diff --git a/Clase 7/Ejercicio/00-helm.txt b/Clase 7/Ejercicio/00-helm.txt new file mode 100644 index 0000000..229284b --- /dev/null +++ b/Clase 7/Ejercicio/00-helm.txt @@ -0,0 +1,11 @@ +install helm first: +docs: https://helm.sh/docs/intro/install/ + +#Before you can install the chart you will need to add the metrics-server repo to Helm. +1. helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/ + +#After you've installed the repo you can install the chart. +2. helm upgrade --install metrics-server metrics-server/metrics-server --namespace kube-system +On docker desktop add: --set args={"--kubelet-insecure-tls=true"} + +Link: https://artifacthub.io/packages/helm/metrics-server/metrics-server \ No newline at end of file diff --git a/Clase 7/Ejercicio/00-metrics-server.yml b/Clase 7/Ejercicio/00-metrics-server.yml new file mode 100644 index 0000000..41bc31b --- /dev/null +++ b/Clase 7/Ejercicio/00-metrics-server.yml @@ -0,0 +1,198 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +rules: +- apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get +- apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: metrics-server:system:auth-delegator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server +subjects: +- kind: ServiceAccount + name: metrics-server + namespace: kube-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + k8s-app: metrics-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + k8s-app: metrics-server + spec: + containers: + - args: + - --cert-dir=/tmp + - --secure-port=4443 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution=15s + - --authorization-always-allow-paths=/livez,/readyz + - --kubelet-insecure-tls + image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server + ports: + - containerPort: 4443 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - emptyDir: {} + name: tmp-dir +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + labels: + k8s-app: metrics-server + name: v1beta1.metrics.k8s.io +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: kube-system + version: v1beta1 + versionPriority: 100 diff --git a/Clase 7/Ejercicio/01-configmap.yaml b/Clase 7/Ejercicio/01-configmap.yaml new file mode 100644 index 0000000..755eded --- /dev/null +++ b/Clase 7/Ejercicio/01-configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: node-app-configmap + namespace: default +data: + #WHITELIST URLS Default to http://localhost + WHITELIST_URLS: http://localhost,http://localhost:4000 + PORT: "4000" + HOST_MONGO: mongodb-node-app-svc + PORT_MONGO: "27017" + DB_MONGO: app_db + \ No newline at end of file diff --git a/Clase 7/Ejercicio/02-secret.yaml b/Clase 7/Ejercicio/02-secret.yaml new file mode 100644 index 0000000..393e03a --- /dev/null +++ b/Clase 7/Ejercicio/02-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: node-app-secret + namespace: default +type: Opaque +data: + USER_MONGO: cm9vdA== + PASSWORD_MONGO: MTIzNA== diff --git a/Clase 7/Ejercicio/03-service.yaml b/Clase 7/Ejercicio/03-service.yaml new file mode 100644 index 0000000..cc65ee7 --- /dev/null +++ b/Clase 7/Ejercicio/03-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: app-service + namespace: default +spec: + ports: + - name: 80-tcp + port: 80 + protocol: TCP + targetPort: 4000 + selector: + com.docker.project: node-app + type: LoadBalancer +status: + loadBalancer: {} \ No newline at end of file diff --git a/Clase 7/Ejercicio/04-db-svc.yaml b/Clase 7/Ejercicio/04-db-svc.yaml new file mode 100644 index 0000000..0f4e302 --- /dev/null +++ b/Clase 7/Ejercicio/04-db-svc.yaml @@ -0,0 +1,13 @@ +kind: Service +apiVersion: v1 +metadata: + name: mongodb-node-app-svc + namespace: default +spec: + selector: + app: mongodb-node-app + ports: + - protocol: TCP + name: mongodb-node-app + port: 27017 + targetPort: 27017 \ No newline at end of file diff --git a/Clase 7/Ejercicio/05-deployment.yaml b/Clase 7/Ejercicio/05-deployment.yaml new file mode 100644 index 0000000..dd3298c --- /dev/null +++ b/Clase 7/Ejercicio/05-deployment.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: node-app + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + com.docker.project: node-app + template: + metadata: + labels: + com.docker.project: node-app + spec: + containers: + - name: node-app + image: aleleba/example-app:2.0.1 + imagePullPolicy: Always + resources: + requests: + memory: "256Mi" + cpu: "800m" + limits: + memory: "512Mi" + cpu: "2000m" + env: + - name: PORT + valueFrom: + configMapKeyRef: + name: node-app-configmap + key: PORT + - name: WHITELIST_URLS + valueFrom: + configMapKeyRef: + name: node-app-configmap + key: WHITELIST_URLS + - name: HOST_MONGO + valueFrom: + configMapKeyRef: + name: node-app-configmap + key: HOST_MONGO + - name: PORT_MONGO + valueFrom: + configMapKeyRef: + name: node-app-configmap + key: PORT_MONGO + - name: DB_MONGO + valueFrom: + configMapKeyRef: + name: node-app-configmap + key: DB_MONGO + - name: USER_MONGO + valueFrom: + secretKeyRef: + name: node-app-secret + key: USER_MONGO + - name: PASSWORD_MONGO + valueFrom: + secretKeyRef: + name: node-app-secret + key: PASSWORD_MONGO + ports: + - containerPort: 80 + protocol: TCP \ No newline at end of file diff --git a/Clase 7/Ejercicio/06-mongodb-stayfullset.yaml b/Clase 7/Ejercicio/06-mongodb-stayfullset.yaml new file mode 100644 index 0000000..c289273 --- /dev/null +++ b/Clase 7/Ejercicio/06-mongodb-stayfullset.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongodb-node-app + namespace: default +spec: + replicas: 1 + serviceName: mongodb-node-app-svc + selector: + matchLabels: + app: mongodb-node-app + template: + metadata: + labels: + app: mongodb-node-app + spec: + containers: + - name: mongodb-node-app + image: mongo:5.0.12 + imagePullPolicy: Always + ports: + - containerPort: 27017 + env: + - name: MONGO_DATA_DIR + value: /data/db + - name: MONGO_LOG_DIR + value: /dev/null + - name: MONGODB_USER + valueFrom: + secretKeyRef: + name: node-app-secret + key: USER_MONGO + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + name: node-app-secret + key: USER_MONGO + - name: MONGODB_PASS + valueFrom: + secretKeyRef: + name: node-app-secret + key: PASSWORD_MONGO + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: node-app-secret + key: PASSWORD_MONGO + - name: MONGO_INITDB_DATABASE + value: admin \ No newline at end of file diff --git a/Clase 7/Ejercicio/07-hpa.yaml b/Clase 7/Ejercicio/07-hpa.yaml new file mode 100644 index 0000000..b8c9586 --- /dev/null +++ b/Clase 7/Ejercicio/07-hpa.yaml @@ -0,0 +1,19 @@ +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: node-app + namespace: default +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: node-app + minReplicas: 1 + maxReplicas: 5 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 30