HTY1024/kubernetes-yaml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

新增learn-kubernetes(https://github.com/yyong-brs/learn-kubernetes)相关文件

Browse Source
This commit is contained in:
huty
2024-02-20 17:15:27 +08:00
committed by huty
parent 6706e1a633
commit 34158042ad
1529 changed files with 177765 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
learn/learn-kubernetes-master/kiamol/ch01/aks/README.md Normal file
View File

@@ -0,0 +1,37 @@
# A Kubernetes lab cluster in AKS
You'll need the [az](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest) command installed and authenticated to your Azure subscription with the `az login` command.
## Setup
Create resource group:
```
az group create --name kiamol --location eastus
```
Check the supported versions of Kubernetes:
```
az aks get-versions --location eastus -o table
```
Create cluster - using one of the supported versions:
```
az aks create -g kiamol -n kiamol-aks --node-count 1 --kubernetes-version 1.18.14
```
Get credentials to use the cluster with Kubectl:
```
az aks get-credentials --resource-group kiamol --name kiamol-aks
```
## Teardown
Delete the resource group which will remove the cluster:
```
az group delete --name kiamol
```

11
learn/learn-kubernetes-master/kiamol/ch01/kind-metallb/README.md Normal file
View File

@@ -0,0 +1,11 @@
# DEPRECATED
Readers found lots of issues using Kind, so the recommendation for your lab environment is either:
* Docker Desktop (on Mac or Windows)
* K3s with Docker (on Linux)
K3s comes with LoadBalancer support built in and works well across different OSes.
See [vagrant-k3s](../vagrant-k3s/README.md) to run K3s in a VM with Vagrant.

310
learn/learn-kubernetes-master/kiamol/ch01/kind-metallb/config.yaml Normal file
View File

@@ -0,0 +1,310 @@
# https://raw.githubusercontent.com/google/metallb/v0.8.3/manifests/metallb.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
app: metallb
name: metallb-system
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
labels:
app: metallb
name: speaker
namespace: metallb-system
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
fsGroup:
rule: RunAsAny
hostNetwork: true
hostPorts:
- max: 7472
min: 7472
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- "*"
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: controller
namespace: metallb-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: speaker
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: metallb
name: metallb-system:controller
rules:
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- services/status
verbs:
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: metallb
name: metallb-system:speaker
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
resourceNames:
- speaker
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: metallb
name: config-watcher
namespace: metallb-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: metallb
name: metallb-system:controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-system:controller
subjects:
- kind: ServiceAccount
name: controller
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: metallb
name: metallb-system:speaker
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-system:speaker
subjects:
- kind: ServiceAccount
name: speaker
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: metallb
name: config-watcher
namespace: metallb-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: config-watcher
subjects:
- kind: ServiceAccount
name: controller
- kind: ServiceAccount
name: speaker
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: metallb
component: speaker
name: speaker
namespace: metallb-system
spec:
selector:
matchLabels:
app: metallb
component: speaker
template:
metadata:
annotations:
prometheus.io/port: "7472"
prometheus.io/scrape: "true"
labels:
app: metallb
component: speaker
spec:
containers:
- args:
- --port=7472
- --config=config
env:
- name: METALLB_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: METALLB_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
image: metallb/speaker:v0.8.2
imagePullPolicy: IfNotPresent
name: speaker
ports:
- containerPort: 7472
name: monitoring
resources:
limits:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
drop:
- ALL
readOnlyRootFilesystem: true
hostNetwork: true
nodeSelector:
beta.kubernetes.io/os: linux
serviceAccountName: speaker
terminationGracePeriodSeconds: 0
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: metallb
component: controller
name: controller
namespace: metallb-system
spec:
revisionHistoryLimit: 3
selector:
matchLabels:
app: metallb
component: controller
template:
metadata:
annotations:
prometheus.io/port: "7472"
prometheus.io/scrape: "true"
labels:
app: metallb
component: controller
spec:
containers:
- args:
- --port=7472
- --config=config
image: metallb/controller:v0.8.2
imagePullPolicy: IfNotPresent
name: controller
ports:
- containerPort: 7472
name: monitoring
resources:
limits:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: controller
terminationGracePeriodSeconds: 0
---
# https://gist.githubusercontent.com/mauilion/0042629742f1ec564c04d596f8244c56/raw/km-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 172.17.255.1-172.17.255.250
---

11
learn/learn-kubernetes-master/kiamol/ch01/kind/README.md Normal file
View File

@@ -0,0 +1,11 @@
# DEPRECATED
Readers found lots of issues using Kind, so the recommendation for your lab environment is either:
* Docker Desktop (on Mac or Windows)
* K3s with Docker (on Linux)
K3s comes with LoadBalancer support built in and works well across different OSes.
See [vagrant-k3s](../vagrant-k3s/README.md) to run K3s in a VM with Vagrant.

427
learn/learn-kubernetes-master/kiamol/ch01/kind/lb.yaml Normal file
View File

@@ -0,0 +1,427 @@
# add LoadBalancer support to Kind - see https://github.com/kubernetes-sigs/kind/issues/702
# https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: metallb-system
labels:
app: metallb
---
# https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
labels:
app: metallb
name: controller
namespace: metallb-system
spec:
allowPrivilegeEscalation: false
allowedCapabilities: []
allowedHostPaths: []
defaultAddCapabilities: []
defaultAllowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
hostIPC: false
hostNetwork: false
hostPID: false
privileged: false
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
ranges:
- max: 65535
min: 1
rule: MustRunAs
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- configMap
- secret
- emptyDir
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
labels:
app: metallb
name: speaker
namespace: metallb-system
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
allowedHostPaths: []
defaultAddCapabilities: []
defaultAllowPrivilegeEscalation: false
fsGroup:
rule: RunAsAny
hostIPC: false
hostNetwork: true
hostPID: false
hostPorts:
- max: 7472
min: 7472
privileged: true
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- configMap
- secret
- emptyDir
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: controller
namespace: metallb-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: metallb
name: speaker
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: metallb
name: metallb-system:controller
rules:
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- update
- apiGroups:
- ''
resources:
- services/status
verbs:
- update
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- policy
resourceNames:
- controller
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: metallb
name: metallb-system:speaker
rules:
- apiGroups:
- ''
resources:
- services
- endpoints
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- policy
resourceNames:
- speaker
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: metallb
name: config-watcher
namespace: metallb-system
rules:
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: metallb
name: pod-lister
namespace: metallb-system
rules:
- apiGroups:
- ''
resources:
- pods
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: metallb
name: metallb-system:controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-system:controller
subjects:
- kind: ServiceAccount
name: controller
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: metallb
name: metallb-system:speaker
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: metallb-system:speaker
subjects:
- kind: ServiceAccount
name: speaker
namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: metallb
name: config-watcher
namespace: metallb-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: config-watcher
subjects:
- kind: ServiceAccount
name: controller
- kind: ServiceAccount
name: speaker
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: metallb
name: pod-lister
namespace: metallb-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pod-lister
subjects:
- kind: ServiceAccount
name: speaker
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: metallb
component: speaker
name: speaker
namespace: metallb-system
spec:
selector:
matchLabels:
app: metallb
component: speaker
template:
metadata:
annotations:
prometheus.io/port: '7472'
prometheus.io/scrape: 'true'
labels:
app: metallb
component: speaker
spec:
containers:
- args:
- --port=7472
- --config=config
env:
- name: METALLB_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: METALLB_HOST
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: METALLB_ML_BIND_ADDR
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: METALLB_ML_LABELS
value: "app=metallb,component=speaker"
- name: METALLB_ML_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: METALLB_ML_SECRET_KEY
valueFrom:
secretKeyRef:
name: memberlist
key: secretkey
image: metallb/speaker:v0.9.3
imagePullPolicy: Always
name: speaker
ports:
- containerPort: 7472
name: monitoring
resources:
limits:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
drop:
- ALL
readOnlyRootFilesystem: true
hostNetwork: true
nodeSelector:
beta.kubernetes.io/os: linux
serviceAccountName: speaker
terminationGracePeriodSeconds: 2
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: metallb
component: controller
name: controller
namespace: metallb-system
spec:
revisionHistoryLimit: 3
selector:
matchLabels:
app: metallb
component: controller
template:
metadata:
annotations:
prometheus.io/port: '7472'
prometheus.io/scrape: 'true'
labels:
app: metallb
component: controller
spec:
containers:
- args:
- --port=7472
- --config=config
image: metallb/controller:v0.9.3
imagePullPolicy: Always
name: controller
ports:
- containerPort: 7472
name: monitoring
resources:
limits:
cpu: 100m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
nodeSelector:
beta.kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: controller
terminationGracePeriodSeconds: 0
---
apiVersion: v1
kind: Secret
metadata:
namespace: metallb-system
name: memberlist
type: Opaque
stringData:
secretkey: "kiamol-kind"
---
# https://gist.githubusercontent.com/mauilion/0042629742f1ec564c04d596f8244c56/raw/km-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 172.17.255.1-172.17.255.250
---

45
learn/learn-kubernetes-master/kiamol/ch01/vagrant-k3s/README.md Normal file
View File

@@ -0,0 +1,45 @@
# Using Vagrant to run K3s
This configures a virtual machine which installs Docker and K3s.
## Pre-requisites
You need to install [Vagrant](https://www.vagrantup.com) and use one of the supported VM providers:
* Hyper-V on Windows
* VirtualBox on Linux, Windows or Mac
> Pull requests to add support for other providers is welcome :)
## Usage
From this directory run:
```
vagrant up
```
The first time you run this it will take a while to download the base VM, but subsequent runs will be fast.
Connect to the VM:
```
vagrant ssh
```
The VM mounts the `kiamol` folder on your host into the VM, so you can get to all the source for the book from here:
```
cd /kiamol
```
## Teardown
Use one of these options:
* `vagrant suspend` to suspend the VM which keeps your current state
* `vagrant halt` to stop the VM
* `vagrant destroy` to remove the VM altogether

26
learn/learn-kubernetes-master/kiamol/ch01/vagrant-k3s/Vagrantfile vendored Normal file
View File

@@ -0,0 +1,26 @@
Vagrant.configure("2") do |config|
config.vm.define "kiamol" do |kiamol|
kiamol.vm.box = "bento/ubuntu-20.04"
kiamol.vm.hostname = "kiamol"
kiamol.vm.network "private_network", type: "dhcp"
kiamol.vm.provision "shell", path: "setup.sh"
kiamol.vm.provision "shell", path: "kiamol.sh", privileged: false
kiamol.vm.synced_folder "../..", "/kiamol"
kiamol.vm.provider :hyperv do |v|
v.vmname = "kiamol"
v.maxmemory = 3000
v.cpus = 2
end
kiamol.vm.provider :virtualbox do |v|
v.name = "kiamol"
v.memory = 3000
v.cpus = 2
end
end
end

13
learn/learn-kubernetes-master/kiamol/ch01/vagrant-k3s/kiamol.sh Normal file
View File

@@ -0,0 +1,13 @@
#!/bin/bash
echo '---------'
echo "kiamol.sh as: $(whoami)"
echo '---------'
# set MOTD
sudo sh -c 'echo "\n** Learn Kubernetes in a Month of Lunches **\n** https://kiamol.net **\nSource is in /kiamol\n" > /etc/motd'
# add aliases:
echo "alias k='kubectl'" >> ~/.bashrc
echo "alias d='docker'" >> ~/.bashrc
echo "alias cls='clear'" >> ~/.bashrc

27
learn/learn-kubernetes-master/kiamol/ch01/vagrant-k3s/setup.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
echo '--------'
echo "setup.sh as: $(whoami)"
echo '--------'
hostname -I | awk '{print $NF}' > /tmp/ip.txt
# turn off swap - for the Kubelet
swapoff -a
sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab
# install Docker
curl -fsSL https://get.docker.com | sh
# use Docker without sudo
sudo usermod -aG docker vagrant
# install Docker Compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
# install Helm
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
# install K3s
curl -sfL https://get.k3s.io | sh -s - --docker --disable=traefik --write-kubeconfig-mode=644

42
learn/learn-kubernetes-master/kiamol/ch01/vagrant/README.md Normal file
View File

@@ -0,0 +1,42 @@
# Using Vagrant to run KinD
This configures a virtual machine which installs Docker and KinD.
## Pre-requisites
You need to install [Vagrant](https://www.vagrantup.com) and use one of the supported VM providers:
* Hyper-V on Windows
* VirtualBox on Linux, Windows or Mac
> Pull requests to add support for other providers is welcome :)
## Usage
From this directory run:
```
vagrant up
```
The first time you run this it will take a while to download the base VM, but subsequent runs will be fast.
Connect to the VM:
```
vagrant ssh
```
The VM mounts the `kiamol` folder on your host into the VM, so you can get to all the source for the book from here:
```
cd /kiamol
```
## Teardown
Use one of these options:
* `vagrant suspend` to suspend the VM which keeps your current state
* `vagrant halt` to stop the VM
* `vagrant destroy` to remove the VM altogether

26
learn/learn-kubernetes-master/kiamol/ch01/vagrant/Vagrantfile vendored Normal file
View File

@@ -0,0 +1,26 @@
Vagrant.configure("2") do |config|
config.vm.define "kiamol" do |kiamol|
kiamol.vm.box = "bento/ubuntu-16.04" # 20.04 uses resolved which messes with Kind's DNS
kiamol.vm.hostname = "kiamol"
kiamol.vm.network "private_network", type: "dhcp"
kiamol.vm.provision "shell", path: "setup.sh"
kiamol.vm.provision "shell", path: "kiamol.sh", privileged: false
kiamol.vm.synced_folder "../..", "/kiamol"
kiamol.vm.provider :hyperv do |v|
v.vmname = "kiamol"
v.maxmemory = 3000
v.cpus = 2
end
kiamol.vm.provider :virtualbox do |v|
v.name = "kiamol"
v.memory = 3000
v.cpus = 2
end
end
end

17
learn/learn-kubernetes-master/kiamol/ch01/vagrant/kiamol.sh Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
echo '---------'
echo "kiamol.sh as: $(whoami)"
echo '---------'
# create the cluster
mkdir -p ~/.kube
sudo kind create cluster --image kindest/node:v1.18.8 --name kiamol --kubeconfig /home/vagrant/.kube/config
sudo chown vagrant ~/.kube/config
# set MOTD
sudo sh -c 'echo "\n** Learn Kubernetes in a Month of Lunches **\n** https://kiamol.net **\nSource is in /kiamol\nIf Kubectl does not respond, start the Kind container with:\n docker start kiamol-control-plane\n" > /etc/motd'
# add aliases:
echo "alias k='kubectl'" >> ~/.bashrc
echo "alias d='docker'" >> ~/.bashrc

53
learn/learn-kubernetes-master/kiamol/ch01/vagrant/setup.sh Normal file
View File

@@ -0,0 +1,53 @@
#!/bin/bash
echo '--------'
echo "setup.sh as: $(whoami)"
echo '--------'
DOCKER_VERSION="5:19.03.12~3-0~ubuntu-xenial"
KUBERNETES_VERSION="1.18.8-00"
hostname -I | awk '{print $NF}' > /tmp/ip.txt
# turn off swap - for the Kubelet
swapoff -a
sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab
# install Docker
apt-get update
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
apt-get update
apt-get install -y \
docker-ce=$DOCKER_VERSION \
docker-ce-cli=$DOCKER_VERSION \
containerd.io
# use Docker & Kind without sudo:
sudo usermod -aG docker vagrant
# install Kubectl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
add-apt-repository "deb https://apt.kubernetes.io/ kubernetes-xenial main"
apt-get update
apt-get install -y \
kubectl=$KUBERNETES_VERSION
# install Helm
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
# install Kind
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.8.1/kind-$(uname)-amd64
chmod +x ./kind
mv ./kind /usr/local/bin/kind