diff --git a/enable_display.yml b/enable_display.yml new file mode 100644 index 0000000..59c834b --- /dev/null +++ b/enable_display.yml @@ -0,0 +1,22 @@ +- name: Install prerequisits + apt: + name: git + update_cache: true + +- name: enable I2S Circuit + shell: raspi-config nonint do_i2c 0 + +- name: Get Github Repo + git: + repo: https://github.com/UCTRONICS/U6143_ssd1306.git + dest: /srv/U6143_ssd1306 + +- name: write to rc.local + blockinfile: + path: /etc/rc.local + insertbefore: exit 0 + block: | + cd /srv/U6143_ssd1306/C + sudo make clean + sudo make + sudo ./display & diff --git a/etchostsupdate.yaml b/etchostsupdate.yaml new file mode 100644 index 0000000..15e72ad --- /dev/null +++ b/etchostsupdate.yaml @@ -0,0 +1,21 @@ +--- +- name: "generate /etc/hosts.ansible file" + template: "src=templates/etchosts.j2 dest='/etc/hosts.ansible' owner=root group=root mode=0644" + tags: etc_hosts + become: true + +- name: "check if debian generated hosts file has a backup" + stat: "path=/etc/hosts.debian" + tags: etc_hosts + register: etc_hosts_debian + +- name: "backup debian generated /etc/hosts" + command: "cp /etc/hosts /etc/hosts.debian" + when: etc_hosts_debian.stat.islnk is not defined + tags: etc_hosts + become: true + +- name: "install /etc/hosts.ansible file" + command: "cp /etc/hosts.ansible /etc/hosts" + tags: etc_hosts + become: true diff --git a/files/LFS258/SOLUTIONS/LICENSE b/files/LFS258/SOLUTIONS/LICENSE new file mode 100644 index 0000000..fe84297 --- /dev/null +++ b/files/LFS258/SOLUTIONS/LICENSE @@ -0,0 +1,280 @@ +------------------------------------------------------------------------------- + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 675 Mass Ave, Cambridge, MA 02139, USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. +------------------------------------------------------------------------------- diff --git a/files/LFS258/SOLUTIONS/s_03/99-kubernetes-cri.conf b/files/LFS258/SOLUTIONS/s_03/99-kubernetes-cri.conf new file mode 100644 index 0000000..13909ff --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_03/99-kubernetes-cri.conf @@ -0,0 +1,4 @@ +net.bridge.bridge-nf-call-iptables = 1 +net.ipv4.ip_forward = 1 +net.bridge.bridge-nf-call-ip6tables = 1 + diff --git a/files/LFS258/SOLUTIONS/s_03/containerd-setup.txt b/files/LFS258/SOLUTIONS/s_03/containerd-setup.txt new file mode 100644 index 0000000..e023b69 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_03/containerd-setup.txt @@ -0,0 +1,183 @@ +# +# This script is intended to be run on an Ubuntu 20.04, +# 2cpu, 8G node. The course is **not** tested using containerd, +# so you may have endless issues, or not. Only for those already +# comfortable with Kubernetes, who want to compare and contrast +# various container engines +# By Tim Serewicz, 03/2022 GPL + +# Note there is a lot of software downloaded, which may require +# some troubleshooting if any of the sites updates their code, +# which should be expected. + +# These first several steps can be done on cp and worker. +# Ensure two modules are loaded after reboot + +cat <> /etc/apt/sources.list.d/kubernetes.list" + + +# Add the GPG key for the new repo + +sudo sh -c "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -" + + + +# Install the Kubernetes packages - Using older version of k8s +# so we can upgrade to current in future lab. Stop after these steps +# if on the worker +sudo apt-get update + +sudo apt-get install -y kubeadm=1.22.1-00 kubelet=1.22.1-00 kubectl=1.22.1-00 + +sudo apt-mark hold kubelet kubeadm kubectl + + + +# Create a cluster using containerd - Using older version of k8s +# so we can upgrade to current in future lab. Only run init on +# the control plane (cp) - **not** the worker. +sudo kubeadm init --kubernetes-version 1.22.1 --cri-socket=/var/run/containerd/containerd.sock --pod-network-cidr 192.168.0.0/16 | tee $HOME/cp.out + +mkdir -p $HOME/.kube + +sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config + +sudo chown $(id -u):$(id -g) $HOME/.kube/config + + + +# We'll use Calico for the network plugin + +kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml + +# Make sure all the infrastructure pods are running +kubectl get pod --all-namespaces + +kubectl describe pod -l component=kube-apiserver -n kube-system + +kubectl get events + +# Enable command line completion +source <(kubectl completion bash) + +echo "source <(kubectl completion bash)" >> $HOME/.bashrc + +# Untaint the control plane, as we only have one node +kubectl taint node --all node-role.kubernetes.io/master- + + +# Troubleshooting and or optional add ons +# Get containerd running, append or create several files. +cat <=:", for example: +# "nofile=1024:2048" +# If nothing is set here, settings will be inherited from the CRI-O daemon +#default_ulimits = [ +#] + +# default_runtime is the _name_ of the OCI runtime to be used as the default. +# The name is matched against the runtimes map below. +default_runtime = "runc" + +# If true, the runtime will not use pivot_root, but instead use MS_MOVE. +no_pivot = false + +# Path to the conmon binary, used for monitoring the OCI runtime. +conmon = "/usr/bin/conmon" + +# Environment variable list for the conmon process, used for passing necessary +# environment variables to conmon or the runtime. +conmon_env = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +] + +# If true, SELinux will be used for pod separation on the host. +selinux = false + +# Path to the seccomp.json profile which is used as the default seccomp profile +# for the runtime. +seccomp_profile = "/usr/share/containers/seccomp.json" + +# Used to change the name of the default AppArmor profile of CRI-O. The default +# profile name is "crio-default-" followed by the version string of CRI-O. +apparmor_profile = "crio-default" + +# Cgroup management implementation used for the runtime. +cgroup_manager = "systemd" + +# List of default capabilities for containers. If it is empty or commented out, +# only the capabilities defined in the containers json file by the user/kube +# will be added. +default_capabilities = [ + "CHOWN", + "DAC_OVERRIDE", + "FSETID", + "FOWNER", + "NET_RAW", + "SETGID", + "SETUID", + "SETPCAP", + "NET_BIND_SERVICE", + "SYS_CHROOT", + "KILL", +] + +# List of default sysctls. If it is empty or commented out, only the sysctls +# defined in the container json file by the user/kube will be added. +default_sysctls = [ +] + +# List of additional devices. specified as +# "::", for example: "--device=/dev/sdc:/dev/xvdc:rwm". +#If it is empty or commented out, only the devices +# defined in the container json file by the user/kube will be added. +additional_devices = [ +] + +# Path to OCI hooks directories for automatically executed hooks. +hooks_dir = [ +] + +# List of default mounts for each container. **Deprecated:** this option will +# be removed in future versions in favor of default_mounts_file. +default_mounts = [ +] + +# Path to the file specifying the defaults mounts for each container. The +# format of the config is /SRC:/DST, one mount per line. Notice that CRI-O reads +# its default mounts from the following two files: +# +# 1) /etc/containers/mounts.conf (i.e., default_mounts_file): This is the +# override file, where users can either add in their own default mounts, or +# override the default mounts shipped with the package. +# +# 2) /usr/share/containers/mounts.conf: This is the default file read for +# mounts. If you want CRI-O to read from a different, specific mounts file, +# you can change the default_mounts_file. Note, if this is done, CRI-O will +# only add mounts it finds in this file. +# +#default_mounts_file = "" + +# Maximum number of processes allowed in a container. +pids_limit = 1024 + +# Maximum sized allowed for the container log file. Negative numbers indicate +# that no size limit is imposed. If it is positive, it must be >= 8192 to +# match/exceed conmon's read buffer. The file is truncated and re-opened so the +# limit is never exceeded. +log_size_max = -1 + +# Whether container output should be logged to journald in addition to the kuberentes log file +log_to_journald = false + +# Path to directory in which container exit files are written to by conmon. +container_exits_dir = "/var/run/crio/exits" + +# Path to directory for container attach sockets. +container_attach_socket_dir = "/var/run/crio" + +# If set to true, all containers will run in read-only mode. +read_only = false + +# Changes the verbosity of the logs based on the level it is set to. Options +# are fatal, panic, error, warn, info, and debug. +log_level = "error" + +# The UID mappings for the user namespace of each container. A range is +# specified in the form containerUID:HostUID:Size. Multiple ranges must be +# separated by comma. +uid_mappings = "" + +# The GID mappings for the user namespace of each container. A range is +# specified in the form containerGID:HostGID:Size. Multiple ranges must be +# separated by comma. +gid_mappings = "" + +# The minimal amount of time in seconds to wait before issuing a timeout +# regarding the proper termination of the container. +ctr_stop_timeout = 0 + + # The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. + # The runtime to use is picked based on the runtime_handler provided by the CRI. + # If no runtime_handler is provided, the runtime will be picked based on the level + # of trust of the workload. + + [crio.runtime.runtimes.runc] + runtime_path = "/usr/lib/cri-o-runc/sbin/runc" + runtime_type = "" + + + +# The crio.image table contains settings pertaining to the management of OCI images. +# +# CRI-O reads its configured registries defaults from the system wide +# containers-registries.conf(5) located in /etc/containers/registries.conf. If +# you want to modify just CRI-O, you can change the registries configuration in +# this file. Otherwise, leave insecure_registries and registries commented out to +# use the system's defaults from /etc/containers/registries.conf. +[crio.image] + +# Default transport for pulling images from a remote container storage. +default_transport = "docker://" + +# The path to a file containing credentials necessary for pulling images from +# secure registries. The file is similar to that of /var/lib/kubelet/config.json +global_auth_file = "" + +# The image used to instantiate infra containers. +pause_image = "k8s.gcr.io/pause:3.1" + +# The path to a file containing credentials specific for pulling the pause_image from +# above. The file is similar to that of /var/lib/kubelet/config.json +pause_image_auth_file = "" + +# The command to run to have a container stay in the paused state. +pause_command = "/pause" + +# Path to the file which decides what sort of policy we use when deciding +# whether or not to trust an image that we've pulled. It is not recommended that +# this option be used, as the default behavior of using the system-wide default +# policy (i.e., /etc/containers/policy.json) is most often preferred. Please +# refer to containers-policy.json(5) for more details. +signature_policy = "" + +# Controls how image volumes are handled. The valid values are mkdir, bind and +# ignore; the latter will ignore volumes entirely. +image_volumes = "mkdir" + +# List of registries to be used when pulling an unqualified image (e.g., +# "alpine:latest"). By default, registries is set to "docker.io" for +# compatibility reasons. Depending on your workload and usecase you may add more +# registries (e.g., "quay.io", "registry.fedoraproject.org", +# "registry.opensuse.org", etc.). +#registries = [ +# "quay.io", +# "docker.io", +#] +registries = [ + "docker.io", + "quay.io", + "registry.fedoraproject.org", +] + +# The crio.network table containers settings pertaining to the management of +# CNI plugins. +[crio.network] + +# Path to the directory where CNI configuration files are located. +network_dir = "/etc/cni/net.d/" + +# Paths to directories where CNI plugin binaries are located. +plugin_dirs = [ + "/opt/cni/bin", +] diff --git a/files/LFS258/SOLUTIONS/s_03/daemon.json b/files/LFS258/SOLUTIONS/s_03/daemon.json new file mode 100644 index 0000000..210f35d --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_03/daemon.json @@ -0,0 +1,9 @@ +{ + "exec-opts": ["native.cgroupdriver=systemd"], + "log-driver": "json-file", + "log-opts": { + "max-size": "100m" + }, + "storage-driver": "overlay2" +} + diff --git a/files/LFS258/SOLUTIONS/s_03/first.yaml b/files/LFS258/SOLUTIONS/s_03/first.yaml new file mode 100644 index 0000000..af9e7a9 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_03/first.yaml @@ -0,0 +1,43 @@ +# Already edited file to remove unique values +# Port information not yet added. +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + run: nginx + name: nginx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + run: nginx + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + run: nginx + spec: + containers: + - image: nginx + imagePullPolicy: Always + name: nginx + ports: + - containerPort: 80 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 diff --git a/files/LFS258/SOLUTIONS/s_03/kubeadm-config.yaml b/files/LFS258/SOLUTIONS/s_03/kubeadm-config.yaml new file mode 100644 index 0000000..c5d09d7 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_03/kubeadm-config.yaml @@ -0,0 +1,6 @@ +apiVersion: kubeadm.k8s.io/v1beta2 +kind: ClusterConfiguration +kubernetesVersion: 1.22.1 +controlPlaneEndpoint: "k8s-master:6443" +networking: + podSubnet: 10.20.0.0/16 diff --git a/files/LFS258/SOLUTIONS/s_03/kubeadm-containerd.yaml b/files/LFS258/SOLUTIONS/s_03/kubeadm-containerd.yaml new file mode 100644 index 0000000..1f716ec --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_03/kubeadm-containerd.yaml @@ -0,0 +1,37 @@ +apiVersion: kubeadm.k8s.io/v1beta3 +bootstrapTokens: +- groups: + - system:bootstrappers:kubeadm:default-node-token + token: abcdef.0123456789abcdef + ttl: 24h0m0s + usages: + - signing + - authentication +kind: InitConfiguration +localAPIEndpoint: + advertiseAddress: 1.2.3.4 + bindPort: 6443 +nodeRegistration: + criSocket: /var/run/dockershim.sock + imagePullPolicy: IfNotPresent + name: node + taints: null +--- +apiServer: + timeoutForControlPlane: 4m0s +apiVersion: kubeadm.k8s.io/v1beta3 +certificatesDir: /etc/kubernetes/pki +clusterName: kubernetes +controllerManager: {} +dns: {} +etcd: + local: + dataDir: /var/lib/etcd +imageRepository: k8s.gcr.io +kind: ClusterConfiguration +kubernetesVersion: 1.22.0 +networking: + dnsDomain: cluster.local + serviceSubnet: 10.96.0.0/12 +scheduler: {} + diff --git a/files/LFS258/SOLUTIONS/s_03/kubeadm-crio.yaml b/files/LFS258/SOLUTIONS/s_03/kubeadm-crio.yaml new file mode 100644 index 0000000..9558130 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_03/kubeadm-crio.yaml @@ -0,0 +1,77 @@ +apiVersion: kubeadm.k8s.io/v1beta2 +bootstrapTokens: +- groups: + - system:bootstrappers:kubeadm:default-node-token + token: abcdef.0123456789abcdef + ttl: 24h0m0s + usages: + - signing + - authentication +kind: InitConfiguration +localAPIEndpoint: + bindPort: 6443 +nodeRegistration: + criSocket: unix:///var/run/crio/crio.sock + name: k8scp + taints: null +--- +apiServer: + timeoutForControlPlane: 4m0s +apiVersion: kubeadm.k8s.io/v1beta2 +certificatesDir: /etc/kubernetes/pki +clusterName: kubernetes +controllerManager: {} +dns: + type: CoreDNS +etcd: + local: + dataDir: /var/lib/etcd +imageRepository: k8s.gcr.io +kind: ClusterConfiguration +kubernetesVersion: 1.22.1 +networking: + dnsDomain: cluster.local + serviceSubnet: 10.96.0.0/12 + podSubnet: 192.168.0.0/16 +scheduler: {} +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +authentication: + anonymous: + enabled: false + webhook: + cacheTTL: 0s + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt +authorization: + mode: Webhook + webhook: + cacheAuthorizedTTL: 0s + cacheUnauthorizedTTL: 0s +cgroupDriver: systemd +clusterDNS: +- 10.96.0.10 +clusterDomain: cluster.local +cpuManagerReconcilePeriod: 0s +evictionPressureTransitionPeriod: 0s +fileCheckFrequency: 0s +healthzBindAddress: 127.0.0.1 +healthzPort: 10248 +httpCheckFrequency: 0s +imageMinimumGCAge: 0s +kind: KubeletConfiguration +logging: {} +nodeStatusReportFrequency: 0s +nodeStatusUpdateFrequency: 0s +resolvConf: /run/systemd/resolve/resolv.conf +rotateCertificates: true +runtimeRequestTimeout: 0s +shutdownGracePeriod: 0s +shutdownGracePeriodCriticalPods: 0s +staticPodPath: /etc/kubernetes/manifests +streamingConnectionIdleTimeout: 0s +syncFrequency: 0s +volumeStatsAggPeriod: 0s + + diff --git a/files/LFS258/SOLUTIONS/s_03/low-resource-range.yaml b/files/LFS258/SOLUTIONS/s_03/low-resource-range.yaml new file mode 100644 index 0000000..cbf14dc --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_03/low-resource-range.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: low-resource-range +spec: + limits: + - default: + cpu: 1 + memory: 500Mi + defaultRequest: + cpu: 0.5 + memory: 100Mi + type: Container diff --git a/files/LFS258/SOLUTIONS/s_03/second.yaml b/files/LFS258/SOLUTIONS/s_03/second.yaml new file mode 100644 index 0000000..278bbd6 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_03/second.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "2" + kubectl.kubernetes.io/last-applied-configuration: | + {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"deployment.kubernetes.io/revision":"1"},"generation":1,"labels":{"run":"nginx"},"name":"nginx","namespace":"default"},"spec":{"replicas":1,"selector":{"matchLabels":{"run":"nginx"}},"strategy":{"rollingUpdate":{"maxSurge":1,"maxUnavailable":1},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"run":"nginx"}},"spec":{"containers":[{"image":"nginx","imagePullPolicy":"Always","name":"nginx","ports":[{"containerPort":80,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}}} + creationTimestamp: 2017-10-25T16:09:08Z + generation: 2 + labels: + run: nginx + name: nginx + namespace: default + resourceVersion: "1820" + uid: d51d309a-b99e-11e7-894c-0a77bb381638 +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + run: nginx + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + run: nginx + spec: + containers: + - image: nginx + imagePullPolicy: Always + name: nginx + ports: + - containerPort: 80 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 +status: + availableReplicas: 1 + conditions: + - lastTransitionTime: 2017-10-25T16:09:08Z + lastUpdateTime: 2017-10-25T16:09:08Z + message: Deployment has minimum availability. + reason: MinimumReplicasAvailable + status: "True" + type: Available + - lastTransitionTime: 2017-10-25T16:12:29Z + lastUpdateTime: 2017-10-25T16:12:32Z + message: ReplicaSet "nginx-1423793266" has successfully progressed. + reason: NewReplicaSetAvailable + status: "True" + type: Progressing + observedGeneration: 2 + readyReplicas: 1 + replicas: 1 + updatedReplicas: 1 diff --git a/files/LFS258/SOLUTIONS/s_04/hog.yaml b/files/LFS258/SOLUTIONS/s_04/hog.yaml new file mode 100644 index 0000000..d47cf56 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_04/hog.yaml @@ -0,0 +1,56 @@ +# Edited to contain commented-out stress arguments. Remove +# the comments to pass those values to the container. +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + app: hog + name: hog + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: hog + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: hog + spec: + containers: + - image: vish/stress + imagePullPolicy: Always + name: hog + resources: + limits: +# cpu: "1" + memory: "4Gi" + requests: +# cpu: "0.5" + memory: "2500Mi" +# args: +# - -cpus +# - "2" +# - -mem-total +# - "1950Mi" +# - -mem-alloc-size +# - "100Mi" +# - -mem-alloc-sleep +# - "1s" + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + diff --git a/files/LFS258/SOLUTIONS/s_04/hog2.yaml b/files/LFS258/SOLUTIONS/s_04/hog2.yaml new file mode 100644 index 0000000..b009565 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_04/hog2.yaml @@ -0,0 +1,54 @@ +# Edited to contain new namespace +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + run: hog + name: hog + namespace: low-usage-limit +spec: + replicas: 1 + selector: + matchLabels: + run: hog + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + run: hog + spec: + containers: + - image: vish/stress + imagePullPolicy: Always + name: hog + resources: + limits: + cpu: "1" + memory: "4Gi" + requests: + cpu: "0.5" + memory: "2500Mi" + args: + - -cpus + - "2" + - -mem-total + - "1950Mi" + - -mem-alloc-size + - "100Mi" + - -mem-alloc-sleep + - "1s" + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 diff --git a/files/LFS258/SOLUTIONS/s_04/low-resource-range.yaml b/files/LFS258/SOLUTIONS/s_04/low-resource-range.yaml new file mode 100644 index 0000000..cbf14dc --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_04/low-resource-range.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: low-resource-range +spec: + limits: + - default: + cpu: 1 + memory: 500Mi + defaultRequest: + cpu: 0.5 + memory: 100Mi + type: Container diff --git a/files/LFS258/SOLUTIONS/s_05/curlpod.json b/files/LFS258/SOLUTIONS/s_05/curlpod.json new file mode 100644 index 0000000..f1e568e --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_05/curlpod.json @@ -0,0 +1,20 @@ +{ + "kind": "Pod", + "apiVersion": "v1", + "metadata":{ + "name": "curlpod", + "namespace": "default", + "labels": { + "name": "examplepod" + } + }, + "spec": { + "containers": [{ + "name": "nginx", + "image": "nginx", + "ports": [{"containerPort": 80}] + }] + } +} + + diff --git a/files/LFS258/SOLUTIONS/s_06/cron-job.yaml b/files/LFS258/SOLUTIONS/s_06/cron-job.yaml new file mode 100644 index 0000000..21d9038 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_06/cron-job.yaml @@ -0,0 +1,19 @@ +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: date +spec: + schedule: "*/1 * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: dateperminute + image: busybox + args: + - /bin/sh + - -c + - date; sleep 30 + restartPolicy: OnFailure + diff --git a/files/LFS258/SOLUTIONS/s_06/cronjob.yaml b/files/LFS258/SOLUTIONS/s_06/cronjob.yaml new file mode 100644 index 0000000..a39daad --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_06/cronjob.yaml @@ -0,0 +1,18 @@ +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: sleepy +spec: + schedule: "*/2 * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: resting + image: busybox + command: ["/bin/sleep"] + args: ["5"] + restartPolicy: Never + + diff --git a/files/LFS258/SOLUTIONS/s_06/job.yaml b/files/LFS258/SOLUTIONS/s_06/job.yaml new file mode 100644 index 0000000..fabd47c --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_06/job.yaml @@ -0,0 +1,14 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: sleepy +spec: + template: + spec: + containers: + - name: resting + image: busybox + command: ["/bin/sleep"] + args: ["3"] + restartPolicy: Never + diff --git a/files/LFS258/SOLUTIONS/s_07/ds.yaml b/files/LFS258/SOLUTIONS/s_07/ds.yaml new file mode 100644 index 0000000..9ff3219 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_07/ds.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: ds-one +spec: + selector: + matchLabels: + system: DaemonSetOne + + template: + metadata: + labels: + system: DaemonSetOne + spec: + containers: + - name: nginx + image: nginx:1.11.1 + ports: + - containerPort: 80 diff --git a/files/LFS258/SOLUTIONS/s_07/ds2.yaml b/files/LFS258/SOLUTIONS/s_07/ds2.yaml new file mode 100644 index 0000000..1a0bea4 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_07/ds2.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + creationTimestamp: 2017-10-25T19:59:25Z + generation: 3 + labels: + system: DaemonSetOne + name: ds-two + namespace: default +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + system: DaemonSetOne + template: + metadata: + creationTimestamp: null + labels: + system: DaemonSetOne + spec: + containers: + - image: nginx:1.11.1 + imagePullPolicy: IfNotPresent + name: nginx + ports: + - containerPort: 80 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + templateGeneration: 3 + updateStrategy: + type: RollingUpdate diff --git a/files/LFS258/SOLUTIONS/s_07/rs.yaml b/files/LFS258/SOLUTIONS/s_07/rs.yaml new file mode 100644 index 0000000..c048d25 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_07/rs.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: ReplicaSet +metadata: + name: rs-one +spec: + replicas: 2 + selector: + matchLabels: + system: ReplicaOne + template: + metadata: + labels: + system: ReplicaOne + spec: + containers: + - name: nginx + image: nginx:1.15.1 + ports: + - containerPort: 80 diff --git a/files/LFS258/SOLUTIONS/s_08/PVol.yaml b/files/LFS258/SOLUTIONS/s_08/PVol.yaml new file mode 100644 index 0000000..d9a508e --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_08/PVol.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pvvol-1 +spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + nfs: + path: /opt/sfw + server: k8scp #<-- Edit to match cp node + readOnly: false diff --git a/files/LFS258/SOLUTIONS/s_08/car-map.yaml b/files/LFS258/SOLUTIONS/s_08/car-map.yaml new file mode 100644 index 0000000..bbebb90 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_08/car-map.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fast-car + namespace: default +data: + car.make: Ford + car.model: Mustang + car.trim: Shelby diff --git a/files/LFS258/SOLUTIONS/s_08/nfs-pod.yaml b/files/LFS258/SOLUTIONS/s_08/nfs-pod.yaml new file mode 100644 index 0000000..79886aa --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_08/nfs-pod.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + run: nginx + name: nginx-nfs #<-- Edit name + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + run: nginx + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + run: nginx + spec: + containers: + - image: nginx + imagePullPolicy: Always + name: nginx + volumeMounts: + - name: nfs-vol + mountPath: /opt + ports: + - containerPort: 80 + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumes: #<<-- These four lines + - name: nfs-vol + persistentVolumeClaim: + claimName: pvc-one + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 diff --git a/files/LFS258/SOLUTIONS/s_08/pvc.yaml b/files/LFS258/SOLUTIONS/s_08/pvc.yaml new file mode 100644 index 0000000..efcc32b --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_08/pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pvc-one +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 200Mi diff --git a/files/LFS258/SOLUTIONS/s_08/simpleshell.yaml b/files/LFS258/SOLUTIONS/s_08/simpleshell.yaml new file mode 100644 index 0000000..4f0416a --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_08/simpleshell.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: shell-demo +spec: + containers: + - name: nginx + image: nginx + env: + - name: ilike + valueFrom: + configMapKeyRef: + name: colors + key: favorite diff --git a/files/LFS258/SOLUTIONS/s_08/storage-quota.yaml b/files/LFS258/SOLUTIONS/s_08/storage-quota.yaml new file mode 100644 index 0000000..1f85024 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_08/storage-quota.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: storagequota +spec: + hard: + persistentvolumeclaims: "10" + requests.storage: "500Mi" diff --git a/files/LFS258/SOLUTIONS/s_09/nettool.yaml b/files/LFS258/SOLUTIONS/s_09/nettool.yaml new file mode 100644 index 0000000..8687861 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_09/nettool.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Pod +metadata: + name: ubuntu +spec: + containers: + - name: ubuntu + image: ubuntu:latest + command: [ "sleep" ] + args: [ "infinity" ] + diff --git a/files/LFS258/SOLUTIONS/s_09/nginx-one.yaml b/files/LFS258/SOLUTIONS/s_09/nginx-one.yaml new file mode 100644 index 0000000..9f52729 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_09/nginx-one.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +# Determines YAML versioned schema. +kind: Deployment +# Describes the resource defined in this file. +metadata: + name: nginx-one + labels: + system: secondary +# Required string which defines object within namespace. + namespace: accounting +# Existing namespace resource will be deployed into. +spec: + selector: + matchLabels: + system: secondary +# Declaration of the label for the deployment to manage + replicas: 2 +# How many Pods of following containers to deploy + template: + metadata: + labels: + system: secondary +# Some string meaningful to users, not cluster. Keys +# must be unique for each object. Allows for mapping +# to customer needs. + spec: + containers: +# Array of objects describing containerized application with a Pod. +# Referenced with shorthand spec.template.spec.containers + - image: nginx:1.20.1 +# The Docker image to deploy + imagePullPolicy: Always + name: nginx +# Unique name for each container, use local or Docker repo image + ports: + - containerPort: 8080 + protocol: TCP +# Optional resources this container may need to function. + nodeSelector: + system: secondOne +# One method of node affinity. diff --git a/files/LFS258/SOLUTIONS/s_10/db1-vol.yaml b/files/LFS258/SOLUTIONS/s_10/db1-vol.yaml new file mode 100644 index 0000000..e4e231d --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_10/db1-vol.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: dbvol-1 +spec: + capacity: + storage: 8Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + path: /opt/sfw + server: k8scp #<-- Edit to match cp node + readOnly: false diff --git a/files/LFS258/SOLUTIONS/s_10/db2-vol.yaml b/files/LFS258/SOLUTIONS/s_10/db2-vol.yaml new file mode 100644 index 0000000..6dd848c --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_10/db2-vol.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: dbvol-2 +spec: + capacity: + storage: 8Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + path: /opt/sfw + server: k8scp #<-- Edit to match cp node + readOnly: false diff --git a/files/LFS258/SOLUTIONS/s_11/ingress.rbac.yaml b/files/LFS258/SOLUTIONS/s_11/ingress.rbac.yaml new file mode 100644 index 0000000..96e038c --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_11/ingress.rbac.yaml @@ -0,0 +1,37 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-ingress-controller +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traefik-ingress-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: traefik-ingress-controller +subjects: +- kind: ServiceAccount + name: traefik-ingress-controller + namespace: kube-system + diff --git a/files/LFS258/SOLUTIONS/s_11/ingress.rule.yaml b/files/LFS258/SOLUTIONS/s_11/ingress.rule.yaml new file mode 100644 index 0000000..bc08013 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_11/ingress.rule.yaml @@ -0,0 +1,16 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-test + annotations: + kubernetes.io/ingress.class: traefik +spec: + rules: + - host: www.example.com + http: + paths: + - backend: + serviceName: secondapp + servicePort: 80 + path: / + diff --git a/files/LFS258/SOLUTIONS/s_11/ingress.yaml b/files/LFS258/SOLUTIONS/s_11/ingress.yaml new file mode 100644 index 0000000..8b5943b --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_11/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress-test + annotations: + kubernetes.io/ingress.class: nginx + namespace: default +spec: + rules: + - host: www.external.com + http: + paths: + - backend: + service: + name: web-one + port: + number: 80 + path: / + pathType: ImplementationSpecific +status: + loadBalancer: {} + diff --git a/files/LFS258/SOLUTIONS/s_11/setupLinkerd.txt b/files/LFS258/SOLUTIONS/s_11/setupLinkerd.txt new file mode 100644 index 0000000..79e0e14 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_11/setupLinkerd.txt @@ -0,0 +1,9 @@ +curl -sL run.linkerd.io/install | sh +export PATH=$PATH:/home/student/.linkerd2/bin +linkerd check --pre +linkerd install | kubectl apply -f - +linkerd check +linkerd viz install | kubectl apply -f - +linkerd viz check +linkerd viz dashboard & + diff --git a/files/LFS258/SOLUTIONS/s_11/traefik-ds.yaml b/files/LFS258/SOLUTIONS/s_11/traefik-ds.yaml new file mode 100644 index 0000000..7cf9846 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_11/traefik-ds.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: traefik-ingress-controller + namespace: kube-system +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: traefik-ingress-controller + namespace: kube-system + labels: + k8s-app: traefik-ingress-lb +spec: + selector: + matchLabels: + name: traefik-ingress-lb + template: + metadata: + labels: + k8s-app: traefik-ingress-lb + name: traefik-ingress-lb + spec: + serviceAccountName: traefik-ingress-controller + terminationGracePeriodSeconds: 60 + hostNetwork: True + containers: + - image: traefik:1.7.13 + name: traefik-ingress-lb + ports: + - name: http + containerPort: 80 + hostPort: 80 + - name: admin + containerPort: 8080 + hostPort: 8080 + args: + - --api + - --kubernetes + - --logLevel=INFO +--- +kind: Service +apiVersion: v1 +metadata: + name: traefik-ingress-service + namespace: kube-system +spec: + selector: + k8s-app: traefik-ingress-lb + ports: + - protocol: TCP + port: 80 + name: web + - protocol: TCP + port: 8080 + name: admin + diff --git a/files/LFS258/SOLUTIONS/s_12/taint.yaml b/files/LFS258/SOLUTIONS/s_12/taint.yaml new file mode 100644 index 0000000..3d373ea --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_12/taint.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: taint-deployment +spec: + replicas: 8 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.20.1 + ports: + - containerPort: 80 diff --git a/files/LFS258/SOLUTIONS/s_12/vip.yaml b/files/LFS258/SOLUTIONS/s_12/vip.yaml new file mode 100644 index 0000000..dcbb5f4 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_12/vip.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Pod +metadata: + name: vip +spec: + containers: + - name: vip1 + image: busybox + args: + - sleep + - "1000000" + - name: vip2 + image: busybox + args: + - sleep + - "1000000" + - name: vip3 + image: busybox + args: + - sleep + - "1000000" + - name: vip4 + image: busybox + args: + - sleep + - "1000000" + nodeSelector: + status: vip diff --git a/files/LFS258/SOLUTIONS/s_14/crd.yaml b/files/LFS258/SOLUTIONS/s_14/crd.yaml new file mode 100644 index 0000000..df78e1a --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_14/crd.yaml @@ -0,0 +1,41 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + # name must match the spec fields below, and be in the form: . + name: crontabs.stable.example.com +spec: + # group name to use for REST API: /apis// + group: stable.example.com + # list of versions supported by this CustomResourceDefinition + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + cronSpec: + type: string + image: + type: string + replicas: + type: integer + # either Namespaced or Cluster + scope: Namespaced + names: + # plural name to be used in the URL: /apis/// + plural: crontabs + # singular name to be used as an alias on the CLI and for display + singular: crontab + # kind is normally the CamelCased singular type. Your resource manifests use this. + kind: CronTab + # shortNames allow shorter string to match your resource on the CLI + shortNames: + - ct + diff --git a/files/LFS258/SOLUTIONS/s_14/new-crontab.yaml b/files/LFS258/SOLUTIONS/s_14/new-crontab.yaml new file mode 100644 index 0000000..e698f9a --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_14/new-crontab.yaml @@ -0,0 +1,10 @@ +apiVersion: "stable.example.com/v1" + # This is from the group and version of new CRD +kind: CronTab + # The kind from the new CRD +metadata: + name: new-cron-object +spec: + cronSpec: "*/5 * * * *" + image: some-cron-image + #Does not exist diff --git a/files/LFS258/SOLUTIONS/s_15/role-dev.yaml b/files/LFS258/SOLUTIONS/s_15/role-dev.yaml new file mode 100644 index 0000000..dfe58d7 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_15/role-dev.yaml @@ -0,0 +1,10 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: development + name: developer +rules: +- apiGroups: ["", "extensions", "apps"] + resources: ["deployments", "replicasets", "pods"] + verbs: ["list", "get", "watch", "create", "update", "patch", "delete"] +# You can use ["*"] for all verbs diff --git a/files/LFS258/SOLUTIONS/s_15/role-prod.yaml b/files/LFS258/SOLUTIONS/s_15/role-prod.yaml new file mode 100644 index 0000000..331fad8 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_15/role-prod.yaml @@ -0,0 +1,9 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: production + name: dev-prod +rules: +- apiGroups: ["", "extensions", "apps"] + resources: ["deployments", "replicasets", "pods"] + verbs: ["get", "list", "watch"] # You can also use ["*"] diff --git a/files/LFS258/SOLUTIONS/s_15/role.yaml b/files/LFS258/SOLUTIONS/s_15/role.yaml new file mode 100644 index 0000000..88be277 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_15/role.yaml @@ -0,0 +1,9 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: development + name: developer +rules: +- apiGroups: ["", "extensions", "apps"] + resources: ["deployments", "replicasets", "pods"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"] diff --git a/files/LFS258/SOLUTIONS/s_15/rolebind.yaml b/files/LFS258/SOLUTIONS/s_15/rolebind.yaml new file mode 100644 index 0000000..d754ede --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_15/rolebind.yaml @@ -0,0 +1,13 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: developer-role-binding + namespace: development +subjects: +- kind: User + name: DevDan + apiGroup: "" +roleRef: + kind: Role + name: developer + apiGroup: "" diff --git a/files/LFS258/SOLUTIONS/s_15/rolebindprod.yaml b/files/LFS258/SOLUTIONS/s_15/rolebindprod.yaml new file mode 100644 index 0000000..9c52bd2 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_15/rolebindprod.yaml @@ -0,0 +1,13 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: production-role-binding #<-- Edit to production + namespace: production #<-- Also here +subjects: +- kind: User + name: DevDan + apiGroup: "" +roleRef: + kind: Role + name: dev-prod #<-- Also this + apiGroup: "" diff --git a/files/LFS258/SOLUTIONS/s_16/haproxy.cfg b/files/LFS258/SOLUTIONS/s_16/haproxy.cfg new file mode 100644 index 0000000..4a64bdf --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_16/haproxy.cfg @@ -0,0 +1,55 @@ +global + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin + stats timeout 30s + user haproxy + group haproxy + daemon + + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS + ssl-default-bind-options no-sslv3 + +defaults + log global + mode tcp + option tcplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + +frontend proxynode + bind *:80 + bind *:6443 + stats uri /proxystats + default_backend k8sServers + +backend k8sServers + balance roundrobin + server cp1 10.128.0.24:6443 check #<-- Edit with your IP addresses. +# server cp2 10.128.0.30:6443 check +# server cp3 10.128.0.66:6443 check + +listen stats + bind :9999 + mode http + stats enable + stats hide-version + stats uri /stats + diff --git a/files/LFS258/SOLUTIONS/s_A/review1.yaml b/files/LFS258/SOLUTIONS/s_A/review1.yaml new file mode 100644 index 0000000..519fcbe --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_A/review1.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Pod +metadata: + name: break1 +spec: + containers: + - name: mountain-region + image: nginx:1.11-apline + diff --git a/files/LFS258/SOLUTIONS/s_A/review2.yaml b/files/LFS258/SOLUTIONS/s_A/review2.yaml new file mode 100644 index 0000000..d4fae06 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_A/review2.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + labels: + app: break2 + name: break2 + namespace: default +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: break2 + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: break2 + spec: + containers: + - image: nginx + imagePullPolicy: Always + name: brokenapp + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + - name: goproxy + image: k8s.gcr.io/goproxy:0.1 + readinessProbe: + tcpSocket: + port: 808 + initialDelaySeconds: 5 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 808 + initialDelaySeconds: 15 + periodSeconds: 20 + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 +status: + diff --git a/files/LFS258/SOLUTIONS/s_A/review3.yaml b/files/LFS258/SOLUTIONS/s_A/review3.yaml new file mode 100644 index 0000000..ae02c5c --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_A/review3.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Pod +metadata: + name: design-pod1 +spec: + containers: + - image: vish/stress + name: design-pod1 + resources: + limits: + cpu: "2.22" + memory: "567Mi" + requests: + cpu: "0.3" + memory: "456Mi" + args: + - -cpus + - "1" + - -mem-total + - "1036Mi" + - -mem-alloc-size + - "500Mi" + - -mem-alloc-sleep + - "1s" + + +#Domain CPU requirements + diff --git a/files/LFS258/SOLUTIONS/s_A/review4.yaml b/files/LFS258/SOLUTIONS/s_A/review4.yaml new file mode 100644 index 0000000..ae02c5c --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_A/review4.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Pod +metadata: + name: design-pod1 +spec: + containers: + - image: vish/stress + name: design-pod1 + resources: + limits: + cpu: "2.22" + memory: "567Mi" + requests: + cpu: "0.3" + memory: "456Mi" + args: + - -cpus + - "1" + - -mem-total + - "1036Mi" + - -mem-alloc-size + - "500Mi" + - -mem-alloc-sleep + - "1s" + + +#Domain CPU requirements + diff --git a/files/LFS258/SOLUTIONS/s_A/review5.yaml b/files/LFS258/SOLUTIONS/s_A/review5.yaml new file mode 100644 index 0000000..7a963d6 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_A/review5.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: List +items: +- apiVersion: v1 + kind: Pod + metadata: + labels: + review: tux + name: label-pod1 + spec: + containers: + - image: nginx + name: design-a +- apiVersion: v1 + kind: Pod + metadata: + labels: + review: tux + name: label-pod2 + spec: + containers: + - image: nginx + name: design-b +- apiVersion: v1 + kind: Pod + metadata: + labels: + linux: rocks + name: label-pod3 + spec: + containers: + - image: nginx + name: design-c +- apiVersion: v1 + kind: Pod + metadata: + labels: + domain: review + name: label-pod4 + spec: + containers: + - image: nginx + name: design-d + + +# Create pods with selectors diff --git a/files/LFS258/SOLUTIONS/s_A/review6.yaml b/files/LFS258/SOLUTIONS/s_A/review6.yaml new file mode 100644 index 0000000..1cf50de --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_A/review6.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + name: securityreview +spec: + securityContext: + runAsUser: 2100 + containers: + - name: webguy + image: nginx + securityContext: + runAsUser: 3000 + allowPrivilegeEscalation: false diff --git a/files/LFS258/SOLUTIONS/s_A/review7.yaml b/files/LFS258/SOLUTIONS/s_A/review7.yaml new file mode 100644 index 0000000..5e972f0 --- /dev/null +++ b/files/LFS258/SOLUTIONS/s_A/review7.yaml @@ -0,0 +1,53 @@ +apiVersion: extensions/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + run: igottrouble + name: igottrouble +spec: + replicas: 0 + selector: + matchLabels: + run: ugottrouble + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + run: igottrouble + spec: + containers: + - image: vish/stress + imagePullPolicy: Always + name: igottrouble + resources: + limits: + cpu: "1" + memory: "1Gi" + requests: + cpu: "2.5" + memory: "500Mi" + args: + - -cpus + - "2" + - -mem-total + - "1950Mi" + - -mem-alloc-size + - "100Mi" + - -mem-alloc-sleep + - "1s" + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + diff --git a/files/kubeadm-config.yaml b/files/kubeadm-config.yaml new file mode 100644 index 0000000..c5d09d7 --- /dev/null +++ b/files/kubeadm-config.yaml @@ -0,0 +1,6 @@ +apiVersion: kubeadm.k8s.io/v1beta2 +kind: ClusterConfiguration +kubernetesVersion: 1.22.1 +controlPlaneEndpoint: "k8s-master:6443" +networking: + podSubnet: 10.20.0.0/16 diff --git a/files/kubeadm-crio.yaml b/files/kubeadm-crio.yaml new file mode 100644 index 0000000..dc6f520 --- /dev/null +++ b/files/kubeadm-crio.yaml @@ -0,0 +1,77 @@ +apiVersion: kubeadm.k8s.io/v1beta2 +bootstrapTokens: +- groups: + - system:bootstrappers:kubeadm:default-node-token + token: abcdef.0123456789abcdef + ttl: 24h0m0s + usages: + - signing + - authentication +kind: InitConfiguration +localAPIEndpoint: + bindPort: 6443 +nodeRegistration: + criSocket: unix:///var/run/crio/crio.sock + name: k8s-master + taints: null +--- +apiServer: + timeoutForControlPlane: 4m0s +apiVersion: kubeadm.k8s.io/v1beta2 +certificatesDir: /etc/kubernetes/pki +clusterName: kubernetes +controllerManager: {} +dns: + type: CoreDNS +etcd: + local: + dataDir: /var/lib/etcd +imageRepository: k8s.gcr.io +kind: ClusterConfiguration +kubernetesVersion: 1.22.1 +networking: + dnsDomain: cluster.local + serviceSubnet: 10.96.0.0/12 + podSubnet: 10.20.0.0/16 +scheduler: {} +--- +apiVersion: kubelet.config.k8s.io/v1beta1 +authentication: + anonymous: + enabled: false + webhook: + cacheTTL: 0s + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt +authorization: + mode: Webhook + webhook: + cacheAuthorizedTTL: 0s + cacheUnauthorizedTTL: 0s +cgroupDriver: systemd +clusterDNS: +- 10.96.0.10 +clusterDomain: cluster.local +cpuManagerReconcilePeriod: 0s +evictionPressureTransitionPeriod: 0s +fileCheckFrequency: 0s +healthzBindAddress: 127.0.0.1 +healthzPort: 10248 +httpCheckFrequency: 0s +imageMinimumGCAge: 0s +kind: KubeletConfiguration +logging: {} +nodeStatusReportFrequency: 0s +nodeStatusUpdateFrequency: 0s +resolvConf: /run/systemd/resolve/resolv.conf +rotateCertificates: true +runtimeRequestTimeout: 0s +shutdownGracePeriod: 0s +shutdownGracePeriodCriticalPods: 0s +staticPodPath: /etc/kubernetes/manifests +streamingConnectionIdleTimeout: 0s +syncFrequency: 0s +volumeStatsAggPeriod: 0s + + diff --git a/install_crio.yml b/install_crio.yml new file mode 100644 index 0000000..d95b2e9 --- /dev/null +++ b/install_crio.yml @@ -0,0 +1,35 @@ +- name: Add keyring of CRI-O repo + apt_key: + url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o/Debian_11/Release.key + state: present + +- name: Add keyring of CRI-O repo + apt_key: + url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.22/Debian_11/Release.key + state: present + +- name: Add CRI-O Repo + apt_repository: + repo: "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_11/ /" + state: present + filename: "devel:kubic:libcontainers:stable.list" + +- name: Add CRI-O Repo + apt_repository: + repo: "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.22/Debian_11/ /" + state: present + filename: "devel:kubic:libcontainers:stable:cri-o:Debian_11.list" + +- name: Install CRI-O + apt: + name: "{{ item }}" + update_cache: true + loop: + - cri-o + - cri-o-runc + +- name: Enable CRI-O Service + systemd: + name: crio + state: started + enabled: true \ No newline at end of file diff --git a/install_kubernetes.yml b/install_kubernetes.yml new file mode 100644 index 0000000..4eab78d --- /dev/null +++ b/install_kubernetes.yml @@ -0,0 +1,68 @@ +- name: Install prerequisits + apt: + name: "{{ item }}" + update_cache: true + loop: + - apt-transport-https + - ca-certificates + - curl + +- name: Enable modules + community.general.modprobe: + name: "{{ item }}" + state: present + loop: + - overlay + - br_netfilter + +- name: Enable modules persistantly + lineinfile: + path: /etc/modules + line: "{{ item }}" + state: present + insertafter: EOF + loop: + - overlay + - br_netfilter + +- name: Set br_netfilter sysctl parameters + ansible.posix.sysctl: + name: "{{ item }}" + state: present + value: '1' + sysctl_set: true + sysctl_file: /etc/sysctl.d/99-kubernetes-cri.conf + loop: + - net.bridge.bridge-nf-call-iptables + - net.ipv4.ip_forward + - net.bridge.bridge-nf-call-ip6tables + +- name: Install kubernetes repo key + apt_key: + url: https://packages.cloud.google.com/apt/doc/apt-key.gpg + state: present + +- name: Install kubernetes repo + apt_repository: + repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main" + state: present + filename: kubernetes + +- name: Install kubeadm + apt: + name: "{{ item }}" + allow_downgrade: true + state: present + loop: + - "kubectl=1.22.1-00" + - "kubelet=1.22.1-00" + - "kubeadm=1.22.1-00" + +- name: Hold kubeadm + dpkg_selections: + name: "{{ item }}" + selection: hold + loop: + - kubeadm + - kubelet + - kubectl \ No newline at end of file diff --git a/inventory b/inventory index 0fd1108..0daea16 100644 --- a/inventory +++ b/inventory @@ -1,8 +1,15 @@ [k8s] +[k8s_nodes] +k8s-node01 ansible_user=tim +k8s-node02 ansible_user=tim +k8s-node03 ansible_user=tim +k8s-node04 ansible_user=tim + [k8s_master] -k8s-master ansible_user=pi +k8s-master ansible_user=tim [k8s:children] -k8s_master \ No newline at end of file +k8s_master +k8s_nodes \ No newline at end of file diff --git a/k8s_master.yml b/k8s_master.yml new file mode 100644 index 0000000..c0cc9bd --- /dev/null +++ b/k8s_master.yml @@ -0,0 +1,34 @@ +- name: Get Calico Definition + get_url: + url: https://docs.projectcalico.org/manifests/calico.yaml + dest: /tmp/calico.yml + delegate_to: k8s-master + run_once: true + +- name: Copy kubeadm-crio.yaml to k8s-master + ansible.builtin.copy: + src: "files/{{ item }}" + dest: "/root/{{ item }}" + owner: root + group: root + mode: '0644' + loop: + - "kubeadm-crio.yaml" + - "kubeadm-config.yaml" + delegate_to: k8s-master + run_once: true + +- name: Init Cluster + shell: > + kubeadm init --config=/root/kubeadm-config.yaml --upload-certs | tee kubeadm-init.out + register: kubeadm_init + delegate_to: k8s-master + run_once: true + +- debug: + msg: "{{ kubeadm_init.stdout }}" + run_once: true + +- name: enable Calico + shell: kubectl apply -f /tmp/calico.yaml + diff --git a/k8s_nodes.yml b/k8s_nodes.yml new file mode 100644 index 0000000..e69de29 diff --git a/kube-crio.yaml b/kube-crio.yaml new file mode 100644 index 0000000..e69de29 diff --git a/setup.yml b/setup.yml index adb9c8f..cec738d 100644 --- a/setup.yml +++ b/setup.yml @@ -1,10 +1,28 @@ --- + - name: Install and deplo a k8s cluster hosts: k8s become: True + vars: + enable_display: true + install_crio: true + install_kubernetes: true + etchostsupdate: true tasks: - - name: Update all packages with APT - apt: - update_cache: True - upgrade: dist \ No newline at end of file + - include_tasks: + file: tweak_rpi4.yaml + - include_tasks: + file: etchostsupdate.yaml + when: etchostsupdate + - include_tasks: + file: enable_display.yml + when: enable_display + - include_tasks: + file: install_crio.yml + when: install_crio + - include_tasks: + file: install_kubernetes.yml + when: install_kubernetes + - include_tasks: + file: k8s_master.yml \ No newline at end of file diff --git a/templates/etchosts.j2 b/templates/etchosts.j2 new file mode 100644 index 0000000..189437b --- /dev/null +++ b/templates/etchosts.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback + +# The following lines are desirable for IPv6 capable hosts. +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +# Network nodes as generated through Ansible. +{% for host in play_hosts %} +{% if 'ansible_eth0' in hostvars[host] %} +{{ hostvars[host]['ansible_eth0']['ipv4']['address'] }} {{ host }} +{% endif %} +{% endfor %} \ No newline at end of file diff --git a/tweak_rpi4.yaml b/tweak_rpi4.yaml new file mode 100644 index 0000000..7cf4dec --- /dev/null +++ b/tweak_rpi4.yaml @@ -0,0 +1,25 @@ +--- + +- name: Enable container features + replace: + path: /boot/cmdline.txt + regexp: '^([\w](?!.*\b{{ item }}\b).*)$' + replace: '\1 {{ item }}' + with_items: + - "cgroup_enable=cpuset" + - "cgroup_memory=1" + - "cgroup_enable=memory" + - "wapaccount=1" + register: cmdline + +- name: Set Swappoff in conf file + lineinfile: + path: /etc/dphys-swapfile + line: CONF_SWAPSIZE=0 + state: present + insertafter: EOF + register: swap + +- name: Unconditionally reboot the machine with all defaults + reboot: + when: cmdline.changed or swap.changed \ No newline at end of file