Тестируем PHP

commit 05b0d36bb34a360b8310b6c5a8bf859c2e5d6da8 Author: Vassiliy Yegorov Date: Thu May 6 15:02:42 2021 +0700 init diff --git a/App/docker/docker-compose.yaml b/App/docker/docker-compose.yaml new file mode 100644 index 0000000..0713113 --- /dev/null +++ b/App/docker/docker-compose.yaml @@ -0,0 +1,13 @@ +version: '3.7' +services: + app: + build: ./php + container_name: myapp + ports: + - 80:80 + networks: + app_net: + +networks: + app_net: + name: app_net diff --git a/App/docker/php/Dockerfile b/App/docker/php/Dockerfile new file mode 100644 index 0000000..d1170b8 --- /dev/null +++ b/App/docker/php/Dockerfile @@ -0,0 +1,19 @@ +FROM php:7.4-apache-buster +MAINTAINER vasyakrg + +RUN apt-get update && apt-get install -y \ + apt-transport-https \ + curl \ + wget \ + git \ + # && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ + && apt-get update && rm -rf /var/lib/apt/lists/* + +RUN rm /etc/apache2/sites-enabled/* +COPY myapp.conf /etc/apache2/sites-available/myapp.conf +RUN a2enmod rewrite headers && a2ensite myapp + +COPY myapp/ /var/www/ + +WORKDIR /var/www +# CMD ['apache2-foreground'] diff --git a/App/docker/php/build.sh b/App/docker/php/build.sh new file mode 100755 index 0000000..e956160 --- /dev/null +++ b/App/docker/php/build.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +docker build -t vasyakrg/php-app . && docker push vasyakrg/php-app diff --git a/App/docker/php/myapp.conf b/App/docker/php/myapp.conf new file mode 100644 index 0000000..fb78c12 --- /dev/null +++ b/App/docker/php/myapp.conf @@ -0,0 +1,17 @@ + + ServerName localhost + DocumentRoot /var/www + + DirectoryIndex index.html + + + ErrorLog /var/log/apache2/error.log + CustomLog /var/log/apache2/access.log combined + + RewriteEngine On + + RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}" !-f + RewriteCond "%{DOCUMENT_ROOT}%{REQUEST_FILENAME}" !-d + RewriteRule "^" "/index.php" [L] + + diff --git a/App/docker/php/myapp/index.php b/App/docker/php/myapp/index.php new file mode 100644 index 0000000..fade311 --- /dev/null +++ b/App/docker/php/myapp/index.php @@ -0,0 +1,8 @@ + + + Тестируем PHP + + + Привет, мир!

'; ?> + + diff --git a/App/kubernetes/deploy.yaml b/App/kubernetes/deploy.yaml new file mode 100644 index 0000000..f29f336 --- /dev/null +++ b/App/kubernetes/deploy.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: myapp + labels: + app: myapp + name: myapp +spec: + replicas: 1 + selector: + matchLabels: + app: myapp + strategy: + type: Recreate + template: + metadata: + labels: + app: myapp + spec: + hostname: app-pod + restartPolicy: Always + containers: + - name: app-fpm + image: vasyakrg/php-app + imagePullPolicy: Always + ports: + - containerPort: 80 diff --git a/App/kubernetes/ingress.yaml b/App/kubernetes/ingress.yaml new file mode 100644 index 0000000..2a3f0a6 --- /dev/null +++ b/App/kubernetes/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + namespace: myapp + annotations: + cert-manager.io/cluster-issuer: orc-letsencrypt-issuer + nginx.ingress.kubernetes.io/proxy-body-size: 200m + nginx.ingress.kubernetes.io/from-to-www-redirect: "true" + name: k8s-app +spec: + rules: + - host: app.k8s-nsk.tk + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: app-service + port: + number: 80 + tls: + - hosts: + - app.k8s-nsk.tk + secretName: app-k8s-nsk-tls diff --git a/App/kubernetes/namespace.yaml b/App/kubernetes/namespace.yaml new file mode 100644 index 0000000..4bb59c3 --- /dev/null +++ b/App/kubernetes/namespace.yaml @@ -0,0 +1,6 @@ +# kubetpl:syntax:$ + +apiVersion: v1 +kind: Namespace +metadata: + name: myapp diff --git a/App/kubernetes/service.yaml b/App/kubernetes/service.yaml new file mode 100644 index 0000000..9f703d4 --- /dev/null +++ b/App/kubernetes/service.yaml @@ -0,0 +1,13 @@ +# App +apiVersion: v1 +kind: Service +metadata: + namespace: myapp + name: app-service +spec: + ports: + - name: app-port + port: 80 + selector: + app: myapp +--- diff --git a/Cluster/.gitignore b/Cluster/.gitignore new file mode 100644 index 0000000..7b488c7 --- /dev/null +++ b/Cluster/.gitignore @@ -0,0 +1,4 @@ +cluster.rkestate +kube_config_cluster.yml +tls/*.key +tls/*.crt diff --git a/Cluster/0-docker.sh b/Cluster/0-docker.sh new file mode 100755 index 0000000..28252ba --- /dev/null +++ b/Cluster/0-docker.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +# to all nodes +apt update && apt install -y curl && curl https://get.docker.com -o install.sh && sh install.sh diff --git a/Cluster/1-rke.sh b/Cluster/1-rke.sh new file mode 100755 index 0000000..7865d1a --- /dev/null +++ b/Cluster/1-rke.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# brew install rke +# https://rancher.com/docs/rke/latest/en/installation/ + +# create cluster +rke up diff --git a/Cluster/2-add-config.sh b/Cluster/2-add-config.sh new file mode 100755 index 0000000..1aa3ec1 --- /dev/null +++ b/Cluster/2-add-config.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# add config file +cat kube_config_cluster.yml > ~/.kube/k8s-hls + +# enable config auth +export KUBECONFIG=$(find ~/.kube -maxdepth 1 -type f -name '*' | tr "\n" ":") + +# test auth to cluster +kubectl get pods --all-namespaces diff --git a/Cluster/3-init-certmanager.sh b/Cluster/3-init-certmanager.sh new file mode 100755 index 0000000..6dad744 --- /dev/null +++ b/Cluster/3-init-certmanager.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# Install the CustomResourceDefinition resources separately +kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.crds.yaml + +# Create the namespace for cert-manager +kubectl create namespace cert-manager + +# Add the Jetstack Helm repository +helm repo add cert-manager https://charts.jetstack.io + +# Update your local Helm chart repository cache +helm repo update + +helm upgrade --install \ + cert-manager \ + cert-manager/cert-manager \ + --namespace cert-manager \ + --version 1.3.1 + +kubectl -n cert-manager rollout status deploy/cert-manager + +sleep 5 + +kubectl apply -f certmanager/orc-letsencrypt-issuer.yaml diff --git a/Cluster/certmanager/orc-letsencrypt-issuer.yaml b/Cluster/certmanager/orc-letsencrypt-issuer.yaml new file mode 100644 index 0000000..9a3655b --- /dev/null +++ b/Cluster/certmanager/orc-letsencrypt-issuer.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: orc-letsencrypt-issuer +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: vasyakrg@gmail.com + privateKeySecretRef: + name: orc-letsencrypt-private-key + solvers: + - selector: {} + http01: + ingress: + class: nginx diff --git a/Cluster/cluster.yml b/Cluster/cluster.yml new file mode 100644 index 0000000..b109293 --- /dev/null +++ b/Cluster/cluster.yml @@ -0,0 +1,64 @@ +cluster_name: k8s-cluster +name: k8s-cluster +enable_cluster_alerting: false +enable_cluster_monitoring: false +ignore_docker_version: true +kubernetes_version: v1.19.9-rancher1-1 + +nodes: + - address: 65.21.148.66 + internal_address: 10.0.0.3 + hostname_override: node1 + user: root + labels: + worker: yes + location: nsk + role: [controlplane, worker, etcd] + - address: 65.21.146.162 + internal_address: 10.0.0.2 + hostname_override: node2 + user: root + labels: + worker: yes + location: nsk + role: [controlplane, worker, etcd] + - address: 65.21.149.204 + internal_address: 10.0.0.4 + hostname_override: node3 + user: root + labels: + worker: yes + location: nsk + role: [controlplane, worker, etcd] + +services: + etcd: + snapshot: true + creation: 6h + retention: 30h + kube-controller: + extra_args: + terminated-pod-gc-threshold: 100 + kubelet: + extra_args: + max-pods: 250 + kube-api: + extra_args: + feature-gates: "ServiceAccountIssuerDiscovery=false,RemoveSelfLink=false" + +authentication: + strategy: x509 + sans: + - "167.233.11.162" + - "rke.k8s-nsk.tk" + +dns: + provider: coredns + upstreamnameservers: + - 8.8.8.8 + - 8.8.4.4 + +ingress: + provider: nginx + options: + use-forwarded-headers: "true"