├── .dockerignore ├── .gitignore ├── .helmignore ├── Dockerfile ├── Jenkinsfile ├── Makefile ├── OWNERS ├── OWNERS_ALIASES ├── anchore ├── anchore-values.yaml └── prom-values.yaml ├── auth ├── crb-release-manager.yml ├── crb-view.yml ├── go-demo-2.yml ├── groups.yml ├── rb-dev.yml └── rb-jdoe.yml ├── aws ├── cluster-autoscaler │ └── templates │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── deployment.yaml │ │ ├── pdb.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── service.yaml │ │ └── serviceaccount.yaml └── go-demo-2.yml ├── cd ├── docker-build │ └── Vagrantfile ├── docker-socket.yml └── jenkins.yml ├── certs ├── go-demo-7.com │ ├── 1_root │ │ ├── certs │ │ │ └── ca.cert.pem │ │ ├── index.txt │ │ ├── index.txt.attr │ │ ├── index.txt.old │ │ ├── newcerts │ │ │ └── 100212.pem │ │ ├── private │ │ │ └── ca.key.pem │ │ ├── serial │ │ └── serial.old │ ├── 2_intermediate │ │ ├── certs │ │ │ ├── ca-chain.cert.pem │ │ │ └── intermediate.cert.pem │ │ ├── csr │ │ │ └── intermediate.csr.pem │ │ ├── index.txt │ │ ├── index.txt.attr │ │ ├── index.txt.attr.old │ │ ├── index.txt.old │ │ ├── newcerts │ │ │ ├── 100212.pem │ │ │ └── 100213.pem │ │ ├── private │ │ │ └── intermediate.key.pem │ │ ├── serial │ │ └── serial.old │ ├── 3_application │ │ ├── certs │ │ │ └── go-demo-7.com.cert.pem │ │ ├── csr │ │ │ └── go-demo-7.com.csr.pem │ │ └── private │ │ │ └── go-demo-7.com.key.pem │ └── 4_client │ │ ├── certs │ │ └── go-demo-7.com.cert.pem │ │ ├── csr │ │ └── go-demo-7.com.csr.pem │ │ └── private │ │ └── go-demo-7.com.key.pem └── www.devopstoolkitseries.com │ ├── 1_root │ ├── certs │ │ └── ca.cert.pem │ ├── index.txt │ ├── index.txt.attr │ ├── index.txt.old │ ├── newcerts │ │ └── 100212.pem │ ├── private │ │ └── ca.key.pem │ ├── serial │ └── serial.old │ ├── 2_intermediate │ ├── certs │ │ ├── ca-chain.cert.pem │ │ └── intermediate.cert.pem │ ├── csr │ │ └── intermediate.csr.pem │ ├── index.txt │ ├── index.txt.attr │ ├── index.txt.attr.old │ ├── index.txt.old │ ├── newcerts │ │ ├── 100212.pem │ │ └── 100213.pem │ ├── private │ │ └── intermediate.key.pem │ ├── serial │ └── serial.old │ ├── 3_application │ ├── certs │ │ └── www.devopstoolkitseries.com.cert.pem │ ├── csr │ │ └── www.devopstoolkitseries.com.csr.pem │ └── private │ │ └── www.devopstoolkitseries.com.key.pem │ └── 4_client │ ├── certs │ └── www.devopstoolkitseries.com.cert.pem │ ├── csr │ └── www.devopstoolkitseries.com.csr.pem │ └── private │ └── www.devopstoolkitseries.com.key.pem ├── charts ├── k8s-specs │ ├── .helmignore │ ├── Chart.yaml │ ├── Makefile │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ └── service.yaml │ └── values.yaml ├── maesh │ ├── .helmignore │ ├── Chart.yaml │ ├── Guidelines.md │ ├── charts │ │ ├── metrics │ │ │ ├── Chart.yaml │ │ │ ├── dashboards │ │ │ │ └── traefik.json │ │ │ ├── templates │ │ │ │ ├── grafana-pdb.yaml │ │ │ │ ├── grafana.yaml │ │ │ │ ├── prometheus-pdb.yaml │ │ │ │ ├── prometheus.yaml │ │ │ │ ├── rbac.yaml │ │ │ │ └── storage.yaml │ │ │ └── values.yaml │ │ └── tracing │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── jaeger-deployment.yaml │ │ │ ├── jaeger-pdb.yaml │ │ │ ├── jaeger-sa.yaml │ │ │ └── jaeger-services.yaml │ │ │ └── values.yaml │ ├── crds │ │ ├── smi-access.yaml │ │ ├── smi-spec.yaml │ │ └── smi-trafficsplits.yaml │ ├── requirements.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── controller │ │ │ ├── controller-configmap.yaml │ │ │ ├── controller-deployment.yaml │ │ │ ├── controller-pdb.yaml │ │ │ ├── controller-rbac.yaml │ │ │ └── controller-sa.yaml │ │ ├── dns │ │ │ └── coredns │ │ │ │ ├── coredns-configmap.yaml │ │ │ │ ├── coredns-deployment.yaml │ │ │ │ ├── coredns-rbac.yaml │ │ │ │ ├── coredns-sa.yaml │ │ │ │ └── coredns-service.yaml │ │ └── mesh │ │ │ ├── mesh-daemonset.yaml │ │ │ ├── mesh-pdb.yaml │ │ │ ├── mesh-sa.yaml │ │ │ └── mesh-service.yaml │ └── values.yaml └── preview │ ├── Chart.yaml │ ├── Makefile │ ├── requirements.yaml │ └── values.yaml ├── cm ├── alpine-env-all.yml ├── alpine-env.yml ├── alpine.yml ├── my-env-file.yml ├── prometheus-conf.yml └── prometheus.yml ├── crossplane └── .gitignore ├── deploy ├── different-app-db.yml ├── go-demo-2-api.yml ├── go-demo-2-bg.yml ├── go-demo-2-db-svc.yml ├── go-demo-2-db.yml ├── go-demo-2-scaled-new.yml ├── go-demo-2-scaled.yml ├── go-demo-2-swarm.yml └── go-demo-2.yml ├── do └── storage.yml ├── grafana ├── devops-toolkit-dashboard.json └── kubernetes-dashboard.json ├── helm ├── chartmuseum-values.yml ├── gitlab-values.yaml ├── jenkins-config.yml ├── jenkins-patch.yml ├── jenkins-sa.yml ├── jenkins-values.yml ├── jenkins-values2.yml ├── jenkins │ ├── .helmignore │ ├── Chart.yaml │ ├── requirements.yaml │ ├── templates │ │ └── config.tpl │ └── values.yaml ├── jenkins2 │ ├── .helmignore │ ├── Chart.yaml │ ├── charts │ │ └── jenkins-1.5.0.tgz │ ├── requirements.yaml │ ├── templates │ │ └── config.tpl │ └── values.yaml ├── monocular-values.yml ├── registry-values.yml └── tiller-rbac.yml ├── ingress ├── default-backend.yml ├── devops-toolkit-dep-lb.yml ├── devops-toolkit-dep.yml ├── devops-toolkit-dom.yml ├── devops-toolkit.yml ├── go-demo-2-deploy-lb.yml ├── go-demo-2-deploy.yml ├── go-demo-2-ingress.yml └── go-demo-2.yml ├── istio ├── alpine.yml ├── gd7-gateway-https.yml ├── gd7-gateway.yml └── gd7-virtualservice.yml ├── jenkins ├── docker-ami.json └── docker-gce.json ├── kops ├── README.md ├── cluster-setup.sh ├── delete-aws.sh ├── delete-kops.sh ├── kops.env ├── root.env └── setup.sh ├── linkerd └── alpine.yml ├── logging ├── eks-logs-policy.json ├── es-values.yml ├── fluentd-cw-values.yml ├── fluentd-eks.yml ├── fluentd-papertrail.yml ├── fluentd-values.yml ├── kibana-values.yml └── logger.yml ├── mon ├── go-demo-5-hpa-ing.yml ├── go-demo-5-hpa-svc.yml ├── go-demo-5-hpa.yml ├── grafana-values-bare.yml ├── grafana-values.yml ├── prom-adapter-values-ing.yml ├── prom-adapter-values-svc.yml ├── prom-adapter-values.yml ├── prom-values-bare.yml ├── prom-values-cpu-memory.yml ├── prom-values-cpu.yml ├── prom-values-errors.yml ├── prom-values-latency.yml ├── prom-values-latency2.yml ├── prom-values-limit-mem.yml ├── prom-values-memory.yml ├── prom-values-nodes-0.yml ├── prom-values-nodes-am.yml ├── prom-values-nodes.yml ├── prom-values-old-pods.yml ├── prom-values-phase.yml ├── prom-values-req-cpu.yml ├── prom-values-req-mem.yml └── prom-values.yml ├── network ├── basic │ ├── Vagrantfile │ ├── bootstrap.sh │ ├── config_cni.sh │ ├── config_route.sh │ ├── master.sh │ ├── nginx-deployment.yaml │ └── node.sh └── cluster │ ├── Vagrantfile │ ├── bootstrap.sh │ ├── flannel.yml │ └── nginx-deployment.yaml ├── ns └── go-demo-2.yml ├── pod ├── db.yml ├── go-demo-2-full.yml ├── go-demo-2-health.yml ├── go-demo-2-scaled.yml └── go-demo-2.yml ├── pv ├── jenkins-default.yml ├── jenkins-dynamic-gke.yml ├── jenkins-dynamic.yml ├── jenkins-no-pv.yml ├── jenkins-pv.yml ├── jenkins-sc.yml ├── jenkins.yml ├── pv-gke.yml ├── pv.yml ├── pvc.yml ├── sc-gke.yml └── sc.yml ├── renovate.json ├── res ├── dev.yml ├── go-demo-2-insuf-mem.yml ├── go-demo-2-insuf-node.yml ├── go-demo-2-mem.yml ├── go-demo-2-no-res.yml ├── go-demo-2-qos.yml ├── go-demo-2-random.yml ├── go-demo-2-scaled.yml ├── go-demo-2.yml └── limit-range.yml ├── rs ├── go-demo-2-scaled.yml └── go-demo-2.yml ├── sa ├── go-demo-3.yml ├── jenkins-no-sa-oc.yml ├── jenkins-no-sa.yml ├── jenkins-oc.yml ├── jenkins.yml ├── kubectl-test1.yml ├── kubectl-test2.yml ├── kubectl-view.yml ├── pods-all.yml ├── pods.yml └── view.yml ├── scaling ├── aks-cluster-autoscaler.yml ├── eks-autoscaling-policy.json ├── go-demo-5-2-5.yml ├── go-demo-5-api-hpa-low-mem.yml ├── go-demo-5-api-hpa.yml ├── go-demo-5-db-hpa-many.yml ├── go-demo-5-db-hpa.yml ├── go-demo-5-many.yml ├── go-demo-5-no-hpa.yml ├── go-demo-5-no-sidecar-mem.yml ├── go-demo-5-replicas-10.yml └── go-demo-5.yml ├── secret ├── jenkins-secrets.yml ├── jenkins-unprotected.yml └── jenkins.yml ├── setup └── jenkins.yml ├── skaffold.yaml ├── storage ├── demo-rook-block.yml ├── demo-rook-fs.yml ├── jenkins-rook-block.yml ├── jenkins-rook-fs.yml ├── jenkins.yml ├── rook-cluster.yml ├── rook-operator.yml ├── rook-tools.yml └── rook.yml ├── sts ├── cje-test.yml ├── go-demo-3-deploy.yml ├── go-demo-3-sts-upd.yml ├── go-demo-3-sts-v1.yml ├── go-demo-3-sts.yml ├── go-demo-3.yml ├── jenkins-oc.yml └── jenkins.yml ├── svc ├── go-demo-2-api-rs.yml ├── go-demo-2-api-svc-lb.yml ├── go-demo-2-api-svc.yml ├── go-demo-2-db-rs.yml ├── go-demo-2-db-svc.yml ├── go-demo-2-lb.yml ├── go-demo-2-rs.yml ├── go-demo-2-svc-lb.yml ├── go-demo-2-svc.yml ├── go-demo-2-swarm.yml └── go-demo-2.yml ├── terraform ├── README.md ├── aks │ ├── .gitignore │ └── cluster.tf ├── config.tf ├── doks │ ├── .gitignore │ └── cluster.tf ├── eks │ ├── .gitignore │ └── cluster.tf ├── gke-crossplane │ ├── .gitignore │ └── cluster.tf ├── gke-jx │ ├── .gitignore │ └── cluster.tf ├── gke │ ├── .gitignore │ └── cluster.tf ├── main.tf ├── packer-kubernetes.json ├── s3cfg.tpl └── variables.tf ├── volume ├── docker.yml ├── github.yml ├── jenkins-empty-dir.yml ├── jenkins.yml ├── prometheus-conf-orig.yml ├── prometheus-conf.yml ├── prometheus-host-path.yml └── prometheus.yml └── watch.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | draft.toml 2 | target/classes 3 | target/generated-sources 4 | target/generated-test-sources 5 | target/maven-archiver 6 | target/maven-status 7 | target/surefire-reports 8 | target/test-classes 9 | target/*.original 10 | charts/ 11 | NOTICE 12 | LICENSE 13 | README.md -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /tmp 2 | /keys 3 | /cluster 4 | /secrets 5 | /kops-creds 6 | /kops/creds 7 | /prod.yml 8 | /cd/docker-build/.vagrant 9 | /cd/docker-build/*.log 10 | /helm/jenkins/*.lock 11 | /helm/jenkins2/*.lock 12 | /kubeconfig 13 | # terraform 14 | /terraform/terraform.tf* 15 | /terraform/*.pem 16 | /terraform/plan 17 | /terraform/.terraform 18 | /terraform/k8s-key* 19 | /terraform/*.log 20 | /terraform/admin.conf 21 | /helm/jenkins/charts/*.tgz 22 | terraform.tfstate 23 | */.DS_Store 24 | /zones 25 | /myvalues.yaml 26 | /charts/istio* 27 | /account.json 28 | # ides 29 | .idea 30 | -------------------------------------------------------------------------------- /.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | *.png 23 | 24 | # known compile time folders 25 | target/ 26 | node_modules/ 27 | vendor/ -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | EXPOSE 8080 3 | ENTRYPOINT ["/k8s-specs"] 4 | COPY ./bin/ / -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL := /bin/bash 2 | GO := GO15VENDOREXPERIMENT=1 go 3 | NAME := k8s-specs 4 | OS := $(shell uname) 5 | MAIN_GO := main.go 6 | ROOT_PACKAGE := $(GIT_PROVIDER)/vfarcic/$(NAME) 7 | GO_VERSION := $(shell $(GO) version | sed -e 's/^[^0-9.]*\([0-9.]*\).*/\1/') 8 | PACKAGE_DIRS := $(shell $(GO) list ./... | grep -v /vendor/) 9 | PKGS := $(shell go list ./... | grep -v /vendor | grep -v generated) 10 | BUILDFLAGS := '' 11 | CGO_ENABLED = 0 12 | VENDOR_DIR=vendor 13 | 14 | all: build 15 | 16 | check: fmt build test 17 | 18 | build: 19 | CGO_ENABLED=$(CGO_ENABLED) $(GO) build -ldflags $(BUILDFLAGS) -o bin/$(NAME) $(MAIN_GO) 20 | 21 | test: 22 | CGO_ENABLED=$(CGO_ENABLED) $(GO) test $(PACKAGE_DIRS) -test.v 23 | 24 | full: $(PKGS) 25 | 26 | install: 27 | GOBIN=${GOPATH}/bin $(GO) install -ldflags $(BUILDFLAGS) $(MAIN_GO) 28 | 29 | fmt: 30 | @FORMATTED=`$(GO) fmt $(PACKAGE_DIRS)` 31 | @([[ ! -z "$(FORMATTED)" ]] && printf "Fixed unformatted files:\n$(FORMATTED)") || true 32 | 33 | clean: 34 | rm -rf build release 35 | 36 | linux: 37 | CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 $(GO) build -ldflags $(BUILDFLAGS) -o bin/$(NAME) $(MAIN_GO) 38 | 39 | .PHONY: release clean 40 | 41 | FGT := $(GOPATH)/bin/fgt 42 | $(FGT): 43 | go get github.com/GeertJohan/fgt 44 | 45 | GOLINT := $(GOPATH)/bin/golint 46 | $(GOLINT): 47 | go get github.com/golang/lint/golint 48 | 49 | $(PKGS): $(GOLINT) $(FGT) 50 | @echo "LINTING" 51 | @$(FGT) $(GOLINT) $(GOPATH)/src/$@/*.go 52 | @echo "VETTING" 53 | @go vet -v $@ 54 | @echo "TESTING" 55 | @go test -v $@ 56 | 57 | .PHONY: lint 58 | lint: vendor | $(PKGS) $(GOLINT) # ❷ 59 | @cd $(BASE) && ret=0 && for pkg in $(PKGS); do \ 60 | test -z "$$($(GOLINT) $$pkg | tee /dev/stderr)" || ret=1 ; \ 61 | done ; exit $$ret 62 | 63 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - vfarcic 3 | reviewers: 4 | - vfarcic 5 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | aliases: 2 | - vfarcic 3 | best-approvers: 4 | - vfarcic 5 | best-reviewers: 6 | - vfarcic 7 | -------------------------------------------------------------------------------- /anchore/anchore-values.yaml: -------------------------------------------------------------------------------- 1 | anchoreGlobal: 2 | enableMetrics: true 3 | -------------------------------------------------------------------------------- /anchore/prom-values.yaml: -------------------------------------------------------------------------------- 1 | extraScrapeConfigs: | 2 | - job_name: anchore-api 3 | scrape_interval: 15s 4 | scrape_timeout: 10s 5 | metrics_path: /metrics 6 | scheme: http 7 | static_configs: 8 | - targets: 9 | - anchore-anchore-engine:8228 10 | basic_auth: 11 | username: admin 12 | password: anchore -------------------------------------------------------------------------------- /auth/crb-release-manager.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: release-manager 5 | rules: 6 | - resources: ["pods", "pods/attach", "pods/exec", "pods/log", "pods/status"] 7 | verbs: ["*"] 8 | apiGroups: [""] 9 | - resources: ["deployments", "replicasets"] 10 | verbs: ["create", "get", "list", "update", "watch"] 11 | apiGroups: ["", "apps", "extensions"] 12 | 13 | --- 14 | 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: RoleBinding 17 | metadata: 18 | name: release-manager 19 | namespace: default 20 | subjects: 21 | - kind: User 22 | name: jdoe 23 | apiGroup: rbac.authorization.k8s.io 24 | roleRef: 25 | kind: ClusterRole 26 | name: release-manager 27 | apiGroup: rbac.authorization.k8s.io 28 | -------------------------------------------------------------------------------- /auth/crb-view.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: view 5 | subjects: 6 | - kind: User 7 | name: jdoe 8 | apiGroup: rbac.authorization.k8s.io 9 | roleRef: 10 | kind: ClusterRole 11 | name: view 12 | apiGroup: rbac.authorization.k8s.io 13 | -------------------------------------------------------------------------------- /auth/groups.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: dev 5 | 6 | --- 7 | 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: RoleBinding 10 | metadata: 11 | name: dev 12 | namespace: dev 13 | subjects: 14 | - kind: Group 15 | name: devs 16 | apiGroup: rbac.authorization.k8s.io 17 | roleRef: 18 | kind: ClusterRole 19 | name: admin 20 | apiGroup: rbac.authorization.k8s.io 21 | 22 | --- 23 | 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: ClusterRoleBinding 26 | metadata: 27 | name: view 28 | subjects: 29 | - kind: Group 30 | name: devs 31 | apiGroup: rbac.authorization.k8s.io 32 | roleRef: 33 | kind: ClusterRole 34 | name: view 35 | apiGroup: rbac.authorization.k8s.io 36 | -------------------------------------------------------------------------------- /auth/rb-dev.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: dev 5 | 6 | --- 7 | 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: RoleBinding 10 | metadata: 11 | name: dev 12 | namespace: dev 13 | subjects: 14 | - kind: User 15 | name: jdoe 16 | apiGroup: rbac.authorization.k8s.io 17 | roleRef: 18 | kind: ClusterRole 19 | name: admin 20 | apiGroup: rbac.authorization.k8s.io 21 | -------------------------------------------------------------------------------- /auth/rb-jdoe.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: jdoe 5 | 6 | --- 7 | 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: RoleBinding 10 | metadata: 11 | name: jdoe 12 | namespace: jdoe 13 | subjects: 14 | - kind: User 15 | name: jdoe 16 | apiGroup: rbac.authorization.k8s.io 17 | roleRef: 18 | kind: ClusterRole 19 | name: cluster-admin 20 | apiGroup: rbac.authorization.k8s.io 21 | -------------------------------------------------------------------------------- /aws/cluster-autoscaler/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: cluster-autoscaler/templates/clusterrolebinding.yaml 3 | apiVersion: rbac.authorization.k8s.io/v1beta1 4 | kind: ClusterRoleBinding 5 | metadata: 6 | labels: 7 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 8 | app.kubernetes.io/name: "aws-cluster-autoscaler" 9 | app.kubernetes.io/managed-by: "Tiller" 10 | helm.sh/chart: "cluster-autoscaler-6.0.0" 11 | name: aws-cluster-autoscaler 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: aws-cluster-autoscaler 16 | subjects: 17 | - kind: ServiceAccount 18 | name: aws-cluster-autoscaler 19 | namespace: kube-system -------------------------------------------------------------------------------- /aws/cluster-autoscaler/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: cluster-autoscaler/templates/deployment.yaml 3 | 4 | 5 | apiVersion: apps/v1 6 | kind: Deployment 7 | metadata: 8 | labels: 9 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 10 | app.kubernetes.io/name: "aws-cluster-autoscaler" 11 | app.kubernetes.io/managed-by: "Tiller" 12 | helm.sh/chart: "cluster-autoscaler-6.0.0" 13 | name: aws-cluster-autoscaler 14 | spec: 15 | replicas: 1 16 | selector: 17 | matchLabels: 18 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 19 | app.kubernetes.io/name: "aws-cluster-autoscaler" 20 | template: 21 | metadata: 22 | labels: 23 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 24 | app.kubernetes.io/name: "aws-cluster-autoscaler" 25 | spec: 26 | containers: 27 | - name: aws-cluster-autoscaler 28 | image: "k8s.gcr.io/cluster-autoscaler:v1.14.5" 29 | imagePullPolicy: "IfNotPresent" 30 | command: 31 | - ./cluster-autoscaler 32 | - --cloud-provider=aws 33 | - --namespace=kube-system 34 | - --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/jx-boot-eks 35 | - --logtostderr=true 36 | - --stderrthreshold=info 37 | - --v=4 38 | 39 | env: 40 | - name: AWS_REGION 41 | value: "us-west-2" 42 | livenessProbe: 43 | httpGet: 44 | path: /health-check 45 | port: 8085 46 | ports: 47 | - containerPort: 8085 48 | resources: 49 | {} 50 | 51 | serviceAccountName: aws-cluster-autoscaler 52 | tolerations: 53 | [] 54 | 55 | -------------------------------------------------------------------------------- /aws/cluster-autoscaler/templates/pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: cluster-autoscaler/templates/pdb.yaml 3 | apiVersion: policy/v1beta1 4 | kind: PodDisruptionBudget 5 | metadata: 6 | labels: 7 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 8 | app.kubernetes.io/name: "aws-cluster-autoscaler" 9 | app.kubernetes.io/managed-by: "Tiller" 10 | helm.sh/chart: "cluster-autoscaler-6.0.0" 11 | name: aws-cluster-autoscaler 12 | spec: 13 | selector: 14 | matchLabels: 15 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 16 | app.kubernetes.io/name: "aws-cluster-autoscaler" 17 | maxUnavailable: 1 18 | # minAvailable: 2 19 | -------------------------------------------------------------------------------- /aws/cluster-autoscaler/templates/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: cluster-autoscaler/templates/role.yaml 3 | apiVersion: rbac.authorization.k8s.io/v1beta1 4 | kind: Role 5 | metadata: 6 | labels: 7 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 8 | app.kubernetes.io/name: "aws-cluster-autoscaler" 9 | app.kubernetes.io/managed-by: "Tiller" 10 | helm.sh/chart: "cluster-autoscaler-6.0.0" 11 | name: aws-cluster-autoscaler 12 | rules: 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - configmaps 17 | verbs: 18 | - create 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps 23 | resourceNames: 24 | - cluster-autoscaler-status 25 | verbs: 26 | - delete 27 | - get 28 | - update -------------------------------------------------------------------------------- /aws/cluster-autoscaler/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: cluster-autoscaler/templates/rolebinding.yaml 3 | apiVersion: rbac.authorization.k8s.io/v1beta1 4 | kind: RoleBinding 5 | metadata: 6 | labels: 7 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 8 | app.kubernetes.io/name: "aws-cluster-autoscaler" 9 | app.kubernetes.io/managed-by: "Tiller" 10 | helm.sh/chart: "cluster-autoscaler-6.0.0" 11 | name: aws-cluster-autoscaler 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: aws-cluster-autoscaler 16 | subjects: 17 | - kind: ServiceAccount 18 | name: aws-cluster-autoscaler 19 | namespace: kube-system -------------------------------------------------------------------------------- /aws/cluster-autoscaler/templates/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: cluster-autoscaler/templates/service.yaml 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | labels: 7 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 8 | app.kubernetes.io/name: "aws-cluster-autoscaler" 9 | app.kubernetes.io/managed-by: "Tiller" 10 | helm.sh/chart: "cluster-autoscaler-6.0.0" 11 | name: aws-cluster-autoscaler 12 | spec: 13 | ports: 14 | - port: 8085 15 | protocol: TCP 16 | targetPort: 8085 17 | name: http 18 | selector: 19 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 20 | app.kubernetes.io/name: "aws-cluster-autoscaler" 21 | type: "ClusterIP" 22 | -------------------------------------------------------------------------------- /aws/cluster-autoscaler/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: cluster-autoscaler/templates/serviceaccount.yaml 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | labels: 7 | app.kubernetes.io/instance: "aws-cluster-autoscaler" 8 | app.kubernetes.io/name: "aws-cluster-autoscaler" 9 | app.kubernetes.io/managed-by: "Tiller" 10 | helm.sh/chart: "cluster-autoscaler-6.0.0" 11 | name: aws-cluster-autoscaler 12 | -------------------------------------------------------------------------------- /cd/docker-build/Vagrantfile: -------------------------------------------------------------------------------- 1 | # vi: set ft=ruby : 2 | 3 | Vagrant.configure("2") do |config| 4 | config.vm.box = "ubuntu/xenial64" 5 | 6 | config.vm.define "docker-build" do |node| 7 | node.vm.hostname = "docker-build" 8 | node.vm.network :private_network, ip: "10.100.198.200" 9 | node.vm.provision :shell, inline: "sudo apt update" 10 | node.vm.provision :shell, inline: "sudo apt -y install apt-transport-https ca-certificates curl software-properties-common" 11 | node.vm.provision :shell, inline: "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -" 12 | node.vm.provision :shell, inline: "sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"" 13 | node.vm.provision :shell, inline: "sudo apt update" 14 | node.vm.provision :shell, inline: "sudo apt install -y docker-ce" 15 | node.vm.provision :shell, inline: "sudo apt install -y default-jre" 16 | end 17 | end -------------------------------------------------------------------------------- /cd/docker-socket.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: docker 5 | spec: 6 | containers: 7 | - name: docker 8 | image: docker:18.03-git 9 | command: ["sleep"] 10 | args: ["100000"] 11 | volumeMounts: 12 | - mountPath: /var/run/docker.sock 13 | name: docker-socket 14 | volumes: 15 | - name: docker-socket 16 | hostPath: 17 | path: /var/run/docker.sock 18 | type: Socket 19 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/1_root/certs/ca.cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFmjCCA4KgAwIBAgIJAIxQIZxLmjXNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV 3 | BAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQww 4 | CgYDVQQKDANEaXMxFjAUBgNVBAMMDWdvLWRlbW8tNy5jb20wHhcNMTkwMTAyMTMy 5 | MzEzWhcNMzgxMjI4MTMyMzEzWjBaMQswCQYDVQQGEwJVUzEPMA0GA1UECAwGRGVu 6 | aWFsMRQwEgYDVQQHDAtTcHJpbmdmaWVsZDEMMAoGA1UECgwDRGlzMRYwFAYDVQQD 7 | DA1nby1kZW1vLTcuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA 8 | yhp1vmlmqWw7UUWFKxV9HBW3I+/qkYRvzvvrz5tnlMkVbllKEfJxz7N5mYeA4Fx2 9 | uBW7r2BJhnlAW3EpCrrNVJ7FJ3HF853h+v5rxoxH6N/BFaH5TCacBQ6iCDB4BIWx 10 | 2HkLCc8zVdz7uXMo5DxWmJj8g8MNknsQdUujgHgsAe7a6X84a9VTkWguqXC9ETJd 11 | /VxcgRvZHbXV2B0Kn86TiMqr430KSJNKLmgYYSYJwYVCm2TFZot+HFld9+4UBcJ3 12 | MGa/v/0ADB9fd3zfQSdlpe8qu/vaIfh1n1TKq3NiV+C4PmPmtOSiLYj7xFr8K9PZ 13 | 95NzIBDXalXxcBDeI2AUlEMCXrWHzeQdFuPjnUNcXckB/0j/w42fRzKvNbJc6Jrc 14 | NwNNhFVuNg7GBiRGiIq/mUWp2DZa831k8dNepp6b7xQ3cutbiMe0MGIkH7AfkMFg 15 | KtXjZTOQ1hGi+njIWnBWTSl6uMErWtPE+DNFzAqU6Of2KBf6uzobwy6YCDRobYNd 16 | ejeMgjv5TZYhXbwD78zUb5/R9EXQSNpjo7FYxc5dORVLf1BcZiXhoTMgs6asUdLe 17 | 4U3nurcIw/JA0gfmuHGQHPWZG9CH5hovDfEGlGfFsCmcouA7DhLZJDm44ytvLlNZ 18 | xlzbfiuY+ULinXftLUASCvC8Fp6U2PdlXpHK5shMAFMCAwEAAaNjMGEwHQYDVR0O 19 | BBYEFDfKYDwP74qXUTnaq9kV9HRUBfBWMB8GA1UdIwQYMBaAFDfKYDwP74qXUTna 20 | q9kV9HRUBfBWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqG 21 | SIb3DQEBCwUAA4ICAQBfkOmsRMj81BzNygdtzSCAumtu/0bpn5PI06ZLm4JVqilh 22 | 3RlId67uLJe8cZyYGzDrJaW90yAVJUO6rALaW8LfqGg+hxyamaCKCkB7p2Pd21qT 23 | VLdKLZvs41tEj1laTbfGe0qNrVT93CCNWjFHMbFqsLWrKOagwsAXkFP6YVB7dfnt 24 | JJoq4l4Zi6WHS1utU8w6oMctDRT5tb4i/d0QmIjLqXXwcrZ94RYe3hLkT+IRv5F4 25 | 2Cq4xvTJtgO4BQo/A1e4ELqEjVDAvyk1N6vZIOI2ZP3EGbaf5zjyz7waSCzGY8lC 26 | 181J5YVm1aChezlglEbRjqtdI4/4YNpNAXUTlaF2sNSLBjugGJtgmkWrhr2sZIZ+ 27 | MHexu0qrK9fb249dPW2RDiUwZuXBKZ2gWkpN3MfVM55xBYMafhetRZGnHSAMV96U 28 | fbItuM1aOXlEGgXlW3zRKb4CdfMGBq4T5UVjJfXQ/7VpIUAMYYomaoO/IzIgb/Tf 29 | XmMFYIIzMW4i51Y4KKIDn86q5Gt3gf4g6KzzkBy08bMTlSIbgg6ZqgZDKJpaVj3v 30 | jLm9yR1ZrmtnC1VYaU2k5sItrM96Uj4oxsMpBY15eAUwwOdI0XjZod1YyGStRvXr 31 | bioL47kk8Sd3l4bOIHvgfWDD0jqdrqx9bzRCg/iz4nuLwk0vg1RQxmC4nfpdFg== 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/1_root/index.txt: -------------------------------------------------------------------------------- 1 | V 281230132318Z 100212 unknown /C=US/ST=Denial/O=Dis/CN=go-demo-7.com 2 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/1_root/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/1_root/index.txt.old: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vfarcic/k8s-specs/f66338e0a05d259b0caa4e76508f5f1d1b3ff4bd/certs/go-demo-7.com/1_root/index.txt.old -------------------------------------------------------------------------------- /certs/go-demo-7.com/1_root/newcerts/100212.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFgTCCA2mgAwIBAgIDEAISMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQwwCgYDVQQK 4 | DANEaXMxFjAUBgNVBAMMDWdvLWRlbW8tNy5jb20wHhcNMTkwMTAyMTMyMzE4WhcN 5 | MjgxMjMwMTMyMzE4WjBEMQswCQYDVQQGEwJVUzEPMA0GA1UECAwGRGVuaWFsMQww 6 | CgYDVQQKDANEaXMxFjAUBgNVBAMMDWdvLWRlbW8tNy5jb20wggIiMA0GCSqGSIb3 7 | DQEBAQUAA4ICDwAwggIKAoICAQDIWYG6xA4w1m5gsHLLcvu1RmlmTT0LwtRCG1/g 8 | UdD8GoQ0JFQgeHPYVbL6N0dZYOmfY1mxaFdV6TYM+G/RohTQI2GlZYAUPD3sNBsH 9 | sYXjkMjZnTYT9eUJWKS57VeNVYhbwxttmo9/+aEk16S0RKTAfUWDH3p3uU4wcBbM 10 | I0PV2DxlHL6Y9Xs1VnNHQSx7SxkLI5jZEPnBWvA0I8dw/Z//QORD9eMDVkFT8Fi+ 11 | JmBv6d4PVOH94PhUo9hKwtMWukGKca7HKHr0rYClpxl8sqgMu13aXXfrEY+y9mmC 12 | VUW61xygfpBlAXjJIv2QP+tPrfF0SbgqQxhwHUg0O0jWl9X6eCuNR6NlW5OzfKOk 13 | qfPoeBIVzjBHl6cNSoqF6JtT7q0Fj+td6TkiXTIjJXER8HyjxSip/c2DJz/alWWb 14 | 10mBQ26q7sW+CqPPXWQAhfzEfYZ67rpgoc6nsQAMYc5H4XwBmiEMSP5ifuGPUUXJ 15 | w+RVrHfsXg61WmlpmRKNmebP7VHGYKZP8rV1uK9XaEjH93UewMF3Xw1oNdDUGFYY 16 | +Y5AaE07GoShuwG2Etr82ISp6vKry7BSfk1Ky7LIF/061V1vNc4w/FsIq8mC68Wa 17 | fULVi58p6/vzqf5vtFWCowhp2OOcW9NRsbf/N89BeIrNk0dM1aPjzl7nAROSuNoQ 18 | FA5AuwIDAQABo2YwZDAdBgNVHQ4EFgQUhLnbZgV2paysfPkOblFaw8j0jC4wHwYD 19 | VR0jBBgwFoAUN8pgPA/vipdROdqr2RX0dFQF8FYwEgYDVR0TAQH/BAgwBgEB/wIB 20 | ADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAK2T9yoiQp+C5cGn 21 | aI9X+nLFwa4sRw3GjUochVkFhzimXrPm76DVLHxpL/+9pYSriK5k/d7NZ9XYAAVR 22 | 6m0QhhBJye2y4gY/dL97Z7lRc7Kqc3vsxdhTVhXJ9juJ4wjPfQcFBAjSvd9Ofe8t 23 | XLM3+Zn3uHecR1nqW7odt+IzN246qSWQhlP6ULZ86hpvqMkzylWXL4UwgCyXxKx5 24 | NJTnmTz2KUvR67PmADkgCRSyzpYt8UMG6Md3Ng5Q/XsegfH3AYpqgQXfQhsaSldU 25 | 5yyUyoSBcipdrzutqJZVGGzZbslqqtuW/PWcw8Y9dW2Xfj1STEtWvuc1ZB9MA6k0 26 | u6MXpa8HOM1XcQdqo9ZeyK4/NKXGM/dtkfMc6rba9SApBvx12CVmGNr+bT4zOfPL 27 | Bj57TEyjbKkIdpe3kQN0g2Em3sxr49wqaJ0H1/eRhRVuXdt1K+LFeo84Zqq5BRjZ 28 | SYspuTVjOVm1JCsaRnJ2X5E01oelDAR8/UkfKnimzLzlI56qEwGN4nP1RnrJGQrN 29 | xReqFjrvI0onoo35PtrtPJCaTKf8ajwlxySB3Z36hxDxSsXqA5P+3ooAaIvxl/D0 30 | XBLjM8sJyIPIGK2BqsIrtzrmAJkeiDQLvqriag0Xl55s+o5PpKW5T99h93Uy4b5W 31 | g9YX47NCIPen7Tig0HASo5+3mC1f 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/1_root/serial: -------------------------------------------------------------------------------- 1 | 100213 2 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/1_root/serial.old: -------------------------------------------------------------------------------- 1 | 100212 2 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/certs/intermediate.cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFgTCCA2mgAwIBAgIDEAISMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQwwCgYDVQQK 4 | DANEaXMxFjAUBgNVBAMMDWdvLWRlbW8tNy5jb20wHhcNMTkwMTAyMTMyMzE4WhcN 5 | MjgxMjMwMTMyMzE4WjBEMQswCQYDVQQGEwJVUzEPMA0GA1UECAwGRGVuaWFsMQww 6 | CgYDVQQKDANEaXMxFjAUBgNVBAMMDWdvLWRlbW8tNy5jb20wggIiMA0GCSqGSIb3 7 | DQEBAQUAA4ICDwAwggIKAoICAQDIWYG6xA4w1m5gsHLLcvu1RmlmTT0LwtRCG1/g 8 | UdD8GoQ0JFQgeHPYVbL6N0dZYOmfY1mxaFdV6TYM+G/RohTQI2GlZYAUPD3sNBsH 9 | sYXjkMjZnTYT9eUJWKS57VeNVYhbwxttmo9/+aEk16S0RKTAfUWDH3p3uU4wcBbM 10 | I0PV2DxlHL6Y9Xs1VnNHQSx7SxkLI5jZEPnBWvA0I8dw/Z//QORD9eMDVkFT8Fi+ 11 | JmBv6d4PVOH94PhUo9hKwtMWukGKca7HKHr0rYClpxl8sqgMu13aXXfrEY+y9mmC 12 | VUW61xygfpBlAXjJIv2QP+tPrfF0SbgqQxhwHUg0O0jWl9X6eCuNR6NlW5OzfKOk 13 | qfPoeBIVzjBHl6cNSoqF6JtT7q0Fj+td6TkiXTIjJXER8HyjxSip/c2DJz/alWWb 14 | 10mBQ26q7sW+CqPPXWQAhfzEfYZ67rpgoc6nsQAMYc5H4XwBmiEMSP5ifuGPUUXJ 15 | w+RVrHfsXg61WmlpmRKNmebP7VHGYKZP8rV1uK9XaEjH93UewMF3Xw1oNdDUGFYY 16 | +Y5AaE07GoShuwG2Etr82ISp6vKry7BSfk1Ky7LIF/061V1vNc4w/FsIq8mC68Wa 17 | fULVi58p6/vzqf5vtFWCowhp2OOcW9NRsbf/N89BeIrNk0dM1aPjzl7nAROSuNoQ 18 | FA5AuwIDAQABo2YwZDAdBgNVHQ4EFgQUhLnbZgV2paysfPkOblFaw8j0jC4wHwYD 19 | VR0jBBgwFoAUN8pgPA/vipdROdqr2RX0dFQF8FYwEgYDVR0TAQH/BAgwBgEB/wIB 20 | ADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAK2T9yoiQp+C5cGn 21 | aI9X+nLFwa4sRw3GjUochVkFhzimXrPm76DVLHxpL/+9pYSriK5k/d7NZ9XYAAVR 22 | 6m0QhhBJye2y4gY/dL97Z7lRc7Kqc3vsxdhTVhXJ9juJ4wjPfQcFBAjSvd9Ofe8t 23 | XLM3+Zn3uHecR1nqW7odt+IzN246qSWQhlP6ULZ86hpvqMkzylWXL4UwgCyXxKx5 24 | NJTnmTz2KUvR67PmADkgCRSyzpYt8UMG6Md3Ng5Q/XsegfH3AYpqgQXfQhsaSldU 25 | 5yyUyoSBcipdrzutqJZVGGzZbslqqtuW/PWcw8Y9dW2Xfj1STEtWvuc1ZB9MA6k0 26 | u6MXpa8HOM1XcQdqo9ZeyK4/NKXGM/dtkfMc6rba9SApBvx12CVmGNr+bT4zOfPL 27 | Bj57TEyjbKkIdpe3kQN0g2Em3sxr49wqaJ0H1/eRhRVuXdt1K+LFeo84Zqq5BRjZ 28 | SYspuTVjOVm1JCsaRnJ2X5E01oelDAR8/UkfKnimzLzlI56qEwGN4nP1RnrJGQrN 29 | xReqFjrvI0onoo35PtrtPJCaTKf8ajwlxySB3Z36hxDxSsXqA5P+3ooAaIvxl/D0 30 | XBLjM8sJyIPIGK2BqsIrtzrmAJkeiDQLvqriag0Xl55s+o5PpKW5T99h93Uy4b5W 31 | g9YX47NCIPen7Tig0HASo5+3mC1f 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/csr/intermediate.csr.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIEnzCCAocCAQAwWjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIG 3 | A1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEWMBQGA1UEAwwNZ28tZGVt 4 | by03LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMhZgbrEDjDW 5 | bmCwcsty+7VGaWZNPQvC1EIbX+BR0PwahDQkVCB4c9hVsvo3R1lg6Z9jWbFoV1Xp 6 | Ngz4b9GiFNAjYaVlgBQ8Pew0GwexheOQyNmdNhP15QlYpLntV41ViFvDG22aj3/5 7 | oSTXpLREpMB9RYMfene5TjBwFswjQ9XYPGUcvpj1ezVWc0dBLHtLGQsjmNkQ+cFa 8 | 8DQjx3D9n/9A5EP14wNWQVPwWL4mYG/p3g9U4f3g+FSj2ErC0xa6QYpxrscoevSt 9 | gKWnGXyyqAy7Xdpdd+sRj7L2aYJVRbrXHKB+kGUBeMki/ZA/60+t8XRJuCpDGHAd 10 | SDQ7SNaX1fp4K41Ho2Vbk7N8o6Sp8+h4EhXOMEeXpw1KioXom1PurQWP613pOSJd 11 | MiMlcRHwfKPFKKn9zYMnP9qVZZvXSYFDbqruxb4Ko89dZACF/MR9hnruumChzqex 12 | AAxhzkfhfAGaIQxI/mJ+4Y9RRcnD5FWsd+xeDrVaaWmZEo2Z5s/tUcZgpk/ytXW4 13 | r1doSMf3dR7AwXdfDWg10NQYVhj5jkBoTTsahKG7AbYS2vzYhKnq8qvLsFJ+TUrL 14 | ssgX/TrVXW81zjD8WwiryYLrxZp9QtWLnynr+/Op/m+0VYKjCGnY45xb01Gxt/83 15 | z0F4is2TR0zVo+POXucBE5K42hAUDkC7AgMBAAGgADANBgkqhkiG9w0BAQsFAAOC 16 | AgEAPne2CY79McnQaPd9cL7q5cvKXfaun/eaY3womiLZMTfP3bp9A7ijSkR4m0cF 17 | qb1wFc8xm8rd/IoUAG/+VQBshjtO9NL4ciMQYBGif7P1Dbiy1wZ6hI61jUnaVz2w 18 | E429CBrLYwa2EJ/261CN4cf8Kn7Tk4FGnec/FZVZ8EdWD2HfnQTt06YzksYoKA3H 19 | mKEWNB1NC4yzb3Ns77y3FvQ5o5tVBiadfl6Xxzeq4dAeIvrkAuvkys0Gr4UEyLLY 20 | fAy1IBwKD4/RuXsUstQhu8G5DKlCmhop0wG85Wxgm5FWcnJxQjNW5vtb+eI/Xn7z 21 | H9xQvw2IgXTtY43aGe1EIXOskM/jEBozITXNa1WlnKlotkxSc+kWTctlI4J+Vnbk 22 | UvHsd0e0aW0T0ZZc8Q1TuwvK59WXTkoLhEHQ/aWvN1anbY1KjxX7BRpaUHl5BEJ9 23 | JKxRgIL5btdd3TaKlKLtpQ0uF6g5PWGjy3AVNlwPm4T+6M9kAmNWy/yMHLeqb6lZ 24 | JOXYXMt0LMa8pOUQ8+Hf1Ec7ko8h8Fc0MgCmwhHsLTJmPd9Maj5tmDKiHeO/hz1L 25 | m78iEag/66ELBzR7KRWbq8vObPvh6LqbNAMr2KMKKsxZy0L40/OHqJMSqJ6Lf/eI 26 | 51+rYvwYR3kqkqlkmWzXdrwQ/+cqhYQezXfKxuwagL3/M8U= 27 | -----END CERTIFICATE REQUEST----- 28 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/index.txt: -------------------------------------------------------------------------------- 1 | V 200112132325Z 100212 unknown /C=US/ST=Denial/L=Springfield/O=Dis/CN=go-demo-7.com 2 | V 200112132328Z 100213 unknown /C=US/ST=Denial/L=Springfield/O=Dis/CN=go-demo-7.com 3 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/index.txt.attr.old: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/index.txt.old: -------------------------------------------------------------------------------- 1 | V 200112132325Z 100212 unknown /C=US/ST=Denial/L=Springfield/O=Dis/CN=go-demo-7.com 2 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/newcerts/100212.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFPzCCAyegAwIBAgIDEAISMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxDDAKBgNVBAoMA0RpczEWMBQGA1UEAwwNZ28tZGVt 4 | by03LmNvbTAeFw0xOTAxMDIxMzIzMjVaFw0yMDAxMTIxMzIzMjVaMFoxCzAJBgNV 5 | BAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQww 6 | CgYDVQQKDANEaXMxFjAUBgNVBAMMDWdvLWRlbW8tNy5jb20wggEiMA0GCSqGSIb3 7 | DQEBAQUAA4IBDwAwggEKAoIBAQCiCKi+3Nnkm+8Rex3Jro6SAH5mDsCPTGjH+A98 8 | Nv7cyTrBNP3ByOfGMyZa7bAP9cpfjU4IHU+elSb06fag4wZOfOw5AIUYtpOXkN+t 9 | M65omaxpokcnDDvhL8EckpK/DVjQcik401oUMMHo5gQroyFkI7mhjmmmcLNKMTBE 10 | b068lqIXWIXj7SqTSdJ76UyRosn4V3qVPOJAe2euqdzOa6HphiACZCfXnVLX55A8 11 | EcTfOOR6Bs5YTh12GjXVTBBYqTqEzs65WPHVjUga0uppBSLwP4/ofaFqibOKC85w 12 | cSzQ/ruBgd+Y6cPhl+lbIAgZxWX2V/F5DIN3OU64fLEe+FzFAgMBAAGjggEiMIIB 13 | HjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk 14 | T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBRy 15 | wr/ZdsF9BAxOvsVpzxcVgQYdtTCBhAYDVR0jBH0we4AUhLnbZgV2paysfPkOblFa 16 | w8j0jC6hXqRcMFoxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNV 17 | BAcMC1NwcmluZ2ZpZWxkMQwwCgYDVQQKDANEaXMxFjAUBgNVBAMMDWdvLWRlbW8t 18 | Ny5jb22CAxACEjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw 19 | DQYJKoZIhvcNAQELBQADggIBABZj+mBPpZbsyTWRnt5dhMdoOsOB50CbmF+gm6VQ 20 | B8CvlWvuDUu0OrK8pw+Jm80DGh3dTv6NmNIWkAY3vDO4ZLtY5zLzyS93aFFrwVIh 21 | tfQ7iRdEu/w7XQ46IxDPKcxhY2aMMHifFIi5l8rdxHCPEwk+OPP4GUjhFf/kpB99 22 | jtbR9mu1i8j59Yrro++NdPpmEo09AyN+4L4vmjqbf1pl2tc0nHE32gw2RG9R0aSC 23 | OZA4JJLgu5nVoerxeZCpufyLLgOEaLqGFFb8MOKiVM8K8PdGUfL5IftMCxw+lPb1 24 | 2dYhdtcwUEOYhS4eJj8kSlnnXU37G6WFDaWn2oqDwaFYowJNoF3zmnOrbcxCBAG9 25 | inxdzOw34qQuLpmZCH3RA0vxckVnG5a5qkJdB8oZwhyaOEJs1GxdacKg/vrqd/hV 26 | Jq/XY1IUMHc2fnmW1z3vgdHfAnb/KRHTpqPGBdB6H1kezJSKLduajEWellNg8uq7 27 | wAyeaKxduPPzAvLSugvCa2UOmULpGuk6YUdqighIzt/+njZvZzm6Jey5O7IorX9R 28 | 44upX1ko7I0oilmn2TrZ9Hp2fBVfxyqoLk4ZoubvHIlAwgivAJZzcNIWUYDukXss 29 | ftwnKVw+ThKmHpRJNUqh8+FRf+anN/BGUBtQrhVvTrmWJ/gr6S9HEfGaJ5b7yfKc 30 | UwR9 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/newcerts/100213.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE4TCCAsmgAwIBAgIDEAITMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxDDAKBgNVBAoMA0RpczEWMBQGA1UEAwwNZ28tZGVt 4 | by03LmNvbTAeFw0xOTAxMDIxMzIzMjhaFw0yMDAxMTIxMzIzMjhaMFoxCzAJBgNV 5 | BAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQww 6 | CgYDVQQKDANEaXMxFjAUBgNVBAMMDWdvLWRlbW8tNy5jb20wggEiMA0GCSqGSIb3 7 | DQEBAQUAA4IBDwAwggEKAoIBAQCsGMT9lhYZF9sLyx0MGSkVZeuczsCUZ2OKwRBO 8 | vxBEQBUQctmKYxmH42Y7l1wC/FJMeu9qVDqqG4MBrcwPj8Z2l/qpkKfUbrI2Kxsk 9 | M3xBwlUfdTQhva7Q1dsrzALufTcdPX9DNQL+m6EvHWy1cSISydSb0pjzkYEsNe77 10 | CjmQrtShw1FvNPbiC7evv9ZLthnXsUmHYiBwcqPOVldqbALQ8Yl/iEegltrgUnmA 11 | 2OMuSyWN2E6S/aILXUwoYi9QSqds6cLrzZfTl+RYvOVth+cMgN3SXEhwVrBhfox/ 12 | 5DBLLHP5beB/WxZqqj/SZnIGttaHaGq2QlBIbvuVixFRZ4C7AgMBAAGjgcUwgcIw 13 | CQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9w 14 | ZW5TU0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7hD7 15 | b/lrT/5dfswnlyTO9F3+K2cwHwYDVR0jBBgwFoAUhLnbZgV2paysfPkOblFaw8j0 16 | jC4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD 17 | BDANBgkqhkiG9w0BAQsFAAOCAgEAhlWPN0OSId39gt+ACmAEe3Nb7NOw40pyr2Ql 18 | Ev/I/EEVFhuc6mvSRpiGXEFgK9afmXcwfIbieG7wyWp9UNPzA3ry5jdc0EsEFxBq 19 | 0gucKWNoQZxvVe3Ijnpla8VPIkNkoigNKSDD80m03bXsz6yx+OfsvsJxOljhsw9s 20 | EJQdAToHgTfenPZ/VdlkZPTz6pcC3SbPJvjmNJMZ1qFOeriwSlkCOzSQYfhXRP9V 21 | DKnEmJ82n/k7MGOaKmF+7XQHQcCcZdB019itIBysp43X0IJ8y/XQrox7OaRLbyx4 22 | Vl8aUhSVWEutDABWZ0kvkkcoQOqCHWy6pzcuENDZJb1lWSXvdSem2HSC1Tw4oPFH 23 | TXxtfjaw0lJ8VMEOy7enI3DjWh1vCnDPgke+MJpYAfv/S9XuxJYkODAUMXRIwDlJ 24 | tkirxMdekjk/oiNKvTvHSu5ay2V9QVzX01uUknoD6XYa922E90zIqx4DOj3Rvs+i 25 | EiAHJlibymYZpkAtHcfSlsZTuW1Zc/wbwncylj9g2TCf6V2oacgra7ncFxDvgc9m 26 | MjLuchmPq2FLMP9LPG8GH71PVM7yZOt5GzONeK/TsIuiw1KiKg+LZr7NKW79Rw8c 27 | cFQ3yw/OHPrrkdj3Omu54q6pMATjAnQc/00tCzlFsSgssr77wyKiHH8jZm3yXu6C 28 | Rremp8g= 29 | -----END CERTIFICATE----- 30 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/serial: -------------------------------------------------------------------------------- 1 | 100214 2 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/2_intermediate/serial.old: -------------------------------------------------------------------------------- 1 | 100213 2 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/3_application/certs/go-demo-7.com.cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFPzCCAyegAwIBAgIDEAISMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxDDAKBgNVBAoMA0RpczEWMBQGA1UEAwwNZ28tZGVt 4 | by03LmNvbTAeFw0xOTAxMDIxMzIzMjVaFw0yMDAxMTIxMzIzMjVaMFoxCzAJBgNV 5 | BAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQww 6 | CgYDVQQKDANEaXMxFjAUBgNVBAMMDWdvLWRlbW8tNy5jb20wggEiMA0GCSqGSIb3 7 | DQEBAQUAA4IBDwAwggEKAoIBAQCiCKi+3Nnkm+8Rex3Jro6SAH5mDsCPTGjH+A98 8 | Nv7cyTrBNP3ByOfGMyZa7bAP9cpfjU4IHU+elSb06fag4wZOfOw5AIUYtpOXkN+t 9 | M65omaxpokcnDDvhL8EckpK/DVjQcik401oUMMHo5gQroyFkI7mhjmmmcLNKMTBE 10 | b068lqIXWIXj7SqTSdJ76UyRosn4V3qVPOJAe2euqdzOa6HphiACZCfXnVLX55A8 11 | EcTfOOR6Bs5YTh12GjXVTBBYqTqEzs65WPHVjUga0uppBSLwP4/ofaFqibOKC85w 12 | cSzQ/ruBgd+Y6cPhl+lbIAgZxWX2V/F5DIN3OU64fLEe+FzFAgMBAAGjggEiMIIB 13 | HjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYk 14 | T3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBRy 15 | wr/ZdsF9BAxOvsVpzxcVgQYdtTCBhAYDVR0jBH0we4AUhLnbZgV2paysfPkOblFa 16 | w8j0jC6hXqRcMFoxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNV 17 | BAcMC1NwcmluZ2ZpZWxkMQwwCgYDVQQKDANEaXMxFjAUBgNVBAMMDWdvLWRlbW8t 18 | Ny5jb22CAxACEjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEw 19 | DQYJKoZIhvcNAQELBQADggIBABZj+mBPpZbsyTWRnt5dhMdoOsOB50CbmF+gm6VQ 20 | B8CvlWvuDUu0OrK8pw+Jm80DGh3dTv6NmNIWkAY3vDO4ZLtY5zLzyS93aFFrwVIh 21 | tfQ7iRdEu/w7XQ46IxDPKcxhY2aMMHifFIi5l8rdxHCPEwk+OPP4GUjhFf/kpB99 22 | jtbR9mu1i8j59Yrro++NdPpmEo09AyN+4L4vmjqbf1pl2tc0nHE32gw2RG9R0aSC 23 | OZA4JJLgu5nVoerxeZCpufyLLgOEaLqGFFb8MOKiVM8K8PdGUfL5IftMCxw+lPb1 24 | 2dYhdtcwUEOYhS4eJj8kSlnnXU37G6WFDaWn2oqDwaFYowJNoF3zmnOrbcxCBAG9 25 | inxdzOw34qQuLpmZCH3RA0vxckVnG5a5qkJdB8oZwhyaOEJs1GxdacKg/vrqd/hV 26 | Jq/XY1IUMHc2fnmW1z3vgdHfAnb/KRHTpqPGBdB6H1kezJSKLduajEWellNg8uq7 27 | wAyeaKxduPPzAvLSugvCa2UOmULpGuk6YUdqighIzt/+njZvZzm6Jey5O7IorX9R 28 | 44upX1ko7I0oilmn2TrZ9Hp2fBVfxyqoLk4ZoubvHIlAwgivAJZzcNIWUYDukXss 29 | ftwnKVw+ThKmHpRJNUqh8+FRf+anN/BGUBtQrhVvTrmWJ/gr6S9HEfGaJ5b7yfKc 30 | UwR9 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/3_application/csr/go-demo-7.com.csr.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICnzCCAYcCAQAwWjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIG 3 | A1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEWMBQGA1UEAwwNZ28tZGVt 4 | by03LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKIIqL7c2eSb 5 | 7xF7HcmujpIAfmYOwI9MaMf4D3w2/tzJOsE0/cHI58YzJlrtsA/1yl+NTggdT56V 6 | JvTp9qDjBk587DkAhRi2k5eQ360zrmiZrGmiRycMO+EvwRySkr8NWNByKTjTWhQw 7 | wejmBCujIWQjuaGOaaZws0oxMERvTryWohdYhePtKpNJ0nvpTJGiyfhXepU84kB7 8 | Z66p3M5roemGIAJkJ9edUtfnkDwRxN845HoGzlhOHXYaNdVMEFipOoTOzrlY8dWN 9 | SBrS6mkFIvA/j+h9oWqJs4oLznBxLND+u4GB35jpw+GX6VsgCBnFZfZX8XkMg3c5 10 | Trh8sR74XMUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQB1DlRCQb67AFntFEbv 11 | 3rIFr3Xn0LB9tHFSThfnUbLpfrKK5cozHkjrZy6zlSD754xupCpppUoawtNP7SGh 12 | OZgFiEbNEqRupTcRIQ6crHqfI2+X/SoHXtoOiL6R1xIryaa7401TDYpmuTPsUR9F 13 | 0xd6sQBrGuPHuS1pHWMPHJcJJSz/ikGkAINOONjy20/mdeJUIclVlsn06mdKD2dG 14 | 2WRFvkV7/vFNMdAEZ74UNQHMshYRpSjPur7HgmFE96ap2KwojhRNi6nksbXiVQsh 15 | YxKHD8CDKsownSCgfpHNWo5j9NZ2IVtOqEibzrMJGHp7FQsKnU8V2wqU+1eSK3Zt 16 | J+hw 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/3_application/private/go-demo-7.com.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAogiovtzZ5JvvEXsdya6OkgB+Zg7Aj0xox/gPfDb+3Mk6wTT9 3 | wcjnxjMmWu2wD/XKX41OCB1PnpUm9On2oOMGTnzsOQCFGLaTl5DfrTOuaJmsaaJH 4 | Jww74S/BHJKSvw1Y0HIpONNaFDDB6OYEK6MhZCO5oY5ppnCzSjEwRG9OvJaiF1iF 5 | 4+0qk0nSe+lMkaLJ+Fd6lTziQHtnrqnczmuh6YYgAmQn151S1+eQPBHE3zjkegbO 6 | WE4ddho11UwQWKk6hM7OuVjx1Y1IGtLqaQUi8D+P6H2haomzigvOcHEs0P67gYHf 7 | mOnD4ZfpWyAIGcVl9lfxeQyDdzlOuHyxHvhcxQIDAQABAoIBAH9+jsB3aF+QLsEz 8 | fZHG7tmE1/AX5X4bokrOLekQIOO61qdVueFz4qM6dhCP+7vjK5SZy+9omNBwDdIi 9 | EfQwDjNN6lVDynZSmrlkvgs7oh0d5eLMVG4uGyOp/qorzpnTt7F0UmkrLDK81qcZ 10 | 7egkGM8BqTusogbboMddAtymNG8AWr+TQLJ2kUQ0KXZcqNRhOrZpKLv2+20RcD2K 11 | TmxYZj9W8/7BdGt7603bEZnZWB4f/5OTyyQ7VbQevZM+mStLQonfBOR6dupkY4cy 12 | l5ZXcz3Gz1fnxQpbVQrPbMxPHINncts9YgiBFxx53OFPQ3w6SmLJTmHTaBM+9MuE 13 | D7MxaFUCgYEA1POZ3uOlEeSMDkuKTHQQeLZh6x0Jywi3FJNqsoR4wkxcg7ZaY9XW 14 | V5ZhgYwFYgETVdfV57Aa9vG8NVN2FIiEX2s/dyCKUPUqh86Du5zHgoF2FU4EgSmk 15 | lGiDT/zc11xIC+yTLqYjCuINW+Nr3oQ+VHf9TBXbGLmorGQXadUFEdMCgYEAwsoH 16 | HxyQBa9VupC4SNWFz8SDmLpApYXF/wEfC6zPm7oRv/kGox96SYp6llnFp0PgfmMb 17 | Ok6rTzpcRp/o0QuPmLmXDZcDYiCDuacc4mkiy8z/GVZICHz7gRF510f1IsWKGWKK 18 | 2boDNL5N0PFs8GG0h4bxrXgI4gwK0/iy2KzroAcCgYAzNMyIQzc7QTjIazO7RKF9 19 | VWXgUmA7eUIE6ZnbiW08U35fkabUoOPktd2GeDQHJ/kNSFRAXSFuxhwaupIHR/iE 20 | tVZSf/milAGBHJCiuYVkBVturg75PBk+Mo942XYFN0R/0YhmzD5a7JaHxPz4SdZv 21 | G1dGR28i1+oOYhcbNMT+TwKBgFyxrS/l9Ldv15j/k2K9kX7soj8EqwzZmv4dt3tj 22 | 0ivmINo9FCZ+LUBf0LRJpiBR0bvzR5q4oxcBy7WkFTOdj8j60GIcMfT5ShYH61vm 23 | 8jMPq3mQMJkxeLHT8io7SPEyFeS8mxy/QxVPVlKPAOtnY3R3B/0nuPpxBpoWqG0p 24 | 5LrzAoGBAJ1SGXHVcahi8qmttclSIT0KiAa79bgstX8yUz7aiFXLzcr9wsOOiJeH 25 | CvCWtAaoDgeaTi36Nsse1SZ0FZwgo9xPzKlY9xWJDHM9edjH44CnvGJ6HGHe1mES 26 | 6jj9xnWaSwKZ9dhZJxdyGwydTli6mT58u5R6lMh/pLr/t2/GJ7er 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/4_client/certs/go-demo-7.com.cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE4TCCAsmgAwIBAgIDEAITMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxDDAKBgNVBAoMA0RpczEWMBQGA1UEAwwNZ28tZGVt 4 | by03LmNvbTAeFw0xOTAxMDIxMzIzMjhaFw0yMDAxMTIxMzIzMjhaMFoxCzAJBgNV 5 | BAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQww 6 | CgYDVQQKDANEaXMxFjAUBgNVBAMMDWdvLWRlbW8tNy5jb20wggEiMA0GCSqGSIb3 7 | DQEBAQUAA4IBDwAwggEKAoIBAQCsGMT9lhYZF9sLyx0MGSkVZeuczsCUZ2OKwRBO 8 | vxBEQBUQctmKYxmH42Y7l1wC/FJMeu9qVDqqG4MBrcwPj8Z2l/qpkKfUbrI2Kxsk 9 | M3xBwlUfdTQhva7Q1dsrzALufTcdPX9DNQL+m6EvHWy1cSISydSb0pjzkYEsNe77 10 | CjmQrtShw1FvNPbiC7evv9ZLthnXsUmHYiBwcqPOVldqbALQ8Yl/iEegltrgUnmA 11 | 2OMuSyWN2E6S/aILXUwoYi9QSqds6cLrzZfTl+RYvOVth+cMgN3SXEhwVrBhfox/ 12 | 5DBLLHP5beB/WxZqqj/SZnIGttaHaGq2QlBIbvuVixFRZ4C7AgMBAAGjgcUwgcIw 13 | CQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9w 14 | ZW5TU0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7hD7 15 | b/lrT/5dfswnlyTO9F3+K2cwHwYDVR0jBBgwFoAUhLnbZgV2paysfPkOblFaw8j0 16 | jC4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD 17 | BDANBgkqhkiG9w0BAQsFAAOCAgEAhlWPN0OSId39gt+ACmAEe3Nb7NOw40pyr2Ql 18 | Ev/I/EEVFhuc6mvSRpiGXEFgK9afmXcwfIbieG7wyWp9UNPzA3ry5jdc0EsEFxBq 19 | 0gucKWNoQZxvVe3Ijnpla8VPIkNkoigNKSDD80m03bXsz6yx+OfsvsJxOljhsw9s 20 | EJQdAToHgTfenPZ/VdlkZPTz6pcC3SbPJvjmNJMZ1qFOeriwSlkCOzSQYfhXRP9V 21 | DKnEmJ82n/k7MGOaKmF+7XQHQcCcZdB019itIBysp43X0IJ8y/XQrox7OaRLbyx4 22 | Vl8aUhSVWEutDABWZ0kvkkcoQOqCHWy6pzcuENDZJb1lWSXvdSem2HSC1Tw4oPFH 23 | TXxtfjaw0lJ8VMEOy7enI3DjWh1vCnDPgke+MJpYAfv/S9XuxJYkODAUMXRIwDlJ 24 | tkirxMdekjk/oiNKvTvHSu5ay2V9QVzX01uUknoD6XYa922E90zIqx4DOj3Rvs+i 25 | EiAHJlibymYZpkAtHcfSlsZTuW1Zc/wbwncylj9g2TCf6V2oacgra7ncFxDvgc9m 26 | MjLuchmPq2FLMP9LPG8GH71PVM7yZOt5GzONeK/TsIuiw1KiKg+LZr7NKW79Rw8c 27 | cFQ3yw/OHPrrkdj3Omu54q6pMATjAnQc/00tCzlFsSgssr77wyKiHH8jZm3yXu6C 28 | Rremp8g= 29 | -----END CERTIFICATE----- 30 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/4_client/csr/go-demo-7.com.csr.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICnzCCAYcCAQAwWjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIG 3 | A1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEWMBQGA1UEAwwNZ28tZGVt 4 | by03LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKwYxP2WFhkX 5 | 2wvLHQwZKRVl65zOwJRnY4rBEE6/EERAFRBy2YpjGYfjZjuXXAL8Ukx672pUOqob 6 | gwGtzA+PxnaX+qmQp9RusjYrGyQzfEHCVR91NCG9rtDV2yvMAu59Nx09f0M1Av6b 7 | oS8dbLVxIhLJ1JvSmPORgSw17vsKOZCu1KHDUW809uILt6+/1ku2GdexSYdiIHBy 8 | o85WV2psAtDxiX+IR6CW2uBSeYDY4y5LJY3YTpL9ogtdTChiL1BKp2zpwuvNl9OX 9 | 5Fi85W2H5wyA3dJcSHBWsGF+jH/kMEssc/lt4H9bFmqqP9Jmcga21odoarZCUEhu 10 | +5WLEVFngLsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBiqLAlI7aQsgoo71Yi 11 | xhbo6WzkfL/VtNSi1b3E0dn5gr4K8eFnM3ZC2bA4+jat3Pw2nc62l14mNseIkQTc 12 | rHoQhYxx76NGovjqz2WLSHNu6yVaDWGjc8+8NmNigtQnJHuqNbXtkznyroBWQCG9 13 | tXThntPh1AI3ItQGlzsaKvmlWLakUuRPUlkrzJ0FMagQNOcgxS+GFmqVdJsAioeX 14 | Mdil+V3tkS+90PGVI7sv4XJ4eN0RHY9+M2nWJQWLRwSACvc4npnAV8RKQGgErsdt 15 | +xGiVF2XenjsbxUWq1pstUox0HPoNXZwtWTpTwmtOppB3aHMLbm5bNRjX3fXVHKd 16 | LMqS 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /certs/go-demo-7.com/4_client/private/go-demo-7.com.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEArBjE/ZYWGRfbC8sdDBkpFWXrnM7AlGdjisEQTr8QREAVEHLZ 3 | imMZh+NmO5dcAvxSTHrvalQ6qhuDAa3MD4/Gdpf6qZCn1G6yNisbJDN8QcJVH3U0 4 | Ib2u0NXbK8wC7n03HT1/QzUC/puhLx1stXEiEsnUm9KY85GBLDXu+wo5kK7UocNR 5 | bzT24gu3r7/WS7YZ17FJh2IgcHKjzlZXamwC0PGJf4hHoJba4FJ5gNjjLksljdhO 6 | kv2iC11MKGIvUEqnbOnC682X05fkWLzlbYfnDIDd0lxIcFawYX6Mf+QwSyxz+W3g 7 | f1sWaqo/0mZyBrbWh2hqtkJQSG77lYsRUWeAuwIDAQABAoIBAQCAX0GiP3Bga3ET 8 | zQDv41zH/2zPXVI94RlZiUYW12LU5lBQIruvBNkoijHaRb924qypLBKm6AmSlk8U 9 | 04WiHgdWs2thTOxEBAafbWwjhtwrWUCR5KVsfceHM973Poj5SSHxh8wEX+jJ72E+ 10 | ed57Qda+2Rrk2SUKmwEV721CiZADIYzFEx9FdPMMCN8Uh7MF0YwGfK18ndOVBrwo 11 | FD0GZz9940Ux6I4IDLSb8S4IhOyitJji54iwEYUmkjidRlhs2YCIJ44/A8/scxRS 12 | PWtPSsdo/PGCWryowYaZraFe2fJe/jQ6YsI4rQsCbLYcyb+6xtrEC1O2AV/dvWPJ 13 | QTw0RZERAoGBAOEoEHlviO2EMCLbA5KgvScp2/6KDhflT8/xWtSVbOtNG6aooHRj 14 | a2yM/p1vyjZ6Er3gXeUWWAghdjW9Z3ld1af2ks/qXJX4wFr9EhadyWrOwfky4B0t 15 | /EPiLTJOTaECFExXWtIpoDwgOHBEtRkIqY/b3tiTZlvNowJlvw7jligVAoGBAMOr 16 | +KLlVJTdz6AdKjyfL9xMHPj/V71p6bXSRtGxZWgR7GM8jPrLKdXnS85GWeYMKJel 17 | 72bGwVQI+Eyu1MRySNshzF/SGgK+ZB3CK9TUd5O77+qLSofN6NquXONxwwtI9zWy 18 | Gp1Ul5cw3BINJ3PtVVXHRTO+TzRRwXCO+9rE3OmPAoGAFKTwxcGlQ2ngZAHC1Rnp 19 | 3gJninIsEqLS65UMp/s/bl+2jlRdye4ntl9DJTpPxyjwOPqugUfIMI6o4QqJx0YE 20 | Rg9ErM2nSZTyRiV4GBzFkAZ/IJM6m1JRFART8o3dbkrbg5hq2mQ4reqiYiDanf3+ 21 | VhNp3l+9feNf8+NSXlIdvXUCgYAhWlfoVFTlhyWT8kS3zp6W23Z4zvWCuOH4dx5R 22 | Mf7KDXwQskqJmUXJS0K1p3I9b0cgCk3TY/+iNmE0mPx1e9GFYK54itSaMR/ZnrZf 23 | 8dNsIDXV8eZDXcraM6xrrIGFk+tngLNerAOm5tIsVYerEAJiu7PFDSRtE554dDbj 24 | 5HiPawKBgCB5mgQeB8HlY4LQs8qVwFQGlWF0YSyIDNgravs1SZPy22BaHkD0ELop 25 | +RfDxfS5c2b+NVJLbWI/hcMDBQLH+f21mSMpZTNkzfPDy9DR3kXxSjIok8OvWM5I 26 | Xy1qUmF4WGCVipwcaU21wdpTZt2TJX72KWGnxkuOEXyvDadJdL4y 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/1_root/index.txt: -------------------------------------------------------------------------------- 1 | V 281230142353Z 100212 unknown /C=US/ST=Denial/O=Dis/CN=www.devopstoolkitseries.com 2 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/1_root/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/1_root/index.txt.old: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vfarcic/k8s-specs/f66338e0a05d259b0caa4e76508f5f1d1b3ff4bd/certs/www.devopstoolkitseries.com/1_root/index.txt.old -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/1_root/newcerts/100212.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFnTCCA4WgAwIBAgIDEAISMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQwwCgYDVQQK 4 | DANEaXMxJDAiBgNVBAMMG3d3dy5kZXZvcHN0b29sa2l0c2VyaWVzLmNvbTAeFw0x 5 | OTAxMDIxNDIzNTNaFw0yODEyMzAxNDIzNTNaMFIxCzAJBgNVBAYTAlVTMQ8wDQYD 6 | VQQIDAZEZW5pYWwxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRldm9wc3Rv 7 | b2xraXRzZXJpZXMuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA 8 | 2SqgLwv44BnSA4Ptcg+9aMLO5udRU4G0TOxyebtDa18GbplY9YZvfe5N4tB3+ASw 9 | NBeim+PsneceUdyU0aBI4XRy7wFrXfT/T+hHk8vDqjZRNpbplcjy+TF70sj/2wiA 10 | 3jsi+mphvr2HdcWGUcFjeMdqaowH/vcE5/KUi1v0LmKemULIT823UM8fWgsz0hB7 11 | HMBH9fp+R/whM50yPDJmpBqqIeTomv3KGDipygCzsP3J382Fcot6SzfE/V7wE0ve 12 | nhIwywsQ4vySRxiR1bJLjlBtyThehn/z8MXt/WxhrLRBTii4g+/K6zOAAbM6wqPN 13 | Jhav85oVdh8Rq0WGWOBGGlupOcwQI6mrfiKvPcsnp/7NqmymKkQu0Hs2oiXHXQhA 14 | OZYOGyLa1AHMhKdbospeWP58sxM2AYPMbjLy5DemQz8nzFos+4jTWkN2Fz7DLCKb 15 | 3Vob9A49RY54ECPmdi+a5qfwQ8z/U6STdZcj6qm8npXF+emQmzvvrlb/dUGFOFZD 16 | C2rJDS5qrScXEKw/6g/VLG8yMRB701vK8VjCqaZja/XtR2lxzvR+XreKz+1ABN/C 17 | TtbGWOiU0LO/uy52pwe9k5VjOIMenEIopEBPqgJiUf0Xa9ClViTKTOACUD5hfUcG 18 | 6vK6KUaUyB6OVn1GQEhkpOQ5Rb5zBPKwYk4Aww/DUWcCAwEAAaNmMGQwHQYDVR0O 19 | BBYEFOHSYP6Vb4K97CsMIRxL7lf0S7HqMB8GA1UdIwQYMBaAFHVUDJlTBJy8Xz0I 20 | vPCRt1I+70U+MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMA0G 21 | CSqGSIb3DQEBCwUAA4ICAQAedSI9DJ5/P2rfhzdWUesluAPLjiauHBFPHk/BtUc+ 22 | 1irjO/BLGUimcPS6Bxaw5X51ARYawrxsYDoBf/yYnIy93uCDcpMHeIh3qsckulRh 23 | sN3gO7D3PZxHWgDHz8ReUtiDfMrIJ8DEtK3+1acNQDx9IpREgQaPg3eJVUIjtc6U 24 | v8IdfYtmWWKKTxAmSbkscek91+YAOW8U0MGk6S729VbBcDGufGA/dLhqXVpZiYR6 25 | OIy25RB91aC0tZnpHuMv7Z8tfuHtp9KbfcjtlhQz4j7JFFrOJC7BGRbWSqbcZCNL 26 | hUuV34NNmu3KI087Q4tHso87WlKMBN4djR/5pFC5ONyPfXvMil39w7k5PPumnwRY 27 | Nmu4RPWUmsY8W22bkJlyQCCMhTn9oVP3NpmeiSIZF7h/5q4REGV5d+AU+uwwM/ml 28 | LTc1hhUtXcSo/6RFp3YuRn/LA2AoZ9eU1gF8MjumbA5nYsRiby6B3bMKcWMQr+bT 29 | YN6+Wy9ECqtP7FpUkqJgBcIZc1UZ97dlko8pWZxhqA+YzKHw00Kp50TB/EUIv3ia 30 | wvIuHoR2eSwHJPT3QEHJms7ECHn7/Vh+MyTfOI4P4gZI+U+HMridDpTdEABxrazd 31 | IRJPAYXmK223Pq/fU2xHE6/FWHXzg+nRS4Y6a1LHxIYxgp0bdC2sHF/Dpjb0riph 32 | gw== 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/1_root/serial: -------------------------------------------------------------------------------- 1 | 100213 2 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/1_root/serial.old: -------------------------------------------------------------------------------- 1 | 100212 2 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/2_intermediate/csr/intermediate.csr.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIErTCCApUCAQAwaDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIG 3 | A1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRl 4 | dm9wc3Rvb2xraXRzZXJpZXMuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC 5 | CgKCAgEA2SqgLwv44BnSA4Ptcg+9aMLO5udRU4G0TOxyebtDa18GbplY9YZvfe5N 6 | 4tB3+ASwNBeim+PsneceUdyU0aBI4XRy7wFrXfT/T+hHk8vDqjZRNpbplcjy+TF7 7 | 0sj/2wiA3jsi+mphvr2HdcWGUcFjeMdqaowH/vcE5/KUi1v0LmKemULIT823UM8f 8 | Wgsz0hB7HMBH9fp+R/whM50yPDJmpBqqIeTomv3KGDipygCzsP3J382Fcot6SzfE 9 | /V7wE0venhIwywsQ4vySRxiR1bJLjlBtyThehn/z8MXt/WxhrLRBTii4g+/K6zOA 10 | AbM6wqPNJhav85oVdh8Rq0WGWOBGGlupOcwQI6mrfiKvPcsnp/7NqmymKkQu0Hs2 11 | oiXHXQhAOZYOGyLa1AHMhKdbospeWP58sxM2AYPMbjLy5DemQz8nzFos+4jTWkN2 12 | Fz7DLCKb3Vob9A49RY54ECPmdi+a5qfwQ8z/U6STdZcj6qm8npXF+emQmzvvrlb/ 13 | dUGFOFZDC2rJDS5qrScXEKw/6g/VLG8yMRB701vK8VjCqaZja/XtR2lxzvR+XreK 14 | z+1ABN/CTtbGWOiU0LO/uy52pwe9k5VjOIMenEIopEBPqgJiUf0Xa9ClViTKTOAC 15 | UD5hfUcG6vK6KUaUyB6OVn1GQEhkpOQ5Rb5zBPKwYk4Aww/DUWcCAwEAAaAAMA0G 16 | CSqGSIb3DQEBCwUAA4ICAQCuQbDdIm1dclimXQ5TUT5SKvXb1ZrjqaoNOBiwu6L3 17 | FB6rCc/6AN2kQjmyIPlWdCOMICk73L7YykodLgojqoP6g7vgE4jZDWAVkxutoaoA 18 | DxDDvgKBxLECIBP7ZqrzFPhMBLCxBl1fUMs9fyhOVUduXDlNQwxXgq4kzCHzsbjG 19 | 7bhdNYv4NDVieX5RCkKUMUC9ludR5Tmbp35WNvzYiJhx93h1i1Pv6GmNbNOnLXw5 20 | 0qNt5YfzIQfwtX8uij5RlhfcK/MnFnjN4uFoPEoqftrzRbyyQ80DlDOhSschnjY9 21 | emPdC5isP+D01tJ5fzU2qqxrrwT/H/kH9wSQ8yT2XdbCzZvqhOCbBBegppfz7m0o 22 | 2fDs/1Xqk4CyIYspfsKc+IihTC0kJR9Wb34adCZiwVmPRG8CMJM/JLDxjVYBC9FL 23 | gDKhwUNttaomhgXOsId5mtp79Gz6U3qAtBZZ8dv4j0KnlQu6V0ML+ish4gn6NTN0 24 | C32xGuzFu5qdaCcMz2O++KonLiJR7IL0YQ//887iXn9NFnCPIzn+fTpo8zjWnEic 25 | wRWECnnIUuwxYD+ZklBn/1FcJ16G8XT51guKHOqINzUOLBURcW0jwQit+5uR2NYu 26 | 9ImY94oPy+3oCuA/MxEZ9FOA7CcjXr5PZt7LrMo6uglWNSUyXW2u9rF1MbfN0l9N 27 | yw== 28 | -----END CERTIFICATE REQUEST----- 29 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/2_intermediate/index.txt: -------------------------------------------------------------------------------- 1 | V 200112142359Z 100212 unknown /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.devopstoolkitseries.com 2 | V 200112142402Z 100213 unknown /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.devopstoolkitseries.com 3 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/2_intermediate/index.txt.attr: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/2_intermediate/index.txt.attr.old: -------------------------------------------------------------------------------- 1 | unique_subject = no 2 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/2_intermediate/index.txt.old: -------------------------------------------------------------------------------- 1 | V 200112142359Z 100212 unknown /C=US/ST=Denial/L=Springfield/O=Dis/CN=www.devopstoolkitseries.com 2 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/2_intermediate/newcerts/100212.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFazCCA1OgAwIBAgIDEAISMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRl 4 | dm9wc3Rvb2xraXRzZXJpZXMuY29tMB4XDTE5MDEwMjE0MjM1OVoXDTIwMDExMjE0 5 | MjM1OVowaDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwL 6 | U3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRldm9wc3Rv 7 | b2xraXRzZXJpZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 8 | 2GdSD3FsiSgdWVrRbOaHoUXwBPC7xcAt6ghkz4XEo4OmeQUTTA6vAUU5V76Sb64A 9 | +E/oAEb6vXE8o0agNGQbv1JAKXKRk5uPoBgeR3O21CfBwcguaQ6WAKWAHb+nV26M 10 | wlU4Zn/kOUHxKw8ZkCJYc2WlHyrDee5XlwiOCh4nxoryvDs9kXlUyQphmzq3bVoU 11 | euyflSZVl4CPFh9+LRA6/x4OYuNxHWwHAO7WCE431v4SjDxoYaNldGKVJ+lh+s7B 12 | kcjmHZNVV5o7/+7lqvVWuhv8Cj21Ef1mO7Gw84mRmO4FaQIRJaM420eTJR0KGO02 13 | 97jRRpLaoHuvQGussEdXtwIDAQABo4IBMjCCAS4wCQYDVR0TBAIwADARBglghkgB 14 | hvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNl 15 | cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5ocQHAsI1bz8HdP7t/BNf9sKjpEw 16 | gZQGA1UdIwSBjDCBiYAU4dJg/pVvgr3sKwwhHEvuV/RLseqhbKRqMGgxCzAJBgNV 17 | BAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQww 18 | CgYDVQQKDANEaXMxJDAiBgNVBAMMG3d3dy5kZXZvcHN0b29sa2l0c2VyaWVzLmNv 19 | bYIDEAISMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkq 20 | hkiG9w0BAQsFAAOCAgEAqJ3UH/nQZHkwE7xe/Zba0+GE0bLRhi3y1hmbtdoGrxpW 21 | bfi3sdMQ70+b7nR3jiRDldWioIUJ6eySbus5Q9KguCXJCFrTDqEzTTVjwPQuoo7B 22 | QsVwha9NzhadA68zHIMEzuzLTc22a8uHxu/YyblTml25ThMYnmH9r9Gpw9hbMPje 23 | qO7HWXXKhvP92s4dWSQafndgkaxHZjl5QGvM0XtaCevKZb2hrVGk8Q2Ot5emIj5s 24 | NYetwua2oqpHfG5fXc03zljpzMCd6q8TKy7ekRt5qSx+ShNNf1LrTh2gG9fFn8vb 25 | mfFhJ3bTwbVGh8YXYr1TtVtoIb8d9eSn/7ZTk37hBJnDhPu/Pg87cyqBPWIJVvop 26 | zPNOVQGLPx2h/IOjAgE/YoE2CAxLTpqBh9lODaYznvbl/j5FHc1cYEAksuNxsgXk 27 | UjndaRfb/aD0Qn1wdMSOgVMoJsiT+MkjXx3y3VnjV3JNEgbMY4Bx1ahhL+FPRBnS 28 | 8lHLstnnaxm1N3i5y9w4b9/oXUWcHNulMpywWRAKRaMdc+rhRXVeSANShbe5HN4U 29 | A28SguWFx0HoiBXVaEt1QUQSRc0HocBoXSz/vk2xlcEu6F1tZLkb35dN7QRPdlyY 30 | oNMKlIkfU1F+jPr4oc60BApZWclb96Sg4oe2jPX6GGg9zbr/mGKLSYQ6B0B5yww= 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/2_intermediate/newcerts/100213.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE/TCCAuWgAwIBAgIDEAITMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRl 4 | dm9wc3Rvb2xraXRzZXJpZXMuY29tMB4XDTE5MDEwMjE0MjQwMloXDTIwMDExMjE0 5 | MjQwMlowaDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwL 6 | U3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRldm9wc3Rv 7 | b2xraXRzZXJpZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 8 | rS3s4lLdK570ti8Vg5OFNOP91DgnJgD4oDWhmVDiC+DTuzwBISavua2f2lMUgFd6 9 | WuIsmjMRTKJvlqjuv6APYjggmveY08kSc9oa6Ye+wS/bZemLURyQLNglijwokk01 10 | WfcNDyVcRXy+JThB3FinFfUtJ1z1IO6hX0Dzeqm8OMIdEpIBrfxWMOTP7rJb7g78 11 | nSUj1a33GvVZ7fHY+dH+FnzgMZsRe6hUf3v5RtC2xQeF9qjXVEzvqT10/ooryYRo 12 | +iTY5YJMEzwWQoWR3Ga5VX1PliNSup/cs/iVi+jUbD48RtsLgroNjjYo4XCuwexL 13 | P238TjxiZ96WFWv8q5ZO+wIDAQABo4HFMIHCMAkGA1UdEwQCMAAwEQYJYIZIAYb4 14 | QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGll 15 | bnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLZggvSMUx3RB7iMW43DKOB7WaoKMB8G 16 | A1UdIwQYMBaAFOHSYP6Vb4K97CsMIRxL7lf0S7HqMA4GA1UdDwEB/wQEAwIF4DAd 17 | BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIB 18 | AK5mIEzR1CyJdXnCZU1ej4FHVWmnDO6eOKwJBPwNA+5GPqlO1VdhuTMEspFF1xlw 19 | jMJlPy8S5509p+agjf0/otMe0zwYifcl1SfPSsQdpr4yK9zLHBBAhPL1P5PY6GAP 20 | uEUUQmHTSGFcnLQIxqt/OcRSP4FHwJ8mauuRqowrWsM1Xlx/hft3h3HNajmT4mBs 21 | lUBjD6LUXpH59tVGYOWKvf0rKqT32EWycOCyHHHoMqijHJl0ICh+o3vpU8cishv+ 22 | Y3e0RAHiQ/+Mmt8ZUKivW8vk/R5OlONuQ7Zoqp3xxta6VmYnMJBCNBk+t691CZPN 23 | 78inynfeXwx1BUHyS3mnlj94pafI/dzcEzJR5/NFVNiG0DEwMZdC6dUGrGAzUMXw 24 | FKl7ywuOfl8KmAs/aE+zt0GRgrUEU0ICW4ZB95u6az7bUpXK5CStwPexv0iMO7fA 25 | bhbrjP7wrb7hplcGDJ4sqh4ek18LT0aw/6yWtZRH81Y3VARS9NJI+6xHG5573703 26 | 07CU5DZ/n51yGlGuB6kauhsdQbL3S5T7xsgjB+TiXtYqdOyd9uH+TfLzDydT0saz 27 | wTwboUiGqBWXpp1BHpUaNY9v5b9bb6FLQpztJz3IkpyGX7mRQhcFB5Y+uv1i/a6B 28 | qoW+DEMxcIqmfK9tZ5z78wQ48HfJ/VIlOQGbzGgEZjCw 29 | -----END CERTIFICATE----- 30 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/2_intermediate/serial: -------------------------------------------------------------------------------- 1 | 100214 2 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/2_intermediate/serial.old: -------------------------------------------------------------------------------- 1 | 100213 2 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/3_application/certs/www.devopstoolkitseries.com.cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFazCCA1OgAwIBAgIDEAISMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRl 4 | dm9wc3Rvb2xraXRzZXJpZXMuY29tMB4XDTE5MDEwMjE0MjM1OVoXDTIwMDExMjE0 5 | MjM1OVowaDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwL 6 | U3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRldm9wc3Rv 7 | b2xraXRzZXJpZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 8 | 2GdSD3FsiSgdWVrRbOaHoUXwBPC7xcAt6ghkz4XEo4OmeQUTTA6vAUU5V76Sb64A 9 | +E/oAEb6vXE8o0agNGQbv1JAKXKRk5uPoBgeR3O21CfBwcguaQ6WAKWAHb+nV26M 10 | wlU4Zn/kOUHxKw8ZkCJYc2WlHyrDee5XlwiOCh4nxoryvDs9kXlUyQphmzq3bVoU 11 | euyflSZVl4CPFh9+LRA6/x4OYuNxHWwHAO7WCE431v4SjDxoYaNldGKVJ+lh+s7B 12 | kcjmHZNVV5o7/+7lqvVWuhv8Cj21Ef1mO7Gw84mRmO4FaQIRJaM420eTJR0KGO02 13 | 97jRRpLaoHuvQGussEdXtwIDAQABo4IBMjCCAS4wCQYDVR0TBAIwADARBglghkgB 14 | hvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNl 15 | cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5ocQHAsI1bz8HdP7t/BNf9sKjpEw 16 | gZQGA1UdIwSBjDCBiYAU4dJg/pVvgr3sKwwhHEvuV/RLseqhbKRqMGgxCzAJBgNV 17 | BAYTAlVTMQ8wDQYDVQQIDAZEZW5pYWwxFDASBgNVBAcMC1NwcmluZ2ZpZWxkMQww 18 | CgYDVQQKDANEaXMxJDAiBgNVBAMMG3d3dy5kZXZvcHN0b29sa2l0c2VyaWVzLmNv 19 | bYIDEAISMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkq 20 | hkiG9w0BAQsFAAOCAgEAqJ3UH/nQZHkwE7xe/Zba0+GE0bLRhi3y1hmbtdoGrxpW 21 | bfi3sdMQ70+b7nR3jiRDldWioIUJ6eySbus5Q9KguCXJCFrTDqEzTTVjwPQuoo7B 22 | QsVwha9NzhadA68zHIMEzuzLTc22a8uHxu/YyblTml25ThMYnmH9r9Gpw9hbMPje 23 | qO7HWXXKhvP92s4dWSQafndgkaxHZjl5QGvM0XtaCevKZb2hrVGk8Q2Ot5emIj5s 24 | NYetwua2oqpHfG5fXc03zljpzMCd6q8TKy7ekRt5qSx+ShNNf1LrTh2gG9fFn8vb 25 | mfFhJ3bTwbVGh8YXYr1TtVtoIb8d9eSn/7ZTk37hBJnDhPu/Pg87cyqBPWIJVvop 26 | zPNOVQGLPx2h/IOjAgE/YoE2CAxLTpqBh9lODaYznvbl/j5FHc1cYEAksuNxsgXk 27 | UjndaRfb/aD0Qn1wdMSOgVMoJsiT+MkjXx3y3VnjV3JNEgbMY4Bx1ahhL+FPRBnS 28 | 8lHLstnnaxm1N3i5y9w4b9/oXUWcHNulMpywWRAKRaMdc+rhRXVeSANShbe5HN4U 29 | A28SguWFx0HoiBXVaEt1QUQSRc0HocBoXSz/vk2xlcEu6F1tZLkb35dN7QRPdlyY 30 | oNMKlIkfU1F+jPr4oc60BApZWclb96Sg4oe2jPX6GGg9zbr/mGKLSYQ6B0B5yww= 31 | -----END CERTIFICATE----- 32 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/3_application/csr/www.devopstoolkitseries.com.csr.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIG 3 | A1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRl 4 | dm9wc3Rvb2xraXRzZXJpZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB 5 | CgKCAQEA2GdSD3FsiSgdWVrRbOaHoUXwBPC7xcAt6ghkz4XEo4OmeQUTTA6vAUU5 6 | V76Sb64A+E/oAEb6vXE8o0agNGQbv1JAKXKRk5uPoBgeR3O21CfBwcguaQ6WAKWA 7 | Hb+nV26MwlU4Zn/kOUHxKw8ZkCJYc2WlHyrDee5XlwiOCh4nxoryvDs9kXlUyQph 8 | mzq3bVoUeuyflSZVl4CPFh9+LRA6/x4OYuNxHWwHAO7WCE431v4SjDxoYaNldGKV 9 | J+lh+s7BkcjmHZNVV5o7/+7lqvVWuhv8Cj21Ef1mO7Gw84mRmO4FaQIRJaM420eT 10 | JR0KGO0297jRRpLaoHuvQGussEdXtwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB 11 | AC/MjXKECYWDZ79bQGeADA+TMlo8abrT5KPvgbQU0+cJUnfuEQl6z8g6IZVHhehh 12 | ZyNv4p8zu7GlrdGrQIbc3eXjCnjKhPwSDj1zBKGnMiJBW0oYtf8HGK9Nozt08Xah 13 | bMWKcikIr6hAxEPA4JO6gIK3gz/5fzkpkTmUww6KeC7i6RJEogYbKzZD6BVzd7TS 14 | Z0v7W+rdNn9PmJqrkc1vtHaqTkesTg3rgZ+Jox9SPqEVS4nU4xOGrnjXnoqQqc5s 15 | ggkRwAaK9q1TG4LwCBYL9co4g8fglrV65LyOD2cnxQVaHglwbE02pHhC5wt/Ez2O 16 | GhiV4IHtkGrG6va/RAhFObo= 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/3_application/private/www.devopstoolkitseries.com.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEogIBAAKCAQEA2GdSD3FsiSgdWVrRbOaHoUXwBPC7xcAt6ghkz4XEo4OmeQUT 3 | TA6vAUU5V76Sb64A+E/oAEb6vXE8o0agNGQbv1JAKXKRk5uPoBgeR3O21CfBwcgu 4 | aQ6WAKWAHb+nV26MwlU4Zn/kOUHxKw8ZkCJYc2WlHyrDee5XlwiOCh4nxoryvDs9 5 | kXlUyQphmzq3bVoUeuyflSZVl4CPFh9+LRA6/x4OYuNxHWwHAO7WCE431v4SjDxo 6 | YaNldGKVJ+lh+s7BkcjmHZNVV5o7/+7lqvVWuhv8Cj21Ef1mO7Gw84mRmO4FaQIR 7 | JaM420eTJR0KGO0297jRRpLaoHuvQGussEdXtwIDAQABAoIBADqjFGs20q//fKRf 8 | pWuas5mRd83+5QJaZpaJm7dXica8v3j/VRFA0U7I0Rbjfo5gWcbu7/BTS1HVwxaC 9 | 5poLnjEjOluAvc1/U1WP83Rs+FdYRnoZoem5mA+oyKRG8DMSs3Vc3iF3+gFByvVd 10 | 7BFQHSN3oVxmm/0IBhfYq5Q2Q5TaRcfWSpqdsCCjly1pj/60esR9rBfoS5ip4JOV 11 | Mgq4zXBYNrwhadzN38JS9pXanjLIKsgjx14uzVevOU4neRnkOp7hFlEcQHregRBk 12 | fTYOf/PB5Qi7ed58QaKQpN1IA3xBKQuKVxEzWbGPm/PlZBjWUmtslHWgz8FjP7q3 13 | ZCTdzHECgYEA+sotPjF4Cx/Gx9Am1BoGIL2voHTxVV6r2EXmjhOumhQwc1k9cczI 14 | PhtDDfCaL2cgRPChRelQSGAJEoDFLJsTX1QtstI9c5Vcp+aGwfz2EBHshPsP4xk8 15 | BAydrsP+mSnOVyzEnJGn4Eu1/StWMgo4QsgHdBI/HDWmawygNnczVvsCgYEA3OZC 16 | 5ec5J1FFy216ZQIhRd4ofRIEG9uum+u7Q6fbeHqEUvs68aU8pPDRkT4A9Mg7QRNs 17 | jJKWlmXZihJbUTwiTo+qoxorKJyhG5jZ29niPfIrtJtTCKNLmk7gO/6/Dxeb7Zkd 18 | 9kV3T5wXhJF4xE3fNBxVBEEjmmc27vJFqyeqFXUCgYBoS+Jq5fnNboalnGw5cyUv 19 | QpOigF/JKBkBVXifh5HqZBEON4O1Kvvv0DifuHr20cV6xjPbtj78CmxbdJALj+aL 20 | k595qbOCuRASh21tiXzvi/S4DQ07Xcg2yuRcxQfBvMAiQuz1TCHrxrDFu9sZ7mQd 21 | acCnxdrXKXyvMk4CuKnyNwKBgCGqZh+rsaYwWLa8JJ8oR/Hh/cGx8TZdsKrKrmuN 22 | NYGTCn+rEjyptihdG1NLY9Hqgj1UvIJgBNs/Anxsd8ZVp9TZSGQ7JMC3vkX6cZl0 23 | B2rxcX/A/FKgsHD//GSoWm3uZzE62LojtB9J5rupgAJK6+2BM+PGGar6eADKo5uG 24 | HAHRAoGANHpBvGe0uYKJXAfLiTxu2s87kAjzMGZkpZ9VN+nbQlj7Ca6+ORQXr9WV 25 | xF34DSq+tx4wH/2DyMmKSInnfAg815cGNOJY3rDyc+SpDmG/e1K6+swZT7fjoB1/ 26 | 9hG+oUAfM0aP972hlBRrSmwO9lvZyNxNp5MliigAEeszm7i9VZ4= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/4_client/certs/www.devopstoolkitseries.com.cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE/TCCAuWgAwIBAgIDEAITMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlVT 3 | MQ8wDQYDVQQIDAZEZW5pYWwxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRl 4 | dm9wc3Rvb2xraXRzZXJpZXMuY29tMB4XDTE5MDEwMjE0MjQwMloXDTIwMDExMjE0 5 | MjQwMlowaDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwL 6 | U3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRldm9wc3Rv 7 | b2xraXRzZXJpZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 8 | rS3s4lLdK570ti8Vg5OFNOP91DgnJgD4oDWhmVDiC+DTuzwBISavua2f2lMUgFd6 9 | WuIsmjMRTKJvlqjuv6APYjggmveY08kSc9oa6Ye+wS/bZemLURyQLNglijwokk01 10 | WfcNDyVcRXy+JThB3FinFfUtJ1z1IO6hX0Dzeqm8OMIdEpIBrfxWMOTP7rJb7g78 11 | nSUj1a33GvVZ7fHY+dH+FnzgMZsRe6hUf3v5RtC2xQeF9qjXVEzvqT10/ooryYRo 12 | +iTY5YJMEzwWQoWR3Ga5VX1PliNSup/cs/iVi+jUbD48RtsLgroNjjYo4XCuwexL 13 | P238TjxiZ96WFWv8q5ZO+wIDAQABo4HFMIHCMAkGA1UdEwQCMAAwEQYJYIZIAYb4 14 | QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGll 15 | bnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLZggvSMUx3RB7iMW43DKOB7WaoKMB8G 16 | A1UdIwQYMBaAFOHSYP6Vb4K97CsMIRxL7lf0S7HqMA4GA1UdDwEB/wQEAwIF4DAd 17 | BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIB 18 | AK5mIEzR1CyJdXnCZU1ej4FHVWmnDO6eOKwJBPwNA+5GPqlO1VdhuTMEspFF1xlw 19 | jMJlPy8S5509p+agjf0/otMe0zwYifcl1SfPSsQdpr4yK9zLHBBAhPL1P5PY6GAP 20 | uEUUQmHTSGFcnLQIxqt/OcRSP4FHwJ8mauuRqowrWsM1Xlx/hft3h3HNajmT4mBs 21 | lUBjD6LUXpH59tVGYOWKvf0rKqT32EWycOCyHHHoMqijHJl0ICh+o3vpU8cishv+ 22 | Y3e0RAHiQ/+Mmt8ZUKivW8vk/R5OlONuQ7Zoqp3xxta6VmYnMJBCNBk+t691CZPN 23 | 78inynfeXwx1BUHyS3mnlj94pafI/dzcEzJR5/NFVNiG0DEwMZdC6dUGrGAzUMXw 24 | FKl7ywuOfl8KmAs/aE+zt0GRgrUEU0ICW4ZB95u6az7bUpXK5CStwPexv0iMO7fA 25 | bhbrjP7wrb7hplcGDJ4sqh4ek18LT0aw/6yWtZRH81Y3VARS9NJI+6xHG5573703 26 | 07CU5DZ/n51yGlGuB6kauhsdQbL3S5T7xsgjB+TiXtYqdOyd9uH+TfLzDydT0saz 27 | wTwboUiGqBWXpp1BHpUaNY9v5b9bb6FLQpztJz3IkpyGX7mRQhcFB5Y+uv1i/a6B 28 | qoW+DEMxcIqmfK9tZ5z78wQ48HfJ/VIlOQGbzGgEZjCw 29 | -----END CERTIFICATE----- 30 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/4_client/csr/www.devopstoolkitseries.com.csr.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIG 3 | A1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoMA0RpczEkMCIGA1UEAwwbd3d3LmRl 4 | dm9wc3Rvb2xraXRzZXJpZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB 5 | CgKCAQEArS3s4lLdK570ti8Vg5OFNOP91DgnJgD4oDWhmVDiC+DTuzwBISavua2f 6 | 2lMUgFd6WuIsmjMRTKJvlqjuv6APYjggmveY08kSc9oa6Ye+wS/bZemLURyQLNgl 7 | ijwokk01WfcNDyVcRXy+JThB3FinFfUtJ1z1IO6hX0Dzeqm8OMIdEpIBrfxWMOTP 8 | 7rJb7g78nSUj1a33GvVZ7fHY+dH+FnzgMZsRe6hUf3v5RtC2xQeF9qjXVEzvqT10 9 | /ooryYRo+iTY5YJMEzwWQoWR3Ga5VX1PliNSup/cs/iVi+jUbD48RtsLgroNjjYo 10 | 4XCuwexLP238TjxiZ96WFWv8q5ZO+wIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB 11 | AKhqJqmFOTVWihVoz7AxU8yueB9Jw78MKyZRiUgZ5mEDP46HHSXARAF4Ydo3bGMZ 12 | rTixQCDKwfRHP13PFOQ4F3FqwvZX2/8H/UPv4sGSnoaRJjmOEs16+uYtNUIUFikK 13 | w0rW3cSfnkmI8yH6S66oV5e+obXURHHdiHtyKLhPwZ9aEJqEQn5WF5ijmsf2wziG 14 | 2PP26F35HZHXnuJrILqQPTDlaOYIuwK5tslUjmhdEYV+07w3egEvuslg3Oyb34lA 15 | ZEsfA5Cp2b38gqcHlyCkkIh7iApXTn/dE+btaWDWPpEUA+yp2dqI8S9f5EYdhacZ 16 | KGz9b9JjjsD1Zni26eLyqjE= 17 | -----END CERTIFICATE REQUEST----- 18 | -------------------------------------------------------------------------------- /certs/www.devopstoolkitseries.com/4_client/private/www.devopstoolkitseries.com.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEArS3s4lLdK570ti8Vg5OFNOP91DgnJgD4oDWhmVDiC+DTuzwB 3 | ISavua2f2lMUgFd6WuIsmjMRTKJvlqjuv6APYjggmveY08kSc9oa6Ye+wS/bZemL 4 | URyQLNglijwokk01WfcNDyVcRXy+JThB3FinFfUtJ1z1IO6hX0Dzeqm8OMIdEpIB 5 | rfxWMOTP7rJb7g78nSUj1a33GvVZ7fHY+dH+FnzgMZsRe6hUf3v5RtC2xQeF9qjX 6 | VEzvqT10/ooryYRo+iTY5YJMEzwWQoWR3Ga5VX1PliNSup/cs/iVi+jUbD48RtsL 7 | groNjjYo4XCuwexLP238TjxiZ96WFWv8q5ZO+wIDAQABAoIBACRfogKDTwrrbxCY 8 | 4RbqtC7AuD6LsMVNrOrReOif0WqXRUFtP/t7iashKZMMoiC2vu851A5rLXYAJBnr 9 | z4GWF8UUbty9pm7NK8ADjmWAanNfHuDP5cAalLmmiHP5YLgh2VPVDPwiZ7f8lF9y 10 | 6npicG2vOlWrM51AIcrE9J7N6cetvR6nNhIK65NYGEr4oMLrOZ7UpBbCccpALUPp 11 | eCz8wf2UgIfl5V4bCXJhvd7ac++UmknWg3jE6L0q0jOoRnOrGEU/OqsNE6qe+VzT 12 | nckTgYRy9wi3boSQ7OGTO1nwMquy9xa1JWJ4IMxkSGgMNFIOWFgVRM+lqD6+A9yH 13 | /4YvoEkCgYEA3xSEMtyX56bmJSUPIZGkm3mG8DPSOC8aN8kB2heYxaTEWVSlwPve 14 | RWMHRu72/pvBCrorKnQawV/xnXiqxBob+ayMwTN0gCl2BraA00ziRnxoTUFtfZjB 15 | JBrLntMKmF6WdH19hzkFM++3q8wcaOyPLnrw4u5TemGst0onrvS5xNcCgYEAxrxE 16 | XFMYHPa5ZZCntwy5TINWIufCCITTA92CBlB5Gsr7RcgaIiJ1IXpj6qpFM1WfDAgC 17 | 56PNNBGfUirKOFFBV9hE8WWyGHe88rSP9PJSk55I//TPlhXifPbVIJU0qpBeP5An 18 | YGaw5v/7lPAySZ9hWGJpG7z3Bi67vmxrkAywHn0CgYALn88Ps2z69jhx4Q97yVIR 19 | g/CjHaArq1CrbX76NVaRnfdZTE7i0n0Pkoxzhso6FDWn8HGFYc1vHCfD8+C6HT4t 20 | 8W7YNm0wrHho+yOVXyE/WQY6WFlzPP17eyX3HboknHEsmslqvW7m+OvSOO2WDhWb 21 | 724T9SVGcEaGuod812XCuwKBgQCGavp108IgfQRi3NeDaPi/9qlBDK5hoq0zFRSH 22 | /tAaviX8Sd7bLaE51pVUOHx7vzLHKXgFgvYdfLndEpIaS2M97kqbV+SAxiQnqNch 23 | nvEZZVsMvGHXqs+5JB59Xk3z+5ezuGXZvztx0rwwPdJVl5Z4+H8NQt918BAOOTj7 24 | golw5QKBgANY6j+Kxpvm1YvczsqGW+Vd57veJDL5QjHUfUrjN+IbXS1B8w9sDRD2 25 | a9gR1p9vutyLnf59U+RG7JXTYNE6FJJC5CB4F9x7E7Qnf1nrDkQEJN8XZLdh+5bb 26 | RlkgBYRE6fhLuY8atQ/E+INRj+9rSrnPbVuqk74RGPEaLI02QXUa 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /charts/k8s-specs/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /charts/k8s-specs/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://raw.githubusercontent.com/jenkins-x/jenkins-x-platform/d273e09/images/go.png 4 | name: k8s-specs 5 | version: 0.1.0-SNAPSHOT 6 | -------------------------------------------------------------------------------- /charts/k8s-specs/Makefile: -------------------------------------------------------------------------------- 1 | CHART_REPO := http://jenkins-x-chartmuseum:8080 2 | CURRENT=$(pwd) 3 | NAME := k8s-specs 4 | OS := $(shell uname) 5 | VERSION := $(shell cat ../../VERSION) 6 | 7 | build: clean 8 | rm -rf requirements.lock 9 | helm dependency build 10 | helm lint 11 | 12 | install: clean build 13 | helm install . --name ${NAME} 14 | 15 | upgrade: clean build 16 | helm upgrade ${NAME} . 17 | 18 | delete: 19 | helm delete --purge ${NAME} 20 | 21 | clean: 22 | rm -rf charts 23 | rm -rf ${NAME}*.tgz 24 | 25 | release: clean 26 | helm dependency build 27 | helm lint 28 | helm init --client-only 29 | helm package . 30 | curl --fail -u $(CHARTMUSEUM_CREDS_USR):$(CHARTMUSEUM_CREDS_PSW) --data-binary "@$(NAME)-$(shell sed -n 's/^version: //p' Chart.yaml).tgz" $(CHART_REPO)/api/charts 31 | rm -rf ${NAME}*.tgz% 32 | 33 | tag: 34 | ifeq ($(OS),Darwin) 35 | sed -i "" -e "s/version:.*/version: $(VERSION)/" Chart.yaml 36 | sed -i "" -e "s/tag:.*/tag: $(VERSION)/" values.yaml 37 | else ifeq ($(OS),Linux) 38 | sed -i -e "s/version:.*/version: $(VERSION)/" Chart.yaml 39 | sed -i -e "s|repository:.*|repository: $(DOCKER_REGISTRY)\/vfarcic\/$(NAME)|" values.yaml 40 | sed -i -e "s/tag:.*/tag: $(VERSION)/" values.yaml 41 | else 42 | echo "platfrom $(OS) not supported to tag with" 43 | exit -1 44 | endif 45 | git add --all 46 | git commit -m "release $(VERSION)" --allow-empty # if first release then no verion update is performed 47 | git tag -fa v$(VERSION) -m "Release version $(VERSION)" 48 | git push origin v$(VERSION) -------------------------------------------------------------------------------- /charts/k8s-specs/README.md: -------------------------------------------------------------------------------- 1 | # golang application -------------------------------------------------------------------------------- /charts/k8s-specs/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | Get the application URL by running these commands: 3 | 4 | kubectl get ingress {{ template "fullname" . }} 5 | -------------------------------------------------------------------------------- /charts/k8s-specs/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- $name := default .Chart.Name .Values.nameOverride -}} 15 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /charts/k8s-specs/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | draft: {{ default "draft-app" .Values.draft }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 8 | spec: 9 | replicas: {{ .Values.replicaCount }} 10 | template: 11 | metadata: 12 | labels: 13 | draft: {{ default "draft-app" .Values.draft }} 14 | app: {{ template "fullname" . }} 15 | {{- if .Values.podAnnotations }} 16 | annotations: 17 | {{ toYaml .Values.podAnnotations | indent 8 }} 18 | {{- end }} 19 | spec: 20 | containers: 21 | - name: {{ .Chart.Name }} 22 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" 23 | imagePullPolicy: {{ .Values.image.pullPolicy }} 24 | ports: 25 | - containerPort: {{ .Values.service.internalPort }} 26 | livenessProbe: 27 | httpGet: 28 | path: {{ .Values.probePath }} 29 | port: {{ .Values.service.internalPort }} 30 | initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} 31 | periodSeconds: {{ .Values.livenessProbe.periodSeconds }} 32 | successThreshold: {{ .Values.livenessProbe.successThreshold }} 33 | timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} 34 | readinessProbe: 35 | httpGet: 36 | path: {{ .Values.probePath }} 37 | port: {{ .Values.service.internalPort }} 38 | periodSeconds: {{ .Values.readinessProbe.periodSeconds }} 39 | successThreshold: {{ .Values.readinessProbe.successThreshold }} 40 | timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} 41 | resources: 42 | {{ toYaml .Values.resources | indent 12 }} 43 | terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} 44 | -------------------------------------------------------------------------------- /charts/k8s-specs/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | {{- if .Values.service.name }} 5 | name: {{ .Values.service.name }} 6 | {{- else }} 7 | name: {{ template "fullname" . }} 8 | {{- end }} 9 | labels: 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" 11 | {{- if .Values.service.annotations }} 12 | annotations: 13 | {{ toYaml .Values.service.annotations | indent 4 }} 14 | {{- end }} 15 | spec: 16 | type: {{ .Values.service.type }} 17 | ports: 18 | - port: {{ .Values.service.externalPort }} 19 | targetPort: {{ .Values.service.internalPort }} 20 | protocol: TCP 21 | name: http 22 | selector: 23 | app: {{ template "fullname" . }} 24 | -------------------------------------------------------------------------------- /charts/k8s-specs/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for Go projects. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | replicaCount: 1 5 | image: 6 | repository: draft 7 | tag: dev 8 | pullPolicy: IfNotPresent 9 | service: 10 | name: k8s-specs 11 | type: ClusterIP 12 | externalPort: 80 13 | internalPort: 8080 14 | annotations: 15 | fabric8.io/expose: "true" 16 | fabric8.io/ingress.annotations: "kubernetes.io/ingress.class: nginx" 17 | resources: 18 | limits: 19 | cpu: 100m 20 | memory: 256Mi 21 | requests: 22 | cpu: 80m 23 | memory: 128Mi 24 | probePath: / 25 | livenessProbe: 26 | initialDelaySeconds: 60 27 | periodSeconds: 10 28 | successThreshold: 1 29 | timeoutSeconds: 1 30 | readinessProbe: 31 | periodSeconds: 10 32 | successThreshold: 1 33 | timeoutSeconds: 1 34 | terminationGracePeriodSeconds: 10 35 | -------------------------------------------------------------------------------- /charts/maesh/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | # OWNERS file for Kubernetes 24 | OWNERS 25 | -------------------------------------------------------------------------------- /charts/maesh/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: v0.5.0 3 | description: Maesh - Simpler Service Mesh 4 | engine: gotpl 5 | home: https://containo.us/ 6 | icon: https://avatars0.githubusercontent.com/u/16349663?s=200&v=4 7 | keywords: 8 | - traefik 9 | - mesh 10 | maintainers: 11 | - email: emile@vauge.com 12 | name: emilevauge 13 | - email: daniel@containo.us 14 | name: dtomcej 15 | - email: michael@containo.us 16 | name: mmatur 17 | name: maesh 18 | version: 0.0.6 19 | -------------------------------------------------------------------------------- /charts/maesh/charts/metrics/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 0.0.1 3 | description: A metrics Helm chart for Kubernetes 4 | name: metrics 5 | tillerVersion: '>=2.7.2' 6 | version: 0.0.6 7 | -------------------------------------------------------------------------------- /charts/maesh/charts/metrics/templates/grafana-pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: grafana 6 | labels: 7 | app: {{ .Release.Name | quote }} 8 | chart: {{ include "maesh.chartLabel" . | quote }} 9 | release: {{ .Release.Name | quote }} 10 | heritage: {{ .Release.Service | quote }} 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app: grafana 16 | component: core 17 | -------------------------------------------------------------------------------- /charts/maesh/charts/metrics/templates/prometheus-pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: prometheus 6 | labels: 7 | app: {{ .Release.Name | quote }} 8 | chart: {{ include "maesh.chartLabel" . | quote }} 9 | release: {{ .Release.Name | quote }} 10 | heritage: {{ .Release.Service | quote }} 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app: prometheus 16 | component: core 17 | -------------------------------------------------------------------------------- /charts/maesh/charts/metrics/templates/rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1beta1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: prometheus 6 | labels: 7 | chart: {{ include "maesh.chartLabel" . | quote }} 8 | release: {{ .Release.Name | quote }} 9 | heritage: {{ .Release.Service | quote }} 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: prometheus 14 | subjects: 15 | - kind: ServiceAccount 16 | name: prometheus-k8s 17 | namespace: {{ .Release.Namespace }} 18 | 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1beta1 21 | kind: ClusterRole 22 | metadata: 23 | name: prometheus 24 | labels: 25 | chart: {{ include "maesh.chartLabel" . | quote }} 26 | release: {{ .Release.Name | quote }} 27 | heritage: {{ .Release.Service | quote }} 28 | rules: 29 | - apiGroups: [""] 30 | resources: 31 | - nodes 32 | - services 33 | - endpoints 34 | - pods 35 | verbs: ["get", "list", "watch"] 36 | - apiGroups: [""] 37 | resources: 38 | - configmaps 39 | verbs: ["get"] 40 | - nonResourceURLs: ["/metrics"] 41 | verbs: ["get"] 42 | - apiGroups: ["extensions"] 43 | resources: 44 | - ingresses 45 | verbs: ["get", "list", "watch"] 46 | 47 | --- 48 | apiVersion: v1 49 | kind: ServiceAccount 50 | metadata: 51 | name: prometheus-k8s 52 | namespace: {{ .Release.Namespace }} 53 | labels: 54 | chart: {{ include "maesh.chartLabel" . | quote }} 55 | release: {{ .Release.Name | quote }} 56 | heritage: {{ .Release.Service | quote }} 57 | 58 | --- 59 | apiVersion: v1 60 | kind: ServiceAccount 61 | metadata: 62 | name: grafana-k8s 63 | namespace: {{ .Release.Namespace }} 64 | labels: 65 | chart: {{ include "maesh.chartLabel" . | quote }} 66 | release: {{ .Release.Name | quote }} 67 | heritage: {{ .Release.Service | quote }} 68 | -------------------------------------------------------------------------------- /charts/maesh/charts/metrics/templates/storage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: metrics-storage 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | chart: {{ include "maesh.chartLabel" . | quote }} 9 | release: {{ .Release.Name | quote }} 10 | heritage: {{ .Release.Service | quote }} 11 | spec: 12 | accessModes: 13 | - ReadWriteOnce 14 | resources: 15 | requests: 16 | storage: 10Gi 17 | storageClassName: {{ .Values.storageClass }} 18 | 19 | --- 20 | apiVersion: v1 21 | kind: PersistentVolumeClaim 22 | metadata: 23 | name: prometheus-storage 24 | namespace: {{ .Release.Namespace }} 25 | labels: 26 | chart: {{ include "maesh.chartLabel" . | quote }} 27 | release: {{ .Release.Name | quote }} 28 | heritage: {{ .Release.Service | quote }} 29 | spec: 30 | accessModes: 31 | - ReadWriteOnce 32 | resources: 33 | requests: 34 | storage: 10Gi 35 | storageClassName: {{ .Values.storageClass }} 36 | -------------------------------------------------------------------------------- /charts/maesh/charts/metrics/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | prometheus: prom/prometheus:v2.11.1 3 | grafana: grafana/grafana:6.2.5 4 | configmapReload: jimmidyson/configmap-reload:v0.2.2 5 | storageClass: local-path 6 | -------------------------------------------------------------------------------- /charts/maesh/charts/tracing/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 0.0.1 3 | description: A Jaeger tracing Helm chart for Kubernetes 4 | name: tracing 5 | tillerVersion: '>=2.7.2' 6 | version: 0.0.3 7 | -------------------------------------------------------------------------------- /charts/maesh/charts/tracing/templates/jaeger-pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: jaeger 6 | labels: 7 | app: {{ .Release.Name | quote }} 8 | chart: {{ include "maesh.chartLabel" . | quote }} 9 | release: {{ .Release.Name | quote }} 10 | heritage: {{ .Release.Service | quote }} 11 | spec: 12 | minAvailable: 1 13 | selector: 14 | matchLabels: 15 | app: jaeger 16 | app.kubernetes.io/name: jaeger 17 | app.kubernetes.io/component: all-in-one 18 | -------------------------------------------------------------------------------- /charts/maesh/charts/tracing/templates/jaeger-sa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: jaeger 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ .Release.Name | quote}} 9 | chart: {{ include "maesh.chartLabel" . | quote}} 10 | release: {{ .Release.Name | quote }} 11 | heritage: {{ .Release.Service | quote }} 12 | automountServiceAccountToken: false 13 | 14 | -------------------------------------------------------------------------------- /charts/maesh/charts/tracing/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | jaeger: jaegertracing/all-in-one:1.13 3 | -------------------------------------------------------------------------------- /charts/maesh/crds/smi-access.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: traffictargets.access.smi-spec.io 6 | spec: 7 | group: access.smi-spec.io 8 | version: v1alpha1 9 | scope: Namespaced 10 | names: 11 | kind: TrafficTarget 12 | shortNames: 13 | - tt 14 | plural: traffictargets 15 | singular: traffictarget 16 | -------------------------------------------------------------------------------- /charts/maesh/crds/smi-spec.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: httproutegroups.specs.smi-spec.io 6 | # annotations: 7 | # "helm.sh/hook": crd-install 8 | spec: 9 | group: specs.smi-spec.io 10 | version: v1alpha1 11 | scope: Namespaced 12 | names: 13 | kind: HTTPRouteGroup 14 | shortNames: 15 | - htr 16 | plural: httproutegroups 17 | singular: httproutegroup 18 | 19 | --- 20 | apiVersion: apiextensions.k8s.io/v1beta1 21 | kind: CustomResourceDefinition 22 | metadata: 23 | name: tcproutes.specs.smi-spec.io 24 | spec: 25 | group: specs.smi-spec.io 26 | version: v1alpha1 27 | scope: Namespaced 28 | names: 29 | kind: TCPRoute 30 | shortNames: 31 | - tr 32 | plural: tcproutes 33 | singular: tcproute 34 | -------------------------------------------------------------------------------- /charts/maesh/crds/smi-trafficsplits.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1beta1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: trafficsplits.split.smi-spec.io 6 | spec: 7 | group: split.smi-spec.io 8 | version: v1alpha1 9 | scope: Namespaced 10 | names: 11 | kind: TrafficSplit 12 | shortNames: 13 | - ts 14 | plural: trafficsplits 15 | singular: trafficsplit 16 | additionalPrinterColumns: 17 | - name: Service 18 | type: string 19 | description: The apex service of this split. 20 | JSONPath: .spec.service 21 | -------------------------------------------------------------------------------- /charts/maesh/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: tracing 3 | version: 0.0.3 4 | condition: tracing.deploy 5 | - name: metrics 6 | version: 0.0.6 7 | condition: metrics.deploy -------------------------------------------------------------------------------- /charts/maesh/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for installing {{ .Chart.Name }}. 2 | 3 | Your release is named {{ .Release.Name }}. 4 | 5 | To learn more about the release, try: 6 | 7 | $ helm status {{ .Release.Name }} 8 | $ helm get {{ .Release.Name }} 9 | -------------------------------------------------------------------------------- /charts/maesh/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | 3 | {{/* 4 | Define the Chart version Label 5 | */}} 6 | {{- define "maesh.chartLabel" -}} 7 | {{- printf "%s-%s" .Chart.Name .Chart.Version -}} 8 | {{- end -}} 9 | 10 | {{/* 11 | Define the templated image with tag 12 | */}} 13 | {{- define "maesh.controllerImage" -}} 14 | {{- printf "%s:%s" .Values.controller.image.name ( .Values.controller.image.tag | default .Chart.AppVersion ) -}} 15 | {{- end -}} 16 | 17 | {{/* 18 | Define the ignoreNamespaces List 19 | */}} 20 | {{- define "maesh.controllerIgnoreNamespaces" -}} 21 | --ignoreNamespaces= 22 | {{- range $idx, $ns := .Values.controller.ignoreNamespaces }} 23 | {{- if $idx }},{{ end }} 24 | {{- $ns }} 25 | {{- end -}} 26 | {{- end -}} 27 | -------------------------------------------------------------------------------- /charts/maesh/templates/controller/controller-configmap.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: tcp-state-table 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ .Release.Name | quote}} 9 | chart: {{ include "maesh.chartLabel" . | quote}} 10 | release: {{ .Release.Name | quote }} 11 | heritage: {{ .Release.Service | quote }} 12 | data: 13 | key: value 14 | -------------------------------------------------------------------------------- /charts/maesh/templates/controller/controller-pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: maesh-controller 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ .Release.Name | quote }} 9 | chart: {{ include "maesh.chartLabel" . | quote }} 10 | release: {{ .Release.Name | quote }} 11 | heritage: {{ .Release.Service | quote }} 12 | spec: 13 | minAvailable: 1 14 | selector: 15 | matchLabels: 16 | app: {{ .Release.Name | quote }} 17 | component: controller 18 | release: {{ .Release.Name | quote }} 19 | -------------------------------------------------------------------------------- /charts/maesh/templates/controller/controller-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1beta1 4 | metadata: 5 | name: maesh-controller-role 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ .Release.Name | quote}} 9 | chart: {{ include "maesh.chartLabel" . | quote}} 10 | release: {{ .Release.Name | quote }} 11 | heritage: {{ .Release.Service | quote }} 12 | rules: 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - pods 17 | - endpoints 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - "" 24 | resources: 25 | - namespaces 26 | verbs: 27 | - get 28 | - create 29 | - apiGroups: 30 | - "" 31 | resources: 32 | - configmaps 33 | verbs: 34 | - get 35 | - create 36 | - delete 37 | - update 38 | - apiGroups: 39 | - "" 40 | resources: 41 | - services 42 | verbs: 43 | - get 44 | - list 45 | - watch 46 | - delete 47 | - create 48 | - update 49 | - apiGroups: 50 | - apps 51 | resources: 52 | - deployments 53 | verbs: 54 | - get 55 | - update 56 | - create 57 | - apiGroups: 58 | - access.smi-spec.io 59 | - specs.smi-spec.io 60 | - split.smi-spec.io 61 | resources: 62 | - traffictargets 63 | - tcproutes 64 | - httproutegroups 65 | - trafficsplits 66 | - events 67 | verbs: 68 | - get 69 | - list 70 | - watch 71 | --- 72 | kind: ClusterRoleBinding 73 | apiVersion: rbac.authorization.k8s.io/v1beta1 74 | metadata: 75 | name: maesh-controller 76 | namespace: {{ .Release.Namespace }} 77 | labels: 78 | app: {{ .Release.Name | quote}} 79 | chart: {{ include "maesh.chartLabel" . | quote}} 80 | release: {{ .Release.Name | quote }} 81 | heritage: {{ .Release.Service | quote }} 82 | roleRef: 83 | apiGroup: rbac.authorization.k8s.io 84 | kind: ClusterRole 85 | name: maesh-controller-role 86 | subjects: 87 | - kind: ServiceAccount 88 | name: maesh-controller 89 | namespace: {{ .Release.Namespace }} 90 | -------------------------------------------------------------------------------- /charts/maesh/templates/controller/controller-sa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: maesh-controller 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ .Release.Name | quote}} 9 | chart: {{ include "maesh.chartLabel" . | quote}} 10 | release: {{ .Release.Name | quote }} 11 | heritage: {{ .Release.Service | quote }} 12 | -------------------------------------------------------------------------------- /charts/maesh/templates/dns/coredns/coredns-configmap.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubedns }} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: coredns 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | chart: {{ include "maesh.chartLabel" . | quote }} 10 | release: {{ .Release.Name | quote}} 11 | heritage: {{ .Release.Service | quote}} 12 | data: 13 | Corefile: | 14 | .:53 { 15 | errors 16 | health 17 | kubernetes cluster.local in-addr.arpa ip6.arpa { 18 | pods insecure 19 | upstream 20 | fallthrough in-addr.arpa ip6.arpa 21 | } 22 | prometheus :9153 23 | forward . /etc/resolv.conf 24 | cache 30 25 | loop 26 | reload 27 | loadbalance 28 | } 29 | 30 | maesh:53 { 31 | errors 32 | rewrite continue { 33 | name regex ([a-zA-Z0-9-_]*)\.([a-zv0-9-_]*)\.maesh maesh-{1}-{2}.maesh.svc.cluster.local 34 | answer name maesh-([a-zA-Z0-9-_]*)-([a-zA-Z0-9-_]*)\.maesh\.svc\.cluster\.local {1}.{2}.maesh 35 | } 36 | kubernetes cluster.local in-addr.arpa ip6.arpa { 37 | pods insecure 38 | upstream 39 | fallthrough in-addr.arpa ip6.arpa 40 | } 41 | forward . /etc/resolv.conf 42 | cache 30 43 | loop 44 | reload 45 | loadbalance 46 | } 47 | {{- end }} 48 | -------------------------------------------------------------------------------- /charts/maesh/templates/dns/coredns/coredns-rbac.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubedns }} 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1beta1 4 | kind: ClusterRole 5 | metadata: 6 | labels: 7 | kubernetes.io/bootstrapping: rbac-defaults 8 | chart: {{ include "maesh.chartLabel" . | quote }} 9 | release: {{ .Release.Name | quote}} 10 | heritage: {{ .Release.Service | quote}} 11 | name: coredns 12 | namespace: {{ .Release.Namespace }} 13 | rules: 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - endpoints 18 | - services 19 | - pods 20 | - namespaces 21 | verbs: 22 | - list 23 | - watch 24 | - apiGroups: 25 | - "" 26 | resources: 27 | - nodes 28 | verbs: 29 | - get 30 | 31 | --- 32 | apiVersion: rbac.authorization.k8s.io/v1beta1 33 | kind: ClusterRoleBinding 34 | metadata: 35 | labels: 36 | kubernetes.io/bootstrapping: rbac-defaults 37 | chart: {{ include "maesh.chartLabel" . | quote }} 38 | release: {{ .Release.Name | quote}} 39 | heritage: {{ .Release.Service | quote}} 40 | annotations: 41 | rbac.authorization.kubernetes.io/autoupdate: "true" 42 | name: coredns 43 | namespace: {{ .Release.Namespace }} 44 | roleRef: 45 | apiGroup: rbac.authorization.k8s.io 46 | kind: ClusterRole 47 | name: coredns 48 | subjects: 49 | - kind: ServiceAccount 50 | name: coredns 51 | namespace: {{ .Release.Namespace }} 52 | {{- end }} 53 | -------------------------------------------------------------------------------- /charts/maesh/templates/dns/coredns/coredns-sa.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubedns }} 2 | --- 3 | apiVersion: v1 4 | kind: ServiceAccount 5 | metadata: 6 | name: coredns 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | chart: {{ include "maesh.chartLabel" . | quote }} 10 | release: {{ .Release.Name | quote}} 11 | heritage: {{ .Release.Service | quote}} 12 | {{- end}} 13 | -------------------------------------------------------------------------------- /charts/maesh/templates/dns/coredns/coredns-service.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.kubedns }} 2 | --- 3 | apiVersion: v1 4 | kind: Service 5 | metadata: 6 | name: coredns 7 | namespace: {{ .Release.Namespace }} 8 | labels: 9 | k8s-app: coredns 10 | kubernetes.io/name: "CoreDNS" 11 | kubernetes.io/cluster-service: "true" 12 | chart: {{ include "maesh.chartLabel" . | quote }} 13 | release: {{ .Release.Name | quote}} 14 | heritage: {{ .Release.Service | quote}} 15 | annotations: 16 | prometheus.io/port: "9153" 17 | prometheus.io/scrape: "true" 18 | spec: 19 | selector: 20 | k8s-app: coredns 21 | type: ClusterIP 22 | ports: 23 | - name: dns 24 | port: 53 25 | protocol: UDP 26 | - name: dns-tcp 27 | port: 53 28 | protocol: TCP 29 | - name: metrics 30 | port: 9153 31 | protocol: TCP 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/maesh/templates/mesh/mesh-pdb.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: policy/v1beta1 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: maesh-mesh 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ .Release.Name | quote }} 9 | chart: {{ include "maesh.chartLabel" . | quote }} 10 | release: {{ .Release.Name | quote }} 11 | heritage: {{ .Release.Service | quote }} 12 | spec: 13 | maxUnavailable: 1 14 | selector: 15 | matchLabels: 16 | app: {{ .Release.Name | quote }} 17 | component: maesh-mesh 18 | release: {{ .Release.Name | quote }} 19 | -------------------------------------------------------------------------------- /charts/maesh/templates/mesh/mesh-sa.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: maesh-mesh 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: {{ .Release.Name | quote}} 9 | chart: {{ include "maesh.chartLabel" . | quote}} 10 | release: {{ .Release.Name | quote }} 11 | heritage: {{ .Release.Service | quote }} 12 | automountServiceAccountToken: false 13 | -------------------------------------------------------------------------------- /charts/maesh/templates/mesh/mesh-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: maesh-mesh-api 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | app: mesh-api 9 | spec: 10 | type: ClusterIP 11 | ports: 12 | - port: 8080 13 | name: mesh-api 14 | targetPort: api 15 | selector: 16 | component: maesh-mesh 17 | -------------------------------------------------------------------------------- /charts/maesh/values.yaml: -------------------------------------------------------------------------------- 1 | ## Default values for maesh 2 | controller: 3 | image: 4 | name: containous/maesh 5 | # (Optional) 6 | # pullPolicy: IfNotPresent 7 | # (Optional) 8 | # tag: v0.0.1 9 | # (Optional) 10 | # pullSecret: xxx 11 | resources: 12 | limit: 13 | mem: "100Mi" 14 | cpu: "200m" 15 | request: 16 | mem: "50Mi" 17 | cpu: "100m" 18 | logging: 19 | debug: true 20 | ignoreNamespaces: 21 | # Added so we can launch on nodes with restrictions 22 | nodeSelector: {} 23 | tolerations: [] 24 | affinity: {} 25 | 26 | kubedns: false 27 | 28 | mesh: 29 | image: 30 | name: traefik:v2.0.0 31 | # (Optional) 32 | # pullPolicy: IfNotPresent 33 | # (Optional) 34 | # tag: v0.0.1 35 | # (Optional) 36 | # pullSecret: xxx 37 | resources: 38 | limit: 39 | mem: "100Mi" 40 | cpu: "200m" 41 | request: 42 | mem: "50Mi" 43 | cpu: "100m" 44 | logging: INFO 45 | defaultMode: http 46 | # Added so we can launch on nodes with restrictions 47 | tolerations: [] 48 | 49 | # 50 | # addon jaeger tracing configuration 51 | # 52 | tracing: 53 | deploy: true 54 | jaeger: 55 | image: 56 | name: groundnuty/k8s-wait-for:v1.2 57 | enabled: true 58 | localagenthostport: "" 59 | samplingserverurl: "" 60 | 61 | # 62 | # addon metrics configuration 63 | # 64 | metrics: 65 | deploy: true 66 | prometheus: 67 | enabled: true 68 | 69 | smi: false 70 | 71 | limits: 72 | http: 10 73 | tcp: 25 74 | -------------------------------------------------------------------------------- /charts/preview/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | icon: https://raw.githubusercontent.com/jenkins-x/jenkins-x-platform/master/images/go.png 4 | name: preview 5 | version: 0.1.0-SNAPSHOT 6 | -------------------------------------------------------------------------------- /charts/preview/Makefile: -------------------------------------------------------------------------------- 1 | OS := $(shell uname) 2 | 3 | preview: 4 | ifeq ($(OS),Darwin) 5 | sed -i "" -e "s/version:.*/version: $(PREVIEW_VERSION)/" Chart.yaml 6 | sed -i "" -e "s/version:.*/version: $(PREVIEW_VERSION)/" ../*/Chart.yaml 7 | sed -i "" -e "s/tag:.*/tag: $(PREVIEW_VERSION)/" values.yaml 8 | else ifeq ($(OS),Linux) 9 | sed -i -e "s/version:.*/version: $(PREVIEW_VERSION)/" Chart.yaml 10 | sed -i -e "s/version:.*/version: $(PREVIEW_VERSION)/" ../*/Chart.yaml 11 | sed -i -e "s|repository:.*|repository: $(DOCKER_REGISTRY)\/vfarcic\/k8s-specs|" values.yaml 12 | sed -i -e "s/tag:.*/tag: $(PREVIEW_VERSION)/" values.yaml 13 | else 14 | echo "platfrom $(OS) not supported to release from" 15 | exit -1 16 | endif 17 | echo " version: $(PREVIEW_VERSION)" >> requirements.yaml 18 | jx step helm build 19 | -------------------------------------------------------------------------------- /charts/preview/requirements.yaml: -------------------------------------------------------------------------------- 1 | # !! File must end with empty line !! 2 | dependencies: 3 | - alias: expose 4 | name: exposecontroller 5 | repository: http://chartmuseum.jenkins-x.io 6 | version: 2.3.56 7 | - alias: cleanup 8 | name: exposecontroller 9 | repository: http://chartmuseum.jenkins-x.io 10 | version: 2.3.56 11 | 12 | # !! "alias: preview" must be last entry in dependencies array !! 13 | # !! Place custom dependencies above !! 14 | - alias: preview 15 | name: k8s-specs 16 | repository: file://../k8s-specs 17 | -------------------------------------------------------------------------------- /charts/preview/values.yaml: -------------------------------------------------------------------------------- 1 | 2 | expose: 3 | Annotations: 4 | helm.sh/hook: post-install,post-upgrade 5 | helm.sh/hook-delete-policy: hook-succeeded 6 | config: 7 | exposer: Ingress 8 | http: true 9 | tlsacme: false 10 | 11 | cleanup: 12 | Args: 13 | - --cleanup 14 | Annotations: 15 | helm.sh/hook: pre-delete 16 | helm.sh/hook-delete-policy: hook-succeeded 17 | 18 | preview: 19 | image: 20 | repository: 21 | tag: 22 | pullPolicy: IfNotPresent -------------------------------------------------------------------------------- /cm/alpine-env-all.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: alpine-env 5 | spec: 6 | containers: 7 | - name: alpine 8 | image: alpine 9 | command: ["sleep"] 10 | args: ["100000"] 11 | envFrom: 12 | - configMapRef: 13 | name: my-config 14 | -------------------------------------------------------------------------------- /cm/alpine-env.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: alpine-env 5 | spec: 6 | containers: 7 | - name: alpine 8 | image: alpine 9 | command: ["sleep"] 10 | args: ["100000"] 11 | env: 12 | - name: something 13 | valueFrom: 14 | configMapKeyRef: 15 | name: my-config 16 | key: something 17 | - name: weather 18 | valueFrom: 19 | configMapKeyRef: 20 | name: my-config 21 | key: weather 22 | -------------------------------------------------------------------------------- /cm/alpine.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: alpine 5 | spec: 6 | containers: 7 | - name: alpine 8 | image: alpine 9 | command: ["sleep"] 10 | args: ["100000"] 11 | volumeMounts: 12 | - name: config-vol 13 | mountPath: /etc/config 14 | volumes: 15 | - name: config-vol 16 | configMap: 17 | name: my-config 18 | -------------------------------------------------------------------------------- /cm/my-env-file.yml: -------------------------------------------------------------------------------- 1 | something=else 2 | weather=sunny 3 | -------------------------------------------------------------------------------- /cm/prometheus-conf.yml: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 15s 3 | 4 | scrape_configs: 5 | - job_name: prometheus 6 | metrics_path: /prometheus/metrics 7 | static_configs: 8 | - targets: 9 | - localhost:9090 10 | -------------------------------------------------------------------------------- /cm/prometheus.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: prometheus 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /prometheus 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: prometheus 18 | port: 19 | number: 9090 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: prometheus 27 | spec: 28 | selector: 29 | matchLabels: 30 | type: monitor 31 | service: prometheus 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | type: monitor 38 | service: prometheus 39 | spec: 40 | containers: 41 | - name: prometheus 42 | image: prom/prometheus:v2.0.0 43 | command: 44 | - /bin/prometheus 45 | args: 46 | - "--config.file=/etc/prometheus/prometheus.yml" 47 | - "--storage.tsdb.path=/prometheus" 48 | - "--web.console.libraries=/usr/share" 49 | - "--web.external-url=http://192.168.99.100/prometheus" 50 | volumeMounts: 51 | - mountPath: /etc/prometheus 52 | name: prom-conf 53 | volumes: 54 | - name: prom-conf 55 | configMap: 56 | name: prom-conf 57 | 58 | --- 59 | 60 | apiVersion: v1 61 | kind: Service 62 | metadata: 63 | name: prometheus 64 | spec: 65 | ports: 66 | - port: 9090 67 | selector: 68 | type: monitor 69 | service: prometheus 70 | 71 | --- 72 | 73 | apiVersion: v1 74 | kind: ConfigMap 75 | metadata: 76 | name: prom-conf 77 | data: 78 | prometheus.yml: | 79 | global: 80 | scrape_interval: 15s 81 | 82 | scrape_configs: 83 | - job_name: prometheus 84 | metrics_path: /prometheus/metrics 85 | static_configs: 86 | - targets: 87 | - localhost:9090 88 | -------------------------------------------------------------------------------- /crossplane/.gitignore: -------------------------------------------------------------------------------- 1 | /account.json 2 | -------------------------------------------------------------------------------- /deploy/different-app-db.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: different-app-db 5 | labels: 6 | type: db 7 | service: different-app 8 | vendor: MongoLabs 9 | spec: 10 | selector: 11 | matchLabels: 12 | type: db 13 | service: different-app 14 | template: 15 | metadata: 16 | labels: 17 | type: db 18 | service: different-app 19 | vendor: MongoLabs 20 | spec: 21 | containers: 22 | - name: db 23 | image: mongo:3.3 24 | ports: 25 | - containerPort: 28017 26 | -------------------------------------------------------------------------------- /deploy/go-demo-2-api.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: go-demo-2-api 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | type: api 10 | service: go-demo-2 11 | minReadySeconds: 1 12 | progressDeadlineSeconds: 60 13 | revisionHistoryLimit: 5 14 | strategy: 15 | type: RollingUpdate 16 | rollingUpdate: 17 | maxSurge: 1 18 | maxUnavailable: 1 19 | template: 20 | metadata: 21 | labels: 22 | type: api 23 | service: go-demo-2 24 | language: go 25 | spec: 26 | containers: 27 | - name: api 28 | image: vfarcic/go-demo-2 29 | env: 30 | - name: DB 31 | value: go-demo-2-db 32 | readinessProbe: 33 | httpGet: 34 | path: /demo/hello 35 | port: 8080 36 | periodSeconds: 1 37 | livenessProbe: 38 | httpGet: 39 | path: /demo/hello 40 | port: 8080 41 | -------------------------------------------------------------------------------- /deploy/go-demo-2-db-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | ports: 7 | - port: 27017 8 | selector: 9 | type: db 10 | service: go-demo-2 11 | -------------------------------------------------------------------------------- /deploy/go-demo-2-db.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | selector: 7 | matchLabels: 8 | type: db 9 | service: go-demo-2 10 | template: 11 | metadata: 12 | labels: 13 | type: db 14 | service: go-demo-2 15 | vendor: MongoLabs 16 | spec: 17 | containers: 18 | - name: db 19 | image: mongo:3.3 20 | ports: 21 | - containerPort: 28017 22 | -------------------------------------------------------------------------------- /deploy/go-demo-2-scaled-new.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | selector: 7 | matchLabels: 8 | type: db 9 | service: go-demo-2 10 | strategy: 11 | type: Recreate 12 | template: 13 | metadata: 14 | labels: 15 | type: db 16 | service: go-demo-2 17 | vendor: MongoLabs 18 | spec: 19 | containers: 20 | - name: db 21 | image: mongo:3.3 22 | ports: 23 | - containerPort: 28017 24 | 25 | --- 26 | 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: go-demo-2-db 31 | spec: 32 | ports: 33 | - port: 27017 34 | selector: 35 | type: db 36 | service: go-demo-2 37 | 38 | --- 39 | 40 | apiVersion: apps/v1 41 | kind: Deployment 42 | metadata: 43 | name: go-demo-2-api 44 | spec: 45 | replicas: 5 46 | selector: 47 | matchLabels: 48 | type: api 49 | service: go-demo-2 50 | template: 51 | metadata: 52 | labels: 53 | type: api 54 | service: go-demo-2 55 | language: go 56 | spec: 57 | containers: 58 | - name: api 59 | image: vfarcic/go-demo-2:3.0 60 | env: 61 | - name: DB 62 | value: go-demo-2-db 63 | readinessProbe: 64 | httpGet: 65 | path: /demo/hello 66 | port: 8080 67 | periodSeconds: 1 68 | livenessProbe: 69 | httpGet: 70 | path: /demo/hello 71 | port: 8080 72 | 73 | --- 74 | 75 | apiVersion: v1 76 | kind: Service 77 | metadata: 78 | name: go-demo-2-api 79 | spec: 80 | type: NodePort 81 | ports: 82 | - port: 8080 83 | selector: 84 | type: api 85 | service: go-demo-2 86 | -------------------------------------------------------------------------------- /deploy/go-demo-2-scaled.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | selector: 7 | matchLabels: 8 | type: db 9 | service: go-demo-2 10 | strategy: 11 | type: Recreate 12 | template: 13 | metadata: 14 | labels: 15 | type: db 16 | service: go-demo-2 17 | vendor: MongoLabs 18 | spec: 19 | containers: 20 | - name: db 21 | image: mongo:3.3 22 | ports: 23 | - containerPort: 27017 24 | 25 | --- 26 | 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: go-demo-2-db 31 | spec: 32 | ports: 33 | - port: 27017 34 | selector: 35 | type: db 36 | service: go-demo-2 37 | 38 | --- 39 | 40 | apiVersion: apps/v1 41 | kind: Deployment 42 | metadata: 43 | name: go-demo-2-api 44 | spec: 45 | replicas: 5 46 | selector: 47 | matchLabels: 48 | type: api 49 | service: go-demo-2 50 | template: 51 | metadata: 52 | labels: 53 | type: api 54 | service: go-demo-2 55 | language: go 56 | spec: 57 | containers: 58 | - name: api 59 | image: vfarcic/go-demo-2 60 | env: 61 | - name: DB 62 | value: go-demo-2-db 63 | readinessProbe: 64 | httpGet: 65 | path: /demo/hello 66 | port: 8080 67 | periodSeconds: 1 68 | livenessProbe: 69 | httpGet: 70 | path: /demo/hello 71 | port: 8080 72 | 73 | --- 74 | 75 | apiVersion: v1 76 | kind: Service 77 | metadata: 78 | name: go-demo-2-api 79 | spec: 80 | type: NodePort 81 | ports: 82 | - port: 8080 83 | selector: 84 | type: api 85 | service: go-demo-2 86 | -------------------------------------------------------------------------------- /deploy/go-demo-2-swarm.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | api: 4 | image: vfarcic/go-demo-2 5 | environment: 6 | - DB=db 7 | ports: 8 | - 8080 9 | deploy: 10 | replicas: 3 11 | db: 12 | image: mongo:3.3 13 | -------------------------------------------------------------------------------- /deploy/go-demo-2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: go-demo-2-db 5 | labels: 6 | type: db 7 | service: go-demo-2 8 | vendor: MongoLabs 9 | spec: 10 | selector: 11 | matchLabels: 12 | type: db 13 | service: go-demo-2 14 | strategy: 15 | type: Recreate 16 | template: 17 | metadata: 18 | labels: 19 | type: db 20 | service: go-demo-2 21 | vendor: MongoLabs 22 | spec: 23 | containers: 24 | - name: db 25 | image: mongo:3.3 26 | 27 | --- 28 | 29 | apiVersion: v1 30 | kind: Service 31 | metadata: 32 | name: go-demo-2-db 33 | spec: 34 | ports: 35 | - port: 27017 36 | selector: 37 | type: db 38 | service: go-demo-2 39 | 40 | --- 41 | 42 | apiVersion: apps/v1 43 | kind: Deployment 44 | metadata: 45 | name: go-demo-2-api 46 | labels: 47 | type: api 48 | service: go-demo-2 49 | language: go 50 | spec: 51 | replicas: 3 52 | selector: 53 | matchLabels: 54 | type: api 55 | service: go-demo-2 56 | template: 57 | metadata: 58 | labels: 59 | type: api 60 | service: go-demo-2 61 | language: go 62 | spec: 63 | containers: 64 | - name: api 65 | image: vfarcic/go-demo-2 66 | env: 67 | - name: DB 68 | value: go-demo-2-db 69 | readinessProbe: 70 | httpGet: 71 | path: /demo/hello 72 | port: 8080 73 | periodSeconds: 1 74 | livenessProbe: 75 | httpGet: 76 | path: /demo/hello 77 | port: 8080 78 | 79 | --- 80 | 81 | apiVersion: v1 82 | kind: Service 83 | metadata: 84 | name: go-demo-2-api 85 | spec: 86 | type: NodePort 87 | ports: 88 | - port: 8080 89 | selector: 90 | type: api 91 | service: go-demo-2 92 | -------------------------------------------------------------------------------- /do/storage.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | access-token: REPLACE_TOKEN 4 | kind: Secret 5 | metadata: 6 | name: digitalocean 7 | namespace: kube-system 8 | 9 | --- 10 | 11 | kind: StorageClass 12 | apiVersion: storage.k8s.io/v1 13 | metadata: 14 | annotations: 15 | storageclass.kubernetes.io/is-default-class: "true" 16 | name: digitalocean 17 | provisioner: kubernetes.io/digitalocean-volume 18 | -------------------------------------------------------------------------------- /helm/chartmuseum-values.yml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: v0.7.0 3 | env: 4 | open: 5 | DISABLE_API: false 6 | resources: 7 | limits: 8 | cpu: 100m 9 | memory: 128Mi 10 | requests: 11 | cpu: 80m 12 | memory: 64Mi 13 | persistence: 14 | enabled: true 15 | ingress: 16 | enabled: true 17 | annotations: 18 | kubernetes.io/ingress.class: "nginx" 19 | ingress.kubernetes.io/ssl-redirect: "false" 20 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 21 | hosts: 22 | - name: cm.127.0.0.1.nip.io 23 | path: / 24 | -------------------------------------------------------------------------------- /helm/gitlab-values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | edition: ce 3 | hosts: 4 | https: false 5 | ingress: 6 | configureCertmanager: false 7 | tls: 8 | enabled: false 9 | annotations: 10 | kubernetes.io/ingress.class: nginx 11 | kubernetes.io/ingress.provider: nginx 12 | nginx.ingress.kubernetes.io/proxy-body-size: 512m 13 | nginx.ingress.kubernetes.io/proxy-connect-timeout: 15 14 | nginx.ingress.kubernetes.io/proxy-read-timeout: 600 15 | certmanager: 16 | install: false 17 | prometheus: 18 | install: false 19 | gitlab-runner: 20 | install: false 21 | nginx-ingress: 22 | enabled: false 23 | -------------------------------------------------------------------------------- /helm/jenkins-config.yml: -------------------------------------------------------------------------------- 1 | master: 2 | serviceType: NodePort 3 | nodePort: 31001 4 | installPlugins: 5 | - kubernetes:1.4 6 | - credentials:2.1.16 7 | - workflow-aggregator:2.5 8 | - git-client:2.7.1 9 | - pipeline-utility-steps:2.0.1 10 | - git:3.8.0 11 | - github:1.29.0 12 | - blueocean:1.4.2 13 | -------------------------------------------------------------------------------- /helm/jenkins-patch.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: jenkins-role-binding 5 | labels: 6 | app: jenkins 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: cluster-admin 11 | subjects: 12 | - kind: ServiceAccount 13 | name: jenkins 14 | namespace: jenkins 15 | -------------------------------------------------------------------------------- /helm/jenkins-sa.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: jenkins 5 | namespace: jenkins 6 | 7 | --- 8 | 9 | kind: Role 10 | apiVersion: rbac.authorization.k8s.io/v1beta1 11 | metadata: 12 | name: jenkins 13 | namespace: build 14 | rules: 15 | - apiGroups: [""] 16 | resources: ["pods", "pods/exec", "pods/log"] 17 | verbs: ["*"] 18 | - apiGroups: [""] 19 | resources: ["secrets"] 20 | verbs: ["get"] 21 | 22 | --- 23 | 24 | apiVersion: rbac.authorization.k8s.io/v1beta1 25 | kind: RoleBinding 26 | metadata: 27 | name: jenkins 28 | namespace: build 29 | roleRef: 30 | apiGroup: rbac.authorization.k8s.io 31 | kind: Role 32 | name: jenkins 33 | subjects: 34 | - kind: ServiceAccount 35 | name: jenkins 36 | namespace: jenkins 37 | -------------------------------------------------------------------------------- /helm/jenkins-values.yml: -------------------------------------------------------------------------------- 1 | # helm install stable/jenkins --name jenkins --namespace jenkins --values helm/jenkins-values --set master.hostName=... 2 | master: 3 | imageTag: "2.151-alpine" 4 | cpu: "500m" 5 | memory: "500Mi" 6 | serviceType: ClusterIP 7 | serviceAnnotations: 8 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http 9 | installPlugins: 10 | - durable-task:1.28 11 | - workflow-durable-task-step:2.28 12 | - blueocean:1.10.1 13 | - credentials:2.1.18 14 | - ec2:1.39 15 | - git:3.9.1 16 | - git-client:2.7.6 17 | - github:1.29.3 18 | - kubernetes:1.14.3 19 | - pipeline-utility-steps:2.2.0 20 | - pipeline-model-definition:1.3.4.1 21 | - slack:2.14 22 | - thinBackup:1.9 23 | - workflow-aggregator:2.6 24 | - ssh-slaves:1.29.4 25 | - ssh-agent:1.17 26 | - jdk-tool:1.2 27 | - command-launcher:1.3 28 | - github-oauth:0.31 29 | - google-compute-engine:1.0.8 30 | - pegdown-formatter:1.3 31 | ingress: 32 | enabled: true 33 | annotations: 34 | kubernetes.io/ingress.class: "nginx" 35 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 36 | nginx.ingress.kubernetes.io/proxy-body-size: 50m 37 | nginx.ingress.kubernetes.io/proxy-request-buffering: "off" 38 | ingress.kubernetes.io/ssl-redirect: "false" 39 | ingress.kubernetes.io/proxy-body-size: 50m 40 | ingress.kubernetes.io/proxy-request-buffering: "off" 41 | hostName: jenkins.acme.com 42 | rbac: 43 | create: true 44 | 45 | -------------------------------------------------------------------------------- /helm/jenkins-values2.yml: -------------------------------------------------------------------------------- 1 | # helm install stable/jenkins --name jenkins --namespace jenkins --values helm/jenkins-values --set master.hostName=... 2 | master: 3 | tag: "2.204.1-alpine" 4 | cpu: "500m" 5 | memory: "500Mi" 6 | serviceType: ClusterIP 7 | serviceAnnotations: 8 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http 9 | installPlugins: 10 | - durable-task:1.33 11 | - workflow-durable-task-step:2.35 12 | - blueocean:1.21.0 13 | - credentials:2.3.0 14 | - ec2:1.47 15 | - git:4.0.0 16 | - git-client:3.0.0 17 | - github:1.29.5 18 | - kubernetes:1.22.3 19 | - pipeline-utility-steps:2.3.1 20 | - pipeline-model-definition:1.5.0 21 | - slack:2.35 22 | - thinBackup:1.9 23 | - workflow-aggregator:2.6 24 | - ssh-slaves:1.31.0 25 | - ssh-agent:1.17 26 | - jdk-tool:1.4 27 | - command-launcher:1.4 28 | - github-oauth:0.33 29 | - google-compute-engine:4.2.0 30 | - pegdown-formatter:1.3 31 | ingress: 32 | enabled: true 33 | annotations: 34 | kubernetes.io/ingress.class: "nginx" 35 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 36 | nginx.ingress.kubernetes.io/proxy-body-size: 50m 37 | nginx.ingress.kubernetes.io/proxy-request-buffering: "off" 38 | ingress.kubernetes.io/ssl-redirect: "false" 39 | ingress.kubernetes.io/proxy-body-size: 50m 40 | ingress.kubernetes.io/proxy-request-buffering: "off" 41 | hostName: jenkins.acme.com 42 | rbac: 43 | create: true 44 | 45 | -------------------------------------------------------------------------------- /helm/jenkins/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /helm/jenkins/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: jenkins 4 | version: 0.1.0 5 | -------------------------------------------------------------------------------- /helm/jenkins/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: jenkins 3 | version: 1.5.0 4 | repository: https://kubernetes-charts.storage.googleapis.com 5 | -------------------------------------------------------------------------------- /helm/jenkins/values.yaml: -------------------------------------------------------------------------------- 1 | jenkins: 2 | master: 3 | imageTag: "2.151-alpine" 4 | cpu: "500m" 5 | memory: "500Mi" 6 | serviceType: ClusterIP 7 | serviceAnnotations: 8 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http 9 | installPlugins: 10 | - durable-task:1.28 11 | - workflow-durable-task-step:2.28 12 | - blueocean:1.10.1 13 | - credentials:2.1.18 14 | - ec2:1.39 15 | - git:3.9.1 16 | - git-client:2.7.6 17 | - github:1.29.3 18 | - kubernetes:1.14.3 19 | - pipeline-utility-steps:2.2.0 20 | - pipeline-model-definition:1.3.4.1 21 | - slack:2.14 22 | - thinBackup:1.9 23 | - workflow-aggregator:2.6 24 | - ssh-slaves:1.29.4 25 | - ssh-agent:1.17 26 | - jdk-tool:1.2 27 | - command-launcher:1.3 28 | - github-oauth:0.31 29 | - google-compute-engine:1.0.8 30 | - pegdown-formatter:1.3 31 | ingress: 32 | enabled: true 33 | annotations: 34 | kubernetes.io/ingress.class: "nginx" 35 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 36 | nginx.ingress.kubernetes.io/proxy-body-size: 50m 37 | nginx.ingress.kubernetes.io/proxy-request-buffering: "off" 38 | ingress.kubernetes.io/ssl-redirect: "false" 39 | ingress.kubernetes.io/proxy-body-size: 50m 40 | ingress.kubernetes.io/proxy-request-buffering: "off" 41 | hostName: jenkins.acme.com 42 | customConfigMap: true 43 | credentialsXmlSecret: jenkins-credentials 44 | secretsFilesSecret: jenkins-secrets 45 | DockerVM: false 46 | # DockerAMI: 47 | # GProject: 48 | # GAuthFile: 49 | # GlobalLibraries: true 50 | rbac: 51 | create: true 52 | -------------------------------------------------------------------------------- /helm/jenkins2/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /helm/jenkins2/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: A Helm chart for Kubernetes 3 | name: jenkins 4 | version: 0.1.0 5 | -------------------------------------------------------------------------------- /helm/jenkins2/charts/jenkins-1.5.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vfarcic/k8s-specs/f66338e0a05d259b0caa4e76508f5f1d1b3ff4bd/helm/jenkins2/charts/jenkins-1.5.0.tgz -------------------------------------------------------------------------------- /helm/jenkins2/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: jenkins 3 | version: 1.5.0 4 | repository: https://kubernetes-charts.storage.googleapis.com 5 | -------------------------------------------------------------------------------- /helm/jenkins2/values.yaml: -------------------------------------------------------------------------------- 1 | jenkins: 2 | master: 3 | tag: "2.204.1-alpine" 4 | cpu: "500m" 5 | memory: "500Mi" 6 | serviceType: ClusterIP 7 | serviceAnnotations: 8 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http 9 | installPlugins: 10 | - durable-task:1.33 11 | - workflow-durable-task-step:2.35 12 | - blueocean:1.21.0 13 | - credentials:2.3.0 14 | - ec2:1.47 15 | - git:4.0.0 16 | - git-client:3.0.0 17 | - github:1.29.5 18 | - kubernetes:1.22.3 19 | - pipeline-utility-steps:2.3.1 20 | - pipeline-model-definition:1.5.0 21 | - slack:2.35 22 | - thinBackup:1.9 23 | - workflow-aggregator:2.6 24 | - ssh-slaves:1.31.0 25 | - ssh-agent:1.17 26 | - jdk-tool:1.4 27 | - command-launcher:1.4 28 | - github-oauth:0.33 29 | - google-compute-engine:4.2.0 30 | - pegdown-formatter:1.3 31 | ingress: 32 | enabled: true 33 | annotations: 34 | kubernetes.io/ingress.class: "nginx" 35 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 36 | nginx.ingress.kubernetes.io/proxy-body-size: 50m 37 | nginx.ingress.kubernetes.io/proxy-request-buffering: "off" 38 | ingress.kubernetes.io/ssl-redirect: "false" 39 | ingress.kubernetes.io/proxy-body-size: 50m 40 | ingress.kubernetes.io/proxy-request-buffering: "off" 41 | hostName: jenkins.acme.com 42 | customConfigMap: true 43 | credentialsXmlSecret: jenkins-credentials 44 | secretsFilesSecret: jenkins-secrets 45 | DockerVM: false 46 | # DockerAMI: 47 | # GProject: 48 | # GAuthFile: 49 | # GlobalLibraries: true 50 | rbac: 51 | create: true 52 | -------------------------------------------------------------------------------- /helm/monocular-values.yml: -------------------------------------------------------------------------------- 1 | api: 2 | image: 3 | tag: v0.7.0 4 | resources: 5 | limits: 6 | cpu: 500m 7 | memory: 1Gi 8 | requests: 9 | cpu: 200m 10 | memory: 512Mi 11 | ui: 12 | image: 13 | tag: v1.0.3 14 | ingress: 15 | annotations: 16 | kubernetes.io/ingress.class: "nginx" 17 | ingress.kubernetes.io/rewrite-target: / 18 | nginx.ingress.kubernetes.io/rewrite-target: / 19 | ingress.kubernetes.io/ssl-redirect: "false" 20 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 21 | -------------------------------------------------------------------------------- /helm/registry-values.yml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: 2.6.2 3 | service: 4 | type: LoadBalancer 5 | resources: 6 | limits: 7 | cpu: 100m 8 | memory: 128Mi 9 | requests: 10 | cpu: 80m 11 | memory: 64Mi 12 | persistence: 13 | enabled: true 14 | -------------------------------------------------------------------------------- /helm/tiller-rbac.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: tiller 5 | namespace: kube-system 6 | 7 | --- 8 | 9 | apiVersion: rbac.authorization.k8s.io/v1beta1 10 | kind: ClusterRoleBinding 11 | metadata: 12 | name: tiller 13 | roleRef: 14 | apiGroup: rbac.authorization.k8s.io 15 | kind: ClusterRole 16 | name: cluster-admin 17 | subjects: 18 | - kind: ServiceAccount 19 | name: tiller 20 | namespace: kube-system 21 | -------------------------------------------------------------------------------- /ingress/default-backend.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: default 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: devops-toolkit 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /ingress/devops-toolkit-dep-lb.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: devops-toolkit 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | type: frontend 10 | service: devops-toolkit 11 | template: 12 | metadata: 13 | labels: 14 | type: frontend 15 | service: devops-toolkit 16 | spec: 17 | containers: 18 | - name: frontend 19 | image: vfarcic/devops-toolkit-series 20 | 21 | --- 22 | 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: devops-toolkit 27 | spec: 28 | type: LoadBalancer 29 | ports: 30 | - port: 8080 31 | targetPort: 80 32 | selector: 33 | type: frontend 34 | service: devops-toolkit 35 | -------------------------------------------------------------------------------- /ingress/devops-toolkit-dep.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: devops-toolkit 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | type: frontend 10 | service: devops-toolkit 11 | template: 12 | metadata: 13 | labels: 14 | type: frontend 15 | service: devops-toolkit 16 | spec: 17 | containers: 18 | - name: frontend 19 | image: vfarcic/devops-toolkit-series 20 | 21 | --- 22 | 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: devops-toolkit 27 | spec: 28 | type: NodePort 29 | ports: 30 | - port: 80 31 | selector: 32 | type: frontend 33 | service: devops-toolkit 34 | -------------------------------------------------------------------------------- /ingress/devops-toolkit-dom.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: devops-toolkit 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - host: devopstoolkitseries.com 12 | http: 13 | paths: 14 | - path: / 15 | pathType: ImplementationSpecific 16 | backend: 17 | service: 18 | name: devops-toolkit 19 | port: 20 | number: 80 21 | 22 | --- 23 | 24 | apiVersion: apps/v1 25 | kind: Deployment 26 | metadata: 27 | name: devops-toolkit 28 | spec: 29 | replicas: 3 30 | selector: 31 | matchLabels: 32 | type: frontend 33 | service: devops-toolkit 34 | template: 35 | metadata: 36 | labels: 37 | type: frontend 38 | service: devops-toolkit 39 | spec: 40 | containers: 41 | - name: frontend 42 | image: vfarcic/devops-toolkit-series 43 | 44 | --- 45 | 46 | apiVersion: v1 47 | kind: Service 48 | metadata: 49 | name: devops-toolkit 50 | spec: 51 | ports: 52 | - port: 80 53 | selector: 54 | type: frontend 55 | service: devops-toolkit 56 | -------------------------------------------------------------------------------- /ingress/devops-toolkit.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: devops-toolkit 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: / 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: devops-toolkit 18 | port: 19 | number: 80 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: devops-toolkit 27 | spec: 28 | replicas: 3 29 | selector: 30 | matchLabels: 31 | type: frontend 32 | service: devops-toolkit 33 | template: 34 | metadata: 35 | labels: 36 | type: frontend 37 | service: devops-toolkit 38 | spec: 39 | containers: 40 | - name: frontend 41 | image: vfarcic/devops-toolkit-series 42 | 43 | --- 44 | 45 | apiVersion: v1 46 | kind: Service 47 | metadata: 48 | name: devops-toolkit 49 | spec: 50 | ports: 51 | - port: 80 52 | selector: 53 | type: frontend 54 | service: devops-toolkit 55 | -------------------------------------------------------------------------------- /ingress/go-demo-2-deploy-lb.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | selector: 7 | matchLabels: 8 | type: db 9 | service: go-demo-2 10 | strategy: 11 | type: Recreate 12 | template: 13 | metadata: 14 | labels: 15 | type: db 16 | service: go-demo-2 17 | vendor: MongoLabs 18 | spec: 19 | containers: 20 | - name: db 21 | image: mongo:3.3 22 | 23 | --- 24 | 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: go-demo-2-db 29 | spec: 30 | ports: 31 | - port: 27017 32 | selector: 33 | type: db 34 | service: go-demo-2 35 | 36 | --- 37 | 38 | apiVersion: apps/v1 39 | kind: Deployment 40 | metadata: 41 | name: go-demo-2-api 42 | spec: 43 | replicas: 3 44 | selector: 45 | matchLabels: 46 | type: api 47 | service: go-demo-2 48 | template: 49 | metadata: 50 | labels: 51 | type: api 52 | service: go-demo-2 53 | language: go 54 | spec: 55 | containers: 56 | - name: api 57 | image: vfarcic/go-demo-2 58 | env: 59 | - name: DB 60 | value: go-demo-2-db 61 | readinessProbe: 62 | httpGet: 63 | path: /demo/hello 64 | port: 8080 65 | periodSeconds: 1 66 | livenessProbe: 67 | httpGet: 68 | path: /demo/hello 69 | port: 8080 70 | 71 | --- 72 | 73 | apiVersion: v1 74 | kind: Service 75 | metadata: 76 | name: go-demo-2-api 77 | spec: 78 | type: LoadBalancer 79 | ports: 80 | - port: 8080 81 | selector: 82 | type: api 83 | service: go-demo-2 84 | -------------------------------------------------------------------------------- /ingress/go-demo-2-deploy.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | selector: 7 | matchLabels: 8 | type: db 9 | service: go-demo-2 10 | strategy: 11 | type: Recreate 12 | template: 13 | metadata: 14 | labels: 15 | type: db 16 | service: go-demo-2 17 | vendor: MongoLabs 18 | spec: 19 | containers: 20 | - name: db 21 | image: mongo:3.3 22 | 23 | --- 24 | 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: go-demo-2-db 29 | spec: 30 | ports: 31 | - port: 27017 32 | selector: 33 | type: db 34 | service: go-demo-2 35 | 36 | --- 37 | 38 | apiVersion: apps/v1 39 | kind: Deployment 40 | metadata: 41 | name: go-demo-2-api 42 | spec: 43 | replicas: 3 44 | selector: 45 | matchLabels: 46 | type: api 47 | service: go-demo-2 48 | template: 49 | metadata: 50 | labels: 51 | type: api 52 | service: go-demo-2 53 | language: go 54 | spec: 55 | containers: 56 | - name: api 57 | image: vfarcic/go-demo-2 58 | env: 59 | - name: DB 60 | value: go-demo-2-db 61 | readinessProbe: 62 | httpGet: 63 | path: /demo/hello 64 | port: 8080 65 | periodSeconds: 1 66 | livenessProbe: 67 | httpGet: 68 | path: /demo/hello 69 | port: 8080 70 | 71 | --- 72 | 73 | apiVersion: v1 74 | kind: Service 75 | metadata: 76 | name: go-demo-2-api 77 | spec: 78 | type: NodePort 79 | ports: 80 | - port: 8080 81 | selector: 82 | type: api 83 | service: go-demo-2 84 | -------------------------------------------------------------------------------- /ingress/go-demo-2-ingress.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: go-demo-2 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /demo 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: go-demo-2-api 18 | port: 19 | number: 8080 20 | -------------------------------------------------------------------------------- /istio/alpine.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: alpine 5 | labels: 6 | app: alpine 7 | spec: 8 | ports: 9 | - port: 80 10 | name: http 11 | selector: 12 | app: alpine 13 | 14 | --- 15 | 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | metadata: 19 | name: alpine 20 | spec: 21 | selector: 22 | matchLabels: 23 | app: alpine 24 | template: 25 | metadata: 26 | labels: 27 | app: alpine 28 | spec: 29 | containers: 30 | - name: alpine 31 | image: alpine 32 | command: ["sleep"] 33 | args: ["100000"] -------------------------------------------------------------------------------- /istio/gd7-gateway-https.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: go-demo-7-api 5 | namespace: go-demo-7 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | number: 80 12 | name: http 13 | protocol: HTTP 14 | hosts: 15 | - go-demo-7.com 16 | - port: 17 | number: 443 18 | name: https 19 | protocol: HTTPS 20 | tls: 21 | mode: SIMPLE 22 | serverCertificate: /etc/istio/ingressgateway-certs/tls.crt 23 | privateKey: /etc/istio/ingressgateway-certs/tls.key 24 | hosts: 25 | - go-demo-7.com -------------------------------------------------------------------------------- /istio/gd7-gateway.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: go-demo-7-api 5 | namespace: go-demo-7 6 | spec: 7 | selector: 8 | istio: ingressgateway 9 | servers: 10 | - port: 11 | number: 80 12 | name: http 13 | protocol: HTTP 14 | hosts: 15 | - go-demo-7.com 16 | -------------------------------------------------------------------------------- /istio/gd7-virtualservice.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: go-demo-7-api 5 | namespace: go-demo-7 6 | spec: 7 | hosts: 8 | - go-demo-7.com 9 | gateways: 10 | - go-demo-7-api 11 | http: 12 | - match: 13 | - uri: 14 | prefix: /demo/hello 15 | route: 16 | - destination: 17 | port: 18 | number: 8080 19 | host: go-demo-7-api -------------------------------------------------------------------------------- /jenkins/docker-ami.json: -------------------------------------------------------------------------------- 1 | { 2 | "builders": [{ 3 | "type": "amazon-ebs", 4 | "region": "us-east-2", 5 | "source_ami_filter": { 6 | "filters": { 7 | "virtualization-type": "hvm", 8 | "name": "*ubuntu-xenial-16.04-amd64-server-*", 9 | "root-device-type": "ebs" 10 | }, 11 | "owners": ["099720109477"], 12 | "most_recent": true 13 | }, 14 | "instance_type": "t2.micro", 15 | "ssh_username": "ubuntu", 16 | "ami_name": "docker", 17 | "force_deregister": true 18 | }], 19 | "provisioners": [{ 20 | "type": "shell", 21 | "inline": [ 22 | "sleep 15", 23 | "sudo apt-get clean", 24 | "sudo apt-get update", 25 | "sudo apt-get install -y apt-transport-https ca-certificates nfs-common", 26 | "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -", 27 | "sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"", 28 | "sudo add-apt-repository -y ppa:openjdk-r/ppa", 29 | "sudo apt-get update", 30 | "sudo apt-get install -y docker-ce", 31 | "sudo usermod -aG docker ubuntu", 32 | "sudo apt-get install -y openjdk-8-jdk" 33 | ] 34 | }] 35 | } 36 | -------------------------------------------------------------------------------- /jenkins/docker-gce.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "project_id": "" 4 | }, 5 | "builders": [{ 6 | "type": "googlecompute", 7 | "account_file": "cluster/gce-jenkins.json", 8 | "project_id": "{{user `project_id`}}", 9 | "source_image_project_id": "ubuntu-os-cloud", 10 | "source_image_family": "ubuntu-1604-lts", 11 | "ssh_username": "ubuntu", 12 | "zone": "us-east1-b", 13 | "image_name": "docker" 14 | }], 15 | "provisioners": [{ 16 | "type": "shell", 17 | "inline": [ 18 | "sleep 15", 19 | "sudo apt-get clean", 20 | "sudo apt-get update", 21 | "sudo apt-get install -y apt-transport-https ca-certificates nfs-common", 22 | "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -", 23 | "sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"", 24 | "sudo add-apt-repository -y ppa:openjdk-r/ppa", 25 | "sudo apt-get update", 26 | "sudo apt-get install -y docker-ce", 27 | "sudo usermod -aG docker ubuntu", 28 | "sudo apt-get install -y openjdk-8-jdk" 29 | ] 30 | }] 31 | } 32 | -------------------------------------------------------------------------------- /kops/README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes AWS 2 | 3 | ## First Run / Setup 4 | 5 | Install AWS CLI tool and kops 6 | 7 | See AWS docs for install AWS CLI, and use homebrew for kops 8 | 9 | ``` 10 | brew install kops 11 | ``` 12 | 13 | Get root or admin access keys 14 | 15 | Save keys to `./creds/root-creds` in following format - .gitignore creds or add as meta project so keys are not checked in with this project! 16 | 17 | ``` 18 | { 19 | "AccessKey": { 20 | "AccessKeyId": "...", 21 | "SecretAccessKey": "...", 22 | } 23 | } 24 | 25 | ``` 26 | 27 | To set our context to the root user, run 28 | 29 | ``` 30 | source root.env 31 | ``` 32 | 33 | Then, run the setup with 34 | 35 | ``` 36 | sh ./setup.sh 37 | ``` 38 | 39 | This will generate some new IAM roles, and create a user kops. It will also 40 | prompt the user for their organizations name and generate a new bucket id. 41 | Org and bucket id are then written to kops.env. 42 | 43 | Next, Switch to the user `kops` 44 | 45 | ``` 46 | source kops.env 47 | ``` 48 | 49 | Then run : 50 | 51 | ```bash 52 | sh cluster-setup.sh 53 | ``` 54 | 55 | ## Delete 56 | 57 | To delete your cluster: 58 | 59 | ``` 60 | sh delete-kops.sh 61 | ``` 62 | 63 | To delete kops AWS resources: 64 | 65 | ``` 66 | sh delete-aws.sh 67 | ``` -------------------------------------------------------------------------------- /kops/delete-aws.sh: -------------------------------------------------------------------------------- 1 | aws iam remove-user-from-group \ 2 | --user-name kops \ 3 | --group-name kops 4 | 5 | aws iam delete-access-key --user-name kops --access-key-id $(cat creds/kops-creds | jq -r '.AccessKey.AccessKeyId') 6 | 7 | aws iam delete-user \ 8 | --user-name kops 9 | 10 | aws iam detach-group-policy \ 11 | --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \ 12 | --group-name kops 13 | 14 | aws iam detach-group-policy \ 15 | --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \ 16 | --group-name kops 17 | 18 | aws iam detach-group-policy \ 19 | --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \ 20 | --group-name kops 21 | 22 | aws iam detach-group-policy \ 23 | --policy-arn arn:aws:iam::aws:policy/IAMFullAccess \ 24 | --group-name kops 25 | 26 | aws iam delete-group \ 27 | --group-name kops 28 | -------------------------------------------------------------------------------- /kops/delete-kops.sh: -------------------------------------------------------------------------------- 1 | kops delete cluster \ 2 | --name $NAME \ 3 | --yes 4 | -------------------------------------------------------------------------------- /kops/kops.env: -------------------------------------------------------------------------------- 1 | export ORG_NAME=MY_ORG_NAME 2 | 3 | export AWS_ACCESS_KEY_ID=$(\ 4 | cat creds/kops-creds | jq -r \ 5 | '.AccessKey.AccessKeyId') 6 | 7 | export AWS_SECRET_ACCESS_KEY=$(\ 8 | cat creds/kops-creds | jq -r \ 9 | '.AccessKey.SecretAccessKey') 10 | 11 | export AWS_DEFAULT_REGION=us-east-2 12 | 13 | export ZONES=$(aws ec2 \ 14 | describe-availability-zones \ 15 | --region $AWS_DEFAULT_REGION \ 16 | | jq -r \ 17 | '.AvailabilityZones[].ZoneName' \ 18 | | tr '\n' ',' | tr -d ' ') 19 | 20 | ZONES=${ZONES%?} 21 | 22 | export NAME=$ORG_NAME.k8s.local 23 | 24 | export BUCKET_ID=MY_BUCKET_ID 25 | export BUCKET_NAME=$ORG_NAME-$BUCKET_ID 26 | 27 | export KOPS_STATE_STORE=s3://$BUCKET_NAME 28 | 29 | export CLUSTER_DNS=$(aws elb \ 30 | describe-load-balancers | jq -r \ 31 | ".LoadBalancerDescriptions[] \ 32 | | select(.DNSName \ 33 | | contains (\"api-$ORG_NAME\") \ 34 | | not).DNSName") 35 | -------------------------------------------------------------------------------- /kops/root.env: -------------------------------------------------------------------------------- 1 | export AWS_ACCESS_KEY_ID=$(cat creds/root-creds | jq -r '.AccessKey.AccessKeyId') 2 | export AWS_SECRET_ACCESS_KEY=$(cat creds/root-creds | jq -r '.AccessKey.SecretAccessKey') 3 | export AWS_DEFAULT_REGION=us-east-2 4 | -------------------------------------------------------------------------------- /kops/setup.sh: -------------------------------------------------------------------------------- 1 | mkdir -p creds 2 | 3 | aws iam create-group \ 4 | --group-name kops 5 | 6 | aws iam attach-group-policy \ 7 | --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess \ 8 | --group-name kops 9 | 10 | aws iam attach-group-policy \ 11 | --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \ 12 | --group-name kops 13 | 14 | aws iam attach-group-policy \ 15 | --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \ 16 | --group-name kops 17 | 18 | aws iam attach-group-policy \ 19 | --policy-arn arn:aws:iam::aws:policy/IAMFullAccess \ 20 | --group-name kops 21 | 22 | aws iam create-user \ 23 | --user-name kops 24 | 25 | aws iam add-user-to-group \ 26 | --user-name kops \ 27 | --group-name kops 28 | 29 | aws iam create-access-key \ 30 | --user-name kops >creds/kops-creds 31 | 32 | BUCKET_ID=$(date +%s) 33 | echo $BUCKET_ID 34 | sed -i .bak 's/MY_BUCKET_ID/'$BUCKET_ID'/' ./kops.env 35 | 36 | echo "Enter your organization's name (lowercase): " 37 | read -r org 38 | 39 | sed -i .bak 's/MY_ORG_NAME/'$org'/' ./kops.env 40 | 41 | aws ec2 create-key-pair \ 42 | --key-name kops \ 43 | | jq -r '.KeyMaterial' \ 44 | >creds/kops.pem 45 | 46 | chmod 400 creds/kops.pem 47 | 48 | ssh-keygen -y -f creds/kops.pem \ 49 | >creds/kops.pub 50 | -------------------------------------------------------------------------------- /linkerd/alpine.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: alpine 5 | labels: 6 | app: alpine 7 | spec: 8 | ports: 9 | - port: 80 10 | name: http 11 | selector: 12 | app: alpine 13 | 14 | --- 15 | 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | metadata: 19 | name: alpine 20 | spec: 21 | template: 22 | metadata: 23 | labels: 24 | app: alpine 25 | spec: 26 | containers: 27 | - name: alpine 28 | image: alpine 29 | command: ["sleep"] 30 | args: ["100000"] -------------------------------------------------------------------------------- /logging/eks-logs-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Action": [ 6 | "logs:DescribeLogGroups", 7 | "logs:DescribeLogStreams", 8 | "logs:CreateLogGroup", 9 | "logs:CreateLogStream", 10 | "logs:PutLogEvents" 11 | ], 12 | "Resource": "*", 13 | "Effect": "Allow" 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /logging/es-values.yml: -------------------------------------------------------------------------------- 1 | client: 2 | resources: 3 | limits: 4 | cpu: 1 5 | memory: 1500Mi 6 | requests: 7 | cpu: 25m 8 | memory: 750Mi 9 | master: 10 | resources: 11 | limits: 12 | cpu: 1 13 | memory: 1500Mi 14 | requests: 15 | cpu: 25m 16 | memory: 750Mi 17 | data: 18 | resources: 19 | limits: 20 | cpu: 1 21 | memory: 3Gi 22 | requests: 23 | cpu: 100m 24 | memory: 1500Mi 25 | 26 | -------------------------------------------------------------------------------- /logging/fluentd-cw-values.yml: -------------------------------------------------------------------------------- 1 | rbac: 2 | create: true 3 | extraVars: 4 | - "{ name: FLUENT_UID, value: '0' }" -------------------------------------------------------------------------------- /logging/fluentd-values.yml: -------------------------------------------------------------------------------- 1 | resources: 2 | limits: 3 | cpu: 100m 4 | memory: 300Mi 5 | requests: 6 | cpu: 25m 7 | memory: 150Mi 8 | -------------------------------------------------------------------------------- /logging/kibana-values.yml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | hosts: 4 | - acme.com 5 | env: 6 | ELASTICSEARCH_HOSTS: http://elasticsearch-client:9200 7 | resources: 8 | limits: 9 | cpu: 50m 10 | memory: 300Mi 11 | requests: 12 | cpu: 5m 13 | memory: 150Mi 14 | -------------------------------------------------------------------------------- /logging/logger.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: random-logger 5 | spec: 6 | containers: 7 | - name: random-logger 8 | image: chentex/random-logger 9 | -------------------------------------------------------------------------------- /mon/go-demo-5-hpa-ing.yml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: go-demo-5 5 | spec: 6 | scaleTargetRef: 7 | apiVersion: apps/v1 8 | kind: Deployment 9 | name: go-demo-5 10 | minReplicas: 3 11 | maxReplicas: 10 12 | metrics: 13 | - type: Object 14 | object: 15 | metricName: http_req_per_second_per_replica 16 | target: 17 | kind: Namespace 18 | name: go-demo-5 19 | targetValue: 50m 20 | -------------------------------------------------------------------------------- /mon/go-demo-5-hpa-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: go-demo-5 5 | spec: 6 | scaleTargetRef: 7 | apiVersion: apps/v1 8 | kind: Deployment 9 | name: go-demo-5 10 | minReplicas: 3 11 | maxReplicas: 10 12 | metrics: 13 | - type: Object 14 | object: 15 | metricName: http_req_per_second_per_replica 16 | target: 17 | kind: Service 18 | name: go-demo-5 19 | targetValue: 1500m -------------------------------------------------------------------------------- /mon/go-demo-5-hpa.yml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: go-demo-5 5 | spec: 6 | scaleTargetRef: 7 | apiVersion: apps/v1 8 | kind: Deployment 9 | name: go-demo-5 10 | minReplicas: 3 11 | maxReplicas: 10 12 | metrics: 13 | - type: Resource 14 | resource: 15 | name: cpu 16 | targetAverageUtilization: 80 17 | - type: Resource 18 | resource: 19 | name: memory 20 | targetAverageUtilization: 80 21 | - type: Object 22 | object: 23 | metricName: http_req_per_second_per_replica 24 | target: 25 | kind: Service 26 | name: go-demo-5 27 | targetValue: 1500m -------------------------------------------------------------------------------- /mon/grafana-values-bare.yml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | persistence: 4 | enabled: true 5 | accessModes: 6 | - ReadWriteOnce 7 | size: 1Gi 8 | resources: 9 | limits: 10 | cpu: 20m 11 | memory: 50Mi 12 | requests: 13 | cpu: 5m 14 | memory: 25Mi 15 | -------------------------------------------------------------------------------- /mon/grafana-values.yml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | persistence: 4 | enabled: true 5 | accessModes: 6 | - ReadWriteOnce 7 | size: 1Gi 8 | resources: 9 | limits: 10 | cpu: 20m 11 | memory: 50Mi 12 | requests: 13 | cpu: 5m 14 | memory: 25Mi 15 | datasources: 16 | datasources.yaml: 17 | apiVersion: 1 18 | datasources: 19 | - name: Prometheus 20 | type: prometheus 21 | url: http://prometheus-server 22 | access: proxy 23 | isDefault: true 24 | -------------------------------------------------------------------------------- /mon/prom-adapter-values-ing.yml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: v0.5.0 3 | metricsRelistInterval: 90s 4 | prometheus: 5 | url: http://prometheus-server.metrics.svc 6 | port: 80 7 | rules: 8 | default: false 9 | custom: 10 | - seriesQuery: 'nginx_ingress_controller_requests' 11 | resources: 12 | overrides: 13 | namespace: {resource: "namespace"} 14 | ingress: {resource: "ingress"} 15 | name: 16 | as: "http_req_per_second" 17 | metricsQuery: 'sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>)' 18 | - seriesQuery: 'nginx_ingress_controller_requests' 19 | resources: 20 | overrides: 21 | namespace: {resource: "namespace"} 22 | ingress: {resource: "ingress"} 23 | name: 24 | as: "http_req_per_second_per_replica" 25 | metricsQuery: 'sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) / sum(label_join(kube_deployment_status_replicas, "ingress", ",", "deployment")) by (<<.GroupBy>>)' 26 | -------------------------------------------------------------------------------- /mon/prom-adapter-values-svc.yml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: v0.5.0 3 | metricsRelistInterval: 90s 4 | prometheus: 5 | url: http://prometheus-server.metrics.svc 6 | port: 80 7 | rules: 8 | default: false 9 | custom: 10 | - seriesQuery: 'http_server_resp_time_count{kubernetes_namespace!="",kubernetes_name!=""}' 11 | resources: 12 | overrides: 13 | kubernetes_namespace: {resource: "namespace"} 14 | kubernetes_name: {resource: "service"} 15 | name: 16 | matches: "^(.*)server_resp_time_count" 17 | as: "${1}req_per_second_per_replica" 18 | metricsQuery: 'sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) / count(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)' 19 | - seriesQuery: 'nginx_ingress_controller_requests' 20 | resources: 21 | overrides: 22 | namespace: {resource: "namespace"} 23 | ingress: {resource: "ingress"} 24 | name: 25 | as: "http_req_per_second_per_replica" 26 | metricsQuery: 'sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) / sum(label_join(kube_deployment_status_replicas, "ingress", ",", "deployment")) by (<<.GroupBy>>)' 27 | -------------------------------------------------------------------------------- /mon/prom-adapter-values.yml: -------------------------------------------------------------------------------- 1 | image: 2 | tag: v0.3.0 3 | metricsRelistInterval: 90s 4 | prometheus: 5 | url: http://prometheus-server.metrics.svc 6 | port: 80 7 | rules: 8 | default: false 9 | custom: 10 | - seriesQuery: 'http_server_resp_time_count{kubernetes_namespace!="",kubernetes_name!=""}' 11 | resources: 12 | overrides: 13 | kubernetes_namespace: {resource: "namespace"} 14 | kubernetes_name: {resource: "service"} 15 | name: 16 | matches: "^(.*)server_resp_time_count" 17 | as: "${1}req_per_second_per_replica" 18 | metricsQuery: 'sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) / count(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)' 19 | - seriesQuery: 'nginx_ingress_controller_requests' 20 | resources: 21 | overrides: 22 | namespace: {resource: "namespace"} 23 | ingress: {resource: "ingress"} 24 | name: 25 | as: "http_req_per_second_per_replica" 26 | metricsQuery: 'sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) / sum(label_join(kube_deployment_status_replicas, "ingress", ",", "deployment")) by (<<.GroupBy>>)' 27 | -------------------------------------------------------------------------------- /mon/prom-values-bare.yml: -------------------------------------------------------------------------------- 1 | server: 2 | ingress: 3 | enabled: true 4 | annotations: 5 | ingress.kubernetes.io/ssl-redirect: "false" 6 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 7 | resources: 8 | limits: 9 | cpu: 100m 10 | memory: 1000Mi 11 | requests: 12 | cpu: 10m 13 | memory: 500Mi 14 | alertmanager: 15 | ingress: 16 | enabled: true 17 | annotations: 18 | ingress.kubernetes.io/ssl-redirect: "false" 19 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 20 | resources: 21 | limits: 22 | cpu: 10m 23 | memory: 20Mi 24 | requests: 25 | cpu: 5m 26 | memory: 10Mi 27 | kubeStateMetrics: 28 | resources: 29 | limits: 30 | cpu: 10m 31 | memory: 50Mi 32 | requests: 33 | cpu: 5m 34 | memory: 25Mi 35 | nodeExporter: 36 | resources: 37 | limits: 38 | cpu: 10m 39 | memory: 20Mi 40 | requests: 41 | cpu: 5m 42 | memory: 10Mi 43 | pushgateway: 44 | resources: 45 | limits: 46 | cpu: 10m 47 | memory: 20Mi 48 | requests: 49 | cpu: 5m 50 | memory: 10Mi 51 | -------------------------------------------------------------------------------- /mon/prom-values-nodes-0.yml: -------------------------------------------------------------------------------- 1 | server: 2 | ingress: 3 | enabled: true 4 | annotations: 5 | ingress.kubernetes.io/ssl-redirect: "false" 6 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 7 | resources: 8 | limits: 9 | cpu: 100m 10 | memory: 1000Mi 11 | requests: 12 | cpu: 10m 13 | memory: 500Mi 14 | alertmanager: 15 | ingress: 16 | enabled: true 17 | annotations: 18 | ingress.kubernetes.io/ssl-redirect: "false" 19 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 20 | resources: 21 | limits: 22 | cpu: 10m 23 | memory: 20Mi 24 | requests: 25 | cpu: 5m 26 | memory: 10Mi 27 | kubeStateMetrics: 28 | resources: 29 | limits: 30 | cpu: 10m 31 | memory: 50Mi 32 | requests: 33 | cpu: 5m 34 | memory: 25Mi 35 | nodeExporter: 36 | resources: 37 | limits: 38 | cpu: 10m 39 | memory: 20Mi 40 | requests: 41 | cpu: 5m 42 | memory: 10Mi 43 | pushgateway: 44 | resources: 45 | limits: 46 | cpu: 10m 47 | memory: 20Mi 48 | requests: 49 | cpu: 5m 50 | memory: 10Mi 51 | serverFiles: 52 | alerts: 53 | groups: 54 | - name: nodes 55 | rules: 56 | - alert: TooManyNodes 57 | expr: count(kube_node_info) > 0 58 | for: 1m 59 | labels: 60 | severity: notify 61 | annotations: 62 | summary: Cluster increased 63 | description: The number of the nodes in the cluster increased 64 | - alert: TooFewNodes 65 | expr: count(kube_node_info) < 1 66 | for: 1m 67 | labels: 68 | severity: notify 69 | annotations: 70 | summary: Cluster decreased 71 | description: The number of the nodes in the cluster decreased 72 | -------------------------------------------------------------------------------- /mon/prom-values-nodes.yml: -------------------------------------------------------------------------------- 1 | server: 2 | ingress: 3 | enabled: true 4 | annotations: 5 | ingress.kubernetes.io/ssl-redirect: "false" 6 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 7 | resources: 8 | limits: 9 | cpu: 100m 10 | memory: 1000Mi 11 | requests: 12 | cpu: 10m 13 | memory: 500Mi 14 | alertmanager: 15 | ingress: 16 | enabled: true 17 | annotations: 18 | ingress.kubernetes.io/ssl-redirect: "false" 19 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 20 | resources: 21 | limits: 22 | cpu: 10m 23 | memory: 20Mi 24 | requests: 25 | cpu: 5m 26 | memory: 10Mi 27 | kubeStateMetrics: 28 | resources: 29 | limits: 30 | cpu: 10m 31 | memory: 50Mi 32 | requests: 33 | cpu: 5m 34 | memory: 25Mi 35 | nodeExporter: 36 | resources: 37 | limits: 38 | cpu: 10m 39 | memory: 20Mi 40 | requests: 41 | cpu: 5m 42 | memory: 10Mi 43 | pushgateway: 44 | resources: 45 | limits: 46 | cpu: 10m 47 | memory: 20Mi 48 | requests: 49 | cpu: 5m 50 | memory: 10Mi 51 | serverFiles: 52 | alerts: 53 | groups: 54 | - name: nodes 55 | rules: 56 | - alert: TooManyNodes 57 | expr: count(kube_node_info) > 3 58 | for: 15m 59 | labels: 60 | severity: notify 61 | annotations: 62 | summary: Cluster increased 63 | description: The number of the nodes in the cluster increased 64 | - alert: TooFewNodes 65 | expr: count(kube_node_info) < 1 66 | for: 15m 67 | labels: 68 | severity: notify 69 | annotations: 70 | summary: Cluster decreased 71 | description: The number of the nodes in the cluster decreased 72 | -------------------------------------------------------------------------------- /network/basic/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "Installing..." 4 | curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - 5 | echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list 6 | sudo apt-get update 7 | sudo apt-get install -y docker-engine kubelet kubeadm kubectl 8 | -------------------------------------------------------------------------------- /network/basic/config_cni.sh: -------------------------------------------------------------------------------- 1 | mkdir -p /etc/cni/net.d 2 | echo $NODE_SUBNET 3 | sudo cat >/etc/cni/net.d/10-mynet.conf < /vagrant/nodetoken.out 6 | sudo cp /etc/kubernetes/admin.conf /vagrant -------------------------------------------------------------------------------- /network/basic/nginx-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: nginx 9 | replicas: 2 10 | template: 11 | metadata: 12 | labels: 13 | app: nginx 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx:1.7.9 18 | ports: 19 | - containerPort: 80 -------------------------------------------------------------------------------- /network/basic/node.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "Joining kubernetes node..." 4 | sudo su - 5 | joincommand=`cat /vagrant/nodetoken.out` 6 | echo "Executing below join command..." 7 | echo $joincommand 8 | $joincommand 9 | -------------------------------------------------------------------------------- /network/cluster/Vagrantfile: -------------------------------------------------------------------------------- 1 | # vi: set ft=ruby : 2 | 3 | Vagrant.configure("2") do |config| 4 | config.vm.box = "ubuntu/xenial64" 5 | 6 | config.vm.define "master" do |node| 7 | node.vm.hostname = "master" 8 | node.vm.network :private_network, ip: "10.100.198.200" 9 | node.vm.provision :shell, inline: "sed 's/127\.0\.0\.1.*master.*/10\.100\.198\.200 master/' -i /etc/hosts" 10 | config.vm.provider "virtualbox" do |v| 11 | v.memory = 2048 12 | v.cpus = 2 13 | end 14 | end 15 | 16 | config.vm.define "node1" do |node| 17 | node.vm.hostname = "node1" 18 | node.vm.network :private_network, ip: "10.100.198.201" 19 | node.vm.provision :shell, inline: "sed 's/127\.0\.0\.1.*node1.*/10\.100\.198\.201 node1/' -i /etc/hosts" 20 | config.vm.provider "virtualbox" do |v| 21 | v.memory = 2048 22 | v.cpus = 2 23 | end 24 | end 25 | 26 | config.vm.define "node2" do |node| 27 | node.vm.hostname = "node2" 28 | node.vm.network :private_network, ip: "10.100.198.202" 29 | node.vm.provision :shell, inline: "sed 's/127\.0\.0\.1.*node2.*/10\.100\.198\.202 node2/' -i /etc/hosts" 30 | config.vm.provider "virtualbox" do |v| 31 | v.memory = 2048 32 | v.cpus = 2 33 | end 34 | end 35 | end -------------------------------------------------------------------------------- /network/cluster/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "Installing..." 4 | curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - 5 | echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list 6 | sudo apt-get update 7 | sudo apt-get install -y docker.io kubelet kubeadm kubectl 8 | -------------------------------------------------------------------------------- /network/cluster/nginx-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2 2 | kind: Deployment 3 | metadata: 4 | name: nginx-deployment 5 | spec: 6 | selector: 7 | matchLabels: 8 | app: nginx 9 | replicas: 2 10 | template: 11 | metadata: 12 | labels: 13 | app: nginx 14 | spec: 15 | containers: 16 | - name: nginx 17 | image: nginx:1.7.9 18 | ports: 19 | - containerPort: 80 -------------------------------------------------------------------------------- /pod/db.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: db 5 | labels: 6 | type: db 7 | vendor: MongoLabs 8 | spec: 9 | containers: 10 | - name: db 11 | image: mongo:3.3 12 | command: ["mongod"] 13 | args: ["--rest", "--httpinterface"] 14 | -------------------------------------------------------------------------------- /pod/go-demo-2-full.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: go-demo-2 5 | labels: 6 | type: stack 7 | spec: 8 | containers: 9 | - name: db 10 | image: mongo:3.3 11 | - name: api 12 | image: vfarcic/go-demo-2 13 | env: 14 | - name: DB 15 | value: localhost 16 | livenessProbe: 17 | httpGet: 18 | path: /demo/hello 19 | port: 8080 20 | initialDelaySeconds: 10 21 | -------------------------------------------------------------------------------- /pod/go-demo-2-health.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: go-demo-2 5 | labels: 6 | type: stack 7 | spec: 8 | containers: 9 | - name: db 10 | image: mongo:3.3 11 | - name: api 12 | image: vfarcic/go-demo-2 13 | env: 14 | - name: DB 15 | value: localhost 16 | livenessProbe: 17 | httpGet: 18 | path: /this/path/does/not/exist 19 | port: 8080 20 | initialDelaySeconds: 5 21 | timeoutSeconds: 2 # Defaults to 1 22 | periodSeconds: 5 # Defaults to 10 23 | failureThreshold: 1 # Defaults to 3 24 | -------------------------------------------------------------------------------- /pod/go-demo-2-scaled.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: go-demo-2 5 | labels: 6 | type: stack 7 | spec: 8 | containers: 9 | - name: db 10 | image: mongo:3.3 11 | - name: api-1 12 | image: vfarcic/go-demo-2 13 | env: 14 | - name: DB 15 | value: localhost 16 | - name: api-2 17 | image: vfarcic/go-demo-2 18 | env: 19 | - name: DB 20 | value: localhost 21 | -------------------------------------------------------------------------------- /pod/go-demo-2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: go-demo-2 5 | labels: 6 | type: stack 7 | spec: 8 | containers: 9 | - name: db 10 | image: mongo:3.3 11 | - name: api 12 | image: vfarcic/go-demo-2 13 | env: 14 | - name: DB 15 | value: localhost 16 | -------------------------------------------------------------------------------- /pv/jenkins-no-pv.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: jenkins 5 | 6 | --- 7 | 8 | apiVersion: networking.k8s.io/v1 9 | kind: Ingress 10 | metadata: 11 | name: jenkins 12 | namespace: jenkins 13 | annotations: 14 | kubernetes.io/ingress.class: "nginx" 15 | ingress.kubernetes.io/ssl-redirect: "false" 16 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 17 | spec: 18 | rules: 19 | - http: 20 | paths: 21 | - path: /jenkins 22 | pathType: ImplementationSpecific 23 | backend: 24 | service: 25 | name: jenkins 26 | port: 27 | number: 8080 28 | 29 | --- 30 | 31 | apiVersion: v1 32 | kind: Service 33 | metadata: 34 | name: jenkins 35 | namespace: jenkins 36 | spec: 37 | selector: 38 | app: jenkins 39 | ports: 40 | - name: http 41 | port: 8080 42 | - name: jnlp 43 | port: 50000 44 | 45 | --- 46 | 47 | apiVersion: apps/v1 48 | kind: Deployment 49 | metadata: 50 | name: jenkins 51 | namespace: jenkins 52 | spec: 53 | selector: 54 | matchLabels: 55 | app: jenkins 56 | strategy: 57 | type: Recreate 58 | template: 59 | metadata: 60 | labels: 61 | app: jenkins 62 | spec: 63 | containers: 64 | - name: jenkins 65 | image: vfarcic/jenkins 66 | env: 67 | - name: JENKINS_OPTS 68 | value: --prefix=/jenkins 69 | - name: SECRETS_DIR 70 | value: /etc/secrets 71 | volumeMounts: 72 | - name: jenkins-creds 73 | mountPath: /etc/secrets 74 | resources: 75 | limits: 76 | memory: 2Gi 77 | cpu: 1 78 | requests: 79 | memory: 1Gi 80 | cpu: 0.5 81 | volumes: 82 | - name: jenkins-creds 83 | secret: 84 | secretName: jenkins-creds 85 | -------------------------------------------------------------------------------- /pv/jenkins-pv.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: jenkins 5 | 6 | --- 7 | 8 | apiVersion: networking.k8s.io/v1 9 | kind: Ingress 10 | metadata: 11 | name: jenkins 12 | namespace: jenkins 13 | annotations: 14 | kubernetes.io/ingress.class: "nginx" 15 | ingress.kubernetes.io/ssl-redirect: "false" 16 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 17 | spec: 18 | rules: 19 | - http: 20 | paths: 21 | - path: /jenkins 22 | pathType: ImplementationSpecific 23 | backend: 24 | service: 25 | name: jenkins 26 | port: 27 | number: 8080 28 | 29 | --- 30 | 31 | apiVersion: v1 32 | kind: Service 33 | metadata: 34 | name: jenkins 35 | namespace: jenkins 36 | spec: 37 | selector: 38 | app: jenkins 39 | ports: 40 | - name: http 41 | port: 8080 42 | - name: jnlp 43 | port: 50000 44 | 45 | --- 46 | 47 | apiVersion: apps/v1 48 | kind: Deployment 49 | metadata: 50 | name: jenkins 51 | namespace: jenkins 52 | spec: 53 | selector: 54 | matchLabels: 55 | app: jenkins 56 | strategy: 57 | type: Recreate 58 | template: 59 | metadata: 60 | labels: 61 | app: jenkins 62 | spec: 63 | containers: 64 | - name: jenkins 65 | image: vfarcic/jenkins 66 | env: 67 | - name: JENKINS_OPTS 68 | value: --prefix=/jenkins 69 | - name: SECRETS_DIR 70 | value: /etc/secrets 71 | volumeMounts: 72 | - name: jenkins-home 73 | mountPath: /var/jenkins_home 74 | - name: jenkins-creds 75 | mountPath: /etc/secrets 76 | resources: 77 | limits: 78 | memory: 2Gi 79 | cpu: 1 80 | requests: 81 | memory: 1Gi 82 | cpu: 0.5 83 | volumes: 84 | - name: jenkins-home 85 | persistentVolumeClaim: 86 | claimName: jenkins 87 | - name: jenkins-creds 88 | secret: 89 | secretName: jenkins-creds 90 | securityContext: 91 | fsGroup: 1000 92 | -------------------------------------------------------------------------------- /pv/pv-gke.yml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolume 2 | apiVersion: v1 3 | metadata: 4 | name: manual-ebs-01 5 | labels: 6 | type: ebs 7 | spec: 8 | storageClassName: manual-ebs 9 | capacity: 10 | storage: 5Gi 11 | accessModes: 12 | - ReadWriteOnce 13 | gcePersistentDisk: 14 | pdName: REPLACE_ME_1 15 | fsType: ext4 16 | 17 | --- 18 | 19 | kind: PersistentVolume 20 | apiVersion: v1 21 | metadata: 22 | name: manual-ebs-02 23 | labels: 24 | type: ebs 25 | spec: 26 | storageClassName: manual-ebs 27 | capacity: 28 | storage: 5Gi 29 | accessModes: 30 | - ReadWriteOnce 31 | gcePersistentDisk: 32 | pdName: REPLACE_ME_2 33 | fsType: ext4 34 | 35 | --- 36 | 37 | kind: PersistentVolume 38 | apiVersion: v1 39 | metadata: 40 | name: manual-ebs-03 41 | labels: 42 | type: ebs 43 | spec: 44 | storageClassName: manual-ebs 45 | capacity: 46 | storage: 5Gi 47 | accessModes: 48 | - ReadWriteOnce 49 | gcePersistentDisk: 50 | pdName: REPLACE_ME_3 51 | fsType: ext4 52 | -------------------------------------------------------------------------------- /pv/pv.yml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolume 2 | apiVersion: v1 3 | metadata: 4 | name: manual-ebs-01 5 | labels: 6 | type: ebs 7 | spec: 8 | storageClassName: manual-ebs 9 | capacity: 10 | storage: 5Gi 11 | accessModes: 12 | - ReadWriteOnce 13 | awsElasticBlockStore: 14 | volumeID: REPLACE_ME_1 15 | fsType: ext4 16 | 17 | --- 18 | 19 | kind: PersistentVolume 20 | apiVersion: v1 21 | metadata: 22 | name: manual-ebs-02 23 | labels: 24 | type: ebs 25 | spec: 26 | storageClassName: manual-ebs 27 | capacity: 28 | storage: 5Gi 29 | accessModes: 30 | - ReadWriteOnce 31 | awsElasticBlockStore: 32 | volumeID: REPLACE_ME_2 33 | fsType: ext4 34 | 35 | --- 36 | 37 | kind: PersistentVolume 38 | apiVersion: v1 39 | metadata: 40 | name: manual-ebs-03 41 | labels: 42 | type: ebs 43 | spec: 44 | storageClassName: manual-ebs 45 | capacity: 46 | storage: 5Gi 47 | accessModes: 48 | - ReadWriteOnce 49 | awsElasticBlockStore: 50 | volumeID: REPLACE_ME_3 51 | fsType: ext4 52 | -------------------------------------------------------------------------------- /pv/pvc.yml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: jenkins 5 | namespace: jenkins 6 | spec: 7 | storageClassName: manual-ebs 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | -------------------------------------------------------------------------------- /pv/sc-gke.yml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: fast 5 | labels: 6 | type: pd 7 | provisioner: kubernetes.io/gce-pd 8 | parameters: 9 | type: pd-ssd 10 | reclaimPolicy: Delete 11 | -------------------------------------------------------------------------------- /pv/sc.yml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: fast 5 | labels: 6 | type: ebs 7 | provisioner: kubernetes.io/aws-ebs 8 | parameters: 9 | type: io1 # https://aws.amazon.com/ebs/details/ > Amazon EBS Volume Types 10 | reclaimPolicy: Delete 11 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "config:base" 4 | ] 5 | } 6 | -------------------------------------------------------------------------------- /res/dev.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: dev 5 | 6 | --- 7 | 8 | apiVersion: v1 9 | kind: ResourceQuota 10 | metadata: 11 | name: dev 12 | namespace: dev 13 | spec: 14 | hard: 15 | requests.cpu: 0.8 16 | requests.memory: 500Mi 17 | limits.cpu: 1 18 | limits.memory: 1Gi 19 | pods: 10 20 | services.nodeports: "0" 21 | -------------------------------------------------------------------------------- /res/limit-range.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: limit-range 5 | spec: 6 | limits: 7 | - default: 8 | memory: 50Mi 9 | cpu: 0.2 10 | defaultRequest: 11 | memory: 30Mi 12 | cpu: 0.05 13 | max: 14 | memory: 80Mi 15 | cpu: 0.5 16 | min: 17 | memory: 10Mi 18 | cpu: 0.01 19 | type: Container 20 | -------------------------------------------------------------------------------- /rs/go-demo-2-scaled.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: go-demo-2 5 | spec: 6 | replicas: 4 7 | selector: 8 | matchLabels: 9 | type: backend 10 | service: go-demo-2 11 | template: 12 | metadata: 13 | labels: 14 | type: backend 15 | service: go-demo-2 16 | db: mongo 17 | language: go 18 | spec: 19 | containers: 20 | - name: db 21 | image: mongo:3.3 22 | - name: api 23 | image: vfarcic/go-demo-2 24 | env: 25 | - name: DB 26 | value: localhost 27 | livenessProbe: 28 | httpGet: 29 | path: /demo/hello 30 | port: 8080 31 | -------------------------------------------------------------------------------- /rs/go-demo-2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: go-demo-2 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | type: backend 10 | service: go-demo-2 11 | template: 12 | metadata: 13 | labels: 14 | type: backend 15 | service: go-demo-2 16 | db: mongo 17 | language: go 18 | spec: 19 | containers: 20 | - name: db 21 | image: mongo:3.3 22 | - name: api 23 | image: vfarcic/go-demo-2 24 | env: 25 | - name: DB 26 | value: localhost 27 | livenessProbe: 28 | httpGet: 29 | path: /demo/hello 30 | port: 8080 31 | -------------------------------------------------------------------------------- /sa/kubectl-test1.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kubectl 5 | namespace: test1 6 | spec: 7 | serviceAccountName: pods-all 8 | containers: 9 | - name: kubectl 10 | image: vfarcic/kubectl 11 | command: ["sleep"] 12 | args: ["100000"] 13 | -------------------------------------------------------------------------------- /sa/kubectl-test2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kubectl 5 | namespace: test1 6 | spec: 7 | serviceAccountName: pods-all 8 | containers: 9 | - name: kubectl 10 | image: vfarcic/kubectl 11 | command: ["sleep"] 12 | args: ["100000"] 13 | -------------------------------------------------------------------------------- /sa/kubectl-view.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: kubectl 5 | spec: 6 | serviceAccountName: view 7 | containers: 8 | - name: kubectl 9 | image: vfarcic/kubectl 10 | command: ["sleep"] 11 | args: ["100000"] 12 | -------------------------------------------------------------------------------- /sa/pods-all.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: pods-all 5 | namespace: test1 6 | 7 | --- 8 | 9 | kind: Role 10 | apiVersion: rbac.authorization.k8s.io/v1beta1 11 | metadata: 12 | name: pods-all 13 | namespace: test1 14 | rules: 15 | - apiGroups: [""] 16 | resources: ["pods", "pods/exec", "pods/log"] 17 | verbs: ["*"] 18 | 19 | --- 20 | 21 | kind: Role 22 | apiVersion: rbac.authorization.k8s.io/v1beta1 23 | metadata: 24 | name: pods-all 25 | namespace: test2 26 | rules: 27 | - apiGroups: [""] 28 | resources: ["pods", "pods/exec", "pods/log"] 29 | verbs: ["*"] 30 | 31 | --- 32 | 33 | apiVersion: rbac.authorization.k8s.io/v1beta1 34 | kind: RoleBinding 35 | metadata: 36 | name: pods-all 37 | namespace: test1 38 | roleRef: 39 | apiGroup: rbac.authorization.k8s.io 40 | kind: Role 41 | name: pods-all 42 | subjects: 43 | - kind: ServiceAccount 44 | name: pods-all 45 | 46 | --- 47 | 48 | apiVersion: rbac.authorization.k8s.io/v1beta1 49 | kind: RoleBinding 50 | metadata: 51 | name: pods-all 52 | namespace: test2 53 | roleRef: 54 | apiGroup: rbac.authorization.k8s.io 55 | kind: Role 56 | name: pods-all 57 | subjects: 58 | - kind: ServiceAccount 59 | name: pods-all 60 | namespace: test1 61 | -------------------------------------------------------------------------------- /sa/pods.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: test1 5 | 6 | --- 7 | 8 | apiVersion: v1 9 | kind: ServiceAccount 10 | metadata: 11 | name: pods-all 12 | namespace: test1 13 | 14 | --- 15 | 16 | kind: Role 17 | apiVersion: rbac.authorization.k8s.io/v1beta1 18 | metadata: 19 | name: pods-all 20 | namespace: test1 21 | rules: 22 | - apiGroups: [""] 23 | resources: ["pods", "pods/exec", "pods/log"] 24 | verbs: ["*"] 25 | 26 | --- 27 | 28 | apiVersion: rbac.authorization.k8s.io/v1beta1 29 | kind: RoleBinding 30 | metadata: 31 | name: pods-all 32 | namespace: test1 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: Role 36 | name: pods-all 37 | subjects: 38 | - kind: ServiceAccount 39 | name: pods-all 40 | -------------------------------------------------------------------------------- /sa/view.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: view 5 | 6 | --- 7 | 8 | apiVersion: rbac.authorization.k8s.io/v1beta1 9 | kind: RoleBinding 10 | metadata: 11 | name: view 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: view 16 | subjects: 17 | - kind: ServiceAccount 18 | name: view 19 | -------------------------------------------------------------------------------- /scaling/eks-autoscaling-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "autoscaling:DescribeAutoScalingGroups", 8 | "autoscaling:DescribeAutoScalingInstances", 9 | "autoscaling:DescribeLaunchConfigurations", 10 | "autoscaling:DescribeTags", 11 | "autoscaling:SetDesiredCapacity", 12 | "autoscaling:TerminateInstanceInAutoScalingGroup" 13 | ], 14 | "Resource": "*" 15 | } 16 | ] 17 | } -------------------------------------------------------------------------------- /scaling/go-demo-5-api-hpa-low-mem.yml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: api 5 | namespace: go-demo-5 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: api 11 | minReplicas: 2 12 | maxReplicas: 5 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | targetAverageUtilization: 80 18 | - type: Resource 19 | resource: 20 | name: memory 21 | targetAverageUtilization: 10 -------------------------------------------------------------------------------- /scaling/go-demo-5-api-hpa.yml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: api 5 | namespace: go-demo-5 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | name: api 11 | minReplicas: 2 12 | maxReplicas: 5 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | targetAverageUtilization: 80 18 | - type: Resource 19 | resource: 20 | name: memory 21 | targetAverageUtilization: 80 -------------------------------------------------------------------------------- /scaling/go-demo-5-db-hpa-many.yml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: db 5 | namespace: go-demo-5 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: StatefulSet 10 | name: db 11 | minReplicas: 50 12 | maxReplicas: 100 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | targetAverageUtilization: 80 18 | - type: Resource 19 | resource: 20 | name: memory 21 | targetAverageUtilization: 80 -------------------------------------------------------------------------------- /scaling/go-demo-5-db-hpa.yml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: db 5 | namespace: go-demo-5 6 | spec: 7 | scaleTargetRef: 8 | apiVersion: apps/v1 9 | kind: StatefulSet 10 | name: db 11 | minReplicas: 3 12 | maxReplicas: 5 13 | metrics: 14 | - type: Resource 15 | resource: 16 | name: cpu 17 | targetAverageUtilization: 80 18 | - type: Resource 19 | resource: 20 | name: memory 21 | targetAverageUtilization: 80 -------------------------------------------------------------------------------- /secret/jenkins-secrets.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: jenkins 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /jenkins 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: jenkins 18 | port: 19 | number: 8080 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: jenkins 27 | spec: 28 | selector: 29 | matchLabels: 30 | type: master 31 | service: jenkins 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | type: master 38 | service: jenkins 39 | spec: 40 | containers: 41 | - name: jenkins 42 | image: vfarcic/jenkins 43 | env: 44 | - name: JENKINS_OPTS 45 | value: --prefix=/jenkins 46 | - name: SECRETS_DIR 47 | value: /etc/secrets 48 | volumeMounts: 49 | - name: jenkins-home 50 | mountPath: /var/jenkins_home 51 | - name: jenkins-creds 52 | mountPath: /etc/secrets 53 | volumes: 54 | - name: jenkins-home 55 | emptyDir: {} 56 | - name: jenkins-creds 57 | secret: 58 | secretName: my-creds 59 | 60 | --- 61 | 62 | apiVersion: v1 63 | kind: Service 64 | metadata: 65 | name: jenkins 66 | spec: 67 | ports: 68 | - port: 8080 69 | selector: 70 | type: master 71 | service: jenkins 72 | -------------------------------------------------------------------------------- /secret/jenkins-unprotected.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: jenkins 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /jenkins 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: jenkins 18 | port: 19 | number: 8080 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: jenkins 27 | spec: 28 | selector: 29 | matchLabels: 30 | type: master 31 | service: jenkins 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | type: master 38 | service: jenkins 39 | spec: 40 | containers: 41 | - name: jenkins 42 | image: vfarcic/jenkins 43 | env: 44 | - name: JENKINS_OPTS 45 | value: --prefix=/jenkins 46 | volumeMounts: 47 | - mountPath: /var/jenkins_home 48 | name: jenkins-home 49 | volumes: 50 | - emptyDir: {} 51 | name: jenkins-home 52 | 53 | --- 54 | 55 | apiVersion: v1 56 | kind: Service 57 | metadata: 58 | name: jenkins 59 | spec: 60 | ports: 61 | - port: 8080 62 | selector: 63 | type: master 64 | service: jenkins 65 | -------------------------------------------------------------------------------- /secret/jenkins.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: jenkins 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /jenkins 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: jenkins 18 | port: 19 | number: 8080 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: jenkins 27 | spec: 28 | selector: 29 | matchLabels: 30 | type: master 31 | service: jenkins 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | type: master 38 | service: jenkins 39 | spec: 40 | containers: 41 | - name: jenkins 42 | image: vfarcic/jenkins 43 | env: 44 | - name: JENKINS_OPTS 45 | value: --prefix=/jenkins 46 | - name: SECRETS_DIR 47 | value: /etc/secrets 48 | volumeMounts: 49 | - name: jenkins-home 50 | mountPath: /var/jenkins_home 51 | - name: jenkins-creds 52 | mountPath: /etc/secrets 53 | volumes: 54 | - name: jenkins-home 55 | emptyDir: {} 56 | - name: jenkins-creds 57 | secret: 58 | secretName: my-creds 59 | defaultMode: 0444 60 | items: 61 | - key: username 62 | path: jenkins-user 63 | - key: password 64 | path: jenkins-pass 65 | 66 | --- 67 | 68 | apiVersion: v1 69 | kind: Service 70 | metadata: 71 | name: jenkins 72 | spec: 73 | ports: 74 | - port: 8080 75 | selector: 76 | type: master 77 | service: jenkins 78 | -------------------------------------------------------------------------------- /skaffold.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: skaffold/v1beta1 2 | kind: Config 3 | build: 4 | artifacts: 5 | - image: changeme 6 | context: . 7 | docker: {} 8 | tagPolicy: 9 | envTemplate: 10 | template: '{{.DOCKER_REGISTRY}}/vfarcic/k8s-specs:{{.VERSION}}' 11 | local: {} 12 | deploy: 13 | kubectl: {} 14 | profiles: 15 | - name: dev 16 | build: 17 | artifacts: 18 | - docker: {} 19 | tagPolicy: 20 | envTemplate: 21 | template: '{{.DOCKER_REGISTRY}}/vfarcic/k8s-specs:{{.DIGEST_HEX}}' 22 | local: {} 23 | deploy: 24 | helm: 25 | releases: 26 | - name: k8s-specs 27 | chartPath: charts/k8s-specs 28 | setValueTemplates: 29 | image.repository: '{{.DOCKER_REGISTRY}}/vfarcic/k8s-specs' 30 | image.tag: '{{.DIGEST_HEX}}' 31 | -------------------------------------------------------------------------------- /storage/demo-rook-block.yml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: tmp 5 | spec: 6 | storageClassName: rook-block 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 10Mi 12 | 13 | --- 14 | 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | metadata: 18 | name: demo 19 | spec: 20 | replicas: 3 21 | selector: 22 | matchLabels: 23 | app: cat 24 | template: 25 | metadata: 26 | labels: 27 | app: demo 28 | spec: 29 | containers: 30 | - name: demo 31 | image: alpine 32 | command: ["sleep"] 33 | args: ["100000"] 34 | volumeMounts: 35 | - name: tmp 36 | mountPath: /tmp 37 | volumes: 38 | - name: tmp 39 | persistentVolumeClaim: 40 | claimName: tmp 41 | -------------------------------------------------------------------------------- /storage/demo-rook-fs.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: demo 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | app: demo 10 | template: 11 | metadata: 12 | labels: 13 | app: demo 14 | spec: 15 | containers: 16 | - name: demo 17 | image: alpine 18 | command: ["sleep"] 19 | args: ["100000"] 20 | volumeMounts: 21 | - name: demo-storage 22 | mountPath: /tmp 23 | volumes: 24 | - name: demo-storage 25 | flexVolume: 26 | driver: rook.io/rook 27 | fsType: ceph 28 | options: 29 | fsName: rook-fs 30 | clusterName: rook 31 | -------------------------------------------------------------------------------- /storage/rook-tools.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: rook-tools 5 | namespace: rook 6 | spec: 7 | dnsPolicy: ClusterFirstWithHostNet 8 | containers: 9 | - name: rook-tools 10 | image: rook/toolbox:master 11 | imagePullPolicy: IfNotPresent 12 | env: 13 | - name: ROOK_ADMIN_SECRET 14 | valueFrom: 15 | secretKeyRef: 16 | name: rook-ceph-mon 17 | key: admin-secret 18 | securityContext: 19 | privileged: true 20 | volumeMounts: 21 | - mountPath: /dev 22 | name: dev 23 | - mountPath: /sys/bus 24 | name: sysbus 25 | - mountPath: /lib/modules 26 | name: libmodules 27 | - name: mon-endpoint-volume 28 | mountPath: /etc/rook 29 | hostNetwork: false 30 | volumes: 31 | - name: dev 32 | hostPath: 33 | path: /dev 34 | - name: sysbus 35 | hostPath: 36 | path: /sys/bus 37 | - name: libmodules 38 | hostPath: 39 | path: /lib/modules 40 | - name: mon-endpoint-volume 41 | configMap: 42 | name: rook-ceph-mon-endpoints 43 | items: 44 | - key: data 45 | path: mon-endpoints 46 | -------------------------------------------------------------------------------- /storage/rook.yml: -------------------------------------------------------------------------------- 1 | apiVersion: rook.io/v1alpha1 2 | kind: Pool 3 | metadata: 4 | name: replicapool 5 | namespace: rook 6 | spec: 7 | replicated: 8 | size: 3 9 | 10 | --- 11 | 12 | apiVersion: storage.k8s.io/v1 13 | kind: StorageClass 14 | metadata: 15 | name: rook-block 16 | provisioner: rook.io/block 17 | parameters: 18 | pool: replicapool 19 | 20 | --- 21 | 22 | apiVersion: rook.io/v1alpha1 23 | kind: Filesystem 24 | metadata: 25 | name: rook-fs 26 | namespace: rook 27 | spec: 28 | metadataPool: 29 | replicated: 30 | size: 3 31 | dataPools: 32 | - erasureCoded: 33 | dataChunks: 2 34 | codingChunks: 1 35 | metadataServer: 36 | activeCount: 1 37 | activeStandby: true 38 | -------------------------------------------------------------------------------- /sts/cje-test.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: test 5 | spec: 6 | serviceName: test 7 | selector: 8 | matchLabels: 9 | app: test 10 | template: 11 | metadata: 12 | labels: 13 | app: test 14 | spec: 15 | containers: 16 | - name: test 17 | image: alpine 18 | command: 19 | - sleep 20 | - "1000000" 21 | volumeMounts: 22 | - name: test-data 23 | mountPath: /tmp 24 | volumeClaimTemplates: 25 | - metadata: 26 | name: test-data 27 | # annotations: 28 | # volume.beta.kubernetes.io/storage-class: "cje-storage" 29 | spec: 30 | storageClassName: cje-storage 31 | accessModes: 32 | - ReadWriteOnce 33 | resources: 34 | requests: 35 | storage: 2Gi 36 | 37 | --- 38 | 39 | apiVersion: v1 40 | kind: Service 41 | metadata: 42 | name: test 43 | spec: 44 | selector: 45 | app: test 46 | ports: 47 | - name: http 48 | port: 80 49 | targetPort: 80 50 | protocol: TCP 51 | -------------------------------------------------------------------------------- /svc/go-demo-2-api-rs.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: go-demo-2-api 5 | spec: 6 | replicas: 3 7 | selector: 8 | matchLabels: 9 | type: api 10 | service: go-demo-2 11 | template: 12 | metadata: 13 | labels: 14 | type: api 15 | service: go-demo-2 16 | language: go 17 | spec: 18 | containers: 19 | - name: api 20 | image: vfarcic/go-demo-2 21 | env: 22 | - name: DB 23 | value: go-demo-2-db 24 | readinessProbe: 25 | httpGet: 26 | path: /demo/hello 27 | port: 8080 28 | periodSeconds: 1 29 | livenessProbe: 30 | httpGet: 31 | path: /demo/hello 32 | port: 8080 33 | -------------------------------------------------------------------------------- /svc/go-demo-2-api-svc-lb.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: go-demo-2-api 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - port: 8080 9 | selector: 10 | type: api 11 | service: go-demo-2 12 | -------------------------------------------------------------------------------- /svc/go-demo-2-api-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: go-demo-2-api 5 | spec: 6 | type: NodePort 7 | ports: 8 | - port: 8080 9 | selector: 10 | type: api 11 | service: go-demo-2 12 | -------------------------------------------------------------------------------- /svc/go-demo-2-db-rs.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | selector: 7 | matchLabels: 8 | type: db 9 | service: go-demo-2 10 | template: 11 | metadata: 12 | labels: 13 | type: db 14 | service: go-demo-2 15 | vendor: MongoLabs 16 | spec: 17 | containers: 18 | - name: db 19 | image: mongo:3.3 20 | ports: 21 | - containerPort: 28017 22 | -------------------------------------------------------------------------------- /svc/go-demo-2-db-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | ports: 7 | - port: 27017 8 | selector: 9 | type: db 10 | service: go-demo-2 11 | -------------------------------------------------------------------------------- /svc/go-demo-2-lb.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | selector: 7 | matchLabels: 8 | type: db 9 | service: go-demo-2 10 | template: 11 | metadata: 12 | labels: 13 | type: db 14 | service: go-demo-2 15 | vendor: MongoLabs 16 | spec: 17 | containers: 18 | - name: db 19 | image: mongo:3.3 20 | ports: 21 | - containerPort: 28017 22 | 23 | --- 24 | 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: go-demo-2-db 29 | spec: 30 | ports: 31 | - port: 27017 32 | selector: 33 | type: db 34 | service: go-demo-2 35 | 36 | --- 37 | 38 | apiVersion: apps/v1 39 | kind: ReplicaSet 40 | metadata: 41 | name: go-demo-2-api 42 | spec: 43 | replicas: 3 44 | selector: 45 | matchLabels: 46 | type: api 47 | service: go-demo-2 48 | template: 49 | metadata: 50 | labels: 51 | type: api 52 | service: go-demo-2 53 | language: go 54 | spec: 55 | containers: 56 | - name: api 57 | image: vfarcic/go-demo-2 58 | env: 59 | - name: DB 60 | value: go-demo-2-db 61 | readinessProbe: 62 | httpGet: 63 | path: /demo/hello 64 | port: 8080 65 | periodSeconds: 1 66 | livenessProbe: 67 | httpGet: 68 | path: /demo/hello 69 | port: 8080 70 | 71 | --- 72 | 73 | apiVersion: v1 74 | kind: Service 75 | metadata: 76 | name: go-demo-2-api 77 | spec: 78 | type: LoadBalancer 79 | ports: 80 | - port: 8080 81 | selector: 82 | type: api 83 | service: go-demo-2 84 | -------------------------------------------------------------------------------- /svc/go-demo-2-rs.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: go-demo-2 5 | spec: 6 | replicas: 2 7 | selector: 8 | matchLabels: 9 | type: backend 10 | service: go-demo-2 11 | template: 12 | metadata: 13 | labels: 14 | type: backend 15 | service: go-demo-2 16 | db: mongo 17 | language: go 18 | spec: 19 | containers: 20 | - name: db 21 | image: mongo:3.3 22 | command: ["mongod"] 23 | args: ["--rest", "--httpinterface"] 24 | ports: 25 | - containerPort: 28017 26 | protocol: TCP 27 | - name: api 28 | image: vfarcic/go-demo-2 29 | env: 30 | - name: DB 31 | value: localhost 32 | livenessProbe: 33 | httpGet: 34 | path: /demo/hello 35 | port: 8080 36 | -------------------------------------------------------------------------------- /svc/go-demo-2-svc-lb.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: go-demo-2 5 | spec: 6 | type: LoadBalancer 7 | ports: 8 | - port: 28017 9 | nodePort: 30012 10 | protocol: TCP 11 | selector: 12 | type: backend 13 | service: go-demo-2 14 | -------------------------------------------------------------------------------- /svc/go-demo-2-svc.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: go-demo-2 5 | spec: 6 | type: NodePort 7 | ports: 8 | - port: 28017 9 | nodePort: 30001 10 | protocol: TCP 11 | selector: 12 | type: backend 13 | service: go-demo-2 14 | -------------------------------------------------------------------------------- /svc/go-demo-2-swarm.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | api: 4 | image: vfarcic/go-demo-2 5 | environment: 6 | - DB=db 7 | ports: 8 | - 8080 9 | deploy: 10 | replicas: 3 11 | db: 12 | image: mongo:3.3 13 | -------------------------------------------------------------------------------- /svc/go-demo-2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: ReplicaSet 3 | metadata: 4 | name: go-demo-2-db 5 | spec: 6 | selector: 7 | matchLabels: 8 | type: db 9 | service: go-demo-2 10 | template: 11 | metadata: 12 | labels: 13 | type: db 14 | service: go-demo-2 15 | vendor: MongoLabs 16 | spec: 17 | containers: 18 | - name: db 19 | image: mongo:3.3 20 | ports: 21 | - containerPort: 28017 22 | 23 | --- 24 | 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: go-demo-2-db 29 | spec: 30 | ports: 31 | - port: 27017 32 | selector: 33 | type: db 34 | service: go-demo-2 35 | 36 | --- 37 | 38 | apiVersion: apps/v1 39 | kind: ReplicaSet 40 | metadata: 41 | name: go-demo-2-api 42 | spec: 43 | replicas: 3 44 | selector: 45 | matchLabels: 46 | type: api 47 | service: go-demo-2 48 | template: 49 | metadata: 50 | labels: 51 | type: api 52 | service: go-demo-2 53 | language: go 54 | spec: 55 | containers: 56 | - name: api 57 | image: vfarcic/go-demo-2 58 | env: 59 | - name: DB 60 | value: go-demo-2-db 61 | readinessProbe: 62 | httpGet: 63 | path: /demo/hello 64 | port: 8080 65 | periodSeconds: 1 66 | livenessProbe: 67 | httpGet: 68 | path: /demo/hello 69 | port: 8080 70 | 71 | --- 72 | 73 | apiVersion: v1 74 | kind: Service 75 | metadata: 76 | name: go-demo-2-api 77 | spec: 78 | type: NodePort 79 | ports: 80 | - port: 8080 81 | selector: 82 | type: api 83 | service: go-demo-2 84 | -------------------------------------------------------------------------------- /terraform/aks/.gitignore: -------------------------------------------------------------------------------- 1 | client_id 2 | client_secret 3 | .terraform 4 | *.tfstate* 5 | kubeconfig 6 | devops-toolkit -------------------------------------------------------------------------------- /terraform/aks/cluster.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | type = string 3 | default = "devopsparadox" 4 | } 5 | 6 | variable "location" { 7 | type = string 8 | default = "eastus" 9 | } 10 | 11 | variable "dns_prefix" { 12 | type = string 13 | default = "dop" 14 | } 15 | 16 | variable "vm_size" { 17 | type = string 18 | default = "Standard_B2s" 19 | } 20 | 21 | variable "vm_count" { 22 | type = number 23 | default = 3 24 | } 25 | 26 | variable "min_count" { 27 | type = number 28 | default = 3 29 | } 30 | 31 | variable "max_count" { 32 | type = number 33 | default = 9 34 | } 35 | 36 | variable "k8s_version" { 37 | type = string 38 | } 39 | 40 | variable "auto_scaling" { 41 | type = bool 42 | default = true 43 | } 44 | 45 | resource "azurerm_resource_group" "primary" { 46 | name = var.cluster_name 47 | location = var.location 48 | } 49 | 50 | resource "azurerm_kubernetes_cluster" "primary" { 51 | name = var.cluster_name 52 | location = azurerm_resource_group.primary.location 53 | resource_group_name = azurerm_resource_group.primary.name 54 | dns_prefix = var.dns_prefix 55 | kubernetes_version = var.k8s_version 56 | 57 | agent_pool_profile { 58 | name = "primary" 59 | enable_auto_scaling = var.auto_scaling 60 | count = var.vm_count 61 | min_count = var.min_count 62 | max_count = var.max_count 63 | vm_size = var.vm_size 64 | type = "VirtualMachineScaleSets" 65 | } 66 | service_principal { 67 | client_id = "${file("client_id")}" 68 | client_secret = "${file("client_secret")}" 69 | } 70 | } 71 | 72 | output "cluster_name" { 73 | value = var.cluster_name 74 | } 75 | 76 | output "location" { 77 | value = var.location 78 | } 79 | 80 | output "min_count" { 81 | value = var.min_count 82 | } 83 | 84 | output "max_count" { 85 | value = var.max_count 86 | } 87 | -------------------------------------------------------------------------------- /terraform/config.tf: -------------------------------------------------------------------------------- 1 | provider "digitalocean" { 2 | token = "${var.token}" 3 | } 4 | -------------------------------------------------------------------------------- /terraform/doks/.gitignore: -------------------------------------------------------------------------------- 1 | token 2 | .terraform 3 | *.tfstate* 4 | kubeconfig 5 | devops-toolkit 6 | *.tar.gz 7 | -------------------------------------------------------------------------------- /terraform/doks/cluster.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | type = string 3 | default = "devops-paradox" 4 | } 5 | 6 | variable "region" { 7 | type = string 8 | default = "nyc1" 9 | } 10 | 11 | variable "machine_type" { 12 | type = string 13 | default = "s-1vcpu-2gb" 14 | } 15 | 16 | variable "min_nodes" { 17 | type = number 18 | default = 3 19 | } 20 | 21 | variable "max_nodes" { 22 | type = number 23 | default = 9 24 | } 25 | 26 | variable "k8s_version" { 27 | type = string 28 | } 29 | 30 | provider "digitalocean" { 31 | token = "${file("token")}" 32 | } 33 | 34 | resource "digitalocean_kubernetes_cluster" "primary" { 35 | name = var.cluster_name 36 | region = var.region 37 | version = var.k8s_version 38 | 39 | node_pool { 40 | name = var.cluster_name 41 | size = var.machine_type 42 | auto_scale = true 43 | min_nodes = var.min_nodes 44 | max_nodes = var.max_nodes 45 | } 46 | } 47 | 48 | output "cluster_name" { 49 | value = var.cluster_name 50 | } 51 | 52 | output "region" { 53 | value = var.region 54 | } -------------------------------------------------------------------------------- /terraform/eks/.gitignore: -------------------------------------------------------------------------------- 1 | .terraform 2 | *.tfstate* 3 | kubeconfig 4 | devops-toolkit 5 | charts 6 | ca 7 | credentials -------------------------------------------------------------------------------- /terraform/gke-crossplane/.gitignore: -------------------------------------------------------------------------------- 1 | account.json 2 | .terraform 3 | *.tfstate* 4 | kubeconfig 5 | devops-toolkit 6 | *.tar.gz 7 | -------------------------------------------------------------------------------- /terraform/gke-crossplane/cluster.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | type = string 3 | default = "jx-cluster" 4 | } 5 | 6 | variable "project_id" { 7 | type = string 8 | default = "devops-26" 9 | } 10 | 11 | variable "region" { 12 | type = string 13 | default = "us-east1" 14 | } 15 | 16 | variable "machine_type" { 17 | type = string 18 | default = "n1-standard-2" 19 | } 20 | 21 | variable "preemptible" { 22 | type = bool 23 | default = true 24 | } 25 | 26 | variable "min_node_count" { 27 | type = number 28 | default = 1 29 | } 30 | 31 | variable "max_node_count" { 32 | type = number 33 | default = 3 34 | } 35 | 36 | variable "k8s_version" { 37 | type = string 38 | } 39 | 40 | provider "google" { 41 | credentials = "${file("account.json")}" 42 | project = var.project_id 43 | region = var.region 44 | } 45 | 46 | resource "google_container_cluster" "primary" { 47 | name = var.cluster_name 48 | location = var.region 49 | remove_default_node_pool = true 50 | initial_node_count = 1 51 | min_master_version = var.k8s_version 52 | } 53 | 54 | resource "google_container_node_pool" "primary_nodes" { 55 | name = var.cluster_name 56 | location = var.region 57 | cluster = "${google_container_cluster.primary.name}" 58 | version = var.k8s_version 59 | node_count = var.min_node_count 60 | node_config { 61 | preemptible = var.preemptible 62 | machine_type = var.machine_type 63 | oauth_scopes = [ 64 | "https://www.googleapis.com/auth/cloud-platform" 65 | ] 66 | } 67 | autoscaling { 68 | min_node_count = var.min_node_count 69 | max_node_count = var.max_node_count 70 | } 71 | management { 72 | auto_upgrade = false 73 | } 74 | timeouts { 75 | create = "15m" 76 | update = "1h" 77 | } 78 | } 79 | 80 | output "cluster_name" { 81 | value = var.cluster_name 82 | } 83 | 84 | output "region" { 85 | value = var.region 86 | } 87 | 88 | output "project_id" { 89 | value = var.project_id 90 | } 91 | -------------------------------------------------------------------------------- /terraform/gke-jx/.gitignore: -------------------------------------------------------------------------------- 1 | account.json 2 | .terraform 3 | *.tfstate* 4 | kubeconfig 5 | devops-toolkit 6 | *.tar.gz 7 | -------------------------------------------------------------------------------- /terraform/gke-jx/cluster.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | type = string 3 | default = "jx-cluster" 4 | } 5 | 6 | variable "project_id" { 7 | type = string 8 | default = "devops-26" 9 | } 10 | 11 | variable "region" { 12 | type = string 13 | default = "us-east1" 14 | } 15 | 16 | variable "machine_type" { 17 | type = string 18 | default = "n1-standard-2" 19 | } 20 | 21 | variable "preemptible" { 22 | type = bool 23 | default = true 24 | } 25 | 26 | variable "min_node_count" { 27 | type = number 28 | default = 1 29 | } 30 | 31 | variable "max_node_count" { 32 | type = number 33 | default = 3 34 | } 35 | 36 | variable "k8s_version" { 37 | type = string 38 | } 39 | 40 | provider "google" { 41 | credentials = "${file("account.json")}" 42 | project = var.project_id 43 | region = var.region 44 | } 45 | 46 | resource "google_container_cluster" "primary" { 47 | name = var.cluster_name 48 | location = var.region 49 | remove_default_node_pool = true 50 | initial_node_count = 1 51 | min_master_version = var.k8s_version 52 | } 53 | 54 | resource "google_container_node_pool" "primary_nodes" { 55 | name = var.cluster_name 56 | location = var.region 57 | cluster = "${google_container_cluster.primary.name}" 58 | version = var.k8s_version 59 | node_count = var.min_node_count 60 | node_config { 61 | preemptible = var.preemptible 62 | machine_type = var.machine_type 63 | oauth_scopes = [ 64 | "https://www.googleapis.com/auth/cloud-platform" 65 | ] 66 | } 67 | autoscaling { 68 | min_node_count = var.min_node_count 69 | max_node_count = var.max_node_count 70 | } 71 | management { 72 | auto_upgrade = false 73 | } 74 | timeouts { 75 | create = "15m" 76 | update = "1h" 77 | } 78 | } 79 | 80 | output "cluster_name" { 81 | value = var.cluster_name 82 | } 83 | 84 | output "region" { 85 | value = var.region 86 | } 87 | 88 | output "project_id" { 89 | value = var.project_id 90 | } 91 | -------------------------------------------------------------------------------- /terraform/gke/.gitignore: -------------------------------------------------------------------------------- 1 | account.json 2 | .terraform 3 | *.tfstate* 4 | kubeconfig 5 | devops-toolkit 6 | *.tar.gz 7 | -------------------------------------------------------------------------------- /terraform/gke/cluster.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | type = string 3 | default = "devops-paradox" 4 | } 5 | 6 | variable "project_id" { 7 | type = string 8 | default = "devops-26" 9 | } 10 | 11 | variable "region" { 12 | type = string 13 | default = "us-east1" 14 | } 15 | 16 | variable "machine_type" { 17 | type = string 18 | default = "g1-small" 19 | } 20 | 21 | variable "preemptible" { 22 | type = bool 23 | default = true 24 | } 25 | 26 | variable "min_node_count" { 27 | type = number 28 | default = 1 29 | } 30 | 31 | variable "max_node_count" { 32 | type = number 33 | default = 3 34 | } 35 | 36 | variable "k8s_version" { 37 | type = string 38 | } 39 | 40 | provider "google" { 41 | credentials = "${file("account.json")}" 42 | project = var.project_id 43 | region = var.region 44 | } 45 | 46 | resource "google_container_cluster" "primary" { 47 | name = var.cluster_name 48 | location = var.region 49 | remove_default_node_pool = true 50 | initial_node_count = 1 51 | min_master_version = var.k8s_version 52 | } 53 | 54 | resource "google_container_node_pool" "primary_nodes" { 55 | name = var.cluster_name 56 | location = var.region 57 | cluster = "${google_container_cluster.primary.name}" 58 | version = var.k8s_version 59 | node_count = var.min_node_count 60 | node_config { 61 | preemptible = var.preemptible 62 | machine_type = var.machine_type 63 | oauth_scopes = [ 64 | "https://www.googleapis.com/auth/cloud-platform" 65 | ] 66 | } 67 | autoscaling { 68 | min_node_count = var.min_node_count 69 | max_node_count = var.max_node_count 70 | } 71 | management { 72 | auto_upgrade = false 73 | } 74 | timeouts { 75 | create = "15m" 76 | update = "1h" 77 | } 78 | } 79 | 80 | output "cluster_name" { 81 | value = var.cluster_name 82 | } 83 | 84 | output "region" { 85 | value = var.region 86 | } 87 | 88 | output "project_id" { 89 | value = var.project_id 90 | } 91 | -------------------------------------------------------------------------------- /terraform/packer-kubernetes.json: -------------------------------------------------------------------------------- 1 | { 2 | "variables": { 3 | "do_region": "nyc3", 4 | "snapshot_name": "snapshot-kubernetes" 5 | }, 6 | "builders": [{ 7 | "type": "digitalocean", 8 | "image": "ubuntu-16-04-x64", 9 | "region": "{{ user `do_region` }}", 10 | "size": "512mb", 11 | "ssh_username": "root", 12 | "snapshot_name": "{{ user `snapshot_name` }}-{{ isotime \"2006-01-02\" }}" 13 | }], 14 | "provisioners": [{ 15 | "type": "shell", 16 | "inline": [ 17 | "sudo apt-get clean", 18 | "sudo apt-get update", 19 | "sudo apt-get install -y apt-transport-https ca-certificates", 20 | "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -", 21 | "sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"", 22 | "sudo apt-get update", 23 | "sudo apt-get install -y docker-ce=17.06.2~ce-0~ubuntu", 24 | "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - ", 25 | "sudo add-apt-repository \"deb http://apt.kubernetes.io/ kubernetes-xenial main\"", 26 | "sudo apt-get update ", 27 | "sudo apt-get install -y kubectl=1.9.7-00 kubeadm=1.9.7-00 kubelet=1.9.7-00 python-pip", 28 | "pip install s3cmd" 29 | ] 30 | }] 31 | } 32 | -------------------------------------------------------------------------------- /terraform/variables.tf: -------------------------------------------------------------------------------- 1 | variable "token" { 2 | default = "" 3 | } 4 | 5 | variable "region" { 6 | default = "nyc3" 7 | } 8 | 9 | variable "k8s_master_size" { 10 | default = "s-2vcpu-2gb" 11 | } 12 | 13 | variable "k8s_node_size" { 14 | default = "s-2vcpu-2gb" 15 | } 16 | 17 | variable "k8s_nodes" { 18 | default = "2" 19 | } 20 | 21 | variable "k8s_snapshot_id" {} 22 | 23 | variable "do_space" {} 24 | 25 | variable "space_access_key" {} 26 | 27 | variable "space_secret_key" {} 28 | -------------------------------------------------------------------------------- /volume/docker.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: docker 5 | spec: 6 | containers: 7 | - name: docker 8 | image: docker:17.11 9 | command: ["sleep"] 10 | args: ["100000"] 11 | volumeMounts: 12 | - mountPath: /var/run/docker.sock 13 | name: docker-socket 14 | volumes: 15 | - name: docker-socket 16 | hostPath: 17 | path: /var/run/docker.sock 18 | type: Socket 19 | -------------------------------------------------------------------------------- /volume/github.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: github 5 | spec: 6 | containers: 7 | - name: github 8 | image: docker:17.11 9 | command: ["sleep"] 10 | args: ["100000"] 11 | volumeMounts: 12 | - mountPath: /var/run/docker.sock 13 | name: docker-socket 14 | - mountPath: /src 15 | name: github 16 | volumes: 17 | - name: docker-socket 18 | hostPath: 19 | path: /var/run/docker.sock 20 | type: Socket 21 | - name: github 22 | gitRepo: 23 | repository: https://github.com/vfarcic/go-demo-2.git 24 | directory: . 25 | -------------------------------------------------------------------------------- /volume/jenkins-empty-dir.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: jenkins 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /jenkins 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: jenkins 18 | port: 19 | number: 8080 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: jenkins 27 | spec: 28 | selector: 29 | matchLabels: 30 | type: master 31 | service: jenkins 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | type: master 38 | service: jenkins 39 | spec: 40 | containers: 41 | - name: jenkins 42 | image: vfarcic/jenkins 43 | env: 44 | - name: JENKINS_OPTS 45 | value: --prefix=/jenkins 46 | volumeMounts: 47 | - mountPath: /var/jenkins_home 48 | name: jenkins-home 49 | volumes: 50 | - emptyDir: {} 51 | name: jenkins-home 52 | 53 | --- 54 | 55 | apiVersion: v1 56 | kind: Service 57 | metadata: 58 | name: jenkins 59 | spec: 60 | ports: 61 | - port: 8080 62 | selector: 63 | type: master 64 | service: jenkins 65 | -------------------------------------------------------------------------------- /volume/jenkins.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: jenkins 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /jenkins 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: jenkins 18 | port: 19 | number: 8080 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: jenkins 27 | spec: 28 | selector: 29 | matchLabels: 30 | type: master 31 | service: jenkins 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | type: master 38 | service: jenkins 39 | spec: 40 | containers: 41 | - name: jenkins 42 | image: vfarcic/jenkins 43 | env: 44 | - name: JENKINS_OPTS 45 | value: --prefix=/jenkins 46 | 47 | --- 48 | 49 | apiVersion: v1 50 | kind: Service 51 | metadata: 52 | name: jenkins 53 | spec: 54 | ports: 55 | - port: 8080 56 | selector: 57 | type: master 58 | service: jenkins 59 | -------------------------------------------------------------------------------- /volume/prometheus-conf-orig.yml: -------------------------------------------------------------------------------- 1 | # my global config 2 | global: 3 | scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute. 4 | evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute. 5 | # scrape_timeout is set to the global default (10s). 6 | 7 | # Alertmanager configuration 8 | alerting: 9 | alertmanagers: 10 | - static_configs: 11 | - targets: 12 | # - alertmanager:9093 13 | 14 | # Load rules once and periodically evaluate them according to the global 'evaluation_interval'. 15 | rule_files: 16 | # - "first_rules.yml" 17 | # - "second_rules.yml" 18 | 19 | # A scrape configuration containing exactly one endpoint to scrape: 20 | # Here it's Prometheus itself. 21 | scrape_configs: 22 | # The job name is added as a label `job=` to any timeseries scraped from this config. 23 | - job_name: 'prometheus' 24 | 25 | # metrics_path defaults to '/metrics' 26 | # scheme defaults to 'http'. 27 | 28 | static_configs: 29 | - targets: ['localhost:9090'] 30 | -------------------------------------------------------------------------------- /volume/prometheus-conf.yml: -------------------------------------------------------------------------------- 1 | global: 2 | scrape_interval: 15s 3 | 4 | scrape_configs: 5 | - job_name: prometheus 6 | metrics_path: /prometheus/metrics 7 | static_configs: 8 | - targets: 9 | - localhost:9090 10 | -------------------------------------------------------------------------------- /volume/prometheus-host-path.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: prometheus 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /prometheus 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: prometheus 18 | port: 19 | number: 9090 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: prometheus 27 | spec: 28 | selector: 29 | matchLabels: 30 | type: monitor 31 | service: prometheus 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | type: monitor 38 | service: prometheus 39 | spec: 40 | containers: 41 | - name: prometheus 42 | image: prom/prometheus:v2.0.0 43 | command: 44 | - /bin/prometheus 45 | args: 46 | - "--config.file=/etc/prometheus/prometheus.yml" 47 | - "--storage.tsdb.path=/prometheus" 48 | - "--web.console.libraries=/usr/share" 49 | - "--web.external-url=http://192.168.99.100/prometheus" 50 | volumeMounts: 51 | - mountPath: /etc/prometheus/prometheus.yml 52 | name: prom-conf 53 | volumes: 54 | - name: prom-conf 55 | hostPath: 56 | path: /files/prometheus-conf.yml 57 | type: File 58 | 59 | --- 60 | 61 | apiVersion: v1 62 | kind: Service 63 | metadata: 64 | name: prometheus 65 | spec: 66 | ports: 67 | - port: 9090 68 | selector: 69 | type: monitor 70 | service: prometheus 71 | -------------------------------------------------------------------------------- /volume/prometheus.yml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: prometheus 5 | annotations: 6 | kubernetes.io/ingress.class: "nginx" 7 | ingress.kubernetes.io/ssl-redirect: "false" 8 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 9 | spec: 10 | rules: 11 | - http: 12 | paths: 13 | - path: /prometheus 14 | pathType: ImplementationSpecific 15 | backend: 16 | service: 17 | name: prometheus 18 | port: 19 | number: 9090 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: prometheus 27 | spec: 28 | selector: 29 | matchLabels: 30 | type: monitor 31 | service: prometheus 32 | strategy: 33 | type: Recreate 34 | template: 35 | metadata: 36 | labels: 37 | type: monitor 38 | service: prometheus 39 | spec: 40 | containers: 41 | - name: prometheus 42 | image: prom/prometheus:v2.0.0 43 | command: 44 | - /bin/prometheus 45 | args: 46 | - "--config.file=/etc/prometheus/prometheus.yml" 47 | - "--storage.tsdb.path=/prometheus" 48 | - "--web.console.libraries=/usr/share" 49 | - "--web.external-url=http://192.168.99.100/prometheus" 50 | 51 | --- 52 | 53 | apiVersion: v1 54 | kind: Service 55 | metadata: 56 | name: prometheus 57 | spec: 58 | ports: 59 | - port: 9090 60 | selector: 61 | type: monitor 62 | service: prometheus 63 | -------------------------------------------------------------------------------- /watch.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # watch the java files and continously deploy the service 4 | make linux 5 | skaffold run -p dev 6 | reflex -r "\.go$" -- bash -c 'make linux && skaffold run -p dev' 7 | --------------------------------------------------------------------------------