├── README.md
├── client-side-lb
    ├── client-deploy.yml
    ├── headless-svc.yml
    └── server-deploy.yml
├── envoy-service-mesh
    ├── Makefile
    ├── README.md
    ├── deployment-alive.yml
    ├── deployment-gateway.yml
    ├── deployment-user.yml
    ├── envoy-config
    │   ├── sidecar-gateway.yaml
    │   └── sidecar-service.yaml
    ├── service-alive-admin.yml
    ├── service-alive.yml
    ├── service-gateway.yml
    ├── service-user-admin.yml
    └── service-user.yml
├── headless
    ├── deployment.yml
    └── service.yml
├── helm-rbac
    ├── clusterrolebinding.yaml
    └── sa.yaml
├── helm
    ├── mychart
    │   ├── .helmignore
    │   ├── Chart.yaml
    │   ├── templates
    │   │   └── configmap.yaml
    │   └── values.yaml
    └── override.yaml
├── neg
    ├── deploy.yaml
    ├── ingress.yaml
    └── svc.yaml
├── nginx-ingress
    ├── Makefile
    ├── README.md
    ├── deployment.yml
    ├── ingress.yml
    └── service.yml
├── probe
    ├── Dockerfile
    ├── Makefile
    ├── app
    │   ├── go.mod
    │   ├── go.sum
    │   ├── health.go
    │   └── main.go
    └── probe-deployment.yaml
├── resource
    ├── image
    │   ├── Dockerfile
    │   └── main.go
    └── resource.yaml
├── service-account
    ├── Makefile
    ├── clusterrolebinding.yaml
    ├── pod.yaml
    └── sa.yaml
└── service
    ├── clusterip.yml
    ├── deploy.yaml
    └── nodeport.yml


/README.md:
--------------------------------------------------------------------------------
1 | # Kubernetes Sample
2 | --
3 | 


--------------------------------------------------------------------------------
/client-side-lb/client-deploy.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: client-deployment
 5 | spec:
 6 |   selector:
 7 |     matchLabels:
 8 |       app: client
 9 |   replicas: 1
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: client
14 |     spec:
15 |       containers:
16 |       - image: "jun06t/client-side-lb:client"
17 |         imagePullPolicy: Always
18 |         name: client
19 |         env:
20 |         - name: ENDPOINT
21 |           value: "headless-svc:8080"
22 |         - name: GRPC_VERBOSITY
23 |           value: "DEBUG"
24 |         - name: GRPC_GO_LOG_SEVERITY_LEVEL
25 |           value: "info"
26 |         - name: GRPC_GO_LOG_VERBOSITY_LEVEL
27 |           value: "2"
28 |         - name: GRPC_TRACE
29 |           value: "all"
30 | #        - name: GODEBUG
31 | #          value: "http2debug=2"
32 | 
33 | 


--------------------------------------------------------------------------------
/client-side-lb/headless-svc.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: headless-svc
 5 | spec:
 6 |   clusterIP: None
 7 |   ports:
 8 |   # Actually, no port is needed.
 9 |   # but set it because of the following bug.
10 |   # https://github.com/kubernetes/kubernetes/issues/55158
11 |   - name: headless
12 |     port: 8080
13 |     protocol: TCP
14 |     targetPort: 8080
15 |   selector:
16 |     app: server
17 | 


--------------------------------------------------------------------------------
/client-side-lb/server-deploy.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: server-deployment
 5 | spec:
 6 |   selector:
 7 |     matchLabels:
 8 |       app: server
 9 |   replicas: 3
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: server
14 |     spec:
15 |       containers:
16 |       - image: "jun06t/client-side-lb:server"
17 |         imagePullPolicy: Always
18 |         name: server
19 |         ports:
20 |           - containerPort: 8080
21 |         env:
22 |         - name: MAX_CONNECTION_AGE
23 |           value: "30"
24 |         - name: GRPC_VERBOSITY
25 |           value: "DEBUG"
26 |         - name: GRPC_GO_LOG_SEVERITY_LEVEL
27 |           value: "info"
28 |         - name: GRPC_GO_LOG_VERBOSITY_LEVEL
29 |           value: "2"
30 |         - name: GRPC_TRACE
31 |           value: "all"
32 | #        - name: GODEBUG
33 | #          value: "http2debug=2"
34 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/Makefile:
--------------------------------------------------------------------------------
 1 | .PHONY: configmap destroy apply apply-deployments apply-services
 2 | 
 3 | configmap:
 4 | 	kubectl create configmap envoy-config --from-file=envoy-config
 5 | 
 6 | apply: apply-deployments apply-services
 7 | 
 8 | apply-deployments:
 9 | 	kubectl apply -f deployment-alive.yml
10 | 	kubectl apply -f deployment-user.yml
11 | 	kubectl apply -f deployment-gateway.yml
12 | 
13 | apply-services:
14 | 	kubectl apply -f service-alive.yml
15 | 	kubectl apply -f service-alive-admin.yml
16 | 	kubectl apply -f service-user.yml
17 | 	kubectl apply -f service-user-admin.yml
18 | 	kubectl apply -f service-gateway.yml
19 | 
20 | destroy:
21 | 	kubectl delete deployment gateway-deployment
22 | 	kubectl delete deployment alive-service-deployment
23 | 	kubectl delete deployment user-service-deployment
24 | 	kubectl delete service gateway-svc
25 | 	kubectl delete service user-svc
26 | 	kubectl delete service user-admin-svc
27 | 	kubectl delete service alive-admin-svc
28 | 	kubectl delete service alive-svc
29 | 	kubectl delete configmap envoy-config
30 | 
31 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/README.md:
--------------------------------------------------------------------------------
 1 | envoy-service-mesh
 2 | --
 3 | 
 4 | # Quick start
 5 | ## Create ConfigMap
 6 | ```
 7 | make configmap
 8 | ```
 9 | 
10 | ## Apply each deployments and services
11 | ```
12 | make apply
13 | ```
14 | 
15 | ## Destroy cluster
16 | ```
17 | make destroy
18 | ```
19 | 
20 | # System Architecture
21 | ## Service Overview
22 | ![default](https://user-images.githubusercontent.com/4252009/42140706-ba68f8ee-7ddd-11e8-873c-93a2982dfc9e.png)
23 | 
24 | ## Detail
25 | ![service discovery](https://user-images.githubusercontent.com/4252009/42140709-c9fc9c48-7ddd-11e8-8f04-d232f30853f3.png)
26 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/deployment-alive.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: alive-service-deployment
 5 | spec:
 6 |   selector:
 7 |     matchLabels:
 8 |       app: alive-service
 9 |   replicas: 1
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: alive-service
14 |     spec:
15 |       volumes:
16 |         - name: envoy
17 |           configMap:
18 |             name: envoy-config
19 |       containers:
20 |         - name: alive
21 |           image: "jun06t/grpc-backend"
22 |           imagePullPolicy: IfNotPresent
23 |           ports:
24 |             - containerPort: 8080
25 |         - name: envoy
26 |           image: envoyproxy/envoy:latest
27 |           imagePullPolicy: IfNotPresent
28 |           volumeMounts:
29 |             - name: envoy
30 |               mountPath: /etc/envoy
31 |           command:
32 |             - "/usr/local/bin/envoy"
33 |           args:
34 |             - "--config-path /etc/envoy/sidecar-service.yaml"
35 |           ports:
36 |             - containerPort: 10000
37 |               name: envoy-sidecar
38 |             - containerPort: 10001
39 |               name: envoy-admin
40 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/deployment-gateway.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: gateway-deployment
 5 | spec:
 6 |   selector:
 7 |     matchLabels:
 8 |       app: gateway
 9 |   replicas: 1
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: gateway
14 |     spec:
15 |       volumes:
16 |         - name: envoy
17 |           configMap:
18 |             name: envoy-config
19 |       containers:
20 |         - name: gateway
21 |           image: "jun06t/grpc-gateway"
22 |           imagePullPolicy: IfNotPresent
23 |           ports:
24 |             - containerPort: 3000
25 |         - name: envoy
26 |           image: envoyproxy/envoy:latest
27 |           imagePullPolicy: IfNotPresent
28 |           volumeMounts:
29 |             - name: envoy
30 |               mountPath: /etc/envoy
31 |           command:
32 |             - "/usr/local/bin/envoy"
33 |           args:
34 |             - "--config-path /etc/envoy/sidecar-gateway.yaml"
35 |           ports:
36 |             - containerPort: 10000
37 |               name: envoy-sidecar
38 |             - containerPort: 10001
39 |               name: envoy-admin
40 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/deployment-user.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: user-service-deployment
 5 | spec:
 6 |   selector:
 7 |     matchLabels:
 8 |       app: user-service
 9 |   replicas: 2
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: user-service
14 |     spec:
15 |       volumes:
16 |         - name: envoy
17 |           configMap:
18 |             name: envoy-config
19 |       containers:
20 |         - name: user
21 |           image: "jun06t/grpc-backend"
22 |           imagePullPolicy: IfNotPresent
23 |           ports:
24 |             - containerPort: 8080
25 |         - name: envoy
26 |           image: envoyproxy/envoy:latest
27 |           imagePullPolicy: IfNotPresent
28 |           volumeMounts:
29 |             - name: envoy
30 |               mountPath: /etc/envoy
31 |           command:
32 |             - "/usr/local/bin/envoy"
33 |           args:
34 |             - "--config-path /etc/envoy/sidecar-service.yaml"
35 |           ports:
36 |             - containerPort: 10000
37 |               name: envoy-sidecar
38 |             - containerPort: 10001
39 |               name: envoy-admin
40 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/envoy-config/sidecar-gateway.yaml:
--------------------------------------------------------------------------------
  1 | static_resources:
  2 |   listeners:
  3 |   - address:
  4 |       socket_address:
  5 |         address: 0.0.0.0
  6 |         port_value: 10000
  7 |     filter_chains:
  8 |     - filters:
  9 |       - name: envoy.http_connection_manager
 10 |         config:
 11 |           codec_type: auto
 12 |           stat_prefix: ingress_http
 13 |           route_config:
 14 |             name: local_route
 15 |             virtual_hosts:
 16 |             - name: service
 17 |               domains:
 18 |               - "*"
 19 |               routes:
 20 |               - match:
 21 |                   prefix: "/"
 22 |                 route:
 23 |                   cluster: local_service
 24 |           access_log:
 25 |           - name: envoy.file_access_log
 26 |             config:
 27 |               path: "/dev/stdout"
 28 |           http_filters:
 29 |           - name: envoy.router
 30 |             config: {}
 31 |   - address:
 32 |       socket_address:
 33 |         address: 127.0.0.1
 34 |         port_value: 8080
 35 |     filter_chains:
 36 |     - filters:
 37 |       - name: envoy.http_connection_manager
 38 |         config:
 39 |           codec_type: auto
 40 |           stat_prefix: egress_http
 41 |           route_config:
 42 |             name: local_route
 43 |             virtual_hosts:
 44 |             - name: alive
 45 |               domains:
 46 |               - "*"
 47 |               routes:
 48 |               - match:
 49 |                   prefix: "/gateway.AliveService"
 50 |                 route:
 51 |                   cluster: alive
 52 |               - match:
 53 |                   prefix: "/gateway.UserService"
 54 |                 route:
 55 |                   cluster: user
 56 |           access_log:
 57 |           - name: envoy.file_access_log
 58 |             config:
 59 |               path: "/dev/stdout"
 60 |           http_filters:
 61 |           - name: envoy.router
 62 |             config: {}
 63 |   clusters:
 64 |   - name: local_service
 65 |     connect_timeout: 0.25s
 66 |     type: static
 67 |     lb_policy: round_robin
 68 |     health_checks:
 69 |     - timeout: 5s
 70 |       interval: 10s
 71 |       unhealthy_threshold: 2
 72 |       healthy_threshold: 2
 73 |       tcp_health_check: {}
 74 |     hosts:
 75 |     - socket_address:
 76 |         address: 127.0.0.1
 77 |         port_value: 3000
 78 |   - name: alive
 79 |     http2_protocol_options: {}
 80 |     connect_timeout: 0.25s
 81 |     type: strict_dns
 82 |     lb_policy: round_robin
 83 |     health_checks:
 84 |     - timeout: 5s
 85 |       interval: 10s
 86 |       unhealthy_threshold: 2
 87 |       healthy_threshold: 2
 88 |       tcp_health_check: {}
 89 |     hosts:
 90 |     - socket_address:
 91 |         address: alive-svc
 92 |         port_value: 10000
 93 |   - name: user
 94 |     http2_protocol_options: {}
 95 |     connect_timeout: 0.25s
 96 |     type: strict_dns
 97 |     lb_policy: round_robin
 98 |     health_checks:
 99 |     - timeout: 5s
100 |       interval: 10s
101 |       unhealthy_threshold: 2
102 |       healthy_threshold: 2
103 |       tcp_health_check: {}
104 |     hosts:
105 |     - socket_address:
106 |         address: user-svc
107 |         port_value: 10000
108 | admin:
109 |   access_log_path: /dev/null
110 |   address:
111 |     socket_address:
112 |       address: 0.0.0.0
113 |       port_value: 10001
114 | 
115 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/envoy-config/sidecar-service.yaml:
--------------------------------------------------------------------------------
 1 | static_resources:
 2 |   listeners:
 3 |   - address:
 4 |       socket_address:
 5 |         address: 0.0.0.0
 6 |         port_value: 10000
 7 |     filter_chains:
 8 |     - filters:
 9 |       - name: envoy.http_connection_manager
10 |         config:
11 |           codec_type: auto
12 |           stat_prefix: ingress_http
13 |           route_config:
14 |             name: local_route
15 |             virtual_hosts:
16 |             - name: service
17 |               domains:
18 |               - "*"
19 |               routes:
20 |               - match:
21 |                   prefix: "/"
22 |                 route:
23 |                   cluster: local_service
24 |           access_log:
25 |           - name: envoy.file_access_log
26 |             config:
27 |               path: "/dev/stdout"
28 |           http_filters:
29 |           - name: envoy.router
30 |             config: {}
31 |   clusters:
32 |   - name: local_service
33 |     http2_protocol_options: {}
34 |     connect_timeout: 0.25s
35 |     type: static
36 |     lb_policy: round_robin
37 |     health_checks:
38 |     - timeout: 5s
39 |       interval: 10s
40 |       unhealthy_threshold: 2
41 |       healthy_threshold: 2
42 |       tcp_health_check: {}
43 |     hosts:
44 |     - socket_address:
45 |         address: 127.0.0.1
46 |         port_value: 8080
47 | admin:
48 |   access_log_path: /dev/null
49 |   address:
50 |     socket_address:
51 |       address: 0.0.0.0
52 |       port_value: 10001
53 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/service-alive-admin.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: alive-admin-svc
 5 | spec:
 6 |   type: NodePort
 7 |   ports:
 8 |   - name: admin
 9 |     port: 3001
10 |     protocol: TCP
11 |     targetPort: 10001
12 |   selector:
13 |     app: alive-service
14 | 
15 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/service-alive.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: alive-svc
 5 | spec:
 6 |   clusterIP: None
 7 |   ports:
 8 |   # Actually, no port is needed.
 9 |   # but set it because of the following bug.
10 |   # https://github.com/kubernetes/kubernetes/issues/55158
11 |   - name: headless
12 |     port: 12345
13 |     protocol: TCP
14 |     targetPort: 12345
15 |   selector:
16 |     app: alive-service
17 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/service-gateway.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: gateway-svc
 5 | spec:
 6 |   type: NodePort
 7 |   ports:
 8 |   - name: proxy
 9 |     port: 3000
10 |     protocol: TCP
11 |     targetPort: 10000
12 |   - name: admin
13 |     port: 3001
14 |     protocol: TCP
15 |     targetPort: 10001
16 |   selector:
17 |     app: gateway
18 | 
19 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/service-user-admin.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: user-admin-svc
 5 | spec:
 6 |   type: NodePort
 7 |   ports:
 8 |   - name: admin
 9 |     port: 3001
10 |     protocol: TCP
11 |     targetPort: 10001
12 |   selector:
13 |     app: user-service
14 | 
15 | 


--------------------------------------------------------------------------------
/envoy-service-mesh/service-user.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: user-svc
 5 | spec:
 6 |   clusterIP: None
 7 |   ports:
 8 |   # Actually, no port is needed.
 9 |   # but set it because of the following bug.
10 |   # https://github.com/kubernetes/kubernetes/issues/55158
11 |   - name: headless
12 |     port: 12345
13 |     protocol: TCP
14 |     targetPort: 12345
15 |   selector:
16 |     app: user-service
17 | 


--------------------------------------------------------------------------------
/headless/deployment.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: headless-deployment
 5 | spec:
 6 |   selector:
 7 |     matchLabels:
 8 |       app: hello-world
 9 |   replicas: 2
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: hello-world
14 |     spec:
15 |       containers:
16 |         - image: "strm/helloworld-http"
17 |           imagePullPolicy: Always
18 |           name: hello-world-container
19 |           ports:
20 |             - containerPort: 80
21 | 


--------------------------------------------------------------------------------
/headless/service.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: headless-svc
 5 | spec:
 6 |   clusterIP: None
 7 |   ports:
 8 |   # Actually, no port is needed.
 9 |   # but set it because of the following bug.
10 |   # https://github.com/kubernetes/kubernetes/issues/55158
11 |   - name: headless
12 |     port: 12345
13 |     protocol: TCP
14 |     targetPort: 12345
15 |   selector:
16 |     app: hello-world
17 | 


--------------------------------------------------------------------------------
/helm-rbac/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: tiller
 5 | roleRef:
 6 |   apiGroup: rbac.authorization.k8s.io
 7 |   kind: ClusterRole
 8 |   name: cluster-admin
 9 | subjects:
10 | - kind: ServiceAccount
11 |   name: tiller
12 |   namespace: helm
13 | 


--------------------------------------------------------------------------------
/helm-rbac/sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 |   name: tiller
5 |   namespace: helm
6 | 


--------------------------------------------------------------------------------
/helm/mychart/.helmignore:
--------------------------------------------------------------------------------
 1 | # Patterns to ignore when building packages.
 2 | # This supports shell glob matching, relative path matching, and
 3 | # negation (prefixed with !). Only one pattern per line.
 4 | .DS_Store
 5 | # Common VCS dirs
 6 | .git/
 7 | .gitignore
 8 | .bzr/
 9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 | .vscode/
23 | 


--------------------------------------------------------------------------------
/helm/mychart/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | appVersion: "1.0"
3 | description: A Helm chart for Kubernetes
4 | name: mychart
5 | version: 0.1.0
6 | 


--------------------------------------------------------------------------------
/helm/mychart/templates/configmap.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: {{ .Release.Name }}-configmap
 5 | data:
 6 |   myvalue: "Hello World"
 7 |   {{- with .Values.favorite }}
 8 |   drink: {{ .drink | quote }}
 9 |   food: {{ .food | quote }}
10 |   {{- end }}
11 |   toppings: |-
12 |   {{- range $index, $topping := .Values.pizzaToppings }}
13 |     {{ $index }}: {{ $topping }}
14 |   {{- end }}
15 | 


--------------------------------------------------------------------------------
/helm/mychart/values.yaml:
--------------------------------------------------------------------------------
1 | favorite:
2 |   drink: coffee
3 |   food: pizza
4 | pizzaToppings:
5 |   - mushrooms
6 |   - cheese
7 |   - peppers
8 |   - onions
9 | 


--------------------------------------------------------------------------------
/helm/override.yaml:
--------------------------------------------------------------------------------
1 | favorite:
2 |   drink: tea
3 |   food: rice
4 | 
5 | 


--------------------------------------------------------------------------------
/neg/deploy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: neg-deployment
 5 | spec:
 6 |   replicas: 2
 7 |   selector:
 8 |     matchLabels:
 9 |       app: sample
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: sample
14 |     spec:
15 |       containers:
16 |       - name: sample
17 |         image: gcr.io/google-samples/hello-app:2.0
18 |         ports:
19 |         - containerPort: 8080
20 | 


--------------------------------------------------------------------------------
/neg/ingress.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: neg-ingress
 5 | spec:
 6 |   rules:
 7 |   - http:
 8 |       paths:
 9 |       - path: /*
10 |         backend:
11 |           serviceName: neg-svc
12 |           servicePort: 80
13 | 


--------------------------------------------------------------------------------
/neg/svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: neg-svc
 5 |   annotations:
 6 |     cloud.google.com/neg: '{"ingress": true}'
 7 | spec:
 8 |   type: ClusterIP
 9 |   selector:
10 |     app: sample
11 |   ports:
12 |   - port: 80
13 |     protocol: TCP
14 |     targetPort: 8080


--------------------------------------------------------------------------------
/nginx-ingress/Makefile:
--------------------------------------------------------------------------------
 1 | .PHONY: destroy apply
 2 | 
 3 | apply:
 4 | 	kubectl apply -f deployment.yml
 5 | 	kubectl apply -f service.yml
 6 | 	kubectl apply -f ingress.yml
 7 | 
 8 | destroy:
 9 | 	kubectl delete deploy hello-world-deployment
10 | 	kubectl delete svc hello-world-svc
11 | 	kubectl delete ingress nginx-ingress
12 | 
13 | 


--------------------------------------------------------------------------------
/nginx-ingress/README.md:
--------------------------------------------------------------------------------
 1 | # How to use
 2 | 
 3 | ## Before start
 4 | ### Set virtual host
 5 | Get minikube ip
 6 | ```
 7 | $ minikube ip
 8 | xxx.xxx.xxx.xxx
 9 | ```
10 | Add following line to /ets/hosts
11 | ```
12 | xxx.xxx.xxx.xxx hello-world.info
13 | ```
14 | 
15 | ## Case 1: with minikube addons
16 | ### Run nginx-ingress-controller.
17 | ```
18 | $ minikube addons enable ingress
19 | ```
20 | 
21 | ### Apply
22 | ```
23 | $ make apply
24 | ```
25 | 
26 | ### Confirm
27 | Now you can access via virtual host.
28 | ```
29 | $ curl hello-world.info
30 | <html><head><title>HTTP Hello World</title></head><body><h1>Hello from hello-world-deployment-5c8cd966cd-nvvdk</h1></body></html
31 | ```
32 | 
33 | ## Case 2: with helm charts
34 | ### Run nginx-ingress-controller.
35 | ```
36 | $ helm install --name nginx-ingress stable/nginx-ingress 
37 | ```
38 | 
39 | Check nginx-ingress-controller's Service port.
40 | 
41 | ```
42 | $ kubectl get svc
43 | NAME                            TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
44 | kubernetes                      ClusterIP      10.96.0.1        <none>        443/TCP                      17h
45 | nginx-ingress-controller        LoadBalancer   10.106.110.157   <pending>     80:32123/TCP,443:31527/TCP   5m51s
46 | nginx-ingress-default-backend   ClusterIP      10.106.9.142     <none>        80/TCP                       5m51s
47 | ```
48 | 
49 | ### Apply
50 | ```
51 | $ make apply
52 | ```
53 | 
54 | ### Confirm
55 | Now you can access via virtual host.
56 | ```
57 | $ curl hello-world.info:32123
58 | <html><head><title>HTTP Hello World</title></head><body><h1>Hello from hello-world-deployment-5c8cd966cd-nvvdk</h1></body></html
59 | ```
60 | 


--------------------------------------------------------------------------------
/nginx-ingress/deployment.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: hello-world-deployment
 5 | spec:
 6 |   selector:
 7 |     matchLabels:
 8 |       app: hello-world
 9 |   replicas: 3
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: hello-world
14 |     spec:
15 |       containers:
16 |         - image: "strm/helloworld-http"
17 |           imagePullPolicy: Always
18 |           name: hello-world-container
19 |           ports:
20 |             - containerPort: 80
21 | 


--------------------------------------------------------------------------------
/nginx-ingress/ingress.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: nginx-ingress
 5 |   annotations:
 6 |     kubernetes.io/ingress.class: "nginx"
 7 | spec:
 8 |   rules:
 9 |   - host: hello-world.info
10 |     http:
11 |       paths:
12 |       - backend:
13 |           serviceName: hello-world-svc
14 |           servicePort: 8080
15 |         path: /
16 | 


--------------------------------------------------------------------------------
/nginx-ingress/service.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: hello-world-svc
 5 | spec:
 6 |   type: NodePort
 7 |   ports:
 8 |    - port: 8080
 9 |      protocol: TCP
10 |      targetPort: 80
11 |   selector:
12 |     app: hello-world
13 | 


--------------------------------------------------------------------------------
/probe/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM golang:alpine3.10
 2 | 
 3 | ARG USER=appuser
 4 | ARG GROUP=appgroup
 5 | 
 6 | RUN apk --no-cache add ca-certificates && \
 7 |   addgroup -S ${GROUP} && adduser -S ${USER} -G ${GROUP}
 8 | 
 9 | RUN GRPC_HEALTH_PROBE_VERSION=v0.3.1 && \
10 |   wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \
11 |   chmod +x /bin/grpc_health_probe
12 | 
13 | WORKDIR /home/${USER}
14 | 
15 | COPY --chown=${USER}:${GROUP} app/ .
16 | 
17 | USER ${USER}
18 | 
19 | RUN go build -o server
20 | 
21 | CMD ["./server"]
22 | 
23 | 


--------------------------------------------------------------------------------
/probe/Makefile:
--------------------------------------------------------------------------------
 1 | .PHONY: build push
 2 | 
 3 | REGISTRY_DOMAIN := jun06t
 4 | 
 5 | build:
 6 | 	docker build -f Dockerfile -t ${REGISTRY_DOMAIN}/probe:latest .
 7 | 
 8 | push:
 9 | 	docker push ${REGISTRY_DOMAIN}/probe
10 | 
11 | 


--------------------------------------------------------------------------------
/probe/app/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/jun06t/kubernetes-sample/probe
2 | 
3 | go 1.13
4 | 
5 | require (
6 | 	github.com/jun06t/grpc-sample v0.0.0-20200116205135-9fd34cc7dcb3
7 | 	google.golang.org/grpc v1.27.1
8 | )
9 | 


--------------------------------------------------------------------------------
/probe/app/go.sum:
--------------------------------------------------------------------------------
 1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 2 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 3 | github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q=
 4 | github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 5 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 6 | github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 7 | github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 8 | github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 9 | github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
10 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
11 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
12 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
13 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
14 | github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
15 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
16 | github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ=
17 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
18 | github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
19 | github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c=
20 | github.com/jun06t/grpc-sample v0.0.0-20200116205135-9fd34cc7dcb3 h1:l2AMKxPQ7UabDPBZ4IiMXpvn6g8SROSjl0QEiKjRpHM=
21 | github.com/jun06t/grpc-sample v0.0.0-20200116205135-9fd34cc7dcb3/go.mod h1:2Pp6eUiROr0mrzmw8zTnc9woy1owr1sk43k3vdf5otE=
22 | github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
23 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
24 | github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
25 | github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
26 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
27 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
28 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
29 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
30 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
31 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
32 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
33 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
34 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
35 | golang.org/x/net v0.0.0-20191002035440-2ec189313ef0 h1:2mqDk8w/o6UmeUCu5Qiq2y7iMf6anbx+YA8d1JFoFrs=
36 | golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
37 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
38 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
39 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
40 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
41 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
42 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
43 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
44 | golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
45 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
46 | golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
47 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
48 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
49 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
50 | golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
51 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
52 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
53 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
54 | google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
55 | google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c h1:hrpEMCZ2O7DR5gC1n2AJGVhrwiEjOi35+jxtIuZpTMo=
56 | google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
57 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
58 | google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
59 | google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
60 | google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk=
61 | google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
62 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
63 | gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
64 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
65 | honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
66 | 


--------------------------------------------------------------------------------
/probe/app/health.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"context"
 5 | 
 6 | 	"google.golang.org/grpc/codes"
 7 | 	health "google.golang.org/grpc/health/grpc_health_v1"
 8 | 	"google.golang.org/grpc/status"
 9 | 
10 | 	pb "github.com/jun06t/grpc-sample/unary/proto"
11 | )
12 | 
13 | type helloHandler struct{}
14 | 
15 | func (h *helloHandler) SayHello(ctx context.Context, in *pb.HelloRequest) (*pb.HelloReply, error) {
16 | 	return &pb.HelloReply{Message: "Hello " + in.Name}, nil
17 | }
18 | 
19 | type healthHandler struct {
20 | }
21 | 
22 | func (h *healthHandler) Check(context.Context, *health.HealthCheckRequest) (*health.HealthCheckResponse, error) {
23 | 	return &health.HealthCheckResponse{
24 | 		Status: health.HealthCheckResponse_SERVING,
25 | 	}, nil
26 | }
27 | 
28 | func (h *healthHandler) Watch(*health.HealthCheckRequest, health.Health_WatchServer) error {
29 | 	return status.Error(codes.Unimplemented, "watch is not implemented.")
30 | }
31 | 


--------------------------------------------------------------------------------
/probe/app/main.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"log"
 5 | 	"net"
 6 | 
 7 | 	"google.golang.org/grpc"
 8 | 	health "google.golang.org/grpc/health/grpc_health_v1"
 9 | 
10 | 	pb "github.com/jun06t/grpc-sample/unary/proto"
11 | )
12 | 
13 | const (
14 | 	port = ":8080"
15 | )
16 | 
17 | func main() {
18 | 	lis, err := net.Listen("tcp", port)
19 | 	if err != nil {
20 | 		log.Fatal(err)
21 | 	}
22 | 
23 | 	s := grpc.NewServer()
24 | 	pb.RegisterGreeterServer(s, &helloHandler{})
25 | 	health.RegisterHealthServer(s, &healthHandler{})
26 | 	err = s.Serve(lis)
27 | 	if err != nil {
28 | 		log.Fatal(err)
29 | 	}
30 | }
31 | 


--------------------------------------------------------------------------------
/probe/probe-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: probe
 5 | spec:
 6 |   selector:
 7 |     matchLabels:
 8 |       app: probe
 9 |   replicas: 2
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: probe
14 |     spec:
15 |       containers:
16 |       - name: probe
17 |         image: "jun06t/probe"
18 |         ports:
19 |         - containerPort: 8080
20 |         readinessProbe:
21 |           exec:
22 |             command: ["/bin/grpc_health_probe", "-addr=:8080"]
23 |           initialDelaySeconds: 5
24 |         livenessProbe:
25 |           exec:
26 |             command: ["/bin/grpc_health_probe", "-addr=:8080"]
27 |           initialDelaySeconds: 10
28 | 


--------------------------------------------------------------------------------
/resource/image/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM golang:alpine
 2 | 
 3 | WORKDIR /app
 4 | COPY main.go /app
 5 | RUN go build -o main .
 6 | 
 7 | EXPOSE 8000
 8 | 
 9 | CMD ["./main"]
10 | 


--------------------------------------------------------------------------------
/resource/image/main.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"fmt"
 5 | 	"net/http"
 6 | 	"runtime"
 7 | )
 8 | 
 9 | func main() {
10 | 	cpus := runtime.NumCPU()
11 | 	fmt.Println("CPUs:", cpus)
12 | 
13 | 	for i := 0; i < 100; i++ {
14 | 		goroutine()
15 | 	}
16 | 
17 | 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
18 | 		fmt.Fprintf(w, "hello world")
19 | 	})
20 | 
21 | 	http.ListenAndServe(":8000", nil)
22 | }
23 | 
24 | func goroutine() {
25 | 	go func() {
26 | 		var counter int64
27 | 		for {
28 | 			counter++
29 | 		}
30 | 	}()
31 | }
32 | 


--------------------------------------------------------------------------------
/resource/resource.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: sample-resource
 5 | spec:
 6 |   replicas: 2
 7 |   selector:
 8 |     matchLabels:
 9 |       app: sample-app
10 |   template:
11 |     metadata:
12 |       labels:
13 |         app: sample-app
14 |     spec:
15 |       containers:
16 |         - name: golang
17 |           image: jun06t/show-cpus
18 | #          env:
19 | #          - name: GODEBUG
20 | #            value: "scheddetail=1,schedtrace=1000"
21 |           resources:
22 |             requests:
23 |               memory: "128Mi"
24 |               cpu: "100m"
25 |             limits:
26 |               memory: "256Mi"
27 |               cpu: "200m"
28 | 
29 | 


--------------------------------------------------------------------------------
/service-account/Makefile:
--------------------------------------------------------------------------------
 1 | .PHONY: destroy apply
 2 | 
 3 | apply:
 4 | 	kubectl apply -f sa.yaml
 5 | 	kubectl apply -f clusterrolebinding.yaml
 6 | 	kubectl apply -f pod.yaml
 7 | 
 8 | destroy:
 9 | 	kubectl delete po sample-kubectl
10 | 	kubectl delete sa sample-serviceaccount
11 | 	kubectl delete clusterrolebinding sample-clusterrolebinding
12 | 
13 | test:
14 | 	kubectl exec -it sample-kubectl -- kubectl get pods
15 | 


--------------------------------------------------------------------------------
/service-account/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: sample-clusterrolebinding
 5 | roleRef:
 6 |   apiGroup: rbac.authorization.k8s.io
 7 |   kind: ClusterRole
 8 |   name: view
 9 | subjects:
10 | - kind: ServiceAccount
11 |   name: sample-serviceaccount
12 |   namespace: default
13 | 


--------------------------------------------------------------------------------
/service-account/pod.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: sample-kubectl
 5 | spec:
 6 |   serviceAccountName: sample-serviceaccount
 7 |   containers:
 8 |     - name: kubectl-container
 9 |       image: lachlanevenson/k8s-kubectl:v1.10.4
10 |       command: ["sleep", "86400"]
11 | 
12 | 


--------------------------------------------------------------------------------
/service-account/sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 |   name: sample-serviceaccount
5 |   namespace: default
6 | 


--------------------------------------------------------------------------------
/service/clusterip.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: nginx-service
 5 | spec:
 6 |   type: ClusterIP
 7 |   ports:
 8 |   - port: 3000
 9 |     protocol: TCP
10 |     targetPort: 80
11 |   selector:
12 |     name: nginx
13 | 


--------------------------------------------------------------------------------
/service/deploy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: nginx-deployment
 5 | spec:
 6 |   selector:
 7 |     matchLabels:
 8 |       name: nginx
 9 |   replicas: 3
10 |   template:
11 |     metadata:
12 |       labels:
13 |         name: nginx
14 |     spec:
15 |       containers:
16 |       - name: nginx-container
17 |         imagePullPolicy: Always
18 |         image: nginx:1.11
19 |         ports:
20 |         - containerPort: 80
21 | 


--------------------------------------------------------------------------------
/service/nodeport.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: nginx-service
 5 | spec:
 6 |   type: NodePort
 7 |   ports:
 8 |   - port: 3000
 9 |     protocol: TCP
10 |     targetPort: 80
11 |   selector:
12 |     name: nginx
13 | 


--------------------------------------------------------------------------------