HTY1024/kubernetes-yaml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

新增learn-kubernetes(https://github.com/yyong-brs/learn-kubernetes)相关文件

Browse Source
This commit is contained in:
huty
2024-02-20 17:15:27 +08:00
committed by huty
parent 6706e1a633
commit 34158042ad
1529 changed files with 177765 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
learn/learn-kubernetes-master/kiamol/ch15/docker-images/amd64.yml Normal file
View File

@@ -0,0 +1,5 @@
version: "3.7"
services:
ch15-cert-generator:
image: kiamol/ch15-cert-generator:latest-linux-amd64

5
learn/learn-kubernetes-master/kiamol/ch15/docker-images/arm64.yml Normal file
View File

@@ -0,0 +1,5 @@
version: "3.7"
services:
ch15-cert-generator:
image: kiamol/ch15-cert-generator:latest-linux-arm64

15
learn/learn-kubernetes-master/kiamol/ch15/docker-images/cert-generator/Dockerfile Normal file
View File

@@ -0,0 +1,15 @@
FROM alpine:3.12
RUN apk add --no-cache openssl
RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing kubectl
COPY start.sh /
RUN chmod +x /start.sh
ENV HOST_NAME="kiamol.local" \
HOST_IP="127.0.0.1" \
SAN="DNS:hello.kiamol.local,DNS:vweb.kiamol.local,DNS:todo.kiamol.local,DNS:todo2.kiamol.local,DNS:pi.kiamol.local" \
EXPIRY_DAYS=730
WORKDIR /certs
CMD /start.sh ${HOST_NAME} ${HOST_IP} ${SAN} ${EXPIRY_DAYS}

47
learn/learn-kubernetes-master/kiamol/ch15/docker-images/cert-generator/start.sh Normal file
View File

@@ -0,0 +1,47 @@
#!/bin/sh
echo ----------------
echo "Generating certs - hostname: $HOST_NAME; IP: $HOST_IP; SAN: $SAN, expiry days: $EXPIRY_DAYS"
echo ----------------
openssl rand -base64 32 > ca.password
openssl genrsa -aes256 -passout file:ca.password -out ca-key.pem 4096
openssl req -subj "/C=UK/ST=LONDON/L=London/O=KIAMOL/OU=elton" -new -x509 -days $EXPIRY_DAYS -passin file:ca.password -key ca-key.pem -sha256 -out ca.pem
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST_NAME" -sha256 -new -key server-key.pem -out server.csr
echo "subjectAltName = $SAN" >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days $EXPIRY_DAYS -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile extfile.cnf -passin file:ca.password
rm *.cnf
rm *.csr
rm *.srl
echo ----------------
echo Certs generated.
echo ----------------
if [ -n "$CREATE_SECRET" ]; then
# set up access to Kube API
kubectl config set-cluster default --server=https://kubernetes.default.svc.cluster.local --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubectl config set-context default --cluster=default
kubectl config set-credentials user --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
kubectl config set-context default --user=user
kubectl config use-context default
mv server-cert.pem tls.crt
mv server-key.pem tls.key
kubectl create secret tls $CREATE_SECRET --key=tls.key --cert=tls.crt
kubectl label secret $CREATE_SECRET kiamol=$SECRET_LABEL
echo ---------------
echo Created secret.
echo ---------------
openssl base64 -A <"ca.pem" > ca.base64
fi
trap : TERM INT; (while true; do sleep 1000; done) & wait

7
learn/learn-kubernetes-master/kiamol/ch15/docker-images/docker-compose.yml Normal file
View File

@@ -0,0 +1,7 @@
version: "3.7"
services:
ch15-cert-generator:
image: kiamol/ch15-cert-generator:latest
build:
context: ./cert-generator

10
learn/learn-kubernetes-master/kiamol/ch15/docker-images/push-manifests.ps1 Normal file
View File

@@ -0,0 +1,10 @@
$images=$(yq e '.services.[].image' docker-compose.yml)
foreach ($image in $images)
{
docker manifest create --amend $image `
"$($image)-linux-arm64" `
"$($image)-linux-amd64"
docker manifest push $image
}