HTY1024/kubernetes-yaml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

新增learn-kubernetes(https://github.com/yyong-brs/learn-kubernetes)相关文件

Browse Source
This commit is contained in:
huty
2024-02-20 17:15:27 +08:00
committed by huty
parent 6706e1a633
commit 34158042ad
1529 changed files with 177765 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
learn/learn-kubernetes-master/kiamol/ch18/Vagrantfile vendored Normal file
View File

@@ -0,0 +1,138 @@
Vagrant.configure("2") do |config|
config.vm.define "kiamol-control" do |control|
control.vm.box = "bento/ubuntu-20.04"
control.vm.hostname = "kiamol-control"
control.vm.network "private_network", type: "dhcp"
control.vm.provider :hyperv do |v|
v.vmname = "kiamol-control"
v.maxmemory = 3000
v.cpus = 2
end
control.vm.provider :virtualbox do |v|
v.name = "kiamol-control"
v.memory = 3000
v.cpus = 2
end
end
config.vm.define "kiamol-node" do |node|
node.vm.box = "bento/ubuntu-20.04"
node.vm.hostname = "kiamol-node"
node.vm.network "private_network", type: "dhcp"
node.vm.provider :hyperv do |v|
v.vmname = "kiamol-node"
v.maxmemory = 1500
v.cpus = 1
end
node.vm.provider :virtualbox do |v|
v.name = "kiamol-node"
v.memory = 1500
v.cpus = 1
end
end
config.vm.define "kiamol-node2" do |node2|
node2.vm.box = "bento/ubuntu-20.04"
node2.vm.hostname = "kiamol-node2"
node2.vm.network "private_network", type: "dhcp"
node2.vm.provider :hyperv do |v|
v.vmname = "kiamol-node2"
v.maxmemory = 1500
v.cpus = 1
end
node2.vm.provider :virtualbox do |v|
v.name = "kiamol-node2"
v.memory = 1500
v.cpus = 1
end
end
config.vm.define "kiamol-node3" do |node3|
node3.vm.box = "bento/ubuntu-20.04"
node3.vm.hostname = "kiamol-node3"
node3.vm.network "private_network", type: "dhcp"
node3.vm.provider :hyperv do |v|
v.vmname = "kiamol-node3"
v.maxmemory = 1500
v.cpus = 1
end
node3.vm.provider :virtualbox do |v|
v.name = "kiamol-node3"
v.memory = 1500
v.cpus = 1
end
end
config.vm.define "kiamol-node-win" do |nodewin|
nodewin.vm.box = "kiamol/windows-2019"
nodewin.vm.hostname = "kiamol-node-win"
nodewin.vm.network "private_network", type: "dhcp"
nodewin.vm.guest = "windows"
nodewin.vm.communicator = "winrm"
nodewin.vm.provider :hyperv do |v|
v.vmname = "kiamol-node-win"
v.maxmemory = 3000
v.cpus = 1
end
nodewin.vm.provider :virtualbox do |v|
v.name = "kiamol-node-win"
v.memory = 3000
v.cpus = 1
end
end
config.vm.define "kiamol-node-win2" do |nodewin2|
nodewin2.vm.box = "kiamol/windows-2019"
nodewin2.vm.hostname = "kiamol-node-win2"
nodewin2.vm.network "private_network", type: "dhcp"
nodewin2.vm.guest = "windows"
nodewin2.vm.communicator = "winrm"
nodewin2.vm.provider :hyperv do |v|
v.vmname = "kiamol-node-win2"
v.maxmemory = 3000
v.cpus = 1
end
nodewin2.vm.provider :virtualbox do |v|
v.name = "kiamol-node-win2"
v.memory = 3000
v.cpus = 1
end
end
config.vm.define "kiamol-node-win3" do |nodewin3|
nodewin3.vm.box = "kiamol/windows-2019"
nodewin3.vm.hostname = "kiamol-node-win3"
nodewin3.vm.network "private_network", type: "dhcp"
nodewin3.vm.guest = "windows"
nodewin3.vm.communicator = "winrm"
nodewin3.vm.provider :hyperv do |v|
v.vmname = "kiamol-node-win3"
v.maxmemory = 3000
v.cpus = 1
end
nodewin3.vm.provider :virtualbox do |v|
v.name = "kiamol-node-win3"
v.memory = 3000
v.cpus = 1
end
end
end

36
learn/learn-kubernetes-master/kiamol/ch18/apod/api.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: v1
kind: Service
metadata:
name: apod-api
labels:
kiamol: ch16
spec:
ports:
- port: 80
targetPort: api
selector:
app: apod-api
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apod-api
labels:
kiamol: ch16
spec:
selector:
matchLabels:
app: apod-api
template:
metadata:
labels:
app: apod-api
spec:
containers:
- name: api
image: kiamol/ch14-image-of-the-day
ports:
- containerPort: 80
name: api

36
learn/learn-kubernetes-master/kiamol/ch18/apod/log.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: v1
kind: Service
metadata:
name: apod-log
labels:
kiamol: ch16
spec:
ports:
- port: 80
targetPort: api
selector:
app: apod-log
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apod-log
labels:
kiamol: ch16
spec:
selector:
matchLabels:
app: apod-log
template:
metadata:
labels:
app: apod-log
spec:
containers:
- name: api
image: kiamol/ch14-access-log
ports:
- containerPort: 80
name: api

36
learn/learn-kubernetes-master/kiamol/ch18/apod/web.yaml Normal file
View File

@@ -0,0 +1,36 @@
apiVersion: v1
kind: Service
metadata:
name: apod-web
labels:
kiamol: ch16
spec:
ports:
- port: 8016
targetPort: web
nodePort: 30000
selector:
app: apod-web
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apod-web
labels:
kiamol: ch16
spec:
selector:
matchLabels:
app: apod-web
template:
metadata:
labels:
app: apod-web
spec:
containers:
- name: web
image: kiamol/ch14-image-gallery
ports:
- containerPort: 80
name: web

41
learn/learn-kubernetes-master/kiamol/ch18/lab/README.md Normal file
View File

@@ -0,0 +1,41 @@
# ch18 lab
## Setup
Connect to the control plane node:
```
vagrant ssh kiamol-control
```
## Sample Solution
You take a node out of service by draining it, which reschedules the Pods - you need the DaemonSet flag so the system components are ignored:
```
kubectl drain kiamol-node --ignore-daemonsets
```
There is also the `kubectl cordon` command which marks the node so it won't have any new Pods scheduled, but that doesn't remove the existing Pods.
When you're done working on the node you can bring it back into service by uncordoning it:
```
kubectl uncordon kiamol-node
```
That marks the node as available for work, but Kubernetes doesn't automatically reschedule existing workloads so the node won't start any application Pods.
You can rebalance the API Pods by restarting the rollout:
```
kubectl rollout restart deploy apod-api
```
## Teardown
You can delete all of the Vagrant VMs with:
```
vagrant destroy
```

13
learn/learn-kubernetes-master/kiamol/ch18/numbers/api-service.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: numbers-api
labels:
kiamol: ch18
spec:
ports:
- port: 80
selector:
app: numbers
component: api
type: ClusterIP

22
learn/learn-kubernetes-master/kiamol/ch18/numbers/api.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: numbers-api
labels:
kiamol: ch07
spec:
selector:
matchLabels:
app: numbers
component: api
template:
metadata:
labels:
app: numbers
component: api
spec:
containers:
- name: api
image: kiamol/ch03-numbers-api:windows
nodeSelector:
kubernetes.io/os: windows

15
learn/learn-kubernetes-master/kiamol/ch18/numbers/web-service.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: numbers-web
labels:
kiamol: ch07
spec:
ports:
- port: 8090
targetPort: 80
nodePort: 30001
selector:
app: numbers
component: web
type: NodePort

22
learn/learn-kubernetes-master/kiamol/ch18/numbers/web.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: numbers-web
labels:
kiamol: ch18
spec:
selector:
matchLabels:
app: numbers
component: web
template:
metadata:
labels:
app: numbers
component: web
spec:
containers:
- name: web
image: kiamol/ch03-numbers-web
nodeSelector:
kubernetes.io/os: linux

96
learn/learn-kubernetes-master/kiamol/ch18/packer/PrepareNode.ps1 Normal file
View File

@@ -0,0 +1,96 @@
<#
.SYNOPSIS
Assists with preparing a Windows VM prior to calling kubeadm join
.DESCRIPTION
This script assists with joining a Windows node to a cluster.
- Downloads Kubernetes binaries (kubelet, kubeadm) at the version specified
- Registers wins as a service in order to run kube-proxy and cni as DaemonSets.
- Registers kubelet as an nssm service. More info on nssm: https://nssm.cc/
.PARAMETER KubernetesVersion
Kubernetes version to download and use
.EXAMPLE
PS> .\PrepareNode.ps1 -KubernetesVersion v1.17.0
#>
Param(
[parameter(Mandatory = $true, HelpMessage="Kubernetes version to use")]
[string] $KubernetesVersion = 'v1.18.5'
)
$ErrorActionPreference = 'Stop'
function DownloadFile($destination, $source) {
Write-Host("Downloading $source to $destination")
curl.exe --silent --fail -Lo $destination $source
if (!$?) {
Write-Error "Download $source failed"
exit 1
}
}
if (!$KubernetesVersion.StartsWith("v")) {
$KubernetesVersion = "v" + $KubernetesVersion
}
Write-Host "Using Kubernetes version: $KubernetesVersion"
$global:Powershell = (Get-Command powershell).Source
$global:PowershellArgs = "-ExecutionPolicy Bypass -NoProfile"
$global:KubernetesPath = "$env:SystemDrive\k"
$global:StartKubeletScript = "$global:KubernetesPath\StartKubelet.ps1"
$global:NssmInstallDirectory = "$env:ProgramFiles\nssm"
$kubeletBinPath = "$global:KubernetesPath\kubelet.exe"
mkdir -force "$global:KubernetesPath"
$env:Path += ";$global:KubernetesPath"
[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::Machine)
DownloadFile $kubeletBinPath https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubelet.exe
DownloadFile "$global:KubernetesPath\kubeadm.exe" https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubeadm.exe
DownloadFile "$global:KubernetesPath\wins.exe" https://github.com/rancher/wins/releases/download/v0.0.4/wins.exe
# Create host network to allow kubelet to schedule hostNetwork pods
Write-Host "Creating Docker host network"
docker network create -d nat host
Write-Host "Registering wins service"
wins.exe srv app run --register
start-service rancher-wins
mkdir -force C:\var\log\kubelet
mkdir -force C:\var\lib\kubelet\etc\kubernetes
mkdir -force C:\etc\kubernetes\pki
New-Item -path C:\var\lib\kubelet\etc\kubernetes\pki -type SymbolicLink -value C:\etc\kubernetes\pki\
$StartKubeletFileContent = '$FileContent = Get-Content -Path "/var/lib/kubelet/kubeadm-flags.env"
$global:KubeletArgs = $FileContent.Trim("KUBELET_KUBEADM_ARGS=`"")
$cmd = "C:\k\kubelet.exe $global:KubeletArgs --cert-dir=$env:SYSTEMDRIVE\var\lib\kubelet\pki --config=/var/lib/kubelet/config.yaml --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --hostname-override=$(hostname) --pod-infra-container-image=`"mcr.microsoft.com/k8s/core/pause:1.2.0`" --enable-debugging-handlers --cgroups-per-qos=false --enforce-node-allocatable=`"`" --network-plugin=cni --resolv-conf=`"`" --log-dir=/var/log/kubelet --logtostderr=false --image-pull-progress-deadline=20m"
Invoke-Expression $cmd'
Set-Content -Path $global:StartKubeletScript -Value $StartKubeletFileContent
Write-Host "Installing nssm"
$arch = "win32"
if ([Environment]::Is64BitOperatingSystem) {
$arch = "win64"
}
mkdir -Force $global:NssmInstallDirectory
DownloadFile nssm.zip https://k8stestinfrabinaries.blob.core.windows.net/nssm-mirror/nssm-2.24.zip
tar C $global:NssmInstallDirectory -xvf .\nssm.zip --strip-components 2 */$arch/*.exe
Remove-Item -Force .\nssm.zip
$env:path += ";$global:NssmInstallDirectory"
$newPath = "$global:NssmInstallDirectory;" +
[Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
Write-Host "Registering kubelet service"
nssm install kubelet $global:Powershell $global:PowershellArgs $global:StartKubeletScript
nssm set kubelet DependOnService docker
New-NetFirewallRule -Name kubelet -DisplayName 'kubelet' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 10250

55
learn/learn-kubernetes-master/kiamol/ch18/packer/README.md Normal file
View File

@@ -0,0 +1,55 @@
Scripts for provisioning base Vagrant boxes.
## Hyper-V
Build:
```
packer build -force -only=hyperv-iso -var "hyperv_switch=Default Switch" .\windows\windows-2019-core.json
```
Export:
```
vagrant box add --name kiamol-windows-2019 .\windows\windows-2019-core-hyperv.box
```
Publish:
```
vagrant cloud auth login
vagrant cloud provider create kiamol/windows-2019 hyperv 0.0.1
vagrant cloud provider upload kiamol/windows-2019 hyperv 0.0.1 windows-2019-core-hyperv.box
```
## VirtualBox
Build:
```
packer build -force -only=virtualbox-iso .\windows\windows-2019-core.json
```
Export:
```
vagrant box add --name kiamol-windows-2019 .\windows\windows-2019-core-hyperv.box
```
Publish:
```
vagrant cloud auth login
vagrant cloud provider create kiamol/windows-2019 hyperv 0.0.1
vagrant cloud provider upload kiamol/windows-2019 hyperv 0.0.1 windows-2019-core-hyperv.box
```
## Credits
Bento: https://github.com/chef/bento
Stefan Scherer: https://github.com/StefanScherer/packer-windows
Boxcutter: https://github.com/boxcutter/windows-ps

289
learn/learn-kubernetes-master/kiamol/ch18/packer/windows/answer_files/2019/Autounattend.xml Normal file
View File

@@ -0,0 +1,289 @@
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-PnpCustomizationsWinPE" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="amd64" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<!--
This makes the VirtIO drivers available to Windows, assuming that
the VirtIO driver disk at https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso
(see https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/index.html#virtio-win-direct-downloads)
is available as drive E:
-->
<DriverPaths>
<PathAndCredentials wcm:action="add" wcm:keyValue="2">
<Path>E:\viostor\2k19\amd64</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="3">
<Path>E:\NetKVM\2k19\amd64</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="4">
<Path>E:\Balloon\2k19\amd64</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="5">
<Path>E:\pvpanic\2k19\amd64</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="6">
<Path>E:\qemupciserial\2k19\amd64</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="7">
<Path>E:\qxldod\2k19\amd64</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="8">
<Path>E:\vioinput\2k19\amd64</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="9">
<Path>E:\viorng\2k19\amd64</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="10">
<Path>E:\vioscsi\2k19\amd64</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="11">
<Path>E:\vioserial\2k19\amd64</Path>
</PathAndCredentials>
</DriverPaths>
</component>
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
</SetupUILanguage>
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Type>Primary</Type>
<Order>1</Order>
<Size>350</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>boot</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Format>NTFS</Format>
<Label>Windows 2019</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/NAME</Key>
<Value>Windows Server 2019 SERVERDATACENTERCORE</Value>
</MetaData>
</InstallFrom>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<UserData>
<ProductKey>
<WillShowUI>OnError</WillShowUI>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>Vagrant</FullName>
<Organization>Bento by Chef Software, Inc.</Organization>
</UserData>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>1</SkipRearm>
</component>
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>false</PersistAllDeviceInstalls>
<DoNotCleanUpNonPresentDevices>false</DoNotCleanUpNonPresentDevices>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>3</ProtectYourPC>
<SkipMachineOOBE>true</SkipMachineOOBE>
<SkipUserOOBE>true</SkipUserOOBE>
</OOBE>
<TimeZone>UTC</TimeZone>
<UserAccounts>
<AdministratorPassword>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Description>Vagrant User</Description>
<DisplayName>vagrant</DisplayName>
<Group>administrators</Group>
<Name>vagrant</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<AutoLogon>
<Password>
<Value>vagrant</Value>
<PlainText>true</PlainText>
</Password>
<Username>vagrant</Username>
<Enabled>true</Enabled>
</AutoLogon>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 64 Bit</Description>
<Order>1</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
<Description>Set Execution Policy 32 Bit</Description>
<Order>2</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm quickconfig -q</CommandLine>
<Description>winrm quickconfig -q</Description>
<Order>3</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm quickconfig -transport:http</CommandLine>
<Description>winrm quickconfig -transport:http</Description>
<Order>4</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}</CommandLine>
<Description>Win RM MaxTimoutms</Description>
<Order>5</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"}</CommandLine>
<Description>Win RM MaxMemoryPerShellMB</Description>
<Order>6</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}</CommandLine>
<Description>Win RM AllowUnencrypted</Description>
<Order>7</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}</CommandLine>
<Description>Win RM auth Basic</Description>
<Order>8</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}</CommandLine>
<Description>Win RM client auth Basic</Description>
<Order>9</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} </CommandLine>
<Description>Win RM listener Address/Port</Description>
<Order>10</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes </CommandLine>
<Description>Win RM adv firewall enable</Description>
<Order>11</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" </CommandLine>
<Description>Win RM port open</Description>
<Order>12</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c net stop winrm </CommandLine>
<Description>Stop Win RM Service </Description>
<Order>13</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c sc config winrm start= auto</CommandLine>
<Description>Win RM Autostart</Description>
<Order>14</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c net start winrm</CommandLine>
<Description>Start Win RM Service</Description>
<Order>15</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine>
<Order>16</Order>
<Description>Disable password expiration for vagrant user</Description>
</SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
<settings pass="specialize">
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<!-- Disable IE ESC. -->
<IEHardenAdmin>false</IEHardenAdmin>
<IEHardenUser>false</IEHardenUser>
</component>
<component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>
</component>
</settings>
</unattend>

11
learn/learn-kubernetes-master/kiamol/ch18/packer/windows/scripts/ssh_setup.ps1 Normal file
View File

@@ -0,0 +1,11 @@
# set PowerShell as default shell:
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -name Shell -Value 'PowerShell.exe -noExit'
# add SSH:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service -Name sshd -StartupType Automatic
# disable firewall :)
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

3
learn/learn-kubernetes-master/kiamol/ch18/packer/windows/scripts/win_updates.ps1 Normal file
View File

@@ -0,0 +1,3 @@
Get-PackageProvider -name nuget -force
Install-Module PSWindowsUpdate -confirm:$false -force
Get-WindowsUpdate -Install -acceptall -IgnoreReboot

134
learn/learn-kubernetes-master/kiamol/ch18/packer/windows/windows-2019-core.json Normal file
View File

@@ -0,0 +1,134 @@
{
"builders": [
{
"type": "hyperv-iso",
"communicator": "winrm",
"cpus": "{{ user `cpus` }}",
"floppy_files": [
"{{ user `floppy_dir` }}/{{ user `unattended_file_path` }}"
],
"headless": "{{ user `headless` }}",
"iso_checksum": "sha1:{{ user `iso_checksum` }}",
"iso_url": "{{ user `iso_url` }}",
"memory": "{{ user `memory` }}",
"output_directory": "{{ user `build_directory` }}/packer-{{user `template`}}-virtualbox",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "15m",
"switch_name": "{{user `hyperv_switch`}}",
"winrm_password": "vagrant",
"winrm_timeout": "12h",
"winrm_username": "vagrant"
},
{
"type": "virtualbox-iso",
"communicator": "winrm",
"cpus": "{{ user `cpus` }}",
"floppy_files": [
"{{ user `floppy_dir` }}/{{ user `unattended_file_path` }}"
],
"guest_additions_mode": "{{ user `guest_additions_mode` }}",
"guest_additions_path": "C:/users/vagrant/VBoxGuestAdditions.iso",
"guest_additions_url": "{{ user `guest_additions_url` }}",
"guest_os_type": "Windows2016_64",
"hard_drive_interface": "sata",
"headless": "{{ user `headless` }}",
"iso_checksum": "sha1:{{ user `iso_checksum` }}",
"iso_interface": "sata",
"iso_url": "{{ user `iso_url` }}",
"memory": "{{ user `memory` }}",
"output_directory": "{{ user `build_directory` }}/packer-{{user `template`}}-virtualbox",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "15m",
"vboxmanage": [
[
"modifyvm",
"{{.Name}}",
"--vram",
"48"
],
[
"modifyvm",
"{{.Name}}",
"--audio",
"none"
]
],
"winrm_password": "vagrant",
"winrm_timeout": "12h",
"winrm_username": "vagrant"
},
{
"type": "parallels-iso",
"communicator": "winrm",
"cpus": "{{ user `cpus` }}",
"floppy_files": [
"{{ user `floppy_dir` }}/{{ user `unattended_file_path` }}"
],
"guest_os_type": "win-2019",
"iso_checksum": "sha1:{{ user `iso_checksum` }}",
"iso_url": "{{ user `iso_url` }}",
"memory": "{{ user `memory` }}",
"output_directory": "{{ user `build_directory` }}/packer-{{user `template`}}-parallels",
"parallels_tools_flavor": "win",
"prlctl": [
[
"set",
"{{.Name}}",
"--efi-boot",
"off"
]
],
"prlctl_version_file": ".prlctl_version",
"shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"",
"shutdown_timeout": "15m",
"winrm_password": "vagrant",
"winrm_timeout": "12h",
"winrm_username": "vagrant"
}
],
"post-processors": [
[
{
"keep_input_artifact": true,
"output": "{{ user `template` }}-{{.Provider}}.box",
"type": "vagrant"
}
]
],
"provisioners": [
{
"elevated_password": "vagrant",
"elevated_user": "vagrant",
"script": "{{template_dir}}/scripts/win_updates.ps1",
"type": "powershell"
},
{
"type": "windows-restart"
},
{
"elevated_password": "vagrant",
"elevated_user": "vagrant",
"script": "{{template_dir}}/scripts/ssh_setup.ps1",
"type": "powershell"
},
{
"type": "windows-restart"
}
],
"variables": {
"build_directory": "../../builds",
"cpus": "2",
"floppy_dir": "{{template_dir}}/answer_files",
"guest_additions_mode": "attach",
"guest_additions_url": "",
"headless": "true",
"hyperv_switch": "{{env `hyperv_switch`}}",
"iso_checksum": "3022424f777b66a698047ba1c37812026b9714c5",
"iso_url": "https://software-download.microsoft.com/download/pr/17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso",
"memory": "2048",
"template": "windows-2019-core",
"unattended_file_path": "2019/Autounattend.xml",
"virtio_win_iso": "~/virtio-win.iso"
}
}

16
learn/learn-kubernetes-master/kiamol/ch18/petshop/petshop-connection-string-secret.yml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: Secret
metadata:
name: petshop-connection-string-secret
labels:
kiamol: ch18
type: Opaque
stringData:
connectionStrings.config: |-
<connectionStrings>
<add name="SQLProfileConnString" connectionString="server=petshop-db;database=MSPetShop4Profile;user id=sa;password=DockerCon!!!;min pool size=4;max pool size=4;" providerName="System.Data.SqlClient"/>
<add name="SQLMembershipConnString" connectionString="server=petshop-db;database=MSPetShop4Services;user id=sa;password=DockerCon!!!;min pool size=4;max pool size=4;" providerName="System.Data.SqlClient"/>
<add name="SQLConnString1" connectionString="server=petshop-db;database=MSPetShop4;user id=sa;password=DockerCon!!!;min pool size=4;max pool size=4;" providerName="System.Data.SqlClient"/>
<add name="SQLConnString2" connectionString="server=petshop-db;database=MSPetShop4;user id=sa;password=DockerCon!!!;max pool size=4;min pool size=4;" providerName="System.Data.SqlClient"/>
<add name="SQLConnString3" connectionString="server=petshop-db;database=MSPetShop4Orders;user id=sa;password=DockerCon!!!;min pool size=4;max pool size=4;" providerName="System.Data.SqlClient"/>
</connectionStrings>

40
learn/learn-kubernetes-master/kiamol/ch18/petshop/petshop-db.yml Normal file
View File

@@ -0,0 +1,40 @@
apiVersion: v1
kind: Service
metadata:
name: petshop-db
labels:
kiamol: ch18
spec:
type: ClusterIP
ports:
- port: 1433
targetPort: mssql
selector:
app: petshop
component: db
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: petshop-db
labels:
kiamol: ch18
spec:
selector:
matchLabels:
app: petshop
component: db
template:
metadata:
labels:
app: petshop
component: db
spec:
containers:
- image: sixeyed/petshop-db:1809
name: db
ports:
- containerPort: 1433
name: mssql
nodeSelector:
kubernetes.io/os: windows

49
learn/learn-kubernetes-master/kiamol/ch18/petshop/petshop-web.yml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: v1
kind: Service
metadata:
name: petshop-web
labels:
kiamol: ch18
spec:
ports:
- port: 80
targetPort: http
nodePort: 30002
selector:
app: petshop
component: web
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: petshop-web
labels:
kiamol: ch18
spec:
selector:
matchLabels:
app: petshop
component: web
template:
metadata:
labels:
app: petshop
component: web
spec:
containers:
- image: sixeyed/petshop-web:1809
name: petshop-web
ports:
- containerPort: 80
name: http
volumeMounts:
- name: connection-string
mountPath: "/petshop-web/config"
readOnly: true
volumes:
- name: connection-string
secret:
secretName: petshop-connection-string-secret
nodeSelector:
kubernetes.io/os: windows

49
learn/learn-kubernetes-master/kiamol/ch18/petshop/petshop-webservice.yml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: v1
kind: Service
metadata:
name: petshop-webservice
labels:
kiamol: ch18
spec:
ports:
- port: 80
targetPort: http
nodePort: 30003
selector:
app: petshop
component: webservice
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: petshop-webservice
labels:
kiamol: ch18
spec:
selector:
matchLabels:
app: petshop
component: webservice
template:
metadata:
labels:
app: petshop
component: webservice
spec:
containers:
- image: sixeyed/petshop-webservice:1809
name: petshop-webservice
ports:
- containerPort: 80
name: http
volumeMounts:
- name: connection-string
mountPath: "/petshop-webservice/config"
readOnly: true
volumes:
- name: connection-string
secret:
secretName: petshop-connection-string-secret
nodeSelector:
kubernetes.io/os: windows

96
learn/learn-kubernetes-master/kiamol/ch18/setup/PrepareNode.ps1 Normal file
View File

@@ -0,0 +1,96 @@
<#
.SYNOPSIS
Assists with preparing a Windows VM prior to calling kubeadm join
.DESCRIPTION
This script assists with joining a Windows node to a cluster.
- Downloads Kubernetes binaries (kubelet, kubeadm) at the version specified
- Registers wins as a service in order to run kube-proxy and cni as DaemonSets.
- Registers kubelet as an nssm service. More info on nssm: https://nssm.cc/
.PARAMETER KubernetesVersion
Kubernetes version to download and use
.EXAMPLE
PS> .\PrepareNode.ps1 -KubernetesVersion v1.17.0
#>
Param(
[parameter(HelpMessage="Kubernetes version to use")]
[string] $KubernetesVersion = 'v1.18.5'
)
$ErrorActionPreference = 'Stop'
function DownloadFile($destination, $source) {
Write-Host("Downloading $source to $destination")
curl.exe --silent --fail -Lo $destination $source
if (!$?) {
Write-Error "Download $source failed"
exit 1
}
}
if (!$KubernetesVersion.StartsWith("v")) {
$KubernetesVersion = "v" + $KubernetesVersion
}
Write-Host "Using Kubernetes version: $KubernetesVersion"
$global:Powershell = (Get-Command powershell).Source
$global:PowershellArgs = "-ExecutionPolicy Bypass -NoProfile"
$global:KubernetesPath = "$env:SystemDrive\k"
$global:StartKubeletScript = "$global:KubernetesPath\StartKubelet.ps1"
$global:NssmInstallDirectory = "$env:ProgramFiles\nssm"
$kubeletBinPath = "$global:KubernetesPath\kubelet.exe"
mkdir -force "$global:KubernetesPath"
$env:Path += ";$global:KubernetesPath"
[Environment]::SetEnvironmentVariable("Path", $env:Path, [System.EnvironmentVariableTarget]::Machine)
DownloadFile $kubeletBinPath https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubelet.exe
DownloadFile "$global:KubernetesPath\kubeadm.exe" https://dl.k8s.io/$KubernetesVersion/bin/windows/amd64/kubeadm.exe
DownloadFile "$global:KubernetesPath\wins.exe" https://github.com/rancher/wins/releases/download/v0.0.4/wins.exe
# Create host network to allow kubelet to schedule hostNetwork pods
Write-Host "Creating Docker host network"
docker network create -d nat host
Write-Host "Registering wins service"
wins.exe srv app run --register
start-service rancher-wins
mkdir -force C:\var\log\kubelet
mkdir -force C:\var\lib\kubelet\etc\kubernetes
mkdir -force C:\etc\kubernetes\pki
New-Item -path C:\var\lib\kubelet\etc\kubernetes\pki -type SymbolicLink -value C:\etc\kubernetes\pki\
$StartKubeletFileContent = '$FileContent = Get-Content -Path "/var/lib/kubelet/kubeadm-flags.env"
$global:KubeletArgs = $FileContent.Trim("KUBELET_KUBEADM_ARGS=`"")
$cmd = "C:\k\kubelet.exe $global:KubeletArgs --cert-dir=$env:SYSTEMDRIVE\var\lib\kubelet\pki --config=/var/lib/kubelet/config.yaml --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --hostname-override=$(hostname) --pod-infra-container-image=`"mcr.microsoft.com/k8s/core/pause:1.2.0`" --enable-debugging-handlers --cgroups-per-qos=false --enforce-node-allocatable=`"`" --network-plugin=cni --resolv-conf=`"`" --log-dir=/var/log/kubelet --logtostderr=false --image-pull-progress-deadline=20m"
Invoke-Expression $cmd'
Set-Content -Path $global:StartKubeletScript -Value $StartKubeletFileContent
Write-Host "Installing nssm"
$arch = "win32"
if ([Environment]::Is64BitOperatingSystem) {
$arch = "win64"
}
mkdir -Force $global:NssmInstallDirectory
DownloadFile nssm.zip https://k8stestinfrabinaries.blob.core.windows.net/nssm-mirror/nssm-2.24.zip
tar C $global:NssmInstallDirectory -xvf .\nssm.zip --strip-components 2 */$arch/*.exe
Remove-Item -Force .\nssm.zip
$env:path += ";$global:NssmInstallDirectory"
$newPath = "$global:NssmInstallDirectory;" +
[Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
[Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
Write-Host "Registering kubelet service"
nssm install kubelet $global:Powershell $global:PowershellArgs $global:StartKubeletScript
nssm set kubelet DependOnService docker
New-NetFirewallRule -Name kubelet -DisplayName 'kubelet' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 10250

162
learn/learn-kubernetes-master/kiamol/ch18/setup/flannel-overlay.yml Normal file
View File

@@ -0,0 +1,162 @@
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-windows-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
run.ps1: |
$ErrorActionPreference = "Stop";
mkdir -force /host/etc/cni/net.d
mkdir -force /host/etc/kube-flannel
mkdir -force /host/opt/cni/bin
mkdir -force /host/k/flannel
mkdir -force /host/k/flannel/var/run/secrets/kubernetes.io/serviceaccount
$cniJson = get-content /etc/kube-flannel-windows/cni-conf.json | ConvertFrom-Json
$serviceSubnet = yq r /etc/kubeadm-config/ClusterConfiguration networking.serviceSubnet
$podSubnet = yq r /etc/kubeadm-config/ClusterConfiguration networking.podSubnet
$networkJson = wins cli net get | convertfrom-json
$cniJson.delegate.policies[0].Value.ExceptionList = $serviceSubnet, $podSubnet
$cniJson.delegate.policies[1].Value.DestinationPrefix = $serviceSubnet
Set-Content -Path /host/etc/cni/net.d/10-flannel.conf ($cniJson | ConvertTo-Json -depth 100)
cp -force /etc/kube-flannel/net-conf.json /host/etc/kube-flannel
cp -force -recurse /cni/* /host/opt/cni/bin
cp -force /k/flannel/* /host/k/flannel/
cp -force /kube-proxy/kubeconfig.conf /host/k/flannel/kubeconfig.yml
cp -force /var/run/secrets/kubernetes.io/serviceaccount/* /host/k/flannel/var/run/secrets/kubernetes.io/serviceaccount/
wins cli process run --path /k/flannel/setup.exe --args "--mode=overlay --interface=Ethernet"
wins cli route add --addresses 169.254.169.254
wins cli process run --path /k/flannel/flanneld.exe --args "--kube-subnet-mgr --kubeconfig-file /k/flannel/kubeconfig.yml" --envs "POD_NAME=$env:POD_NAME POD_NAMESPACE=$env:POD_NAMESPACE"
cni-conf.json: |
{
"name": "flannel.4096",
"cniVersion": "0.3.0",
"type": "flannel",
"capabilities": {
"dns": true
},
"delegate": {
"type": "win-overlay",
"policies": [
{
"Name": "EndpointPolicy",
"Value": {
"Type": "OutBoundNAT",
"ExceptionList": []
}
},
{
"Name": "EndpointPolicy",
"Value": {
"Type": "ROUTE",
"DestinationPrefix": "",
"NeedEncap": true
}
}
]
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-windows-amd64
labels:
tier: node
app: flannel
namespace: kube-system
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- windows
- key: kubernetes.io/arch
operator: In
values:
- amd64
hostNetwork: true
serviceAccountName: flannel
tolerations:
- operator: Exists
effect: NoSchedule
containers:
- name: kube-flannel
image: sigwindowstools/flannel:0.12.0
command:
- powershell
args:
- -file
- /etc/kube-flannel-windows/run.ps1
volumeMounts:
- name: wins
mountPath: \\.\pipe\rancher_wins
- name: host
mountPath: /host
- name: kube-proxy
mountPath: /kube-proxy
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
- name: flannel-windows-cfg
mountPath: /etc/kube-flannel-windows/
- name: kubeadm-config
mountPath: /etc/kubeadm-config/
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
volumes:
- name: opt
hostPath:
path: /opt
- name: host
hostPath:
path: /
- name: cni
hostPath:
path: /etc
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
- name: flannel-windows-cfg
configMap:
name: kube-flannel-windows-cfg
- name: kube-proxy
configMap:
name: kube-proxy
- name: kubeadm-config
configMap:
name: kubeadm-config
- name: wins
hostPath:
path: \\.\pipe\rancher_wins
type: null

606
learn/learn-kubernetes-master/kiamol/ch18/setup/flannel.yaml Normal file
View File

@@ -0,0 +1,606 @@
# original version - https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# amended for Windows support via - https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/network-topologies#flannel-in-vxlan-mode
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: psp.flannel.unprivileged
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unused in CaaSP
rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: flannel
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: flannel
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
cni-conf.json: |
{
"name": "vxlan0",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "flannel",
"delegate": {
"hairpinMode": true,
"isDefaultGateway": true
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
}
]
}
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "vxlan",
"VNI" : 4096,
"Port": 4789
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-amd64
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- amd64
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.12.0-amd64
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.12.0-amd64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-arm64
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- arm64
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.12.0-arm64
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.12.0-arm64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-arm
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- arm
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.12.0-arm
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.12.0-arm
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-ppc64le
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- ppc64le
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.12.0-ppc64le
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.12.0-ppc64le
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds-s390x
namespace: kube-system
labels:
tier: node
app: flannel
spec:
selector:
matchLabels:
app: flannel
template:
metadata:
labels:
tier: node
app: flannel
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
- key: kubernetes.io/arch
operator: In
values:
- s390x
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: flannel
initContainers:
- name: install-cni
image: quay.io/coreos/flannel:v0.12.0-s390x
command:
- cp
args:
- -f
- /etc/kube-flannel/cni-conf.json
- /etc/cni/net.d/10-flannel.conflist
volumeMounts:
- name: cni
mountPath: /etc/cni/net.d
- name: flannel-cfg
mountPath: /etc/kube-flannel/
containers:
- name: kube-flannel
image: quay.io/coreos/flannel:v0.12.0-s390x
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_ADMIN"]
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: run
mountPath: /run/flannel
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
- name: run
hostPath:
path: /run/flannel
- name: cni
hostPath:
path: /etc/cni/net.d
- name: flannel-cfg
configMap:
name: kube-flannel-cfg

94
learn/learn-kubernetes-master/kiamol/ch18/setup/kube-proxy.yml Normal file
View File

@@ -0,0 +1,94 @@
apiVersion: v1
data:
run-script.ps1: |-
$ErrorActionPreference = "Stop";
mkdir -force /host/var/lib/kube-proxy/var/run/secrets/kubernetes.io/serviceaccount
mkdir -force /host/k/kube-proxy
cp -force /k/kube-proxy/* /host/k/kube-proxy
cp -force /var/lib/kube-proxy/* /host/var/lib/kube-proxy
cp -force /var/run/secrets/kubernetes.io/serviceaccount/* /host/var/lib/kube-proxy/var/run/secrets/kubernetes.io/serviceaccount #FIXME?
$networkName = (Get-Content /host/etc/cni/net.d/* | ConvertFrom-Json).name
$sourceVip = ($env:POD_IP -split "\.")[0..2] + 0 -join "."
yq w -i /host/var/lib/kube-proxy/config.conf winkernel.sourceVip $sourceVip
yq w -i /host/var/lib/kube-proxy/config.conf winkernel.networkName $networkName
yq w -i /host/var/lib/kube-proxy/config.conf featureGates.WinOverlay true
yq w -i /host/var/lib/kube-proxy/config.conf mode "kernelspace"
wins cli process run --path /k/kube-proxy/kube-proxy.exe --args "--v=6 --config=/var/lib/kube-proxy/config.conf --hostname-override=$env:NODE_NAME --feature-gates=WinOverlay=true"
kind: ConfigMap
apiVersion: v1
metadata:
labels:
app: kube-proxy
name: kube-proxy-windows
namespace: kube-system
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
k8s-app: kube-proxy
name: kube-proxy-windows
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: kube-proxy-windows
template:
metadata:
labels:
k8s-app: kube-proxy-windows
spec:
serviceAccountName: kube-proxy
containers:
- command:
- powershell
args:
- -file
- /var/lib/kube-proxy-windows/run-script.ps1
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: sigwindowstools/kube-proxy:v1.18.5
name: kube-proxy
volumeMounts:
- name: host
mountPath: /host
- name: wins
mountPath: \\.\pipe\rancher_wins
- mountPath: /var/lib/kube-proxy
name: kube-proxy
- mountPath: /var/lib/kube-proxy-windows
name: kube-proxy-windows
nodeSelector:
kubernetes.io/os: windows
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- operator: Exists
volumes:
- configMap:
defaultMode: 420
name: kube-proxy-windows
name: kube-proxy-windows
- configMap:
name: kube-proxy
name: kube-proxy
- hostPath:
path: /
name: host
- name: wins
hostPath:
path: \\.\pipe\rancher_wins
type: null
updateStrategy:
type: RollingUpdate

44
learn/learn-kubernetes-master/kiamol/ch18/setup/linux-setup.sh Normal file
View File

@@ -0,0 +1,44 @@
#!/bin/bash
DOCKER_VERSION="5:19.03.12~3-0~ubuntu-focal"
KUBERNETES_VERSION="1.18.5-00"
hostname -I | awk '{print $NF}' > /tmp/ip.txt
# turn off swap - for the Kubelet
swapoff -a
sed -ri '/\sswap\s/s/^#?/#/' /etc/fstab
# install Docker (https://docs.docker.com/install/linux/docker-ce/ubuntu/)
apt-get update
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
apt-get update
apt-get install -y \
docker-ce=$DOCKER_VERSION \
docker-ce-cli=$DOCKER_VERSION \
containerd.io
# install Kubeadm etc.
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo 'deb https://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/kubernetes.list
apt-get update
apt-get install -y \
kubelet=$KUBERNETES_VERSION \
kubeadm=$KUBERNETES_VERSION \
kubectl=$KUBERNETES_VERSION
# set iptables for Flannel
sysctl net.bridge.bridge-nf-call-iptables=1

9
learn/learn-kubernetes-master/kiamol/ch18/setup/windows-setup.ps1 Normal file
View File

@@ -0,0 +1,9 @@
$DOCKER_VERSION="19.03.5"
# install Docker:
Install-WindowsFeature -Name Containers
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider -Force -RequiredVersion $DOCKER_VERSION
Restart-Computer -Force