init

2021-05-06 15:02:42 +07:00
commit 05b0d36bb3
16 changed files with 260 additions and 0 deletions
--- a/App/docker/docker-compose.yaml
+++ b/App/docker/docker-compose.yaml
@@ -0,0 +1,13 @@
+version: '3.7'
+services:
+    app:
+        build: ./php
+        container_name: myapp
+        ports:
+          - 80:80
+        networks:
+            app_net:
+
+networks:
+  app_net:
+    name: app_net
--- a/App/docker/php/Dockerfile
+++ b/App/docker/php/Dockerfile
@@ -0,0 +1,19 @@
+FROM php:7.4-apache-buster
+MAINTAINER vasyakrg <vasyakrg@gmail.com>
+
+RUN apt-get update && apt-get install -y \
+        apt-transport-https \
+        curl \
+        wget \
+        git \
+        # && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \
+        && apt-get update && rm -rf /var/lib/apt/lists/*
+
+RUN rm /etc/apache2/sites-enabled/*
+COPY myapp.conf /etc/apache2/sites-available/myapp.conf
+RUN a2enmod rewrite headers && a2ensite myapp
+
+COPY myapp/ /var/www/
+
+WORKDIR /var/www
+# CMD ['apache2-foreground']
--- a/App/docker/php/build.sh
+++ b/App/docker/php/build.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build -t vasyakrg/php-app . && docker push vasyakrg/php-app
--- a/App/docker/php/myapp.conf
+++ b/App/docker/php/myapp.conf
@@ -0,0 +1,17 @@
+<VirtualHost *:80>
+    ServerName localhost
+    DocumentRoot /var/www
+    <Directory "/var/www">
+        DirectoryIndex index.html
+    </Directory>
+
+    ErrorLog /var/log/apache2/error.log
+    CustomLog /var/log/apache2/access.log combined
+
+    RewriteEngine On
+
+    RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}" !-f
+    RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}" !-d
+    RewriteRule "^" "/index.php" [L]
+
+</VirtualHost>
--- a/App/docker/php/myapp/index.php
+++ b/App/docker/php/myapp/index.php
@@ -0,0 +1,8 @@
+<html>
+ <head>
+  <title>Тестируем PHP</title>
+ </head>
+ <body>
+ <?php echo '<p>Привет, мир!</p>'; ?>
+ </body>
+</html>
--- a/App/kubernetes/deploy.yaml
+++ b/App/kubernetes/deploy.yaml
@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: myapp
+  labels:
+    app: myapp
+  name: myapp
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: myapp
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: myapp
+    spec:
+      hostname: app-pod
+      restartPolicy: Always
+      containers:
+        - name: app-fpm
+          image: vasyakrg/php-app
+          imagePullPolicy: Always
+          ports:
+          - containerPort: 80
--- a/App/kubernetes/ingress.yaml
+++ b/App/kubernetes/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: myapp
+  annotations:
+    cert-manager.io/cluster-issuer: orc-letsencrypt-issuer
+    nginx.ingress.kubernetes.io/proxy-body-size: 200m
+    nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
+  name: k8s-app
+spec:
+  rules:
+  - host: app.k8s-nsk.tk
+    http:
+      paths:
+      - pathType: Prefix
+        path: /
+        backend:
+          service:
+            name: app-service
+            port:
+              number: 80
+  tls:
+  - hosts:
+      - app.k8s-nsk.tk
+    secretName: app-k8s-nsk-tls
--- a/App/kubernetes/namespace.yaml
+++ b/App/kubernetes/namespace.yaml
@@ -0,0 +1,6 @@
+# kubetpl:syntax:$
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: myapp
--- a/App/kubernetes/service.yaml
+++ b/App/kubernetes/service.yaml
@@ -0,0 +1,13 @@
+# App
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: myapp
+  name: app-service
+spec:
+  ports:
+    - name: app-port
+      port: 80
+  selector:
+    app: myapp
+---
--- a/Cluster/.gitignore
+++ b/Cluster/.gitignore
@@ -0,0 +1,4 @@
+cluster.rkestate
+kube_config_cluster.yml
+tls/*.key
+tls/*.crt
--- a/Cluster/0-docker.sh
+++ b/Cluster/0-docker.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# to all nodes
+apt update && apt install -y curl && curl https://get.docker.com -o install.sh && sh install.sh
--- a/Cluster/1-rke.sh
+++ b/Cluster/1-rke.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# brew install rke
+# https://rancher.com/docs/rke/latest/en/installation/
+
+# create cluster
+rke up
--- a/Cluster/2-add-config.sh
+++ b/Cluster/2-add-config.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# add config file
+cat kube_config_cluster.yml > ~/.kube/k8s-hls
+
+# enable config auth
+export KUBECONFIG=$(find ~/.kube -maxdepth 1 -type f -name '*' | tr "\n" ":")
+
+# test auth to cluster
+kubectl get pods --all-namespaces
--- a/Cluster/3-init-certmanager.sh
+++ b/Cluster/3-init-certmanager.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Install the CustomResourceDefinition resources separately
+kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.crds.yaml
+
+# Create the namespace for cert-manager
+kubectl create namespace cert-manager
+
+# Add the Jetstack Helm repository
+helm repo add cert-manager https://charts.jetstack.io
+
+# Update your local Helm chart repository cache
+helm repo update
+
+helm upgrade --install \
+  cert-manager \
+  cert-manager/cert-manager \
+  --namespace cert-manager \
+  --version 1.3.1
+
+kubectl -n cert-manager rollout status deploy/cert-manager
+
+sleep 5
+
+kubectl apply -f certmanager/orc-letsencrypt-issuer.yaml
--- a/Cluster/certmanager/orc-letsencrypt-issuer.yaml
+++ b/Cluster/certmanager/orc-letsencrypt-issuer.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: orc-letsencrypt-issuer
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: vasyakrg@gmail.com
+    privateKeySecretRef:
+      name: orc-letsencrypt-private-key
+    solvers:
+    - selector: {}
+      http01:
+        ingress:
+          class: nginx
--- a/Cluster/cluster.yml
+++ b/Cluster/cluster.yml
@@ -0,0 +1,64 @@
+cluster_name: k8s-cluster
+name: k8s-cluster
+enable_cluster_alerting: false
+enable_cluster_monitoring: false
+ignore_docker_version: true
+kubernetes_version: v1.19.9-rancher1-1
+
+nodes:
+  - address: 65.21.148.66
+    internal_address: 10.0.0.3
+    hostname_override: node1
+    user: root
+    labels:
+      worker: yes
+      location: nsk
+    role: [controlplane, worker, etcd]
+  - address: 65.21.146.162
+    internal_address: 10.0.0.2
+    hostname_override: node2
+    user: root
+    labels:
+      worker: yes
+      location: nsk
+    role: [controlplane, worker, etcd]
+  - address: 65.21.149.204
+    internal_address: 10.0.0.4
+    hostname_override: node3
+    user: root
+    labels:
+      worker: yes
+      location: nsk
+    role: [controlplane, worker, etcd]
+
+services:
+  etcd:
+    snapshot: true
+    creation: 6h
+    retention: 30h
+  kube-controller:
+    extra_args:
+      terminated-pod-gc-threshold: 100
+  kubelet:
+    extra_args:
+      max-pods: 250
+  kube-api:
+    extra_args:
+      feature-gates: "ServiceAccountIssuerDiscovery=false,RemoveSelfLink=false"
+
+authentication:
+    strategy: x509
+    sans:
+      - "167.233.11.162"
+      - "rke.k8s-nsk.tk"
+
+dns:
+  provider: coredns
+  upstreamnameservers:
+  - 8.8.8.8
+  - 8.8.4.4
+
+ingress:
+  provider: nginx
+  options:
+    use-forwarded-headers: "true"