kubernetes-3

Otus-DevOps-2023-05 · Nov 26, 2023 · 3bf8509 · 3bf8509
1 parent 2f3bf60
commit 3bf8509
Show file tree

Hide file tree

Showing 8 changed files with 117 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -448,3 +448,31 @@ kubectl apply -f ./kubernetes/reddit/ -n dev
 ![img.png](docs/img.png)
 ![img1.png](docs/img1.png)
 P.S. Удалил инстанс кластера т.к. домашние задания проверяются долго, а потребление кластера на YC очень дорогое.
+
+## Kubernetes-3
+### Что было сделано:
+1. Разобрался и подключил сущности Kubernetes:
+   - Ingress Controller
+   - Ingress
+   - Secret
+   - TLS
+   - LoadBalancer Service
+   - Network Policies
+   - PersistentVolumes
+   - PersistentVolumeClaims
+2. Установил ingress nginx
+```shell
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml
+```
+3. Защитил сервис с помощью TLS
+```shell
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=158.160.124.211"
+kubectl create secret tls ui-ingress --key tls.key --cert tls.crt -n dev
+```
+4. Создал диск в ya.cloud
+```shell
+yc compute disk create \
+ --name k8s \
+ --size 4 \
+ --description "disk for k8s"
+```
diff --git a/kubernetes/reddit/mongo-claim-dynamic.yml b/kubernetes/reddit/mongo-claim-dynamic.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mongo-pvc-dynamic
+  labels:
+    app: reddit
+    component: pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/kubernetes/reddit/mongo-claim.yml b/kubernetes/reddit/mongo-claim.yml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mongo-pvc
+spec:
+  storageClassName: ""
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 4Gi
+  volumeName: mongo-pv
diff --git a/kubernetes/reddit/mongo-deployment.yml b/kubernetes/reddit/mongo-deployment.yml
@@ -31,4 +31,5 @@ spec:
           mountPath: /data/db
       volumes:
       - name: mongo-persistent-storage
-        emptyDir: {}
+        persistentVolumeClaim:
+          claimName:  mongo-pvc
diff --git a/kubernetes/reddit/mongo-network-policy.yml b/kubernetes/reddit/mongo-network-policy.yml
@@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: deny-db-traffic
+  labels:
+    app: reddit
+spec:
+  podSelector:
+    matchLabels:
+      app: reddit
+      component: mongo
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          app: reddit
+          component: comment
+    - podSelector:
+        matchLabels:
+          app: reddit
+          component: post
diff --git a/kubernetes/reddit/mongo-volume.yml b/kubernetes/reddit/mongo-volume.yml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mongo-pv
+spec:
+  capacity:
+    storage: 4Gi
+  accessModes:
+    - ReadWriteOnce
+  csi:
+    driver: disk-csi-driver.mks.ycloud.io
+    fsType: ext4
+    volumeHandle: fhm2akn991odm4jric8j
diff --git a/kubernetes/reddit/ui-ingress.yml b/kubernetes/reddit/ui-ingress.yml
@@ -0,0 +1,22 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ui
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: ui.reddit.baykanurov.ru
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: ui
+            port:
+              number: 80
+  tls:
+    - hosts:
+      - ui.reddit.baykanurov.ru
+      secretName: ui-ingress
diff --git a/kubernetes/reddit/ui-service.yml b/kubernetes/reddit/ui-service.yml
@@ -9,10 +9,9 @@ metadata:
 spec:
   type: NodePort
   ports:
-  - nodePort: 32092
-    port: 80
+  - port: 9292
     protocol: TCP
     targetPort: 9292
   selector:
     app: reddit
-    component: ui
+    component: ui