis
 2 | 
 3 | 可以部署的独立的名称空间，也可以部署在目标应用的名称空间中，如redis。
 4 | 
 5 | #### 部署redis
 6 | 
 7 | 首先，运行如下命令，创建名称空间。
 8 | 
 9 | ```bash
10 | kubectl create namespace redis
11 | ```
12 | 
13 | 接着，运行如下命令，部署redis replication cluster。
14 | 
15 | ```bash
16 | kubectl apply -f . -n redis
17 | ```
18 | 
19 | 部署完成后，其master的访问地址为“redis-0.redis.redis.svc”，客户端可通过此地址向redis发起存取请求。
20 | 
21 | #### 部署sentinel（可选）
22 | 
23 | 最后，部署redis sentinel。此为可选步骤。
24 | 
25 | ```bash
26 | kubectl apply -f ./sentinel/ -n redis
27 | ```
28 | 
29 | ### 版权声明
30 | 
31 | 本示例由[马哥教育](http://www.magedu.com)原创，允许自由转载，商用必须经由马哥教育的书面同意。
32 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/04-RabbitMQ/01-configmap-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: rabbitmq-config
 5 | data:
 6 |   enabled_plugins: |
 7 |     [rabbitmq_federation,rabbitmq_management,rabbitmq_peer_discovery_k8s].
 8 |   rabbitmq.conf: |
 9 |     loopback_users.guest = false
10 |     listeners.tcp.default = 5672
11 |     cluster_formation.peer_discovery_backend  = rabbit_peer_discovery_k8s
12 |     cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
13 |     cluster_formation.k8s.address_type = hostname
14 |     cluster_formation.node_cleanup.only_log_warning = true
15 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/04-RabbitMQ/02-rbac-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: ServiceAccount
 4 | metadata:
 5 |   name: rabbitmq
 6 | ---
 7 | kind: Role
 8 | apiVersion: rbac.authorization.k8s.io/v1
 9 | metadata:
10 |   name: rabbitmq
11 | rules:
12 | - apiGroups:
13 |     - ""
14 |   resources:
15 |     - endpoints
16 |   verbs:
17 |     - get
18 |     - list
19 |     - watch
20 | ---
21 | kind: RoleBinding
22 | apiVersion: rbac.authorization.k8s.io/v1
23 | metadata:
24 |   name: rabbitmq
25 | subjects:
26 | - kind: ServiceAccount
27 |   name: rabbitmq
28 | roleRef:
29 |   apiGroup: rbac.authorization.k8s.io
30 |   kind: Role
31 |   name: rabbitmq
32 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/04-RabbitMQ/03-secret-rabbitmq.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 |   name: rabbit-secret
5 | type: Opaque
6 | data:
7 |   RABBITMQ_ERLANG_COOKIE: U2l0ZS9NYWdlRWR1LmNvbQo=
8 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/04-RabbitMQ/04-service-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: rabbitmq
 6 | spec:
 7 |   clusterIP: None
 8 |   ports:
 9 |   - port: 15672
10 |     targetPort: 15672
11 |     name: discovery
12 |   - port: 5672
13 |     targetPort: 5672
14 |     name: amqp
15 |   selector:
16 |     app: rabbitmq
17 | ---
18 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/04-RabbitMQ/06-ingress-rabbitmq.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: rabbitmq
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: rabbitmq.magedu.com
10 |     http:
11 |       paths:
12 |       - path: /
13 |         pathType: Prefix
14 |         backend:
15 |           service:
16 |             name: rabbitmq
17 |             port:
18 |               number: 15672
19 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/04-RabbitMQ/README.md:
--------------------------------------------------------------------------------
 1 | # 部署Rabbit Cluster
 2 | 
 3 | 首先，运行如下命令，创建名称空间。
 4 | ```bash
 5 | kubectl create namespace rabbit
 6 | ```
 7 | 
 8 | 而后，运行如下命令，部署Rabbit Cluster。
 9 | ```bash
10 | kubectl apply -f ./ -n rabbit
11 | ```
12 | 
13 | 类似如下的URL可用于访问RabbitMQ内置的管理Web UI。
14 | http://rabbitmq.magedu.com
15 | 
16 | 默认的用户名和密码是“guest/guest”。安全起见，建议修改用户的密码，或者创建其它管理员账号后禁用该用户。
17 | 
18 | 为mall-microservice提供服务时,需要创建新的用户malladmin/magedu.com,并创建新的vhost，名称为/mall，并授权给malladmin用户。
19 | 
20 | 
21 | 
22 | ### 版权声明
23 | 
24 | 本示例由[马哥教育](http://www.magedu.com)原创，允许自由转载，商用必须经由马哥教育的书面同意。
25 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/05-MongoDB/01-configmap-mongodb.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: mongo-config
 5 | data:
 6 |   script.sh: |-
 7 |     #!/bin/bash
 8 |     if [[ "$POD_NAME" = "mongodb-0" ]];
 9 |     then
10 |       export MONGODB_REPLICA_SET_MODE="primary"
11 |     else
12 |       export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="27017"
13 |       export MONGODB_REPLICA_SET_MODE="secondary"
14 |     fi
15 | 
16 |     exec /opt/bitnami/scripts/mongodb/entrypoint.sh /opt/bitnami/scripts/mongodb/run.sh
17 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/05-MongoDB/02-service-mongodb.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: mongodb
 5 | spec:
 6 |   clusterIP: None
 7 |   publishNotReadyAddresses: true
 8 |   ports:
 9 |   - name: mongodb
10 |     port: 27017
11 |     targetPort: 27017
12 |   selector:
13 |     app: mongodb
14 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/05-MongoDB/README.md:
--------------------------------------------------------------------------------
 1 | # 部署MongoDB ReplicaSet集群
 2 | 
 3 | 依赖条件：
 4 | - 一个支持动态PV置备的StorageClass，本示例使用”nfs-csi”
 5 | - 一个分布的Kubernetes集群
 6 | 
 7 | ### 部署方法
 8 | 直接将各配置文件创建在集群上即可，建议使用专用的namespace；
 9 | 
10 | ```bash
11 | kubectl create namespace mongo
12 | kubectl apply -f . -n mongo
13 | ```
14 | 
15 | ### 查看集群状态
16 | 
17 | ```bash
18 | kubectl exec -it mongodb-0 -n mongo
19 | mongo> rs.status()
20 | ```
21 | 
22 | ## 版权声明
23 | 本示例由[马哥教育](http://www.magedu.com)原创，允许自由转载，商用必须经由马哥教育的书面同意。
24 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/06-MinIO/01-services-minio.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | kind: Service
 3 | apiVersion: v1
 4 | metadata:
 5 |   name: minio-headless
 6 |   labels:
 7 |     app: minio
 8 | spec:
 9 |   clusterIP: None
10 |   #publishNotReadyAddresses: true
11 |   selector:
12 |     app: minio
13 |   ports:
14 |     - name: http
15 |       port: 9000
16 |       targetPort: 9000
17 | ---
18 | apiVersion: v1
19 | kind: Service
20 | metadata:
21 |   name: minio
22 | spec:
23 |   type: LoadBalancer
24 |   selector:
25 |     app: minio
26 |   ports:
27 |     - port: 9000
28 |       targetPort: 9000
29 |       name: http
30 |     - port: 9001
31 |       targetPort: 9001
32 |       name: console
33 | ---
34 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/06-MinIO/02-secret-minio.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: minio-secret
 5 | data:
 6 |   MINIO_ROOT_USER: bWluaW9hZG1pbgo=
 7 |   # username: minioadmin
 8 |   MINIO_ROOT_PASSWORD: bWFnZWR1LmNvbQ==
 9 |   # root password: magedu.com
10 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/06-MinIO/04-ingress-minio.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: minio
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: minio.magedu.com
10 |     http:
11 |       paths:
12 |       - path: /
13 |         pathType: ImplementationSpecific
14 |         backend:
15 |           service:
16 |             name: minio
17 |             port:
18 |               number: 9001
19 | 


--------------------------------------------------------------------------------
/Mall-MicroService/infra-services/06-MinIO/README.md:
--------------------------------------------------------------------------------
 1 | # 部署MinIO
 2 | 
 3 | 依赖于一个支持PV动态置备的StorageClass，本示例中使用openebs-hostpath
 4 | 
 5 | ### 部署
 6 | 将配置清单中定义的资源对象部署于Kubernetes集群上即可，需要手动指定名称空间；
 7 | 
 8 | ```bash
 9 | kubectl create namespace minio
10 | kubectl apply -f ./ -n minio
11 | ```
12 | 
13 | ### 访问console
14 | 
15 | 通过Ingress定义的Host访问，地址如下，注意要使用https协议。
16 | https://minio.magedu.com/
17 | 
18 | 默认的用户名和密码是“minioadmin/magedu.com”。
19 | 


--------------------------------------------------------------------------------
/Mall-MicroService/mall-and-skywalking/README.md:
--------------------------------------------------------------------------------
 1 | # mall microservice项目相关的部署文件
 2 | 
 3 | 本示例中，各service的配置中均启用了skywalking java agent，它们会将链路跟踪相关的数据发送至指定的Skywalking OAP服务中。
 4 | 
 5 | ### 依赖的基础环境
 6 | 
 7 | 本示例中的mall microservice依赖于MySQL、Nacos、Redis、MongoDB、RabbitMQ、ElasticSearch（需要部署中文分词插件）和MinIO等相关的服务。
 8 | 
 9 | 具体的过程，请参考infra-services或infra-services-with-prometheus目录中的部署方法。
10 | 
11 | ### 部署方法
12 | 
13 | 创建名称空间，用以部署各服务。
14 | 
15 | ```bash
16 | kubectl create namespace mall
17 | ```
18 | 
19 | 运行如下命令，部署各服务。
20 | 
21 | ```bash
22 | kubectl apply -f ./ -n mall
23 | ```
24 | 
25 | 
26 | 
27 | 
28 | 
29 | ## 版权声明
30 | 
31 | 本项目由[马哥教育](www.magedu.com)开发，允许自由转载，但必须保留马哥教育及相关的一切标识。另外，商用需要征得马哥教育的书面同意。欢迎扫描下面的二维码关注iKubernetes公众号，及时获取更多技术文章。
32 | 
33 | ![ikubernetes公众号二维码](https://github.com/iKubernetes/Kubernetes_Advanced_Practical_2rd/raw/main/imgs/iKubernetes%E5%85%AC%E4%BC%97%E5%8F%B7%E4%BA%8C%E7%BB%B4%E7%A0%81.jpg)
34 | 


--------------------------------------------------------------------------------
/MetalLB/metallb-ipaddresspool.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: metallb.io/v1beta1
 2 | kind: IPAddressPool
 3 | metadata:
 4 |   name: localip-pool
 5 |   namespace: metallb-system
 6 | spec:
 7 |   addresses:
 8 |   - 172.29.7.51-172.29.7.80
 9 |   autoAssign: true
10 |   avoidBuggyIPs: true
11 | 


--------------------------------------------------------------------------------
/MetalLB/metallb-l2advertisement.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: metallb.io/v1beta1
 2 | kind: L2Advertisement
 3 | metadata:
 4 |   name: localip-pool-l2a
 5 |   namespace: metallb-system
 6 | spec:
 7 |   ipAddressPools:
 8 |   - localip-pool
 9 |   interfaces:
10 |   - enp1s0
11 | 


--------------------------------------------------------------------------------
/OpenEBS/deployment/storageclass-openebs-hostpath.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: storage.k8s.io/v1
 3 | kind: StorageClass
 4 | metadata:
 5 |   name: openebs-hostpath
 6 |   annotations:
 7 |     openebs.io/cas-type: local
 8 |     cas.openebs.io/config: |
 9 |       - name: StorageType
10 |         value: "hostpath"
11 |       - name: BasePath
12 |         value: "/var/openebs/local"
13 | provisioner: openebs.io/local
14 | volumeBindingMode: WaitForFirstConsumer
15 | reclaimPolicy: Delete
16 | 


--------------------------------------------------------------------------------
/OpenEBS/jiva-csi/openebs-jiva-csi-pvc.yaml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: openebs-jiva-csi-pvc
 5 | spec:
 6 |   storageClassName: openebs-jiva-csi
 7 |   accessModes:
 8 |     - ReadWriteOnce
 9 |   resources:
10 |     requests:
11 |       storage: 5Gi
12 | 


--------------------------------------------------------------------------------
/OpenEBS/jiva-csi/openebs-jiva-csi-storageclass.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: storage.k8s.io/v1
 2 | kind: StorageClass
 3 | metadata:
 4 |   name: openebs-jiva-csi
 5 | provisioner: jiva.csi.openebs.io
 6 | allowVolumeExpansion: true
 7 | parameters:
 8 |   cas-type: "jiva"
 9 |   policy: "jivavolumepolicy-demo"
10 | 


--------------------------------------------------------------------------------
/OpenEBS/jiva-csi/openebs-jivavolumepolicy-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: openebs.io/v1alpha1
 2 | kind: JivaVolumePolicy
 3 | metadata:
 4 |   name: jivavolumepolicy-demo
 5 |   namespace: openebs
 6 | spec:
 7 |   replicaSC: openebs-hostpath
 8 |   target:
 9 |     # This sets the number of replicas for high-availability
10 |     # replication factor <= no. of (CSI) nodes
11 |     replicationFactor: 2
12 |     # disableMonitor: false
13 |     # auxResources:
14 |     # tolerations:
15 |     # resources:
16 |     # affinity:
17 |     # nodeSelector:
18 |     # priorityClassName:
19 |   # replica:
20 |     # tolerations:
21 |     # resources:
22 |     # affinity:
23 |     # nodeSelector:
24 |     # priorityClassName:
25 | 


--------------------------------------------------------------------------------
/OpenEBS/jiva-csi/redis-with-openebs-jiva-pvc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: redis-with-openebs-jiva-pvc
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     ports:
10 |     - containerPort: 6379
11 |       name: redis
12 |     volumeMounts:
13 |     - mountPath: /data
14 |       name: local-storage
15 |   volumes:
16 |   - name: local-storage
17 |     persistentVolumeClaim:
18 |       claimName: openebs-jiva-csi-pvc
19 | 


--------------------------------------------------------------------------------
/OpenEBS/local-pv-hostpath/openebs-local-hostpath-pvc.yaml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: openebs-local-hostpath-pvc
 5 | spec:
 6 |   storageClassName: openebs-hostpath
 7 |   accessModes:
 8 |     - ReadWriteOnce
 9 |   resources:
10 |     requests:
11 |       storage: 5G
12 | 


--------------------------------------------------------------------------------
/OpenEBS/local-pv-hostpath/redis-with-openebs-local-hostpath.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: redis-with-openebs-local-hostpath
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     ports:
10 |     - containerPort: 6379
11 |       name: redis
12 |     volumeMounts:
13 |     - mountPath: /data
14 |       name: local-storage
15 |   volumes:
16 |   - name: local-storage
17 |     persistentVolumeClaim:
18 |       claimName: openebs-local-hostpath-pvc
19 | 


--------------------------------------------------------------------------------
/OpenEBS/local-pv-lvm/openebs-local-lvm-pvc-restore.yaml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: openebs-local-lvm-pvc-restore
 5 | spec:
 6 |   dataSource:
 7 |     name: openebs-local-lvm-pvc-snap
 8 |     kind: VolumeSnapshot
 9 |     apiGroup: snapshot.storage.k8s.io
10 |   storageClassName: openebs-lvmpv
11 |   accessModes:
12 |     - ReadWriteOnce
13 |   resources:
14 |     requests:
15 |       storage: 5Gi
16 | 


--------------------------------------------------------------------------------
/OpenEBS/local-pv-lvm/openebs-local-lvm-pvc.yaml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: openebs-local-lvm-pvc
 5 | spec:
 6 |   storageClassName: openebs-lvmpv
 7 |   accessModes:
 8 |     - ReadWriteOnce
 9 |   resources:
10 |     requests:
11 |       storage: 5Gi
12 | 


--------------------------------------------------------------------------------
/OpenEBS/local-pv-lvm/openebs-local-lvm-storageclass.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: storage.k8s.io/v1
 2 | kind: StorageClass
 3 | metadata:
 4 |   name: openebs-lvmpv
 5 | allowVolumeExpansion: true
 6 | parameters:
 7 |   storage: "lvm"
 8 |   volgroup: "lvmvg"
 9 | provisioner: local.csi.openebs.io
10 | reclaimPolicy: Retain
11 | #allowedTopologies:
12 | #- matchLabelExpressions:
13 | #  - key: kubernetes.io/hostname
14 | #    values:
15 | #      - lvmpv-node1
16 | #      - lvmpv-node2
17 | 


--------------------------------------------------------------------------------
/OpenEBS/local-pv-lvm/openebs-local-lvm-volumesnapshot-demo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: snapshot.storage.k8s.io/v1
2 | kind: VolumeSnapshot
3 | metadata:
4 |   name: openebs-local-lvm-pvc-snap
5 | spec:
6 |   volumeSnapshotClassName: openebs-lvmpv-snapclass
7 |   source:
8 |     persistentVolumeClaimName: openebs-local-lvm-pvc
9 | 


--------------------------------------------------------------------------------
/OpenEBS/local-pv-lvm/openebs-local-lvm-volumesnapshotclass.yaml:
--------------------------------------------------------------------------------
1 | kind: VolumeSnapshotClass
2 | apiVersion: snapshot.storage.k8s.io/v1
3 | metadata:
4 |   name: openebs-lvmpv-snapclass
5 |   annotations:
6 |     snapshot.storage.kubernetes.io/is-default-class: "true"
7 | driver: local.csi.openebs.io
8 | deletionPolicy: Delete
9 | 


--------------------------------------------------------------------------------
/OpenEBS/local-pv-lvm/redis-with-openebs-local-lvm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: redis-with-openebs-local-lvm
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     ports:
10 |     - containerPort: 6379
11 |       name: redis
12 |     volumeMounts:
13 |     - mountPath: /data
14 |       name: local-storage
15 |   volumes:
16 |   - name: local-storage
17 |     persistentVolumeClaim:
18 |       claimName: openebs-local-lvm-pvc
19 | 


--------------------------------------------------------------------------------
/OpenEBS/nfs-pv/openebs-nfs-pv-storageclass.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: storage.k8s.io/v1
 2 | kind: StorageClass
 3 | metadata:
 4 |   annotations:
 5 |     cas.openebs.io/config: |
 6 |       - name: NFSServerType
 7 |         value: "kernel"
 8 |       - name: BackendStorageClass
 9 |         value: "openebs-hostpath"
10 |     openebs.io/cas-type: nfsrwx
11 |   name: openebs-rwx
12 | provisioner: openebs.io/nfsrwx
13 | reclaimPolicy: Delete
14 | volumeBindingMode: Immediate
15 | 


--------------------------------------------------------------------------------
/OpenEBS/nfs-pv/openebs-nfs-pvc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   name: nfs-pvc
 5 | spec:
 6 |   accessModes:
 7 |     - ReadWriteMany
 8 |   storageClassName: "openebs-rwx"
 9 |   resources:
10 |     requests:
11 |       storage: 1Gi
12 | 


--------------------------------------------------------------------------------
/OpenELB/eip-pool.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: network.kubesphere.io/v1alpha2
 2 | kind: Eip
 3 | metadata:
 4 |     name: eip-pool
 5 |     annotations:
 6 |       eip.openelb.kubesphere.io/is-default-eip: "true"
 7 | spec:
 8 |     address: 172.29.5.51-172.29.5.80
 9 |     protocol: layer2
10 |     interface: enp1s0
11 |     disable: false
12 | 


--------------------------------------------------------------------------------
/ProjectCalico/bgpconfiguration-default.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: crd.projectcalico.org/v1
 2 | kind: BGPConfiguration
 3 | metadata:
 4 |   name: default
 5 | spec:
 6 |   logSeverityScreen: Info
 7 |   # 是否启用full-mesh模式，默认为true
 8 |   nodeToNodeMeshEnabled: false
 9 |   nodeMeshMaxRestartTime: 120s
10 |   # 使用的自治系统号，默认为64512
11 |   asNumber: 65009
12 |   serviceClusterIPs:
13 |     - cidr: 10.96.0.0/12
14 |   #listenPort: 179
15 |   #bindMode: NodeIP
16 | 


--------------------------------------------------------------------------------
/ProjectCalico/bgppeer-rack-demo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: crd.projectcalico.org/v1
2 | kind: BGPPeer
3 | metadata:
4 |   name: bgppeer-rack001-tor
5 | spec:
6 |   # 同满足下面过滤条件的节点建立BGP Peer会话
7 |   peerSelector: rack001-rr == 'true'
8 |   # 配置rack001机架上的所有节点的BGP Peer属性
9 |   nodeSelector: rack == 'rack001'


--------------------------------------------------------------------------------
/ProjectCalico/bgppeer-with-rr.yaml:
--------------------------------------------------------------------------------
 1 | # 选定集群中的RR节点
 2 | apiVersion: crd.projectcalico.org/v1
 3 | kind: BGPPeer
 4 | metadata:
 5 |   name: peer-with-route-reflector
 6 | spec:
 7 |   # 节点标签选择器，定义当前配置要生效到的目标节点
 8 |   nodeSelector: all()
 9 |   # 该节点要请求与之建立BGP Peer的节点标签选择器，用于过滤和选定远端节点
10 |   peerSelector: route-reflector == 'true'
11 | 


--------------------------------------------------------------------------------
/ProjectCalico/calico-config-examples/default-ipv4-ippool.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: crd.projectcalico.org/v1
 2 | kind: IPPool
 3 | metadata:
 4 |   name: default-ipv4-ippool
 5 | spec:
 6 |   allowedUses:
 7 |   - Workload
 8 |   - Tunnel
 9 |   blockSize: 24
10 |   cidr: 192.168.0.0/16
11 |   ipipMode: Never
12 |   natOutgoing: true
13 |   nodeSelector: all()
14 |   vxlanMode: Always
15 | 


--------------------------------------------------------------------------------
/Velero/credentials-velero:
--------------------------------------------------------------------------------
1 | [default]
2 | aws_access_key_id = minioadmin
3 | aws_secret_access_key = magedu.com
4 | region = minio
5 | 


--------------------------------------------------------------------------------
/Velero/csi-driver-nfs/nfs-csi-volumesnapshot-demo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: snapshot.storage.k8s.io/v1
2 | kind: VolumeSnapshot
3 | metadata:
4 |   name: nfs-pvc-snap
5 | spec:
6 |   volumeSnapshotClassName: nfs-csi
7 |   source:
8 |     persistentVolumeClaimName: nfs-pvc
9 | 


--------------------------------------------------------------------------------
/Velero/csi-driver-nfs/nfs-csi-volumesnapshotclass.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: snapshot.storage.k8s.io/v1
 2 | kind: VolumeSnapshotClass
 3 | metadata:
 4 |   name: nfs-csi
 5 |   labels:
 6 |     velero.io/csi-volumesnapshot-class: "true" 
 7 | driver: nfs.csi.k8s.io
 8 | parameters:
 9 | parameters:
10 |   server: 172.29.7.2
11 |   share: /data/nfs
12 | deletionPolicy: Delete
13 | 


--------------------------------------------------------------------------------
/Velero/csi-driver-nfs/nfs-pvc-demo.yaml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: nfs-pvc
 5 |   annotations:
 6 |     velero.io/csi-volumesnapshot-class: "nfs-csi"
 7 | spec:
 8 |   storageClassName: nfs-csi
 9 |   accessModes:
10 |     - ReadWriteMany
11 |   resources:
12 |     requests:
13 |       storage: 5Gi
14 | 


--------------------------------------------------------------------------------
/Velero/csi-driver-nfs/nfs-pvc-restore-from-snap-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   name: nfs-pvc-restore
 5 | spec:
 6 |   dataSource:
 7 |     name: nfs-pvc-snap
 8 |     kind: VolumeSnapshot
 9 |     apiGroup: snapshot.storage.k8s.io
10 |   storageClassName: nfs-csi
11 |   accessModes:
12 |     - ReadWriteMany
13 |   resources:
14 |     requests:
15 |       storage: 5Gi
16 | 


--------------------------------------------------------------------------------
/Velero/csi-driver-nfs/redis-with-nfs-pvc-restore.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: redis-with-nfs-pvc-restore
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     ports:
10 |     - containerPort: 6379
11 |       name: redis
12 |     volumeMounts:
13 |     - mountPath: /data
14 |       name: data-storage
15 |   volumes:
16 |   - name: data-storage
17 |     persistentVolumeClaim:
18 |       claimName: nfs-pvc-restore
19 | 


--------------------------------------------------------------------------------
/Velero/csi-driver-nfs/redis-with-nfs-pvc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: redis-with-nfs-pvc
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     ports:
10 |     - containerPort: 6379
11 |       name: redis
12 |     volumeMounts:
13 |     - mountPath: /data
14 |       name: data-storage
15 |   volumes:
16 |   - name: data-storage
17 |     persistentVolumeClaim:
18 |       claimName: nfs-pvc
19 | 


--------------------------------------------------------------------------------
/Velero/imgs/backup001.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Velero/imgs/backup001.png


--------------------------------------------------------------------------------
/Velero/imgs/kopia_uploader.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Velero/imgs/kopia_uploader.png


--------------------------------------------------------------------------------
/Velero/imgs/kopia_uploader002.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/Velero/imgs/kopia_uploader002.png


--------------------------------------------------------------------------------
/Velero/minio/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3.8'
 2 | 
 3 | services:
 4 |   minio:
 5 |     image: minio/minio:RELEASE.2024-02-26T09-33-48Z
 6 |     container_name: minio
 7 |     restart: unless-stopped
 8 |     environment:
 9 |       MINIO_ROOT_USER: 'minioadmin'
10 |       MINIO_ROOT_PASSWORD: 'magedu.com'
11 |       MINIO_ADDRESS: ':9000'
12 |       MINIO_CONSOLE_ADDRESS: ':9001'
13 |     ports:
14 |       - "9000:9000"
15 |       - "9001:9001"
16 |     networks:
17 |       - minionetwork
18 |     volumes:
19 |       - ./data:/data
20 |     healthcheck:
21 |       test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
22 |       interval: 30s
23 |       timeout: 20s
24 |       retries: 3
25 |     command: server /data 
26 |     #command: server --console-address ":9001" /data 
27 | 
28 | networks:
29 |   minionetwork:
30 |     driver: bridge
31 | 


--------------------------------------------------------------------------------
/ansible-k8s-install/cluster-install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #
 3 | # 请把如下四个变量的值修改为实际环境中用于部署Kubernetes集群的主机的IP地址;
 4 | MASTER_IP='192.168.10.6'
 5 | NODE_01_IP='192.168.10.11'
 6 | NODE_02_IP='192.168.10.12'
 7 | NODE_03_IP='192.168.10.13'
 8 | 
 9 | # install ansible
10 | sudo apt-add-repository -y ppa:ansible/ansible
11 | sudo apt update
12 | sudo apt install -y ansible
13 | 
14 | # generate ansible iventory hosts
15 | cat <<EOF >> /etc/ansible/hosts
16 | [master]
17 | ${MASTER_IP} node_ip=${MASTER_IP}
18 | 
19 | [nodes]
20 | ${NODE_01_IP} node_ip=${NODE_01_IP}
21 | ${NODE_02_IP} node_ip=${NODE_02_IP}
22 | ${NODE_03_IP} node_ip=${NODE_03_IP}
23 | EOF
24 | 
25 | # install containerd.io and kubeadm/kubelet/kubectl
26 | ansible-playbook install-kubeadm.yaml
27 | 
28 | # create kubernetes cluster control plane and add work nodes
29 | #ansible-playbook install-k8s-flannel.yaml
30 | 


--------------------------------------------------------------------------------
/ansible-k8s-install/files/crictl.yaml:
--------------------------------------------------------------------------------
1 | runtime-endpoint: unix:///run/containerd/containerd.sock
2 | image-endpoint: unix:///run/containerd/containerd.sock
3 | timeout: 10
4 | debug: false
5 | 


--------------------------------------------------------------------------------
/ansible-k8s-install/reboot-system.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - hosts: all
3 |   become: true
4 |   tasks:
5 |     # Reboot all
6 |     - name: Reboot
7 |       reboot:
8 | 


--------------------------------------------------------------------------------
/ansible-k8s-install/reset-kubeadm.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: all
 3 |   become: true
 4 |   tasks:
 5 |     - name: Reset all kubeadm state
 6 |       command: "{{ item }}"
 7 |       with_items:
 8 |       - kubeadm reset -f
 9 |       - rm -rf /etc/cni/net.d /var/lib/cni
10 |       - rm -rf "$HOME/.kube" /etc/kubernetes/ /var/lib/kubelet /var/lib/dockershim /var/run/kubernetes /var/lib/etcd /var/openebs/
11 | 
12 |     # This is to reset:
13 |     # - mtu changes (we could store the original values or always set one)
14 |     # - bpf programms (we could call cilium cleanup)
15 |     - name: Reboot
16 |       reboot:
17 | 


--------------------------------------------------------------------------------
/ansible-k8s-install/scripts/cilium-gen-keys.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | kubectl create \
4 |     -n kube-system \
5 |     secret generic cilium-ipsec-keys \
6 |     --from-literal=keys="3 rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null| xxd -p -c 64)) 128"
7 | 


--------------------------------------------------------------------------------
/csi-driver-nfs/deploy/02-csi-driver-nfs-4.1/02-csi-nfs-driverinfo.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: storage.k8s.io/v1
 3 | kind: CSIDriver
 4 | metadata:
 5 |   name: nfs.csi.k8s.io
 6 | spec:
 7 |   attachRequired: false
 8 |   volumeLifecycleModes:
 9 |     - Persistent
10 |     - Ephemeral
11 |   fsGroupPolicy: File
12 | 


--------------------------------------------------------------------------------
/csi-driver-nfs/deploy/03-csi-driver-nfs-4.2/csi-nfs-driverinfo.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: storage.k8s.io/v1
 3 | kind: CSIDriver
 4 | metadata:
 5 |   name: nfs.csi.k8s.io
 6 | spec:
 7 |   attachRequired: false
 8 |   volumeLifecycleModes:
 9 |     - Persistent
10 |   fsGroupPolicy: File
11 | 


--------------------------------------------------------------------------------
/csi-driver-nfs/deploy/04-csi-driver-nfs-4.6.0/csi-nfs-driverinfo.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: storage.k8s.io/v1
 3 | kind: CSIDriver
 4 | metadata:
 5 |   name: nfs.csi.k8s.io
 6 | spec:
 7 |   attachRequired: false
 8 |   volumeLifecycleModes:
 9 |     - Persistent
10 |   fsGroupPolicy: File
11 | 


--------------------------------------------------------------------------------
/csi-driver-nfs/nfs-csi-storageclass.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: storage.k8s.io/v1
 3 | kind: StorageClass
 4 | metadata:
 5 |   name: nfs-csi
 6 |   annotations:
 7 |     storageclass.kubernetes.io/is-default-class: "true"
 8 | provisioner: nfs.csi.k8s.io
 9 | parameters:
10 |   #server: nfs-server.default.svc.cluster.local
11 |   server: nfs-server.nfs.svc.cluster.local
12 |   share: /
13 | reclaimPolicy: Delete
14 | #reclaimPolicy: Retain
15 | volumeBindingMode: Immediate
16 | mountOptions:
17 |   - hard
18 |   - nfsvers=4.1
19 | 


--------------------------------------------------------------------------------
/csi-driver-nfs/nfs-pvc-dynamic.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: pvc-nfs-dynamic
 6 | spec:
 7 |   accessModes:
 8 |     - ReadWriteMany
 9 |   resources:
10 |     requests:
11 |       storage: 10Gi
12 |   storageClassName: nfs-csi
13 | 


--------------------------------------------------------------------------------
/csi-driver-nfs/volumes-nfs-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: volumes-nfs-csi-demo
 5 |   labels:
 6 |     app: redis
 7 | spec:
 8 |   containers:
 9 |   - name: redis
10 |     image: redis:alpine
11 |     ports:
12 |     - containerPort: 6379
13 |       name: redisport
14 |     securityContext:
15 |       runAsUser: 999
16 |     volumeMounts:
17 |     - mountPath: /data
18 |       name: redisdata
19 |   volumes:
20 |     - name: redisdata
21 |       persistentVolumeClaim:
22 |         claimName: pvc-nfs-dynamic
23 | 


--------------------------------------------------------------------------------
/dashboard/ingress-kubernetes-dashboard.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: dashboard
 5 |   annotations:
 6 |     ingress.kubernetes.io/ssl-passthrough: "true"
 7 |     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 8 |     nginx.ingress.kubernetes.io/rewrite-target: /$2
 9 |   namespace: kubernetes-dashboard
10 | spec:
11 |   ingressClassName: nginx
12 |   rules:
13 |   - http:
14 |       paths:
15 |       - path: /dashboard(/|$)(.*)
16 |         backend:
17 |           service:
18 |             name: kubernetes-dashboard
19 |             port:
20 |               number: 443
21 |         pathType: Prefix
22 | 


--------------------------------------------------------------------------------
/eck-operator/elasticsearch-myes-cluster.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: elasticsearch.k8s.elastic.co/v1
 2 | kind: Elasticsearch
 3 | metadata:
 4 |   name: myes
 5 |   namespace: elastic-system
 6 | spec:
 7 |   version: 8.14.0
 8 |   nodeSets:
 9 |   - name: default
10 |     count: 3
11 |     config:
12 |       node.store.allow_mmap: false
13 |     volumeClaimTemplates:
14 |     - metadata:
15 |         name: elasticsearch-data
16 |       spec:
17 |         accessModes:
18 |         - ReadWriteOnce
19 |         resources:
20 |           requests:
21 |             storage: 5Gi
22 |        #storageClassName: nfs-csi
23 |         storageClassName: openebs-hostpath
24 | 


--------------------------------------------------------------------------------
/eck-operator/images/kibana.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iKubernetes/learning-k8s/9660684d5bf118ad25f8b72ee4d9b330910722a8/eck-operator/images/kibana.png


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/configmap-nginx-cfg.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | data:
 3 |   gzip.cfg: |
 4 |     gzip on;
 5 |     gzip_comp_level 5;
 6 |     gzip_proxied     expired no-cache no-store private auth;
 7 |     gzip_types text/plain text/css application/xml text/javascript;
 8 |   myserver.conf: |
 9 |     server {
10 |         listen 8080;
11 |         server_name www.ik8s.io;
12 | 
13 |         include /etc/nginx/conf.d/myserver-*.cfg;
14 | 
15 |         location / {
16 |             root /usr/share/nginx/html;
17 |         }
18 |     }
19 | kind: ConfigMap
20 | metadata:
21 |   creationTimestamp: null
22 |   name: nginx-cfg
23 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/configmaps-env-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | ---
 4 | apiVersion: v1
 5 | kind: ConfigMap
 6 | metadata:
 7 |   name: demoapp-config
 8 |   namespace: default
 9 | data:
10 |   demoapp.port: "8080"
11 |   demoapp.host: 127.0.0.1
12 | ---
13 | apiVersion: v1
14 | kind: Pod
15 | metadata:
16 |   name: configmaps-env-demo
17 |   namespace: default
18 | spec:
19 |   containers:
20 |   - image: ikubernetes/demoapp:v1.0
21 |     name: demoapp
22 |     env:
23 |     - name: PORT
24 |       valueFrom:
25 |         configMapKeyRef:
26 |           name: demoapp-config
27 |           key: demoapp.port
28 |           optional: false
29 |     - name: HOST
30 |       valueFrom:
31 |         configMapKeyRef:
32 |           name: demoapp-config
33 |           key: demoapp.host
34 |           optional: true
35 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/configmaps-volume-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: configmaps-volume-demo
 5 |   namespace: default
 6 | spec:
 7 |   containers:
 8 |   - image: nginx:alpine
 9 |     name: nginx-server
10 |     volumeMounts:
11 |     - name: ngxconfs
12 |       mountPath: /etc/nginx/conf.d/
13 |       readOnly: true
14 |   volumes:
15 |   - name: ngxconfs
16 |     configMap:
17 |       name: nginx-config-files
18 |       optional: false
19 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/downwardapi-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   labels:
 5 |     run: downwardapi-demo
 6 |   name: downwardapi-demo
 7 | spec:
 8 |   containers:
 9 |   - image: ikubernetes/demoapp:v1.0
10 |     name: downwardapi-demo
11 |     volumeMounts:
12 |     - name: dapi
13 |       mountPath: /dapi
14 |   volumes:
15 |   - name: dapi
16 |     downwardAPI:
17 |       items:
18 |       - path: "pod_name"
19 |         fieldRef: 
20 |           fieldPath: metadata.name
21 |       - path: "namespace"
22 |         fieldRef: 
23 |           fieldPath: metadata.namespace
24 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/nginx-conf.d/myserver-gzip.cfg:
--------------------------------------------------------------------------------
1 | gzip on;
2 | gzip_comp_level 5;
3 | gzip_proxied     expired no-cache no-store private auth;
4 | gzip_types text/plain text/css application/xml text/javascript;
5 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/nginx-conf.d/myserver-status.cfg:
--------------------------------------------------------------------------------
1 | location /nginx-status {
2 |     stub_status on;
3 |     access_log off;
4 | }
5 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/nginx-conf.d/myserver.conf:
--------------------------------------------------------------------------------
 1 | server {
 2 |     listen 8080;
 3 |     server_name www.ik8s.io;
 4 | 
 5 |     include /etc/nginx/conf.d/myserver-*.cfg;
 6 | 
 7 |     location / {
 8 |         root /usr/share/nginx/html;
 9 |     }
10 | }
11 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/nginx-ssl-conf.d/myserver-gzip.cfg:
--------------------------------------------------------------------------------
1 | gzip on;
2 | gzip_comp_level 5;
3 | gzip_proxied     expired no-cache no-store private auth;
4 | gzip_types text/plain text/css application/xml text/javascript;
5 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/nginx-ssl-conf.d/myserver-status.cfg:
--------------------------------------------------------------------------------
1 | location /nginx-status {
2 |     stub_status on;
3 |     access_log off;
4 | }
5 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/nginx-ssl-conf.d/myserver.conf:
--------------------------------------------------------------------------------
 1 | server {
 2 |     listen 443 ssl;
 3 |     server_name www.ik8s.io;
 4 | 
 5 |     ssl_certificate /etc/nginx/certs/tls.crt; 
 6 |     ssl_certificate_key /etc/nginx/certs/tls.key;
 7 | 
 8 |     ssl_session_timeout 5m;
 9 | 
10 |     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
11 | 
12 |     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
13 |     ssl_prefer_server_ciphers on;
14 | 
15 |     include /etc/nginx/conf.d/myserver-*.cfg;
16 | 
17 |     location / {
18 |         root /usr/share/nginx/html;
19 |     }
20 | }
21 | 
22 | server {
23 |     listen 80;
24 |     server_name www.ilinux.io; 
25 |     return 301 https://$host$request_uri; 
26 | }
27 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/projected-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   labels:
 5 |     run: projected-demo
 6 |   name: projected-demo
 7 | spec:
 8 |   containers:
 9 |   - image: ikubernetes/demoapp:v1.0
10 |     name: projected-demo
11 |     volumeMounts:
12 |     - name: proj
13 |       mountPath: /proj
14 |   volumes:
15 |   - name: proj
16 |     projected:
17 |       defaultMode: 0644
18 |       sources:
19 |       - configMap:
20 |           items:
21 |           - key: myserver.conf
22 |             path: my.conf
23 |           name: nginx-config-files
24 |       - secret:
25 |           items:
26 |           - key: tls.crt
27 |             path: nginx.crt
28 |           name: nginx-ssl-secret
29 |       - downwardAPI:
30 |           items:
31 |           - fieldRef:
32 |               apiVersion: v1
33 |               fieldPath: metadata.namespace
34 |             path: namespace 
35 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/secret-mysql.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | data:
 3 |   db.name: d3BkYg==
 4 |   db.pass: bWFnZWR1LmNvbTEyMzQ1Ng==
 5 |   db.user: d3B1c2Vy
 6 |   root.pass: TWFnZUVkdS5DMG0=
 7 | kind: Secret
 8 | metadata:
 9 |   creationTimestamp: null
10 |   name: mysql-secret
11 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/secrets-demo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 |   name: secrets-demo
5 | stringData:
6 |   username: redis
7 |   password: redisp@ss
8 | type: Opaque
9 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/secrets-env-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: secrets-env-demo
 5 |   namespace: default
 6 | spec:
 7 |   containers:
 8 |   - name: mariadb
 9 |     image: mariadb
10 |     imagePullPolicy: IfNotPresent
11 |     env:
12 |     - name: MYSQL_ROOT_PASSWORD
13 |       valueFrom:
14 |         secretKeyRef:
15 |           name: mysql-root-authn
16 |           key: password
17 | 


--------------------------------------------------------------------------------
/examples/configmaps_and_secrets/secrets-volume-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | ---
 4 | apiVersion: v1
 5 | kind: Pod
 6 | metadata:
 7 |   name: secrets-volume-demo
 8 |   namespace: default
 9 | spec:
10 |   containers:
11 |   - image: nginx:alpine
12 |     name: ngxserver
13 |     volumeMounts:
14 |     - name: nginxcerts
15 |       mountPath: /etc/nginx/certs/
16 |       readOnly: true
17 |     - name: nginxconfs
18 |       mountPath: /etc/nginx/conf.d/
19 |       readOnly: true
20 |   volumes:
21 |   - name: nginxcerts
22 |     secret:
23 |       secretName: nginx-ssl-secret
24 |   - name: nginxconfs
25 |     configMap:
26 |       name: nginx-sslvhosts-confs
27 |       optional: false
28 | 


--------------------------------------------------------------------------------
/examples/deployments/deployment-demo.yaml:
--------------------------------------------------------------------------------
 1 | # VERSION: demoapp version
 2 | # Maintainer: MageEdu <mage@magedu.com>
 3 | ---
 4 | apiVersion: apps/v1
 5 | kind: Deployment
 6 | metadata:
 7 |   name: deployment-demo
 8 | spec:
 9 |   replicas: 4
10 |   selector:
11 |     matchLabels:
12 |       app: demoapp
13 |       release: stable
14 |   template:
15 |     metadata:
16 |       labels:
17 |         app: demoapp
18 |         release: stable
19 |     spec:
20 |       containers:
21 |       - name: demoapp
22 |         image: ikubernetes/demoapp:v1.0
23 |         ports:
24 |         - containerPort: 80
25 |           name: http
26 |         livenessProbe:
27 |           httpGet:
28 |             path: '/livez'
29 |             port: 80
30 |           initialDelaySeconds: 5
31 |         readinessProbe:
32 |           httpGet:
33 |             path: '/readyz'
34 |             port: 80
35 |           initialDelaySeconds: 15
36 | 


--------------------------------------------------------------------------------
/examples/deployments/replicaset-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: ReplicaSet
 3 | metadata:
 4 |   name: replicaset-demo
 5 | spec:
 6 |   minReadySeconds: 3
 7 |   replicas: 2
 8 |   selector:
 9 |     matchLabels:
10 |       app: demoapp
11 |       release: stable
12 |       version: v1.0
13 |   template:
14 |     metadata:
15 |       labels:
16 |         app: demoapp
17 |         release: stable
18 |         version: v1.0
19 |     spec:
20 |       containers:
21 |       - name: demoapp
22 |         image: ikubernetes/demoapp:v1.0
23 |         ports:
24 |         - name: http
25 |           containerPort: 80
26 |         livenessProbe:
27 |           httpGet:
28 |             path: '/livez'
29 |             port: 80
30 |           initialDelaySeconds: 5
31 |         readinessProbe:
32 |           httpGet:
33 |             path: '/readyz'
34 |             port: 80
35 |           initialDelaySeconds: 15
36 | 


--------------------------------------------------------------------------------
/examples/jobs_and_cronjobs/cronjob-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: batch/v1beta1
 2 | kind: CronJob
 3 | metadata:
 4 |   name: cronjob-demo
 5 |   namespace: default
 6 | spec:
 7 |   schedule: "*/2 * * * *"
 8 |   jobTemplate:
 9 |     metadata:
10 |       labels:
11 |         controller: cronjob-demo
12 |     spec:
13 |       parallelism: 1
14 |       completions: 1
15 |       ttlSecondsAfterFinished: 600
16 |       backoffLimit: 3
17 |       activeDeadlineSeconds: 60
18 |       template:
19 |         spec:
20 |           containers:
21 |           - name: myjob
22 |             image: ikubernetes/admin-box:v1.2
23 |             command:
24 |             - /bin/sh
25 |             - -c
26 |             - date; echo Hello from CronJob, sleep a while...; sleep 10
27 |           restartPolicy: OnFailure
28 |   startingDeadlineSeconds: 300
29 | 


--------------------------------------------------------------------------------
/examples/jobs_and_cronjobs/job-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: batch/v1
 2 | kind: Job
 3 | metadata:
 4 |   name: job-demo
 5 | spec:
 6 |   template:
 7 |     spec:
 8 |       containers:
 9 |       - name: myjob
10 |         image: ikubernetes/admin-box:v1.2
11 |         imagePullPolicy: IfNotPresent
12 |         command: ["/bin/sh", "-c", "sleep 60"]
13 |       restartPolicy: Never
14 |   completions: 2
15 |   ttlSecondsAfterFinished: 3600
16 |   backoffLimit: 3
17 |   activeDeadlineSeconds: 300
18 | 


--------------------------------------------------------------------------------
/examples/jobs_and_cronjobs/job-para-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: batch/v1
 2 | kind: Job
 3 | metadata:
 4 |   name: job-para-demo
 5 | spec:
 6 |   template:
 7 |     spec:
 8 |       containers:
 9 |       - name: myjob
10 |         image: ikubernetes/admin-box:v1.2
11 |         imagePullPolicy: IfNotPresent
12 |         command: ["/bin/sh", "-c", "sleep 60"]
13 |       restartPolicy: Never
14 |   completions: 12 
15 |   parallelism: 2
16 |   ttlSecondsAfterFinished: 3600
17 |   backoffLimit: 3
18 |   activeDeadlineSeconds: 1200
19 | 


--------------------------------------------------------------------------------
/examples/network-policy-examples/allow-all-ingress-traffic.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: NetworkPolicy
 4 | metadata:
 5 |   name: allow-all-ingress
 6 | spec:
 7 |   podSelector: {}
 8 |   ingress:
 9 |   - {}
10 |   policyTypes:
11 |   - Ingress
12 | 


--------------------------------------------------------------------------------
/examples/network-policy-examples/allow-selected-ingress-traffic.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: NetworkPolicy
 4 | metadata:
 5 |   name: allow-selected-ingresses
 6 |   namespace: default
 7 | spec:
 8 |   podSelector: {}
 9 |   ingress:
10 |   - from:
11 |     - namespaceSelector:
12 |         matchExpressions:
13 |         - key: kubernetes.io/metadata.name
14 |           operator: In
15 |           values: ["default", "kube-system", "monitor"]
16 |     - ipBlock:
17 |         cidr: 192.168.10.0/24
18 |     ports: []
19 |   - from:
20 |     - namespaceSelector:
21 |         matchLabels:
22 |           kubernetes.io/metadata.name: demo
23 |       podSelector:
24 |         matchExpressions:
25 |         - key: app
26 |           operator: In
27 |           values: ["demoapp", "nginx"]
28 |     ports:
29 |     - port: 80
30 |       protocol: TCP
31 |   policyTypes:
32 |   - Ingress
33 | 


--------------------------------------------------------------------------------
/examples/network-policy-examples/deny-all-both-traffic.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: NetworkPolicy
 4 | metadata:
 5 |   name: default-deny-both-all
 6 | spec:
 7 |   podSelector: {}
 8 |   ingress: []
 9 |   egress: []
10 |   policyTypes:
11 |   - Ingress
12 |   - Egress
13 | 


--------------------------------------------------------------------------------
/examples/network-policy-examples/deny-all-ingress-traffic.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: NetworkPolicy
 4 | metadata:
 5 |   name: default-deny-ingress
 6 | spec:
 7 |   podSelector: {}
 8 |   ingress: []
 9 |   policyTypes:
10 |   - Ingress
11 | 


--------------------------------------------------------------------------------
/examples/pods/ambassador-container-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Create By: "MageEdu <mage@magedu.com>"
 2 | # Site: www.magedu.com
 3 | apiVersion: v1
 4 | kind: Pod
 5 | metadata:
 6 |   name: ambassador-container-demo
 7 | spec:
 8 |   containers:
 9 |   - name: curl
10 |     image: ikubernetes/admin-box:v1.2
11 |     command: ["sleep", "999999"]
12 |   - name: ambassador
13 |     image: bitnami/kubectl:latest
14 |     command: ["/bin/sh","-c","kubectl proxy"]
15 |     args:    
16 |     # 传递给 kubectl proxy 的选项，若需要改变默认监听的tcp/8001端口，可以额外附加“--port=NUM”选项；
17 |     - --server="https://kubernetes.default.svc"
18 |     - --certificate-authority="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
19 |     - --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
20 |     - --accept-paths='^.\*'
21 | 


--------------------------------------------------------------------------------
/examples/pods/init-container-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: init-container-demo
 5 |   namespace: default
 6 | spec:
 7 |   initContainers:
 8 |   - name: iptables-init
 9 |     image: ikubernetes/admin-box:latest
10 |     imagePullPolicy: IfNotPresent
11 |     command: ['/bin/sh','-c']
12 |     args: ['iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80']
13 |     securityContext:
14 |       capabilities:
15 |         add:
16 |         - NET_ADMIN
17 |   containers:
18 |   - name: demo
19 |     image: ikubernetes/demoapp:v1.0
20 |     imagePullPolicy: IfNotPresent
21 |     ports:
22 |     - name: http
23 |       containerPort: 80
24 | 


--------------------------------------------------------------------------------
/examples/pods/liveness-exec-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: liveness-exec-demo
 5 |   namespace: default
 6 | spec:
 7 |   containers:
 8 |   - name: demo
 9 |     image: ikubernetes/demoapp:v1.0
10 |     imagePullPolicy: IfNotPresent
11 |     livenessProbe:
12 |       exec:
13 |         #command: ['/bin/sh', '-c', '[ "$(curl -s 127.0.0.1/livez)" == "OK" ]']
14 |         command: ['/bin/sh', '-c', '[ "$(/usr/bin/curl -s http://127.0.0.1/livez)" == "OK" ]']
15 |       initialDelaySeconds: 5
16 |       timeoutSeconds: 1
17 |       periodSeconds: 5
18 | 


--------------------------------------------------------------------------------
/examples/pods/liveness-httpget-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | # ---
 4 | apiVersion: v1
 5 | kind: Pod
 6 | metadata:
 7 |   name: liveness-httpget-demo
 8 |   namespace: default
 9 | spec:
10 |   containers:
11 |   - name: demo
12 |     image: ikubernetes/demoapp:v1.0
13 |     imagePullPolicy: IfNotPresent
14 |     livenessProbe:
15 |       httpGet:
16 |         path: '/livez'
17 |         port: 80
18 |         scheme: HTTP
19 |       initialDelaySeconds: 5
20 | 


--------------------------------------------------------------------------------
/examples/pods/liveness-tcpsocket-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: liveness-tcpsocket-demo
 5 |   namespace: default
 6 | spec:
 7 |   containers:
 8 |   - name: demo
 9 |     image: ikubernetes/demoapp:v1.0
10 |     imagePullPolicy: IfNotPresent
11 |     ports:
12 |     - name: http
13 |       containerPort: 80
14 |     securityContext:
15 |       capabilities:
16 |         add:
17 |         - NET_ADMIN
18 |     livenessProbe:
19 |       tcpSocket:
20 |         port: http
21 |       periodSeconds: 5
22 |       initialDelaySeconds: 5
23 | 


--------------------------------------------------------------------------------
/examples/pods/pod-demo-hostport.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: demoapp-hostport
 5 |   namespace: default
 6 |   labels:
 7 |     app: demoapp
 8 |     version: v1.0
 9 | spec:
10 |   containers: 
11 |   - name: demoapp
12 |     image: ikubernetes/demoapp:v1.0
13 |     imagePullPolicy: IfNotPresent
14 |     ports:
15 |     - name: http
16 |       containerPort: 80
17 |       hostPort: 10080
18 |   restartPolicy: OnFailure
19 | 


--------------------------------------------------------------------------------
/examples/pods/pod-demo-seccon-capability.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: demoapp-seccon-capability
 5 |   namespace: default
 6 |   labels:
 7 |     app: demoapp
 8 |     version: v1.0
 9 | spec:
10 |   containers: 
11 |   - name: demoapp
12 |     image: ikubernetes/demoapp:v1.0
13 |     imagePullPolicy: IfNotPresent
14 |     securityContext:
15 |       capabilities:
16 |         add:
17 |         - NET_ADMIN
18 |         drop:
19 |         - CHOWN
20 |   restartPolicy: OnFailure
21 | 


--------------------------------------------------------------------------------
/examples/pods/pod-demo-seccon-privileged.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: demoapp-seccont-privileged
 5 |   namespace: default
 6 |   labels:
 7 |     app: demoapp
 8 |     version: v1.0
 9 | spec:
10 |   containers: 
11 |   - name: demoapp
12 |     image: ikubernetes/demoapp:v1.0
13 |     imagePullPolicy: IfNotPresent
14 |     securityContext:
15 |       privileged: true
16 |   restartPolicy: OnFailure
17 | 


--------------------------------------------------------------------------------
/examples/pods/pod-demo-seccon-runas.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: demoapp-sc-runas
 5 |   namespace: default
 6 |   labels:
 7 |     app: demoapp
 8 |     version: v1.0
 9 | spec:
10 |   containers: 
11 |   - name: demoapp
12 |     image: ikubernetes/demoapp:v1.0
13 |     imagePullPolicy: IfNotPresent
14 |     env:
15 |     - name: PORT 
16 |       value: "8080"
17 |     securityContext:
18 |       runAsUser: 1001
19 |       runAsGroup: 1001
20 |   restartPolicy: OnFailure
21 | 


--------------------------------------------------------------------------------
/examples/pods/pod-demo-with-cmd-and-args.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: pod-demo-with-cmd-and-args
 5 |   namespace: default
 6 | spec:
 7 |   containers:
 8 |   - name: demo
 9 |     image: ikubernetes/demoapp:v1.0
10 |     imagePullPolicy: IfNotPresent
11 |     command: ['/bin/sh','-c']
12 |     args: ['python3 /usr/local/bin/demo.py -p 8080']
13 | 


--------------------------------------------------------------------------------
/examples/pods/pod-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: pod-demo
 5 |   namespace: default
 6 | spec:
 7 |   containers:
 8 |   - name: demo
 9 |     image: ikubernetes/demoapp:v1.0
10 |     imagePullPolicy: IfNotPresent
11 | 


--------------------------------------------------------------------------------
/examples/pods/pod-resources-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | # ---
 4 | apiVersion: v1
 5 | kind: Pod
 6 | metadata:
 7 |   name: stress-pod
 8 | spec:
 9 |   containers:
10 |   - name: stress
11 |     image: ikubernetes/stress-ng
12 |     command: ["/usr/bin/stress-ng", "-c 1", "-m 1", "--metrics-brief"]
13 |     resources:
14 |       requests:
15 |         memory: "128Mi"
16 |         cpu: "200m"
17 |       limits:
18 |         memory: "512Mi"
19 |         cpu: "400m"
20 | 


--------------------------------------------------------------------------------
/examples/pods/pod-using-env.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: pod-using-env
 5 |   namespace: default
 6 | spec:
 7 |   containers:
 8 |   - name: demo
 9 |     image: ikubernetes/demoapp:v1.0
10 |     imagePullPolicy: IfNotPresent
11 |     env:
12 |     - name: HOST
13 |       value: "127.0.0.1"
14 |     - name: PORT
15 |       value: "8080"
16 | 


--------------------------------------------------------------------------------
/examples/pods/readiness-httpget-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: readiness-httpget-demo
 5 |   namespace: default
 6 |   labels:
 7 |     name: readiness-httpget-demo
 8 | spec:
 9 |   containers:
10 |   - name: demo
11 |     image: ikubernetes/demoapp:v1.0
12 |     imagePullPolicy: IfNotPresent
13 |     readinessProbe:
14 |       httpGet:
15 |         path: '/readyz'
16 |         port: 80
17 |         scheme: HTTP
18 |       initialDelaySeconds: 15
19 |       timeoutSeconds: 2
20 |       periodSeconds: 5
21 |       failureThreshold: 3
22 |   restartPolicy: Always
23 | 


--------------------------------------------------------------------------------
/examples/pods/resource-limits-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: memleak-pod
 5 |   labels:
 6 |     app: memleak
 7 | spec:
 8 |   containers:
 9 |   - name: simmemleak
10 |     image: ikubernetes/simmemleak
11 |     imagePullPolicy: IfNotPresent
12 |     resources:
13 |       requests:
14 |         memory: "64Mi"
15 |         cpu: "1"
16 |       limits:
17 |         memory: "64Mi"
18 |         cpu: "1"
19 | 


--------------------------------------------------------------------------------
/examples/pods/resource-requests-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: stress-pod
 5 | spec:
 6 |   containers:
 7 |   - name: stress
 8 |     image: ikubernetes/stress-ng
 9 |     command: ["/usr/bin/stress-ng", "-c 1", "-m 1", "--metrics-brief"]
10 |     resources:
11 |       requests:
12 |         memory: "128Mi"
13 |         cpu: "200m"
14 |       limits:
15 |         memory: "512Mi"
16 |         cpu: "400m"
17 | 


--------------------------------------------------------------------------------
/examples/pods/securitycontext-capabilities-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # # URL: http://www.magedu.com
 3 | apiVersion: v1
 4 | kind: Pod
 5 | metadata:
 6 |   name: securitycontext-capabilities-demo
 7 |   namespace: default
 8 | spec:
 9 |   containers:
10 |   - name: demo
11 |     image: ikubernetes/demoapp:v1.0
12 |     imagePullPolicy: IfNotPresent
13 |     command: ["/bin/sh","-c"]
14 |     args: ["/sbin/iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80 && /usr/bin/python3 /usr/local/bin/demo.py"]
15 |     securityContext:
16 |       capabilities:
17 |         add: ['NET_ADMIN']
18 |         #drop: ['CHOWN']
19 | 


--------------------------------------------------------------------------------
/examples/pods/sidecar-container-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | # ---
 4 | apiVersion: v1
 5 | kind: Pod
 6 | metadata:
 7 |   name: sidecar-container-demo
 8 |   namespace: default
 9 | spec:
10 |   containers:
11 |   - name: proxy
12 |     image: envoyproxy/envoy-alpine:v1.14.1
13 |   - name: demo
14 |     image: ikubernetes/demoapp:v1.0
15 |     imagePullPolicy: IfNotPresent
16 |     env:
17 |     - name: HOST
18 |       value: "127.0.0.1"
19 |     - name: PORT
20 |       value: "8080"
21 | 


--------------------------------------------------------------------------------
/examples/pods/startup-exec-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | # ---
 4 | apiVersion: v1
 5 | kind: Pod
 6 | metadata:
 7 |   name: startup-exec-demo
 8 |   namespace: default
 9 | spec:
10 |   containers:
11 |   - name: demo
12 |     image: ikubernetes/demoapp:v1.0
13 |     imagePullPolicy: IfNotPresent
14 |     startupProbe:
15 |       exec:
16 |         command: ['/bin/sh', '-c', '[ "$(/usr/bin/curl -s http://127.0.0.1/livez)" == "OK" ]']
17 |       initialDelaySeconds: 0
18 |       failureThreshold: 3
19 |       periodSeconds: 5
20 | 


--------------------------------------------------------------------------------
/examples/services/configmap-coredns.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | data:
 3 |   Corefile: |
 4 |     .:53 {
 5 |         errors
 6 |         health {
 7 |            lameduck 5s
 8 |         }
 9 |         ready
10 |         rewrite stop {
11 |             name regex (jenkins.*)\.magedu\.com  {1}.jenkins.svc.cluster.local 
12 |             answer (jenkins.*)\.jenkins\.svc\.cluster\.local {1}.magedu.com
13 |         }
14 |         kubernetes cluster.local in-addr.arpa ip6.arpa {
15 |            pods insecure
16 |            fallthrough in-addr.arpa ip6.arpa
17 |            ttl 30
18 |         }
19 |         prometheus :9153
20 |         forward . /etc/resolv.conf {
21 |            max_concurrent 1000
22 |         }
23 |         cache 30
24 |         loop
25 |         reload
26 |         loadbalance
27 |     }
28 | kind: ConfigMap
29 | metadata:
30 |   name: coredns
31 |   namespace: kube-system
32 | 


--------------------------------------------------------------------------------
/examples/services/demoapp-headless-svc.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | ---
 4 | kind: Service
 5 | apiVersion: v1
 6 | metadata:
 7 |   name: demoapp-headless-svc
 8 | spec:
 9 |   clusterIP: None
10 |   selector:
11 |     app: demoapp
12 |   ports:
13 |   - port: 80
14 |     targetPort: 80
15 |     name: http
16 | 


--------------------------------------------------------------------------------
/examples/services/endpointslice-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: discovery.k8s.io/v1beta1
 2 | kind: EndpointSlice
 3 | metadata:
 4 |   name: demoapp-01
 5 |   labels:
 6 |     kubernetes.io/service-name: demoapp
 7 | addressType: IPv4
 8 | ports:
 9 |   - name: http
10 |     protocol: TCP
11 |     port: 80
12 | endpoints:
13 |   - addresses:
14 |     - "10.244.101.3"
15 |     conditions:
16 |       ready: true
17 |   - addresses:
18 |     - "10.244.102.6"
19 |     conditions:
20 |       ready: true
21 | 


--------------------------------------------------------------------------------
/examples/services/externalname-redis-svc.yaml:
--------------------------------------------------------------------------------
 1 | kind: Service
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: externalname-redis-svc
 5 |   namespace: default
 6 | spec:
 7 |   type: ExternalName
 8 |   externalName: redis.ik8s.io
 9 |   ports:
10 |   - protocol: TCP
11 |     port: 6379
12 |     targetPort: 6379
13 |     nodePort: 0
14 |   selector: {}
15 | 


--------------------------------------------------------------------------------
/examples/services/mysql-endpoints-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Endpoints
 3 | metadata:
 4 |   name: mysql-external
 5 |   namespace: default
 6 | subsets:
 7 | - addresses:
 8 |   - ip: 172.29.9.51
 9 |   - ip: 172.29.9.52
10 |   ports:
11 |   - name: mysql
12 |     port: 3306
13 |     protocol: TCP
14 | ---
15 | apiVersion: v1
16 | kind: Service
17 | metadata:
18 |   name: mysql-external
19 |   namespace: default
20 | spec:
21 |   type: ClusterIP
22 |   ports:
23 |   - name: mysql
24 |     port: 3306
25 |     targetPort: 3306
26 |     protocol: TCP
27 | 


--------------------------------------------------------------------------------
/examples/services/pod-with-dnspolicy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: pod-with-dnspolicy
 5 |   namespace: default
 6 | spec:
 7 |   containers:
 8 |   - name: demo
 9 |     image: ikubernetes/demoapp:v1.0
10 |     imagePullPolicy: IfNotPresent
11 |   dnsPolicy: None
12 |   dnsConfig:
13 |     nameservers:
14 |     - 10.96.0.10
15 |     - 223.5.5.5
16 |     - 223.6.6.6
17 |     searches: 
18 |     - svc.cluster.local
19 |     - cluster.local
20 |     - ilinux.io
21 |     options:
22 |     - name: ndots
23 |       value: "5"
24 | 


--------------------------------------------------------------------------------
/examples/services/services-clusterip-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | ---
 4 | kind: Service
 5 | apiVersion: v1
 6 | metadata:
 7 |   name: demoapp-svc
 8 |   namespace: default
 9 | spec:
10 |   clusterIP: 10.97.72.1
11 |   selector:
12 |     app: demoapp
13 |   ports:
14 |   - name: http
15 |     protocol: TCP
16 |     port: 80
17 |     targetPort: 80
18 | 


--------------------------------------------------------------------------------
/examples/services/services-externalip-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | ---
 4 | kind: Service
 5 | apiVersion: v1
 6 | metadata:
 7 |   name: demoapp-externalip-svc
 8 |   namespace: default
 9 | spec:
10 |   type: ClusterIP
11 |   selector:
12 |     app: demoapp
13 |   ports:
14 |   - name: http
15 |     protocol: TCP
16 |     port: 80
17 |     targetPort: 80
18 |   externalIPs:
19 |   - 172.29.9.26
20 | 


--------------------------------------------------------------------------------
/examples/services/services-loadbalancer-demo.yaml:
--------------------------------------------------------------------------------
 1 | kind: Service
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: demoapp-loadbalancer-svc
 5 | spec:
 6 |   type: LoadBalancer
 7 |   selector:
 8 |     app: demoapp
 9 |   ports:
10 |   - name: http
11 |     protocol: TCP
12 |     port: 80
13 |     targetPort: 80
14 |   loadBalancerIP: 1.2.3.4
15 | 


--------------------------------------------------------------------------------
/examples/services/services-nodeport-demo.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # URL: http://www.magedu.com
 3 | ---
 4 | kind: Service
 5 | apiVersion: v1
 6 | metadata:
 7 |   name: demoapp-nodeport-svc
 8 | spec:
 9 |   type: NodePort
10 |   clusterIP: 10.97.56.1
11 |   selector:
12 |     app: demoapp
13 |   ports:
14 |   - name: http
15 |     protocol: TCP
16 |     port: 80
17 |     targetPort: 80
18 |     nodePort: 31398
19 |   # externalTrafficPolicy: Local
20 | 


--------------------------------------------------------------------------------
/examples/statefulsets/mysql/01-configmap-mysql.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: mysql
 5 | data:
 6 |   primary.cnf: |
 7 |     # Apply this config only on the primary.
 8 |     [mysql]
 9 |     default-character-set=utf8mb4
10 |     [mysqld]
11 |     log-bin
12 |     character-set-server=utf8mb4
13 |     [client]
14 |     default-character-set=utf8mb4
15 | 
16 |   replica.cnf: |
17 |     # Apply this config only on replicas.
18 |     [mysql]
19 |     default-character-set=utf8mb4
20 |     [mysqld]
21 |     super-read-only    
22 |     character-set-server=utf8mb4
23 |     [client]
24 |     default-character-set=utf8mb4
25 | 


--------------------------------------------------------------------------------
/examples/statefulsets/mysql/02-services-mysql.yaml:
--------------------------------------------------------------------------------
 1 | # Headless service for stable DNS entries of StatefulSet members.
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: mysql
 6 | spec:
 7 |   ports:
 8 |   - name: mysql
 9 |     port: 3306
10 |   clusterIP: None
11 |   selector:
12 |     app: mysql
13 | ---
14 | # Client service for connecting to any MySQL instance for reads.
15 | # For writes, you must instead connect to the primary: mysql-0.mysql.
16 | apiVersion: v1
17 | kind: Service
18 | metadata:
19 |   name: mysql-read
20 |   labels:
21 |     app: mysql
22 | spec:
23 |   ports:
24 |   - name: mysql
25 |     port: 3306
26 |   selector:
27 |     app: mysql
28 | 


--------------------------------------------------------------------------------
/examples/statefulsets/mysql/README.md:
--------------------------------------------------------------------------------
 1 | # 部署MySQL主从复制集群
 2 | 
 3 | 依赖的环境：支持PV动态置备的StorageClass/nfs-csi;
 4 | 
 5 | ### 部署过程
 6 | 
 7 | ```bash
 8 | kubectl create namespace mysql
 9 | kubectl apply ./ -n mysql
10 | ```
11 | 
12 | ### 访问入口
13 | 
14 | 读请求：mysql-read.mysql.svc.cluster.local
15 | 
16 | 写请求：mysql-0.mysql.mysql.svc.cluster.local
17 | 
18 | 
19 | 
20 | 


--------------------------------------------------------------------------------
/examples/volumes/dynamic-pvc-demo.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: pvc-nfs-dynamic
 6 | spec:
 7 |   accessModes:
 8 |     - ReadWriteMany
 9 |   resources:
10 |     requests:
11 |       storage: 10Gi
12 |   storageClassName: nfs-csi
13 | 


--------------------------------------------------------------------------------
/examples/volumes/local-pv-demo/local-pv-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolume
 3 | metadata:
 4 |   name: local-pv-demo
 5 | spec:
 6 |   capacity:
 7 |     storage: 5Gi
 8 |   volumeMode: Filesystem
 9 |   accessModes:
10 |   - ReadWriteOnce
11 |   persistentVolumeReclaimPolicy: Delete
12 |   storageClassName: local
13 |   local:
14 |     path: /disks/vol1
15 |   nodeAffinity:
16 |     required:
17 |       nodeSelectorTerms:
18 |       - matchExpressions:
19 |         - key: kubernetes.io/hostname
20 |           operator: In
21 |           values:
22 |           - k8s-node01.magedu.com
23 | 


--------------------------------------------------------------------------------
/examples/volumes/local-pv-demo/pod-with-localpv.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: pod-with-localpv
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     ports: 
10 |     - containerPort: 6379
11 |       name: redis
12 |     volumeMounts: 
13 |     - mountPath: "/data"
14 |       name: data
15 |   volumes:
16 |     - name: data
17 |       persistentVolumeClaim:
18 |         claimName: pvc-localpv-demo
19 | 


--------------------------------------------------------------------------------
/examples/volumes/local-pv-demo/pvc-localpv-demo.yaml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: pvc-localpv-demo
 5 | spec:
 6 |   accessModes:
 7 |   - ReadWriteOnce
 8 |   resources:
 9 |     requests:
10 |       storage: 5Gi
11 |   storageClassName: local
12 | 


--------------------------------------------------------------------------------
/examples/volumes/local-pv-demo/storageclass-local.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 |   name: local
5 | provisioner: kubernetes.io/no-provisioner
6 | volumeBindingMode: WaitForFirstConsumer
7 | 


--------------------------------------------------------------------------------
/examples/volumes/openebs/openebs-local-hostpath-pvc.yaml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: openebs-local-hostpath-pvc
 5 | spec:
 6 |   storageClassName: openebs-hostpath
 7 |   accessModes:
 8 |     - ReadWriteOnce
 9 |   resources:
10 |     requests:
11 |       storage: 5G
12 | 


--------------------------------------------------------------------------------
/examples/volumes/openebs/redis-with-openebs-local-hostpath.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: redis-with-openebs-local-hostpath
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     ports:
10 |     - containerPort: 6379
11 |       name: redis
12 |     volumeMounts:
13 |     - mountPath: /data
14 |       name: local-storage
15 |   volumes:
16 |   - name: local-storage
17 |     persistentVolumeClaim:
18 |       claimName: openebs-local-hostpath-pvc
19 | 


--------------------------------------------------------------------------------
/examples/volumes/pod-demoapp.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: demoapp-pod
 5 |   namespace: default
 6 | spec:
 7 |   containers:
 8 |   - name: demoapp
 9 |     image: ikubernetes/demoapp:v1.0
10 | 


--------------------------------------------------------------------------------
/examples/volumes/pod-with-emptyDir-vol.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: pods-with-emptydir-vol
 5 | spec:
 6 |   containers:
 7 |   - image: ikubernetes/admin-box:v1.2
 8 |     name: admin
 9 |     command: ["/bin/sh", "-c"]
10 |     args: ["sleep 99999"]
11 |     resources: {}
12 |     volumeMounts:
13 |     - name: data
14 |       mountPath: /data
15 |   - image: ikubernetes/demoapp:v1.0
16 |     name: demoapp
17 |     resources: {}
18 |     volumeMounts:
19 |     - name: data
20 |       mountPath: /var/www/html
21 |   volumes:
22 |   - name: data
23 |     emptyDir:
24 |       medium: Memory
25 |       sizeLimit: 16Mi
26 |   dnsPolicy: ClusterFirst
27 |   restartPolicy: Always
28 | 


--------------------------------------------------------------------------------
/examples/volumes/pod-with-hostpath-vol-02.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: volumes-hostpath-demo
 5 | spec:
 6 |   containers:
 7 |   - name: filebeat
 8 |     image: ikubernetes/filebeat:5.6.7-alpine
 9 |     env:
10 |     - name: REDIS_HOST
11 |       value: redis.ilinux.io:6379
12 |     - name: LOG_LEVEL
13 |       value: info
14 |     volumeMounts:
15 |     - name: varlog
16 |       mountPath: /var/log
17 |     - name: socket
18 |       mountPath: /var/run/docker.sock
19 |     - name: varlibdockercontainers
20 |       mountPath: /var/lib/docker/containers
21 |       readOnly: true
22 |   volumes:
23 |   - name: varlog
24 |     hostPath:
25 |       path: /var/log
26 |   - name: varlibdockercontainers
27 |     hostPath:
28 |       path: /var/lib/docker/containers
29 |   - name: socket
30 |     hostPath:
31 |       path: /var/run/docker.sock
32 | 


--------------------------------------------------------------------------------
/examples/volumes/pod-with-hostpath-vol.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: redis
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     imagePullPolicy: IfNotPresent
10 |     volumeMounts:
11 |     - name: redisdata
12 |       mountPath: /data
13 |   volumes:
14 |   - name: redisdata
15 |     hostPath:
16 |       type: DirectoryOrCreate
17 |       path: /data/redis
18 | 
19 | 


--------------------------------------------------------------------------------
/examples/volumes/pod-with-nfs-vol.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: redis-nfs-002
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     imagePullPolicy: IfNotPresent
10 |     volumeMounts:
11 |     - name: redisdata
12 |       mountPath: /data
13 |   volumes:
14 |   - name: redisdata
15 |     nfs:
16 |       server: 172.29.7.1
17 |       path: /data/redis001
18 | 
19 | 


--------------------------------------------------------------------------------
/examples/volumes/pod-with-pvc-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: redis-dyn-pvc
 5 | spec:
 6 |   containers:
 7 |   - name: redis
 8 |     image: redis:7-alpine
 9 |     imagePullPolicy: IfNotPresent
10 |     ports:
11 |     - containerPort: 6379
12 |       name: redisport
13 |     volumeMounts:
14 |     - mountPath: /data
15 |       name: redis-pvc-vol
16 |   volumes:
17 |   - name: redis-pvc-vol
18 |     persistentVolumeClaim:
19 |       claimName: nfs-csi
20 | 


--------------------------------------------------------------------------------
/examples/volumes/pv-nfs-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolume
 3 | metadata:
 4 |   name: pv-nfs-demo
 5 | spec:
 6 |   capacity:
 7 |     storage: 5Gi
 8 |   volumeMode: Filesystem
 9 |   accessModes:
10 |     - ReadWriteMany
11 |   persistentVolumeReclaimPolicy: Retain
12 |   mountOptions:
13 |     - hard
14 |     - nfsvers=4.1
15 |   nfs:
16 |     path:  "/data/redis02"
17 |     server: nfs.magedu.com
18 | 


--------------------------------------------------------------------------------
/examples/volumes/pvc-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   name: pvc-demo
 5 | spec:
 6 |   accessModes: ["ReadWriteMany"]
 7 |   volumeMode: Filesystem
 8 |   resources:
 9 |     requests:
10 |       storage: 3Gi
11 |     limits:
12 |       storage: 10Gi
13 | 


--------------------------------------------------------------------------------
/examples/volumes/storageclass-nfs.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: storage.k8s.io/v1
 3 | kind: StorageClass
 4 | metadata:
 5 |   name: nfs-csi
 6 | provisioner: nfs.csi.k8s.io
 7 | parameters:
 8 |   #server: nfs-server.default.svc.cluster.local
 9 |   server: nfs-server.nfs.svc.cluster.local
10 |   share: /
11 | #reclaimPolicy: Delete
12 | reclaimPolicy: Retain
13 | volumeBindingMode: Immediate
14 | mountOptions:
15 |   - hard
16 |   - nfsvers=4.1
17 | 


--------------------------------------------------------------------------------
/examples/volumes/volumes-nfs-demo.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: volumes-nfs-demo
 5 |   labels:
 6 |     app: redis
 7 | spec:
 8 |   containers:
 9 |   - name: redis
10 |     image: redis:7-alpine
11 |     ports:
12 |     - containerPort: 6379
13 |       name: redisport
14 |     securityContext:
15 |       runAsUser: 999
16 |     volumeMounts:
17 |     - mountPath: /data
18 |       name: redisdata
19 |   volumes:
20 |     - name: redisdata
21 |       nfs:
22 |         server: nfs.ilinux.io
23 |         path: /data/redis
24 |         readOnly: false
25 | 


--------------------------------------------------------------------------------
/examples/wordpress/01-namespace-blog.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 |   creationTimestamp: null
5 |   name: blog
6 | spec: {}
7 | status: {}
8 | 


--------------------------------------------------------------------------------
/examples/wordpress/02-mysql-secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | data:
 3 |   root.password: bWFnZWR1LmNvbQ==
 4 |   wordpress.db: d3BkYg==
 5 |   wordpress.password: d3BwYXNz
 6 |   wordpress.username: d3B1c2Vy
 7 | kind: Secret
 8 | metadata:
 9 |   creationTimestamp: null
10 |   name: mysql-secret
11 |   namespace: blog
12 | 


--------------------------------------------------------------------------------
/examples/wordpress/03-mysql-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: mysql
 6 |   name: mysql
 7 |   namespace: blog
 8 | spec:
 9 |   ports:
10 |   - name: 3306-3306
11 |     port: 3306
12 |     protocol: TCP
13 |     targetPort: 3306
14 |   selector:
15 |     app: mysql
16 |   type: ClusterIP
17 |   clusterIP: None
18 | 


--------------------------------------------------------------------------------
/examples/wordpress/05-wordpress-service.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: wordpress
 6 |   name: wordpress
 7 |   namespace: blog
 8 | spec:
 9 |   ports:
10 |   - name: 80-80
11 |     port: 80
12 |     protocol: TCP
13 |     targetPort: 80
14 |   selector:
15 |     app: wordpress
16 |   type: LoadBalancer
17 | 


--------------------------------------------------------------------------------
/examples/wordpress/06-pvc-wordpress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   name: wordpress-pvc
 5 |   namespace: blog
 6 | spec:
 7 |   accessModes: ["ReadWriteMany"]
 8 |   volumeMode: Filesystem
 9 |   resources:
10 |     requests:
11 |       storage: 5Gi
12 |   storageClassName: openebs-rwx
13 | 


--------------------------------------------------------------------------------
/examples/wordpress/README.md:
--------------------------------------------------------------------------------
 1 | # 部署Wordpress
 2 | 
 3 | 说明：本示例中的wordpress依赖于基于OpenEBS的nfs provider实现支持RWX访问模式的PV，存储类的名称为openebs-rwx；mysql依赖于基于OpenEBS默认的openbs-hostpath存储类。
 4 | 
 5 | 而后，运行如下命令，即可完成部署。
 6 | 
 7 | ```bash
 8 | kubectl apply -f ./
 9 | ```
10 | 
11 | 
12 | 
13 | 


--------------------------------------------------------------------------------
/gitlab/README.md:
--------------------------------------------------------------------------------
 1 | # 在Kubernetes集群上部署Gitlab
 2 | 依赖的环境：
 3 | - 基于OpenEBS的存储服务，以及相关的StorageClass，资源名称为openebs-hostpath；或设定一个默认的StorageClass。
 4 | - Ingress Nginx Controller
 5 | 
 6 | ### 部署（二选一）
 7 | 
 8 | 创建用于部署GitLab的名称空间，例如gitlab。
 9 | 
10 | ```bash
11 | kubectl create namespace gitlab
12 | ```
13 | 
14 | 非持久化存储。
15 | 
16 | ```
17 | kubectl apply -f deploy/ -n gitlab
18 | ```
19 | 
20 | 持久化存储，依赖于事先配置的StorageClass/openebs-hostpath。
21 | 
22 | ```bash
23 | kubectl apply -f deploy-persistent/ -n gitlab
24 | ```
25 | 
26 | 


--------------------------------------------------------------------------------
/gitlab/deploy-persistent/pvc.yaml:
--------------------------------------------------------------------------------
 1 | # Author: 'MageEdu <mage@magedu.com>'
 2 | ---
 3 | apiVersion: v1
 4 | kind: PersistentVolumeClaim
 5 | metadata:
 6 |   name: redis-pvc
 7 | spec:
 8 |   accessModes:
 9 |     - ReadWriteOnce
10 |   resources:
11 |     requests:
12 |       storage: 5Gi
13 |   storageClassName: openebs-hostpath
14 | ---
15 | apiVersion: v1
16 | kind: PersistentVolumeClaim
17 | metadata:
18 |   name: postgresql-pvc
19 | spec:
20 |   accessModes:
21 |     - ReadWriteOnce
22 |   resources:
23 |     requests:
24 |       storage: 5Gi
25 |   storageClassName: openebs-hostpath
26 | ---
27 | apiVersion: v1
28 | kind: PersistentVolumeClaim
29 | metadata:
30 |   name: gitlab-pvc
31 | spec:
32 |   accessModes:
33 |     - ReadWriteOnce
34 |   resources:
35 |     requests:
36 |       storage: 10Gi
37 |   storageClassName: openebs-hostpath
38 | ---
39 | 


--------------------------------------------------------------------------------
/gitlab/deploy-persistent/secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: gitlab
 5 | data:
 6 |   db_pass: bWFnZWR1LmNvbQ==
 7 |   db_user: Z2l0bGFi
 8 |   db_name: Z2l0bGFiX3Byb2R1Y3Rpb24=
 9 |   imap_user: TWFnZUVkdQ==
10 |   imap_pass: bWFnZWR1LmNvbQ==
11 |   # imap password: magedu.com
12 |   smtp_user: bWFpbGVyQG1hZ2VkdS5jb20=
13 |   smtp_pass: bWFnZWR1LmNvbQ==
14 |   # smtp password: magedu.com
15 | type: Opaque
16 | 


--------------------------------------------------------------------------------
/gitlab/deploy/secret.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   name: gitlab
 5 | data:
 6 |   db_pass: bWFnZWR1LmNvbQ==
 7 |   db_user: Z2l0bGFi
 8 |   db_name: Z2l0bGFiX3Byb2R1Y3Rpb24=
 9 |   imap_user: TWFnZUVkdQ==
10 |   imap_pass: bWFnZWR1LmNvbQ==
11 |   # imap password: magedu.com
12 |   smtp_user: bWFpbGVyQG1hZ2VkdS5jb20=
13 |   smtp_pass: bWFnZWR1LmNvbQ==
14 |   # smtp password: magedu.com
15 | type: Opaque
16 | 


--------------------------------------------------------------------------------
/helm-examples/harbor/README.md:
--------------------------------------------------------------------------------
 1 | # Helm 部署 Harbor
 2 | 
 3 | 首先，运行如下命令，添加harbor的Chart仓库。
 4 | 
 5 | ```bash
 6 | helm repo add harbor https://helm.goharbor.io
 7 | ```
 8 | 
 9 | 而后，运行如下命令，基于该仓库中的值文件“harbor-values.yaml”即可部署Harbor。它默认依赖于“nfs-csi”存储类。
10 | 
11 | ```bash
12 | helm install harbor -f harbor-values.yaml harbor/harbor -n harbor --create-namespace
13 | ```
14 | 
15 | 若需要基于“openebs-hostpath”存储类进行部署，则可以改用如下命令进行部署。
16 | 
17 | ```bash
18 | helm install harbor -f harbor-values-openebs.yaml harbor/harbor -n harbor --create-namespace
19 | ```
20 | 
21 | ### 版权声明
22 | 
23 | 本示例由[马哥教育](http://www.magedu.com)原创，允许自由转载，商用必须经由马哥教育的书面同意。
24 | 


--------------------------------------------------------------------------------
/ingress-canary-demo/01-ingress-demoapp.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: demoapp
 5 |   annotations:
 6 |     kubernetes.io/ingress.class: nginx
 7 | spec:
 8 |   rules:
 9 |   - host: demoapp.magedu.com
10 |     http:
11 |       paths:
12 |       - backend:
13 |           service:
14 |             name: demoapp-v10
15 |             port: 
16 |               number: 80
17 |         path: /
18 |         pathType: Prefix
19 | 


--------------------------------------------------------------------------------
/ingress-canary-demo/02-canary-by-header.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |     nginx.ingress.kubernetes.io/canary: "true"
 7 |     nginx.ingress.kubernetes.io/canary-by-header: "X-Canary"
 8 |   name: demoapp-canary-by-header
 9 | spec:
10 |   rules:
11 |   - host: demoapp.magedu.com
12 |     http:
13 |       paths:
14 |       - backend:
15 |           service:
16 |             name: demoapp-v11
17 |             port: 
18 |               number: 80
19 |         path: /
20 |         pathType: Prefix
21 | 


--------------------------------------------------------------------------------
/ingress-canary-demo/03-canary-by-header-value.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |     nginx.ingress.kubernetes.io/canary: "true"
 7 |     nginx.ingress.kubernetes.io/canary-by-header: "IsVIP"
 8 |     nginx.ingress.kubernetes.io/canary-by-header-value: "false"
 9 |   name: demoapp-canary-by-header-value
10 | spec:
11 |   rules:
12 |   - host: demoapp.magedu.com
13 |     http:
14 |       paths:
15 |       - backend:
16 |           service:
17 |             name: demoapp-v11
18 |             port: 
19 |               number: 80
20 |         path: /
21 |         pathType: Prefix
22 | 


--------------------------------------------------------------------------------
/ingress-canary-demo/04-canary-by-header-pattern.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |     nginx.ingress.kubernetes.io/canary: "true"
 7 |     nginx.ingress.kubernetes.io/canary-by-header: "Username"
 8 |     nginx.ingress.kubernetes.io/canary-by-header-pattern: "(vip|VIP)_.*"
 9 |   name: demoapp-canary-by-header-pattern
10 | spec:
11 |   rules:
12 |   - host: demoapp.magedu.com
13 |     http:
14 |       paths:
15 |       - backend:
16 |           service:
17 |             name: demoapp-v11
18 |             port:
19 |               number: 80
20 |         path: /
21 |         pathType: Prefix
22 | 


--------------------------------------------------------------------------------
/ingress-canary-demo/05-canary-by-weight.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |     nginx.ingress.kubernetes.io/canary: "true"
 7 |     nginx.ingress.kubernetes.io/canary-weight: "10"
 8 |   name: demoapp-canary-by-weight
 9 | spec:
10 |   rules:
11 |   - host: demoapp.magedu.com
12 |     http:
13 |       paths:
14 |       - backend:
15 |           service:
16 |             name: demoapp-v11
17 |             port:
18 |               number: 80
19 |         path: /
20 |         pathType: Prefix
21 | 


--------------------------------------------------------------------------------
/ingress-canary-demo/06-canary-by-cookie.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   annotations:
 5 |     kubernetes.io/ingress.class: nginx
 6 |     nginx.ingress.kubernetes.io/canary: "true"
 7 |     nginx.ingress.kubernetes.io/canary-by-cookie: "vip_user"
 8 |   name: demoapp-canary-by-cookie
 9 | spec:
10 |   rules:
11 |   - host: demoapp.magedu.com
12 |     http:
13 |       paths:
14 |       - backend:
15 |           service:
16 |             name: demoapp-v11
17 |             port:
18 |               number: 80
19 |         path: /
20 |         pathType: Prefix
21 | 


--------------------------------------------------------------------------------
/ingress-canary-demo/README.md:
--------------------------------------------------------------------------------
1 | # Ingress Nginx Controller Installation
2 | 
3 | [Docs](https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/index.md)
4 | 


--------------------------------------------------------------------------------
/ingress-canary-demo/deploy-demoap-v1_0.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: demoapp
 6 |   name: demoapp-v10
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: demoapp
12 |       version: v1.0
13 |   strategy: {}
14 |   template:
15 |     metadata:
16 |       labels:
17 |         app: demoapp
18 |         version: v1.0
19 |     spec:
20 |       containers:
21 |       - image: ikubernetes/demoapp:v1.0
22 |         name: demoapp
23 |         resources: {}
24 | ---
25 | apiVersion: v1
26 | kind: Service
27 | metadata:
28 |   labels:
29 |     app: demoapp
30 |   name: demoapp-v10
31 | spec:
32 |   ports:
33 |   - name: http-80
34 |     port: 80
35 |     protocol: TCP
36 |     targetPort: 80
37 |   selector:
38 |     app: demoapp
39 |     version: v1.0
40 |   type: ClusterIP
41 | 


--------------------------------------------------------------------------------
/ingress-canary-demo/deploy-demoap-v1_1.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: demoapp
 6 |   name: demoapp-v11
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: demoapp
12 |       version: v1.1
13 |   strategy: {}
14 |   template:
15 |     metadata:
16 |       labels:
17 |         app: demoapp
18 |         version: v1.1
19 |     spec:
20 |       containers:
21 |       - image: ikubernetes/demoapp:v1.1
22 |         name: demoapp
23 |         resources: {}
24 | ---
25 | apiVersion: v1
26 | kind: Service
27 | metadata:
28 |   labels:
29 |     app: demoapp
30 |   name: demoapp-v11
31 | spec:
32 |   ports:
33 |   - name: http-80
34 |     port: 80
35 |     protocol: TCP
36 |     targetPort: 80
37 |   selector:
38 |     app: demoapp
39 |     version: v1.1
40 |   type: ClusterIP
41 | 


--------------------------------------------------------------------------------
/jenkins/deploy/01-namespace-jenkins.yaml:
--------------------------------------------------------------------------------
1 | # Maintainer: MageEdu <mage@magedu.com>
2 | ---
3 | apiVersion: v1
4 | kind: Namespace
5 | metadata:
6 |   name: jenkins
7 | 


--------------------------------------------------------------------------------
/jenkins/deploy/02-pvc-jenkins.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: jenkins-pvc
 6 |   namespace: jenkins
 7 | spec:
 8 |   accessModes:
 9 |     - ReadWriteMany
10 |   resources:
11 |     requests:
12 |       storage: 10Gi
13 |   storageClassName: nfs-csi
14 | 


--------------------------------------------------------------------------------
/jenkins/deploy/05-service-jenkins.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Service
 4 | metadata:
 5 |   name: jenkins
 6 |   namespace: jenkins 
 7 |   labels:
 8 |     app: jenkins
 9 | spec:
10 |   selector:
11 |     app: jenkins
12 |   type: NodePort
13 |   ports:
14 |   - name: http
15 |     port: 8080
16 |     targetPort: 8080
17 | ---
18 | apiVersion: v1
19 | kind: Service
20 | metadata:
21 |   name: jenkins-jnlp
22 |   namespace: jenkins 
23 |   labels:
24 |     app: jenkins
25 | spec:
26 |   selector:
27 |     app: jenkins
28 |   ports:
29 |   - name: agent
30 |     port: 50000
31 |     targetPort: 50000
32 | 


--------------------------------------------------------------------------------
/jenkins/deploy/06-pvc-maven-cache.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: PersistentVolumeClaim
 4 | metadata:
 5 |   name: pvc-maven-cache
 6 |   namespace: jenkins
 7 | spec:
 8 |   accessModes:
 9 |     - ReadWriteMany
10 |   resources:
11 |     requests:
12 |       storage: 10Gi
13 |   storageClassName: nfs-csi
14 | 


--------------------------------------------------------------------------------
/jenkins/deploy/07-ingress-jenkins.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: jenkins
 5 |   namespace: jenkins
 6 | spec:
 7 |   ingressClassName: nginx
 8 |   rules:
 9 |   - host: cicd.magedu.com
10 |     http:
11 |       paths:
12 |       - backend:
13 |           service:
14 |             name: jenkins
15 |             port: 
16 |               number: 8080 
17 |         path: /
18 |         pathType: Prefix
19 |   - host: jenkins.magedu.com
20 |     http:
21 |       paths:
22 |       - backend:
23 |           service:
24 |             name: jenkins
25 |             port: 
26 |               number: 8080 
27 |         path: /
28 |         pathType: Prefix
29 | 


--------------------------------------------------------------------------------
/karmada/01-demoapp-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: demoapp
 5 |   namespace: default
 6 | spec:
 7 |   replicas: 4
 8 |   selector:
 9 |     matchLabels:
10 |       app: demoapp
11 |   template:
12 |     metadata:
13 |       labels:
14 |         app: demoapp
15 |     spec:
16 |       containers:
17 |       - image: ikubernetes/demoapp:v1.0
18 |         name: demoapp
19 | 


--------------------------------------------------------------------------------
/karmada/02-demoapp-propergation-policy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: policy.karmada.io/v1alpha1
 2 | kind: PropagationPolicy
 3 | metadata:
 4 |   name: propagationpolicy-demo
 5 | spec:
 6 |   resourceSelectors:
 7 |     - apiVersion: apps/v1
 8 |       kind: Deployment
 9 |       name: demoapp
10 |   placement:
11 |     clusterAffinity:
12 |       clusterNames:
13 |       # 分发到的目标集群的名称列表
14 |         - kube02
15 |         - kube03
16 |   propagateDeps: true
17 |   # 自动分发依赖到的其它资源对象
18 | 


--------------------------------------------------------------------------------
/karmada/03-demoapp-override-policy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: policy.karmada.io/v1alpha1
 2 | kind: OverridePolicy
 3 | metadata:
 4 |   name: overridepolicy-demo
 5 | spec:
 6 |   resourceSelectors:
 7 |   - apiVersion: apps/v1
 8 |     kind: Deployment
 9 |     name: demoapp
10 |     # 存在非空name字段时,labelSelector字段将被自动忽略;
11 |     labelSelector: 
12 |       matchLabels:
13 |         app: demoapp
14 |   overrideRules:
15 |   - overriders:
16 |       imageOverrider:
17 |       - component: Tag
18 |         operator: replace
19 |         value: 'v1.1'
20 |     targetCluster:
21 |       clusterNames: 
22 |       - kube03
23 | 


--------------------------------------------------------------------------------
/karmada/04-propagationpolicy-ha.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # Date: 2023-12-10 17:38:00
 3 | #
 4 | apiVersion: policy.karmada.io/v1alpha1
 5 | kind: PropagationPolicy
 6 | metadata:
 7 |   name: propagationpolicy-ha-demo
 8 | spec:
 9 |   resourceSelectors:
10 |     - apiVersion: apps/v1
11 |       kind: Deployment
12 |       name: demoapp
13 |   placement:
14 |     replicaScheduling:
15 |       replicaSchedulingType: Duplicated  
16 |       # 副本调度使用复制模式
17 |     spreadConstraints:
18 |       - spreadByField: region
19 |         maxGroups: 2
20 |         minGroups: 2
21 |         # 要分散至多少个Region中部署应用
22 |       - spreadByField: cluster
23 |         maxGroups: 1
24 |         minGroups: 1
25 |         # 定义spreadByField策略时,必须启用基于cluster的分发
26 |         # 该处的配置表示,在每个Region内,只需要分发应用部署到一个cluster中即可;
27 |   propagateDeps: true
28 |   # 自动分发依赖到的其它资源对象
29 | 


--------------------------------------------------------------------------------
/karmada/05-propagationpolicy-spread.yaml:
--------------------------------------------------------------------------------
 1 | # Maintainer: MageEdu <mage@magedu.com>
 2 | # Date: 2023-12-10 17:38:00
 3 | #
 4 | apiVersion: policy.karmada.io/v1alpha1
 5 | kind: PropagationPolicy
 6 | metadata:
 7 |   name: propagationpolicy-spread-demo
 8 | spec:
 9 |   resourceSelectors:
10 |     - apiVersion: apps/v1
11 |       kind: Deployment
12 |       name: demoapp
13 |   placement:
14 |     replicaScheduling:
15 |       replicaDivisionPreference: Weighted
16 |       replicaSchedulingType: Divided
17 |       # 基于权重将应用的副本分散至多个集群中
18 |       weightPreference:
19 |         staticWeightList:
20 |           - targetCluster:
21 |               clusterNames:
22 |                 - kube02
23 |             weight: 3
24 |           - targetCluster:
25 |               clusterNames:
26 |                 - kube03
27 |             weight: 1
28 |         # 使用为集群指定的静态权重
29 |   propagateDeps: true
30 |   # 自动分发依赖到的其它资源对象
31 | 


--------------------------------------------------------------------------------
/kube-prometheus/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # Kube-Promethes
 3 | 
 4 | 部署Prometheus及其相关的各组件是一项复杂的任务，好在，Prometheus Operator项目能够在Kubernetes环境上简化和自动化该过程。
 5 | 
 6 | > Operator建立在Kubernetes的两个关键原则之上：自定义资源 (CR)，它通过自定义资源定义 (CRD) 和自定义的Controller实现。
 7 | 
 8 | 
 9 | 
10 | Kube-Prometheus Opertor的主要目的，是用于简化和自动化管理在Kubernetes集群上运行的Prometheus监控套件。本质上，它是一个自定义控制器，用于监视通过以下CRD引入的资源类型下的对象。
11 | 
12 | - **Prometheus**：编排运行Prometheus Server实例
13 | - **Alertmanager**：编排运行Alertmanager实例
14 | - **ServiceMonitor**：定义要监视Kubernetes Service资源对象
15 | - **PodMonitor**：定义要监视的Pod资源对象
16 | - **Probe**：定义要监控的Ingess或静态Target，黑盒监控模式
17 | - **PrometheusRule**：为Prometheus Server定义告警规划或记录规则
18 | - **AlertmanagerConfig**：以声明方式为Alertmanager提供配置段
19 | - **PrometheusAgent**：编排运行Prometheus Agent
20 | - **scrapeconfigs**：为Prometheus Server提供scrape_config相关的配置段
21 | - thanosrulers：
22 | 
23 | 


--------------------------------------------------------------------------------
/kube-prometheus/probe-example.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: monitoring.coreos.com/v1
 2 | kind: Probe
 3 | metadata:
 4 |   name: web-probe-demo
 5 |   namespace: monitoring
 6 | spec:
 7 |   jobName: http-get
 8 |   interval: 60s
 9 |   module: http_2xx
10 |   prober:
11 |     url: blackbox-exporter.monitoring.svc:19115
12 |     scheme: http
13 |     path: /probe
14 |   targets:
15 |     staticConfig:
16 |       static:
17 |       - http://www.magedu.com
18 |       - https://www.google.com
19 | 


--------------------------------------------------------------------------------
/tutorials/configmap-and-secret/demoapp-conf.d/envoy.yaml:
--------------------------------------------------------------------------------
 1 | node:
 2 |   id: sidecar-proxy
 3 |   cluster: demoapp-cluster
 4 | 
 5 | admin:
 6 |   access_log_path: /tmp/admin_access.log
 7 |   address:
 8 |     socket_address: { address: 0.0.0.0, port_value: 9901 }
 9 | 
10 | dynamic_resources:
11 |   lds_config:
12 |     path: '/etc/envoy/lds.conf'
13 | 
14 | static_resources:
15 |   clusters:
16 |   - name: local_service
17 |     connect_timeout: 0.25s
18 |     type: STATIC
19 |     lb_policy: ROUND_ROBIN
20 |     load_assignment:
21 |       cluster_name: local_service
22 |       endpoints:
23 |       - lb_endpoints:
24 |         - endpoint:
25 |             address:
26 |               socket_address:
27 |                 address: 127.0.0.1
28 |                 port_value: 8080
29 | 


--------------------------------------------------------------------------------
/tutorials/configmap-and-secret/nginx-conf.d/myserver-gzip.cfg:
--------------------------------------------------------------------------------
1 | gzip on;
2 | gzip_comp_level 5;
3 | gzip_proxied     expired no-cache no-store private auth;
4 | gzip_types text/plain text/css application/xml text/javascript;
5 | 


--------------------------------------------------------------------------------
/tutorials/configmap-and-secret/nginx-conf.d/myserver-status.cfg:
--------------------------------------------------------------------------------
1 | location /nginx-status {
2 |     stub_status on;
3 |     access_log off;
4 | }
5 | 


--------------------------------------------------------------------------------
/tutorials/configmap-and-secret/nginx-conf.d/myserver.conf:
--------------------------------------------------------------------------------
 1 | server {
 2 |     listen 8080;
 3 |     server_name www.ik8s.io;
 4 | 
 5 |     include /etc/nginx/conf.d/myserver-*.cfg;
 6 | 
 7 |     location / {
 8 |         root /usr/share/nginx/html;
 9 |     }
10 | }
11 | 


--------------------------------------------------------------------------------
/tutorials/configmap-and-secret/nginx-ssl-conf.d/myserver-gzip.cfg:
--------------------------------------------------------------------------------
1 | gzip on;
2 | gzip_comp_level 5;
3 | gzip_proxied     expired no-cache no-store private auth;
4 | gzip_types text/plain text/css application/xml text/javascript;
5 | 


--------------------------------------------------------------------------------
/tutorials/configmap-and-secret/nginx-ssl-conf.d/myserver-status.cfg:
--------------------------------------------------------------------------------
1 | location /nginx-status {
2 |     stub_status on;
3 |     access_log off;
4 | }
5 | 


--------------------------------------------------------------------------------
/tutorials/configmap-and-secret/nginx-ssl-conf.d/myserver.conf:
--------------------------------------------------------------------------------
 1 | server {
 2 |     listen 443 ssl;
 3 |     server_name www.ik8s.io;
 4 | 
 5 |     ssl_certificate /etc/nginx/certs/tls.crt; 
 6 |     ssl_certificate_key /etc/nginx/certs/tls.key;
 7 | 
 8 |     ssl_session_timeout 5m;
 9 | 
10 |     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
11 | 
12 |     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
13 |     ssl_prefer_server_ciphers on;
14 | 
15 |     include /etc/nginx/conf.d/myserver-*.cfg;
16 | 
17 |     location / {
18 |         root /usr/share/nginx/html;
19 |     }
20 | }
21 | 
22 | server {
23 |     listen 80;
24 |     server_name www.ilinux.io; 
25 |     return 301 https://$host$request_uri; 
26 | }
27 | 


--------------------------------------------------------------------------------
/wordpress/README.md:
--------------------------------------------------------------------------------
 1 | # Wordpress 部署示例
 2 | 
 3 | 下面分两种情况进行部署说明，第一种是没有持久化存储的示例环境，第二种是基于PVC卷具有持久存储能力的环境。
 4 | 
 5 | ### Ephemeral
 6 | 
 7 | ```bash
 8 | kubectl apply -f mysql-ephemeral
 9 | kubectl apply -f wordpress-ephemeral
10 | ```
11 | 
12 | 
13 | 
14 | ### Depends on NFS-CSI Driver and NFS Server
15 | 
16 | ```bash
17 | kubectl apply -f mysql/
18 | kubectl apply -f wordpress/
19 | kubectl apply -f nginx/
20 | ```
21 | 
22 | 


--------------------------------------------------------------------------------
/wordpress/mysql-ephemeral/01-secret-mysql.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   creationTimestamp: null
 5 |   name: mysql-user-pass
 6 | data:
 7 |   database.name: d3BkYg==
 8 |   root.password: TUBnZUVkdQ==
 9 |   user.name: d3B1c2Vy
10 |   user.password: bWFnZURVLmMwbQ==
11 | 


--------------------------------------------------------------------------------
/wordpress/mysql-ephemeral/02-service-mysql.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: mysql
 6 |   name: mysql
 7 | spec:
 8 |   ports:
 9 |   - name: mysql
10 |     port: 3306
11 |     protocol: TCP
12 |     targetPort: 3306
13 |   selector:
14 |     app: mysql
15 |   type: ClusterIP
16 | 


--------------------------------------------------------------------------------
/wordpress/mysql/01-secret-mysql.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Secret
 3 | metadata:
 4 |   creationTimestamp: null
 5 |   name: mysql-user-pass
 6 | data:
 7 |   database.name: d3BkYg==
 8 |   root.password: TUBnZUVkdQ==
 9 |   user.name: d3B1c2Vy
10 |   user.password: bWFnZURVLmMwbQ==
11 | 


--------------------------------------------------------------------------------
/wordpress/mysql/02-pvc-mysql-data.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   name: mysql-data
 5 | spec:
 6 |   volumeMode: Filesystem
 7 |   accessModes:
 8 |     - ReadWriteOnce
 9 |   resources:
10 |     requests:
11 |       storage: 10Gi
12 |   storageClassName: nfs-csi
13 | 


--------------------------------------------------------------------------------
/wordpress/mysql/03-service-mysql.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: mysql
 6 |   name: mysql
 7 | spec:
 8 |   ports:
 9 |   - name: mysql
10 |     port: 3306
11 |     protocol: TCP
12 |     targetPort: 3306
13 |   selector:
14 |     app: mysql
15 |   type: ClusterIP
16 | 


--------------------------------------------------------------------------------
/wordpress/nginx/02-service-nginx.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: nginx
 6 |   name: nginx
 7 | spec:
 8 |   ports:
 9 |   - name: http-80
10 |     port: 80
11 |     protocol: TCP
12 |     targetPort: 80
13 |   selector:
14 |     app: nginx
15 |   type: NodePort
16 |   externalIPs:
17 |   - 172.29.100.100
18 | 


--------------------------------------------------------------------------------
/wordpress/nginx/03-deployment-nginx.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   labels:
 5 |     app: nginx
 6 |   name: nginx
 7 | spec:
 8 |   replicas: 1
 9 |   selector:
10 |     matchLabels:
11 |       app: nginx
12 |   strategy:
13 |     rollingUpdate:
14 |       maxSurge: 1
15 |       maxUnavailable: 0
16 |   template:
17 |     metadata:
18 |       labels:
19 |         app: nginx
20 |     spec:
21 |       volumes:
22 |       - name: ngxconf
23 |         configMap:
24 |           name: nginx-conf
25 |       - name: wordpress-app-data
26 |         persistentVolumeClaim:
27 |           claimName: wordpress-app-data
28 |       containers:
29 |       - image: nginx:1.20-alpine
30 |         name: nginx
31 |         volumeMounts:
32 |         - name: ngxconf
33 |           mountPath: /etc/nginx/conf.d/
34 |         - name: wordpress-app-data
35 |           mountPath: /var/www/html/
36 | 


--------------------------------------------------------------------------------
/wordpress/wordpress-apache-ephemeral/01-service-wordpress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: wordpress
 6 |   name: wordpress
 7 | spec:
 8 |   type: NodePort
 9 |   ports:
10 |   - name: http 
11 |     port: 80
12 |     protocol: TCP
13 |     targetPort: 80
14 |   selector:
15 |     app: wordpress
16 | 


--------------------------------------------------------------------------------
/wordpress/wordpress/01-service-wordpress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   labels:
 5 |     app: wordpress
 6 |   name: wordpress
 7 | spec:
 8 |   ports:
 9 |   - name: fpm 
10 |     port: 9000
11 |     protocol: TCP
12 |     targetPort: 9000
13 |   selector:
14 |     app: wordpress
15 | 


--------------------------------------------------------------------------------
/wordpress/wordpress/02-pvc-wordpress-app-data.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   name: wordpress-app-data
 5 | spec:
 6 |   volumeMode: Filesystem
 7 |   accessModes:
 8 |     - ReadWriteMany
 9 |   resources:
10 |     requests:
11 |       storage: 10Gi
12 |   storageClassName: nfs-csi
13 | 


--------------------------------------------------------------------------------