新增learn-kubernetes（https://github.com/yyong-brs/learn-kubernetes）相关文件

learn/learn-kubernetes-master/kiamol/ch11/docker-images/amd64.yml

@@ -0,0 +1,11 @@
+version: "3.7"
+
+services:  
+  ch11-gogs:
+    image: kiamol/ch11-gogs:latest-linux-amd64
+
+  ch11-jenkins:
+    image: kiamol/ch11-jenkins:latest-linux-amd64
+
+  ch11-jenkins-current:
+    image: kiamol/ch11-jenkins:2.319.1-linux-amd64

learn/learn-kubernetes-master/kiamol/ch11/docker-images/arm64.yml

@@ -0,0 +1,11 @@
+version: "3.7"
+
+services:  
+  ch11-gogs:
+    image: kiamol/ch11-gogs:latest-linux-arm64
+
+  ch11-jenkins:
+    image: kiamol/ch11-jenkins:latest-linux-arm64
+
+  ch11-jenkins-current:
+    image: kiamol/ch11-jenkins:2.319.1-linux-arm64

learn/learn-kubernetes-master/kiamol/ch11/docker-images/docker-compose.yml

@@ -0,0 +1,25 @@
+version: "3.7"
+
+services:  
+  ch11-gogs:
+    image: kiamol/ch11-gogs:latest
+    build:
+      context: ./gogs
+
+  ch11-jenkins:
+    image: kiamol/ch11-jenkins:latest
+    build:
+      context: ./jenkins
+
+  ch11-jenkins-current:
+    image: kiamol/ch11-jenkins:2.319.1
+    build:
+      context: ./jenkins
+      dockerfile: Dockerfile
+      args:
+        ALPINE_VERSION: '3.15'
+        JENKINS_VERSION: '2.319.1'
+        KUBECTL_VERSION: '1.24.4-r0'
+        BUILDKIT_VERSION: 'v0.9.3'
+        HELM_VERSION: 'v3.7.2'
+

learn/learn-kubernetes-master/kiamol/ch11/docker-images/gogs/Dockerfile

@@ -0,0 +1,84 @@
+ARG ALPINE_VERSION="3.15"
+
+FROM golang:1.14-alpine3.13 AS builder
+ARG GOGS_VERSION="v0.12.3"
+
+RUN apk --no-cache --no-progress add --virtual \
+    build-deps \
+    build-base \
+    git \
+    linux-pam-dev 
+
+WORKDIR /go/src/github.com/gogs
+RUN git clone https://github.com/gogs/gogs.git && \
+    cd gogs && \
+    git checkout $GOGS_VERSION
+
+WORKDIR /go/src/github.com/gogs/gogs
+RUN go build -tags "sqlite" -o /out/gogs 
+
+FROM alpine:$ALPINE_VERSION AS download-base
+WORKDIR /downloads
+RUN echo "$(apk --print-arch)" > /arch.txt 
+RUN ARCH2= && alpineArch="$(apk --print-arch)" \
+    && case "${alpineArch##*-}" in \
+    x86_64) ARCH2='amd64' ;; \
+    aarch64) ARCH2='arm64' ;; \
+    *) echo "unsupported architecture"; exit 1 ;; \
+    esac && \
+    echo $ARCH2 > /arch2.txt 
+
+# Gogs - adapted from project Dockerfile at github.com/gogs/gogs
+FROM download-base AS gogs
+
+# Install system utils & Gogs runtime dependencies
+RUN wget -O /usr/sbin/gosu "https://github.com/tianon/gosu/releases/download/1.14/gosu-$(cat /arch2.txt)" && \
+    chmod +x /usr/sbin/gosu \
+    && echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
+    && apk --no-cache --no-progress add \
+    bash \
+    ca-certificates \
+    curl \
+    git \
+    linux-pam \
+    openssh \
+    s6 \
+    shadow \
+    socat \
+    tzdata \
+    rsync
+
+ENV GOGS_CUSTOM /data/gogs
+
+COPY --from=builder /go/src/github.com/gogs/gogs/docker/nsswitch.conf /etc/nsswitch.conf
+
+WORKDIR /app/gogs
+COPY --from=builder /go/src/github.com/gogs/gogs/docker ./docker
+COPY --from=builder /go/src/github.com/gogs/gogs/templates ./templates
+COPY --from=builder /go/src/github.com/gogs/gogs/public ./public
+COPY --from=builder /out/gogs .
+
+RUN ./docker/finalize.sh
+
+VOLUME ["/data"]
+EXPOSE 3000
+ENTRYPOINT ["/app/gogs/docker/start.sh"]
+CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"]
+
+# Customized Gogs build
+FROM gogs
+
+RUN apk add --no-cache jq
+ENV GOGS_CUSTOM=""
+
+COPY app.ini ./custom/conf/app.ini
+COPY gogs-install.txt .
+COPY init.sh .
+
+# this uses the original start script to prep the data folders:
+RUN chmod o+w ./custom/conf/app.ini && \
+    chmod +x init.sh && ./init.sh
+
+# replace with custom start script:
+COPY start.sh ./docker/start.sh
+RUN chmod +x ./docker/start.sh

learn/learn-kubernetes-master/kiamol/ch11/docker-images/gogs/app.ini

@@ -0,0 +1,17 @@
+[server]
+DISABLE_SSH = true
+APP_DATA_PATH = /data
+
+[repository]
+ROOT = /data/repositories
+
+[database]
+DB_TYPE = sqlite3
+PATH = /data/gogs.db
+
+[service]
+ENABLE_CAPTCHA = false
+
+[log]
+ROOT_PATH = /data/logs
+MODE = console, file

learn/learn-kubernetes-master/kiamol/ch11/docker-images/gogs/gogs-install.txt

@@ -0,0 +1 @@
+db_type=SQLite3&db_host=127.0.0.1%3A3306&db_user=root&db_passwd=&db_name=gogs&ssl_mode=disable&db_path=%2Fdata%2Fgogs.db&app_name=Gogs&repo_root_path=%2Fdata%2Frepositories&run_user=git&domain=localhost&ssh_port=22&http_port=3000&app_url=http%3A%2F%2Flocalhost%3A3000%2F&log_root_path=%2Fdata%2Flogs&smtp_host=&smtp_from=&smtp_user=&smtp_passwd=&admin_name=kiamol&admin_passwd=kiamol&admin_confirm_passwd=kiamol&admin_email=reader%40kiamol.net

learn/learn-kubernetes-master/kiamol/ch11/docker-images/gogs/init.sh

@@ -0,0 +1,22 @@
+# /bin/sh
+
+# start Gogs and give it time to spin up
+/app/gogs/docker/start.sh & sleep 5
+
+# finsh installation
+curl -d @gogs-install.txt http://localhost:3000/install
+
+# create user auth token
+curl -q -X POST -H 'Content-Type: application/json' -d '{"name": "api"}' --user kiamol:kiamol http://localhost:3000/api/v1/users/kiamol/tokens > response.json
+token=$(cat response.json | jq '.sha1' -r)
+rm -f token.json
+
+# create repo
+curl -q -X POST -H 'Content-Type: application/json' -d '{
+  "name": "kiamol",
+  "description": "kiamol source code",
+  "private": false
+}' "http://localhost:3000/api/v1/user/repos?token=$token"
+
+# move the data from the volume to a directory in the image
+cp -r /data /init-data

learn/learn-kubernetes-master/kiamol/ch11/docker-images/gogs/start.sh

@@ -0,0 +1,86 @@
+#!/bin/sh
+
+create_socat_links() {
+    # Bind linked docker container to localhost socket using socat
+    USED_PORT="3000:22"
+    while read -r NAME ADDR PORT; do
+        if test -z "$NAME$ADDR$PORT"; then
+            continue
+        elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then
+            echo "init:socat  | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2
+        else
+            SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT}
+            mkdir -p "${SERV_FOLDER}"
+            CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}"
+            # shellcheck disable=SC2039,SC3037
+            echo -e "#!/bin/sh\nexec $CMD" > "${SERV_FOLDER}"/run
+            chmod +x "${SERV_FOLDER}"/run
+            USED_PORT="${USED_PORT}:${PORT}"
+            echo "init:socat  | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2
+        fi
+    done << EOT
+    $(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p')
+EOT
+}
+
+cleanup() {
+    # Cleanup SOCAT services and s6 event folder
+    # On start and on shutdown in case container has been killed
+    rm -rf "$(find /app/gogs/docker/s6/ -name 'event')"
+    rm -rf /app/gogs/docker/s6/SOCAT_*
+}
+
+create_volume_subfolder() {
+    # Modify the owner of /data dir, make $USER(git) user have permission to create sub-dir in /data.
+    chown -R "$USER:$USER" /data
+
+    # COURSELABS - copy from init folder if no data:
+    if ! test -d /data/gogs.db; then
+        if test -d /init-data; then 
+            gosu $USER cp -r /init-data/* /data/
+        fi
+    fi
+
+    # Create VOLUME subfolder
+    for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do
+        if ! test -d $f; then
+            gosu "$USER" mkdir -p $f
+        fi
+    done
+}
+
+setids() {
+    export USER=git
+    PUID=${PUID:-1000}
+    PGID=${PGID:-1000}
+    groupmod -o -g "$PGID" $USER
+    usermod -o -u "$PUID" $USER
+}
+
+setids
+cleanup
+create_volume_subfolder
+
+LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]')
+if [ "$LINK" = "false" ] || [ "$LINK" = "0" ]; then
+    echo "init:socat  | Will not try to create socat links as requested" 1>&2
+else
+    create_socat_links
+fi
+
+CROND=$(echo "$RUN_CROND" | tr '[:upper:]' '[:lower:]')
+if [ "$CROND" = "true" ] || [ "$CROND" = "1" ]; then
+    echo "init:crond  | Cron Daemon (crond) will be run as requested by s6" 1>&2
+    rm -f /app/gogs/docker/s6/crond/down
+    /bin/sh /app/gogs/docker/runtime/backup-init.sh "${PUID}"
+else
+    # Tell s6 not to run the crond service
+    touch /app/gogs/docker/s6/crond/down
+fi
+
+# Exec CMD or S6 by default if nothing present
+if [ $# -gt 0 ];then
+    exec "$@"
+else
+    exec /bin/s6-svscan /app/gogs/docker/s6/
+fi

learn/learn-kubernetes-master/kiamol/ch11/docker-images/jenkins/Dockerfile

@@ -0,0 +1,61 @@
+ARG ALPINE_VERSION="3.15"
+FROM alpine:$ALPINE_VERSION AS download-base
+WORKDIR /downloads
+RUN echo "$(apk --print-arch)" > /arch.txt 
+RUN ARCH2= && alpineArch="$(apk --print-arch)" \
+    && case "${alpineArch##*-}" in \
+    x86_64) ARCH2='amd64' ;; \
+    aarch64) ARCH2='arm64' ;; \
+    *) echo "unsupported architecture"; exit 1 ;; \
+    esac && \
+    echo $ARCH2 > /arch2.txt 
+
+FROM download-base AS packages
+ARG KUBECTL_VERSION="1.24.4-r0"
+RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \
+    kubectl=$KUBECTL_VERSION
+
+FROM download-base AS buildkit
+ARG BUILDKIT_VERSION="v0.9.0"
+RUN wget -O buildkit.tar.gz "https://github.com/moby/buildkit/releases/download/$BUILDKIT_VERSION/buildkit-$BUILDKIT_VERSION.linux-$(cat /arch2.txt).tar.gz"
+RUN tar xvf buildkit.tar.gz
+
+FROM download-base AS helm
+ARG HELM_VERSION="v3.6.2"
+RUN wget -O helm.tar.gz "https://get.helm.sh/helm-$HELM_VERSION-linux-$(cat /arch2.txt).tar.gz"
+RUN tar xvf helm.tar.gz --strip-components 1
+
+FROM download-base AS jenkins
+ARG JENKINS_VERSION="2.319.1"
+RUN wget http://mirrors.jenkins.io/war-stable/$JENKINS_VERSION/jenkins.war
+
+# Jenkins
+FROM alpine:$ALPINE_VERSION
+
+# jenkins deps
+RUN apk add --no-cache \
+    bash \
+    coreutils \
+    jq \
+    git \
+    openjdk11 \
+    openssh-client \
+    ttf-dejavu \
+    unzip 
+
+ENV JENKINS_HOME="/data"
+VOLUME ${JENKINS_HOME}
+    
+EXPOSE 8080
+ENTRYPOINT /start.sh
+
+COPY --from=packages /usr/bin/kubectl /usr/bin/kubectl
+COPY --from=buildkit /downloads/bin/buildctl /usr/bin/buildctl
+COPY --from=helm /downloads/helm /usr/bin/helm
+COPY --from=jenkins /downloads/jenkins.war /jenkins/jenkins.war
+
+COPY ./jenkins.install.UpgradeWizard.state ${JENKINS_HOME}/
+COPY ./scripts/ ${JENKINS_HOME}/init.groovy.d/
+COPY start.sh /
+
+RUN chmod +x /start.sh

learn/learn-kubernetes-master/kiamol/ch11/docker-images/jenkins/jenkins.install.UpgradeWizard.state

@@ -0,0 +1 @@
+2.0

learn/learn-kubernetes-master/kiamol/ch11/docker-images/jenkins/scripts/admin.groovy

@@ -0,0 +1,23 @@
+#!groovy
+
+import jenkins.install.*;
+import jenkins.model.*
+import jenkins.security.s2m.AdminWhitelistRule
+import hudson.security.*
+import hudson.util.*;
+
+def instance = Jenkins.getInstance()
+
+def username = "kiamol"
+def password = "kiamol"
+
+def hudsonRealm = new HudsonPrivateSecurityRealm(false)
+hudsonRealm.createAccount(username, password)
+instance.setSecurityRealm(hudsonRealm)
+
+def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
+instance.setAuthorizationStrategy(strategy)
+instance.setInstallState(InstallState.INITIAL_SETUP_COMPLETED)
+instance.save()
+
+Jenkins.instance.getInjector().getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false)

learn/learn-kubernetes-master/kiamol/ch11/docker-images/jenkins/scripts/install-plugins.groovy

@@ -0,0 +1,15 @@
+#!groovy
+
+import jenkins.model.Jenkins;
+
+pm = Jenkins.instance.pluginManager
+uc = Jenkins.instance.updateCenter
+
+pm.doCheckUpdatesServer()
+
+["git", "workflow-aggregator"].each {
+    if (! pm.getPlugin(it)) {
+    deployment = uc.getPlugin(it).deploy(true)
+    deployment.get()
+    }
+}

learn/learn-kubernetes-master/kiamol/ch11/docker-images/jenkins/scripts/pipelines.groovy

@@ -0,0 +1,26 @@
+import jenkins.*
+import jenkins.model.*
+import hudson.*
+import hudson.model.*
+
+import hudson.plugins.git.*;
+import hudson.triggers.SCMTrigger;
+import org.jenkinsci.plugins.workflow.job.WorkflowJob;
+import org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition;
+
+def gitUser = "kiamol"
+def gitRepo = "kiamol"
+def gitUrl = "http://gogs:3000/${gitUser}/${gitRepo}.git"
+
+def jenkins = Jenkins.instance;
+
+def scm = new GitSCM(gitUrl)
+scm.branches = [new BranchSpec("*/master")];
+def workflowJob = new WorkflowJob(jenkins, "${gitRepo}");
+workflowJob.definition = new CpsScmFlowDefinition(scm, "ch11/bulletin-board/Jenkinsfile");
+def gitTrigger = new SCMTrigger("* * * * *");
+workflowJob.addTrigger(gitTrigger);
+workflowJob.disabled = true;
+workflowJob.save();
+
+jenkins.reload()

learn/learn-kubernetes-master/kiamol/ch11/docker-images/jenkins/start.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# set up access to Kube API
+kubectl config set-cluster default --server=https://kubernetes.default.svc.cluster.local --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+kubectl config set-context default --cluster=default
+kubectl config set-credentials user --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+kubectl config set-context default --user=user
+kubectl config use-context default
+
+# promote registry details to env:
+registry=$(cat ~/.docker/config.json | jq '.auths' | jq 'keys[0]' -r)
+if [ "$registry" = "https://index.docker.io/v1/" ]; then export REGISTRY_SERVER='docker.io'; else export REGISTRY_SERVER=$registry; fi
+export REGISTRY_USER=$(cat ~/.docker/config.json | jq '.auths[].username' -r)
+echo "*** Using registry: $REGISTRY_SERVER, with user: $REGISTRY_USER ***"
+
+# run Jenkins
+java -Duser.home=${JENKINS_HOME} -Djenkins.install.runSetupWizard=false -jar /jenkins/jenkins.war

learn/learn-kubernetes-master/kiamol/ch11/docker-images/push-manifests.ps1

@@ -0,0 +1,10 @@
+$images=$(yq e '.services.[].image' docker-compose.yml)
+
+foreach ($image in $images)
+{    
+    docker manifest create --amend $image `
+      "$($image)-linux-arm64" `
+      "$($image)-linux-amd64"
+    
+    docker manifest push $image
+}