Hello, Flask!
" 8 | 9 | if __name__ == "__main__": 10 | app.run(host='0.0.0.0') -------------------------------------------------------------------------------- /deploying-laravel-application/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - laravel-deployment-and-service.yaml 3 | - ingress.yaml 4 | 5 | configMapGenerator: 6 | - name: laravel-env 7 | literals: 8 | - APP_KEY=base64:zC8wVldUZfZJaGaZ7+CPh+5FzaXYmShm7G/Qh6GdRl8= -------------------------------------------------------------------------------- /deploying-simple-echo-app-using-blue-green-deployment/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: echo-svc 5 | spec: 6 | selector: 7 | app: echo 8 | version: v1 9 | ports: 10 | - port: 80 11 | targetPort: 8080 -------------------------------------------------------------------------------- /knative/0.installing/eventing.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: knative-eventing 5 | --- 6 | apiVersion: operator.knative.dev/v1alpha1 7 | kind: KnativeEventing 8 | metadata: 9 | name: knative-eventing 10 | namespace: knative-eventing -------------------------------------------------------------------------------- /deploying-simple-hello-gin-app/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import "github.com/gin-gonic/gin" 4 | 5 | func main() { 6 | r := gin.Default() 7 | 8 | r.GET("/hello", func(c *gin.Context) { 9 | c.String(200, "Hello, Gin!") 10 | }) 11 | 12 | _ = r.Run(":8080") 13 | } 14 | -------------------------------------------------------------------------------- /deploying-wordpress-and-mysql-with-persistent-volumes/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - mysql-deployment-and-service.yaml 3 | - wordpress-deployment-and-service.yaml 4 | - ingress.yaml 5 | 6 | secretGenerator: 7 | - name: mysql-pass 8 | literals: 9 | - password=!@#123 # 自定义密码 -------------------------------------------------------------------------------- /istio/3.virtual-service/echo-v1-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: echo-v1 5 | labels: 6 | app: echo-v1 7 | spec: 8 | selector: 9 | app: echo-v1 10 | ports: 11 | - port: 8080 12 | protocol: TCP 13 | name: http -------------------------------------------------------------------------------- /istio/3.virtual-service/echo-v2-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: echo-v2 5 | labels: 6 | app: echo-v2 7 | spec: 8 | selector: 9 | app: echo-v2 10 | ports: 11 | - port: 8080 12 | protocol: TCP 13 | name: http -------------------------------------------------------------------------------- /istio/6.circuit-breaking/fortio-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: fortio-svc 5 | labels: 6 | app: fortio 7 | service: fortio 8 | spec: 9 | ports: 10 | - port: 8080 11 | name: http 12 | selector: 13 | app: fortio -------------------------------------------------------------------------------- /deploying-laravel-7-with-mysql-and-redis/configmap.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: laravel-env 5 | data: 6 | APP_KEY: base64:zC8wVldUZfZJaGaZ7+CPh+5FzaXYmShm7G/Qh6GdRl8= 7 | APP_ENV: production 8 | DB_DATABASE: laravel 9 | DB_USERNAME: root 10 | -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/customers-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: customers 5 | labels: 6 | app: customers 7 | spec: 8 | selector: 9 | app: customers 10 | ports: 11 | - port: 80 12 | name: http 13 | targetPort: 3000 -------------------------------------------------------------------------------- /deploying-simple-hello-spring-app/.mvn/wrapper/maven-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip 2 | wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar 3 | -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/webfrontend-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: web-frontend 5 | labels: 6 | app: web-frontend 7 | spec: 8 | selector: 9 | app: web-frontend 10 | ports: 11 | - port: 80 12 | name: http 13 | targetPort: 8080 -------------------------------------------------------------------------------- /deploying-simple-hello-express-app/index.js: -------------------------------------------------------------------------------- 1 | const express = require('express') 2 | const app = express() 3 | const port = 3000 4 | 5 | app.get('/', (req, res) => { 6 | res.send('Hello Express!') 7 | }) 8 | 9 | app.listen(port, () => { 10 | console.log(`Example app listening at http://localhost:${port}`) 11 | }) -------------------------------------------------------------------------------- /deploying-kbp-journal-app/fileserver/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: fileserver-svc 5 | namespace: default 6 | labels: 7 | app: fileserver 8 | spec: 9 | selector: 10 | app: fileserver 11 | ports: 12 | - port: 80 13 | targetPort: 80 14 | protocol: TCP 15 | type: ClusterIP -------------------------------------------------------------------------------- /deploying-kbp-journal-app/frontend/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: frontend-svc 5 | namespace: default 6 | labels: 7 | app: frontend 8 | spec: 9 | ports: 10 | - port: 8080 11 | targetPort: 8080 12 | protocol: TCP 13 | selector: 14 | app: frontend 15 | type: ClusterIP -------------------------------------------------------------------------------- /istio/3.virtual-service/istio-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: Gateway 3 | metadata: 4 | name: http-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - hosts: 10 | - "*" 11 | port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | -------------------------------------------------------------------------------- /istio/4.destination-rule/istio-destination-rule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: DestinationRule 3 | metadata: 4 | name: echo-destination-rule 5 | spec: 6 | host: echo-service 7 | subsets: 8 | - name: v1 9 | labels: 10 | version: v1 11 | - name: v2 12 | labels: 13 | version: v2 -------------------------------------------------------------------------------- /istio/4.destination-rule/istio-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: Gateway 3 | metadata: 4 | name: echo-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - hosts: 10 | - "*" 11 | port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | -------------------------------------------------------------------------------- /istio/5.fault-injection/istio-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: Gateway 3 | metadata: 4 | name: nginx-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - hosts: 10 | - "*" 11 | port: 12 | number: 80 13 | name: http 14 | protocol: HTTP 15 | -------------------------------------------------------------------------------- /deploying-kbp-journal-app/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - frontend/configmap.yaml 3 | - frontend/deployment.yaml 4 | - frontend/service.yaml 5 | - redis/configmap.yaml 6 | - redis/secret.yaml 7 | - redis/statefulset.yaml 8 | - redis/service.yaml 9 | - fileserver/deployment.yaml 10 | - fileserver/service.yaml 11 | - ingress.yaml -------------------------------------------------------------------------------- /learn-from-source-code/README.md: -------------------------------------------------------------------------------- 1 | # 源码研习 2 | 3 | * [当你创建了一个Deployment时,Kubernetes内部发生了什么?](./what-happens-in-kubernetes-when-create-a-deployment.md) 4 | * [当一个请求到达 kube-apiserver 时,Kubernetes 内部发生了什么?](./what-happens-in-kubernetes-when-a-request-hits-kube-apiserver.md) 5 | * [当一个 Pod 被调度时,Kubernetes 内部发生了什么?](./what-happens-in-kubernetes-when-schedule-a-pod.md) -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/customers-destination-rule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: customers 5 | spec: 6 | host: customers.default.svc.cluster.local 7 | subsets: 8 | - name: v1 9 | labels: 10 | version: v1 11 | - name: v2 12 | labels: 13 | version: v2 -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - istio-gateway.yaml 3 | - customers-deployment-v1.yaml 4 | - customers-deployment-v2.yaml 5 | - customers-service.yaml 6 | - customers-virtual-service.yaml 7 | - customers-destination-rule.yaml 8 | - webfrontend-deployment.yaml 9 | - webfrontend-service.yaml 10 | - webfrontend-virtual-service.yaml -------------------------------------------------------------------------------- /deploying-simple-hello-spring-app/src/test/java/com/example/hellospring/HelloSpringApplicationTests.java: -------------------------------------------------------------------------------- 1 | package com.example.hellospring; 2 | 3 | import org.junit.jupiter.api.Test; 4 | import org.springframework.boot.test.context.SpringBootTest; 5 | 6 | @SpringBootTest 7 | class HelloSpringApplicationTests { 8 | 9 | @Test 10 | void contextLoads() { 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /knative/2.traffic-split/http-echo-update.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: http-echo 5 | spec: 6 | template: 7 | metadata: 8 | name: http-echo-v2 9 | spec: 10 | containers: 11 | - image: jxlwqq/http-echo 12 | ports: 13 | - containerPort: 8080 14 | args: 15 | - "--text=v2" -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/istio-gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: sample-gateway 5 | spec: 6 | selector: 7 | istio: ingressgateway 8 | servers: 9 | - port: 10 | number: 80 11 | name: http 12 | protocol: HTTP 13 | hosts: 14 | - 'web.example.com' 15 | - 'svc.example.com' -------------------------------------------------------------------------------- /deploying-php-guestbook-application-with-redis/README.md: -------------------------------------------------------------------------------- 1 | # 使用 Redis 部署 PHP 留言板应用程序 2 | 3 | 原文:https://kubernetes.io/zh/docs/tutorials/stateless-application/guestbook/ ,基于原文做了一些相关调整。 4 | 5 | 本教程向您展示如何使用 Kubernetes 和 Docker 构建和部署 一个简单的_(非面向生产)的_多层 web 应用程序。 6 | 7 | #### 部署 8 | 9 | ```shell 10 | kubectl apply -k . 11 | ``` 12 | 13 | #### 清理 14 | 15 | ```shell 16 | kubectl delete -k . 17 | ``` 18 | 19 | -------------------------------------------------------------------------------- /deploying-php-guestbook-application-with-mongodb/README.md: -------------------------------------------------------------------------------- 1 | # 使用 Redis 部署 PHP 留言板应用程序 2 | 3 | 原文:https://v1-20.docs.kubernetes.io/docs/tutorials/stateless-application/guestbook/ ,基于原文做了一些相关调整。 4 | 5 | 本教程向您展示如何使用 Kubernetes 和 Docker 构建和部署 一个简单的_(非面向生产)的_多层 web 应用程序。 6 | 7 | #### 部署 8 | 9 | ```shell 10 | kubectl apply -k . 11 | ``` 12 | 13 | #### 清理 14 | 15 | ```shell 16 | kubectl delete -k . 17 | ``` 18 | 19 | -------------------------------------------------------------------------------- /deploying-simple-hello-express-app/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "hello-express", 3 | "version": "1.0.0", 4 | "description": "example: deploying-simple-hello-express-app", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "jxlwqq", 10 | "license": "ISC", 11 | "dependencies": { 12 | "express": "^4.21.2" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /knative/0.installing/serving.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: knative-serving 5 | --- 6 | apiVersion: operator.knative.dev/v1alpha1 7 | kind: KnativeServing 8 | metadata: 9 | name: knative-serving 10 | namespace: knative-serving 11 | spec: 12 | config: 13 | istio: 14 | local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local" -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/.gitignore: -------------------------------------------------------------------------------- 1 | ### Go template 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | 9 | # Test binary, built with `go test -c` 10 | *.test 11 | 12 | # Output of the go coverage tool, specifically when used with LiteIDE 13 | *.out 14 | 15 | # Dependency directories (remove the comment below to include it) 16 | # vendor/ 17 | 18 | .idea 19 | 20 | -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/webfrontend-virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: web-frontend 5 | spec: 6 | hosts: 7 | - 'web.example.com' 8 | gateways: 9 | - sample-gateway 10 | http: 11 | - route: 12 | - destination: 13 | host: web-frontend.default.svc.cluster.local 14 | port: 15 | number: 80 -------------------------------------------------------------------------------- /deploying-simple-echo-app-using-blue-green-deployment/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: echo-ing 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: echo-svc 14 | port: 15 | number: 80 16 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-simple-hello-flask-app/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: hello-flask-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: hello-flask-svc 14 | port: 15 | number: 80 16 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-simple-hello-gin-app/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: hello-gin-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: hello-gin-svc 14 | port: 15 | number: 8080 16 | ingressClassName: nginx 17 | -------------------------------------------------------------------------------- /istio/5.fault-injection/nginx-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | labels: 6 | app: nginx 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: nginx 11 | template: 12 | metadata: 13 | labels: 14 | app: nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /istio/6.circuit-breaking/nginx-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx 5 | labels: 6 | app: nginx 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: nginx 11 | template: 12 | metadata: 13 | labels: 14 | app: nginx 15 | spec: 16 | containers: 17 | - name: nginx 18 | image: nginx 19 | ports: 20 | - containerPort: 80 21 | -------------------------------------------------------------------------------- /dapr/1.hello-kubernetes/node/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "node_server", 3 | "version": "1.0.0", 4 | "private": true, 5 | "description": "", 6 | "main": "app.js", 7 | "scripts": { 8 | "test": "echo \"Error: no test specified\" && exit 1" 9 | }, 10 | "author": "", 11 | "license": "ISC", 12 | "dependencies": { 13 | "body-parser": "^1.18.3", 14 | "express": "^4.20.0", 15 | "isomorphic-fetch": "^3.0.0" 16 | } 17 | } -------------------------------------------------------------------------------- /deploying-php-guestbook-application-with-redis/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: guestbook-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: frontend 14 | port: 15 | number: 80 16 | ingressClassName: nginx -------------------------------------------------------------------------------- /ingress-nginx/README.md: -------------------------------------------------------------------------------- 1 | #### 安装 2 | 3 | 为了让 Ingress 资源工作,集群必须有一个正在运行的 Ingress 控制器。Kubernetes 作为一个项目,目前支持和维护 AWS, GCE 和 nginx Ingress 控制器。这里我们推荐安装 nginx Ingress 控制器。 4 | 5 | ```bash 6 | kubectl apply -f deploy.yaml 7 | ``` 8 | 9 | 注: 10 | 11 | deploy.yaml 文件内容来源自:https://github.com/kubernetes/ingress-nginx/blob/main/deploy/static/provider/cloud/deploy.yaml 12 | 13 | 详细操作说明见:https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/index.md -------------------------------------------------------------------------------- /deploying-hello-world-web-application-with-go/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: hello-web-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: hello-web-svc 14 | port: 15 | number: 80 16 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-nodejs-note-application-with-mongodb/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: frontend-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: frontend-service 14 | port: 15 | number: 80 16 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-simple-hello-spring-app/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: hello-spring-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: hello-spring-svc 14 | port: 15 | number: 8080 16 | ingressClassName: nginx 17 | -------------------------------------------------------------------------------- /istio/6.circuit-breaking/README.md: -------------------------------------------------------------------------------- 1 | ```shell 2 | export FORTIO_POD=$(kubectl get pods -l app=fortio -o 'jsonpath={.items[0].metadata.name}') 3 | kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio curl -quiet http://nginx-svc:80 4 | kubectl exec "$FORTIO_POD" -c fortio -- /usr/bin/fortio load -c 3 -qps 0 -n 30 -loglevel Warning http://nginx-svc:80 5 | kubectl exec "$FORTIO_POD" -c istio-proxy -- pilot-agent request GET stats | grep nginx| grep pending 6 | ``` -------------------------------------------------------------------------------- /deploying-simple-php-app-with-fpm-and-nginx/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: php-fpm-nginx-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: php-fpm-nginx-svc 14 | port: 15 | number: 80 16 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/cmd/api-server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.17-alpine AS builder 2 | WORKDIR /workspace 3 | COPY go.mod go.mod 4 | COPY go.sum go.sum 5 | RUN go mod download 6 | COPY api api 7 | COPY cmd/api-server cmd/api-server 8 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o app cmd/api-server/main.go 9 | 10 | FROM alpine 11 | WORKDIR / 12 | COPY --from=builder /workspace/app . 13 | EXPOSE 8080 14 | ENTRYPOINT ["/app"] -------------------------------------------------------------------------------- /istio/5.fault-injection/istio-virtual-service-abort.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: VirtualService 3 | metadata: 4 | name: nginx-virtual-service 5 | spec: 6 | gateways: 7 | - nginx-gateway 8 | hosts: 9 | - "*" 10 | http: 11 | - route: 12 | - destination: 13 | host: nginx-svc 14 | fault: 15 | abort: 16 | percentage: 17 | value: 50 18 | httpStatus: 503 19 | -------------------------------------------------------------------------------- /istio/5.fault-injection/istio-virtual-service-delay.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: VirtualService 3 | metadata: 4 | name: nginx-virtual-service 5 | spec: 6 | gateways: 7 | - nginx-gateway 8 | hosts: 9 | - "*" 10 | http: 11 | - route: 12 | - destination: 13 | host: nginx-svc 14 | fault: 15 | delay: 16 | percentage: 17 | value: 100 18 | fixedDelay: 5s 19 | -------------------------------------------------------------------------------- /deploying-kbp-journal-app/redis/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: redis-config 5 | data: 6 | launch.sh: |- 7 | #!/bin/sh 8 | 9 | PASSWORD=$(cat /etc/redis-passwd/passwd) 10 | 11 | if [[ "${HOSTNAME}" == "redis-0" ]]; then 12 | redis-server --requirepass ${PASSWORD} 13 | else 14 | redis-server --slaveof redis-0.redis 6379 --masterauth ${PASSWORD} --requirepass ${PASSWORD} 15 | fi 16 | 17 | 18 | -------------------------------------------------------------------------------- /deploying-laravel-application/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: laravel-ingress 5 | labels: 6 | app: laravel 7 | spec: 8 | rules: 9 | - http: 10 | paths: 11 | - path: / 12 | pathType: Prefix 13 | backend: 14 | service: 15 | name: laravel-service 16 | port: 17 | number: 80 18 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/kubernetes-manifests/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: api-server-ing 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: api-server-svc 14 | port: 15 | number: 8080 16 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-laravel-7-with-mysql-and-redis/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: laravel-ingress 5 | labels: 6 | app: laravel 7 | spec: 8 | rules: 9 | - http: 10 | paths: 11 | - path: / 12 | pathType: Prefix 13 | backend: 14 | service: 15 | name: laravel-service 16 | port: 17 | number: 80 18 | ingressClassName: nginx -------------------------------------------------------------------------------- /cka-training/9.helm.md: -------------------------------------------------------------------------------- 1 | ```shell 2 | curl https://baltocdn.com/helm/signing.asc | sudo apt-key add - 3 | sudo apt-get install apt-transport-https --yes 4 | echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list 5 | sudo apt-get update 6 | sudo apt-get install helm 7 | 8 | echo "source <(helm completion bash)" >> ~/.bashrc 9 | 10 | 11 | helm repo add bitnami https://charts.bitnami.com/bitnami 12 | helm repo update 13 | ``` -------------------------------------------------------------------------------- /deploying-simple-echo-app-using-canary-deployment/ingress-primary.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: echo-ing 5 | spec: 6 | rules: 7 | - host: canary.example.com 8 | http: 9 | paths: 10 | - path: / 11 | pathType: Prefix 12 | backend: 13 | service: 14 | name: echo-v1-svc 15 | port: 16 | number: 80 17 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-simple-hello-spring-app/src/main/java/com/example/hellospring/HelloSpringApplication.java: -------------------------------------------------------------------------------- 1 | package com.example.hellospring; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class HelloSpringApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(HelloSpringApplication.class, args); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /deploying-wordpress-and-mysql-with-persistent-volumes/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: wordpress-ingress 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: / 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: wordpress-svc # 匹配 wordpress Service 的 name 14 | port: 15 | number: 80 16 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-simple-hello-spring-app/src/main/java/com/example/hellospring/HomeController.java: -------------------------------------------------------------------------------- 1 | package com.example.hellospring; 2 | 3 | import org.springframework.stereotype.Controller; 4 | import org.springframework.web.bind.annotation.GetMapping; 5 | import org.springframework.web.bind.annotation.RestController; 6 | 7 | @RestController 8 | public class HomeController { 9 | 10 | @GetMapping("/") 11 | public String index() { 12 | return "Hello, Spring!"; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /knative/0.installing/http-echo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: http-echo 5 | spec: 6 | template: 7 | metadata: 8 | # This is the name of our new "Revision," it must follow the convention {service-name}-{revision-name} 9 | name: http-echo-v1 10 | spec: 11 | containers: 12 | - image: jxlwqq/http-echo 13 | ports: 14 | - containerPort: 8080 15 | args: 16 | - "--text=v1" -------------------------------------------------------------------------------- /deploying-php-guestbook-application-with-mongodb/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: guestbook-ingress 5 | labels: 6 | app: guestbook 7 | spec: 8 | rules: 9 | - http: 10 | paths: 11 | - path: / 12 | pathType: Prefix 13 | backend: 14 | service: 15 | name: frontend 16 | port: 17 | number: 80 18 | ingressClassName: nginx 19 | 20 | -------------------------------------------------------------------------------- /istio/4.destination-rule/istio-virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: VirtualService 3 | metadata: 4 | name: echo-virtual-service 5 | spec: 6 | gateways: 7 | - echo-gateway 8 | hosts: 9 | - "*" 10 | http: 11 | - route: 12 | - destination: 13 | host: echo-service 14 | subset: v1 15 | weight: 90 16 | - destination: 17 | host: echo-service 18 | subset: v2 19 | weight: 10 -------------------------------------------------------------------------------- /deploying-simple-hello-express-app/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: hello-express-ingress 5 | labels: 6 | app.kubernetes.io/name: hello-express 7 | spec: 8 | rules: 9 | - http: 10 | paths: 11 | - path: / 12 | pathType: Prefix 13 | backend: 14 | service: 15 | name: hello-express-svc 16 | port: 17 | number: 3000 18 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-simple-hello-spring-app/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM maven:3-openjdk-8 AS compile_stage 2 | WORKDIR /app 3 | 4 | COPY .mvn .mvn 5 | COPY pom.xml . 6 | COPY src src 7 | 8 | RUN mvn clean package -U -DskipTests 9 | 10 | FROM openjdk:8-jdk-alpine 11 | ENV PROJECT_NAME hello-spring 12 | ENV PROJECT_VERSION 0.0.1-SNAPSHOT 13 | WORKDIR /app 14 | 15 | COPY --from=compile_stage /app/target/${PROJECT_NAME}-${PROJECT_VERSION}.jar . 16 | 17 | CMD ["sh", "-c", "java -jar /app/${PROJECT_NAME}-${PROJECT_VERSION}.jar"] 18 | -------------------------------------------------------------------------------- /deploying-simple-php-app-with-fpm-and-nginx/horizontalpodautoscaler.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: php-fpm-nginx 5 | spec: 6 | scaleTargetRef: 7 | apiVersion: apps/v1 8 | kind: Deployment 9 | name: php-fpm-nginx 10 | minReplicas: 3 11 | maxReplicas: 10 12 | metrics: 13 | - type: Resource 14 | resource: 15 | name: memory 16 | target: 17 | type: Utilization 18 | averageUtilization: 1 -------------------------------------------------------------------------------- /deploying-simple-hello-gin-app/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1 2 | FROM --platform=$TARGETPLATFORM golang:1.19-alpine AS builder 3 | ARG TARGETARCH 4 | ARG TARGETOS 5 | WORKDIR /workspace 6 | COPY go.mod go.mod 7 | COPY go.sum go.sum 8 | RUN go mod download 9 | COPY . . 10 | RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -a -o app main.go 11 | 12 | FROM gcr.io/distroless/static:nonroot-$TARGETARCH 13 | WORKDIR / 14 | COPY --from=builder /workspace/app . 15 | EXPOSE 8080 16 | ENTRYPOINT ["/app"] -------------------------------------------------------------------------------- /istio/2.injection/nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | app: nginx 7 | name: nginx 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: nginx 13 | strategy: {} 14 | template: 15 | metadata: 16 | creationTimestamp: null 17 | labels: 18 | app: nginx 19 | spec: 20 | containers: 21 | - image: nginx 22 | name: nginx 23 | resources: {} 24 | status: {} 25 | -------------------------------------------------------------------------------- /knative/2.traffic-split/http-echo-split.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.knative.dev/v1 2 | kind: Service 3 | metadata: 4 | name: http-echo 5 | spec: 6 | template: 7 | metadata: 8 | name: http-echo-v2 9 | spec: 10 | containers: 11 | - image: jxlwqq/http-echo 12 | ports: 13 | - containerPort: 8080 14 | args: 15 | - "--text=v2" 16 | traffic: 17 | - latestRevision: true 18 | percent: 50 19 | - revisionName: http-echo-v1 20 | percent: 50 -------------------------------------------------------------------------------- /istio/6.circuit-breaking/nginx-destination-rule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: nginx-destination-rule 5 | spec: 6 | host: nginx-svc 7 | trafficPolicy: 8 | connectionPool: 9 | tcp: 10 | maxConnections: 1 11 | http: 12 | http1MaxPendingRequests: 1 13 | maxRequestsPerConnection: 1 14 | outlierDetection: 15 | consecutive5xxErrors: 1 16 | interval: 1s 17 | baseEjectionTime: 3m 18 | maxEjectionPercent: 100 -------------------------------------------------------------------------------- /istio/3.virtual-service/istio-virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: VirtualService 3 | metadata: 4 | name: http-virtual-service 5 | spec: 6 | hosts: 7 | - "*" 8 | gateways: 9 | - http-gateway 10 | http: 11 | - route: 12 | - destination: 13 | host: echo-v1 14 | port: 15 | number: 8080 16 | weight: 90 17 | - destination: 18 | host: echo-v2 19 | port: 20 | number: 8080 21 | weight: 10 -------------------------------------------------------------------------------- /istio/3.virtual-service/echo-v2-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: echo-v2 6 | name: echo-v2 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: echo-v2 12 | template: 13 | metadata: 14 | labels: 15 | app: echo-v2 16 | spec: 17 | containers: 18 | - name: echo-v2 19 | image: jxlwqq/http-echo 20 | ports: 21 | - containerPort: 8080 22 | args: 23 | - "--text=v2" 24 | 25 | -------------------------------------------------------------------------------- /deploying-kbp-journal-app/redis/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: redis-svc 5 | namespace: default 6 | labels: 7 | app: redis 8 | spec: 9 | selector: 10 | app: redis 11 | ports: 12 | - port: 6379 13 | targetPort: 6379 14 | protocol: TCP 15 | type: ClusterIP 16 | --- 17 | apiVersion: v1 18 | kind: Service 19 | metadata: 20 | name: redis-write 21 | namespace: default 22 | labels: 23 | app: redis-write 24 | spec: 25 | ports: 26 | - port: 6379 27 | clusterIP: None 28 | 29 | -------------------------------------------------------------------------------- /istio/3.virtual-service/echo-v1-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: echo-v1 5 | labels: 6 | app: echo-v1 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: echo-v1 11 | template: 12 | metadata: 13 | labels: 14 | app: echo-v1 15 | spec: 16 | containers: 17 | - name: echo-v1 18 | image: jxlwqq/http-echo 19 | imagePullPolicy: IfNotPresent 20 | ports: 21 | - containerPort: 8080 22 | args: 23 | - "--text=v1" -------------------------------------------------------------------------------- /deploying-simple-hello-spring-app/.gitignore: -------------------------------------------------------------------------------- 1 | HELP.md 2 | target/ 3 | !.mvn/wrapper/maven-wrapper.jar 4 | !**/src/main/**/target/ 5 | !**/src/test/**/target/ 6 | 7 | ### STS ### 8 | .apt_generated 9 | .classpath 10 | .factorypath 11 | .project 12 | .settings 13 | .springBeans 14 | .sts4-cache 15 | 16 | ### IntelliJ IDEA ### 17 | .idea 18 | *.iws 19 | *.iml 20 | *.ipr 21 | 22 | ### NetBeans ### 23 | /nbproject/private/ 24 | /nbbuild/ 25 | /dist/ 26 | /nbdist/ 27 | /.nb-gradle/ 28 | build/ 29 | !**/src/main/**/build/ 30 | !**/src/test/**/build/ 31 | 32 | ### VS Code ### 33 | .vscode/ 34 | -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/api/protobuf/calculator/calculator.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | 3 | package grpc.calculator.v1; 4 | 5 | option go_package = "./api/protobuf/calculator;grpc_calculator_v1"; 6 | 7 | service calculator { 8 | rpc add(request) returns (response) {} 9 | rpc subtract(request) returns (response) {} 10 | rpc multiply(request) returns (response) {} 11 | rpc divide(request) returns (response) {} 12 | } 13 | 14 | 15 | message request { 16 | float x = 1; 17 | float y = 2; 18 | } 19 | 20 | message response { 21 | float res = 1; 22 | string err = 2; 23 | } 24 | -------------------------------------------------------------------------------- /istio/4.destination-rule/echo-v1-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: echo-v1 5 | labels: 6 | app: echo 7 | version: v1 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: echo 12 | version: v1 13 | template: 14 | metadata: 15 | labels: 16 | app: echo 17 | version: v1 18 | spec: 19 | containers: 20 | - name: echo 21 | image: jxlwqq/http-echo 22 | imagePullPolicy: IfNotPresent 23 | ports: 24 | - containerPort: 8080 25 | args: 26 | - "--text=v1" -------------------------------------------------------------------------------- /istio/4.destination-rule/echo-v2-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: echo-v2 5 | labels: 6 | app: echo 7 | version: v2 8 | spec: 9 | selector: 10 | matchLabels: 11 | app: echo 12 | version: v2 13 | template: 14 | metadata: 15 | labels: 16 | app: echo 17 | version: v2 18 | spec: 19 | containers: 20 | - name: echo 21 | image: jxlwqq/http-echo 22 | imagePullPolicy: IfNotPresent 23 | ports: 24 | - containerPort: 8080 25 | args: 26 | - "--text=v2" -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/customers-deployment-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: customers-v1 5 | labels: 6 | app: customers 7 | version: v1 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: customers 13 | version: v1 14 | template: 15 | metadata: 16 | labels: 17 | app: customers 18 | version: v1 19 | spec: 20 | containers: 21 | - image: gcr.io/tetratelabs/customers:1.0.0 22 | imagePullPolicy: Always 23 | name: svc 24 | ports: 25 | - containerPort: 3000 -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/customers-deployment-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: customers-v2 5 | labels: 6 | app: customers 7 | version: v2 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: customers 13 | version: v2 14 | template: 15 | metadata: 16 | labels: 17 | app: customers 18 | version: v2 19 | spec: 20 | containers: 21 | - image: gcr.io/tetratelabs/customers:2.0.0 22 | imagePullPolicy: Always 23 | name: svc 24 | ports: 25 | - containerPort: 3000 -------------------------------------------------------------------------------- /deploying-simple-echo-app-using-blue-green-deployment/echo-v1-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: echo-v1 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: echo 10 | version: v1 11 | template: 12 | metadata: 13 | labels: 14 | app: echo 15 | version: v1 16 | spec: 17 | containers: 18 | - name: echo 19 | image: jxlwqq/http-echo 20 | args: 21 | - "--text=echo-v1" 22 | ports: 23 | - name: http 24 | protocol: TCP 25 | containerPort: 8080 26 | -------------------------------------------------------------------------------- /deploying-simple-echo-app-using-blue-green-deployment/echo-v2-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: echo-v2 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: echo 10 | version: v2 11 | template: 12 | metadata: 13 | labels: 14 | app: echo 15 | version: v2 16 | spec: 17 | containers: 18 | - name: echo 19 | image: jxlwqq/http-echo 20 | args: 21 | - "--text=echo-v2" 22 | ports: 23 | - name: http 24 | protocol: TCP 25 | containerPort: 8080 26 | -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/cmd/calculator/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.17-alpine AS builder 2 | WORKDIR /workspace 3 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go install github.com/grpc-ecosystem/grpc-health-probe@latest 4 | COPY go.mod go.mod 5 | COPY go.sum go.sum 6 | RUN go mod download 7 | COPY api api 8 | COPY cmd/calculator cmd/calculator 9 | COPY internal internal 10 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o app cmd/calculator/main.go 11 | 12 | FROM alpine 13 | WORKDIR / 14 | COPY --from=builder /workspace/app . 15 | COPY --from=builder /go/bin/grpc-health-probe . 16 | EXPOSE 50051 17 | ENTRYPOINT ["/app"] -------------------------------------------------------------------------------- /metrics-server/nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: nginx 6 | name: nginx 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | spec: 17 | containers: 18 | - image: nginx 19 | name: nginx 20 | ports: 21 | - containerPort: 80 22 | resources: 23 | limits: 24 | cpu: "20m" 25 | memory: "50Mi" 26 | requests: 27 | cpu: "20m" 28 | memory: "50Mi" -------------------------------------------------------------------------------- /deploying-laravel-7-with-mysql-and-redis/redis-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: redis-deployment 5 | labels: 6 | app: redis 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: redis 11 | template: 12 | metadata: 13 | labels: 14 | app: redis 15 | spec: 16 | containers: 17 | - name: redis 18 | image: redis 19 | ports: 20 | - containerPort: 6379 21 | --- 22 | kind: Service 23 | apiVersion: v1 24 | metadata: 25 | name: redis-service 26 | spec: 27 | selector: 28 | app: redis 29 | ports: 30 | - port: 6379 -------------------------------------------------------------------------------- /deploying-simple-apple-and-banana-ingress/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: fruit-ing 5 | spec: 6 | rules: 7 | - http: 8 | paths: 9 | - path: /apple 10 | pathType: Prefix 11 | backend: 12 | service: 13 | name: apple-svc 14 | port: 15 | number: 8080 16 | - path: /banana 17 | pathType: Prefix 18 | backend: 19 | service: 20 | name: banana-svc 21 | port: 22 | number: 8080 23 | ingressClassName: nginx -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/README.md: -------------------------------------------------------------------------------- 1 | # 部署一个简单的加减乘除计算器微服务 2 | 3 | 本示例使用 grpc 和 Gin 来构建一个简单的加减乘除计算服务。项目架构很简单,分为两部分: 4 | 5 | * 一个是对外暴露的 Web 服务:api-server 6 | * 一个是内部调用的微服务:calculator 7 | 8 | ### 前置依赖 9 | 10 | protoc: 11 | 12 | ```shell 13 | brew install protoc 14 | go install google.golang.org/protobuf/cmd/protoc-gen-go@latest 15 | go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest 16 | ``` 17 | 18 | ingress-nginx 控制器: 19 | 20 | ```shell 21 | kubectl apply -k ../ingress-nginx 22 | ``` 23 | 24 | ### 构建镜像 25 | 26 | ```shell 27 | make docker-build 28 | ``` 29 | 30 | ### 部署 31 | 32 | ```shell 33 | make kube-deploy 34 | ``` -------------------------------------------------------------------------------- /istio/3.virtual-service/README.md: -------------------------------------------------------------------------------- 1 | # 虚拟服务 2 | 3 | ### Demo 介绍 4 | 5 | 基于 [jxlwqq/http-echo](https://github.com/jxlwqq/http-echo) 镜像,我们部署两个简单的 Web 服务。访问它们时,分别返回 `v1` 和 `v2`。 6 | 7 | ### 部署 8 | 9 | ```shell 10 | kubectl apply -f echo-v1-deployment.yaml 11 | kubectl apply -f echo-v1-service.yaml 12 | kubectl apply -f echo-v2-deployment.yaml 13 | kubectl apply -f echo-v2-service.yaml 14 | kubectl apply -f istio-gateway.yaml # istio 网关 15 | kubectl apply -f istio-virtual-service.yaml # istio 虚拟服务 16 | ``` 17 | 18 | ### 访问 19 | 20 | ```shell 21 | curl http://localhost # 返回的 v1 与 v2 大致的比例是 9:1 22 | ``` 23 | 24 | ### 清理 25 | 26 | ```shell 27 | kubectl delete -k . 28 | ``` -------------------------------------------------------------------------------- /deploying-kbp-journal-app/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: journal-ing 5 | namespace: default 6 | spec: 7 | rules: 8 | - http: 9 | paths: 10 | - path: /api 11 | pathType: Prefix 12 | backend: 13 | service: 14 | name: frontend-svc 15 | port: 16 | number: 8080 17 | - path: / 18 | pathType: Prefix 19 | backend: 20 | service: 21 | name: fileserver-svc 22 | port: 23 | number: 80 24 | ingressClassName: nginx 25 | -------------------------------------------------------------------------------- /deploying-simple-echo-app-using-canary-deployment/ingress-canary-by-header.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: echo-canary-ing 5 | annotations: 6 | nginx.ingress.kubernetes.io/canary: "true" 7 | nginx.ingress.kubernetes.io/canary-by-header: "Region" 8 | nginx.ingress.kubernetes.io/canary-by-header-pattern: "shanghai|beijing" 9 | spec: 10 | rules: 11 | - host: canary.example.com 12 | http: 13 | paths: 14 | - path: / 15 | pathType: Prefix 16 | backend: 17 | service: 18 | name: echo-v2-svc 19 | port: 20 | number: 80 21 | ingressClassName: nginx -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/webfrontend-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: web-frontend 5 | labels: 6 | app: web-frontend 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: web-frontend 12 | template: 13 | metadata: 14 | labels: 15 | app: web-frontend 16 | version: v1 17 | spec: 18 | containers: 19 | - image: gcr.io/tetratelabs/web-frontend:1.0.0 20 | imagePullPolicy: Always 21 | name: web 22 | ports: 23 | - containerPort: 8080 24 | env: 25 | - name: CUSTOMER_SERVICE_URL 26 | value: 'http://customers.default.svc.cluster.local' -------------------------------------------------------------------------------- /deploying-simple-apple-and-banana-ingress/apple-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: apple 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: apple 9 | replicas: 2 10 | template: 11 | metadata: 12 | labels: 13 | app: apple 14 | spec: 15 | containers: 16 | - name: apple 17 | image: jxlwqq/http-echo 18 | args: 19 | - "--text=apple" 20 | ports: 21 | - containerPort: 8080 22 | 23 | --- 24 | 25 | kind: Service 26 | apiVersion: v1 27 | metadata: 28 | name: apple-svc 29 | spec: 30 | selector: 31 | app: apple 32 | ports: 33 | - port: 8080 34 | targetPort: 8080 35 | 36 | -------------------------------------------------------------------------------- /deploying-simple-apple-and-banana-ingress/banana-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: banana 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: banana 9 | replicas: 2 10 | template: 11 | metadata: 12 | labels: 13 | app: banana 14 | spec: 15 | containers: 16 | - name: banana 17 | image: jxlwqq/http-echo 18 | args: 19 | - "--text=banana" 20 | ports: 21 | - containerPort: 8080 22 | 23 | --- 24 | 25 | kind: Service 26 | apiVersion: v1 27 | metadata: 28 | name: banana-svc 29 | spec: 30 | selector: 31 | app: banana 32 | ports: 33 | - port: 8080 34 | targetPort: 8080 -------------------------------------------------------------------------------- /dapr/0.installing/redis.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: dapr.io/v1alpha1 2 | kind: Component 3 | metadata: 4 | name: statestore 5 | spec: 6 | type: state.redis 7 | version: v1 8 | metadata: 9 | # These settings will work out of the box if you use `helm install 10 | # bitnami/redis`. If you have your own setup, replace 11 | # `redis-master:6379` with your own Redis master address, and the 12 | # Redis password with your own Secret's name. For more information, 13 | # see https://docs.dapr.io/operations/components/component-secrets . 14 | - name: redisHost 15 | value: redis-master:6379 16 | - name: redisPassword 17 | secretKeyRef: 18 | name: redis 19 | key: redis-password 20 | auth: 21 | secretStore: kubernetes -------------------------------------------------------------------------------- /deploying-simple-hello-gin-app/hello-gin-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello-gin 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: hello-gin 9 | template: 10 | metadata: 11 | labels: 12 | app: hello-gin 13 | spec: 14 | containers: 15 | - name: hello-gin 16 | image: jxlwqq/hello-gin:latest 17 | resources: 18 | limits: 19 | memory: "128Mi" 20 | cpu: "500m" 21 | ports: 22 | - containerPort: 8080 23 | --- 24 | apiVersion: v1 25 | kind: Service 26 | metadata: 27 | name: hello-gin-svc 28 | spec: 29 | selector: 30 | app: hello-gin 31 | ports: 32 | - port: 8080 33 | targetPort: 8080 -------------------------------------------------------------------------------- /deploying-simple-php-app-with-fpm-and-nginx/configmap.yaml: -------------------------------------------------------------------------------- 1 | kind: ConfigMap 2 | apiVersion: v1 3 | metadata: 4 | name: nginx-config 5 | data: 6 | nginx.conf: | 7 | events { 8 | } 9 | http { 10 | server { 11 | listen 80 default_server; 12 | listen [::]:80 default_server; 13 | root /var/www/html; 14 | index index.php; 15 | server_name _; 16 | location / { 17 | try_files $uri $uri/ =404; 18 | } 19 | location ~ \.php$ { 20 | include fastcgi_params; 21 | fastcgi_param REQUEST_METHOD $request_method; 22 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 23 | fastcgi_pass 127.0.0.1:9000; 24 | } 25 | } 26 | } -------------------------------------------------------------------------------- /deploying-simple-hello-spring-app/hello-spring-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello-spring 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: hello-spring 9 | template: 10 | metadata: 11 | labels: 12 | app: hello-spring 13 | spec: 14 | containers: 15 | - name: hello-spring 16 | image: jxlwqq/hello-spring:latest 17 | resources: 18 | limits: 19 | memory: "1Gi" 20 | cpu: "500m" 21 | ports: 22 | - containerPort: 8080 23 | --- 24 | apiVersion: v1 25 | kind: Service 26 | metadata: 27 | name: hello-spring-svc 28 | spec: 29 | selector: 30 | app: hello-spring 31 | ports: 32 | - port: 8080 33 | targetPort: 8080 -------------------------------------------------------------------------------- /deploying-simple-echo-app-using-canary-deployment/echo-v1-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: echo-v1 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: echo 9 | version: v1 10 | template: 11 | metadata: 12 | labels: 13 | app: echo 14 | version: v1 15 | spec: 16 | containers: 17 | - name: echo 18 | image: jxlwqq/http-echo 19 | args: 20 | - "--text=echo-v1" 21 | ports: 22 | - containerPort: 8080 23 | 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: echo-v1-svc 29 | spec: 30 | selector: 31 | app: echo 32 | version: v1 33 | ports: 34 | - port: 80 35 | targetPort: 8080 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /deploying-simple-echo-app-using-canary-deployment/echo-v2-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: echo-v2 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: echo 9 | version: v2 10 | template: 11 | metadata: 12 | labels: 13 | app: echo 14 | version: v2 15 | spec: 16 | containers: 17 | - name: echo 18 | image: jxlwqq/http-echo 19 | args: 20 | - "--text=echo-v2" 21 | ports: 22 | - containerPort: 8080 23 | 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: echo-v2-svc 29 | spec: 30 | selector: 31 | app: echo 32 | version: v2 33 | ports: 34 | - port: 80 35 | targetPort: 8080 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /deploying-nodejs-note-application-with-mongodb/README.md: -------------------------------------------------------------------------------- 1 | #### 示例来源 2 | 3 | [Hands-on guide: developing and deploying Node.js apps in Kubernetes](https://learnk8s.io/nodejs-kubernetes-guide) 4 | 5 | 本仓库的示例均使用 Ingress 进行负载均衡,所以略有调整。也可以点击链接按照原文步骤进行安装和实验。 6 | 7 | #### 镜像准备 8 | 9 | ```bash 10 | docker pull learnk8s/knote-js:1.0.0 # 源码地址:https://github.com/learnk8s/knote-js/tree/master/01 11 | docker pull mongo 12 | ``` 13 | #### 部署服务 14 | ```bash 15 | kubectl apply -f frontend-deployment-and-service.yaml 16 | kubectl apply -f mongo-deployment-and-service.yaml 17 | kubectl apply -f ingress.yaml 18 | 19 | ############# 20 | # 或者使用一个命令进行部署 21 | kubectl apply -k ./ 22 | ############# 23 | ``` 24 | 25 | #### 访问 26 | 27 | 打开浏览器访问:`http://localhost` 28 | 29 | 30 | #### 清理 31 | ```shell 32 | kubectl delete -k ./ 33 | ``` -------------------------------------------------------------------------------- /deploying-nodejs-note-application-with-mongodb/frontend-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: frontend-deployment 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: frontend 9 | template: 10 | metadata: 11 | labels: 12 | app: frontend 13 | spec: 14 | containers: 15 | - name: frontend 16 | image: learnk8s/knote-js:1.0.0 17 | ports: 18 | - containerPort: 3000 19 | env: 20 | - name: MONGO_URL 21 | value: mongodb://mongo-service:27017/dev 22 | imagePullPolicy: Always 23 | --- 24 | kind: Service 25 | apiVersion: v1 26 | metadata: 27 | name: frontend-service 28 | spec: 29 | selector: 30 | app: frontend 31 | ports: 32 | - port: 80 33 | targetPort: 3000 34 | 35 | -------------------------------------------------------------------------------- /deploying-laravel-application/laravel-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: laravel-deployment 5 | labels: 6 | app: laravel 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: laravel 11 | template: 12 | metadata: 13 | name: laravel 14 | labels: 15 | app: laravel 16 | spec: 17 | containers: 18 | - name: laravel 19 | image: jxlwqq/laravel-kubernetes-demo 20 | envFrom: 21 | - configMapRef: 22 | name: laravel-env 23 | ports: 24 | - containerPort: 80 25 | --- 26 | kind: Service 27 | apiVersion: v1 28 | metadata: 29 | name: laravel-service 30 | labels: 31 | app: laravel 32 | spec: 33 | selector: 34 | app: laravel 35 | ports: 36 | - port: 80 37 | targetPort: 80 38 | -------------------------------------------------------------------------------- /dapr/1.hello-kubernetes/python/app.py: -------------------------------------------------------------------------------- 1 | # ------------------------------------------------------------ 2 | # Copyright (c) Microsoft Corporation. 3 | # Licensed under the MIT License. 4 | # ------------------------------------------------------------ 5 | 6 | import os 7 | import requests 8 | import time 9 | 10 | dapr_port = os.getenv("DAPR_HTTP_PORT", 3500) 11 | dapr_url = "http://localhost:{}/v1.0/invoke/nodeapp/method/neworder".format(dapr_port) 12 | 13 | n = 0 14 | while True: 15 | n += 1 16 | message = {"data": {"orderId": n}} 17 | 18 | try: 19 | response = requests.post(dapr_url, json=message, timeout=5) 20 | if not response.ok: 21 | print("HTTP %d => %s" % (response.status_code, 22 | response.content.decode("utf-8")), flush=True) 23 | except Exception as e: 24 | print(e, flush=True) 25 | 26 | time.sleep(1) -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/internal/health/server.go: -------------------------------------------------------------------------------- 1 | package health 2 | 3 | import ( 4 | "context" 5 | healthv1 "github.com/jxlwqq/route-guide/api/protobuf/health" 6 | "log" 7 | ) 8 | 9 | type server struct { 10 | healthv1.UnimplementedHealthServer 11 | } 12 | 13 | func (s server) Check(ctx context.Context, request *healthv1.HealthCheckRequest) (*healthv1.HealthCheckResponse, error) { 14 | log.Printf("Received Check") 15 | return &healthv1.HealthCheckResponse{ 16 | Status: healthv1.HealthCheckResponse_SERVING, 17 | }, nil 18 | } 19 | 20 | func (s server) Watch(request *healthv1.HealthCheckRequest, watchServer healthv1.Health_WatchServer) error { 21 | log.Printf("Received Watch") 22 | return watchServer.Send(&healthv1.HealthCheckResponse{ 23 | Status: healthv1.HealthCheckResponse_SERVING, 24 | }) 25 | } 26 | 27 | func NewServer() healthv1.HealthServer { 28 | return &server{} 29 | } 30 | -------------------------------------------------------------------------------- /.github/workflows/testing.yml: -------------------------------------------------------------------------------- 1 | name: "Testing" 2 | on: [pull_request, push] 3 | 4 | jobs: 5 | kind: 6 | runs-on: ubuntu-latest 7 | steps: 8 | - uses: actions/checkout@v3 9 | - name: Kind Cluster 10 | uses: helm/kind-action@v1.2.0 11 | - name: Deploying ingress-nginx 12 | run: | 13 | kubectl cluster-info 14 | echo "current-context:" $(kubectl config current-context) 15 | kubectl apply -k ./ingress-nginx 16 | kubectl rollout status deployments.apps ingress-nginx-controller --namespace=ingress-nginx 17 | kubectl get service ingress-nginx-controller --namespace=ingress-nginx 18 | - name: Deploying simple apple and banana ingress 19 | run: | 20 | kubectl apply -k ./deploying-simple-apple-and-banana-ingress 21 | kubectl rollout status deployments.apps apple 22 | kubectl rollout status deployments.apps banana 23 | 24 | 25 | -------------------------------------------------------------------------------- /deploying-simple-hello-flask-app/hello-flask-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello-flask 5 | spec: 6 | selector: 7 | matchLabels: 8 | name: hello-flask 9 | template: 10 | metadata: 11 | name: hello-flask 12 | labels: 13 | name: hello-flask 14 | spec: 15 | containers: 16 | - name: hello-flask 17 | image: jxlwqq/hello-flask:latest 18 | ports: 19 | - containerPort: 5000 20 | livenessProbe: 21 | httpGet: 22 | path: / 23 | port: 5000 24 | readinessProbe: 25 | httpGet: 26 | path: / 27 | port: 5000 28 | --- 29 | apiVersion: v1 30 | kind: Service 31 | metadata: 32 | name: hello-flask-svc 33 | spec: 34 | selector: 35 | name: hello-flask 36 | ports: 37 | - port: 80 38 | targetPort: 5000 39 | 40 | -------------------------------------------------------------------------------- /deploying-simple-hello-express-app/hello-express-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello-express 5 | spec: 6 | selector: 7 | matchLabels: 8 | app.kubernetes.io/name: hello-express 9 | app.kubernetes.io/version: 1.0.0 10 | replicas: 3 11 | template: 12 | metadata: 13 | labels: 14 | app.kubernetes.io/name: hello-express 15 | app.kubernetes.io/version: 1.0.0 16 | spec: 17 | containers: 18 | - name: hello-express 19 | image: jxlwqq/hello-express:1.0.0 20 | ports: 21 | - containerPort: 3000 22 | protocol: TCP 23 | --- 24 | apiVersion: v1 25 | kind: Service 26 | metadata: 27 | name: hello-express-svc 28 | labels: 29 | app.kubernetes.io/name: hello-express 30 | spec: 31 | selector: 32 | app.kubernetes.io/name: hello-express 33 | type: ClusterIP 34 | ports: 35 | - port: 3000 36 | targetPort: 3000 -------------------------------------------------------------------------------- /istio/case-grpc-web/frontend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: client 5 | labels: 6 | app: client 7 | service: client 8 | spec: 9 | ports: 10 | - port: 3000 11 | targetPort: 3000 12 | name: http 13 | appProtocol: http 14 | selector: 15 | app: client 16 | --- 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | metadata: 20 | name: client 21 | labels: 22 | app: client 23 | version: v1 24 | spec: 25 | replicas: 1 26 | selector: 27 | matchLabels: 28 | app: client 29 | version: v1 30 | template: 31 | metadata: 32 | labels: 33 | app: client 34 | version: v1 35 | spec: 36 | containers: 37 | - name: client 38 | image: nadera2/grpc-web-client 39 | imagePullPolicy: IfNotPresent 40 | env: 41 | - name: REACT_APP_GATEWAY_URL 42 | value: localhost 43 | ports: 44 | - containerPort: 3000 -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/cmd/calculator/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | calculatorv1 "github.com/jxlwqq/route-guide/api/protobuf/calculator" 5 | healthv1 "github.com/jxlwqq/route-guide/api/protobuf/health" 6 | "github.com/jxlwqq/route-guide/internal/calculator" 7 | "github.com/jxlwqq/route-guide/internal/health" 8 | "google.golang.org/grpc" 9 | "log" 10 | "net" 11 | ) 12 | 13 | const ( 14 | PORT = ":50051" 15 | ) 16 | 17 | func main() { 18 | lis, err := net.Listen("tcp", PORT) 19 | if err != nil { 20 | log.Fatalf("failed to listen: %v", err) 21 | } 22 | s := grpc.NewServer() 23 | 24 | calculatorServer := calculator.NewServer() 25 | healthServer := health.NewServer() 26 | 27 | calculatorv1.RegisterCalculatorServer(s, calculatorServer) 28 | healthv1.RegisterHealthServer(s, healthServer) 29 | 30 | log.Printf("server listening at %v", lis.Addr()) 31 | if err = s.Serve(lis); err != nil { 32 | log.Fatalf("failed to serve: %v", err) 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /deploying-php-guestbook-application-with-redis/frontend-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: frontend 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: guestbook 10 | tier: frontend 11 | template: 12 | metadata: 13 | labels: 14 | app: guestbook 15 | tier: frontend 16 | spec: 17 | containers: 18 | - name: php-redis 19 | image: gcr.io/google_samples/gb-frontend:v5 20 | env: 21 | - name: GET_HOSTS_FROM 22 | value: "dns" 23 | resources: 24 | requests: 25 | cpu: 100m 26 | memory: 100Mi 27 | ports: 28 | - containerPort: 80 29 | --- 30 | apiVersion: v1 31 | kind: Service 32 | metadata: 33 | name: frontend 34 | labels: 35 | app: guestbook 36 | tier: frontend 37 | spec: 38 | ports: 39 | - port: 80 40 | selector: 41 | app: guestbook 42 | tier: frontend -------------------------------------------------------------------------------- /deploying-kbp-journal-app/README.md: -------------------------------------------------------------------------------- 1 | # KBP Journal App 2 | 3 | 《Kubernetes Best Practices》第一章「搭建一个基本服务」的示例应用程序。随书仓库 https://github.com/brendandburns/kbp-sample 代码不全。 4 | 5 | 本示例中的应用程序包含: 6 | * 一个用于存储数据的 Redis 后端服务 `redis/` 7 | * 一个简单的日志系统 `frontend/` 8 | * 一个 Nginx 静态文件服务器 `fileserver/` 9 | 10 | #### 部署有状态 Redis 后端服务 11 | 12 | 使用 StatefulSet 资源来部署 Redis 集群,使用卷说明来编写可复制的模版,为多副本中的每个 Pod 分配自己独有的 PV。集群中的 Leader 和 Follower 使用存储在 ConfigMap 中启动脚本区分角色。 13 | 14 | ```shell 15 | kubectl apply -f redis/ 16 | ``` 17 | 18 | #### 部署日志服务 19 | 20 | 日志系统的前端采用 TS 实现的一个 Node.js 应用程序,该应用程序使用暴露在 8080 端口上的 HTTP服务来处理请求,并采用 Redis 作为后端来 CURD 当前日志条目。 21 | 22 | ```shell 23 | kubectl apply -f frontend/ 24 | ``` 25 | 26 | #### 部署静态文件服务器 27 | 28 | 使用 Deployment 来声明多副本的 Nginx 服务器。 29 | 30 | ```shell 31 | kubectl apply -f fileserver/ 32 | ``` 33 | 34 | #### 部署 Ingress 35 | 36 | ```shell 37 | kubectl apply -f ingress.yaml 38 | kubectl apply -f ../ingress-nginx/deploy.yaml 39 | ``` 40 | 41 | #### 清理 42 | 43 | ```shell 44 | kubectl delete -k . 45 | ``` 46 | 47 | -------------------------------------------------------------------------------- /deploying-kbp-journal-app/fileserver/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: fileserver 5 | namespace: default 6 | labels: 7 | app: fileserver 8 | spec: 9 | replicas: 2 10 | selector: 11 | matchLabels: 12 | app: fileserver 13 | template: 14 | metadata: 15 | labels: 16 | app: fileserver 17 | spec: 18 | containers: 19 | - name: fileserver 20 | image: nginx:latest 21 | imagePullPolicy: IfNotPresent 22 | readinessProbe: 23 | httpGet: 24 | port: 80 25 | path: / 26 | livenessProbe: 27 | httpGet: 28 | port: 80 29 | path: / 30 | lifecycle: 31 | preStop: 32 | exec: 33 | command: [ "usr/sbin/nginx", "-s", "quit" ] 34 | terminationMessagePath: /dev/termination-log 35 | terminationMessagePolicy: File 36 | dnsPolicy: ClusterFirst 37 | restartPolicy: Always -------------------------------------------------------------------------------- /istio/case-grpc-web/backend.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: server 5 | labels: 6 | app: server 7 | service: server 8 | spec: 9 | ports: 10 | - port: 8080 11 | name: grpc-web 12 | targetPort: 8080 13 | appProtocol: grpc-web # https://istio.io/latest/zh/docs/ops/configuration/traffic-management/protocol-selection/ 14 | selector: 15 | app: server 16 | --- 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | metadata: 20 | name: server 21 | labels: 22 | app: server 23 | version: v1 24 | spec: 25 | replicas: 1 26 | selector: 27 | matchLabels: 28 | app: server 29 | version: v1 30 | template: 31 | metadata: 32 | labels: 33 | app: server 34 | version: v1 35 | spec: 36 | containers: 37 | - name: server 38 | image: nadera2/grpc-web-server 39 | imagePullPolicy: IfNotPresent 40 | ports: 41 | - containerPort: 8080 42 | securityContext: 43 | runAsUser: 1000 -------------------------------------------------------------------------------- /cka-training/2.pod.md: -------------------------------------------------------------------------------- 1 | # Pod 2 | 3 | 4 |  5 | 6 | pod 就像一个豌豆荚,里面的豌豆就是 container。 7 | 8 | 最小原子单位。 9 | 10 | ```shell 11 | kubectl run nginx-pod --image=nginx --dry-run=client -output=yaml > nginx-pod.yaml # --dry-run=server 12 | kubectl apply -f nginx-pod.yaml 13 | kubectl get pods 14 | ``` 15 | 16 | ```yaml 17 | apiVersion: v1 # 对象 api 版本 18 | kind: Pod # 对象类型 19 | metadata: # 元数据 20 | labels: # 标签 21 | run: nginx-pod # key: value 22 | name: nginx-pod 23 | spec: 24 | containers: 25 | - image: nginx 26 | name: nginx-pod 27 | resources: {} 28 | dnsPolicy: ClusterFirst 29 | restartPolicy: Always 30 | ``` 31 | 32 | [推荐使用的标签](https://kubernetes.io/zh/docs/concepts/overview/working-with-objects/common-labels/) 33 | 34 | #### 35 | Assigning Pods to Nodes 36 | 37 | ### 污点和容忍度 38 | 39 | Taint And Toleration 40 | 41 | ```shell 42 | kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints 43 | ``` 44 | -------------------------------------------------------------------------------- /cka-training/8.troubleshooting.md: -------------------------------------------------------------------------------- 1 | # 故障排查 2 | 3 | 如何找到真实的故障原因,每个人都有自己的实践总结。而 Kubernetes 集群的复杂性会在排查的过程中造成干扰,会让你忽视真正需要洞悉的信号。在考虑 Kubernetes 中的故障排查时,笔者通常采取分层的方法,依次 check 如下因素: 4 | 5 | * 节点(控制面板和 node) 6 | * 集群原生组件(apiserver、controller-manager、scheduler、kubelet、etcd、容器运行时等) 7 | * 集群附加组件(网络和网络策略 Calico 等、服务发现 coreDNS 等) 8 | * 终端用户应用程序(实际部署的 apps) 9 | 10 | ## 集群排错 11 | 12 | #### 节点 NotReady 13 | 14 | * 检查 kube-system 命名空间下的 Pod 状态:`kubectl get pods -n kube-system -o wide` ; 15 | * 检查是否安装了 Pod 网络附加组件,如 Calico 等; 16 | * 检查节点组件 kubelet 是否正常运行,`systemctl is-active kubelet`; 17 | * `PLEG`: 容器运行时是否工作正常,节点服务器的 Docker 或者 containerd 是否运行正常。 18 | 19 | 参考:https://aws.amazon.com/cn/premiumsupport/knowledge-center/eks-node-status-ready/ 20 | 21 | ## 应用排错 22 | 23 | * OOM(内存不足)事件:1)优化应用程序内部的逻辑,优化内存使用;2)内存用量达到预警值时驱逐 pod,以减少对系统的冲击并防止系统 OOM 的发生; 24 | * `kubectl describe` 可以重点关注对象的 Event 事件信息; 25 | * `kubectl get events` 查看 Event 事件列表; 26 | * `kubectl logs` 查看应用程序的标准输出; 27 | * `kubectl exec` 进入容器内,查看一些必要的信息或执行相关 debug 命令; 28 | * `kubectl port-forward` 将服务转发至本地端口,方便调试; 29 | -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/kubernetes-manifests/calculator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: calculator 5 | labels: 6 | app: calculator 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: calculator 11 | template: 12 | metadata: 13 | labels: 14 | app: calculator 15 | spec: 16 | containers: 17 | - name: calculator 18 | image: jxlwqq/calculator 19 | imagePullPolicy: IfNotPresent 20 | ports: 21 | - containerPort: 50051 22 | readinessProbe: 23 | exec: 24 | command: [ "/grpc-health-probe", "-addr=:50051" ] 25 | livenessProbe: 26 | exec: 27 | command: [ "/grpc-health-probe", "-addr=:50051" ] 28 | --- 29 | apiVersion: v1 30 | kind: Service 31 | metadata: 32 | name: calculator-svc 33 | labels: 34 | app: calculator 35 | spec: 36 | selector: 37 | app: calculator 38 | ports: 39 | - port: 50051 40 | targetPort: 50051 -------------------------------------------------------------------------------- /deploying-php-guestbook-application-with-redis/redis-leader-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: redis-leader 5 | labels: 6 | app: redis 7 | role: leader 8 | tier: backend 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: redis 14 | template: 15 | metadata: 16 | labels: 17 | app: redis 18 | role: leader 19 | tier: backend 20 | spec: 21 | containers: 22 | - name: leader 23 | image: "docker.io/redis:6.0.5" 24 | resources: 25 | requests: 26 | cpu: 100m 27 | memory: 100Mi 28 | ports: 29 | - containerPort: 6379 30 | --- 31 | apiVersion: v1 32 | kind: Service 33 | metadata: 34 | name: redis-leader 35 | labels: 36 | app: redis 37 | role: leader 38 | tier: backend 39 | spec: 40 | ports: 41 | - port: 6379 42 | targetPort: 6379 43 | selector: 44 | app: redis 45 | role: leader 46 | tier: backend -------------------------------------------------------------------------------- /deploying-php-guestbook-application-with-redis/redis-follower-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: redis-follower 5 | labels: 6 | app: redis 7 | role: follower 8 | tier: backend 9 | spec: 10 | replicas: 2 11 | selector: 12 | matchLabels: 13 | app: redis 14 | template: 15 | metadata: 16 | labels: 17 | app: redis 18 | role: follower 19 | tier: backend 20 | spec: 21 | containers: 22 | - name: follower 23 | image: gcr.io/google_samples/gb-redis-follower:v2 24 | resources: 25 | requests: 26 | cpu: 100m 27 | memory: 100Mi 28 | ports: 29 | - containerPort: 6379 30 | --- 31 | apiVersion: v1 32 | kind: Service 33 | metadata: 34 | name: redis-follower 35 | labels: 36 | app: redis 37 | role: follower 38 | tier: backend 39 | spec: 40 | ports: 41 | - port: 6379 42 | selector: 43 | app: redis 44 | role: follower 45 | tier: backend -------------------------------------------------------------------------------- /deploying-basic-statefulset-app/nginx-statefulset-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: nginx 5 | labels: 6 | app: nginx 7 | spec: 8 | ports: 9 | - port: 80 10 | name: web 11 | clusterIP: None 12 | selector: 13 | app: nginx 14 | --- 15 | apiVersion: apps/v1 16 | kind: StatefulSet 17 | metadata: 18 | name: web 19 | spec: 20 | serviceName: nginx 21 | replicas: 2 22 | selector: 23 | matchLabels: 24 | app: nginx 25 | template: 26 | metadata: 27 | labels: 28 | app: nginx 29 | spec: 30 | containers: 31 | - name: nginx 32 | image: k8s.gcr.io/nginx-slim:0.8 33 | ports: 34 | - containerPort: 80 35 | name: web 36 | volumeMounts: 37 | - name: www 38 | mountPath: /usr/share/nginx/html 39 | volumeClaimTemplates: 40 | - metadata: 41 | name: www 42 | spec: 43 | accessModes: [ "ReadWriteOnce" ] 44 | resources: 45 | requests: 46 | storage: 1Gi -------------------------------------------------------------------------------- /istio/1.profile/README.md: -------------------------------------------------------------------------------- 1 | # 配置文件 2 | 3 | 在上一节安装环节中,我们在命令行中增加了 `--set profile=demo` 参数: 4 | 5 | ```shell 6 | istioctl install --set profile=demo -y 7 | ``` 8 | 9 | profile 是 istioctl 内置的安装配置文件,有以下几个选择: 10 | 11 | 1. default:根据 IstioOperator API 的默认设置启动组件。 建议用于生产部署和 Multicluster Mesh 中的 Primary Cluster。 12 | 2. demo:这一配置具有适度的资源需求,旨在展示 Istio 的功能。 它适合运行 Bookinfo 应用程序和相关任务。 这是通过快速开始指导安装的配置。 13 | 3. minimal:与默认配置文件相同,但只安装了控制平面组件。 它允许您使用 Separate Profile 配置控制平面和数据平面组件(例如 Gateway)。 14 | 4. remote:配置 Multicluster Mesh 的 Remote Cluster。 15 | 5. empty:不部署任何东西。可以作为自定义配置的基本配置文件。 16 | 6. preview:预览文件包含的功能都是实验性。这是为了探索 Istio 的新功能。不确保稳定性、安全性和性能(使用风险需自负)。 17 | 18 | 本地开发环境一般选择 `demo`,生产部署选择 `default`。 19 | 20 | 21 | 标注 ✔ 的组件安装在每个配置文件中: 22 | 23 | | | default | demo | minimal | remote | empty | preview | 24 | | --- | --- | --- | --- | --- | --- | --- | 25 | | 核心组件 | | | | | | | | 26 | | `istio-egressgateway` | | ✔ | | | | | | | 27 | | `istio-ingressgateway` | ✔ | ✔ | | | | ✔ | 28 | | `istiod` | ✔ | ✔ | ✔ | | | ✔ | 29 | 30 | -------------------------------------------------------------------------------- /deploying-hello-world-web-application-with-go/hello-web-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: hello-web 5 | spec: 6 | selector: 7 | matchLabels: 8 | app.kubernetes.io/name: hello-web 9 | app.kubernetes.io/component: frontend 10 | replicas: 1 11 | template: 12 | metadata: 13 | labels: 14 | app.kubernetes.io/name: hello-web 15 | app.kubernetes.io/component: frontend 16 | spec: 17 | containers: 18 | - name: hello-web 19 | image: gcr.io/google-samples/hello-app:1.0 20 | ports: 21 | - containerPort: 8080 22 | resources: 23 | requests: 24 | cpu: 200m 25 | 26 | --- 27 | 28 | apiVersion: v1 29 | kind: Service 30 | metadata: 31 | name: hello-web-svc 32 | labels: 33 | app.kubernetes.io/name: hello-web 34 | app.kubernetes.io/component: frontend 35 | spec: 36 | selector: 37 | app.kubernetes.io/name: hello-web 38 | app.kubernetes.io/component: frontend 39 | ports: 40 | - port: 80 41 | targetPort: 8080 42 | 43 | 44 | -------------------------------------------------------------------------------- /deploying-nodejs-note-application-with-mongodb/mongo-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: mongo-deployment 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: mongo 9 | template: 10 | metadata: 11 | labels: 12 | app: mongo 13 | spec: 14 | containers: 15 | - name: mongo 16 | image: mongo 17 | ports: 18 | - containerPort: 27017 19 | volumeMounts: 20 | - mountPath: /data/db 21 | name: mongo-storage 22 | volumes: 23 | - name: mongo-storage 24 | persistentVolumeClaim: 25 | claimName: mongo-persistentvolumeclaim 26 | --- 27 | kind: PersistentVolumeClaim 28 | apiVersion: v1 29 | metadata: 30 | name: mongo-persistentvolumeclaim 31 | spec: 32 | accessModes: 33 | - ReadWriteOnce 34 | resources: 35 | requests: 36 | storage: 256Mi 37 | --- 38 | kind: Service 39 | apiVersion: v1 40 | metadata: 41 | name: mongo-service 42 | spec: 43 | selector: 44 | app: mongo 45 | ports: 46 | - port: 27017 47 | targetPort: 27017 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 jxlwqq 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /learn-from-source-code/what-happens-in-kubernetes-when-a-request-hits-kube-apiserver.md: -------------------------------------------------------------------------------- 1 | # 当一个请求到达 kube-apiserver 时,Kubernetes 内部发生了什么? 2 | 3 | 我们通常使用 kubectl 来与我们的 Kubernetes 集群进行交互作业。当 kubectl 构造的一个 REST 请求到达 kube-apiserver 时,它会经历多个阶段。 4 | 5 | 与通用的 API 安全性和可靠性规范一样,请求到达 apiserver 时,也需要经过经典的三个步骤,如下图所示: 6 | 7 |  8 | 9 | 1. 认证:验证发起 API 请求的用户的身份; 10 | 11 | 2. 鉴权:鉴别发起 API 请求的用户的权限; 12 | 13 | 3. 准入控制:变更(Mutating)和验证(Validating)传入的请求数据; 14 | 15 | ### 认证 16 | 17 | kube-server 支持多个类型的身份认证方式,包含客户端证书、密码、普通令牌、引导令牌和 JSON Web 令牌等。具体使用哪一种(或者哪几种)认证方式是由集群管理员设置的。 如果请求认证不通过,服务器将以 HTTP 状态码 401 拒绝该请求。 反之,该用户被认证为特定的 username,并且该用户名可用于后续步骤以在其决策中使用。 18 | 19 | ### 鉴权 20 | 21 | 如上图的步骤 2 所示,将请求验证为来自特定的用户后,请求必须被鉴权。 请求必须包含请求者的用户名、请求的行为以及受该操作影响的对象。 如果现有策略声明用户有权完成请求的操作,那么该请求被鉴权通过。反之,服务器将以 HTTP 状态码 403 拒绝该请求。 22 | 23 | ### 准入控制 24 | 25 | 准入控制器是一段代码,它会在请求通过认证和授权之后、对象被持久化之前拦截到达 API 服务器的请求,如上图的步骤 3 所示。 准入控制器可以执行 “验证(Validating)” 和/或 “变更(Mutating)” 操作。 变更(mutating)控制器可以修改被其接受的对象;验证(validating)控制器则不行。 准入控制过程分为两个阶段。第一阶段,运行变更准入控制器。第二阶段,运行验证准入控制器。 再次提醒,某些控制器既是变更准入控制器又是验证准入控制器。 如果任何一个阶段的任何控制器拒绝了该请求,则整个请求将立即被拒绝,并向终端用户返回一个错误。 -------------------------------------------------------------------------------- /istio/6.circuit-breaking/fortio-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: fortio-deploy 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: fortio 10 | template: 11 | metadata: 12 | annotations: 13 | # This annotation causes Envoy to serve cluster.outbound statistics via 15000/stats 14 | # in addition to the stats normally served by Istio. The Circuit Breaking example task 15 | # gives an example of inspecting Envoy stats via proxy config. 16 | proxy.istio.io/config: |- 17 | proxyStatsMatcher: 18 | inclusionPrefixes: 19 | - "cluster.outbound" 20 | - "cluster_manager" 21 | - "listener_manager" 22 | - "server" 23 | - "cluster.xds-grpc" 24 | labels: 25 | app: fortio 26 | spec: 27 | containers: 28 | - name: fortio 29 | image: fortio/fortio:latest_release 30 | imagePullPolicy: Always 31 | ports: 32 | - containerPort: 8080 33 | name: http-fortio 34 | - containerPort: 8079 35 | name: grpc-ping 36 | -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/customers-virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: customers 5 | spec: 6 | hosts: 7 | - 'svc.example.com' 8 | - 'customers.default.svc.cluster.local' 9 | gateways: 10 | - sample-gateway 11 | - mesh 12 | http: 13 | - match: 14 | - gateways: 15 | - mesh 16 | headers: 17 | user: 18 | exact: debug 19 | route: 20 | - destination: 21 | host: customers.default.svc.cluster.local 22 | port: 23 | number: 80 24 | subset: v2 25 | - match: 26 | - gateways: 27 | - mesh 28 | route: 29 | - destination: 30 | host: customers.default.svc.cluster.local 31 | port: 32 | number: 80 33 | subset: v1 34 | - match: 35 | - gateways: 36 | - sample-gateway 37 | route: 38 | - destination: 39 | host: customers.default.svc.cluster.local 40 | port: 41 | number: 80 42 | subset: v2 -------------------------------------------------------------------------------- /knative/0.installing/README.md: -------------------------------------------------------------------------------- 1 | # 安装 2 | 3 | 基于 Knative v1.0.0 版本进行安装调试。 4 | 5 | ### 前置条件 6 | 7 | * 安装 Docker Desktop,并启动内置的 Kubernetes 集群 8 | * 安装 istioctl 9 | * 安装 kn 10 | 11 | ``` 12 | brew install istioctl 13 | brew install kn 14 | ``` 15 | 16 | ### 安装 Istio 17 | ```shell 18 | istioctl install -y 19 | ``` 20 | 21 | ### 安装 Knative Operator 22 | ```shell 23 | kubectl apply -f operator.yaml 24 | ``` 25 | 26 | ### 安装 Knative Serving 27 | ```shell 28 | kubectl apply -f serving.yaml 29 | kubectl apply -f serving-default-domain.yaml 30 | ``` 31 | 32 | ### 安装 Knative Eventing 33 | ```shell 34 | kubectl apply -f eventing.yaml 35 | ``` 36 | 37 | ### 安装第一个应用 38 | ```shell 39 | kubectl apply -f http-echo.yaml 40 | ``` 41 | 42 | 查看服务: 43 | 44 | ``` 45 | kn services list 46 | ``` 47 | 48 | 返回: 49 | 50 | ``` 51 | NAME URL LATEST AGE CONDITIONS READY REASON 52 | http-echo http://http-echo.default.127.0.0.1.sslip.io http-echo-v1 21s 3 OK / 3 True 53 | ``` 54 | 55 | 56 | 访问: 57 | 58 | ``` 59 | curl http://http-echo.default.127.0.0.1.sslip.io 60 | ``` 61 | 62 | 返回: 63 | 64 | ``` 65 | v1 66 | ``` 67 | -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: proto 2 | proto: 3 | @ if ! which protoc > /dev/null; then \ 4 | echo "error: protoc not installed" >&2; \ 5 | exit 1; \ 6 | fi 7 | @ if ! which protoc-gen-go > /dev/null; then \ 8 | echo "error: protoc-gen-go not installed" >&2; \ 9 | exit 1; \ 10 | fi 11 | @ if ! which protoc-gen-go-grpc > /dev/null; then \ 12 | echo "error: protoc-gen-go-grpc not installed" >&2; \ 13 | exit 1; \ 14 | fi 15 | for file in $$(git ls-files '*.proto'); do \ 16 | protoc -I $$(dirname $$file) \ 17 | --go_out=:$$(dirname $$file) --go_opt=paths=source_relative \ 18 | --go-grpc_out=:$$(dirname $$file) --go-grpc_opt=paths=source_relative \ 19 | $$file; \ 20 | done 21 | 22 | .PHONY: docker-build 23 | docker-build: 24 | docker build -t jxlwqq/api-server -f cmd/api-server/Dockerfile . 25 | docker build -t jxlwqq/calculator -f cmd/calculator/Dockerfile . 26 | 27 | .PHONY: kube-deploy 28 | kube-deploy: 29 | kubectl apply -k ./kubernetes-manifests 30 | 31 | .PHONY: kube-undeploy 32 | kube-undeploy: 33 | kubectl delete -k ./kubernetes-manifests 34 | 35 | .PHONY: kube-redeploy 36 | kube-redeploy: 37 | make kube-undeploy 38 | make kube-deploy -------------------------------------------------------------------------------- /deploying-kbp-journal-app/frontend/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: frontend 5 | namespace: default 6 | labels: 7 | app: frontend 8 | spec: 9 | replicas: 2 10 | selector: 11 | matchLabels: 12 | app: frontend 13 | template: 14 | metadata: 15 | labels: 16 | app: frontend 17 | spec: 18 | containers: 19 | - name: frontend 20 | image: brendanburns/journal-server:latest 21 | imagePullPolicy: IfNotPresent 22 | readinessProbe: 23 | httpGet: 24 | port: 8080 25 | path: /api 26 | livenessProbe: 27 | httpGet: 28 | port: 8080 29 | path: /api 30 | env: 31 | - name: JOURNAL_ENTRIES 32 | valueFrom: 33 | configMapKeyRef: 34 | key: journalEntries 35 | name: frontend-config 36 | volumeMounts: 37 | - name: passwd-volume 38 | mountPath: /etc/redis-passwd 39 | readOnly: true 40 | volumes: 41 | - name: passwd-volume 42 | secret: 43 | secretName: redis-passwd -------------------------------------------------------------------------------- /deploying-laravel-application/README.md: -------------------------------------------------------------------------------- 1 | # 轻松部署 Laravel 应用 2 | 3 | 原文链接:[Kubernetes: deploy Laravel the easy way](https://learnk8s.io/blog/kubernetes-deploy-laravel-the-easy-way) 4 | 5 | 译文链接:[使用 Kubernetes 来部署你的 Laravel 程序](https://learnku.com/server/t/22017) 6 | 7 | 注意:原文使用了 minikube 来部署,本文使用的是 Docker for Mac 自带的 Kubernetes 集群。所以做了一些适当的调整。 8 | 9 | #### 拉取镜像 10 | 11 | 基于原文,制作了一个 Docker 镜像 [laravel-kubernetes-demo](https://hub.docker.com/repository/docker/jxlwqq/laravel-kubernetes-demo) 12 | ,方便大家快速拉取镜像: 13 | 14 | ```bash 15 | docker pull jxlwqq/laravel-kubernetes-demo 16 | ``` 17 | 18 | #### 部署 19 | 20 | ```bash 21 | kubectl apply -k ./ 22 | ``` 23 | 24 | 上述命令会应用本目录下的 kustomization.yaml 文件。它的信息如下: 25 | ```yaml 26 | resources: # 需要apply的资源文件 27 | - laravel-deployment-and-service.yaml 28 | - ingress.yaml 29 | 30 | configMapGenerator: # 生成一个 ConfigMap 对象 31 | - name: laravel-env 32 | literals: 33 | - APP_KEY=base64:zC8wVldUZfZJaGaZ7+CPh+5FzaXYmShm7G/Qh6GdRl8= 34 | ``` 35 | 36 | #### 部署 Ingress-nginx 控制器 37 | 38 | ```bash 39 | cd ../ingress-nginx 40 | kubectl apply -k ./ 41 | ``` 42 | 43 | #### 访问 44 | ```bash 45 | curl http://localhost 46 | ``` 47 | 48 | #### 清理 49 | ```bash 50 | kubectl delete -k ./ 51 | ``` 52 | -------------------------------------------------------------------------------- /deploying-php-guestbook-application-with-mongodb/mongodb-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: mongo 5 | labels: 6 | app.kubernetes.io/name: mongo 7 | app.kubernetes.io/component: backend 8 | spec: 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: mongo 12 | app.kubernetes.io/component: backend 13 | replicas: 1 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: mongo 18 | app.kubernetes.io/component: backend 19 | spec: 20 | containers: 21 | - name: mongo 22 | image: mongo:4.2 23 | args: 24 | - --bind_ip 25 | - 0.0.0.0 26 | resources: 27 | requests: 28 | cpu: 100m 29 | memory: 100Mi 30 | ports: 31 | - containerPort: 27017 32 | --- 33 | apiVersion: v1 34 | kind: Service 35 | metadata: 36 | name: mongo 37 | labels: 38 | app.kubernetes.io/name: mongo 39 | app.kubernetes.io/component: backend 40 | spec: 41 | selector: 42 | app.kubernetes.io/name: mongo 43 | app.kubernetes.io/component: backend 44 | ports: 45 | - port: 27017 46 | targetPort: 27017 47 | 48 | -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/kubernetes-manifests/api-server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: api-server 5 | labels: 6 | app: api-server 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: api-server 11 | template: 12 | metadata: 13 | labels: 14 | app: api-server 15 | spec: 16 | containers: 17 | - name: api-server 18 | image: jxlwqq/api-server:latest 19 | imagePullPolicy: IfNotPresent 20 | ports: 21 | - containerPort: 8080 22 | envFrom: 23 | - configMapRef: 24 | name: api-server-conf 25 | readinessProbe: 26 | httpGet: 27 | port: 8080 28 | path: /healthz 29 | livenessProbe: 30 | httpGet: 31 | port: 8080 32 | path: /healthz 33 | --- 34 | apiVersion: v1 35 | kind: Service 36 | metadata: 37 | name: api-server-svc 38 | labels: 39 | app: api-server 40 | spec: 41 | selector: 42 | app: api-server 43 | ports: 44 | - port: 8080 45 | targetPort: 8080 46 | --- 47 | apiVersion: v1 48 | kind: ConfigMap 49 | metadata: 50 | name: api-server-conf 51 | data: 52 | CALCULATOR_SVC: calculator-svc 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /deploying-php-guestbook-application-with-mongodb/frontend-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: frontend 5 | labels: 6 | app.kubernetes.io/name: guestbook 7 | app.kubernetes.io/component: frontend 8 | spec: 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: guestbook 12 | app.kubernetes.io/component: frontend 13 | replicas: 3 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: guestbook 18 | app.kubernetes.io/component: frontend 19 | spec: 20 | containers: 21 | - name: guestbook 22 | image: paulczar/gb-frontend:v5 23 | resources: 24 | requests: 25 | cpu: 100m 26 | memory: 100Mi 27 | env: 28 | - name: GET_HOSTS_FROM 29 | value: dns 30 | ports: 31 | - containerPort: 80 32 | --- 33 | apiVersion: v1 34 | kind: Service 35 | metadata: 36 | name: frontend 37 | labels: 38 | app.kubernetes.io/name: guestbook 39 | app.kubernetes.io/component: frontend 40 | spec: 41 | selector: 42 | app.kubernetes.io/name: guestbook 43 | app.kubernetes.io/component: frontend 44 | ports: 45 | - port: 80 46 | targetPort: 80 47 | 48 | 49 | -------------------------------------------------------------------------------- /knative/2.traffic-split/README.md: -------------------------------------------------------------------------------- 1 | # 流量分流 2 | 3 | ### 更新 Hello 服务 4 | ```shell 5 | kubectl apply -f http-echo-update.yaml 6 | ``` 7 | 8 | 访问: 9 | ```shell 10 | curl http://http-echo.default.127.0.0.1.sslip.io 11 | ``` 12 | 13 | 返回: 14 | ```shell 15 | v2 16 | ``` 17 | 18 | ### 查看修订历史 19 | 20 | ```shell 21 | kn revisions list 22 | ``` 23 | 24 | 返回: 25 | 26 | ```shell 27 | NAME SERVICE TRAFFIC TAGS GENERATION AGE CONDITIONS READY REASON 28 | http-echo-v2 http-echo 100% 2 25s 4 OK / 4 True 29 | http-echo-v1 http-echo 1 9m5s 3 OK / 4 True 30 | ``` 31 | 32 | 可以看出,http-echo-v2 版本分流了所有流量。 33 | 34 | ### 分流 35 | 36 | ```shell 37 | kubectl apply -f http-echo-split.yaml 38 | ``` 39 | 40 | 再次查看修订历史: 41 | 42 | ```shell 43 | kn revisions list 44 | ``` 45 | 46 | ```shell 47 | NAME SERVICE TRAFFIC TAGS GENERATION AGE CONDITIONS READY REASON 48 | http-echo-v2 http-echo 50% 2 61s 4 OK / 4 True 49 | http-echo-v1 http-echo 50% 1 9m41s 3 OK / 4 True 50 | ``` 51 | 52 | 现在变更为了各 50%。 53 | 54 | 再次访问: 55 | ```shell 56 | curl http://http-echo.default.127.0.0.1.sslip.io 57 | ``` 58 | 59 | 返回: 60 | 61 | ```shell 62 | v1 63 | ``` 64 | 65 | 或者: 66 | 67 | ```shell 68 | v2 69 | ``` 70 | -------------------------------------------------------------------------------- /istio/case-online-boutique/README.md: -------------------------------------------------------------------------------- 1 | # 在线精品店 2 | 3 | [Online Boutique](https://github.com/GoogleCloudPlatform/microservices-demo) 是一个云原生微服务演示应用程序。Online Boutique 是一个由 10 个微服务组成的应用。该应用是一个基于 Web 的电子商务应用,用户可以浏览商品,将其添加到购物车,并购买商品。 4 | 5 | ### 预先拉取镜像 6 | 7 | ```shell 8 | docker pull gcr.io/google-samples/microservices-demo/emailservice:v0.3.4 9 | docker pull gcr.io/google-samples/microservices-demo/checkoutservice:v0.3.4 10 | docker pull gcr.io/google-samples/microservices-demo/recommendationservice:v0.3.4 11 | docker pull gcr.io/google-samples/microservices-demo/frontend:v0.3.4 12 | docker pull gcr.io/google-samples/microservices-demo/paymentservice:v0.3.4 13 | docker pull gcr.io/google-samples/microservices-demo/productcatalogservice:v0.3.4 14 | docker pull gcr.io/google-samples/microservices-demo/cartservice:v0.3.4 15 | docker pull gcr.io/google-samples/microservices-demo/loadgenerator:v0.3.4 16 | docker pull gcr.io/google-samples/microservices-demo/currencyservice:v0.3.4 17 | docker pull gcr.io/google-samples/microservices-demo/shippingservice:v0.3.4 18 | docker pull gcr.io/google-samples/microservices-demo/adservice:v0.3.4 19 | ``` 20 | 21 | ### 部署服务 22 | 23 | ```shell 24 | git clone git@github.com:GoogleCloudPlatform/microservices-demo.git 25 | cd microservices-demo 26 | kubectl apply -f release/kubernetes-manifests.yaml 27 | kubectl apply -f release/istio-manifests.yaml 28 | ``` -------------------------------------------------------------------------------- /deploying-laravel-7-with-mysql-and-redis/mysql-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: mysql-deployment 5 | labels: 6 | app: mysql 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: mysql 11 | strategy: 12 | type: Recreate 13 | template: 14 | metadata: 15 | labels: 16 | app: mysql 17 | spec: 18 | containers: 19 | - name: mysql 20 | image: mysql:5.7 21 | env: 22 | - name: MYSQL_ALLOW_EMPTY_PASSWORD 23 | value: 'true' 24 | ports: 25 | - containerPort: 3306 26 | volumeMounts: 27 | - mountPath: /var/lib/mysql 28 | name: mysql-storage 29 | volumes: 30 | - name: mysql-storage 31 | persistentVolumeClaim: 32 | claimName: mysql-persistentvolumeclaim 33 | --- 34 | kind: PersistentVolumeClaim 35 | apiVersion: v1 36 | metadata: 37 | name: mysql-persistentvolumeclaim 38 | labels: 39 | app: mysql 40 | spec: 41 | accessModes: 42 | - ReadWriteOnce 43 | resources: 44 | requests: 45 | storage: 1Gi 46 | --- 47 | kind: Service 48 | apiVersion: v1 49 | metadata: 50 | name: mysql-service 51 | labels: 52 | app: mysql 53 | spec: 54 | selector: 55 | app: mysql 56 | ports: 57 | - port: 3306 58 | targetPort: 3306 -------------------------------------------------------------------------------- /deploying-kbp-journal-app/redis/statefulset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: redis 5 | namespace: default 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: redis 10 | serviceName: "redis" 11 | replicas: 3 12 | template: 13 | metadata: 14 | labels: 15 | app: redis 16 | spec: 17 | containers: 18 | - name: redis 19 | image: redis:5-alpine 20 | imagePullPolicy: IfNotPresent 21 | ports: 22 | - containerPort: 6379 23 | name: redis 24 | volumeMounts: 25 | - mountPath: /data 26 | name: data 27 | - mountPath: /script/launch.sh 28 | name: script 29 | subPath: launch.sh 30 | - mountPath: /etc/redis-passwd 31 | name: passwd-volume 32 | command: 33 | - sh 34 | - -c 35 | - /script/launch.sh 36 | volumes: 37 | - name: script 38 | configMap: 39 | name: redis-config 40 | defaultMode: 0777 41 | - name: passwd-volume 42 | secret: 43 | secretName: redis-passwd 44 | volumeClaimTemplates: 45 | - metadata: 46 | name: data 47 | spec: 48 | accessModes: ["ReadWriteOnce"] 49 | resources: 50 | requests: 51 | storage: 1Gi 52 | -------------------------------------------------------------------------------- /deploying-laravel-7-with-mysql-and-redis/laravel-deployment-and-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Deployment 2 | apiVersion: apps/v1 3 | metadata: 4 | name: laravel-deployment 5 | labels: 6 | app: laravel 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: laravel 11 | replicas: 1 12 | strategy: 13 | type: RollingUpdate 14 | rollingUpdate: 15 | maxSurge: 1 16 | maxUnavailable: 0 17 | template: 18 | metadata: 19 | labels: 20 | app: laravel 21 | spec: 22 | containers: 23 | - name: laravel 24 | image: jxlwqq/laravel-7-kubernetes-demo 25 | ports: 26 | - containerPort: 80 27 | env: 28 | - name: DB_HOST 29 | value : mysql-service 30 | - name: REDIS_HOST 31 | value: redis-service 32 | envFrom: 33 | - configMapRef: 34 | name: laravel-env 35 | readinessProbe: 36 | httpGet: 37 | port: 80 38 | path: / 39 | scheme: HTTP 40 | livenessProbe: 41 | httpGet: 42 | port: 80 43 | path: / 44 | scheme: HTTP 45 | --- 46 | kind: Service 47 | apiVersion: v1 48 | metadata: 49 | name: laravel-service 50 | labels: 51 | app: laravel 52 | spec: 53 | selector: 54 | app: laravel 55 | ports: 56 | - port: 80 57 | targetPort: 80 58 | 59 | -------------------------------------------------------------------------------- /istio/case-grpc-web/istio.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: server 5 | spec: 6 | host: server 7 | subsets: 8 | - name: v1 9 | labels: 10 | version: v1 11 | --- 12 | apiVersion: networking.istio.io/v1alpha3 13 | kind: DestinationRule 14 | metadata: 15 | name: client 16 | spec: 17 | host: client 18 | subsets: 19 | - name: v1 20 | labels: 21 | version: v1 22 | --- 23 | apiVersion: networking.istio.io/v1alpha3 24 | kind: Gateway 25 | metadata: 26 | name: gateway 27 | spec: 28 | selector: 29 | istio: ingressgateway 30 | servers: 31 | - port: 32 | number: 80 33 | name: http 34 | protocol: HTTP 35 | hosts: 36 | - "*" 37 | --- 38 | apiVersion: networking.istio.io/v1alpha3 39 | kind: VirtualService 40 | metadata: 41 | name: vs 42 | spec: 43 | hosts: 44 | - "*" 45 | gateways: 46 | - gateway 47 | http: 48 | - match: 49 | - uri: 50 | exact: /ui 51 | - uri: 52 | prefix: /static 53 | - uri: 54 | prefix: /sockjs-node 55 | route: 56 | - destination: 57 | host: client 58 | port: 59 | number: 3000 60 | subset: v1 61 | - route: 62 | - destination: 63 | host: server 64 | port: 65 | number: 8080 66 | subset: v1 -------------------------------------------------------------------------------- /dapr/1.hello-kubernetes/deploy.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: nodeapp 5 | labels: 6 | app: node 7 | spec: 8 | selector: 9 | app: node 10 | ports: 11 | - protocol: TCP 12 | port: 80 13 | targetPort: 3000 14 | type: LoadBalancer 15 | 16 | --- 17 | apiVersion: apps/v1 18 | kind: Deployment 19 | metadata: 20 | name: nodeapp 21 | labels: 22 | app: node 23 | spec: 24 | replicas: 1 25 | selector: 26 | matchLabels: 27 | app: node 28 | template: 29 | metadata: 30 | labels: 31 | app: node 32 | annotations: 33 | dapr.io/enabled: "true" 34 | dapr.io/app-id: "nodeapp" 35 | dapr.io/app-port: "3000" 36 | spec: 37 | containers: 38 | - name: node 39 | image: dapriosamples/hello-k8s-node:latest 40 | ports: 41 | - containerPort: 3000 42 | imagePullPolicy: Always 43 | --- 44 | apiVersion: apps/v1 45 | kind: Deployment 46 | metadata: 47 | name: pythonapp 48 | labels: 49 | app: python 50 | spec: 51 | replicas: 1 52 | selector: 53 | matchLabels: 54 | app: python 55 | template: 56 | metadata: 57 | labels: 58 | app: python 59 | annotations: 60 | dapr.io/enabled: "true" 61 | dapr.io/app-id: "pythonapp" 62 | spec: 63 | containers: 64 | - name: python 65 | image: dapriosamples/hello-k8s-python:latest -------------------------------------------------------------------------------- /deploying-simple-hello-gin-app/go.mod: -------------------------------------------------------------------------------- 1 | module hello-gin 2 | 3 | go 1.21 4 | 5 | require github.com/gin-gonic/gin v1.9.1 6 | 7 | require ( 8 | github.com/bytedance/sonic v1.10.2 // indirect 9 | github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect 10 | github.com/chenzhuoyu/iasm v0.9.0 // indirect 11 | github.com/gabriel-vasile/mimetype v1.4.2 // indirect 12 | github.com/gin-contrib/sse v0.1.0 // indirect 13 | github.com/go-playground/locales v0.14.1 // indirect 14 | github.com/go-playground/universal-translator v0.18.1 // indirect 15 | github.com/go-playground/validator/v10 v10.15.5 // indirect 16 | github.com/goccy/go-json v0.10.2 // indirect 17 | github.com/json-iterator/go v1.1.12 // indirect 18 | github.com/klauspost/cpuid/v2 v2.2.5 // indirect 19 | github.com/leodido/go-urn v1.2.4 // indirect 20 | github.com/mattn/go-isatty v0.0.19 // indirect 21 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 22 | github.com/modern-go/reflect2 v1.0.2 // indirect 23 | github.com/pelletier/go-toml/v2 v2.1.0 // indirect 24 | github.com/twitchyliquid64/golang-asm v0.15.1 // indirect 25 | github.com/ugorji/go/codec v1.2.11 // indirect 26 | golang.org/x/arch v0.5.0 // indirect 27 | golang.org/x/crypto v0.21.0 // indirect 28 | golang.org/x/net v0.23.0 // indirect 29 | golang.org/x/sys v0.18.0 // indirect 30 | golang.org/x/text v0.14.0 // indirect 31 | google.golang.org/protobuf v1.33.0 // indirect 32 | gopkg.in/yaml.v3 v3.0.1 // indirect 33 | ) 34 | -------------------------------------------------------------------------------- /metrics-server/README.md: -------------------------------------------------------------------------------- 1 | # 在 Docker Desktop 集群中安装 Metrics Server 2 | 3 | ### 部署 4 | 5 | 部署完 [Metrics Server 组件](https://github.com/kubernetes-sigs/metrics-server)后,需要 patch 下一个参数,才能正常运行: 6 | 7 | ```shell 8 | # 部署组件 9 | kubectl apply -f metrics-server.yaml 10 | # 增加一个 kubelet-insecure-tls 参数 11 | kubectl patch deployments.apps \ 12 | metrics-server \ 13 | --namespace kube-system \ 14 | --type='json' \ 15 | -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/args", "value": [ 16 | "--cert-dir=/tmp", 17 | "--secure-port=4443", 18 | "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", 19 | "--kubelet-use-node-status-port", 20 | "--metric-resolution=15s", 21 | "--kubelet-insecure-tls" 22 | ]}]' 23 | ``` 24 | 25 | ### 试验 26 | 27 | ```shell 28 | # 部署一个 nginx deployment 29 | kubectl apply -f nginx.yaml 30 | # 自动扩缩 31 | kubectl autoscale deployment nginx --min=1 --max=10 --cpu-percent=10 32 | # 暴露服务 33 | kubectl expose deployment nginx --port=80 --type=LoadBalancer 34 | # 查看 35 | kubectl top nodes 36 | kubectl top pods 37 | ``` 38 | 39 | 40 | ```shell 41 | # 获取 LoadBalancer 的 IP 地址 42 | kubectl get services nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}' 43 | # 增大负载 44 | while true; do wget -q -O- http://localhost; done 45 | # 打开另外一个窗口观察 46 | kubectl get pods --watch 47 | ``` 48 | 49 | 50 | ### 清理 51 | 52 | ```shell 53 | kubectl delete -f metrics-server.yaml 54 | kubectl delete -f nginx.yaml 55 | kubectl delete svc nginx 56 | kubectl delete hpa nginx 57 | ``` -------------------------------------------------------------------------------- /cka-training/0.tips.md: -------------------------------------------------------------------------------- 1 | # 考试 Tips 2 | 3 | #### 科学上网 4 | 5 | 考试允许访问 https://kubernetes.io/ 作为参考,请确保可以访问。 6 | 7 | #### 考试环境 8 | 9 | 理论上,你的电脑唯一可前台运行的只有 Chrome 浏览器。如果你使用的 VPN 软件不能隐藏用户界面,需要提前与监考人员沟通,说明这个软件的用途。 10 | 11 | #### 缩进 12 | 13 | 创建或修改 YAML 文件时,请使用空格来进行缩进。 14 | 15 | #### 复制粘贴 16 | 17 | 左侧题目的关键字可以直接单击复制,能复制就不手打,避免 typo。 18 | 19 | #### vi模式复制粘贴缩进错乱 20 | 21 | 新版的考试环境已经没有缩进问题,如果遇到的话,可以执行以下命令: 22 | 23 | ```shell 24 | echo set paste > .vimrc 25 | ``` 26 | 27 | #### 多集群环境 28 | 29 | 考试题目涉及到多个集群的切换,请操作前确认当前的集群与题目要求的一致。 30 | 31 | `kubectl config use-contextHello, Flask!
" 15 | 16 | if __name__ == "__main__": 17 | app.run(host='0.0.0.0') 18 | ``` 19 | 20 | requirements.txt 文件包含 app.py 所需的依赖,pip 将使用它来安装 Flask 包。 21 | 22 | #### Docker 镜像 23 | 24 | 应用的 Dockerfile 如下所示: 25 | 26 | ```dockerfile 27 | # 从官方仓库中获取最新版的 Python 基础镜像 28 | # syntax=docker/dockerfile:1 29 | FROM --platform=$TARGETPLATFORM python:alpine 30 | # 设置工作目录 31 | WORKDIR / 32 | # 复制项目文件 33 | ADD . / 34 | # 安装依赖 35 | RUN pip install -r requirements.txt 36 | # 设置监听端口 37 | EXPOSE 5000 38 | # 配置启动命令 39 | CMD ["python", "app.py"] 40 | ``` 41 | 42 | 构建并提交镜像: 43 | 44 | > jxlwqq 是我的 Docker Hub 账号,这里需要换成你自己的账号。 45 | 46 | ```shell 47 | docker build -f Dockerfile -t jxlwqq/hello-flask:latest . # 构建镜像 48 | docker push jxlwqq/hello-flask:latest # 提交镜像 49 | ``` 50 | 51 | #### 前提条件:部署 nginx ingress 52 | 53 | ```bash 54 | cd ../ingress-nginx # 切换到 ingress-nginx 目录 55 | kubectl apply -f deploy.yaml 56 | ``` 57 | 58 | #### 部署 hello flask 应用 59 | 60 | 执行以下命令: 61 | 62 | ```shell 63 | kubectl apply -f hello-flask-deployment-and-service.yaml 64 | kubectl apply -f ingress.yaml 65 | ``` 66 | 67 | `hello-flask-deployment-and-service.yaml` 文件解读: 68 | 69 | ```yaml 70 | apiVersion: apps/v1 71 | kind: Deployment 72 | metadata: 73 | name: hello-flask 74 | spec: 75 | selector: 76 | matchLabels: 77 | name: hello-flask # 选择匹配的 Pod 标签 78 | template: 79 | metadata: 80 | name: hello-flask 81 | labels: 82 | name: hello-flask # Pod 的标签 83 | spec: 84 | containers: 85 | - name: hello-flask 86 | image: jxlwqq/hello-flask:latest # 镜像名称:镜像版本 87 | ports: 88 | - containerPort: 5000 89 | --- 90 | apiVersion: v1 91 | kind: Service 92 | metadata: 93 | name: hello-flask-svc 94 | spec: 95 | selector: 96 | name: hello-flask # 选择匹配的 Pod 标签 97 | ports: 98 | - port: 80 99 | targetPort: 5000 100 | ``` 101 | 102 | `ingress.yaml` 文件解读: 103 | 104 | ```yaml 105 | apiVersion: networking.k8s.io/v1 106 | kind: Ingress 107 | metadata: 108 | name: hello-flask-ingress 109 | spec: 110 | rules: 111 | - http: 112 | paths: 113 | - path: / 114 | pathType: Prefix 115 | backend: 116 | service: 117 | name: hello-flask-svc # service 名称 118 | port: 119 | number: 80 # 端口号 120 | ingressClassName: nginx 121 | ``` 122 | 123 | 访问验证: 124 | 125 | ```shell 126 | curl 127.0.0.1 # 返回Hello, Flask!
127 | ``` 128 | 129 | #### 清理 130 | ```shell 131 | kubectl delete -k . 132 | ``` 133 | 134 | -------------------------------------------------------------------------------- /dapr/0.installing/README.md: -------------------------------------------------------------------------------- 1 | # 在集群中安装 Dapr 2 | 3 | Dapr 提供多种使用方式: 4 | 5 | * 独立模式(适用于本地开发) 6 | * Kubernetes 模式(适用于生产环境) 7 | * 特定语言的 SDK 8 | 9 | 我们直接以 Kubernetes 模式开始。 10 | 11 | 12 | ### 在 Kubernetes 集群上设置 Dapr 13 | 14 | 首先,下载并安装最新版本的 Docker Desktop,并启动内置的 Kubernetes 集群。 15 | 16 | 然后执行以下两个命令,完成 Dapr 的基础设置: 17 | 18 | ```shell 19 | # 安装 Dapr 客户端 20 | brew install dapr/tap/dapr-cli 21 | 22 | # 在 Kubernetes 集群中安装 Dapr 控制平面 23 | dapr init -k 24 | ``` 25 | 26 | 执行完成后,查看状态: 27 | 28 | ```shell 29 | dapr status -k 30 | ``` 31 | 32 | 返回: 33 | 34 | ```shell 35 | NAME NAMESPACE HEALTHY STATUS REPLICAS VERSION AGE CREATED 36 | dapr-operator dapr-system True Running 1 1.5.1 12m 2022-01-05 22:55.44 37 | dapr-placement-server dapr-system True Running 1 1.5.1 12m 2022-01-05 22:55.54 38 | dapr-sidecar-injector dapr-system True Running 1 1.5.1 12m 2022-01-05 22:55.44 39 | dapr-dashboard dapr-system True Running 1 0.9.0 12m 2022-01-05 22:55.44 40 | dapr-sentry dapr-system True Running 1 1.5.1 12m 2022-01-05 22:55.44 41 | ``` 42 | 43 | 44 | ### 创建和配置状态存储 45 | 46 | Dapr 支持多种不同的状态存储(如 Redis、CosmosDB、DynamoDB、Cassandra 等)来持久化和检索状态。本演示将使用 Redis。 47 | 48 | 首先,我们使用 helm 创建一个 高可用的 Redis 集群: 49 | 50 | ```shell 51 | # 如果本地没有 helm,则安装 52 | brew install helm 53 | # 创建 Redis 集群 54 | helm repo add bitnami https://charts.bitnami.com/bitnami 55 | helm repo update 56 | helm install redis bitnami/redis 57 | ``` 58 | 59 | 查看 Pod: 60 | 61 | ```shell 62 | kubectl get pods 63 | ``` 64 | 65 | 返回: 66 | ```shell 67 | NAME READY STATUS RESTARTS AGE 68 | redis-master-0 1/1 Running 0 83s 69 | redis-replicas-0 1/1 Running 0 83s 70 | redis-replicas-1 1/1 Running 0 46s 71 | redis-replicas-2 1/1 Running 0 24s 72 | ``` 73 | 74 | 75 | 应用 redis.yaml 文件并观察您的状态存储是否已成功配置: 76 | 77 | ```shell 78 | kubectl apply -f redis.yaml 79 | ``` 80 | 81 | redis.yaml 文件内容如下: 82 | 83 | ```yaml 84 | apiVersion: dapr.io/v1alpha1 85 | kind: Component 86 | metadata: 87 | name: statestore 88 | spec: 89 | type: state.redis 90 | version: v1 91 | metadata: 92 | # These settings will work out of the box if you use `helm install 93 | # bitnami/redis`. If you have your own setup, replace 94 | # `redis-master:6379` with your own Redis master address, and the 95 | # Redis password with your own Secret's name. For more information, 96 | # see https://docs.dapr.io/operations/components/component-secrets . 97 | - name: redisHost 98 | value: redis-master:6379 99 | - name: redisPassword 100 | secretKeyRef: 101 | name: redis 102 | key: redis-password 103 | auth: 104 | secretStore: kubernetes 105 | ``` 106 | 107 | -------------------------------------------------------------------------------- /cka-training/7.security.md: -------------------------------------------------------------------------------- 1 | # 安全 2 | 3 | ### 普通用户 4 | 5 | https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#normal-user 6 | 7 | 8 | 生成 PKI 私钥和 CSR: 9 | 10 | ```shell 11 | openssl genrsa -out john.key 2048 12 | openssl req -new -key john.key -out john.csr -subj "/CN=john/O=cka" # 设置 CSR 的 CN 和 O 属性很重要。CN 是用户名,O 是该用户归属的组 13 | ``` 14 | 15 | 获取 request,该字段是 CSR 文件内容的 base64 编码值: 16 | 17 | ```shell 18 | cat john.csr | base64 | tr -d "\n" 19 | ``` 20 | 21 | 将下面的命令的 request 对应的值替换为 `cat john.csr | base64 | tr -d "\n"` 的返回值: 22 | 23 | ```yaml 24 | cat <Hello, Express!
135 | ``` 136 | 137 | #### 清理 138 | ```shell 139 | kubectl delete -k . 140 | ``` 141 | 142 | -------------------------------------------------------------------------------- /knative/0.installing/serving-default-domain.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2019 The Knative Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # https://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | apiVersion: batch/v1 16 | kind: Job 17 | metadata: 18 | name: default-domain 19 | namespace: knative-serving 20 | labels: 21 | app: "default-domain" 22 | app.kubernetes.io/component: default-domain-job 23 | app.kubernetes.io/name: knative-serving 24 | app.kubernetes.io/version: "1.1.0" 25 | serving.knative.dev/release: "v1.1.0" 26 | spec: 27 | template: 28 | metadata: 29 | annotations: 30 | sidecar.istio.io/inject: "false" 31 | labels: 32 | app: "default-domain" 33 | app.kubernetes.io/component: default-domain-job 34 | app.kubernetes.io/name: knative-serving 35 | app.kubernetes.io/version: "1.1.0" 36 | spec: 37 | serviceAccountName: controller 38 | containers: 39 | - name: default-domain 40 | # This is the Go import path for the binary that is containerized 41 | # and substituted here. 42 | image: gcr.io/knative-releases/knative.dev/serving/cmd/default-domain@sha256:f04cd06536e321f8f564ac193919a68e4908d0a709090a94f60333125119e946 43 | args: ["-magic-dns=sslip.io"] 44 | ports: 45 | - name: http 46 | containerPort: 8080 47 | readinessProbe: 48 | httpGet: 49 | port: 8080 50 | livenessProbe: 51 | httpGet: 52 | port: 8080 53 | failureThreshold: 6 54 | resources: 55 | requests: 56 | cpu: 100m 57 | memory: 100Mi 58 | limits: 59 | cpu: 1000m 60 | memory: 1000Mi 61 | securityContext: 62 | allowPrivilegeEscalation: false 63 | readOnlyRootFilesystem: true 64 | runAsNonRoot: true 65 | env: 66 | - name: POD_NAME 67 | valueFrom: 68 | fieldRef: 69 | fieldPath: metadata.name 70 | - name: SYSTEM_NAMESPACE 71 | valueFrom: 72 | fieldRef: 73 | fieldPath: metadata.namespace 74 | restartPolicy: Never 75 | backoffLimit: 10 76 | --- 77 | apiVersion: v1 78 | kind: Service 79 | metadata: 80 | name: default-domain-service 81 | namespace: knative-serving 82 | labels: 83 | app: default-domain 84 | app.kubernetes.io/component: default-domain-job 85 | app.kubernetes.io/name: knative-serving 86 | app.kubernetes.io/version: "1.1.0" 87 | serving.knative.dev/release: "v1.1.0" 88 | spec: 89 | selector: 90 | app: default-domain 91 | ports: 92 | - name: http 93 | port: 80 94 | targetPort: 8080 95 | type: ClusterIP 96 | 97 | --- 98 | -------------------------------------------------------------------------------- /deploying-simple-echo-app-using-blue-green-deployment/README.md: -------------------------------------------------------------------------------- 1 | # 基于 Service 的 selector 实现蓝绿发布 2 | 3 | > [原文](https://cloud.tencent.com/document/product/457/48877) 为腾讯云容器服务(Tencent Kubernetes Engine,TKE)部署应用的教程。本文对此基础上进行了较大的变更,使其可以部署在本地集群中。 4 | 5 | 以 Deployment 为例,集群中已部署两个不同版本的 Deployment,其 Pod 拥有共同的 label。但有一个 label 值不同,用于区分不同的版本。Service 使用 selector 选中了其中一个版本的 Deployment 的 Pod,此时通过修改 Service 的 selector 中决定服务版本的 label 的值来改变 Service 后端对应的 Deployment,即可实现让服务从一个版本直接切换到另一个版本。 6 | 7 | #### 前提条件:部署 nginx ingress 8 | 9 | ```bash 10 | kubectl apply -f ../ingress-nginx/deploy.yaml 11 | ``` 12 | 13 | #### 部署 v1 版本的 echo Deployment 14 | 15 | 执行以下命令: 16 | 17 | ```shell 18 | kubectl apply -f echo-v1-deployment.yaml 19 | ``` 20 | 21 | `echo-v1-deployment.yaml`的解读: 22 | 23 | ```yaml 24 | apiVersion: apps/v1 25 | kind: Deployment 26 | metadata: 27 | name: echo-v1 28 | spec: 29 | replicas: 1 30 | selector: 31 | matchLabels: 32 | app: echo 33 | version: v1 34 | template: 35 | metadata: 36 | labels: 37 | app: echo # 标签1 38 | version: v1 # 标签2 39 | spec: 40 | containers: 41 | - name: echo 42 | image: jxlwqq/http-echo 43 | args: 44 | - "--text=echo-v1" # 响应请求,返回"echo-v1" 45 | ports: 46 | - name: http 47 | protocol: TCP 48 | containerPort: 8080 # 容器端口号 49 | ``` 50 | 51 | #### 部署 v2 版本的 echo Deployment 52 | 53 | 执行以下命令: 54 | 55 | ```shell 56 | kubectl apply -f echo-v2-deployment.yaml 57 | ``` 58 | 59 | `echo-v2-deployment.yaml`的解读: 60 | 61 | ```yaml 62 | apiVersion: apps/v1 63 | kind: Deployment 64 | metadata: 65 | name: echo-v2 66 | spec: 67 | replicas: 1 68 | selector: 69 | matchLabels: 70 | app: echo 71 | version: v2 72 | template: 73 | metadata: 74 | labels: 75 | app: echo # 标签1 76 | version: v2 # 标签2 77 | spec: 78 | containers: 79 | - name: echo 80 | image: jxlwqq/http-echo 81 | args: 82 | - "--text=echo-v2" # 响应请求,返回"echo-v2" 83 | ports: 84 | - name: http 85 | protocol: TCP 86 | containerPort: 8080 87 | ``` 88 | 89 | 90 | 91 | 92 | #### 创建 Service 93 | 94 | ```shell 95 | kubectl apply -f service.yaml 96 | ``` 97 | 98 | `service.yaml`的解读: 99 | 100 | ```yaml 101 | apiVersion: v1 102 | kind: Service 103 | metadata: 104 | name: echo-svc 105 | spec: 106 | selector: # 选择 v1 版本的 Pod 107 | app: echo 108 | version: v1 109 | ports: 110 | - port: 80 111 | targetPort: 8080 112 | ``` 113 | 114 | #### 创建 Ingress 115 | 116 | ```yaml 117 | apiVersion: networking.k8s.io/v1 118 | kind: Ingress 119 | metadata: 120 | name: echo-ing 121 | spec: 122 | rules: 123 | - http: 124 | paths: 125 | - path: / 126 | pathType: Prefix 127 | backend: 128 | service: 129 | name: echo-svc 130 | port: 131 | number: 8080 132 | ingressClassName: nginx 133 | ``` 134 | 135 | 访问验证: 136 | 137 | ```shell 138 | curl 127.0.0.1 # 返回 echo-v1 139 | ``` 140 | 141 | #### 修改 Service 的 selector,使其选中 v2 版本的服务 142 | 143 | ```shell 144 | kubectl patch service echo-svc -p '{"spec":{"selector":{"app": "echo", "version": "v2"}}}' 145 | ``` 146 | 147 | 访问验证: 148 | 149 | ```shell 150 | curl 127.0.0.1 # 返回 echo-v2 151 | ``` 152 | 153 | #### 清理 154 | 155 | ```shell 156 | kubectl delete -k . 157 | ``` -------------------------------------------------------------------------------- /deploying-simple-microservice-using-gin-and-grpc/cmd/api-server/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "context" 5 | "github.com/gin-gonic/gin" 6 | calculatorv1 "github.com/jxlwqq/route-guide/api/protobuf/calculator" 7 | "github.com/spf13/viper" 8 | "google.golang.org/grpc" 9 | "log" 10 | "net/http" 11 | "os" 12 | "os/signal" 13 | "strconv" 14 | "syscall" 15 | "time" 16 | ) 17 | 18 | const ( 19 | ADDRESS = "localhost" 20 | PORT = ":50051" 21 | ) 22 | 23 | var address string 24 | 25 | func main() { 26 | 27 | viper.AutomaticEnv() 28 | viper.SetDefault("CALCULATOR_SVC", ADDRESS) 29 | address = viper.GetString("CALCULATOR_SVC") 30 | r := gin.Default() 31 | r.GET("/add/:x/:y", Add) 32 | r.GET("/subtract/:x/:y", Subtract) 33 | r.GET("/multiply/:x/:y", Multiply) 34 | r.GET("/divide/:x/:y", Divide) 35 | r.GET("/healthz", Headlthz) 36 | 37 | server := &http.Server{ 38 | Addr: ":8080", 39 | Handler: r, 40 | } 41 | 42 | go func() { 43 | if err := server.ListenAndServe(); err != nil { 44 | log.Fatalf("server serve failed: %v", err) 45 | } 46 | }() 47 | 48 | quit := make(chan os.Signal, 1) 49 | signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM) 50 | <-quit 51 | log.Println("server is shutting down ...") 52 | 53 | ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) 54 | defer cancel() 55 | if err := server.Shutdown(ctx); err != nil { 56 | log.Fatalf("server forced to shutdown: %v", err) 57 | } 58 | log.Println("server is exiting") 59 | } 60 | 61 | func Headlthz(c *gin.Context) { 62 | c.Status(http.StatusOK) 63 | } 64 | 65 | func Multiply(c *gin.Context) { 66 | x, _ := strconv.ParseFloat(c.Param("x"), 32) 67 | y, _ := strconv.ParseFloat(c.Param("y"), 32) 68 | 69 | res, err := calculate(float32(x), "*", float32(y)) 70 | c.JSON(http.StatusOK, gin.H{ 71 | "res": res, 72 | "err": err, 73 | }) 74 | } 75 | 76 | func Divide(c *gin.Context) { 77 | x, _ := strconv.ParseFloat(c.Param("x"), 32) 78 | y, _ := strconv.ParseFloat(c.Param("y"), 32) 79 | 80 | res, err := calculate(float32(x), "/", float32(y)) 81 | c.JSON(http.StatusOK, gin.H{ 82 | "res": res, 83 | "err": err, 84 | }) 85 | } 86 | 87 | func Subtract(c *gin.Context) { 88 | x, _ := strconv.ParseFloat(c.Param("x"), 32) 89 | y, _ := strconv.ParseFloat(c.Param("y"), 32) 90 | 91 | res, err := calculate(float32(x), "-", float32(y)) 92 | c.JSON(http.StatusOK, gin.H{ 93 | "res": res, 94 | "err": err, 95 | }) 96 | } 97 | 98 | func Add(c *gin.Context) { 99 | x, _ := strconv.ParseFloat(c.Param("x"), 32) 100 | y, _ := strconv.ParseFloat(c.Param("y"), 32) 101 | 102 | res, err := calculate(float32(x), "+", float32(y)) 103 | c.JSON(http.StatusOK, gin.H{ 104 | "res": res, 105 | "err": err, 106 | }) 107 | } 108 | 109 | func calculate(x float32, operator string, y float32) (float32, string) { 110 | conn, err := grpc.Dial(address+PORT, grpc.WithInsecure(), grpc.WithBlock()) 111 | if err != nil { 112 | log.Fatalf("did not connect: %v", err) 113 | } 114 | defer conn.Close() 115 | c := calculatorv1.NewCalculatorClient(conn) 116 | 117 | ctx, cancel := context.WithTimeout(context.Background(), time.Second) 118 | defer cancel() 119 | req := &calculatorv1.Request{X: x, Y: y} 120 | 121 | switch operator { 122 | case "+": 123 | resp, _ := c.Add(ctx, req) 124 | return resp.Res, resp.Err 125 | case "-": 126 | resp, _ := c.Subtract(ctx, req) 127 | return resp.Res, resp.Err 128 | case "*": 129 | resp, _ := c.Multiply(ctx, req) 130 | return resp.Res, resp.Err 131 | case "/": 132 | resp, _ := c.Divide(ctx, req) 133 | return resp.Res, resp.Err 134 | } 135 | 136 | return 0, "" 137 | } 138 | -------------------------------------------------------------------------------- /learn-from-source-code/what-happens-in-kubernetes-when-create-a-deployment.md: -------------------------------------------------------------------------------- 1 | # 当你创建了一个 Deployment 时,Kubernetes 内部发生了什么? 2 | 3 | 4 | 我们通常使用 kubectl 来管理我们的 Kubernetes 集群。 当我们需要一个 Nginx 服务时,可以使用以下命令来创建: 5 | 6 | ```shell 7 | kubectl create deployment nginx --image nginx 8 | ``` 9 | 10 | 返回: 11 | 12 | ```shell 13 | deployment.apps/nginx created 14 | ``` 15 | 16 | 稍等片刻,一个包含 Nginx 容器的 Pod 就会启动成功。那么在我们执行在上述命令后,Kubernetes 内部发生了什么呢? 17 | 18 | ### 核心组件 19 | 20 |  21 | 22 | 在介绍内部发生了什么之前,我们首先需要了解一下以下 4 个核心组件在 Kubernetes 集群中的角色和作用: 23 | 24 | * **kube-apiserver**: Kubernetes API 服务器验证并配置 API 对象的数据, 这些对象包括 pods、services 等。 API 服务器为 REST 操作提供服务,并为集群的共享状态提供前端, 所有其他组件都通过该前端进行交互。 25 | 26 | * **kube-controller-manager**: 运行控制器进程的控制平面组件。 从逻辑上讲,每个控制器都是一个单独的进程, 但是为了降低复杂性,它们都被编译到同一个可执行文件,并在一个进程中运行,所以它会被称作为 `manager`。它包含 DeploymentController、ReplicaSetController、JobController 等一系列控制器。 27 | 28 | * **kube-scheduler**: 控制平面组件,负责监视新创建的、未指定运行节点(node)的 Pods,选择节点让 Pod 在上面运行。 调度决策考虑的因素包括单个 Pod 和 Pod 集合的资源需求、硬件/软件/策略约束、亲和性和反亲和性规范、数据位置、工作负载间的干扰和最后时限。 29 | 30 | * **kubelet**: 一个在集群中每个节点(node)上运行的代理。 它保证容器(containers)都运行在 Pod 中。 kubelet 接收一组通过各类机制提供给它的 PodSpecs,确保这些 PodSpecs 中描述的容器处于运行状态且健康。 31 | 32 | ### 简化的核心过程 33 | 34 |  35 | 36 | 在了解上述核心组件的角色后,我们来看一下 Kubernetes 内部到底发生了哪些事情: 37 | 38 | 1. 用户通过 kubectl 向 kube-apiserver 发起一个创建 Deployment 对象的请求。 39 | 40 | 2. kube-apiserver 在对上述请求进行认证(Authentication)、鉴权(Authorization)、准入控制(Admission control)等一系列操作后,会创建一个 Deployment 对象。 41 | 42 | 3. 上述的 Deployment 创建事件,会被 DeploymentController 通过其内部的 DeploymentInformer 监听到,然后根据 DeploymentController 内部设定的逻辑,它将会创建一个 ReplicaSet 对象。[源码 syncDeployment](https://github.com/kubernetes/kubernetes/blob/2c0e4a232a3c10a9083012ec28a3622bd4e4be90/pkg/controller/deployment/deployment_controller.go#L566) 43 | 44 | 4. 上述的 ReplicaSet 创建事件,会被 ReplicaSetController 通过其内部的 ReplicaSetInformer 监听到,然后根据 ReplicaSetController 内部设定的逻辑,它将创建一个 Pod 对象,而此时 Pod 的 Spec.nodeName 字段的值为空;[源码 syncReplicaSet](https://github.com/kubernetes/kubernetes/blob/59e5b849c9439375575f6ced54fb9e2364b58797/pkg/controller/replicaset/replica_set.go#L650) 45 | 46 | 5. 上述的 Pod 创建事件,会被 Scheduler 通过其内部的 PodInformer 监听到,Scheduler 会根据其内部的调度算法,选择一个合适的 Node 节点,例如 node-A,并更新 Pod 的 Spec.nodeName 字段。[源码 Schedule](https://github.com/kubernetes/kubernetes/blob/2c0e4a232a3c10a9083012ec28a3622bd4e4be90/pkg/scheduler/generic_scheduler.go#L93) 47 | 48 | 6. 上述的 Pod 更新事件,会被 node-A 节点上 kubelet 感知到,它会发现自己的 nodeName 和 Pod 的 Spec.nodeName 相匹配,接着 kubelet 将按照一定的步骤顺序启动 Pod 中的容器,并将容器已启动的信息写入 Pod 的 Status 中。[源码 syncPod](https://github.com/kubernetes/kubernetes/blob/fb70ca9b7b24ce90b19b0d565ae43e6af20458ad/pkg/kubelet/kubelet.go#L1530) 49 | 50 | 如上所述,DeploymentController、ReplicaSetController 等许多独立的控制循环都是通过监听 kube-apiserver 上对象的变化进行通信,而这些变化会通过各种 Informer 触发事件,执行其对应的业务逻辑。之所以这么设计,是为了减少对 apiserver 的压力。 51 | 52 | ### kubelet 创建 Pod 的过程 53 | 54 | Pod 的创建的过程大体上可以分为 4 个步骤(实际上为 7 步,这里省略了前置的 3 个步骤。[源码 SyncPod](https://github.com/kubernetes/kubernetes/blob/0b4a793da2a2912393687367e0af2436612a9b8e/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L726)): 55 | 56 | 1. 为 Pod 创建沙盒,即基础设施容器 Infrastructure Container(镜像名称为 k8s.gcr.io/pause),它的主要作用是创建并共享进程命名空间。 57 | 58 | 2. 创建 Pod 规格中指定的临时容器 Ephemeral Containers(Alpha 功能,默认不开启),临时容器是一种特殊的容器,该容器在现有 Pod 中临时运行,以便完成用户发起的操作,例如故障排查。 你可以使用临时容器来检查服务,而不是用它来构建应用程序。 59 | 60 | 3. 创建 Pod 规格中指定的初始化容器 Init Containers,初始化容器是一种特殊容器,在 Pod 内的应用容器启动之前运行。Init 容器可以包括一些应用镜像中不存在的实用工具和安装脚本。 61 | 62 | 4. 依次创建 Pod 规格中指定的常规容器 Containers。 63 | 64 | ### 参考 65 | 66 | * 张磊《深入剖析 Kubernetes》 67 | * Michael Hausenblas, Stefan Schimanski《Kubernetes 编程》 68 | * [Kubernetes 组件](https://kubernetes.io/zh/docs/concepts/overview/components/) 69 | * [详解 Kubernetes Deployment 的实现原理](https://draveness.me/kubernetes-deployment/) 70 | * [详解 Kubernetes ReplicaSet 的实现原理](https://draveness.me/kubernetes-replicaset/) 71 | * [详解 Kubernetes Pod 的实现原理](https://draveness.me/kubernetes-pod/) 72 | * [Kubernetes CRI 分析 - kubelet 创建 Pod 分析](https://mp.weixin.qq.com/s/AG6H_mPuTu6-_ISQWu3YHw) 73 | -------------------------------------------------------------------------------- /istio/case-advanced-traffic-routing/README.md: -------------------------------------------------------------------------------- 1 | # 高级流量路由 2 | 3 | 本示例为一个简单的 Customer List 微服务应用,由 [Tetrate](https://academy.tetrate.io/) 创建。访问 Web 页面,将展示顾客信息。 4 | 5 | 6 | 我们将部署 Web 前端、Customers v1、Customers v2,以及相应的 Gateway、 VirtualServices 和 DestinationRule。其中 Customers v1 仅返回顾客姓名,而 Customers v2 返回顾客的姓名和所在城市。 7 | 8 | 9 | ### 部署网关 10 | 11 | ```shell 12 | kubectl apply -f istio-gateway.yaml 13 | ``` 14 | 15 | 信息如下: 16 | 17 | ```yaml 18 | apiVersion: networking.istio.io/v1alpha3 19 | kind: Gateway 20 | metadata: 21 | name: sample-gateway 22 | spec: 23 | selector: 24 | istio: ingressgateway 25 | servers: 26 | - port: 27 | number: 80 28 | name: http 29 | protocol: HTTP 30 | hosts: 31 | - 'web.example.com' 32 | - 'svc.example.com' 33 | ``` 34 | 35 | 通过 `curl -H "Host: web.example.com" 127.0.0.1`,我们可以访问 Web 前端服务。 36 | 37 | 通过 `curl -H "Host: svc.example.com" 127.0.0.1`,我们可以访问 Customers 后端服务。 38 | 39 | 40 | ### 部署 Customers 后端服务 41 | 42 | Customers 后端服务同时对服务网格内部和外部暴露服务。 43 | 44 | 部署 Deployment 和 Service: 45 | 46 | ```shell 47 | kubectl apply -f customers-deployment-v1.yaml 48 | kubectl apply -f customers-deployment-v2.yaml 49 | kubectl apply -f customers-service.yaml 50 | ``` 51 | 52 | 部署 VirtualService 和 DestinationRule: 53 | 54 | ```shell 55 | kubectl apply -f customers-virtual-service.yaml 56 | kubectl apply -f customers-destination-rule.yaml 57 | ``` 58 | 59 | 信息如下: 60 | 61 | ```yaml 62 | apiVersion: networking.istio.io/v1alpha3 63 | kind: VirtualService 64 | metadata: 65 | name: customers 66 | spec: 67 | hosts: 68 | - 'svc.example.com' # 集群外访问 69 | - 'customers.default.svc.cluster.local' # 集群内访问 70 | gateways: 71 | - sample-gateway # 集群外访问 72 | - mesh # 集群内访问 73 | http: 74 | - match: # 匹配到集群内网关的访问,**并且**HEAD信息的用户是 debug 75 | - gateways: 76 | - mesh 77 | headers: 78 | user: 79 | exact: debug 80 | route: 81 | - destination: 82 | host: customers.default.svc.cluster.local 83 | port: 84 | number: 80 85 | subset: v2 86 | - match: # 匹配到集群内网关的访问 87 | - gateways: 88 | - mesh 89 | route: 90 | - destination: 91 | host: customers.default.svc.cluster.local 92 | port: 93 | number: 80 94 | subset: v1 95 | - match: # 匹配是集群外的访问(即边缘网关) 96 | - gateways: 97 | - sample-gateway 98 | route: 99 | - destination: 100 | host: customers.default.svc.cluster.local 101 | port: 102 | number: 80 103 | subset: v2 104 | --- 105 | apiVersion: networking.istio.io/v1alpha3 106 | kind: DestinationRule 107 | metadata: 108 | name: customers 109 | spec: 110 | host: customers.default.svc.cluster.local 111 | subsets: 112 | - name: v1 113 | labels: 114 | version: v1 115 | - name: v2 116 | labels: 117 | version: v2 118 | ``` 119 | 120 | ### 部署 Web 前端服务 121 | 122 | Web 前端服务只对集群外部暴露服务。 123 | 124 | 部署 Deployment 和 Service: 125 | 126 | ```shell 127 | kubectl apply -f webfrontend-deployment.yaml 128 | kubectl apply -f webfrontend-service.yaml 129 | ``` 130 | 131 | 132 | 部署 VirtualService: 133 | 134 | ```shell 135 | kubectl apply -f webfrontend-virtual-service.yaml 136 | ``` 137 | 138 | 信息如下: 139 | 140 | ```yaml 141 | apiVersion: networking.istio.io/v1alpha3 142 | kind: VirtualService 143 | metadata: 144 | name: web-frontend 145 | spec: 146 | hosts: 147 | - 'web.example.com' # 集群外访问 148 | gateways: 149 | - sample-gateway # 集群外访问 150 | http: 151 | - route: 152 | - destination: 153 | host: web-frontend.default.svc.cluster.local 154 | port: 155 | number: 80 156 | ``` 157 | 158 | ### 访问 159 | 160 | ```shell 161 | curl -H "Host: web.example.com" -H "User: debug" 127.0.0.1 # 访问 web 页面,展示城市和用户信息 162 | curl -H "Host: web.example.com" -H "User: abc" 127.0.0.1 # 访问 web 页面,仅展示用户信息 163 | curl -H "Host: svc.example.com" 127.0.0.1 # 直接访问后端服务,返回 JSON 数据,包含城市和用户信息 164 | ``` 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | -------------------------------------------------------------------------------- /cka-training/5.networking.md: -------------------------------------------------------------------------------- 1 | # 网络 2 | 3 | ## 网络插件 4 | 5 | 使用支持 NetworkPolicy 的网络解决方案。这里我们选择 Calico。在安装集群这一章节已安装。不再赘述。 6 | 7 | ## 网络策略 NetworkPolicy 8 | 9 | ### MySQL 客户端连接 MySQL 服务 10 | 11 | MySQL 服务端: 12 | 13 | ```yaml 14 | cat <