From f20679c7275b07dbd3952953fa18138a106f217b Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 11 Feb 2022 10:45:20 +0300 Subject: [PATCH 01/13] controlplane --- .github/workflows/macos-workflow.yml | 4 +- .github/workflows/make-kind-wf.yml | 27 ++++++ .github/workflows/ubuntu-kind-workflow.yml | 96 ++++++++++++++-------- .github/workflows/windows-workflow.yml | 5 +- app/kind-config.yaml | 1 + app/kind-example-config.yaml | 28 +++++++ app/multi-controlplane-kind-config.yaml | 31 +++++++ 7 files changed, 154 insertions(+), 38 deletions(-) create mode 100644 .github/workflows/make-kind-wf.yml create mode 100644 app/kind-example-config.yaml create mode 100644 app/multi-controlplane-kind-config.yaml diff --git a/.github/workflows/macos-workflow.yml b/.github/workflows/macos-workflow.yml index 6786bb4..79ea47b 100644 --- a/.github/workflows/macos-workflow.yml +++ b/.github/workflows/macos-workflow.yml @@ -3,11 +3,11 @@ name: "macos kind CI workflow" on: push: - branches: [ main ] + branches: [ test ] schedule: # https://crontab.guru/ # https://docs.github.com/en/actions/reference/events-that-trigger-workflows - - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month diff --git a/.github/workflows/make-kind-wf.yml b/.github/workflows/make-kind-wf.yml new file mode 100644 index 0000000..0c2ac7b --- /dev/null +++ b/.github/workflows/make-kind-wf.yml @@ -0,0 +1,27 @@ +name: "make kind CI workflow" + + +on: + push: + branches: [ test ] + schedule: + # https://crontab.guru/ + # https://docs.github.com/en/actions/reference/events-that-trigger-workflows + # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + + +jobs: + + + ubuntu-latest-kind-job: + name: "make kind ubuntu-latest job" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinting" + run: hostnamectl status + - name: "deploy kind" + run: sudo make deploy-kind + + + \ No newline at end of file diff --git a/.github/workflows/ubuntu-kind-workflow.yml b/.github/workflows/ubuntu-kind-workflow.yml index a20ed43..72920a9 100644 --- a/.github/workflows/ubuntu-kind-workflow.yml +++ b/.github/workflows/ubuntu-kind-workflow.yml @@ -3,11 +3,12 @@ name: "Ubuntu kind CI workflow" on: push: - branches: [ main ] + branches: [ test ] schedule: # https://crontab.guru/ # https://docs.github.com/en/actions/reference/events-that-trigger-workflows - - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + jobs: @@ -19,40 +20,67 @@ jobs: - uses: actions/checkout@v2 - name: "os fingerprinting" run: hostnamectl status - - name: "deploy kind" - run: sudo make deploy-kind - - name: "create cluster" - run: sudo kind create cluster --config=app/kind-config.yaml - - name: "kubectl cluster-info" - run: sudo kubectl cluster-info --context kind-kind + # https://kind.sigs.k8s.io/docs/user/quick-start/ + - name: "Installing From Release Binaries" + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 + chmod +x ./kind + mv ./kind /usr/local/bin/kind + kind create cluster # Default cluster context name is `kind`. + kind create cluster --name kind-2 + kind get clusters + kubectl cluster-info --context kind-kind + kubectl cluster-info --context kind-kind-2 + - name: "Installing From Release Binaries with cfg yaml" + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 + chmod +x ./kind + mv ./kind /usr/local/bin/kind + kind create cluster --config /app/kind-example-config.yaml + kind get clusters + # kubectl cluster-info --context kind-kind + # kubectl cluster-info --context kind-kind-2 + - name: "Installing From Release Binaries with cfg yaml multi controlplane" + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 + chmod +x ./kind + mv ./kind /usr/local/bin/kind + kind create cluster --config /app/kind-example-config.yaml + kind get clusters + # kubectl cluster-info --context kind-kind + # kubectl cluster-info --context kind-kind-2 + # - name: "create cluster" + # run: sudo kind create cluster --config=app/kind-config.yaml + # - name: "kubectl cluster-info" + # run: sudo kubectl cluster-info --context kind-kind - ubuntu-2004-job: - name: "ubuntu-20.04 minikube job" - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v2 - - name: "os fingerprinting" - run: hostnamectl status - - name: "deploy kind" - run: sudo make deploy-kind - - name: "create cluster" - run: sudo kind create cluster --config=app/kind-config.yaml - - name: "kubectl cluster-info" - run: sudo kubectl cluster-info --context kind-kind + # ubuntu-2004-job: + # name: "ubuntu-20.04 minikube job" + # runs-on: ubuntu-20.04 + # steps: + # - uses: actions/checkout@v2 + # - name: "os fingerprinting" + # run: hostnamectl status + # - name: "deploy kind" + # run: sudo make deploy-kind + # - name: "create cluster" + # run: sudo kind create cluster --config=app/kind-config.yaml + # - name: "kubectl cluster-info" + # run: sudo kubectl cluster-info --context kind-kind - ubuntu-1804-job: - name: "ubuntu-18.04 minikube job" - runs-on: ubuntu-18.04 - steps: - - uses: actions/checkout@v2 - - name: "os fingerprinting" - run: hostnamectl status - - name: "deploy kind" - run: sudo make deploy-kind - - name: "create cluster" - run: sudo kind create cluster --config=app/kind-config.yaml - - name: "kubectl cluster-info" - run: sudo kubectl cluster-info --context kind-kind + # ubuntu-1804-job: + # name: "ubuntu-18.04 minikube job" + # runs-on: ubuntu-18.04 + # steps: + # - uses: actions/checkout@v2 + # - name: "os fingerprinting" + # run: hostnamectl status + # - name: "deploy kind" + # run: sudo make deploy-kind + # - name: "create cluster" + # run: sudo kind create cluster --config=app/kind-config.yaml + # - name: "kubectl cluster-info" + # run: sudo kubectl cluster-info --context kind-kind #deprecated # ubuntu-1604-job: diff --git a/.github/workflows/windows-workflow.yml b/.github/workflows/windows-workflow.yml index ebde2ef..8dbc982 100644 --- a/.github/workflows/windows-workflow.yml +++ b/.github/workflows/windows-workflow.yml @@ -3,11 +3,12 @@ name: "windows kind CI workflow" on: push: - branches: [ main ] + branches: [ test ] schedule: # https://crontab.guru/ # https://docs.github.com/en/actions/reference/events-that-trigger-workflows - - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + diff --git a/app/kind-config.yaml b/app/kind-config.yaml index e23e5d0..06884a8 100644 --- a/app/kind-config.yaml +++ b/app/kind-config.yaml @@ -1,3 +1,4 @@ +# https://raw.githubusercontent.com/kubernetes-sigs/kind/main/site/content/docs/user/kind-example-config.yaml kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: diff --git a/app/kind-example-config.yaml b/app/kind-example-config.yaml new file mode 100644 index 0000000..6af62d7 --- /dev/null +++ b/app/kind-example-config.yaml @@ -0,0 +1,28 @@ +# this config file contains all config fields with comments +# NOTE: this is not a particularly useful config file +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +# patch the generated kubeadm config with some extra settings +kubeadmConfigPatches: +- | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + evictionHard: + nodefs.available: "0%" +# patch it further using a JSON 6902 patch +kubeadmConfigPatchesJSON6902: +- group: kubeadm.k8s.io + version: v1beta2 + kind: ClusterConfiguration + patch: | + - op: add + path: /apiServer/certSANs/- + value: my-hostname +# 1 control plane node and 3 workers +nodes: +# the control plane node config +- role: control-plane +# the three workers +- role: worker +- role: worker +- role: worker \ No newline at end of file diff --git a/app/multi-controlplane-kind-config.yaml b/app/multi-controlplane-kind-config.yaml new file mode 100644 index 0000000..ce9c858 --- /dev/null +++ b/app/multi-controlplane-kind-config.yaml @@ -0,0 +1,31 @@ +# https://raw.githubusercontent.com/kubernetes-sigs/kind/main/site/content/docs/user/kind-example-config.yaml +# this config file contains all config fields with comments +# NOTE: this is not a particularly useful config file +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +# patch the generated kubeadm config with some extra settings +kubeadmConfigPatches: +- | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + evictionHard: + nodefs.available: "0%" +# patch it further using a JSON 6902 patch +kubeadmConfigPatchesJSON6902: +- group: kubeadm.k8s.io + version: v1beta2 + kind: ClusterConfiguration + patch: | + - op: add + path: /apiServer/certSANs/- + value: my-hostname +# 1 control plane node and 3 workers +nodes: +# the control plane node config +- role: control-plane +- role: control-plane +- role: control-plane +# the three workers +- role: worker +- role: worker +- role: worker \ No newline at end of file From 4bc510c3737d555be32751fd961296838e776b62 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 11 Feb 2022 11:50:25 +0300 Subject: [PATCH 02/13] schedule --- .github/workflows/make-kind-wf.yml | 2 +- .github/workflows/ubuntu-kind-wf.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/make-kind-wf.yml b/.github/workflows/make-kind-wf.yml index 0c2ac7b..a272f24 100644 --- a/.github/workflows/make-kind-wf.yml +++ b/.github/workflows/make-kind-wf.yml @@ -4,7 +4,7 @@ name: "make kind CI workflow" on: push: branches: [ test ] - schedule: + # schedule: # https://crontab.guru/ # https://docs.github.com/en/actions/reference/events-that-trigger-workflows # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month diff --git a/.github/workflows/ubuntu-kind-wf.yml b/.github/workflows/ubuntu-kind-wf.yml index 965f68e..ceebe87 100644 --- a/.github/workflows/ubuntu-kind-wf.yml +++ b/.github/workflows/ubuntu-kind-wf.yml @@ -4,7 +4,7 @@ name: "kind Ubuntu CI workflow" on: push: branches: [ test ] - schedule: + # schedule: # https://crontab.guru/ # https://docs.github.com/en/actions/reference/events-that-trigger-workflows # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month From d36f029880e89a4122b3bc1768f2f753bbab03ab Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 11 Feb 2022 13:51:13 +0300 Subject: [PATCH 03/13] ls --- .github/workflows/ubuntu-kind-wf.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ubuntu-kind-wf.yml b/.github/workflows/ubuntu-kind-wf.yml index ceebe87..da29395 100644 --- a/.github/workflows/ubuntu-kind-wf.yml +++ b/.github/workflows/ubuntu-kind-wf.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: "os fingerprinting" + - name: "os fingerprinti ng" run: hostnamectl status # https://kind.sigs.k8s.io/docs/user/quick-start/ - name: "Installing From Release Binaries" @@ -35,8 +35,9 @@ jobs: run: | curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 chmod +x ./kind - mv ./kind /usr/local/bin/kind - kind create cluster --config /app/kind-example-config.yaml + mv ./kind /usr/local/bin/kind + ls -lai + kind create cluster --config app/kind-example-config.yaml kind get clusters # kubectl cluster-info --context kind-kind # kubectl cluster-info --context kind-kind-2 From c0c50da0191cb1fffea5f437e32a3f48638ec4f7 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 11 Feb 2022 13:54:46 +0300 Subject: [PATCH 04/13] worker --- .github/workflows/ubuntu-kind-wf.yml | 1 - app/kind-example-config.yaml | 6 +++--- scripts/deploy-kind.sh | 10 ++++++++++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ubuntu-kind-wf.yml b/.github/workflows/ubuntu-kind-wf.yml index da29395..6ca5ff5 100644 --- a/.github/workflows/ubuntu-kind-wf.yml +++ b/.github/workflows/ubuntu-kind-wf.yml @@ -36,7 +36,6 @@ jobs: curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 chmod +x ./kind mv ./kind /usr/local/bin/kind - ls -lai kind create cluster --config app/kind-example-config.yaml kind get clusters # kubectl cluster-info --context kind-kind diff --git a/app/kind-example-config.yaml b/app/kind-example-config.yaml index 6af62d7..4b07ba2 100644 --- a/app/kind-example-config.yaml +++ b/app/kind-example-config.yaml @@ -23,6 +23,6 @@ nodes: # the control plane node config - role: control-plane # the three workers -- role: worker -- role: worker -- role: worker \ No newline at end of file +- role: worker-1 +- role: worker-2 +- role: worker-3 \ No newline at end of file diff --git a/scripts/deploy-kind.sh b/scripts/deploy-kind.sh index 2ea7d44..c3a9d80 100644 --- a/scripts/deploy-kind.sh +++ b/scripts/deploy-kind.sh @@ -15,7 +15,17 @@ curl -Lo ./kind https://kind.sigs.k8s.io/dl/v$KIND_VERSION/kind-$(uname)-amd64 chmod +x ./kind mv ./kind /usr/local/bin/kind +# create two clusters +kind create cluster # Default cluster context name is `kind`. +kind create cluster --name kind-2 + kind get clusters #see the list of kind clusters + +kubectl cluster-info --context kind-kind +kubectl cluster-info --context kind-kind-2 + kubectl config get-contexts #kind is prefixed to the context and cluster names, for example: kind-istio-testing +kind delete kind-2 + echo "=============================deploy kind=============================================================" \ No newline at end of file From e6a7065eecf1bae4497adca16e8871d478cd9577 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 11 Feb 2022 14:03:07 +0300 Subject: [PATCH 05/13] init --- .github/workflows/ubuntu-kind-wf.yml | 20 ++++++++++++++++++-- app/kind-example-config.yaml | 6 +++--- scripts/deploy-kind.sh | 4 +++- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ubuntu-kind-wf.yml b/.github/workflows/ubuntu-kind-wf.yml index 6ca5ff5..335ff19 100644 --- a/.github/workflows/ubuntu-kind-wf.yml +++ b/.github/workflows/ubuntu-kind-wf.yml @@ -12,8 +12,7 @@ on: jobs: - - ubuntu-latest-kind-job: + kind-binary-ubuntu-latest-job: name: "ubuntu-latest kind job" runs-on: ubuntu-latest steps: @@ -31,6 +30,15 @@ jobs: kind get clusters kubectl cluster-info --context kind-kind kubectl cluster-info --context kind-kind-2 + + kind-binary-cfg-ubuntu-latest-job: + name: "ubuntu-latest kind job" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinti ng" + run: hostnamectl status + # https://kind.sigs.k8s.io/docs/user/quick-start/ - name: "Installing From Release Binaries with cfg yaml" run: | curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 @@ -40,6 +48,14 @@ jobs: kind get clusters # kubectl cluster-info --context kind-kind # kubectl cluster-info --context kind-kind-2 + + kind-binary-cfg-multi-controlplane-ubuntu-latest-job: + name: "ubuntu-latest kind job" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinti ng" + run: hostnamectl status - name: "Installing From Release Binaries with cfg yaml multi controlplane" run: | curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 diff --git a/app/kind-example-config.yaml b/app/kind-example-config.yaml index 4b07ba2..6af62d7 100644 --- a/app/kind-example-config.yaml +++ b/app/kind-example-config.yaml @@ -23,6 +23,6 @@ nodes: # the control plane node config - role: control-plane # the three workers -- role: worker-1 -- role: worker-2 -- role: worker-3 \ No newline at end of file +- role: worker +- role: worker +- role: worker \ No newline at end of file diff --git a/scripts/deploy-kind.sh b/scripts/deploy-kind.sh index c3a9d80..908a975 100644 --- a/scripts/deploy-kind.sh +++ b/scripts/deploy-kind.sh @@ -26,6 +26,8 @@ kubectl cluster-info --context kind-kind-2 kubectl config get-contexts #kind is prefixed to the context and cluster names, for example: kind-istio-testing -kind delete kind-2 +# Deleting a Cluster +kind delete cluster kind-2 +kind get clusters #see the list of kind clusters echo "=============================deploy kind=============================================================" \ No newline at end of file From a99924cb7a09ca914d1270c28e22738e32822a3a Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 11 Feb 2022 14:13:23 +0300 Subject: [PATCH 06/13] context --- .github/workflows/ubuntu-kind-wf.yml | 11 ++++++----- scripts/deploy-kind.sh | 4 +++- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ubuntu-kind-wf.yml b/.github/workflows/ubuntu-kind-wf.yml index 335ff19..07819ac 100644 --- a/.github/workflows/ubuntu-kind-wf.yml +++ b/.github/workflows/ubuntu-kind-wf.yml @@ -13,7 +13,7 @@ on: jobs: kind-binary-ubuntu-latest-job: - name: "ubuntu-latest kind job" + name: "Installing From Release Binaries ubuntu-latest job" runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -25,14 +25,15 @@ jobs: curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 chmod +x ./kind mv ./kind /usr/local/bin/kind - kind create cluster # Default cluster context name is `kind`. + # Default cluster context name is `kind`. + kind create cluster kind create cluster --name kind-2 kind get clusters kubectl cluster-info --context kind-kind kubectl cluster-info --context kind-kind-2 kind-binary-cfg-ubuntu-latest-job: - name: "ubuntu-latest kind job" + name: "Installing From Release Binaries with cfg yaml ubuntu-latest job" runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -50,7 +51,7 @@ jobs: # kubectl cluster-info --context kind-kind-2 kind-binary-cfg-multi-controlplane-ubuntu-latest-job: - name: "ubuntu-latest kind job" + name: "Installing From Release Binaries with cfg yaml multi controlplane ubuntu-latest job" runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -61,7 +62,7 @@ jobs: curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 chmod +x ./kind mv ./kind /usr/local/bin/kind - kind create cluster --config /app/kind-example-config.yaml + kind create cluster --config app/kind-example-config.yaml kind get clusters # kubectl cluster-info --context kind-kind # kubectl cluster-info --context kind-kind-2 diff --git a/scripts/deploy-kind.sh b/scripts/deploy-kind.sh index 908a975..aab0c88 100644 --- a/scripts/deploy-kind.sh +++ b/scripts/deploy-kind.sh @@ -17,6 +17,7 @@ mv ./kind /usr/local/bin/kind # create two clusters kind create cluster # Default cluster context name is `kind`. +# If the flag --name is not specified, kind will use the default cluster context name kind kind create cluster --name kind-2 kind get clusters #see the list of kind clusters @@ -27,7 +28,8 @@ kubectl cluster-info --context kind-kind-2 kubectl config get-contexts #kind is prefixed to the context and cluster names, for example: kind-istio-testing # Deleting a Cluster -kind delete cluster kind-2 +# If the flag --name is not specified, kind will use the default cluster context name kind +kind delete cluster --name kind-2 kind get clusters #see the list of kind clusters echo "=============================deploy kind=============================================================" \ No newline at end of file From 3e691763b6b9c7a7633fc7825a9374854119f811 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 11 Feb 2022 14:37:27 +0300 Subject: [PATCH 07/13] docker --- .github/workflows/ubuntu-kind-wf.yml | 8 +++++--- scripts/deploy-kind.sh | 15 ++++++++++++++- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ubuntu-kind-wf.yml b/.github/workflows/ubuntu-kind-wf.yml index 07819ac..882bfb6 100644 --- a/.github/workflows/ubuntu-kind-wf.yml +++ b/.github/workflows/ubuntu-kind-wf.yml @@ -27,10 +27,12 @@ jobs: mv ./kind /usr/local/bin/kind # Default cluster context name is `kind`. kind create cluster - kind create cluster --name kind-2 - kind get clusters + kind create cluster --name kind-3 + kind get clusters + #kind is prefixed to the context and cluster names, for example: kind-istio-testing + kubectl config get-contexts kubectl cluster-info --context kind-kind - kubectl cluster-info --context kind-kind-2 + kubectl cluster-info --context kind-kind-3 kind-binary-cfg-ubuntu-latest-job: name: "Installing From Release Binaries with cfg yaml ubuntu-latest job" diff --git a/scripts/deploy-kind.sh b/scripts/deploy-kind.sh index aab0c88..6258341 100644 --- a/scripts/deploy-kind.sh +++ b/scripts/deploy-kind.sh @@ -22,14 +22,27 @@ kind create cluster --name kind-2 kind get clusters #see the list of kind clusters +#kind is prefixed to the context and cluster names, for example: kind-istio-testing +kubectl config get-contexts + kubectl cluster-info --context kind-kind kubectl cluster-info --context kind-kind-2 -kubectl config get-contexts #kind is prefixed to the context and cluster names, for example: kind-istio-testing +# extract the detailed information about a cluster +kubectl cluster-info dump --context kind-kind +kubectl cluster-info dump --context kind-kind-2 + + # Deleting a Cluster # If the flag --name is not specified, kind will use the default cluster context name kind kind delete cluster --name kind-2 kind get clusters #see the list of kind clusters +docker ps +kubectl get nodes + +kubectl get namespaces +kubectl --namespace kube-system get pods + echo "=============================deploy kind=============================================================" \ No newline at end of file From 4d0dade5e392409990cd6cac2c7d181bcf5f874d Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 11 Feb 2022 14:44:11 +0300 Subject: [PATCH 08/13] init --- .github/workflows/ubuntu-kind-wf.yml | 12 +++--- app/baeldung-service.yaml | 41 +++++++++++++++++++ {app => platform}/kind-config.yaml | 0 {app => platform}/kind-example-config.yaml | 0 .../multi-controlplane-kind-config.yaml | 0 scripts/deploy-kind.sh | 21 +++++++++- 6 files changed, 67 insertions(+), 7 deletions(-) create mode 100644 app/baeldung-service.yaml rename {app => platform}/kind-config.yaml (100%) rename {app => platform}/kind-example-config.yaml (100%) rename {app => platform}/multi-controlplane-kind-config.yaml (100%) diff --git a/.github/workflows/ubuntu-kind-wf.yml b/.github/workflows/ubuntu-kind-wf.yml index 882bfb6..7cb9853 100644 --- a/.github/workflows/ubuntu-kind-wf.yml +++ b/.github/workflows/ubuntu-kind-wf.yml @@ -47,7 +47,7 @@ jobs: curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 chmod +x ./kind mv ./kind /usr/local/bin/kind - kind create cluster --config app/kind-example-config.yaml + kind create cluster --config platform/kind-example-config.yaml kind get clusters # kubectl cluster-info --context kind-kind # kubectl cluster-info --context kind-kind-2 @@ -64,12 +64,12 @@ jobs: curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 chmod +x ./kind mv ./kind /usr/local/bin/kind - kind create cluster --config app/kind-example-config.yaml + kind create cluster --config platform/kind-example-config.yaml kind get clusters # kubectl cluster-info --context kind-kind # kubectl cluster-info --context kind-kind-2 # - name: "create cluster" - # run: sudo kind create cluster --config=app/kind-config.yaml + # run: sudo kind create cluster --config=platform/kind-config.yaml # - name: "kubectl cluster-info" # run: sudo kubectl cluster-info --context kind-kind @@ -83,7 +83,7 @@ jobs: # - name: "deploy kind" # run: sudo make deploy-kind # - name: "create cluster" - # run: sudo kind create cluster --config=app/kind-config.yaml + # run: sudo kind create cluster --config=platform/kind-config.yaml # - name: "kubectl cluster-info" # run: sudo kubectl cluster-info --context kind-kind @@ -97,7 +97,7 @@ jobs: # - name: "deploy kind" # run: sudo make deploy-kind # - name: "create cluster" - # run: sudo kind create cluster --config=app/kind-config.yaml + # run: sudo kind create cluster --config=platform/kind-config.yaml # - name: "kubectl cluster-info" # run: sudo kubectl cluster-info --context kind-kind @@ -112,7 +112,7 @@ jobs: # - name: "deploy kind" # run: sudo make deploy-kind # - name: "create cluster" - # run: sudo kind create cluster --config=app/kind-config.yaml + # run: sudo kind create cluster --config=platform/kind-config.yaml # - name: "kubectl cluster-info" # run: sudo kubectl cluster-info --context kind-kind diff --git a/app/baeldung-service.yaml b/app/baeldung-service.yaml new file mode 100644 index 0000000..7a62cea --- /dev/null +++ b/app/baeldung-service.yaml @@ -0,0 +1,41 @@ +freestar + +kind: Pod +apiVersion: v1 +metadata: + name: baeldung-app + labels: + app: baeldung-app +spec: + containers: + - name: baeldung-app + image: hashicorp/http-echo:0.2.3 + args: + - "-text=Hello World! This is a Baeldung Kubernetes with kind App" +--- +kind: Service +apiVersion: v1 +metadata: + name: baeldung-service +spec: + selector: + app: baeldung-app + ports: + # Default port used by the image + - port: 5678 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: baeldung-ingress +spec: + rules: + - http: + paths: + - pathType: Prefix + path: "/baeldung" + backend: + service: + name: baeldung-service + port: + number: 5678 \ No newline at end of file diff --git a/app/kind-config.yaml b/platform/kind-config.yaml similarity index 100% rename from app/kind-config.yaml rename to platform/kind-config.yaml diff --git a/app/kind-example-config.yaml b/platform/kind-example-config.yaml similarity index 100% rename from app/kind-example-config.yaml rename to platform/kind-example-config.yaml diff --git a/app/multi-controlplane-kind-config.yaml b/platform/multi-controlplane-kind-config.yaml similarity index 100% rename from app/multi-controlplane-kind-config.yaml rename to platform/multi-controlplane-kind-config.yaml diff --git a/scripts/deploy-kind.sh b/scripts/deploy-kind.sh index 6258341..8418871 100644 --- a/scripts/deploy-kind.sh +++ b/scripts/deploy-kind.sh @@ -45,4 +45,23 @@ kubectl get nodes kubectl get namespaces kubectl --namespace kube-system get pods -echo "=============================deploy kind=============================================================" \ No newline at end of file +echo "=============================deploy kind=============================================================" +echo "=============================deploy nginx=============================================================" + +# deploy the Kubernetes supported ingress NGINX controller to work as a reverse proxy and load balancer: +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml + +# Deploying a Service Locally +# use a simple http-echo web server available as a docker image. +# https://hub.docker.com/r/hashicorp/http-echo/ + +# deploy service +# cluster integrates with the ingress NGINX controller +kubectl apply -f baeldung-service.yaml +# check the status of the services +kubectl get services + +# test +curl localhost/baeldung + +echo "=============================deploy nginx=============================================================" \ No newline at end of file From 7a81e0adae283148cece604f1772023bac717ead Mon Sep 17 00:00:00 2001 From: circle travis Date: Thu, 24 Feb 2022 13:32:50 +0300 Subject: [PATCH 09/13] init --- .github/workflows/seccomp-wf.yml | 43 ++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/seccomp-wf.yml diff --git a/.github/workflows/seccomp-wf.yml b/.github/workflows/seccomp-wf.yml new file mode 100644 index 0000000..c0b9eb3 --- /dev/null +++ b/.github/workflows/seccomp-wf.yml @@ -0,0 +1,43 @@ +name: "seccomp kind Ubuntu CI workflow" + + +on: + push: + branches: [ test ] + # schedule: + # https://crontab.guru/ + # https://docs.github.com/en/actions/reference/events-that-trigger-workflows + # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + + +jobs: + +# https://kubernetes.io/docs/tutorials/security/seccomp/ + seccomp-kind-ubuntu-latest-job: + name: "Restrict a Container's Syscalls with seccomp job" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinti ng" + run: hostnamectl status + # https://kind.sigs.k8s.io/docs/user/quick-start/ + - name: "Installing From Release Binaries" + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 + chmod +x ./kind + mv ./kind /usr/local/bin/kind + # Default cluster context name is `kind`. + kind create cluster + kind create cluster --name kind-3 + kind get clusters + #kind is prefixed to the context and cluster names, for example: kind-istio-testing + kubectl config get-contexts + kubectl cluster-info --context kind-kind + kubectl cluster-info --context kind-kind-3 + mkdir ./profiles + curl -L -o profiles/audit.json https://k8s.io/examples/pods/security/seccomp/profiles/audit.json + curl -L -o profiles/violation.json https://k8s.io/examples/pods/security/seccomp/profiles/violation.json + curl -L -o profiles/fine-grained.json https://k8s.io/examples/pods/security/seccomp/profiles/fine-grained.json + ls profiles + + \ No newline at end of file From c176aa06df700e2d3624b816c032a1a449ef4140 Mon Sep 17 00:00:00 2001 From: circle travis Date: Thu, 24 Feb 2022 13:35:30 +0300 Subject: [PATCH 10/13] docker --- .github/workflows/seccomp-wf.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/seccomp-wf.yml b/.github/workflows/seccomp-wf.yml index c0b9eb3..0702a6a 100644 --- a/.github/workflows/seccomp-wf.yml +++ b/.github/workflows/seccomp-wf.yml @@ -21,23 +21,26 @@ jobs: - name: "os fingerprinti ng" run: hostnamectl status # https://kind.sigs.k8s.io/docs/user/quick-start/ - - name: "Installing From Release Binaries" + - name: "Download example seccomp profiles" run: | curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 chmod +x ./kind mv ./kind /usr/local/bin/kind # Default cluster context name is `kind`. kind create cluster - kind create cluster --name kind-3 kind get clusters - #kind is prefixed to the context and cluster names, for example: kind-istio-testing kubectl config get-contexts kubectl cluster-info --context kind-kind - kubectl cluster-info --context kind-kind-3 mkdir ./profiles curl -L -o profiles/audit.json https://k8s.io/examples/pods/security/seccomp/profiles/audit.json curl -L -o profiles/violation.json https://k8s.io/examples/pods/security/seccomp/profiles/violation.json curl -L -o profiles/fine-grained.json https://k8s.io/examples/pods/security/seccomp/profiles/fine-grained.json ls profiles + curl -L -O https://k8s.io/examples/pods/security/seccomp/kind.yaml + kind create cluster --config=kind.yaml + kind get clusters + kubectl config get-contexts + # kubectl cluster-info --context kind-kind + docker ps \ No newline at end of file From 52d4a6cc37ae74522ae5aaaf15055b7af83f32cd Mon Sep 17 00:00:00 2001 From: circle travis Date: Thu, 24 Feb 2022 13:39:43 +0300 Subject: [PATCH 11/13] init --- .github/workflows/psa-wf.yml | 39 ++++++++++++++++++++++++++++++++ .github/workflows/seccomp-wf.yml | 8 +++---- 2 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/psa-wf.yml diff --git a/.github/workflows/psa-wf.yml b/.github/workflows/psa-wf.yml new file mode 100644 index 0000000..ad4996e --- /dev/null +++ b/.github/workflows/psa-wf.yml @@ -0,0 +1,39 @@ +name: "Pod Security Standards kind Ubuntu CI workflow" + + +on: + push: + branches: [ test ] + # schedule: + # https://crontab.guru/ + # https://docs.github.com/en/actions/reference/events-that-trigger-workflows + # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + + +jobs: + +# https://kubernetes.io/docs/tutorials/security/cluster-level-pss/ + psa-kind-ubuntu-latest-job: + name: "Restrict a Container's Syscalls with seccomp job" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinti ng" + run: hostnamectl status + # https://kind.sigs.k8s.io/docs/user/quick-start/ + - name: "Apply Pod Security Standards at the Cluster Level" + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 + chmod +x ./kind + mv ./kind /usr/local/bin/kind + # Default cluster context name is `kind`. + # kind create cluster + # kind get clusters + # kubectl config get-contexts + # kubectl cluster-info --context kind-kind + # Create a cluster with no Pod Security Standards applied: + kind create cluster --name psa-wo-cluster-pss --image kindest/node:v1.23.0 + kind get clusters + kubectl config get-contexts + # kubectl cluster-info --context kind-kind + \ No newline at end of file diff --git a/.github/workflows/seccomp-wf.yml b/.github/workflows/seccomp-wf.yml index 0702a6a..06e76b4 100644 --- a/.github/workflows/seccomp-wf.yml +++ b/.github/workflows/seccomp-wf.yml @@ -27,10 +27,10 @@ jobs: chmod +x ./kind mv ./kind /usr/local/bin/kind # Default cluster context name is `kind`. - kind create cluster - kind get clusters - kubectl config get-contexts - kubectl cluster-info --context kind-kind + # kind create cluster + # kind get clusters + # kubectl config get-contexts + # kubectl cluster-info --context kind-kind mkdir ./profiles curl -L -o profiles/audit.json https://k8s.io/examples/pods/security/seccomp/profiles/audit.json curl -L -o profiles/violation.json https://k8s.io/examples/pods/security/seccomp/profiles/violation.json From 05249e044c794c371ab039598ed253c37fec335b Mon Sep 17 00:00:00 2001 From: circle travis Date: Thu, 24 Feb 2022 13:47:50 +0300 Subject: [PATCH 12/13] appamor --- .github/workflows/apparmor-wf.yml | 40 ++++++++++++++++++ .../{psa-wf.yml => psa-cluster-wf.yml} | 8 ++-- .github/workflows/psa-namespace-wf.yml | 41 +++++++++++++++++++ 3 files changed, 85 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/apparmor-wf.yml rename .github/workflows/{psa-wf.yml => psa-cluster-wf.yml} (84%) create mode 100644 .github/workflows/psa-namespace-wf.yml diff --git a/.github/workflows/apparmor-wf.yml b/.github/workflows/apparmor-wf.yml new file mode 100644 index 0000000..64acfce --- /dev/null +++ b/.github/workflows/apparmor-wf.yml @@ -0,0 +1,40 @@ +name: "apparmor kind Ubuntu CI workflow" + + +on: + push: + branches: [ test ] + # schedule: + # https://crontab.guru/ + # https://docs.github.com/en/actions/reference/events-that-trigger-workflows + # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + + +jobs: + +# https://kubernetes.io/docs/tutorials/security/apparmor/ + seccomp-kind-ubuntu-latest-job: + name: "Restrict a Container's Access to Resources with AppArmor job" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinti ng" + run: hostnamectl status + # https://kind.sigs.k8s.io/docs/user/quick-start/ + - name: "Restrict a Container's Access to Resources with AppArmor" + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 + chmod +x ./kind + mv ./kind /usr/local/bin/kind + # Default cluster context name is `kind`. + kind create cluster + kind get clusters + kubectl config get-contexts + kubectl cluster-info --context kind-kind + docker ps + # Kubernetes version is at least v1.4 -- Kubernetes support for AppArmor was added in v1.4. + # verify the Kubelet version of nodes + kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {@.status.nodeInfo.kubeletVersion}\n{end}' + # check whether the module is enabled + cat /sys/module/apparmor/parameters/enabled + \ No newline at end of file diff --git a/.github/workflows/psa-wf.yml b/.github/workflows/psa-cluster-wf.yml similarity index 84% rename from .github/workflows/psa-wf.yml rename to .github/workflows/psa-cluster-wf.yml index ad4996e..9dfdb3f 100644 --- a/.github/workflows/psa-wf.yml +++ b/.github/workflows/psa-cluster-wf.yml @@ -1,4 +1,4 @@ -name: "Pod Security Standards kind Ubuntu CI workflow" +name: "Pod Security Standards Cluster Level workflow" on: @@ -13,8 +13,8 @@ on: jobs: # https://kubernetes.io/docs/tutorials/security/cluster-level-pss/ - psa-kind-ubuntu-latest-job: - name: "Restrict a Container's Syscalls with seccomp job" + psa-cluster-kind-ubuntu-latest-job: + name: "Apply Pod Security Standards at the Cluster Level" runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -35,5 +35,5 @@ jobs: kind create cluster --name psa-wo-cluster-pss --image kindest/node:v1.23.0 kind get clusters kubectl config get-contexts - # kubectl cluster-info --context kind-kind + kubectl cluster-info --context kind-psa-wo-cluster-pss \ No newline at end of file diff --git a/.github/workflows/psa-namespace-wf.yml b/.github/workflows/psa-namespace-wf.yml new file mode 100644 index 0000000..64a67a2 --- /dev/null +++ b/.github/workflows/psa-namespace-wf.yml @@ -0,0 +1,41 @@ +name: "Pod Security Standards Namespace Level workflow" + + +on: + push: + branches: [ test ] + # schedule: + # https://crontab.guru/ + # https://docs.github.com/en/actions/reference/events-that-trigger-workflows + # - cron: '0 0 * * FRI' ##execution of a task in the first minute of the month + + +jobs: + +# https://kubernetes.io/docs/tutorials/security/ns-level-pss/ + psa-namespace-kind-ubuntu-latest-job: + name: "Apply Pod Security Standards at the Namespace Level" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: "os fingerprinti ng" + run: hostnamectl status + # https://kind.sigs.k8s.io/docs/user/quick-start/ + - name: "Apply Pod Security Standards at the Cluster Level" + run: | + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 + chmod +x ./kind + mv ./kind /usr/local/bin/kind + # Default cluster context name is `kind`. + # kind create cluster + # kind get clusters + # kubectl config get-contexts + # kubectl cluster-info --context kind-kind + # Create a cluster with no Pod Security Standards applied: + kind create cluster --name psa-ns-level --image kindest/node:v1.23.0 + kind get clusters + kubectl config get-contexts + kubectl cluster-info --context kind-psa-ns-level + # kubectl cluster-info --context kind-kind + kubectl create ns example + \ No newline at end of file From 3e4893a04b61c7d844162a6c4f84cd48acd95061 Mon Sep 17 00:00:00 2001 From: circle travis Date: Thu, 24 Feb 2022 14:19:37 +0300 Subject: [PATCH 13/13] enabled --- .github/workflows/apparmor-wf.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/apparmor-wf.yml b/.github/workflows/apparmor-wf.yml index 64acfce..861d06a 100644 --- a/.github/workflows/apparmor-wf.yml +++ b/.github/workflows/apparmor-wf.yml @@ -35,6 +35,8 @@ jobs: # Kubernetes version is at least v1.4 -- Kubernetes support for AppArmor was added in v1.4. # verify the Kubelet version of nodes kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {@.status.nodeInfo.kubeletVersion}\n{end}' - # check whether the module is enabled + # check whether the apparmor module is enabled cat /sys/module/apparmor/parameters/enabled + # verify AppArmor support on nodes by checking the node ready condition message + kubectl get nodes -o=jsonpath=$'{range .items[*]}{@.metadata.name}: {.status.conditions[?(@.reason=="KubeletReady")].message}\n{end}' \ No newline at end of file