Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kubernetes 3 #8

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Kubernetes 3 #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
1a3aac3
kubernetes-2
snirin Nov 23, 2023
77d6519
kubernetes-2 Восстановление образов без логирования
snirin Nov 23, 2023
6514a16
kubernetes-2
snirin Nov 23, 2023
f64fa4e
kubernetes-2
snirin Nov 23, 2023
e719f94
kubernetes-2
snirin Nov 23, 2023
8fed3af
kubernetes-2
snirin Nov 25, 2023
72b71d6
kubernetes-2
snirin Nov 25, 2023
2b429c4
kubernetes-2
snirin Nov 27, 2023
03bfe09
kubernetes-3
snirin Nov 27, 2023
393c238
kubernetes-3
snirin Nov 27, 2023
aa2f0f7
kubernetes-3
snirin Nov 27, 2023
85cb174
kubernetes-3
snirin Nov 27, 2023
4023306
kubernetes-3
snirin Nov 27, 2023
ec9124e
kubernetes-3
snirin Nov 27, 2023
7e8a21f
kubernetes-3
snirin Nov 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
110 changes: 110 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,116 @@
# snirin_microservices
snirin microservices repository

ДЗ 30 Ingress-контроллеры и сервисы в Kubernetes
1. Основное задание
2. Задание со *
- Опишите создаваемый объект Secret в виде Kubernetes-манифеста.

Для себя
Установка Ingress-контроллера NGINX с менеджером для сертификатов Let's Encrypt
https://cloud.yandex.ru/docs/managed-kubernetes/tutorials/ingress-cert-manager#install-controller

Список команд
```
kubectl exec -ti comment-664f4f9b77-9xx29 -- ping comment
kubectl exec -ti comment-664f4f9b77-9xx29 -- bash

kubectl get services -n dev
kubectl scale deployment --replicas 0 -n kube-system kube-dns-autoscaler
kubectl scale deployment --replicas 0 -n kube-system kube-dns

kubectl get service -n dev --selector component=ui

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.2/deploy/static/provider/cloud/deploy.yaml

kubectl get ns
kubectl get ingress

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=158.160.130.179"
kubectl create secret tls ui-ingress --key tls.key --cert tls.crt
kubectl describe secret ui-ingress

yc compute disk create --name k8s --size 4 --description "disk for k8s"

kubectl delete deploy mongo
kubectl apply -f mongo-deployment.yml
```


ДЗ 29 Основные модели безопасности и контроллеры в Kubernetes
1. Основное задание
Развернут кластер kubernetes в облаке с приложением
http://158.160.127.54:31088/

2. Задания со *
- Разверните Kubernetes-кластер в Yandex cloud с помощью Terraform
- Создайте YAML-манифесты для описания созданных сущностей для включения dashboard - создан файл dashboard.yml

Для себя
kubectl Cheat Sheet
https://kubernetes.io/docs/reference/kubectl/cheatsheet/

Deploy and Access the Kubernetes Dashboard
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

terraform yandex_kubernetes_cluster
https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/datasource_kubernetes_cluster

Создание кластера Managed Service for Kubernetes
https://cloud.yandex.ru/docs/managed-kubernetes/operations/kubernetes-cluster/kubernetes-cluster-create

При старте Kubernetes кластер имеет следующие namespace:
default
kube-system
kube-public
kubernetes-dashboard

Список команд
```
minikube start
kubectl get nodes
cat ~/.kube/config
kubeclt config current-context
kubectl config get-contexts
kubectl apply -f ui-deployment.yml
kubectl apply -f .
kubectl delete -f .
kubectl get deployment
kubectl get pods --selector component=ui
kubectl describe pods comment-7b69f8cd56-5v4l9
kubectl logs -f my-pod
kubectl port-forward <pod-name> 8080:9292

kubectl describe service comment | grep Endpoints
kubectl exec -ti <pod-name> nslookup comment

minikube service ui
minikube service list

kubectl get all -n kube-system --selector k8s-app=kubernetes-dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
kubectl apply -f dashboard-adminuser.yaml
kubectl proxy
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/workloads?namespace=default
kubectl -n kubernetes-dashboard create token admin-user

kubectl apply -n=dev -n=kubernetes-dashboard -f .
minikube service ui -n dev

yc managed-kubernetes cluster list
yc managed-kubernetes cluster get-credentials otus-k8s --external
kubectl cluster-info --kubeconfig /home/sergey/.kube/config
kubectl config current-context

kubectl apply -f ./kubernetes/reddit/dev-namespace.yml
kubectl apply -f ./kubernetes/reddit/ -n dev
kubectl apply -f . -n dev
kubectl get nodes -o wide
kubectl describe service ui -n dev | grep NodePort
```


ДЗ 27 Введение в Kubernetes #1
1. Основное задание
2. Задания со *
Expand Down
34 changes: 34 additions & 0 deletions docker/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
Запуск чистого приложения без логирования в облаке Яндекса
```
INSTANCE_NAME="docker-host";
yc compute instance create \
--name $INSTANCE_NAME \
--zone ru-central1-a \
--network-interface subnet-name=default-ru-central1-a,nat-ip-version=ipv4 \
--create-boot-disk image-folder-id=standard-images,image-family=ubuntu-1804-lts,size=15 \
--ssh-key ~/.ssh/appuser.pub

INSTANCE_NAME="docker-host"; IP=$(yc compute instance get $INSTANCE_NAME --format json \
| jq -r '.network_interfaces[0].primary_v4_address.one_to_one_nat.address'); \
echo $IP; \
docker-machine create \
--driver generic \
--generic-ip-address=$IP \
--generic-ssh-user yc-user \
--generic-ssh-key ~/.ssh/appuser \
$INSTANCE_NAME;

eval $(docker-machine env $INSTANCE_NAME);

ssh yc-user@$IP;

docker-machine ip $INSTANCE_NAME;

cd ../src-initial;
cd ui; docker build -t snirinnn/ui:1.0 .; docker push snirinnn/ui:1.0; cd ..;
cd post-py; docker build -t snirinnn/post:1.0 .; docker push snirinnn/post:1.0; cd ..;
cd comment; docker build -t snirinnn/comment:1.0 .; docker push snirinnn/comment:1.0; cd ..;
cd ../docker;

docker-compose -f docker-compose-initial.yml up -d;
```
36 changes: 36 additions & 0 deletions docker/docker-compose-initial.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
version: '3.3'
services:
post_db:
image: mongo:3.6
volumes:
- post_db:/data/db
networks:
back_net:
aliases:
- comment_db

ui:
image: snirinnn/ui:1.0
ports:
- 9292:9292/tcp
networks:
- front_net

post:
image: snirinnn/post:1.0
networks:
- back_net
- front_net

comment:
image: snirinnn/comment:1.0
networks:
- back_net
- front_net

volumes:
post_db:

networks:
back_net:
front_net:
23 changes: 16 additions & 7 deletions kubernetes/reddit/comment-deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,27 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: comment-deployment
name: comment
labels:
app: reddit
component: comment
spec:
replicas: 1
replicas: 3
selector:
matchLabels:
app: comment
app: reddit
component: comment
template:
metadata:
name: comment
name: comment-pod
labels:
app: comment
app: reddit
component: comment
spec:
containers:
- image: snirinnn/comment
name: comment
- image: snirinnn/comment:1.0
name: comment
env:
- name: COMMENT_DATABASE_HOST
value: comment-db
18 changes: 18 additions & 0 deletions kubernetes/reddit/comment-mongodb-service.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
apiVersion: v1
kind: Service
metadata:
name: comment-db
labels:
app: reddit
component: mongo
comment-db: "true"
spec:
ports:
- port: 27017
protocol: TCP
targetPort: 27017
selector:
app: reddit
component: mongo
comment-db: "true"
16 changes: 16 additions & 0 deletions kubernetes/reddit/comment-service.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: Service
metadata:
name: comment
labels:
app: reddit
component: comment
spec:
ports:
- port: 9292
protocol: TCP
targetPort: 9292
selector:
app: reddit
component: comment
5 changes: 5 additions & 0 deletions kubernetes/reddit/dashboard-adminuser.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
12 changes: 12 additions & 0 deletions kubernetes/reddit/dashboard-cluster-role-binding.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
Loading
Loading