From 79f64680abe70ea44584375c86d8a4130fff0e77 Mon Sep 17 00:00:00 2001 From: oleg Date: Thu, 2 Jun 2022 19:18:50 +0300 Subject: [PATCH 1/2] HWfor30lesson --- kubernetes/reddit/mongo-deployment.yml | 8 ++-- kubernetes/reddit/mongo-network-policy.yml | 25 +++++++++++ kubernetes/reddit/mongo-pv.yml | 17 ++++++++ kubernetes/reddit/mongo-pvc.yml | 13 ++++++ kubernetes/reddit/secret.yaml | 50 ++++++++++++++++++++++ kubernetes/reddit/tls.crt | 19 ++++++++ kubernetes/reddit/tls.key | 28 ++++++++++++ kubernetes/reddit/ui-ingress.yml | 20 +++++++++ kubernetes/reddit/ui-service.yml | 9 ++-- 9 files changed, 180 insertions(+), 9 deletions(-) create mode 100644 kubernetes/reddit/mongo-network-policy.yml create mode 100644 kubernetes/reddit/mongo-pv.yml create mode 100644 kubernetes/reddit/mongo-pvc.yml create mode 100644 kubernetes/reddit/secret.yaml create mode 100644 kubernetes/reddit/tls.crt create mode 100644 kubernetes/reddit/tls.key create mode 100644 kubernetes/reddit/ui-ingress.yml diff --git a/kubernetes/reddit/mongo-deployment.yml b/kubernetes/reddit/mongo-deployment.yml index 7a32baa..b1175b7 100644 --- a/kubernetes/reddit/mongo-deployment.yml +++ b/kubernetes/reddit/mongo-deployment.yml @@ -6,7 +6,7 @@ metadata: labels: app: reddit component: mongo - comment-db: "true" # Лейбл в deployment, чтобы было понятно, что рзавернуто + comment-db: "true" post-db: "true" spec: replicas: 1 @@ -20,8 +20,6 @@ spec: labels: app: reddit component: mongo - comment-db: "true" - post-db: "true" spec: containers: - image: mongo:3.2 @@ -30,5 +28,7 @@ spec: - name: mongo-persistent-storage mountPath: /data/db volumes: + #name: mongo-gce-pd-storage - name: mongo-persistent-storage - emptyDir: {} + persistentVolumeClaim: + claimName: mongo-pvc diff --git a/kubernetes/reddit/mongo-network-policy.yml b/kubernetes/reddit/mongo-network-policy.yml new file mode 100644 index 0000000..7ce0cfd --- /dev/null +++ b/kubernetes/reddit/mongo-network-policy.yml @@ -0,0 +1,25 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: deny-db-traffic + namespace: dev + labels: + app: reddit +spec: + podSelector: + matchLabels: + app: reddit + component: mongo + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app: reddit + component: comment + - podSelector: + matchLabels: + app: reddit + component: post diff --git a/kubernetes/reddit/mongo-pv.yml b/kubernetes/reddit/mongo-pv.yml new file mode 100644 index 0000000..032dfa6 --- /dev/null +++ b/kubernetes/reddit/mongo-pv.yml @@ -0,0 +1,17 @@ + + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mongo-pv +spec: + storageClassName: "" + capacity: + storage: 4Gi + accessModes: + - ReadWriteOnce + csi: + driver: disk-csi-driver.mks.ycloud.io + fsType: ext4 + volumeHandle: fhmfbg6e9asljv8ivr2c diff --git a/kubernetes/reddit/mongo-pvc.yml b/kubernetes/reddit/mongo-pvc.yml new file mode 100644 index 0000000..37a5564 --- /dev/null +++ b/kubernetes/reddit/mongo-pvc.yml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongo-pvc +spec: + storageClassName: "" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 4Gi + volumeName: mongo-pv diff --git a/kubernetes/reddit/secret.yaml b/kubernetes/reddit/secret.yaml new file mode 100644 index 0000000..e1f88d6 --- /dev/null +++ b/kubernetes/reddit/secret.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: ui-ingress +type: kubernetes.io/tls +data: + # the data is abbreviated in this example + tls.crt: | + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lVSFBOZlV5eWtM + emlldVYxRVhuQlRLZlgvUUlVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09N + VE13TGpFNU15NDBNaTR4T0RVd0hoY05Nakl3TmpBeE1USXlPVFEzV2hjTgpNak13TmpBeE1USXlP + VFEzV2pBWk1SY3dGUVlEVlFRRERBNHhNekF1TVRrekxqUXlMakU0TlRDQ0FTSXdEUVlKCktvWklo + dmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtQQlR2SlB1cVZManZUUno2OEVIRVB5bGp3bE10 + alkKRlJ1TUV1NUE4SnJaaFNQbWZhSnZiUXNoTDR4SHN1Q0xVd0NyZUlVbS9pS0NaaDJxU0VzN0FX + R2p4U2RURThCSApCNEVpT3B6aU9aUXgvRG51NUhSLytMTUl1aE9nazl5WDFWSHJObnFONWY2TVdU + eWdscUJnSWpHN0NGQytpRG9zCmxXeWhEOUNBS2JXME9Mc3dwQ1Q2S0x6TzQ5eldnREVhRkFub3or + YjFZNUQyRmk4ZTdKVlN4Y05QNVlzQ3dZYXYKenBDQk96N2JWaUNUaUZsbkFJblhZaTRMbXcvcFN2 + N2c1NlZvalk0VWZWSlFHdzgxOHFhUGlaR1c2dWcwWDQ2UApKUnN5KzZydENNcytRYmFsS0U4Uzc0 + aE5oN3NRUU5LWFFmNHc4MWlRc3Z2TnJNTEhTa29WNGNjQ0F3RUFBYU5UCk1GRXdIUVlEVlIwT0JC + WUVGS2p1QjVRa2JpZWtGMWZUV2IrOEFaS3g2R1A1TUI4R0ExVWRJd1FZTUJhQUZLanUKQjVRa2Jp + ZWtGMWZUV2IrOEFaS3g2R1A1TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFF + TApCUUFEZ2dFQkFKQkg3a1hsQ0tZOE8rckVIRzE4RVZJT3ZsVnIrbzNuSVRwd3hKTkUydzlqMkFM + bkp3ZG8rMkJCClhQdVhYWElRbEErV1h5ZDR1V0tpaS91NDJrVzdsSzdKbmZtYkN4YVZFeE1Zd2Rx + WEE1QS81T2E0NzJocG5RaysKV25NbldKOGpZNUh6MzVZSHNsTExlY1VhRXBEY0ZvZGVSVkdvaGNi + a0pyVHQ5R1hndmRyN2NsM0tiKzRQb21PVwp3NTQxVDhsckU4ZHc1RU0ySlpadVJHcTJTbU1BZ29U + N1dLem1YbGVnUjVIbUsvYjZxMlRFV05GRnZxT2FLNmRCClNqYXd4YzlBMWdEcE5TZzkzR0JCcjBl + ZXF4Ylh3eCtzN3BNSS9JY0Y3NzdYWU9FbWQ2NjhIRU1yYVhXeThYdEMKN0daeXd6S0tZdXptaW93 + ZHpnQUVaRGI3Q09keVJUND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: | + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lVSFBOZlV5eWtM + emlldVYxRVhuQlRLZlgvUUlVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dURVhNQlVHQTFVRUF3d09N + VE13TGpFNU15NDBNaTR4T0RVd0hoY05Nakl3TmpBeE1USXlPVFEzV2hjTgpNak13TmpBeE1USXlP + VFEzV2pBWk1SY3dGUVlEVlFRRERBNHhNekF1TVRrekxqUXlMakU0TlRDQ0FTSXdEUVlKCktvWklo + dmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtQQlR2SlB1cVZManZUUno2OEVIRVB5bGp3bE10 + alkKRlJ1TUV1NUE4SnJaaFNQbWZhSnZiUXNoTDR4SHN1Q0xVd0NyZUlVbS9pS0NaaDJxU0VzN0FX + R2p4U2RURThCSApCNEVpT3B6aU9aUXgvRG51NUhSLytMTUl1aE9nazl5WDFWSHJObnFONWY2TVdU + eWdscUJnSWpHN0NGQytpRG9zCmxXeWhEOUNBS2JXME9Mc3dwQ1Q2S0x6TzQ5eldnREVhRkFub3or + YjFZNUQyRmk4ZTdKVlN4Y05QNVlzQ3dZYXYKenBDQk96N2JWaUNUaUZsbkFJblhZaTRMbXcvcFN2 + N2c1NlZvalk0VWZWSlFHdzgxOHFhUGlaR1c2dWcwWDQ2UApKUnN5KzZydENNcytRYmFsS0U4Uzc0 + aE5oN3NRUU5LWFFmNHc4MWlRc3Z2TnJNTEhTa29WNGNjQ0F3RUFBYU5UCk1GRXdIUVlEVlIwT0JC + WUVGS2p1QjVRa2JpZWtGMWZUV2IrOEFaS3g2R1A1TUI4R0ExVWRJd1FZTUJhQUZLanUKQjVRa2Jp + ZWtGMWZUV2IrOEFaS3g2R1A1TUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWklodmNOQVFF + TApCUUFEZ2dFQkFKQkg3a1hsQ0tZOE8rckVIRzE4RVZJT3ZsVnIrbzNuSVRwd3hKTkUydzlqMkFM + bkp3ZG8rMkJCClhQdVhYWElRbEErV1h5ZDR1V0tpaS91NDJrVzdsSzdKbmZtYkN4YVZFeE1Zd2Rx + WEE1QS81T2E0NzJocG5RaysKV25NbldKOGpZNUh6MzVZSHNsTExlY1VhRXBEY0ZvZGVSVkdvaGNi + a0pyVHQ5R1hndmRyN2NsM0tiKzRQb21PVwp3NTQxVDhsckU4ZHc1RU0ySlpadVJHcTJTbU1BZ29U + N1dLem1YbGVnUjVIbUsvYjZxMlRFV05GRnZxT2FLNmRCClNqYXd4YzlBMWdEcE5TZzkzR0JCcjBl + ZXF4Ylh3eCtzN3BNSS9JY0Y3NzdYWU9FbWQ2NjhIRU1yYVhXeThYdEMKN0daeXd6S0tZdXptaW93 + ZHpnQUVaRGI3Q09keVJUND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/kubernetes/reddit/tls.crt b/kubernetes/reddit/tls.crt new file mode 100644 index 0000000..3de44ec --- /dev/null +++ b/kubernetes/reddit/tls.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEzCCAfugAwIBAgIUHPNfUyykLzieuV1EXnBTKfX/QIUwDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOMTMwLjE5My40Mi4xODUwHhcNMjIwNjAxMTIyOTQ3WhcN +MjMwNjAxMTIyOTQ3WjAZMRcwFQYDVQQDDA4xMzAuMTkzLjQyLjE4NTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKPBTvJPuqVLjvTRz68EHEPyljwlMtjY +FRuMEu5A8JrZhSPmfaJvbQshL4xHsuCLUwCreIUm/iKCZh2qSEs7AWGjxSdTE8BH +B4EiOpziOZQx/Dnu5HR/+LMIuhOgk9yX1VHrNnqN5f6MWTyglqBgIjG7CFC+iDos +lWyhD9CAKbW0OLswpCT6KLzO49zWgDEaFAnoz+b1Y5D2Fi8e7JVSxcNP5YsCwYav +zpCBOz7bViCTiFlnAInXYi4Lmw/pSv7g56VojY4UfVJQGw818qaPiZGW6ug0X46P +JRsy+6rtCMs+QbalKE8S74hNh7sQQNKXQf4w81iQsvvNrMLHSkoV4ccCAwEAAaNT +MFEwHQYDVR0OBBYEFKjuB5QkbiekF1fTWb+8AZKx6GP5MB8GA1UdIwQYMBaAFKju +B5QkbiekF1fTWb+8AZKx6GP5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAJBH7kXlCKY8O+rEHG18EVIOvlVr+o3nITpwxJNE2w9j2ALnJwdo+2BB +XPuXXXIQlA+WXyd4uWKii/u42kW7lK7JnfmbCxaVExMYwdqXA5A/5Oa472hpnQk+ +WnMnWJ8jY5Hz35YHslLLecUaEpDcFodeRVGohcbkJrTt9GXgvdr7cl3Kb+4PomOW +w541T8lrE8dw5EM2JZZuRGq2SmMAgoT7WKzmXlegR5HmK/b6q2TEWNFFvqOaK6dB +Sjawxc9A1gDpNSg93GBBr0eeqxbXwx+s7pMI/IcF777XYOEmd668HEMraXWy8XtC +7GZywzKKYuzmiowdzgAEZDb7COdyRT4= +-----END CERTIFICATE----- diff --git a/kubernetes/reddit/tls.key b/kubernetes/reddit/tls.key new file mode 100644 index 0000000..db89bfa --- /dev/null +++ b/kubernetes/reddit/tls.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjwU7yT7qlS470 +0c+vBBxD8pY8JTLY2BUbjBLuQPCa2YUj5n2ib20LIS+MR7Lgi1MAq3iFJv4igmYd +qkhLOwFho8UnUxPARweBIjqc4jmUMfw57uR0f/izCLoToJPcl9VR6zZ6jeX+jFk8 +oJagYCIxuwhQvog6LJVsoQ/QgCm1tDi7MKQk+ii8zuPc1oAxGhQJ6M/m9WOQ9hYv +HuyVUsXDT+WLAsGGr86QgTs+21Ygk4hZZwCJ12IuC5sP6Ur+4OelaI2OFH1SUBsP +NfKmj4mRluroNF+OjyUbMvuq7QjLPkG2pShPEu+ITYe7EEDSl0H+MPNYkLL7zazC +x0pKFeHHAgMBAAECggEAJJfNAX7pkYh58KF2DIEZo+Fwyw3w994JkXdSv6UJX0Ee +bHBUQNkvf94xluJqyZy4tpyauP6GqcWD9jsYHp+X5m7HXstEzaHRvnycpnQzM7eb +yoJk0NfMBo37rukiQZg4Vi7+pJJTA/fu9QpZvorc+Un3SLvbC0ztMzImq4wIRg8d +UHXF9qiFdrGgRrBmw1arxqwoEXxvtbFS/MmNXqN+COMJESnRjBwXmoNUVszKmiZw +ZDy1Hum3ROc03AYjwv2unAxg0vPzjEtRTdXyMISOZGuhy+AvawSy8j8b/OgRY7Cu +cgSwufLRKYfFBJ8BmkwgV+A8a73nVjZx26eno+a5UQKBgQDUb5o5Yo0l6xnEudAV +ebFDsvVu9FSQ587qaD4SUbhrzlKyMPC9a6rGKWRUryWVBfNHAIlT5APV1k94FJba +mspIpf+2SthVxdRv93n+q4KJvGx2rwPVtW9RP6km49PPUUZAUf4qlWynTIcEuHGw +MphyjzU5uA7hYit9GY+XGosBvwKBgQDFVhMCe0WyDlzhmbR2A2gPZx8IHmhgF5fo +UXQI2I45yVbgLUCxlPyK2SN1VrjBAAmiiyw1GyzIRabieaKblSpdCBACA4paV6jl +pjZZo20XK1xxrgvTFlsjmp2HBldulgYFt1CJpPX0q9fgrkI6zvzA/qTyhqXhHuPk +xfs2dByR+QKBgQCmld2aom2NDo9mdU93h7Y6IFvWZkLqXt0jdBs4wlycLW8rzLT7 +1TJVsp+6yJ3v/nqHcyQ9ZNCdHzGyOHMTec6mqYWcrZR3rmqoYqiHzHbRC7ECYLvh +GiXw0LsUhBPUvycXyTRGsGZDyv8V9I0yXnqtWx+h43PHyfPQZfrzwxy+gQKBgFxb +wb/qlB8W68/G0ZheVcjHudVh7fXzdOyNmuI9AKv5GMkJRPsYQO53XEoh0Yy7CMdj +ncgpNNdzCf17cmig8tfh2yQmJg3Mc0cweMWRYJB0gerOy8f68aMDTXERvcALRTxN +pMsXQupFt174EBVYJSHqzKaZ8G8htwWux7mftHN5AoGBAMqneLTyTKEkj5JML82M +uE8vMP1EkrQkI85FLWh4ll4uiBgZu01GNfgTZprwMem4UeRRWQVGOij+emJXzGem +rDDtWUXOkVKZCQyDYa2KxDNkqtQqdeouypGDKo1oQNIBfaNXNp2V30KSduoglLMt +r6z7Wnh017XzFKom1/WZMaVU +-----END PRIVATE KEY----- diff --git a/kubernetes/reddit/ui-ingress.yml b/kubernetes/reddit/ui-ingress.yml new file mode 100644 index 0000000..d664b61 --- /dev/null +++ b/kubernetes/reddit/ui-ingress.yml @@ -0,0 +1,20 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ui-ingress + annotations: + kubernetes.io/ingress.allow-http: "false" +spec: + tls: + - secretName: ui-ingress + rules: + - http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: ui + port: + number: 9292 diff --git a/kubernetes/reddit/ui-service.yml b/kubernetes/reddit/ui-service.yml index 3726ac1..77d85ad 100644 --- a/kubernetes/reddit/ui-service.yml +++ b/kubernetes/reddit/ui-service.yml @@ -7,12 +7,11 @@ metadata: app: reddit component: ui spec: - type: NodePort # Главное отличие - тип сервиса NodePort + type: NodePort ports: - - nodePort: 32092 - port: 9292 + - port: 9292 protocol: TCP targetPort: 9292 selector: - app: reddit - component: ui + app: reddit + component: ui From 0d20b6250e3198ccac7779a8276311e6fe1e2348 Mon Sep 17 00:00:00 2001 From: oleg Date: Thu, 2 Jun 2022 19:32:16 +0300 Subject: [PATCH 2/2] HWfor30lesson --- kubernetes/reddit/mongo-claim-dynamic.yml | 1 + kubernetes/reddit/mongo-claim.yml | 1 + kubernetes/reddit/mongo-volume.yml | 1 + kubernetes/reddit/storage-fast.yml | 1 + 4 files changed, 4 insertions(+) create mode 100644 kubernetes/reddit/mongo-claim-dynamic.yml create mode 100644 kubernetes/reddit/mongo-claim.yml create mode 100644 kubernetes/reddit/mongo-volume.yml create mode 100644 kubernetes/reddit/storage-fast.yml diff --git a/kubernetes/reddit/mongo-claim-dynamic.yml b/kubernetes/reddit/mongo-claim-dynamic.yml new file mode 100644 index 0000000..430026b --- /dev/null +++ b/kubernetes/reddit/mongo-claim-dynamic.yml @@ -0,0 +1 @@ +#для тестов diff --git a/kubernetes/reddit/mongo-claim.yml b/kubernetes/reddit/mongo-claim.yml new file mode 100644 index 0000000..74519ef --- /dev/null +++ b/kubernetes/reddit/mongo-claim.yml @@ -0,0 +1 @@ +#пустой diff --git a/kubernetes/reddit/mongo-volume.yml b/kubernetes/reddit/mongo-volume.yml new file mode 100644 index 0000000..430026b --- /dev/null +++ b/kubernetes/reddit/mongo-volume.yml @@ -0,0 +1 @@ +#для тестов diff --git a/kubernetes/reddit/storage-fast.yml b/kubernetes/reddit/storage-fast.yml new file mode 100644 index 0000000..430026b --- /dev/null +++ b/kubernetes/reddit/storage-fast.yml @@ -0,0 +1 @@ +#для тестов