├── cka-roadmap
    ├── replica-sets
    │   ├── README.md
    │   ├── replicationcontroller-definition.yaml
    │   └── replicaset-definition.yaml
    ├── namespaces
    │   └── namespace.definition.yaml
    ├── persisted-volumes
    │   ├── storage-classes
    │   │   ├── sc.yml
    │   │   └── pv-definition.yml
    │   ├── new_pv_claim.yml
    │   ├── new_pv.yml
    │   ├── new_pvc_2.yml
    │   └── pvc-yml
    ├── resources
    │   ├── cpu-defaults-pod.yaml
    │   ├── cpu-defaults.yaml
    │   ├── pod-busybox.yaml
    │   └── my-new-pod.yaml
    ├── services
    │   ├── service-loadbalancer-definition.yaml
    │   ├── service-clusterip-definition.yaml
    │   └── service-nodeport-definition.yaml
    ├── roles
    │   ├── role-with-resources.yml
    │   ├── devuser-developer-binding.yml
    │   ├── roles-n-binding.yml
    │   ├── cluster-role.yml
    │   ├── add-cluster-role.yml
    │   └── role.yml
    ├── pods
    │   ├── pod-definition.yaml
    │   ├── pod-nginx.yaml
    │   ├── README.md
    │   ├── deployment-redis.yaml
    │   └── sidecar-pod.yaml
    ├── taints
    │   └── bee-pod.yaml
    ├── security
    │   ├── capabilites.yml
    │   ├── security-context.yml
    │   ├── registry-private.yml
    │   └── network-policy.yml
    ├── ingress
    │   ├── ingress_another_example.yml
    │   └── ingress_example.yml
    ├── init-containers
    │   └── init-containers.yaml
    ├── network-policy
    │   └── network.yaml
    └── deployments
    │   ├── deployments-definition.yaml
    │   └── nginx-deployment.yaml
├── .gitignore
├── .editorconfig
├── LICENSE
├── Vagrantfile
├── README.md
├── .install.sh
└── ansible_k8s
    ├── worker-playbook.yml
    └── master-playbook.yml


/cka-roadmap/replica-sets/README.md:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | join-command
2 | .vscode
3 | .vagrant
4 | 


--------------------------------------------------------------------------------
/cka-roadmap/namespaces/namespace.definition.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: namespace
3 | metadata:
4 |   name: dev
5 | 


--------------------------------------------------------------------------------
/cka-roadmap/persisted-volumes/storage-classes/sc.yml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 |   name: google-storage
5 | 
6 | provisioner: kubernetes.io/gcs-pd
7 | 


--------------------------------------------------------------------------------
/cka-roadmap/resources/cpu-defaults-pod.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Pod
3 | metadata: 
4 |   name: default-cpu-demo
5 | spec:
6 |   containers:
7 |   - name: default-cpu-demo-ctr
8 |     image: nginx
9 | 


--------------------------------------------------------------------------------
/cka-roadmap/persisted-volumes/new_pv_claim.yml:
--------------------------------------------------------------------------------
 1 | kind: PersistentVolumeClaim
 2 | apiVersion: v1
 3 | metadata:
 4 |   name: claim-log-1
 5 | spec:
 6 |   accessModes:
 7 |     - ReadWriteOnce
 8 |   resources:
 9 |     requests:
10 |       storage: 50Mi
11 | 


--------------------------------------------------------------------------------
/cka-roadmap/resources/cpu-defaults.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: LimitRange
 3 | metadata: 
 4 |   name: cpu-limit-range
 5 | spec: 
 6 |   limits:
 7 |   - default:
 8 |       cpu: 1
 9 |     defaultRequest:
10 |       cpu: 0.5
11 |     type: Container
12 | 


--------------------------------------------------------------------------------
/cka-roadmap/services/service-loadbalancer-definition.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: myapp-service
 5 | 
 6 | spec:
 7 |   type: LoadBalancer
 8 |   ports:
 9 |   - targetPort: 80
10 |     port: 80
11 |     nodePort: 30008
12 |   
13 | 


--------------------------------------------------------------------------------
/cka-roadmap/roles/role-with-resources.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: Role
 3 | metadata:
 4 |   name: developer
 5 | rules:
 6 | - apiGroups: [""]
 7 |   resources: ["pods"]
 8 |   verbs: ["get", "create", "update"]
 9 |   resourceNames: ["test-pod", "test-pod-2"]
10 | 


--------------------------------------------------------------------------------
/cka-roadmap/services/service-clusterip-definition.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: back-end
 5 | 
 6 | spec:
 7 |   type: ClusterIP
 8 |   ports: 
 9 |   - targetPort: 80
10 |     port: 80
11 |   
12 |   selector:
13 |     app: myapp
14 |     type: back-end
15 | 


--------------------------------------------------------------------------------
/cka-roadmap/persisted-volumes/new_pv.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolume
 3 | metadata:
 4 |   name: pv-log
 5 | spec:
 6 |   persistentVolumeReclaimPolicy: Retain
 7 |   accessModes:
 8 |     - ReadWriteMany
 9 |   capacity:
10 |     storage: 100Mi
11 |   hostPath:
12 |     path: /pv/log
13 | 


--------------------------------------------------------------------------------
/cka-roadmap/persisted-volumes/storage-classes/pv-definition.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolume
 3 | metadata:
 4 |   name: pv-vol1
 5 | spec:
 6 |   accessModes:
 7 |     - ReadWriteOnce
 8 |   capacity:
 9 |     storage: 500Mi
10 |   gcePersistentDisk:
11 |     pdName: pd-disk
12 |     fsType: ext4
13 | 


--------------------------------------------------------------------------------
/cka-roadmap/pods/pod-definition.yaml:
--------------------------------------------------------------------------------
 1 | apiVesion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: nginx-pod
 5 |   labels:
 6 |     app: nginx-pod
 7 |     type: back-end
 8 | spec:
 9 |   containers:
10 |   - name: nginx-container
11 |     image: nginx
12 |     ports:
13 |     - containerPort: 8080
14 |       protocol: TCP
15 | 


--------------------------------------------------------------------------------
/cka-roadmap/services/service-nodeport-definition.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: nginx-ingress-controller
 5 | 
 6 | spec:
 7 |   type: NodePort
 8 |   ports:
 9 |     - port: 80
10 |       targetPort: 80
11 |       NodePort: 30080
12 |   selector:
13 |       app: nginx-pod
14 |       type: back-end
15 | 


--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
 1 | root = true
 2 | 
 3 | [*]
 4 | end_of_line = lf
 5 | insert_final_newline = true
 6 | 
 7 | [*.yaml]
 8 | indent_style = space
 9 | indent_size = 2
10 | insert_final_newline = true
11 | 
12 | [*.yml]
13 | indent_style = space
14 | indent_size = 2
15 | insert_final_newline = true
16 | 
17 | [Makefile]
18 | indent_style = tab
19 | 


--------------------------------------------------------------------------------
/cka-roadmap/pods/pod-nginx.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   creationTimestamp: null
 5 |   labels:
 6 |     run: nginx
 7 |   name: nginx
 8 | spec:
 9 |   containers:
10 |   - image: nginx:1.18
11 |     name: nginx
12 |     resources: {}
13 |   dnsPolicy: ClusterFirst
14 |   restartPolicy: Always
15 | status: {}
16 | 


--------------------------------------------------------------------------------
/cka-roadmap/taints/bee-pod.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   creationTimestamp: null
 5 |   labels:
 6 |     run: bee
 7 |   name: bee
 8 | spec:
 9 |   containers:
10 |   - image: nginx
11 |     name: bee
12 |   tolerations:
13 |   - key: "spray"
14 |     value: "mortein"
15 |     effect: "NoSchedule"
16 |     operator: "Equal"
17 | 


--------------------------------------------------------------------------------
/cka-roadmap/roles/devuser-developer-binding.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: RoleBinding
 3 | metadata:
 4 |   name: devuser-developer-binding
 5 | subjects:
 6 | - kind: User
 7 |   name: devuser
 8 |   apiGroup: rbac.authorization.k8s.io
 9 | roleRef:
10 |   kind: Role
11 |   name: developer
12 |   apiGroup: rbac.authorization.k8s.io
13 | 


--------------------------------------------------------------------------------
/cka-roadmap/security/capabilites.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: Pod
 4 | metadata:
 5 |   name: ubuntu-sleeper
 6 |   namespace: default
 7 | spec:
 8 |   containers:
 9 |   - command:
10 |     - sleep
11 |     - "4800"
12 |     image: ubuntu
13 |     name: ubuntu-sleeper
14 |     securityContext: 
15 |       capabilities:
16 |         add: ["SYS_TIME"]
17 | 


--------------------------------------------------------------------------------
/cka-roadmap/ingress/ingress_another_example.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: ping
 5 |   namespace: ing-internal
 6 | spec:
 7 |   rules:
 8 |   - http:
 9 |       paths:
10 |       - path: /hello
11 |         pathType: Prefix
12 |         backend:
13 |           service:
14 |             name: hello
15 |             port:
16 |               number: 5678
17 | 


--------------------------------------------------------------------------------
/cka-roadmap/pods/README.md:
--------------------------------------------------------------------------------
1 | # PODs
2 | 
3 | ### O que é um POD?
4 | 
5 | A origem do nome POD significa na língua inglesa o coletivo de Baleias, Em contrapartida, o símbolo do primeiro runtime a rodar no K8s, foi o docker cujo logo é um desenho de uma baleia, deve ter alguma relação para a escolha do nome, POD pode ser considerado a menor unidade em um cluster Kubernetes, é nele que os contêineres podem ser criados.
6 | 


--------------------------------------------------------------------------------
/cka-roadmap/security/security-context.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: multi-pod
 5 | spec:
 6 |   securityContext:
 7 |     runAsUser: 1001
 8 |   containers:
 9 |   -  image: ubuntu
10 |      name: web
11 |      command: ["sleep", "5000"]
12 |      securityContext:
13 |       runAsUser: 1002
14 | 
15 |   -  image: ubuntu
16 |      name: sidecar
17 |      command: ["sleep", "5000"]
18 | 


--------------------------------------------------------------------------------
/cka-roadmap/resources/pod-busybox.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   creationTimestamp: null
 5 |   labels:
 6 |     run: static-busybox
 7 |   name: static-busybox
 8 | spec:
 9 |   containers:
10 |   - command:
11 |     - sleep
12 |     - "1000"
13 |     image: busybox
14 |     name: static-busybox
15 |     resources: {}
16 |   dnsPolicy: ClusterFirst
17 |   restartPolicy: Always
18 | status: {}
19 | 


--------------------------------------------------------------------------------
/cka-roadmap/replica-sets/replicationcontroller-definition.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ReplicationController
 3 | metadata:
 4 |   name: app-rc
 5 |   labels:
 6 |     app: app-rc
 7 | spec:
 8 |   template:
 9 |     metadata:
10 |       name: meu-app-rc
11 |       labels:
12 |         app: app
13 |         type: front-end
14 |       spec:
15 |         containers:
16 |         - name: nginx-container
17 |           image: nginx
18 | 


--------------------------------------------------------------------------------
/cka-roadmap/init-containers/init-containers.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: myapp-pod
 5 |   labels:
 6 |     app: myapp
 7 | spec:
 8 |   containers:
 9 |   - name: myapp-container
10 |     image: busybox:1.28
11 |     command: ['sh', '-c', 'echo The app is running! && sleep 3600']
12 |   initContainers:
13 |   - name: init-myservice
14 |     image: busybox
15 |     command: ['sh', '-c', 'git clone <some-repository-that-wil
16 | 


--------------------------------------------------------------------------------
/cka-roadmap/persisted-volumes/new_pvc_2.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: webapp
 5 | spec:
 6 |   containers:
 7 |   - image: kodekloud/event-simulator
 8 |     name: event-simulator
 9 |     env:
10 |     - name: LOG_HANDLERS
11 |       value: file
12 |     volumeMounts:
13 |     - mountPath: /log
14 |       name: log-volume
15 | 
16 |   volumes:
17 |   - name: log-volume
18 |     persistentVolumeClaim:
19 |       claimName: claim-log-1
20 | 


--------------------------------------------------------------------------------
/cka-roadmap/persisted-volumes/pvc-yml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: webapp
 5 | spec:
 6 |   containers:
 7 |   - image: kodekloud/event-simulator
 8 |     name: event-simulator
 9 |     env:
10 |     - name: LOG_HANDLERS
11 |       value: file
12 |     volumeMounts:
13 |     - mountPath: /log
14 |       name: log-volume
15 | 
16 |   volumes:
17 |   - name: log-volume
18 |     hostPath:
19 |       path: /var/log/webapp
20 |       type: Directory
21 | 


--------------------------------------------------------------------------------
/cka-roadmap/network-policy/network.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: NetworkPolicy
 3 | metadata:
 4 |   name: allow-port-from-namespace
 5 |   namespace: internal
 6 | spec:
 7 |   podSelector:
 8 |     matchLabels:
 9 |       app: ingress-nginx
10 |   policyTypes:
11 |   - Ingress
12 |   ingress:
13 |   - from:
14 |     - namespaceSelector:
15 |         matchLabels:
16 |           app: ingress-nginx
17 |     ports:
18 |     - protocol: TCP
19 |       port: 8080
20 | 
21 | 


--------------------------------------------------------------------------------
/cka-roadmap/deployments/deployments-definition.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: nginx-deployment
 5 |   labels:
 6 |     app: nginx
 7 | spec:
 8 |   replicas: 3
 9 |   selector:
10 |     matchLabels:
11 |       app: nginx
12 |   template:
13 |     metadata:
14 |       labels:
15 |         app: nginx
16 |     spec:
17 |       containers:
18 |       - name: nginx
19 |         image: nginx:latest
20 |         ports:
21 |         - containerPort: 8082
22 | 


--------------------------------------------------------------------------------
/cka-roadmap/pods/deployment-redis.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   creationTimestamp: null
 5 |   labels:
 6 |     app: redis
 7 |   name: redis
 8 | spec:
 9 |   replicas: 1
10 |   selector:
11 |     matchLabels:
12 |       app: redis
13 |   strategy: {}
14 |   template:
15 |     metadata:
16 |       creationTimestamp: null
17 |       labels:
18 |         app: redis
19 |     spec:
20 |       containers:
21 |       - image: redis
22 |         name: redis
23 |         resources: {}
24 | status: {}
25 | 


--------------------------------------------------------------------------------
/cka-roadmap/replica-sets/replicaset-definition.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: ReplicaSet
 3 | metadata:
 4 |   name: app-replicaset
 5 |   labels:
 6 |     app: meuapp
 7 |     type: front-end
 8 | spec:
 9 |   template:
10 |     metadata: 
11 |       name: meuapp-pod
12 |       labels:
13 |         app: meuapp
14 |         type: front-end
15 |     spec:
16 |       containers:
17 |       - name: nginx-container
18 |         image: nginx
19 | 
20 |   replicas: 6
21 |   selector:
22 |     matchLabels:
23 |       type: front-end
24 | 


--------------------------------------------------------------------------------
/cka-roadmap/deployments/nginx-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   creationTimestamp: null
 5 |   labels:
 6 |     app: nginx
 7 |   name: nginx
 8 | spec:
 9 |   replicas: 4
10 |   selector:
11 |     matchLabels:
12 |       app: nginx
13 |   strategy: {}
14 |   template:
15 |     metadata:
16 |       creationTimestamp: null
17 |       labels:
18 |         app: nginx
19 |     spec:
20 |       containers:
21 |       - image: nginx
22 |         name: nginx
23 |         resources: {}
24 | status: {}
25 | 


--------------------------------------------------------------------------------
/cka-roadmap/ingress/ingress_example.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: networking.k8s.io/v1
 3 | kind: Ingress
 4 | metadata:
 5 |   name: test-ingress
 6 |   namespace: critical-space
 7 |   annotations: 
 8 |     nginx.ingress.kubernetes.io/rewrite-target: /
 9 |     nginx.ingress.kubernetes.io/ssl-redirect: "false"
10 | spec:
11 |   rules:
12 |   - http:
13 |       paths:
14 |       - path: /pay
15 |         pathType: Prefix
16 |         backend:
17 |           service:
18 |             name: pay-service
19 |             port:
20 |               number: 8282
21 | 


--------------------------------------------------------------------------------
/cka-roadmap/roles/roles-n-binding.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: rbac.authorization.k8s.io/v1
 3 | kind: Role
 4 | metadata:
 5 |   name: deploy-role
 6 |   namespace: blue
 7 | rules:
 8 | - apiGroups: ["apps", "extensions"]
 9 |   resources: ["deployments"]
10 |   verbs: ["create"]
11 | 
12 | ---
13 | apiVersion: rbac.authorization.k8s.io/v1
14 | kind: RoleBinding
15 | metadata:
16 |   name: dev-user-deploy-binding
17 |   namespace: blue
18 | subjects:
19 | - kind: User
20 |   name: dev-user
21 |   apiGroup: rbac.authorization.k8s.io
22 | roleRef:
23 |   kind: Role
24 |   name: deploy-role
25 |   apiGroup: rbac.authorization.k8s.io
26 | 


--------------------------------------------------------------------------------
/cka-roadmap/roles/cluster-role.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | kind: ClusterRole
 3 | apiVersion: rbac.authorization.k8s.io/v1
 4 | metadata:
 5 |   name: node-admin
 6 | rules:
 7 | - apiGroups:
 8 |   - ""
 9 |   resources:
10 |   - nodes
11 |   verbs:
12 |   - get
13 |   - list
14 |   - watch
15 |   - update
16 |   - patch
17 | 
18 | ---
19 | kind: ClusterRoleBinding
20 | apiVersion: rbac.authorization.k8s.io/v1
21 | metadata:
22 |   name: michelle-binding
23 | subjects:
24 | - kind: User
25 |   name: michelle
26 |   apiGroup: rbac.authorization.k8s.io
27 | roleRef:
28 |   kind: ClusterRole
29 |   name: node-admin
30 |   apiGroup: rbac.authorization.k8s.io
31 | 


--------------------------------------------------------------------------------
/cka-roadmap/pods/sidecar-pod.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Pod
 3 | metadata:
 4 |   name: sidecar-container-demo
 5 | spec:
 6 |   containers:
 7 |   - name: sidecar-container
 8 |     image: busybox
 9 |     command: ["/bin/sh"]
10 |     args: ["-c", "while true; do echo echo $(date -u) 'Hi I am from Sidecar container' >> /var/log/index.html; sleep 5;done"]
11 |     volumeMounts:
12 |     - name: var-logs
13 |       mountPath: /var/log
14 |   - name: main-container
15 |     image: nginx
16 |     ports:
17 |       - containerPort: 80
18 |     volumeMounts:
19 |     - name: var-logs
20 |       mountPath: /usr/share/nginx/html
21 |   volumes:
22 |   - name: var-logs
23 |     emptyDir: {}
24 | 


--------------------------------------------------------------------------------
/cka-roadmap/security/registry-private.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: web
 5 |   labels:
 6 |     app: web
 7 | spec:
 8 |   progressDeadlineSeconds: 600
 9 |   replicas: 2
10 |   revisionHistoryLimit: 10
11 |   selector:
12 |     matchLabels:
13 |       app: web
14 |   strategy:
15 |     rollingUpdate:
16 |       maxSurge: 25%
17 |       maxUnavailable: 25%
18 |     type: RollingUpdate
19 |   template:
20 |     metadata:
21 |       labels:
22 |         app: web
23 |     spec:
24 |       containers:
25 |       - image: myprivateregistry.com:5000/nginx:alpine
26 |         name: nginx
27 |       imagePullSecrets:
28 |       - name: private-reg-cred
29 | 


--------------------------------------------------------------------------------
/cka-roadmap/roles/add-cluster-role.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | kind: ClusterRole
 3 | apiVersion: rbac.authorization.k8s.io/v1
 4 | metadata:
 5 |   name: storage-admin
 6 | rules:
 7 | - apiGroups:
 8 |   - ""
 9 |   resources:
10 |   - persistentvolumes
11 |   - persistentvolumeclaims
12 |   - storageclasses
13 |   verbs:
14 |   - get
15 |   - list
16 |   - watch
17 |   - create
18 |   - delete
19 | 
20 | ---
21 | kind: ClusterRoleBinding
22 | apiVersion: rbac.authorization.k8s.io/v1
23 | metadata:
24 |   name: michelle-storage-admin
25 | subjects:
26 | - kind: User
27 |   name: michelle
28 |   namespace: default
29 |   apiGroup: rba.authorization.k8s.io
30 | roleRef:
31 |   kind: ClusterRole
32 |   name: storage-admin
33 |   apiGroup: rbac.authorization.k8s.io
34 | 


--------------------------------------------------------------------------------
/cka-roadmap/security/network-policy.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: networking.k8s.io/v1
 2 | kind: NetworkPolicy
 3 | metadata:
 4 |   name: internal-policy
 5 |   namespace: default
 6 | spec:
 7 |   podSelector:
 8 |     matchLabels:
 9 |       name: internal
10 |   policyTypes:
11 |   - Egress
12 |   - Ingress
13 |   ingress:
14 |     - {}
15 |   egress:
16 |   - to:     
17 |     - podSelector:
18 |         matchLabels:
19 |           name: mysql
20 |     ports:
21 |     - protocol: TCP
22 |       port: 3306
23 | 
24 |   - to:
25 |     - podSelector:
26 |         matchLabels:
27 |           name: payroll
28 |     ports:
29 |     - protocol: TCP 
30 |       port: 8080
31 |       
32 |   - ports:
33 |     - port: 53
34 |       protocol: UDP
35 |     - port: 53
36 |       protocol: TCP
37 | 


--------------------------------------------------------------------------------
/cka-roadmap/roles/role.yml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1
 2 | kind: Role
 3 | metadata:
 4 |   name: developer
 5 | rules:
 6 |   - apiGroups:
 7 |       - ""
 8 |     resources:
 9 |       - pods
10 |       - services
11 |       - endpoints
12 |       - persistentvolumeclaims
13 |       - events
14 |       - configmaps
15 |       - secrets
16 |     verbs:
17 |       - "create"
18 | 
19 | # apiVersion: rbac.authorization.k8s.io/v1
20 | # kind: Role
21 | # metadata:
22 | #   name: developer
23 | # rules:
24 | # - apiGroups: [""]
25 | #   resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "configmaps", "secrets"]
26 | #   verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
27 | # - apiGroups: [""]
28 | #   resources: ["ConfigMap"]
29 | #   verbs: ["create"]
30 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 Milton Jesus
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/Vagrantfile:
--------------------------------------------------------------------------------
 1 | IMAGE_NAME = "bento/ubuntu-20.04"
 2 | N = 2
 3 | IP_BASE = "10.11.12."
 4 | 
 5 | Vagrant.configure('2') do |config|
 6 |     config.ssh.insert_key = false
 7 |     config.vm.provider "virtualbox" do |v|
 8 |         v.memory = 2048
 9 |         v.cpus = 2 
10 |     end 
11 | 
12 |     config.vm.define "k8s-budapest-0000" do |master|
13 |         master.vm.box = IMAGE_NAME
14 |         master.vm.network "private_network", ip: "#{IP_BASE}10"
15 |         master.vm.hostname = "k8s-budapest-0000"
16 |         master.vm.provision "ansible" do |ansible|
17 |             ansible.playbook = "ansible_k8s/master-playbook.yml"
18 |             ansible.extra_vars = {
19 |                 node_ip: "#{IP_BASE}10",
20 |             }
21 |         end
22 |     end
23 | 
24 |     (1..N).each do |i|
25 |         config.vm.define "k8s-budapest-000#{i}" do |node|
26 |             node.vm.box = IMAGE_NAME
27 |             node.vm.network "private_network", ip: "#{IP_BASE}#{i+10}"
28 |             node.vm.hostname = "k8s-budapest-000#{i}"
29 |             node.vm.provision "ansible" do |ansible|
30 |                 ansible.playbook = "ansible_k8s/worker-playbook.yml"
31 |                 ansible.extra_vars = {
32 |                     node_ip: "#{IP_BASE}#{i+10}",
33 |                 }
34 |             end
35 |         end
36 |     end
37 | end
38 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # K8s playground
 2 | 
 3 | <p align="center"><img width="" height="" src="https://apprenda.com/wp-content/uploads/Webinar_K8S101_K8slogo.png"></p>
 4 | 
 5 | Deploy do K8s  usando Vagrant + Ansible, este deploy é para fins didáticos favor utilizar apenas em ambiente de testes, as versões dos software utilizadas foram:
 6 | 
 7 | ## Requerimentos
 8 | 
 9 | ``` shell
10 | * Vagrant 2.2.14
11 | * Virtualbox 6.1.16
12 | * Python 3.8.6
13 | * Ansible 2.9.9
14 | ```
15 | 
16 | Criei um executável para facilitar a instalação das ferramentas, basta executar install.sh e a instalação das dependências sera feita automaticamente
17 | 
18 | ``` shell
19 | 
20 | ./install.sh
21 | 
22 | ```
23 | 
24 | Ou você pode instalar as ferramentas manualmente
25 | 
26 | ## Downloads
27 | 
28 | * Vagrant
29 |   Download -> https://www.vagrantup.com/downloads
30 | * VirtualBox
31 |   Download -> https://www.virtualbox.org/wiki/Downloads
32 | * Python
33 |   Download -> https://www.python.org/downloads/
34 | * Ansible
35 |   Informações sobre instalação no windows -> https://www.ansible.com/for/windows
36 | 
37 | ### Modo de uso
38 | 
39 | Entre na pasta do projeto e execute o script onde esta o Vagrantfile:
40 | 
41 | ``` shell
42 | vagrant up
43 | ```
44 | 
45 | Aguarde o termino das confs, para acessar o cluster, basta digitar:
46 | 
47 | ``` shell
48 | vagrant ssh k8s-master
49 | ```
50 | 
51 | ### Sumário
52 | 
53 | #### Principais Conceitos
54 | 
55 | * Cluster
56 | * PODs
57 | * Replica Sets
58 | * Deployments
59 | * Namespaces
60 | 


--------------------------------------------------------------------------------
/.install.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Função para instalar no Linux (Ubuntu/Debian)
 4 | install_on_linux() {
 5 |     # Atualizar os repositórios apt
 6 |     sudo apt update
 7 | 
 8 |     echo 'Instalando o VirtualBox'
 9 |     sudo apt install virtualbox -y
10 | 
11 |     echo 'Instalando o repositório da HashiCorp'
12 |     curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
13 |     sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
14 | 
15 |     echo 'Atualizando os repositórios apt novamente para atualizar o cache com o novo repositório'
16 |     sudo apt update
17 | 
18 |     echo 'Instalando o Vagrant'
19 |     sudo apt install vagrant -y
20 | 
21 |     echo 'Instalando o Python'
22 |     sudo apt install python3 -y
23 | 
24 |     echo 'Instalando o Ansible'
25 |     sudo apt install ansible -y
26 | }
27 | 
28 | # Função para instalar no macOS
29 | install_on_macos() {
30 |     # Verificar se o Homebrew está instalado
31 |     if ! command -v brew &>/dev/null; then
32 |         echo 'Homebrew não encontrado. Instalando o Homebrew...'
33 |         /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
34 |     fi
35 | 
36 |     echo 'Instalando o VirtualBox'
37 |     brew install --cask virtualbox
38 | 
39 |     echo 'Instalando o Vagrant'
40 |     brew install --cask vagrant
41 | 
42 |     echo 'Instalando o Python'
43 |     brew install python
44 | 
45 |     echo 'Instalando o Ansible'
46 |     brew install ansible
47 | }
48 | 
49 | # Verificar o sistema operacional e oferecer opções de instalação
50 | if [[ "$OSTYPE" == "linux-gnu"* ]]; then
51 |     echo "Sistema operacional detectado: Linux"
52 |     echo "Deseja instalar no Linux? (Digite 'sim' ou 's' para confirmar)"
53 |     read -r response
54 |     if [[ "$response" =~ ^([sS][iI][mM]|[yY])$ ]]; then
55 |         install_on_linux
56 |     else
57 |         echo "Instalação no Linux cancelada."
58 |     fi
59 | elif [[ "$OSTYPE" == "darwin"* ]]; then
60 |     echo "Sistema operacional detectado: macOS"
61 |     echo "Deseja instalar no macOS? (Digite 'sim' ou 's' para confirmar)"
62 |     read -r response
63 |     if [[ "$response" =~ ^([sS][iI][mM]|[yY])$ ]]; then
64 |         install_on_macos
65 |     else
66 |         echo "Instalação no macOS cancelada."
67 |     fi
68 | else
69 |     echo "Sistema operacional não suportado."
70 | fi
71 | 


--------------------------------------------------------------------------------
/ansible_k8s/worker-playbook.yml:
--------------------------------------------------------------------------------
  1 | ---
  2 | - hosts: all
  3 |   become: true
  4 |   tasks:
  5 |   - name: Instalar os pacotes e permite apt usar HTTPS
  6 |     apt:
  7 |       name: "{{ packages }}"
  8 |       state: present
  9 |       update_cache: yes
 10 |     vars:
 11 |       packages:
 12 |       - apt-transport-https
 13 |       - ca-certificates
 14 |       - curl
 15 |       - gnupg2
 16 |       - software-properties-common
 17 | 
 18 |   - name: Adicionar uma chave apt assinada para o Docker
 19 |     apt_key:
 20 |       url: https://download.docker.com/linux/ubuntu/gpg
 21 |       state: present
 22 |     become: true
 23 | 
 24 |   - name: Adicionar repositório apt para uma versão estável
 25 |     apt_repository:
 26 |       repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable
 27 |       state: present
 28 | 
 29 |   - name: Instalar docker e suas dependências
 30 |     apt:
 31 |       name: "{{ packages }}"
 32 |       state: present
 33 |       update_cache: yes
 34 |     vars:
 35 |       packages:
 36 |       - docker-ce
 37 |       - docker-ce-cli
 38 |       - containerd.io
 39 |     notify:
 40 |       - docker status
 41 | 
 42 |   - name: Adicionar usuário vagrant para o grupo do docker
 43 |     user:
 44 |       name: vagrant
 45 |       group: docker
 46 | 
 47 |   - name: Remove o arquivo swap do /etc/fstab
 48 |     mount:
 49 |       name: "{{ item }}"
 50 |       fstype: swap
 51 |       state: absent
 52 |     with_items:
 53 |       - swap
 54 |       - none
 55 | 
 56 |   - name: Desabilita o swap
 57 |     command: swapoff -a
 58 |     when: ansible_swaptotal_mb > 0
 59 | 
 60 |   - name: Adicionar uma chave apt assinada para o kubernetes
 61 |     apt_key:
 62 |       url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
 63 |       state: present
 64 | 
 65 |   - name: Adicionando um repositório apt para o Kubernetes
 66 |     apt_repository:
 67 |       repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
 68 |       state: present
 69 |       filename: kubernetes.list
 70 | 
 71 |   - name: Instalar os binários do Kubernetes
 72 |     apt:
 73 |       name: "{{ packages }}"
 74 |       state: present
 75 |       update_cache: yes
 76 |     vars:
 77 |       packages:
 78 |         - kubelet=1.28.6-00
 79 |         - kubeadm=1.28.6-00
 80 |         - kubectl=1.28.6-00
 81 | 
 82 |   - name: Configura IP do nó (node)
 83 |     lineinfile:
 84 |       path: /etc/default/kubelet
 85 |       line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
 86 |       create: yes
 87 | 
 88 |   - name: Restart kubelet
 89 |     service:
 90 |       name: kubelet
 91 |       daemon_reload: yes
 92 |       state: restarted
 93 | 
 94 |   - name: Copy the join command to server location
 95 |     ansible.builtin.copy:
 96 |       src: join-command
 97 |       dest: /tmp/join-command.sh
 98 |       mode: '0777'
 99 | 
100 |   - name: Insere o nó (node) no Cluster
101 |     command: sh /tmp/join-command.sh
102 | 
103 |   handlers:
104 |     - name: docker status
105 |       service: name=docker state=started
106 | 


--------------------------------------------------------------------------------
/cka-roadmap/resources/my-new-pod.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: v1
  2 | kind: Pod
  3 | metadata:
  4 |   creationTimestamp: "2021-11-18T11:28:42Z"
  5 |   generateName: redis-6749d7bd65-
  6 |   labels:
  7 |     app: redis
  8 |     pod-template-hash: 6749d7bd65
  9 |   name: redis-6749d7bd65-97g4z
 10 |   namespace: default
 11 |   ownerReferences:
 12 |   - apiVersion: apps/v1
 13 |     blockOwnerDeletion: true
 14 |     controller: true
 15 |     kind: ReplicaSet
 16 |     name: redis-6749d7bd65
 17 |     uid: 809a0a4a-745f-41f2-a8af-0c0eee6a0865
 18 |   resourceVersion: "206998"
 19 |   uid: 4e1acedd-41e0-4971-85ae-33b59e5b0457
 20 | spec:
 21 |   containers:
 22 |   - image: redis
 23 |     imagePullPolicy: Always
 24 |     name: redis
 25 |     resources: {}
 26 |     terminationMessagePath: /dev/termination-log
 27 |     terminationMessagePolicy: File
 28 |     volumeMounts:
 29 |     - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
 30 |       name: kube-api-access-f52br
 31 |       readOnly: true
 32 |   dnsPolicy: ClusterFirst
 33 |   enableServiceLinks: true
 34 |   nodeName: k3d-k3s-default-server-0
 35 |   preemptionPolicy: PreemptLowerPriority
 36 |   priority: 0
 37 |   restartPolicy: Always
 38 |   schedulerName: default-scheduler
 39 |   securityContext: {}
 40 |   serviceAccount: default
 41 |   serviceAccountName: default
 42 |   terminationGracePeriodSeconds: 30
 43 |   tolerations:
 44 |   - effect: NoExecute
 45 |     key: node.kubernetes.io/not-ready
 46 |     operator: Exists
 47 |     tolerationSeconds: 300
 48 |   - effect: NoExecute
 49 |     key: node.kubernetes.io/unreachable
 50 |     operator: Exists
 51 |     tolerationSeconds: 300
 52 |   volumes:
 53 |   - name: kube-api-access-f52br
 54 |     projected:
 55 |       defaultMode: 420
 56 |       sources:
 57 |       - serviceAccountToken:
 58 |           expirationSeconds: 3607
 59 |           path: token
 60 |       - configMap:
 61 |           items:
 62 |           - key: ca.crt
 63 |             path: ca.crt
 64 |           name: kube-root-ca.crt
 65 |       - downwardAPI:
 66 |           items:
 67 |           - fieldRef:
 68 |               apiVersion: v1
 69 |               fieldPath: metadata.namespace
 70 |             path: namespace
 71 | status:
 72 |   conditions:
 73 |   - lastProbeTime: null
 74 |     lastTransitionTime: "2021-11-18T11:28:42Z"
 75 |     status: "True"
 76 |     type: Initialized
 77 |   - lastProbeTime: null
 78 |     lastTransitionTime: "2021-11-22T23:35:46Z"
 79 |     status: "True"
 80 |     type: Ready
 81 |   - lastProbeTime: null
 82 |     lastTransitionTime: "2021-11-22T23:35:46Z"
 83 |     status: "True"
 84 |     type: ContainersReady
 85 |   - lastProbeTime: null
 86 |     lastTransitionTime: "2021-11-18T11:28:42Z"
 87 |     status: "True"
 88 |     type: PodScheduled
 89 |   containerStatuses:
 90 |   - containerID: containerd://3831462a5ab63a0da2bbb6de99a3d9092b43d5e3cd420de714248ee95c0c7983
 91 |     image: docker.io/library/redis:latest
 92 |     imageID: docker.io/library/redis@sha256:619af14d3a95c30759a1978da1b2ce375504f1af70ff9eea2a8e35febc45d747
 93 |     lastState:
 94 |       terminated:
 95 |         containerID: containerd://e749fc9b78c702e36084ff70bda2cd614e618540db0ec8441310162526a5f88c
 96 |         exitCode: 255
 97 |         finishedAt: "2021-11-22T23:35:17Z"
 98 |         reason: Unknown
 99 |         startedAt: "2021-11-22T20:03:48Z"
100 |     name: redis
101 |     ready: true
102 |     restartCount: 5
103 |     started: true
104 |     state:
105 |       running:
106 |         startedAt: "2021-11-22T23:35:45Z"
107 |   hostIP: 172.18.0.5
108 |   phase: Running
109 |   podIP: 10.42.0.37
110 |   podIPs:
111 |   - ip: 10.42.0.37
112 |   qosClass: BestEffort
113 |   startTime: "2021-11-18T11:28:42Z"
114 | 


--------------------------------------------------------------------------------
/ansible_k8s/master-playbook.yml:
--------------------------------------------------------------------------------
  1 | ---
  2 | - hosts: all
  3 |   become: true
  4 |   tasks:
  5 |   - name: Instalar os pacotes e permite apt usar HTTPS
  6 |     apt:
  7 |       name: "{{ packages }}"
  8 |       state: present
  9 |       update_cache: yes
 10 |     vars:
 11 |       packages:
 12 |       - apt-transport-https
 13 |       - ca-certificates
 14 |       - curl
 15 |       - gnupg2
 16 |       - software-properties-common
 17 | 
 18 |   - name: Adicionar uma chave apt assinada para o Docker
 19 |     apt_key:
 20 |       url: https://download.docker.com/linux/ubuntu/gpg
 21 |       state: present
 22 |     become: true
 23 | 
 24 |   - name: Adicionar repositório apt para uma versão estável
 25 |     apt_repository:
 26 |       repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable
 27 |       state: present
 28 |     
 29 |   - name: Instalar docker e suas dependências
 30 |     apt:
 31 |       name: "{{ packages }}"
 32 |       state: present
 33 |       update_cache: yes
 34 |     vars:
 35 |       packages:
 36 |       - docker-ce
 37 |       - docker-ce-cli
 38 |       - containerd.io
 39 |     notify:
 40 |       - docker status
 41 | 
 42 |   - name: Adicionar usuário vagrant para o grupo do docker
 43 |     user:
 44 |       name: vagrant
 45 |       group: docker
 46 | 
 47 |   - name: Remove o arquivo swap do /etc/fstab
 48 |     mount:
 49 |       name: "{{ item }}"
 50 |       fstype: swap
 51 |       state: absent
 52 |     with_items:
 53 |       - swap
 54 |       - none
 55 | 
 56 |   - name: Desabilita o swap
 57 |     command: swapoff -a
 58 |     when: ansible_swaptotal_mb > 0
 59 | 
 60 |   - name: Adicionar uma chave apt assinada para o kubernetes
 61 |     apt_key:
 62 |       url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
 63 |       state: present
 64 | 
 65 |   - name: Adicionando um repositório apt para o Kubernetes
 66 |     apt_repository:
 67 |       repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
 68 |       state: present
 69 |       filename: kubernetes.list
 70 | 
 71 |   - name: Instalar os binários do Kubernetes
 72 |     apt:
 73 |       name: "{{ packages }}"
 74 |       state: present
 75 |       update_cache: yes
 76 |     vars:
 77 |       packages:
 78 |         - kubelet=1.28.6-00
 79 |         - kubeadm=1.28.6-00
 80 |         - kubectl=1.28.6-00
 81 | 
 82 |   - name: Configura IP do nó (node)
 83 |     lineinfile:
 84 |       path: /etc/default/kubelet
 85 |       line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
 86 |       create: yes
 87 | 
 88 |   - name: Restart kubelet
 89 |     service:
 90 |       name: kubelet
 91 |       daemon_reload: yes
 92 |       state: restarted
 93 | 
 94 |   - name: Inicializar o kubernetes usando o kubeadm
 95 |     command: kubeadm init --apiserver-advertise-address="10.11.12.10" --apiserver-cert-extra-sans="10.11.12.10"  --node-name k8s-master --pod-network-cidr=10.123.0.0/16
 96 | 
 97 |   - name: Configura kubeconfig para o usuário vagrant
 98 |     command: "{{ item }}"
 99 |     with_items:
100 |       - mkdir -p /home/vagrant/.kube
101 |       - cp -i /etc/kubernetes/admin.conf /home/vagrant/.kube/config
102 |       - chown vagrant:vagrant /home/vagrant/.kube/config
103 | 
104 |   - name: Instalar provider de rede para pod weave net
105 |     become: false
106 |     command: kubectl create -f https://cloud.weave.works/launch/k8s/weavescope.yaml
107 | 
108 |   - name: Checar se join token foi existe
109 |     stat:
110 |       path: /ansible_k8s/join_command
111 |     register: join_command_exists
112 | 
113 |   - name: Criar comando com token para ingressar node ao cluster
114 |     command: kubeadm token create --print-join-command
115 |     register: join_command
116 |     when: join_command_exists.stat.exists == False
117 | 
118 |   - name: Copiar join para arquivo local
119 |     become: false
120 |     local_action: copy content="{{ join_command.stdout_lines[0] }}" dest="./join-command"
121 | 
122 |   handlers:
123 |     - name: docker status
124 |       service: name=docker state=started
125 | 


--------------------------------------------------------------------------------