HTY1024/kubernetes-yaml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

新增learn-kubernetes(https://github.com/yyong-brs/learn-kubernetes)相关文件

Browse Source
This commit is contained in:
huty
2024-02-20 17:15:27 +08:00
committed by huty
parent 6706e1a633
commit 34158042ad
1529 changed files with 177765 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
learn/learn-kubernetes-master/kiamol/ch15/lab/README.md Normal file
View File

@@ -0,0 +1,51 @@
# Ch15 lab
## Setup
Deploy the ingress controller:
```
kubectl apply -f lab/ingress-nginx/
```
## Sample Solution
The background info is in the [Nginx ingress controller spec](./ingress-nginx/nginx-ingress-controller.yaml)
- it's set to monitor one namespace with the argument: `--watch-namespace=kiamol-ch15-lab`
- it uses a custom ingress class name: `--ingress-class=nginx-lab`
Deploy the app to the correct namespace:
```
kubectl apply -f lab/apod/ -n kiamol-ch15-lab
```
My Ingress specs for the [API](./solution/ingress-api.yaml) and the [website](./solution/ingress-web.yaml) specify the ingress class and the rate limit in annotations:
```
kubectl apply -f lab/solution/ -n kiamol-ch15-lab
```
Add the domain to your hosts file (use .sh script file on Linux/macOS):
```
./add-to-hosts.ps1 api.apod.local ingress-lab
./add-to-hosts.ps1 web.apod.local ingress-lab
```
> Browse to http://www.apod.local/ and http://api.apod.local/image and you'll get responses
> Refresh a lot and you'll get a 503 error:
![503 from a rate-limiting ingress controller](./docs/503.png)
## Teardown
Remove the lab namespaces:
```
kubectl delete ns -l kiamol=ch15-lab
```

32
learn/learn-kubernetes-master/kiamol/ch15/lab/apod/api.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v1
kind: Service
metadata:
name: apod-api
spec:
ports:
- port: 80
targetPort: api
selector:
app: apod-api
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apod-api
spec:
selector:
matchLabels:
app: apod-api
template:
metadata:
labels:
app: apod-api
spec:
containers:
- name: api
image: kiamol/ch14-image-of-the-day
ports:
- containerPort: 80
name: api

32
learn/learn-kubernetes-master/kiamol/ch15/lab/apod/log.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v1
kind: Service
metadata:
name: apod-log
spec:
ports:
- port: 80
targetPort: api
selector:
app: apod-log
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apod-log
spec:
selector:
matchLabels:
app: apod-log
template:
metadata:
labels:
app: apod-log
spec:
containers:
- name: api
image: kiamol/ch14-access-log
ports:
- containerPort: 80
name: api

31
learn/learn-kubernetes-master/kiamol/ch15/lab/apod/web.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: v1
kind: Service
metadata:
name: apod-web
spec:
ports:
- port: 80
targetPort: web
selector:
app: apod-web
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apod-web
spec:
selector:
matchLabels:
app: apod-web
template:
metadata:
labels:
app: apod-web
spec:
containers:
- name: web
image: kiamol/ch14-image-gallery
ports:
- containerPort: 80
name: web

BIN
learn/learn-kubernetes-master/kiamol/ch15/lab/docs/503.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 185 KiB

268
learn/learn-kubernetes-master/kiamol/ch15/lab/ingress-nginx/nginx-ingress-controller.yaml Normal file
View File

@@ -0,0 +1,268 @@
apiVersion: v1
kind: Namespace
metadata:
name: kiamol-ch15-lab
labels:
kiamol: ch15-lab
---
apiVersion: v1
kind: Namespace
metadata:
name: kiamol-ingress-lab
labels:
kiamol: ch15-lab
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ingress-lab-controller
namespace: kiamol-ingress-lab
data:
---
apiVersion: v1
kind: Service
metadata:
name: ingress-lab-controller
namespace: kiamol-ingress-lab
spec:
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: http
selector:
app.kubernetes.io/name: ingress-lab
app.kubernetes.io/instance: ingress-lab
app.kubernetes.io/component: controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-lab-controller
namespace: kiamol-ingress-lab
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-lab
app.kubernetes.io/instance: ingress-lab
app.kubernetes.io/component: controller
template:
metadata:
labels:
app.kubernetes.io/name: ingress-lab
app.kubernetes.io/instance: ingress-lab
app.kubernetes.io/component: controller
spec:
containers:
- name: controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.33.0
args:
- /nginx-ingress-controller
- --election-id=ingress-controller-leader-lab
- --publish-service=kiamol-ingress-lab/ingress-lab-controller
- --configmap=kiamol-ingress-lab/ingress-lab-controller
- --ingress-class=nginx-lab
- --watch-namespace=kiamol-ch15-lab
securityContext:
runAsUser: 101
allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
protocol: TCP
serviceAccountName: ingress-lab
---
# RBAC configuration
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-lab
namespace: kiamol-ingress-lab
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ingress-lab
namespace: kiamol-ingress-lab
rules:
- apiGroups:
- ''
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-lab
namespace: kiamol-ingress-lab
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-lab
subjects:
- kind: ServiceAccount
name: ingress-lab
namespace: kiamol-ingress-lab
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-lab
namespace: kiamol-ingress-lab
rules:
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- ''
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- update
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- ingress-controller-leader-lab
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- apiGroups:
- ''
resources:
- endpoints
verbs:
- create
- get
- update
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-lab
namespace: kiamol-ingress-lab
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-lab
subjects:
- kind: ServiceAccount
name: ingress-lab
namespace: kiamol-ingress-lab

19
learn/learn-kubernetes-master/kiamol/ch15/lab/solution/ingress-api.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: apod-api
labels:
kiamol: ch15-lab
annotations:
kubernetes.io/ingress.class: nginx-lab
nginx.ingress.kubernetes.io/limit-rpm: "2"
spec:
rules:
- host: api.apod.local
http:
paths:
- pathType: Exact
path: /image
backend:
serviceName: apod-api
servicePort: 80

19
learn/learn-kubernetes-master/kiamol/ch15/lab/solution/ingress-web.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: apod-web
labels:
kiamol: ch15-lab
annotations:
kubernetes.io/ingress.class: nginx-lab
nginx.ingress.kubernetes.io/limit-rpm: "10"
spec:
rules:
- host: www.apod.local
http:
paths:
- pathType: Exact
path: /
backend:
serviceName: apod-web
servicePort: 80