From f44beb51a90bbf51f26f37a19391f776ce6cdc8b Mon Sep 17 00:00:00 2001 From: Marsel Ibraev Date: Fri, 24 Sep 2021 11:51:02 +0300 Subject: [PATCH] Add basic info --- lecture/.gitkeep | 0 .../README.md | 127 +++ practice/11.local-development/README.md | 96 ++ practice/11.local-development/app/Dockerfile | 8 + practice/11.local-development/app/app.py | 26 + .../app/kube/deployment.yaml | 31 + .../app/kube/service.yaml | 11 + .../11.local-development/app/requirements.txt | 5 + practice/12.application-debug/.gitkeep | 0 practice/12.application-debug/README.md | 51 + practice/12.application-debug/deployment.yaml | 22 + practice/13.templating/README.md | 414 +++++++++ practice/13.templating/homework/.gitkeep | 0 .../homework/bad_deployment.yaml | 50 + .../homework/bad_deployment.yaml_otvet | 53 ++ practice/13.templating/libchart/.helmignore | 23 + practice/13.templating/libchart/Chart.yaml | 13 + .../libchart/templates/_configmap.yaml | 10 + .../libchart/templates/_util.yaml | 13 + practice/13.templating/mychart/.helmignore | 23 + practice/13.templating/mychart/Chart.lock | 6 + practice/13.templating/mychart/Chart.yaml | 29 + .../mychart/templates/configmap.yaml | 5 + practice/13.templating/mychart/values.yaml | 79 ++ practice/13.templating/simple-deployment.yaml | 21 + practice/13.templating/summary_file.yaml | 36 + practice/13.templating/wordpress/.helmignore | 21 + practice/13.templating/wordpress/Chart.lock | 9 + practice/13.templating/wordpress/Chart.yaml | 33 + practice/13.templating/wordpress/README.md | 442 +++++++++ .../wordpress/charts/common/.helmignore | 22 + .../wordpress/charts/common/Chart.yaml | 23 + .../wordpress/charts/common/README.md | 322 +++++++ .../charts/common/templates/_affinities.tpl | 94 ++ .../charts/common/templates/_capabilities.tpl | 95 ++ .../charts/common/templates/_errors.tpl | 20 + .../charts/common/templates/_images.tpl | 43 + .../charts/common/templates/_ingress.tpl | 42 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 32 + .../charts/common/templates/_secrets.tpl | 129 +++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 ++ .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 ++ .../common/templates/validations/_mariadb.tpl | 103 +++ .../common/templates/validations/_mongodb.tpl | 108 +++ .../templates/validations/_postgresql.tpl | 131 +++ .../common/templates/validations/_redis.tpl | 72 ++ .../templates/validations/_validations.tpl | 46 + .../wordpress/charts/common/values.yaml | 3 + .../wordpress/charts/mariadb/.helmignore | 21 + .../wordpress/charts/mariadb/Chart.lock | 6 + .../wordpress/charts/mariadb/Chart.yaml | 30 + .../wordpress/charts/mariadb/README.md | 391 ++++++++ .../charts/mariadb/charts/common/.helmignore | 22 + .../charts/mariadb/charts/common/Chart.yaml | 23 + .../charts/mariadb/charts/common/README.md | 322 +++++++ .../charts/common/templates/_affinities.tpl | 94 ++ .../charts/common/templates/_capabilities.tpl | 95 ++ .../charts/common/templates/_errors.tpl | 20 + .../charts/common/templates/_images.tpl | 43 + .../charts/common/templates/_ingress.tpl | 42 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 32 + .../charts/common/templates/_secrets.tpl | 129 +++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 ++ .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 ++ .../common/templates/validations/_mariadb.tpl | 103 +++ .../common/templates/validations/_mongodb.tpl | 108 +++ .../templates/validations/_postgresql.tpl | 131 +++ .../common/templates/validations/_redis.tpl | 72 ++ .../templates/validations/_validations.tpl | 46 + .../charts/mariadb/charts/common/values.yaml | 3 + ...lues-production-with-rbac-and-metrics.yaml | 33 + .../charts/mariadb/templates/NOTES.txt | 50 + .../charts/mariadb/templates/_helpers.tpl | 150 +++ .../charts/mariadb/templates/extra-list.yaml | 4 + .../mariadb/templates/primary/configmap.yaml | 18 + .../primary/initialization-configmap.yaml | 11 + .../charts/mariadb/templates/primary/pdb.yaml | 25 + .../templates/primary/statefulset.yaml | 338 +++++++ .../charts/mariadb/templates/primary/svc.yaml | 49 + .../charts/mariadb/templates/role.yaml | 21 + .../charts/mariadb/templates/rolebinding.yaml | 21 + .../templates/secondary/configmap.yaml | 18 + .../mariadb/templates/secondary/pdb.yaml | 25 + .../templates/secondary/statefulset.yaml | 311 +++++++ .../mariadb/templates/secondary/svc.yaml | 51 + .../charts/mariadb/templates/secrets.yaml | 39 + .../mariadb/templates/serviceaccount.yaml | 18 + .../mariadb/templates/servicemonitor.yaml | 41 + .../charts/mariadb/values.schema.json | 176 ++++ .../wordpress/charts/mariadb/values.yaml | 871 ++++++++++++++++++ .../13.templating/wordpress/ci/ct-values.yaml | 2 + .../wordpress/ci/ingress-wildcard-values.yaml | 9 + .../wordpress/ci/values-hpa-pdb.yaml | 4 + .../ci/values-metrics-and-ingress.yaml | 9 + .../wordpress/templates/NOTES.txt | 82 ++ .../wordpress/templates/_helpers.tpl | 134 +++ .../wordpress/templates/configmap.yaml | 8 + .../wordpress/templates/deployment.yaml | 276 ++++++ .../templates/externaldb-secrets.yaml | 16 + .../wordpress/templates/extra-list.yaml | 4 + .../wordpress/templates/hpa.yaml | 34 + .../wordpress/templates/ingress.yaml | 59 ++ .../wordpress/templates/metrics-svc.yaml | 29 + .../wordpress/templates/pdb.yaml | 23 + .../wordpress/templates/pvc.yaml | 23 + .../wordpress/templates/secrets.yaml | 27 + .../wordpress/templates/servicemonitor.yaml | 37 + .../wordpress/templates/svc.yaml | 54 ++ .../tests/test-mariadb-connection.yaml | 39 + .../wordpress/templates/tls-secrets.yaml | 43 + .../wordpress/values.schema.json | 222 +++++ practice/13.templating/wordpress/values.yaml | 747 +++++++++++++++ .../14.ci-cd/1.1.prepare_cluster/README.md | 70 ++ .../1.1.prepare_cluster/docker_pull_secret.sh | 12 + .../14.ci-cd/1.1.prepare_cluster/setup.sh | 95 ++ .../1.1.prepare_cluster/xpaste_secret.sh | 11 + practice/14.ci-cd/1.2.deploy/.gitlab-ci.yml | 65 ++ practice/14.ci-cd/1.2.deploy/README.md | 108 +++ practice/14.ci-cd/1.3.logs/.gitlab-ci.yml | 70 ++ practice/14.ci-cd/1.3.logs/README.md | 38 + practice/14.ci-cd/1.3.logs/job.yaml | 43 + practice/14.ci-cd/1.3.logs/scripts/hooklog.sh | 111 +++ .../1.4.improvement_cicd/.gitlab-ci.yml | 94 ++ .../14.ci-cd/1.4.improvement_cicd/README.md | 56 ++ .../14.ci-cd/1.5.two_containers/README.md | 25 + .../1.5.two_containers/deployment.yaml | 120 +++ practice/14.ci-cd/1.6.job.migration/README.md | 18 + .../1.6.job.migration/deployment.yaml | 120 +++ .../1.6.job.migration/job.migrate.yaml | 56 ++ practice/14.ci-cd/README.md | 32 + .../15.kubernetes-features-for-app/.gitkeep | 0 .../1.pod/README.md | 81 ++ .../2.application-abstractions/1.pod/pod.yaml | 13 + .../2.replicaset/README.md | 218 +++++ .../2.replicaset/pod.yaml | 13 + .../2.replicaset/replicaset.yaml | 22 + .../3.deployment/README.md | 102 ++ .../3.deployment/deployment.yaml | 22 + .../4.resources/README.md | 63 ++ .../deployment-with-resources.yaml | 29 + .../3.saving-configurations/1.env/README.md | 47 + .../1.env/configmap.yaml | 9 + .../1.env/deployment-with-env-cm.yaml | 39 + .../1.env/deployment-with-env.yaml | 36 + .../2.secret/README.md | 62 ++ .../2.secret/deployment-with-secret.yaml | 44 + .../2.secret/secret.yaml | 8 + .../3.configmap/README.md | 44 + .../3.configmap/configmap.yaml | 18 + .../deployment-with-configmap.yaml | 40 + .../4.downward/README.md | 41 + .../deployment-with-downward-api.yaml | 83 ++ practice/4.saving-data/1.hostpath/README.md | 11 + .../4.saving-data/1.hostpath/deployment.yaml | 40 + practice/4.saving-data/2.emptydir/README.md | 31 + .../4.saving-data/2.emptydir/deployment.yaml | 39 + practice/4.saving-data/3.pvc/README.md | 29 + practice/4.saving-data/3.pvc/configmap.yaml | 26 + practice/4.saving-data/3.pvc/deployment.yaml | 51 + practice/4.saving-data/3.pvc/pvc.yaml | 11 + .../5.network-abstractions/1.probes/README.md | 43 + .../1.probes/deployment-with-stuff.yaml | 57 ++ .../2.ingress-and-services/README.md | 87 ++ .../2.ingress-and-services/app/configmap.yaml | 15 + .../app/deployment-with-configmap.yaml | 55 ++ .../2.ingress-and-services/clusterip.yaml | 11 + .../2.ingress-and-services/loadbalancer.yaml | 11 + .../2.ingress-and-services/nginx-ingress.yaml | 17 + .../2.ingress-and-services/nodeport.yaml | 11 + .../right_answers/.gitkeep | 0 .../right_answers/host-ingress.yaml | 18 + practice/7.oneshot-tasks/1.job/README.md | 198 ++++ practice/7.oneshot-tasks/1.job/job.yaml | 18 + practice/7.oneshot-tasks/2.cronjob/README.md | 59 ++ .../7.oneshot-tasks/2.cronjob/cronjob.yaml | 22 + .../1.daemonset/README.md | 39 + .../1.daemonset/daemonset.yaml | 39 + .../2.statefulset/README.md | 116 +++ .../rabbitmq-statefulset/configmap.yaml | 30 + .../rabbitmq-statefulset/role.yaml | 9 + .../rabbitmq-statefulset/rolebinding.yaml | 12 + .../rabbitmq-statefulset/service.yaml | 16 + .../rabbitmq-statefulset/serviceaccount.yaml | 5 + .../rabbitmq-statefulset/statefulset.yaml | 92 ++ .../9.cluster-authorization/1.rbac/README.md | 79 ++ .../1.rbac/configmap.yaml | 9 + .../1.rbac/rolebinding.yaml | 13 + .../9.cluster-authorization/1.rbac/secret.yml | 8 + .../1.rbac/serviceaccount.yaml | 5 + 197 files changed, 12740 insertions(+) create mode 100644 lecture/.gitkeep create mode 100644 practice/10.programming-languages-in-kubernetes/README.md create mode 100644 practice/11.local-development/README.md create mode 100644 practice/11.local-development/app/Dockerfile create mode 100644 practice/11.local-development/app/app.py create mode 100644 practice/11.local-development/app/kube/deployment.yaml create mode 100644 practice/11.local-development/app/kube/service.yaml create mode 100644 practice/11.local-development/app/requirements.txt create mode 100644 practice/12.application-debug/.gitkeep create mode 100644 practice/12.application-debug/README.md create mode 100644 practice/12.application-debug/deployment.yaml create mode 100644 practice/13.templating/README.md create mode 100644 practice/13.templating/homework/.gitkeep create mode 100644 practice/13.templating/homework/bad_deployment.yaml create mode 100644 practice/13.templating/homework/bad_deployment.yaml_otvet create mode 100644 practice/13.templating/libchart/.helmignore create mode 100644 practice/13.templating/libchart/Chart.yaml create mode 100644 practice/13.templating/libchart/templates/_configmap.yaml create mode 100644 practice/13.templating/libchart/templates/_util.yaml create mode 100644 practice/13.templating/mychart/.helmignore create mode 100644 practice/13.templating/mychart/Chart.lock create mode 100644 practice/13.templating/mychart/Chart.yaml create mode 100644 practice/13.templating/mychart/templates/configmap.yaml create mode 100644 practice/13.templating/mychart/values.yaml create mode 100644 practice/13.templating/simple-deployment.yaml create mode 100644 practice/13.templating/summary_file.yaml create mode 100644 practice/13.templating/wordpress/.helmignore create mode 100644 practice/13.templating/wordpress/Chart.lock create mode 100644 practice/13.templating/wordpress/Chart.yaml create mode 100644 practice/13.templating/wordpress/README.md create mode 100644 practice/13.templating/wordpress/charts/common/.helmignore create mode 100644 practice/13.templating/wordpress/charts/common/Chart.yaml create mode 100644 practice/13.templating/wordpress/charts/common/README.md create mode 100644 practice/13.templating/wordpress/charts/common/templates/_affinities.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_capabilities.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_errors.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_images.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_ingress.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_labels.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_names.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_secrets.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_storage.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_tplvalues.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_utils.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/_warnings.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/validations/_cassandra.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/validations/_mariadb.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/validations/_mongodb.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/validations/_postgresql.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/validations/_redis.tpl create mode 100644 practice/13.templating/wordpress/charts/common/templates/validations/_validations.tpl create mode 100644 practice/13.templating/wordpress/charts/common/values.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/.helmignore create mode 100644 practice/13.templating/wordpress/charts/mariadb/Chart.lock create mode 100644 practice/13.templating/wordpress/charts/mariadb/Chart.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/README.md create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/.helmignore create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/Chart.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/README.md create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_affinities.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_capabilities.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_errors.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_images.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_ingress.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_labels.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_names.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_secrets.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_storage.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_tplvalues.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_utils.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_warnings.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_cassandra.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_mariadb.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_mongodb.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_postgresql.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_redis.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_validations.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/charts/common/values.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/ci/values-production-with-rbac-and-metrics.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/NOTES.txt create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/_helpers.tpl create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/extra-list.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/primary/configmap.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/primary/initialization-configmap.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/primary/pdb.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/primary/statefulset.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/primary/svc.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/role.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/rolebinding.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/secondary/configmap.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/secondary/pdb.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/secondary/statefulset.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/secondary/svc.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/secrets.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/serviceaccount.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/templates/servicemonitor.yaml create mode 100644 practice/13.templating/wordpress/charts/mariadb/values.schema.json create mode 100644 practice/13.templating/wordpress/charts/mariadb/values.yaml create mode 100644 practice/13.templating/wordpress/ci/ct-values.yaml create mode 100644 practice/13.templating/wordpress/ci/ingress-wildcard-values.yaml create mode 100644 practice/13.templating/wordpress/ci/values-hpa-pdb.yaml create mode 100644 practice/13.templating/wordpress/ci/values-metrics-and-ingress.yaml create mode 100644 practice/13.templating/wordpress/templates/NOTES.txt create mode 100644 practice/13.templating/wordpress/templates/_helpers.tpl create mode 100644 practice/13.templating/wordpress/templates/configmap.yaml create mode 100644 practice/13.templating/wordpress/templates/deployment.yaml create mode 100644 practice/13.templating/wordpress/templates/externaldb-secrets.yaml create mode 100644 practice/13.templating/wordpress/templates/extra-list.yaml create mode 100644 practice/13.templating/wordpress/templates/hpa.yaml create mode 100644 practice/13.templating/wordpress/templates/ingress.yaml create mode 100644 practice/13.templating/wordpress/templates/metrics-svc.yaml create mode 100644 practice/13.templating/wordpress/templates/pdb.yaml create mode 100644 practice/13.templating/wordpress/templates/pvc.yaml create mode 100644 practice/13.templating/wordpress/templates/secrets.yaml create mode 100644 practice/13.templating/wordpress/templates/servicemonitor.yaml create mode 100644 practice/13.templating/wordpress/templates/svc.yaml create mode 100644 practice/13.templating/wordpress/templates/tests/test-mariadb-connection.yaml create mode 100644 practice/13.templating/wordpress/templates/tls-secrets.yaml create mode 100644 practice/13.templating/wordpress/values.schema.json create mode 100644 practice/13.templating/wordpress/values.yaml create mode 100644 practice/14.ci-cd/1.1.prepare_cluster/README.md create mode 100755 practice/14.ci-cd/1.1.prepare_cluster/docker_pull_secret.sh create mode 100755 practice/14.ci-cd/1.1.prepare_cluster/setup.sh create mode 100755 practice/14.ci-cd/1.1.prepare_cluster/xpaste_secret.sh create mode 100644 practice/14.ci-cd/1.2.deploy/.gitlab-ci.yml create mode 100644 practice/14.ci-cd/1.2.deploy/README.md create mode 100644 practice/14.ci-cd/1.3.logs/.gitlab-ci.yml create mode 100644 practice/14.ci-cd/1.3.logs/README.md create mode 100644 practice/14.ci-cd/1.3.logs/job.yaml create mode 100755 practice/14.ci-cd/1.3.logs/scripts/hooklog.sh create mode 100644 practice/14.ci-cd/1.4.improvement_cicd/.gitlab-ci.yml create mode 100644 practice/14.ci-cd/1.4.improvement_cicd/README.md create mode 100644 practice/14.ci-cd/1.5.two_containers/README.md create mode 100644 practice/14.ci-cd/1.5.two_containers/deployment.yaml create mode 100644 practice/14.ci-cd/1.6.job.migration/README.md create mode 100644 practice/14.ci-cd/1.6.job.migration/deployment.yaml create mode 100644 practice/14.ci-cd/1.6.job.migration/job.migrate.yaml create mode 100644 practice/14.ci-cd/README.md create mode 100644 practice/15.kubernetes-features-for-app/.gitkeep create mode 100644 practice/2.application-abstractions/1.pod/README.md create mode 100644 practice/2.application-abstractions/1.pod/pod.yaml create mode 100644 practice/2.application-abstractions/2.replicaset/README.md create mode 100644 practice/2.application-abstractions/2.replicaset/pod.yaml create mode 100644 practice/2.application-abstractions/2.replicaset/replicaset.yaml create mode 100644 practice/2.application-abstractions/3.deployment/README.md create mode 100644 practice/2.application-abstractions/3.deployment/deployment.yaml create mode 100644 practice/2.application-abstractions/4.resources/README.md create mode 100644 practice/2.application-abstractions/4.resources/deployment-with-resources.yaml create mode 100644 practice/3.saving-configurations/1.env/README.md create mode 100644 practice/3.saving-configurations/1.env/configmap.yaml create mode 100644 practice/3.saving-configurations/1.env/deployment-with-env-cm.yaml create mode 100644 practice/3.saving-configurations/1.env/deployment-with-env.yaml create mode 100644 practice/3.saving-configurations/2.secret/README.md create mode 100644 practice/3.saving-configurations/2.secret/deployment-with-secret.yaml create mode 100644 practice/3.saving-configurations/2.secret/secret.yaml create mode 100644 practice/3.saving-configurations/3.configmap/README.md create mode 100644 practice/3.saving-configurations/3.configmap/configmap.yaml create mode 100644 practice/3.saving-configurations/3.configmap/deployment-with-configmap.yaml create mode 100644 practice/3.saving-configurations/4.downward/README.md create mode 100644 practice/3.saving-configurations/4.downward/deployment-with-downward-api.yaml create mode 100644 practice/4.saving-data/1.hostpath/README.md create mode 100644 practice/4.saving-data/1.hostpath/deployment.yaml create mode 100644 practice/4.saving-data/2.emptydir/README.md create mode 100644 practice/4.saving-data/2.emptydir/deployment.yaml create mode 100644 practice/4.saving-data/3.pvc/README.md create mode 100644 practice/4.saving-data/3.pvc/configmap.yaml create mode 100644 practice/4.saving-data/3.pvc/deployment.yaml create mode 100644 practice/4.saving-data/3.pvc/pvc.yaml create mode 100644 practice/5.network-abstractions/1.probes/README.md create mode 100644 practice/5.network-abstractions/1.probes/deployment-with-stuff.yaml create mode 100644 practice/5.network-abstractions/2.ingress-and-services/README.md create mode 100644 practice/5.network-abstractions/2.ingress-and-services/app/configmap.yaml create mode 100644 practice/5.network-abstractions/2.ingress-and-services/app/deployment-with-configmap.yaml create mode 100644 practice/5.network-abstractions/2.ingress-and-services/clusterip.yaml create mode 100644 practice/5.network-abstractions/2.ingress-and-services/loadbalancer.yaml create mode 100644 practice/5.network-abstractions/2.ingress-and-services/nginx-ingress.yaml create mode 100644 practice/5.network-abstractions/2.ingress-and-services/nodeport.yaml create mode 100644 practice/5.network-abstractions/2.ingress-and-services/right_answers/.gitkeep create mode 100644 practice/5.network-abstractions/2.ingress-and-services/right_answers/host-ingress.yaml create mode 100644 practice/7.oneshot-tasks/1.job/README.md create mode 100644 practice/7.oneshot-tasks/1.job/job.yaml create mode 100644 practice/7.oneshot-tasks/2.cronjob/README.md create mode 100644 practice/7.oneshot-tasks/2.cronjob/cronjob.yaml create mode 100644 practice/8.deployment-alternative/1.daemonset/README.md create mode 100644 practice/8.deployment-alternative/1.daemonset/daemonset.yaml create mode 100644 practice/8.deployment-alternative/2.statefulset/README.md create mode 100644 practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/configmap.yaml create mode 100644 practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/role.yaml create mode 100644 practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/rolebinding.yaml create mode 100644 practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/service.yaml create mode 100644 practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/serviceaccount.yaml create mode 100644 practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/statefulset.yaml create mode 100644 practice/9.cluster-authorization/1.rbac/README.md create mode 100644 practice/9.cluster-authorization/1.rbac/configmap.yaml create mode 100644 practice/9.cluster-authorization/1.rbac/rolebinding.yaml create mode 100644 practice/9.cluster-authorization/1.rbac/secret.yml create mode 100644 practice/9.cluster-authorization/1.rbac/serviceaccount.yaml diff --git a/lecture/.gitkeep b/lecture/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/practice/10.programming-languages-in-kubernetes/README.md b/practice/10.programming-languages-in-kubernetes/README.md new file mode 100644 index 0000000..b03b732 --- /dev/null +++ b/practice/10.programming-languages-in-kubernetes/README.md @@ -0,0 +1,127 @@ +# Особенности ЯП в Kubernetes + +## Java + +### 1. Проверяем как видны лимиты на память в поде + +Для этого выполним команду: + +```bash +kubectl run --image centos test -- free -h +``` + +Проверим логи, для чего выполним команду: + +```bash +kubectl logs test +``` + +Результат будет примерно следующим: + +```bash + total used free shared buff/cache available +Mem: 3.9Gi 1.8Gi 303Mi 3.0Mi 1.7Gi 1.8Gi +Swap: 0B 0B 0B +``` + +Обратите внимание, что в поде видна вся память, доступная на ноде. +Что логично, ведь мы не указывали никаких лимитов при создании пода. + +Теперь попробуем запустить тот же под с лимитами по памяти. +Сначала удаляем старый под: + +```bash +kubectl delete po test +``` + +После завершения предыдущей операции создаем новый, указывая лимит в 128Mi памяти: + +```bash +kubectl run --limits="memory=128Mi" --image centos test -- free -h +``` + +Проверим логи, для чего выполним команду: + +```bash +kubectl logs test +``` + +И обнаружим результат эквивалентный предыдущему: + +```bash + total used free shared buff/cache available +Mem: 3.9Gi 1.8Gi 303Mi 3.0Mi 1.7Gi 1.8Gi +Swap: 0B 0B 0B +``` + +> Тоже самое касается и CPU. Можно проверить с помощью указания лимита на поде +> `--limit="cpu=100m"` и выполнения команды `lscpu` + +Удалим за собой тестовый под: + +```bash +kubectl delete po test +``` + +## Интерпретируемые языки + +### 1. Тестим автоопределение CPU + +Запускаем под с Nginx. Для этого выполним команду: + +```bash +kubectl run --image nginx:1.15 --limits="cpu=100m" test +``` + +Заходим в контейнер: + +```bash +kubectl exec -t -i test bash +``` + +Внутри контейнера ставим утилиту ps: + +```bash +apt-get update -y && apt-get install -y procps +``` + +Проверяем конфигурацию Nginx: + +```bash +cat /etc/nginx/nginx.conf +``` + +По умолчанию выставлен worker_processes 1 + +Видим что запущен один воркер: + +```bash +ps aux | grep nginx +``` + +Правим конфиг Nginx на автоопределение воркеров: + +```bash +sed -i 's/worker_processes 1;/worker_processes auto;/g' /etc/nginx/nginx.conf +``` + +Релоадим Nginx: + +```bash +nginx -s reload +``` + +Проверяем количество запущенных воркеров: + +```bash +ps aux | grep nginx +``` + +Обратите внимание, что несмотря на выставленный лимит для пода +в 100m CPU, Nginx запустил воркеров по количеству ядер на хосте + +Удалим за собой под: + +```bash +kubectl delete po test +``` diff --git a/practice/11.local-development/README.md b/practice/11.local-development/README.md new file mode 100644 index 0000000..c8126cb --- /dev/null +++ b/practice/11.local-development/README.md @@ -0,0 +1,96 @@ +# Local Development + +## 1. Запускаем minikube + +Для этого выполняем команду: + +```bash +minikube start +``` + +И ждем завершения выполнения. После этого можем проверить что все работает: + +```bash +kubectl get po -A +``` + +Должно вернуть что то типа: + +```bash +kube-system coredns-66bff467f8-mwqh4 1/1 Running 0 5m +kube-system etcd-minikube 1/1 Running 0 5m +kube-system kube-apiserver-minikube 1/1 Running 0 5m +kube-system kube-controller-manager-minikube 1/1 Running 0 5m +kube-system kube-proxy-mq6g6 1/1 Running 0 5m +kube-system kube-scheduler-minikube 1/1 Running 0 5m +kube-system storage-provisioner 1/1 Running 0 5m +``` + +## 2. Запускаем приложение + +Сначала нужно подключиться к докеру в minikube. Для этого выполним команду: + +```bash +eval $(minikube docker-env) +``` + +Дальше билдим образ + +> ВАЖНО!!! нужно находиться в директории `~/slurm/practice/11.local-development/app/` + +```bash +docker build . -t myapp:dev +``` + +После этого В ОТДЕЛЬНОЙ КОНСОЛИ запускаем команду для монтирования +локальной директории в minikube. + +> ВАЖНО!!! нужно находиться в директории `~/slurm/practice/11.local-development/app/` + +```bash +minikube mount .:/app +``` + +и оставляем ее висеть + +Дальше возвращаемся в первую консоль и там аплаим манифесты + +```bash +kubectl apply -f kube/ +``` + +Проверяем что приложение запустилось + +```bash +kubectl get po +``` + +и можем открыть его в браузере. Для этого можно просто выполнить команду: + +```bash +minikube service myapp +``` + +## 3. Вносим изменения в код + +Открываем файл app.py +и меняем строку + +```diff +- return "Hello, World!" ++ return "Hello, Updated!" +``` +Проверяем что приложение зарелоадилось + +```bash +kubectl logs +``` + +Должно быть такое: + +```bash + * Detected change in '/app/app.py', reloading + * Restarting with stat +``` + +и можем проверить в браузере что изменения действительно применились diff --git a/practice/11.local-development/app/Dockerfile b/practice/11.local-development/app/Dockerfile new file mode 100644 index 0000000..1e07102 --- /dev/null +++ b/practice/11.local-development/app/Dockerfile @@ -0,0 +1,8 @@ +FROM python:3.6.8 + +COPY requirements.txt /app/requirements.txt +RUN pip install -r /app/requirements.txt + +COPY . /app + +ENTRYPOINT python /app/app.py diff --git a/practice/11.local-development/app/app.py b/practice/11.local-development/app/app.py new file mode 100644 index 0000000..d8e31c3 --- /dev/null +++ b/practice/11.local-development/app/app.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python + +import os + +from flask import Flask +from flask import request + +config = { + "port": os.environ.get('PORT', 8000), + "debug": os.environ.get('DEBUG', False) +} + +app = Flask(__name__) + +@app.route("/") +def hello(): + return "Hello, Updated!" + +@app.route("/api/sum") +def sum(): + a = request.args.get('a') + b = request.args.get('b') + return "{0}+{1}={2}".format(a, b, int(a)+int(b)) + +if __name__ == "__main__": + app.run(host="0.0.0.0", port=config["port"], debug=config["debug"]) diff --git a/practice/11.local-development/app/kube/deployment.yaml b/practice/11.local-development/app/kube/deployment.yaml new file mode 100644 index 0000000..6687144 --- /dev/null +++ b/practice/11.local-development/app/kube/deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: myapp +spec: + replicas: 1 + selector: + matchLabels: + app: myapp + template: + metadata: + labels: + app: myapp + spec: + containers: + - name: api + image: myapp:dev + env: + - name: PYTHONUNBUFFERD + value: "1" + - name: DEBUG + value: "True" + ports: + - containerPort: 8000 + volumeMounts: + - name: code + mountPath: /app + volumes: + - name: code + hostPath: + path: /app diff --git a/practice/11.local-development/app/kube/service.yaml b/practice/11.local-development/app/kube/service.yaml new file mode 100644 index 0000000..d8755c9 --- /dev/null +++ b/practice/11.local-development/app/kube/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: myapp +spec: + type: LoadBalancer + selector: + app: myapp + ports: + - port: 8000 + targetPort: 8000 diff --git a/practice/11.local-development/app/requirements.txt b/practice/11.local-development/app/requirements.txt new file mode 100644 index 0000000..5be74f9 --- /dev/null +++ b/practice/11.local-development/app/requirements.txt @@ -0,0 +1,5 @@ +Flask==1.1.2 +itsdangerous==1.1.0 +Jinja2==2.11.2 +MarkupSafe==1.1.1 +Werkzeug==1.0.1 diff --git a/practice/12.application-debug/.gitkeep b/practice/12.application-debug/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/practice/12.application-debug/README.md b/practice/12.application-debug/README.md new file mode 100644 index 0000000..f04cf3b --- /dev/null +++ b/practice/12.application-debug/README.md @@ -0,0 +1,51 @@ +# Applications debug + +## 1. Тестим termination log + +Запускаем в кластере подготовленный деплоймент. Для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/12.application-debug/deployment.yaml +``` + +Проверим результат, для чего выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно следующим: + +```bash +NAME READY STATUS RESTARTS AGE +my-deployment-54cc978cf6-5d67r 1/1 Running 0 3s +``` + +Через какое-то время Pod должен рестартануть +и можно будет проверить как это выглядит в дескрайбе: + +```bash +kubectl describe po my-deployment-54cc978cf6-5d67r +``` + +```bash + Last State: Terminated + Reason: Error + Message: working OK + working OK + ....... + working OK + broken + + Exit Code: 1 + Started: Wed, 03 Mar 2021 15:46:27 +0300 + Finished: Wed, 03 Mar 2021 15:46:38 +0300 +``` + +## 2. Чистим за собой кластер + +Для этого выполним команду: + +```bash +kubectl delete deployment my-deployment +``` diff --git a/practice/12.application-debug/deployment.yaml b/practice/12.application-debug/deployment.yaml new file mode 100644 index 0000000..0f7bb1b --- /dev/null +++ b/practice/12.application-debug/deployment.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: my-app + template: + metadata: + labels: + app: my-app + spec: + containers: + - name: test + image: centos:7 + command: + - bash + - -c + - "for i in $(seq 1 100); do echo 'working OK'; sleep 0.1; done; echo 'broken'; exit 1" + terminationMessagePolicy: FallbackToLogsOnError diff --git a/practice/13.templating/README.md b/practice/13.templating/README.md new file mode 100644 index 0000000..2d2af01 --- /dev/null +++ b/practice/13.templating/README.md @@ -0,0 +1,414 @@ +### Знакомимся с Helm + +1) Подключаем repo и смотрим kube-ops-view + +```bash +helm repo add southbridge https://charts.southbridge.ru +helm repo update + +helm search hub kube-ops +helm show values southbridge/kube-ops-view > values.yaml + +``` + +2) Правим `values.yaml`: + +```bash +ingress: + enabled: true +... +hostname: kube-ops.s<свой номер логина>.k8s.slurm.io +... +``` + +3) Устанавливаем `kube-ops-view`: + +```bash +helm install ops-view southbridge/kube-ops-view -f values.yaml +``` + +4) Переходим в браузер в Инкогнито режим и заходим на `http://kube-ops.s<свой номер логина>.k8s.slurm.io/` + +5) Удаляем чарт: + +```bash +helm delete ops-view +``` + +### Посмотрим, что внутри чарта: + +```bash +helm pull southbridge/kube-ops-view + +tar -zxvf kube-ops-view-X.Y.Z.tgz + +cd kube-ops-view/ +``` + +### Создадим свой чарт + +1) Возьмем за основу нашего чарта готовый Depolyment. Создадим папку будущего чарта и создадим внутри необходимые файлы и папки: + +```bash +cd ~ +mkdir myapp + +cd myapp + +touch Chart.yaml values.yaml +mkdir templates + +cp ~/slurm/practice/13.templating/simple-deployment.yaml ~/myapp/templates/ +``` + +2) Добавим в файл `Chart.yaml` минимально необходимые поля: + +``` +name: myapp +version: 1 +``` + +3) Проверим что рендеринг чарта работает, в выводе команды должны увидеть наш Deployment + +``` +helm template . +``` + +### Темплейтируем свой чарт + +> **Если отстали, сверяемся с файлом `summary_file.yaml`** + +1) Смотрим на файл `templates/simple-deployment.yaml` и темплейтируем в нем количество реплик и image + +```bash +replicas: 1 + +меняем на + +replicas: {{ .Values.replicas }} + +... + +image: nginx:1.14.2 + +меняем на + +image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" +``` + +2) Добавляем значения этих переменных в файл `values.yaml`: + +```bash +replicas: 3 + +image: + repository: nginx + tag: 1.12 +``` + +3) Проверяем что все корректно и что наши values подцепились: + +```bash +helm template . +``` + +**САМОСТОЯТЕЛЬНАЯ РАБОТА:** +- Затемплейтировать по аналогии в Deployment значение поля `containerPort: 80` + +### Стандартизируем наш чарт + +1) Заменяем все лейблы в Deployment, а также имя деплоймента и контейнера + +```bash + labels: + app: nginx + +меняем на + + labels: + app: {{ .Chart.Name }}-{{ .Release.Name }} + +--- + +name: nginx-deployment + +меняем на + +name: {{ .Chart.Name }}-{{ .Release.Name }} + +--- + + containers: + - name: nginx + +меняем на + + containers: + - name: {{ .Chart.Name }} + +``` + +2) Для проверки используем ту же команду, но с доп ключом: + +```bash +helm template . --name-template foobar +``` + +3) Указываем количество реплик по-умолчанию: + +```bash +{{ .Values.replicas | default 2 }} +``` + +4) Проверяем изменения, а также пробуем переназначить тэг образа через ключ `--set`: + +```bash +helm template . --name-template foobar --set image.tag=1.13 +``` + +### Добавляем в наш Deployment `requests/limits` + +1) Добавляем в `values.yaml` реквесты и лимиты, прям в их обычном формате: + +```bash +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 80m + memory: 64Mi +``` + +2) В нашем темплейтированном манифесте говорим, чтобы за ресурсами он сходил в `values.yaml` и взял оттуда секцию целиком: + +```bash + ports: + - containerPort: {{ .Values.service.internalPort }} + resources: <--- вставляем в это место +{{ toYaml .Values.resources }} + +``` + +3) Проверяем изменения + +```bash +helm template . --name-template foobar +``` + +4) Видим что не хватает отступов. Добавляем `indent` в наш Deployment: + +```bash +было + +{{ toYaml .Values.resources }} + +стало + +{{ toYaml .Values.resources | indent 10 }} +``` + +5) Проверяем исправилось ли + +```bash +helm template . --name-template foobar +``` + +**САМОСТОЯТЕЛЬНАЯ РАБОТА:** +- Добавить таким же образом `annotations` +- Поиграйтесь с indent'ом. Сделайте так, чтобы при рендеринге показывались верные отступы +- В `values.yaml` укажите значение аннотации `abc: xyz` + +6) Добавляем условие в аннотации: + +```bash +было + + annotations: +{{ toYaml .Values.annotations | indent 4 }} + +стало + +{{ if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4 }} +{{ end }} + +``` + +7) Смущают пустые строчки. Уберем их + +```bash +было + +{{ if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4 }} +{{ end }} + +стало + +{{- if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4 }} +{{- end }} + +``` + +8) Проверяем что теперь все ОК + +```bash +helm template . --name-template foobar +``` + +### Добавляем указание переменных окружения + +1) Вносим в наш темплейтированный манифест следующее: + +```bash + - containerPort: {{ .Values.port }} +{{ if .Values.env }} <--- Сюда вставляем + env: + {{ range $key, $val := .Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} + {{ end }} +{{ end }} + +``` + +2) Проверяем что ничего не сломали + +```bash +helm template . --name-template foobar +``` + +3) Добавляем в `values.yaml` переменные окружения: + +```bash +env: + one: two + ENV: DEVELOPMENT +``` + +4) Проверяем что переменные подтянулись + +```bash +helm template . --name-template foobar +``` + +**ДОМАШНЯЯ РАБОТА:** + +- Перейти в папку `homework` +- Запустить deployment из файла `bad_deployment.yaml` +- Исправить все найденные ошибки и сделать так, чтобы все pod'ы были в состоянии `Running 1/1` + +Ответ-шпаргалка находится в файле `bad_deployment.yaml_otvet` + +### Helm Tests + +1) Переходим в каталог `~/slurm/practice/13.templating/wordpress`, осматриваем чарт. Смотрим папку `tests` и манифест там + +```bash +cd ~/slurm/practice/13.templating/wordpress +ls +cd templates/tests/ +ls +cat test-mariadb-connection.yaml +``` +2) Устанавливаем чарт Wordpress в свой кластер и запускаем тесты: + +```bash +helm install wordpress ~/slurm/practice/13.templating/wordpress/ +helm test wordpress +``` + +3) Видим что все работает и тест прошел успешно. Удаляем чарт из кластера, однако замечаем что pod с тестом остается: + +```bash +helm delete wordpress +kubectl get po +``` + +4) Удалим этот оставшийся pod. Затем модернизируем наши тесты, добавив туда аннотацию `"helm.sh/hook-delete-policy": hook-succeeded` + +```bash +kubectl delete po <имя_пода> + +cd ~/slurm/practice/13.templating +vim wordpress/templates/tests/test-mariadb-connection.yaml +``` +```yaml +... +annotations: + "helm.sh/hook-delete-policy": hook-succeeded` <-- Добавляем аннотацию + "helm.sh/hook": test-succeded +... +``` + +5) Снова ставим чарт и делаем тест: + +```bash +helm install wordpress ~/slurm/practice/13.templating/wordpress/ +helm test wordpress +``` + +6) Видим, что теперь pod удаляется. Намеренно испортим тест, чтобы проверить что произойдет. Изменим в манифесте `test-mariadb-connection.yaml` номер порта с `3306` на `3333`. Затем обновим чарт, добавив необходимые переменные: + +```bash +vim wordpress/templates/tests/test-mariadb-connection.yaml + +export MARIADB_PASSWORD=$(kubectl get secret wordpress-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) +export WORDPRESS_PASSWORD=$(kubectl get secret wordpress -o jsonpath="{.data.wordpress-password}" | base64 --decode) + +helm upgrade --install wordpress ./wordpress/ --set mariadb.auth.password=$MARIADB_PASSWORD --set wordpressPassword=$WORDPRESS_PASSWORD +``` + +7) Выполним тест, указав таймаут, чтобы не ждать ошибки от самого pod'а. Смотрим статус теста и pod'а: + +```bash +helm test wordpress --timeout 30s +kubectl get po +``` + +8) Удаляем чарт + +```bash +helm delete wordpress +``` + +### Helm Library Chart + +1) Смотрим на чарты в каталогах `libchart/` и `mychart/` + +2) Проверяем как подключается библиотечный чарт с шаблоном configmap'а: + +```bash +helm install libtest mychart/ --debug --dry-run +``` + +### Helm Cheatsheet + +Поиск чартов + +```bash +helm search hub +``` + +Получение дефолтных values + +```bash +helm show values repo/chart > values.yaml +``` + +Установка чарта в кластер + +```bash +helm install release-name repo/chart [--atomic] [--namespace namespace] +``` + +Локально отрендерить чарт + +```bash +helm template /path/to/chart +``` diff --git a/practice/13.templating/homework/.gitkeep b/practice/13.templating/homework/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/practice/13.templating/homework/bad_deployment.yaml b/practice/13.templating/homework/bad_deployment.yaml new file mode 100644 index 0000000..e5189a6 --- /dev/null +++ b/practice/13.templating/homework/bad_deployment.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 2 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 + readinessProbe: + failureThreshold: 2 + httpGet: + path: /123 + port: 80 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /123 + port: 80 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 10 + resources: + requests: + cpu: 50m + memory: 100Ti + limits: + cpu: 100m + memory: 100Ti + diff --git a/practice/13.templating/homework/bad_deployment.yaml_otvet b/practice/13.templating/homework/bad_deployment.yaml_otvet new file mode 100644 index 0000000..5128b6a --- /dev/null +++ b/practice/13.templating/homework/bad_deployment.yaml_otvet @@ -0,0 +1,53 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 2 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 + readinessProbe: + failureThreshold: 2 + httpGet: +# Проверка HttpGet шла на URL который не существовал и отдавал 404. Меняем на верный + path: / + port: 80 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: +# Проверка HttpGet шла на URL который не существовал и отдавал 404. Меняем на верный + path: / + port: 80 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 10 + resources: + requests: + cpu: 50m +# В реквестах запрашивается 100 террабайт ОЗУ (Ti), столько на серверах нет. Это можно увидеть в describe. Меняем на мегабайты + memory: 100Mi + limits: + cpu: 100m +# В лимитах лучше тоже подправить на мегабайты, иначе от таких выставленных лимитов проку нет + memory: 100Mi diff --git a/practice/13.templating/libchart/.helmignore b/practice/13.templating/libchart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/practice/13.templating/libchart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/practice/13.templating/libchart/Chart.yaml b/practice/13.templating/libchart/Chart.yaml new file mode 100644 index 0000000..a36bbd5 --- /dev/null +++ b/practice/13.templating/libchart/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +name: libchart +description: A Helm chart for Kubernetes + +type: library +# +# # This is the chart version. This version number should be incremented each time you make changes +# # to the chart and its templates, including the app version. +version: 0.1.0 +# +# # This is the version number of the application being deployed. This version number should be +# # incremented each time you make changes to the application and it is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/practice/13.templating/libchart/templates/_configmap.yaml b/practice/13.templating/libchart/templates/_configmap.yaml new file mode 100644 index 0000000..1d4dee2 --- /dev/null +++ b/practice/13.templating/libchart/templates/_configmap.yaml @@ -0,0 +1,10 @@ +{{- define "libchart.configmap.tpl" -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name | printf "%s-%s" .Chart.Name }} +data: {} +{{- end -}} +{{- define "libchart.configmap" -}} +{{- include "libchart.util.merge" (append . "libchart.configmap.tpl") -}} +{{- end -}} diff --git a/practice/13.templating/libchart/templates/_util.yaml b/practice/13.templating/libchart/templates/_util.yaml new file mode 100644 index 0000000..47309f8 --- /dev/null +++ b/practice/13.templating/libchart/templates/_util.yaml @@ -0,0 +1,13 @@ +{{- /* +libchart.util.merge will merge two YAML templates and output the result. +This takes an array of three values: +- the top context +- the template name of the overrides (destination) +- the template name of the base (source) +*/}} +{{- define "libchart.util.merge" -}} +{{- $top := first . -}} +{{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) -}} +{{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) -}} +{{- toYaml (merge $overrides $tpl) -}} +{{- end -}} diff --git a/practice/13.templating/mychart/.helmignore b/practice/13.templating/mychart/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/practice/13.templating/mychart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/practice/13.templating/mychart/Chart.lock b/practice/13.templating/mychart/Chart.lock new file mode 100644 index 0000000..04e8ef5 --- /dev/null +++ b/practice/13.templating/mychart/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: libchart + repository: file://../libchart + version: 0.1.0 +digest: sha256:e35a15b496d3f45163e2f993af8ab76d90ce6f0f9949d452bcd7461746840e5f +generated: "2021-02-26T18:12:27.097384333+03:00" diff --git a/practice/13.templating/mychart/Chart.yaml b/practice/13.templating/mychart/Chart.yaml new file mode 100644 index 0000000..85cca22 --- /dev/null +++ b/practice/13.templating/mychart/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +name: mychart +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" + +dependencies: +- name: libchart + version: 0.1.0 + repository: file://../libchart diff --git a/practice/13.templating/mychart/templates/configmap.yaml b/practice/13.templating/mychart/templates/configmap.yaml new file mode 100644 index 0000000..4134e27 --- /dev/null +++ b/practice/13.templating/mychart/templates/configmap.yaml @@ -0,0 +1,5 @@ +{{- include "libchart.configmap" (list . "mychart.configmap") -}} +{{- define "mychart.configmap" -}} +data: + myvalue: "Hello World" +{{- end -}} diff --git a/practice/13.templating/mychart/values.yaml b/practice/13.templating/mychart/values.yaml new file mode 100644 index 0000000..a6aae47 --- /dev/null +++ b/practice/13.templating/mychart/values.yaml @@ -0,0 +1,79 @@ +# Default values for mychart. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/practice/13.templating/simple-deployment.yaml b/practice/13.templating/simple-deployment.yaml new file mode 100644 index 0000000..f2c006f --- /dev/null +++ b/practice/13.templating/simple-deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment + labels: + app: nginx +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.14.2 + ports: + - containerPort: 80 \ No newline at end of file diff --git a/practice/13.templating/summary_file.yaml b/practice/13.templating/summary_file.yaml new file mode 100644 index 0000000..a8fa46d --- /dev/null +++ b/practice/13.templating/summary_file.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }}-{{ .Release.Name }} + labels: + app: {{ .Chart.Name }}-{{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4 }} +{{ end -}} +spec: + replicas: {{ .Values.replicas | default 2 }} + selector: + matchLabels: + app: {{ .Chart.Name }}-{{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }}-{{ .Release.Name }} + spec: + containers: + - name: nginx + image: {{ .Values.image.name }}:{{ .Values.image.tag }} + ports: + - containerPort: {{ .Values.port }} +{{ if .Values.env }} + env: + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} + {{- end }} +{{ end }} + resources: +{{ toYaml .Values.resources | indent 10 -}} + diff --git a/practice/13.templating/wordpress/.helmignore b/practice/13.templating/wordpress/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/practice/13.templating/wordpress/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/practice/13.templating/wordpress/Chart.lock b/practice/13.templating/wordpress/Chart.lock new file mode 100644 index 0000000..ab98dac --- /dev/null +++ b/practice/13.templating/wordpress/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: mariadb + repository: https://charts.bitnami.com/bitnami + version: 9.3.4 +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.4.0 +digest: sha256:be02c8b67151f6824d5cc1c57ecb904467347994bfc36660f6ee0e103743382b +generated: "2021-02-23T00:31:37.689624158Z" diff --git a/practice/13.templating/wordpress/Chart.yaml b/practice/13.templating/wordpress/Chart.yaml new file mode 100644 index 0000000..0496863 --- /dev/null +++ b/practice/13.templating/wordpress/Chart.yaml @@ -0,0 +1,33 @@ +annotations: + category: CMS +apiVersion: v2 +appVersion: 5.6.2 +dependencies: +- condition: mariadb.enabled + name: mariadb + repository: https://charts.bitnami.com/bitnami + version: 9.x.x +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: Web publishing platform for building blogs and websites. +home: https://github.com/bitnami/charts/tree/master/bitnami/wordpress +icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png +keywords: +- application +- blog +- cms +- http +- php +- web +- wordpress +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: wordpress +sources: +- https://github.com/bitnami/bitnami-docker-wordpress +- http://www.wordpress.com/ +version: 10.6.8 diff --git a/practice/13.templating/wordpress/README.md b/practice/13.templating/wordpress/README.md new file mode 100644 index 0000000..a02cc9b --- /dev/null +++ b/practice/13.templating/wordpress/README.md @@ -0,0 +1,442 @@ +# WordPress + +[WordPress](https://wordpress.org/) is one of the most versatile open source content management systems on the market. A publishing platform for building blogs and websites. + +## TL;DR + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/wordpress +``` + +## Introduction + +This chart bootstraps a [WordPress](https://github.com/bitnami/bitnami-docker-wordpress) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +It also packages the [Bitnami MariaDB chart](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the WordPress application. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install my-release bitnami/wordpress +``` + +The command deploys WordPress on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following table lists the configurable parameters of the WordPress chart and their default values per section/component: + +### Global parameters + +| Parameter | Description | Default | +|---------------------------|-------------------------------------------------|---------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | + +### Common parameters + +| Parameter | Description | Default | +|---------------------|----------------------------------------------------------------------|--------------------------------| +| `nameOverride` | String to partially override common.names.fullname | `nil` | +| `fullnameOverride` | String to fully override common.names.fullname | `nil` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `nil` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` (evaluated as a template) | + +### WordPress parameters + +| Parameter | Description | Default | +|-------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `image.registry` | WordPress image registry | `docker.io` | +| `image.repository` | WordPress image name | `bitnami/wordpress` | +| `image.tag` | WordPress image tag | `{TAG_NAME}` | +| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `hostAliases` | Add deployment host aliases | `Check values.yaml` | +| `wordpressSkipInstall` | Skip wizard installation when the external db already contains data from a previous WordPress installation [see](https://github.com/bitnami/bitnami-docker-wordpress#connect-wordpress-docker-container-to-an-existing-database) | `false` | +| `wordpressUsername` | User of the application | `user` | +| `existingSecret` | Name of the existing Wordpress Secret (it must contain a key named `wordpress-password`). When it's set, `wordpressPassword` is ignored | `nil` | +| `serviceAccountName` | Name of a service account for the WordPress pods | `default` | +| `wordpressPassword` | Application password | _random 10 character long alphanumeric string_ | +| `wordpressEmail` | Admin email | `user@example.com` | +| `wordpressFirstName` | First name | `FirstName` | +| `wordpressLastName` | Last name | `LastName` | +| `wordpressBlogName` | Blog name | `User's Blog!` | +| `wordpressTablePrefix` | Table prefix | `wp_` | +| `wordpressScheme` | Scheme to generate application URLs [`http`, `https`] | `http` | +| `wordpressExtraConfigContent` | Add extra content to the configuration file | `""` | +| `allowEmptyPassword` | Allow DB blank passwords | `true` | +| `allowOverrideNone` | Set Apache AllowOverride directive to None | `false` | +| `htaccessPersistenceEnabled` | Make `.htaccess` persistence so that it can be customized. [See](#disabling-htaccess) | `false` | +| `customHTAccessCM` | Configmap with custom wordpress-htaccess.conf directives | `nil` | +| `customPostInitScripts` | Custom post-init.d user scripts | `nil` | +| `smtpHost` | SMTP host | `nil` | +| `smtpPort` | SMTP port | `nil` | +| `smtpUser` | SMTP user | `nil` | +| `smtpPassword` | SMTP password | `nil` | +| `smtpUsername` | User name for SMTP emails | `nil` | +| `smtpProtocol` | SMTP protocol [`tls`, `ssl`, `none`] | `nil` | +| `smtpExistingPassword` | Existing secret containing SMTP password in key `smtp-password` | `nil` | +| `command` | Override default container command (useful when using custom images) | `nil` | +| `args` | Override default container args (useful when using custom images) | `nil` | +| `extraEnvVars` | Extra environment variables to be set on WordPress container | `{}` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `nil` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `nil` | + +### WordPress deployment parameters + +| Parameter | Description | Default | +|-----------------------------|-------------------------------------------------------------------------------------------|--------------------------------------| +| `replicaCount` | Number of WordPress Pods to run | `1` | +| `containerPorts.http` | HTTP port to expose at container level | `8080` | +| `containerPorts.https` | HTTPS port to expose at container level | `8443` | +| `podSecurityContext` | WordPress pods' Security Context | Check `values.yaml` file | +| `containerSecurityContext` | WordPress containers' Security Context | Check `values.yaml` file | +| `resources.limits` | The resources limits for the WordPress container | `{}` | +| `resources.requests` | The requested resources for the WordPress container | `{"memory": "512Mi", "cpu": "300m"}` | +| `livenessProbe` | Liveness probe configuration for WordPress | Check `values.yaml` file | +| `readinessProbe` | Readiness probe configuration for WordPress | Check `values.yaml` file | +| `customLivenessProbe` | Override default liveness probe | `nil` | +| `customReadinessProbe` | Override default readiness probe | `nil` | +| `updateStrategy` | Set up update strategy | `RollingUpdate` | +| `schedulerName` | Name of the alternate scheduler | `nil` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` (evaluated as a template) | +| `nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) | +| `tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) | +| `podLabels` | Extra labels for WordPress pods | `{}` | +| `podAnnotations` | Annotations for WordPress pods | `{}` | +| `extraVolumeMounts` | Additional volume mounts | `[]` | +| `extraVolumes` | Additional volumes | `[]` | +| `initContainers` | Add additional init containers to the WordPress pods | `{}` (evaluated as a template) | +| `sidecars` | Attach additional sidecar containers to the pod | `{}` (evaluated as a template) | + +### Exposure parameters + +| Parameter | Description | Default | +|------------------------------------|-------------------------------------------------------------------------------|--------------------------------| +| `service.type` | Kubernetes Service type | `LoadBalancer` | +| `service.port` | Service HTTP port | `80` | +| `service.httpsPort` | Service HTTPS port | `443` | +| `service.httpsTargetPort` | Service Target HTTPS port | `https` | +| `service.nodePorts.http` | Kubernetes http node port | `""` | +| `service.nodePorts.https` | Kubernetes https node port | `""` | +| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `nil` | +| `service.clusterIP` | WordPress service clusterIP IP | `None` | +| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]` | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.annotations` | Service annotations | `{}` (evaluated as a template) | +| `ingress.enabled` | Enable ingress controller resource | `false` | +| `ingress.certManager` | Add annotations for cert-manager | `false` | +| `ingress.hostname` | Default host for the ingress resource | `wordpress.local` | +| `ingress.path` | Default path for the ingress resource | `/` | +| `ingress.tls` | Create TLS Secret | `false` | +| `ingress.annotations` | Ingress annotations | `[]` (evaluated as a template) | +| `ingress.extraHosts[0].name` | Additional hostnames to be covered | `nil` | +| `ingress.extraHosts[0].path` | Additional hostnames to be covered | `nil` | +| `ingress.extraPaths` | Additional arbitrary path/backend objects | `nil` | +| `ingress.extraTls[0].hosts[0]` | TLS configuration for additional hostnames to be covered | `nil` | +| `ingress.extraTls[0].secretName` | TLS configuration for additional hostnames to be covered | `nil` | +| `ingress.secrets[0].name` | TLS Secret Name | `nil` | +| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | +| `ingress.secrets[0].key` | TLS Secret Key | `nil` | + +### Persistence parameters + +| Parameter | Description | Default | +|-----------------------------|------------------------------------------|---------------------------------------------| +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Enable persistence using an existing PVC | `nil` | +| `persistence.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) | +| `persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request | `10Gi` | +| `persistence.dataSource` | PVC data source | `{}` | + +### Database parameters + +| Parameter | Description | Default | +|-------------------------------------------|------------------------------------------------------|------------------------------------------------| +| `mariadb.enabled` | Deploy MariaDB container(s) | `true` | +| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | +| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | _random 10 character alphanumeric string_ | +| `mariadb.auth.database` | Database name to create | `bitnami_wordpress` | +| `mariadb.auth.username` | Database user to create | `bn_wordpress` | +| `mariadb.auth.password` | Password for the database | _random 10 character long alphanumeric string_ | +| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | +| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `[ReadWriteOnce]` | +| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | +| `externalDatabase.host` | Host of the external database | `localhost` | +| `externalDatabase.user` | Existing username in the external db | `bn_wordpress` | +| `externalDatabase.password` | Password for the above username | `nil` | +| `externalDatabase.database` | Name of the existing database | `bitnami_wordpress` | +| `externalDatabase.port` | Database port number | `3306` | +| `externalDatabase.existingSecret` | Name of the database existing Secret Object | `nil` | + +### Volume Permissions parameters + +| Parameter | Description | Default | +|-----------------------------------------------|----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| `volumePermissions.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | + +### Metrics parameters + +| Parameter | Description | Default | +|-------------------------------------------|------------------------------------------------------------------------------|--------------------------------------------------------------| +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Apache exporter image registry | `docker.io` | +| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` | +| `metrics.image.tag` | Apache exporter image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `metrics.service.port` | Service Metrics port | `9117` | +| `metrics.service.annotations` | Annotations for enabling prometheus to access the metrics endpoints | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` | +| `metrics.resources.limits` | The resources limits for the metrics exporter container | `{}` | +| `metrics.resources.requests` | The requested resources for the metrics exporter container | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace where servicemonitor resource should be created | `nil` | +| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `nil` | +| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` | +| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | + +### Other parameters + +| Parameter | Description | Default | +|----------------------------|----------------------------------------------------------------|---------| +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `nil` | +| `autoscaling.enabled` | Enable autoscaling for WordPress | `false` | +| `autoscaling.minReplicas` | Minimum number of WordPress replicas | `1` | +| `autoscaling.maxReplicas` | Maximum number of WordPress replicas | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `nil` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `nil` | + +The above parameters map to the env variables defined in [bitnami/wordpress](http://github.com/bitnami/bitnami-docker-wordpress). For more information please refer to the [bitnami/wordpress](http://github.com/bitnami/bitnami-docker-wordpress) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set wordpressUsername=admin \ + --set wordpressPassword=password \ + --set mariadb.auth.rootPassword=secretpassword \ + bitnami/wordpress +``` + +The above command sets the WordPress administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml bitnami/wordpress +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Known limitations + +When performing admin operations that require activating the maintenance mode (such as updating a plugin or theme), it's activated in only one replica (see: [bug report](https://core.trac.wordpress.org/ticket/50797)). This implies that WP could be attending requests on other replicas while performing admin operations, with unpredictable consequences. + +To avoid that, you can manually activate/deactivate the maintenance mode on every replica using the WP CLI. For instance, if you installed WP with three replicas, you can run the commands below to activate the maintenance mode in all of them (assuming that the release name is `wordpress`): + +```console +kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[0].metadata.name}') -c wordpress -- wp maintenance-mode activate +kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[1].metadata.name}') -c wordpress -- wp maintenance-mode activate +kubectl exec $(kubectl get pods -l app.kubernetes.io/name=wordpress -o jsonpath='{.items[2].metadata.name}') -c wordpress -- wp maintenance-mode activate +``` + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +wordpress: + extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as WordPress (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter. [Learn more about configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/apps/wordpress/administration/configure-use-sidecars/). + +### External database support + +You may want to have WordPress connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example: + +```console +mariadb.enabled=false +externalDatabase.host=myexternalhost +externalDatabase.user=myuser +externalDatabase.password=mypassword +externalDatabase.database=mydatabase +externalDatabase.port=3306 +``` + +Refer to the [documentation on using an external database with WordPress](https://docs.bitnami.com/kubernetes/apps/wordpress/configuration/use-external-database/) and the [tutorial on integrating WordPress with a managed cloud database](https://docs.bitnami.com/tutorials/secure-wordpress-kubernetes-managed-database-ssl-upgrades/) for more information. + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +### Ingress + +This chart provides support for Ingress resources. If an Ingress controller, such as [nginx-ingress](https://kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://kubeapps.com/charts/stable/traefik), that Ingress controller can be used to serve WordPress. + +To enable Ingress integration, set `ingress.enabled` to `true`. The `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. It is also possible to have more than one host, with a separate TLS configuration for each host. [Learn more about configuring and using Ingress](https://docs.bitnami.com/kubernetes/apps/wordpress/configuration/configure-use-ingress/). + +### TLS secrets + +The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.bitnami.com/kubernetes/apps/wordpress/administration/enable-tls/). + +### `.htaccess` files + +For performance and security reasons, it is a good practice to configure Apache with the `AllowOverride None` directive. Instead of using `.htaccess` files, Apache will load the same directives at boot time. These directives are located in `/opt/bitnami/wordpress/wordpress-htaccess.conf`. + +By default, the container image includes all the default `.htaccess` files in WordPress (together with the default plugins). To enable this feature, install the chart with the value `allowOverrideNone=yes`. + +[Learn more about working with `.htaccess` files](https://docs.bitnami.com/kubernetes/apps/wordpress/configuration/understand-htaccess/). + +## Persistence + +The [Bitnami WordPress](https://github.com/bitnami/bitnami-docker-wordpress) image stores the WordPress data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. [Learn more about persistence in the chart documentation](https://docs.bitnami.com/kubernetes/apps/wordpress/configuration/chart-persistence/). + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/apps/wordpress/administration/upgrade-helm3/). + +#### Additional upgrade notes + +- MariaDB dependency version was bumped to a new major version that introduces several incompatabilitees. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. +- If you want to upgrade to this version from a previous one installed with Helm v3, there are two alternatives: + - Install a new WordPress chart, and migrate your WordPress site using backup/restore tools such as [VaultPress](https://vaultpress.com/) or [All-in-One WP Migration](https://wordpress.org/plugins/all-in-one-wp-migration/). + - Reuse the PVC used to hold the MariaDB data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `wordpress`). + +> Warning: please create a backup of your database before running any of these actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5. + +Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release: + +```console +$ export WORDPRESS_PASSWORD=$(kubectl get secret --namespace default wordpress -o jsonpath="{.data.wordpress-password}" | base64 --decode) +$ export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) +$ export MARIADB_PASSWORD=$(kubectl get secret --namespace default wordpress-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) +$ export MARIADB_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=wordpress,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") +``` + +Upgrade your release (maintaining the version) disabling MariaDB and scaling WordPress replicas to 0: + +```console +$ helm upgrade wordpress bitnami/wordpress --set wordpressPassword=$WORDPRESS_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 9.6.4 +``` + +Finally, upgrade you release to `10.0.0` reusing the existing PVC, and enabling back MariaDB: + +```console +$ helm upgrade wordpress bitnami/wordpress --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set wordpressPassword=$WORDPRESS_PASSWORD +``` + +You should see the lines below in MariaDB container logs: + +```console +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=wordpress,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") +... +mariadb 12:13:24.98 INFO ==> Using persisted data +mariadb 12:13:25.01 INFO ==> Running mysql_upgrade +... +``` + +### To 9.0.0 + +The [Bitnami WordPress](https://github.com/bitnami/bitnami-docker-wordpress) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `securityContext.runAsUser`, and `securityContext.fsGroup` to `0`. +Chart labels and Ingress configuration were also adapted to follow the Helm charts best practices. + +Consequences: + +- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. +- No writing permissions will be granted on `wp-config.php` by default. +- Backwards compatibility is not guaranteed. + +To upgrade to `9.0.0`, it's recommended to install a new WordPress chart, and migrate your WordPress site using backup/restore tools such as [VaultPress](https://vaultpress.com/) or [All-in-One WP Migration](https://wordpress.org/plugins/all-in-one-wp-migration/). + +### To 8.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pulls/12642 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version signifies this change. + +### To 3.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to `3.0.0`. The following example assumes that the release name is `wordpress`: + +```console +kubectl patch deployment wordpress-wordpress --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +kubectl delete statefulset wordpress-mariadb --cascade=false +``` diff --git a/practice/13.templating/wordpress/charts/common/.helmignore b/practice/13.templating/wordpress/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/practice/13.templating/wordpress/charts/common/Chart.yaml b/practice/13.templating/wordpress/charts/common/Chart.yaml new file mode 100644 index 0000000..725db2c --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.4.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- http://www.bitnami.com/ +type: library +version: 1.4.0 diff --git a/practice/13.templating/wordpress/charts/common/README.md b/practice/13.templating/wordpress/charts/common/README.md new file mode 100644 index 0000000..7287cbb --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/README.md @@ -0,0 +1,322 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|--------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Inpput | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for RedisTM are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets. + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/practice/13.templating/wordpress/charts/common/templates/_affinities.tpl b/practice/13.templating/wordpress/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..493a6dc --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_affinities.tpl @@ -0,0 +1,94 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_capabilities.tpl b/practice/13.templating/wordpress/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..4dde56a --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_capabilities.tpl @@ -0,0 +1,95 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_errors.tpl b/practice/13.templating/wordpress/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..d6d3ec6 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_errors.tpl @@ -0,0 +1,20 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_images.tpl b/practice/13.templating/wordpress/charts/common/templates/_images.tpl new file mode 100644 index 0000000..aafde9f --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_images.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_ingress.tpl b/practice/13.templating/wordpress/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..622ef50 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_ingress.tpl @@ -0,0 +1,42 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if typeIs "int" .servicePort }} + number: {{ .servicePort }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_labels.tpl b/practice/13.templating/wordpress/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_names.tpl b/practice/13.templating/wordpress/charts/common/templates/_names.tpl new file mode 100644 index 0000000..adf2a74 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_secrets.tpl b/practice/13.templating/wordpress/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..60b84a7 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_secrets.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- if index $secret.data .key }} + {{- $password = index $secret.data .key }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_storage.tpl b/practice/13.templating/wordpress/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_tplvalues.tpl b/practice/13.templating/wordpress/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_utils.tpl b/practice/13.templating/wordpress/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/_warnings.tpl b/practice/13.templating/wordpress/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/validations/_cassandra.tpl b/practice/13.templating/wordpress/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..8679ddf --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/validations/_mariadb.tpl b/practice/13.templating/wordpress/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..bb5ed72 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/validations/_mongodb.tpl b/practice/13.templating/wordpress/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..7d5ecbc --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB(R) required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/validations/_postgresql.tpl b/practice/13.templating/wordpress/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..992bcd3 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,131 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/validations/_redis.tpl b/practice/13.templating/wordpress/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..3e2a47c --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,72 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis(TM) required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $existingSecret := include "common.redis.values.existingSecret" . -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $valueKeyRedisPassword := printf "%s%s" $valueKeyPrefix "password" -}} + {{- $valueKeyRedisUsePassword := printf "%s%s" $valueKeyPrefix "usePassword" -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $usePassword := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUsePassword "context" .context) -}} + {{- if eq $usePassword "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Redis Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.redis.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Redis(TM) is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.redis.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/templates/validations/_validations.tpl b/practice/13.templating/wordpress/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/common/values.yaml b/practice/13.templating/wordpress/charts/common/values.yaml new file mode 100644 index 0000000..9ecdc93 --- /dev/null +++ b/practice/13.templating/wordpress/charts/common/values.yaml @@ -0,0 +1,3 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +exampleValue: common-chart diff --git a/practice/13.templating/wordpress/charts/mariadb/.helmignore b/practice/13.templating/wordpress/charts/mariadb/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/practice/13.templating/wordpress/charts/mariadb/Chart.lock b/practice/13.templating/wordpress/charts/mariadb/Chart.lock new file mode 100644 index 0000000..f7ed108 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.4.0 +digest: sha256:f8634e5c0ac4598321ccb7148b2d2495c1c4d5e503219a632a4dd145cd81e56a +generated: "2021-02-22T16:23:35.857706+01:00" diff --git a/practice/13.templating/wordpress/charts/mariadb/Chart.yaml b/practice/13.templating/wordpress/charts/mariadb/Chart.yaml new file mode 100644 index 0000000..dd9695b --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 10.5.9 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: Fast, reliable, scalable, and easy to use open-source relational database + system. MariaDB Server is intended for mission-critical, heavy-load production systems + as well as for embedding into mass-deployed software. Highly available MariaDB cluster. +home: https://github.com/bitnami/charts/tree/master/bitnami/mariadb +icon: https://bitnami.com/assets/stacks/mariadb/img/mariadb-stack-220x234.png +keywords: +- mariadb +- mysql +- database +- sql +- prometheus +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: mariadb +sources: +- https://github.com/bitnami/bitnami-docker-mariadb +- https://github.com/prometheus/mysqld_exporter +- https://mariadb.org +version: 9.3.4 diff --git a/practice/13.templating/wordpress/charts/mariadb/README.md b/practice/13.templating/wordpress/charts/mariadb/README.md new file mode 100644 index 0000000..f72ce0f --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/README.md @@ -0,0 +1,391 @@ +# MariaDB + +[MariaDB](https://mariadb.org) is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, Facebook and Google. + +MariaDB is developed as open source software and as a relational database it provides an SQL interface for accessing data. The latest versions of MariaDB also include GIS and JSON features. + +## TL;DR + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/mariadb +``` + +## Introduction + +This chart bootstraps a [MariaDB](https://github.com/bitnami/bitnami-docker-mariadb) replication cluster deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release bitnami/mariadb +``` + +The command deploys MariaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following table lists the configurable parameters of the MariaDB chart and their default values. + +| Parameter | Description | Default | +|---------------------------|-------------------------------------------------|---------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | + +### Common parameters + +| Parameter | Description | Default | +|---------------------|-----------------------------------------------------------------------------|-----------------| +| `nameOverride` | String to partially override mariadb.fullname | `nil` | +| `fullnameOverride` | String to fully override mariadb.fullname | `nil` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `commonLabels` | Labels to add to all deployed objects | `nil` | +| `commonAnnotations` | Annotations to add to all deployed objects | `[]` | +| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `nil` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `nil` | + +### MariaDB common parameters + +| Parameter | Description | Default | +|----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `image.registry` | MariaDB image registry | `docker.io` | +| `image.repository` | MariaDB image name | `bitnami/mariadb` | +| `image.tag` | MariaDB image tag | `{TAG_NAME}` | +| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | +| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | _random 10 character alphanumeric string_ | +| `auth.database` | Name for a custom database to create | `my_database` | +| `auth.username` | Name for a custom user to create | `""` | +| `auth.password` | Password for the new user. Ignored if existing secret is provided | _random 10 character long alphanumeric string_ | +| `auth.replicationUser` | MariaDB replication user | `nil` | +| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | _random 10 character long alphanumeric string_ | +| `auth.forcePassword` | Force users to specify required passwords | `false` | +| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` | +| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | +| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | + +### MariaDB Primary parameters + +| Parameter | Description | Default | +|----------------------------------------------|-------------------------------------------------------------------------------------------------------------------|--------------------------------| +| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `nil` | +| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `nil` | +| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | Check `values.yaml` file | +| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration | `nil` | +| `primary.hostAliases` | Add deployment host aliases | `[]` | +| `primary.updateStrategy` | Update strategy type for the MariaDB primary statefulset | `RollingUpdate` | +| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` (evaluated as a template) | +| `primary.podLabels` | Additional pod labels for MariaDB primary pods | `{}` (evaluated as a template) | +| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` (evaluated as a template) | +| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` (evaluated as a template) | +| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` (evaluated as a template) | +| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `nil` | +| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` | +| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` | +| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` | +| `primary.livenessProbe` | Liveness probe configuration for MariaDB primary containers | Check `values.yaml` file | +| `primary.readinessProbe` | Readiness probe configuration for MariaDB primary containers | Check `values.yaml` file | +| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `nil` | +| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `nil` | +| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` | +| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` | +| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `{}` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `nil` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `nil` | +| `primary.extraFlags` | MariaDB primary additional command line flags | `nil` | +| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim` | `true` | +| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `nil` | +| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` (evaluated as a template) | +| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `nil` | +| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `[ReadWriteOnce]` | +| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` | +| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` (evaluated as a template) | +| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `{}` (evaluated as a template) | +| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `{}` (evaluated as a template) | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `{}` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `{}` | +| `primary.service.type` | MariaDB Primary K8s service type | `ClusterIP` | +| `primary.service.clusterIP` | MariaDB Primary K8s service clusterIP IP | `nil` | +| `primary.service.port` | MariaDB Primary K8s service port | `3306` | +| `primary.service.nodePort` | MariaDB Primary K8s service node port | `nil` | +| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` | +| `primary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` | +| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that should remain scheduled | `1` | +| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that may be made unavailable | `nil` | + +### MariaDB Secondary parameters + +| Parameter | Description | Default | +|------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|--------------------------------| +| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `nil` | +| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `nil` | +| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | Check `values.yaml` file | +| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration | `nil` | +| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` | +| `secondary.updateStrategy` | Update strategy type for the MariaDB secondary statefulset | `RollingUpdate` | +| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` (evaluated as a template) | +| `secondary.hostAliases` | Add deployment host aliases | `[]` | +| `secondary.podLabels` | Additional pod labels for MariaDB secondary pods | `{}` (evaluated as a template) | +| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | +| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | +| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` (evaluated as a template) | +| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` (evaluated as a template) | +| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` (evaluated as a template) | +| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `nil` | +| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` | +| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` | +| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` | +| `secondary.livenessProbe` | Liveness probe configuration for MariaDB secondary containers | Check `values.yaml` file | +| `secondary.readinessProbe` | Readiness probe configuration for MariaDB secondary containers | Check `values.yaml` file | +| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `nil` | +| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `nil` | +| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` | +| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` | +| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `{}` | +| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `nil` | +| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `nil` | +| `secondary.extraFlags` | MariaDB secondary additional command line flags | `nil` | +| `secondary.extraFlags` | MariaDB secondary additional command line flags | `nil` | +| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` | +| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` (evaluated as a template) | +| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `nil` | +| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `[ReadWriteOnce]` | +| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` | +| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` (evaluated as a template) | +| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `{}` (evaluated as a template) | +| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `{}` (evaluated as a template) | +| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `{}` | +| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `{}` | +| `secondary.service.type` | MariaDB secondary K8s service type | `ClusterIP` | +| `secondary.service.clusterIP` | MariaDB secondary K8s service clusterIP IP | `nil` | +| `secondary.service.port` | MariaDB secondary K8s service port | `3306` | +| `secondary.service.nodePort` | MariaDB secondary K8s service node port | `nil` | +| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` | +| `secondary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` | +| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` | +| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `nil` | + +### RBAC parameters + +| Parameter | Description | Default | +|------------------------------|----------------------------------------------------------|-------------------------------------------------| +| `serviceAccount.create` | Enable the creation of a ServiceAccount for MariaDB pods | `true` | +| `serviceAccount.name` | Name of the created ServiceAccount | Generated using the `mariadb.fullname` template | +| `serviceAccount.annotations` | Annotations for MariaDB Service Account | `{}` (evaluated as a template) | +| `rbac.create` | Weather to create & use RBAC resources or not | `false` | + +### Volume Permissions parameters + +| Parameter | Description | Default | +|----------------------------------------|----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | + +### Metrics parameters + +| Parameter | Description | Default | +|-------------------------------------------|-------------------------------------------------------------------------------------|---------------------------| +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Exporter image registry | `docker.io` | +| `metrics.image.repository` | Exporter image name | `bitnami/mysqld-exporter` | +| `metrics.image.tag` | Exporter image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | +| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` | +| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` | +| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` | +| `metrics.livenessProbe` | Liveness probe configuration for MariaDB prometheus exporter containers | Check `values.yaml` file | +| `metrics.readinessProbe` | Readiness probe configuration for MariaDB prometheus exporter containers | Check `values.yaml` file | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `nil` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `nil` | +| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` | +| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | +| `metrics.serviceMonitor.release` | Used to pass Labels release that sometimes should be custom for Prometheus Operator | `nil` | + +The above parameters map to the env variables defined in [bitnami/mariadb](http://github.com/bitnami/bitnami-docker-mariadb). For more information please refer to the [bitnami/mariadb](http://github.com/bitnami/bitnami-docker-mariadb) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.rootPassword=secretpassword,auth.database=app_database \ + bitnami/mariadb +``` + +The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml bitnami/mariadb +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Change MariaDB version + +To modify the MariaDB version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/mariadb/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### Initialize a fresh instance + +The [Bitnami MariaDB](https://github.com/bitnami/bitnami-docker-mariadb) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `.sql.gz` files. + +[Refer to the chart documentation for more information and a usage example](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/customize-new-instance/). + +### Sidecars and Init Containers + +If additional containers are needed in the same pod as MariaDB (such as additional metrics or logging exporters), they can be defined using the sidecars parameter. + +The Helm chart already includes sidecar containers for the Prometheus exporters. These can be activated by adding the `–enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. [See an example of configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/administration/configure-use-sidecars/). + +Similarly, additional containers can be added to MariaDB pods using the `initContainers` parameter. [See an example of configuring and using init containers](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/administration/configure-use-init-containers/). + +## Persistence + +The [Bitnami MariaDB](https://github.com/bitnami/bitnami-docker-mariadb) image stores the MariaDB data and configurations at the `/bitnami/mariadb` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning, by default. An existing PersistentVolumeClaim can also be defined. + +[Learn more about persistence in the chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/understand-chart-persistence/). + +### Adjust permissions of persistent volume mountpoint + +As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. + +As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. You can enable this initContainer by setting `volumePermissions.enabled` to `true`. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release bitnami/mariadb --set auth.rootPassword=[ROOT_PASSWORD] +``` + +| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. + +### To 9.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/administration/upgrade-helm3/). + +### To 8.0.0 + +- Several parameters were renamed or disappeared in favor of new ones on this major version: + - The terms *master* and *slave* have been replaced by the terms *primary* and *secondary*. Therefore, parameters prefixed with `master` or `slave` are now prefixed with `primary` or `secondary`, respectively. + - `securityContext.*` is deprecated in favor of `primary.podSecurityContext`, `primary.containerSecurityContext`, `secondary.podSecurityContext`, and `secondary.containerSecurityContext`. + - Credentials parameter are reorganized under the `auth` parameter. + - `replication.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. +- The default MariaDB version was updated from 10.3 to 10.5. According to the official documentation, upgrading from 10.3 should be painless. However, there are some things that have changed which could affect an upgrade: + - [Incompatible changes upgrading from MariaDB 10.3 to MariaDB 10.4](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104). + - [Incompatible changes upgrading from MariaDB 10.4 to MariaDB 10.5](https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105). +- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). +- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +Consequences: + +Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MariaDB chart, and migrate the data from your previous release. You have 2 alternatives to do so: + +- Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://mariadb.com/kb/en/mysqldump/). +- Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`: + +```bash +$ helm install mariadb bitnami/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] +``` + +| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. + +### To 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17308 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +### To 6.0.0 + +MariaDB version was updated from 10.1 to 10.3, there are no changes in the chart itself. According to the official documentation, upgrading from 10.1 should be painless. However, there are some things that have changed which could affect an upgrade: + +- [Incompatible changes upgrading from MariaDB 10.1 to MariaDB 10.2](https://mariadb.com/kb/en/library/upgrading-from-mariadb-101-to-mariadb-102//#incompatible-changes-between-101-and-102) +- [Incompatible changes upgrading from MariaDB 10.2 to MariaDB 10.3](https://mariadb.com/kb/en/library/upgrading-from-mariadb-102-to-mariadb-103/#incompatible-changes-between-102-and-103) + +### To 5.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is mariadb: + +```console +$ kubectl delete statefulset opencart-mariadb --cascade=false +``` diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/.helmignore b/practice/13.templating/wordpress/charts/mariadb/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/Chart.yaml b/practice/13.templating/wordpress/charts/mariadb/charts/common/Chart.yaml new file mode 100644 index 0000000..725db2c --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.4.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- http://www.bitnami.com/ +type: library +version: 1.4.0 diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/README.md b/practice/13.templating/wordpress/charts/mariadb/charts/common/README.md new file mode 100644 index 0000000..7287cbb --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/README.md @@ -0,0 +1,322 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|--------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Inpput | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for RedisTM are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets. + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_affinities.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..493a6dc --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_affinities.tpl @@ -0,0 +1,94 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_capabilities.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..4dde56a --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_capabilities.tpl @@ -0,0 +1,95 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_errors.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..d6d3ec6 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_errors.tpl @@ -0,0 +1,20 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_images.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_images.tpl new file mode 100644 index 0000000..aafde9f --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_images.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_ingress.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..622ef50 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_ingress.tpl @@ -0,0 +1,42 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if typeIs "int" .servicePort }} + number: {{ .servicePort }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_labels.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_names.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_names.tpl new file mode 100644 index 0000000..adf2a74 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_secrets.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..60b84a7 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_secrets.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- if index $secret.data .key }} + {{- $password = index $secret.data .key }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_storage.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_tplvalues.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_utils.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_warnings.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_cassandra.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..8679ddf --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_mariadb.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..bb5ed72 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_mongodb.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..7d5ecbc --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB(R) required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_postgresql.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..992bcd3 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,131 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_redis.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..3e2a47c --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,72 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis(TM) required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $existingSecret := include "common.redis.values.existingSecret" . -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $valueKeyRedisPassword := printf "%s%s" $valueKeyPrefix "password" -}} + {{- $valueKeyRedisUsePassword := printf "%s%s" $valueKeyPrefix "usePassword" -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $usePassword := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUsePassword "context" .context) -}} + {{- if eq $usePassword "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Redis Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.redis.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Redis(TM) is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.redis.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_validations.tpl b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/charts/common/values.yaml b/practice/13.templating/wordpress/charts/mariadb/charts/common/values.yaml new file mode 100644 index 0000000..9ecdc93 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/charts/common/values.yaml @@ -0,0 +1,3 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +exampleValue: common-chart diff --git a/practice/13.templating/wordpress/charts/mariadb/ci/values-production-with-rbac-and-metrics.yaml b/practice/13.templating/wordpress/charts/mariadb/ci/values-production-with-rbac-and-metrics.yaml new file mode 100644 index 0000000..2f1a8d9 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/ci/values-production-with-rbac-and-metrics.yaml @@ -0,0 +1,33 @@ +# Test values file for generating all of the yaml and check that +# the rendering is correct +architecture: replication +auth: + usePasswordFiles: true + +primary: + extraEnvVars: + - name: TEST + value: "3" + extraEnvVarsSecret: example-secret + extraEnvVarsCM: example-cm + podDisruptionBudget: + create: true + +secondary: + replicaCount: 2 + extraEnvVars: + - name: TEST + value: "2" + extraEnvVarsSecret: example-secret-2 + extraEnvVarsCM: example-cm-2 + podDisruptionBudget: + create: true + +serviceAccount: + create: true + name: mariadb-service-account +rbac: + create: true + +metrics: + enabled: true diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/NOTES.txt b/practice/13.templating/wordpress/charts/mariadb/templates/NOTES.txt new file mode 100644 index 0000000..efb4193 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/NOTES.txt @@ -0,0 +1,50 @@ + +Please be patient while the chart is being deployed + +Tip: + + Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }} -l release={{ .Release.Name }} + +Services: + + echo Primary: {{ include "mariadb.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.primary.service.port }} +{{- if eq .Values.architecture "replication" }} + echo Secondary: {{ include "mariadb.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.secondary.service.port }} +{{- end }} + +Administrator credentials: + + Username: root + Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mariadb.secretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) + +To connect to your database: + + 1. Run a pod that you can use as a client: + + kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mariadb.image" . }} --namespace {{ .Release.Namespace }} --command -- bash + + 2. To connect to primary service (read/write): + + mysql -h {{ include "mariadb.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p {{ .Values.auth.database }} + +{{- if eq .Values.architecture "replication" }} + + 3. To connect to secondary service (read-only): + + mysql -h {{ include "mariadb.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p {{ .Values.auth.database }} +{{- end }} + +To upgrade this helm chart: + + 1. Obtain the password as described on the 'Administrator credentials' section and set the 'auth.rootPassword' parameter as shown below: + + ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mariadb.secretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) + helm upgrade {{ .Release.Name }} bitnami/mariadb --set auth.rootPassword=$ROOT_PASSWORD + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "mariadb.validateValues" . }} +{{- if not .Values.auth.customPasswordFiles -}} + {{- $passwordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" (include "common.names.fullname" .) "context" $) -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/_helpers.tpl b/practice/13.templating/wordpress/charts/mariadb/templates/_helpers.tpl new file mode 100644 index 0000000..4a8bf7f --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/_helpers.tpl @@ -0,0 +1,150 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "mariadb.primary.fullname" -}} +{{- if eq .Values.architecture "replication" }} +{{- printf "%s-%s" (include "common.names.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- include "common.names.fullname" . -}} +{{- end -}} +{{- end -}} + +{{- define "mariadb.secondary.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "secondary" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper MariaDB image name +*/}} +{{- define "mariadb.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper metrics image name +*/}} +{{- define "mariadb.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mariadb.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mariadb.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{ template "mariadb.initdbScriptsCM" . }} +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mariadb.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mariadb.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mariadb.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MariaDB Primary configuration +*/}} +{{- define "mariadb.primary.configmapName" -}} +{{- if .Values.primary.existingConfigmap -}} + {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s" (include "mariadb.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MariaDB Secondary +*/}} +{{- define "mariadb.primary.createConfigmap" -}} +{{- if and .Values.primary.configuration (not .Values.primary.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MariaDB Primary configuration +*/}} +{{- define "mariadb.secondary.configmapName" -}} +{{- if .Values.secondary.existingConfigmap -}} + {{- printf "%s" (tpl .Values.secondary.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s" (include "mariadb.secondary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MariaDB Secondary +*/}} +{{- define "mariadb.secondary.createConfigmap" -}} +{{- if and (eq .Values.architecture "replication") .Values.secondary.configuration (not .Values.secondary.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with MariaDB credentials +*/}} +{{- define "mariadb.secretName" -}} + {{- if .Values.auth.existingSecret -}} + {{- printf "%s" .Values.auth.existingSecret -}} + {{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for MariaDB +*/}} +{{- define "mariadb.createSecret" -}} +{{- if and (not .Values.auth.existingSecret) (not .Values.auth.customPasswordFiles) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mariadb.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "mariadb.validateValues.architecture" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of MariaDB - must provide a valid architecture */}} +{{- define "mariadb.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}} +mariadb: architecture + Invalid architecture selected. Valid values are "standalone" and + "replication". Please set a valid architecture (--set architecture="xxxx") +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/extra-list.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/primary/configmap.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/primary/configmap.yaml new file mode 100644 index 0000000..8ee5f03 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/primary/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mariadb.primary.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mariadb.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + my.cnf: |- +{{ .Values.primary.configuration | indent 4 }} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/primary/initialization-configmap.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/primary/initialization-configmap.yaml new file mode 100644 index 0000000..826b597 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/primary/initialization-configmap.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "mariadb.primary.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary +data: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{ end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/primary/pdb.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/primary/pdb.yaml new file mode 100644 index 0000000..4ca1bf8 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/primary/pdb.yaml @@ -0,0 +1,25 @@ +{{- if .Values.primary.pdb.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "mariadb.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.primary.pdb.minAvailable }} + minAvailable: {{ .Values.primary.pdb.minAvailable }} + {{- end }} + {{- if .Values.primary.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.primary.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/primary/statefulset.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/primary/statefulset.yaml new file mode 100644 index 0000000..5bbbc4f --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/primary/statefulset.yaml @@ -0,0 +1,338 @@ +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "mariadb.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary + serviceName: {{ include "mariadb.primary.fullname" . }} + updateStrategy: + type: {{ .Values.primary.updateStrategy }} + {{- if (eq "Recreate" .Values.primary.updateStrategy) }} + rollingUpdate: null + {{- else if .Values.primary.rollingUpdatePartition }} + rollingUpdate: + partition: {{ .Values.primary.rollingUpdatePartition }} + {{- end }} + template: + metadata: + annotations: + {{- if (include "mariadb.primary.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.primary.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "mariadb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.primary.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mariadb.serviceAccountName" . }} + {{- if .Values.primary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.primary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.priorityClassName }} + priorityClassName: {{ .Values.primary.priorityClassName | quote }} + {{- else if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.primary.podSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if or .Values.primary.initContainers (and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled) }} + initContainers: + {{- if .Values.primary.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled }} + - name: volume-permissions + image: {{ include "mariadb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} /bitnami/mariadb + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/mariadb + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: mariadb + image: {{ include "mariadb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.primary.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_ROOT_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }} + {{- else }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-root-password + {{- end }} + {{- if not (empty .Values.auth.username) }} + - name: MARIADB_USER + value: {{ .Values.auth.username | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-password" .Values.auth.customPasswordFiles.user }} + {{- else }} + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-password + {{- end }} + {{- end }} + - name: MARIADB_DATABASE + value: {{ .Values.auth.database | quote }} + {{- if eq .Values.architecture "replication" }} + - name: MARIADB_REPLICATION_MODE + value: "master" + - name: MARIADB_REPLICATION_USER + value: {{ .Values.auth.replicationUser | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_REPLICATION_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-replication-password" .Values.auth.customPasswordFiles.replicator }} + {{- else }} + - name: MARIADB_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-replication-password + {{- end }} + {{- end }} + {{- if .Values.primary.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: "{{ .Values.primary.extraFlags }}" + {{- end }} + {{- if .Values.primary.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }} + envFrom: + {{- if .Values.primary.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.primary.extraEnvVarsCM }} + {{- end }} + {{- if .Values.primary.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.primary.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + {{- if .Values.primary.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.primary.livenessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") + fi + mysqladmin status -uroot -p"${password_aux}" + {{- else if .Values.primary.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.primary.readinessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") + fi + mysqladmin status -uroot -p"${password_aux}" + {{- else if .Values.primary.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.resources }} + resources: {{ toYaml .Values.primary.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/mariadb + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} + - name: config + mountPath: /opt/bitnami/mariadb/conf/my.cnf + subPath: my.cnf + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + - name: mariadb-credentials + mountPath: /opt/bitnami/mariadb/secrets/ + {{- end }} + {{- if .Values.primary.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "mariadb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_ROOT_PASSWORD_FILE + value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }} + {{- else }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-root-password + {{- end }} + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") + fi + DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} + ports: + - name: metrics + containerPort: 9104 + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + volumeMounts: + - name: mariadb-credentials + mountPath: /opt/bitnami/mysqld-exporter/secrets/ + {{- end }} + {{- end }} + {{- if .Values.primary.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} + - name: config + configMap: + name: {{ include "mariadb.primary.configmapName" . }} + {{- end }} + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mariadb.initdbScriptsCM" . }} + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + - name: mariadb-credentials + secret: + secretName: {{ template "mariadb.secretName" . }} + items: + - key: mariadb-root-password + path: mariadb-root-password + - key: mariadb-password + path: mariadb-password + {{- if eq .Values.architecture "replication" }} + - key: mariadb-replication-password + path: mariadb-replication-password + {{- end }} + {{- end }} + {{- if .Values.primary.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl .Values.primary.persistence.existingClaim . }} + {{- else if not .Values.primary.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + labels: {{ include "common.labels.matchLabels" . | nindent 10 }} + app.kubernetes.io/component: primary + spec: + accessModes: + {{- range .Values.primary.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.primary.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) }} + {{- if .Values.primary.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/primary/svc.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/primary/svc.yaml new file mode 100644 index 0000000..9b60dd6 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/primary/svc.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mariadb.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.primary.service.type }} + {{- if and (eq .Values.primary.service.type "ClusterIP") .Values.primary.service.clusterIP }} + clusterIP: {{ .Values.primary.service.clusterIP }} + {{- end }} + {{- if and .Values.primary.service.loadBalancerIP (eq .Values.primary.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - name: mysql + port: {{ .Values.primary.service.port }} + protocol: TCP + targetPort: mysql + {{- if (and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) .Values.primary.service.nodePort) }} + nodePort: {{ .Values.primary.service.nodePort }} + {{- else if eq .Values.primary.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: 9104 + protocol: TCP + targetPort: metrics + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/role.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/role.yaml new file mode 100644 index 0000000..4cbdd5c --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/role.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/rolebinding.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/rolebinding.yaml new file mode 100644 index 0000000..3c55938 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +subjects: + - kind: ServiceAccount + name: {{ include "mariadb.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.names.fullname" . -}} +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/secondary/configmap.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/secondary/configmap.yaml new file mode 100644 index 0000000..e672c05 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/secondary/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mariadb.secondary.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mariadb.secondary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + my.cnf: |- +{{ .Values.secondary.configuration | indent 4 }} +{{- end -}} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/secondary/pdb.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/secondary/pdb.yaml new file mode 100644 index 0000000..f5c7e26 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/secondary/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (eq .Values.architecture "replication") .Values.secondary.pdb.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "mariadb.secondary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.secondary.pdb.minAvailable }} + minAvailable: {{ .Values.secondary.pdb.minAvailable }} + {{- end }} + {{- if .Values.secondary.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.secondary.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: secondary +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/secondary/statefulset.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/secondary/statefulset.yaml new file mode 100644 index 0000000..2fca880 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/secondary/statefulset.yaml @@ -0,0 +1,311 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "mariadb.secondary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.secondary.replicaCount }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: secondary + serviceName: {{ include "mariadb.secondary.fullname" . }} + updateStrategy: + type: {{ .Values.secondary.updateStrategy }} + {{- if (eq "Recreate" .Values.secondary.updateStrategy) }} + rollingUpdate: null + {{- else if .Values.secondary.rollingUpdatePartition }} + rollingUpdate: + partition: {{ .Values.secondary.rollingUpdatePartition }} + {{- end }} + template: + metadata: + annotations: + {{- if (include "mariadb.secondary.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/secondary/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.secondary.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "mariadb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mariadb.serviceAccountName" . }} + {{- if .Values.secondary.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.secondary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAffinityPreset "component" "secondary" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAntiAffinityPreset "component" "secondary" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.secondary.nodeAffinityPreset.type "key" .Values.secondary.nodeAffinityPreset.key "values" .Values.secondary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.secondary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.secondary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.secondary.priorityClassName }} + priorityClassName: {{ .Values.secondary.priorityClassName | quote }} + {{- else if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.secondary.podSecurityContext.enabled }} + securityContext: {{- omit .Values.secondary.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if or .Values.secondary.initContainers (and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled) }} + initContainers: + {{- if .Values.secondary.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled }} + - name: volume-permissions + image: {{ include "mariadb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.secondary.containerSecurityContext.runAsUser }}:{{ .Values.secondary.podSecurityContext.fsGroup }} /bitnami/mariadb + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/mariadb + {{- if .Values.secondary.persistence.subPath }} + subPath: {{ .Values.secondary.persistence.subPath }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: mariadb + image: {{ include "mariadb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.secondary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.secondary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.secondary.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.secondary.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: MARIADB_REPLICATION_MODE + value: "slave" + - name: MARIADB_MASTER_HOST + value: {{ include "mariadb.primary.fullname" . }} + - name: MARIADB_MASTER_PORT_NUMBER + value: {{ .Values.primary.service.port | quote }} + - name: MARIADB_MASTER_ROOT_USER + value: "root" + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_MASTER_ROOT_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }} + {{- else }} + - name: MARIADB_MASTER_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-root-password + {{- end }} + - name: MARIADB_REPLICATION_USER + value: {{ .Values.auth.replicationUser | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_REPLICATION_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-replication-password" .Values.auth.customPasswordFiles.replicator }} + {{- else }} + - name: MARIADB_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-replication-password + {{- end }} + {{- if .Values.secondary.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: "{{ .Values.secondary.extraFlags }}" + {{- end }} + {{- if .Values.secondary.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.secondary.extraEnvVarsCM .Values.secondary.extraEnvVarsSecret }} + envFrom: + {{- if .Values.secondary.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.secondary.extraEnvVarsCM }} + {{- end }} + {{- if .Values.secondary.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.secondary.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + {{- if .Values.secondary.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.secondary.livenessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_MASTER_ROOT_PASSWORD_FILE") + fi + mysqladmin status -uroot -p"${password_aux}" + {{- else if .Values.secondary.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.secondary.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.secondary.readinessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_MASTER_ROOT_PASSWORD_FILE") + fi + mysqladmin status -uroot -p"${password_aux}" + {{- else if .Values.secondary.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.secondary.resources }} + resources: {{ toYaml .Values.secondary.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/mariadb + {{- if .Values.secondary.persistence.subPath }} + subPath: {{ .Values.secondary.persistence.subPath }} + {{- end }} + {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} + - name: config + mountPath: /opt/bitnami/mariadb/conf/my.cnf + subPath: my.cnf + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + - name: mariadb-credentials + mountPath: /opt/bitnami/mariadb/secrets/ + {{- end }} + {{- if .Values.secondary.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "mariadb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_ROOT_PASSWORD_FILE + value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }} + {{- else }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-root-password + {{- end }} + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") + fi + DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.secondary }} {{ . }} {{- end }} + ports: + - name: metrics + containerPort: 9104 + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + volumeMounts: + - name: mariadb-credentials + mountPath: /opt/bitnami/mysqld-exporter/secrets/ + {{- end }} + {{- end }} + {{- if .Values.secondary.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} + - name: config + configMap: + name: {{ include "mariadb.secondary.configmapName" . }} + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + - name: mariadb-credentials + secret: + secretName: {{ template "mariadb.secretName" . }} + items: + - key: mariadb-root-password + path: mariadb-root-password + - key: mariadb-replication-password + path: mariadb-replication-password + {{- end }} + {{- if .Values.secondary.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.secondary.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + labels: {{ include "common.labels.matchLabels" . | nindent 10 }} + app.kubernetes.io/component: secondary + spec: + accessModes: + {{- range .Values.secondary.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.secondary.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.secondary.persistence "global" .Values.global) }} + {{- if .Values.secondary.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- end }} +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/secondary/svc.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/secondary/svc.yaml new file mode 100644 index 0000000..a0da812 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/secondary/svc.yaml @@ -0,0 +1,51 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mariadb.secondary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.secondary.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.secondary.service.type }} + {{- if and (eq .Values.secondary.service.type "ClusterIP") .Values.secondary.service.clusterIP }} + clusterIP: {{ .Values.secondary.service.clusterIP }} + {{- end }} + {{- if and .Values.secondary.service.loadBalancerIP (eq .Values.secondary.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.secondary.service.type "LoadBalancer") .Values.secondary.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.secondary.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - name: mysql + port: {{ .Values.secondary.service.port }} + protocol: TCP + targetPort: mysql + {{- if (and (or (eq .Values.secondary.service.type "NodePort") (eq .Values.secondary.service.type "LoadBalancer")) .Values.secondary.service.nodePort) }} + nodePort: {{ .Values.secondary.service.nodePort }} + {{- else if eq .Values.secondary.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: 9104 + protocol: TCP + targetPort: metrics + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: secondary +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/secrets.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/secrets.yaml new file mode 100644 index 0000000..1d08e2c --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/secrets.yaml @@ -0,0 +1,39 @@ +{{- if eq (include "mariadb.createSecret" .) "true" }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if not (empty .Values.auth.rootPassword) }} + mariadb-root-password: {{ .Values.auth.rootPassword | b64enc | quote }} + {{- else if (not .Values.auth.forcePassword) }} + mariadb-root-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.auth.rootPassword }} + {{- end }} + {{- if and (not (empty .Values.auth.username)) (not (empty .Values.auth.password)) }} + mariadb-password: {{ .Values.auth.password | b64enc | quote }} + {{- else if (not .Values.auth.forcePassword) }} + mariadb-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.auth.password }} + {{- end }} + {{- if eq .Values.architecture "replication" }} + {{- if not (empty .Values.auth.replicationPassword) }} + mariadb-replication-password: {{ .Values.auth.replicationPassword | b64enc | quote }} + {{- else if (not .Values.auth.forcePassword) }} + mariadb-replication-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mariadb-replication-password: {{ required "A MariaDB Replication Password is required!" .Values.auth.replicationPassword }} + {{- end }} + {{- end }} +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/serviceaccount.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/serviceaccount.yaml new file mode 100644 index 0000000..ec83685 --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mariadb.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/templates/servicemonitor.yaml b/practice/13.templating/wordpress/charts/mariadb/templates/servicemonitor.yaml new file mode 100644 index 0000000..273e58e --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/templates/servicemonitor.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/practice/13.templating/wordpress/charts/mariadb/values.schema.json b/practice/13.templating/wordpress/charts/mariadb/values.schema.json new file mode 100644 index 0000000..500c4eb --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/values.schema.json @@ -0,0 +1,176 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "MariaDB architecture", + "form": true, + "description": "Allowed values: `standalone` or `replication`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "rootPassword": { + "type": "string", + "title": "MariaDB root password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set" + }, + "database": { + "type": "string", + "title": "MariaDB custom database", + "description": "Name of the custom database to be created during the 1st initialization of MariaDB", + "form": true + }, + "username": { + "type": "string", + "title": "MariaDB custom user", + "description": "Name of the custom user to be created during the 1st initialization of MariaDB. This user only has permissions on the MariaDB custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for MariaDB custom user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true, + "hidden": { + "value": false, + "path": "usePassword" + } + }, + "replicationUser": { + "type": "string", + "title": "MariaDB replication user", + "description": "Name of user used to manage replication.", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "replicationPassword": { + "type": "string", + "title": "Password for MariaDB replication user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "primary": { + "type": "object", + "title": "Primary replicas settings", + "form": true, + "properties": { + "persistence": { + "type": "object", + "title": "Persistence for primary replicas", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + } + } + }, + "secondary": { + "type": "object", + "title": "Secondary replicas settings", + "form": true, + "hidden": { + "value": false, + "path": "replication/enabled" + }, + "properties": { + "persistence": { + "type": "object", + "title": "Persistence for secondary replicas", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus metrics exporter", + "description": "Create a side-car container to expose Prometheus metrics", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/practice/13.templating/wordpress/charts/mariadb/values.yaml b/practice/13.templating/wordpress/charts/mariadb/values.yaml new file mode 100644 index 0000000..433161d --- /dev/null +++ b/practice/13.templating/wordpress/charts/mariadb/values.yaml @@ -0,0 +1,871 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami MariaDB image +## ref: https://hub.docker.com/r/bitnami/mariadb/tags/ +## +image: + registry: docker.io + repository: bitnami/mariadb + tag: 10.5.9-debian-10-r0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false + +## String to partially override mariadb.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override mariadb.fullname template +## +# fullnameOverride: + +## Cluster domain +## +clusterDomain: cluster.local + +## Common annotations to add to all MariaDB resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} + +## Common labels to add to all MariaDB resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## MariaDB architecture. Allowed values: standalone or replication +## +architecture: standalone + +## MariaDB Authentication parameters +## +auth: + ## MariaDB root password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run + ## + rootPassword: "" + ## MariaDB custom user and database + ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run + ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run + ## + database: my_database + username: "" + password: "" + ## MariaDB replication user and password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-up-a-replication-cluster + ## + replicationUser: replicator + replicationPassword: "" + ## Existing secret with MariaDB credentials + ## NOTE: When it's set the previous parameters are ignored. + ## + # existingSecret: name-of-existing-secret + ## Force users to specify required passwords + ## + forcePassword: false + ## Mount credentials as files instead of using an environment variable + ## + usePasswordFiles: false + ## Use custom secret files other than chart provided when usePasswordFiles is set to "true" + ## Example: + ## customPasswordFiles: + ## root: /vault/secrets/mariadb-root + ## user: /vault/secrets/mariadb-user + ## replicator: /vault/secrets/mariadb-replicator + ## + customPasswordFiles: {} + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} + +## Existing ConfigMap with custom init scripts +## +# initdbScriptsConfigMap: + +## Mariadb Primary parameters +## +primary: + ## Command and args for running the container (set to default if not set). Use array form + ## + command: [] + args: [] + + ## Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + + ## Configure MariaDB Primary with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + configuration: |- + [mysqld] + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mariadb + plugin_dir=/opt/bitnami/mariadb/plugin + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + tmpdir=/opt/bitnami/mariadb/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + log-error=/opt/bitnami/mariadb/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + default-character-set=UTF8 + plugin_dir=/opt/bitnami/mariadb/plugin + + [manager] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + + ## Name of existing ConfigMap with MariaDB Primary configuration. + ## NOTE: When it's set the 'configuration' parameter is ignored + ## + # existingConfiguration: + + ## updateStrategy for Mariadb Primary statefulset + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: RollingUpdate + + ## Partition update strategy for Mariadb Primary statefulset + ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions + ## + # rollingUpdatePartition: + + ## Mariadb Primary pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Mariadb Primary pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + + ## Mariadb Primary pod anti-affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + + ## Mariadb Primary node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + + ## Affinity for MariaDB primary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + + ## Node labels for MariaDB primary pods assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for MariaDB primary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Priority class for MariaDB primary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + + ## MariaDB primary Pod security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + + ## MariaDB primary container security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + + ## MariaDB primary container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # memory: 256Mi + # cpu: 100m + requests: {} + # memory: 256Mi + # cpu: 100m + + ## MariaDB primary container's liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + ## MariaDB primary custom liveness probe + ## + customLivenessProbe: {} + + ## MariaDB primary custom rediness probe + ## + customReadinessProbe: {} + + ## MariaDB primary additional command line flags + ## Can be used to specify command line flags, for example: + ## E.g. + ## extraFlags: "--max-connect-errors=1000 --max_connections=155" + ## + extraFlags: "" + + ## An array to add extra environment variables on MariaDB primary containers + ## E.g. + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: [] + + ## ConfigMap with extra env vars for MariaDB primary containers: + ## + extraEnvVarsCM: "" + + ## Secret with extra env vars for MariaDB primary containers: + ## + extraEnvVarsSecret: "" + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## Name of existing PVC to hold MariaDB Primary data + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + # existingClaim: + ## Subdirectory of the volume to mount + # subPath: + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + + ## Extra volumes to add to the MariaDB Primary pod(s) + ## + extraVolumes: [] + + ## Extra volume mounts to add to the MariaDB Primary container(s) + ## + extraVolumeMounts: [] + + ## Extra init containers to add to the MariaDB Primary pod(s) + ## + initContainers: [] + + ## Extra sidecar containers to add to the MariaDB Primary pod(s) + ## + sidecars: [] + + ## MariaDB Primary Service parameters + ## + service: + ## Service type + ## + type: ClusterIP + ## Service port + ## + port: 3306 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## Service clusterIP + ## + # clusterIP: None + clusterIP: "" + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## E.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## Provide any additional annotations which may be required + ## + annotations: {} + + ## MariaDB primary Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + enabled: false + ## Min number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## Max number of pods that can be unavailable after the eviction + ## + # maxUnavailable: 1 + +## Mariadb Secondary parameters +## +secondary: + ## Number of Mariadb Secondary replicas to deploy + ## + replicaCount: 1 + + ## Command and args for running the container (set to default if not set). Use array form + ## + command: [] + args: [] + + ## Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + + ## Configure MariaDB Secondary with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + configuration: |- + [mysqld] + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mariadb + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + tmpdir=/opt/bitnami/mariadb/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + log-error=/opt/bitnami/mariadb/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + default-character-set=UTF8 + + [manager] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + + ## Name of existing ConfigMap with MariaDB Secondary configuration. + ## NOTE: When it's set the 'configuration' parameter is ignored + ## + # existingConfiguration: + + ## updateStrategy for Mariadb Secondary statefulset + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: RollingUpdate + + ## Partition update strategy for Mariadb Secondary statefulset + ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions + ## + # rollingUpdatePartition: + + ## Mariadb Secondary pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Mariadb Secondary pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + + ## Mariadb Secondary pod anti-affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + + ## Mariadb Secondary node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + + ## Affinity for MariaDB secondary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + + ## Node labels for MariaDB secondary pods assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for MariaDB secondary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Priority class for MariaDB secondary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + + ## MariaDB secondary Pod security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + + ## MariaDB secondary container security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + + ## MariaDB secondary container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # memory: 256Mi + # cpu: 100m + requests: {} + # memory: 256Mi + # cpu: 100m + + ## MariaDB secondary container's liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + ## MariaDB secondary custom liveness probe + ## + customLivenessProbe: {} + + ## MariaDB secondary custom rediness probe + ## + customReadinessProbe: {} + + ## MariaDB secondary additional command line flags + ## Can be used to specify command line flags, for example: + ## E.g. + ## extraFlags: "--max-connect-errors=1000 --max_connections=155" + ## + extraFlags: "" + + ## An array to add extra environment variables on MariaDB secondary containers + ## E.g. + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: [] + + ## ConfigMap with extra env vars for MariaDB secondary containers: + ## + extraEnvVarsCM: "" + + ## Secret with extra env vars for MariaDB secondary containers: + ## + extraEnvVarsSecret: "" + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## Subdirectory of the volume to mount + # subPath: + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + + ## Extra volumes to add to the MariaDB Secondary pod(s) + ## + extraVolumes: [] + + ## Extra volume mounts to add to the MariaDB Secondary container(s) + ## + extraVolumeMounts: [] + + ## Extra init containers to add to the MariaDB Secondary pod(s) + ## + initContainers: [] + + ## Extra sidecar containers to add to the MariaDB Secondary pod(s) + ## + sidecars: [] + + ## MariaDB Secondary Service parameters + ## + service: + ## Service type + ## + type: ClusterIP + ## Service port + ## + port: 3306 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## Service clusterIP + ## + # clusterIP: None + clusterIP: "" + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## E.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## Provide any additional annotations which may be required + ## + annotations: {} + + ## MariaDB secondary Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + enabled: false + ## Min number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## Max number of pods that can be unavailable after the eviction + ## + # maxUnavailable: 1 + +## MariaDB pods ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created + ## + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the mariadb.fullname template + ## + # name: + ## Annotations to add to the service account (evaluated as a template) + ## + annotations: {} + +## Role Based Access +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## Specifies whether RBAC rules should be created + ## + create: false + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + resources: {} + +## Mysqld Prometheus exporter parameters +## +metrics: + enabled: false + image: + registry: docker.io + repository: bitnami/mysqld-exporter + tag: 0.12.1-debian-10-r359 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" + + ## Extra args to be passed to mysqld_exporter + ## ref: https://github.com/prometheus/mysqld_exporter/ + ## E.g. + ## - --collect.auto_increment.columns + ## - --collect.binlog_size + ## - --collect.engine_innodb_status + ## - --collect.engine_tokudb_status + ## - --collect.global_status + ## - --collect.global_variables + ## - --collect.info_schema.clientstats + ## - --collect.info_schema.innodb_metrics + ## - --collect.info_schema.innodb_tablespaces + ## - --collect.info_schema.innodb_cmp + ## - --collect.info_schema.innodb_cmpmem + ## - --collect.info_schema.processlist + ## - --collect.info_schema.processlist.min_time + ## - --collect.info_schema.query_response_time + ## - --collect.info_schema.tables + ## - --collect.info_schema.tables.databases + ## - --collect.info_schema.tablestats + ## - --collect.info_schema.userstats + ## - --collect.perf_schema.eventsstatements + ## - --collect.perf_schema.eventsstatements.digest_text_limit + ## - --collect.perf_schema.eventsstatements.limit + ## - --collect.perf_schema.eventsstatements.timelimit + ## - --collect.perf_schema.eventswaits + ## - --collect.perf_schema.file_events + ## - --collect.perf_schema.file_instances + ## - --collect.perf_schema.indexiowaits + ## - --collect.perf_schema.tableiowaits + ## - --collect.perf_schema.tablelocks + ## - --collect.perf_schema.replication_group_member_stats + ## - --collect.slave_status + ## - --collect.slave_hosts + ## - --collect.heartbeat + ## - --collect.heartbeat.database + ## - --collect.heartbeat.table + ## + extraArgs: + primary: [] + secondary: [] + + ## Mysqld Prometheus exporter resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # memory: 256Mi + # cpu: 100m + requests: {} + # memory: 256Mi + # cpu: 100m + + ## Mysqld Prometheus exporter liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: false + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 30s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work + ## + # release: "" + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + +## Array with extra yaml to deploy with the chart. Evaluated as a template +## +extraDeploy: [] diff --git a/practice/13.templating/wordpress/ci/ct-values.yaml b/practice/13.templating/wordpress/ci/ct-values.yaml new file mode 100644 index 0000000..b738e2a --- /dev/null +++ b/practice/13.templating/wordpress/ci/ct-values.yaml @@ -0,0 +1,2 @@ +service: + type: ClusterIP diff --git a/practice/13.templating/wordpress/ci/ingress-wildcard-values.yaml b/practice/13.templating/wordpress/ci/ingress-wildcard-values.yaml new file mode 100644 index 0000000..b57ce6e --- /dev/null +++ b/practice/13.templating/wordpress/ci/ingress-wildcard-values.yaml @@ -0,0 +1,9 @@ +service: + type: ClusterIP + +ingress: + enabled: true + tls: true + extraHosts: + - name: "*.domain.tld" + path: / diff --git a/practice/13.templating/wordpress/ci/values-hpa-pdb.yaml b/practice/13.templating/wordpress/ci/values-hpa-pdb.yaml new file mode 100644 index 0000000..d996388 --- /dev/null +++ b/practice/13.templating/wordpress/ci/values-hpa-pdb.yaml @@ -0,0 +1,4 @@ +autoscaling: + enabled: true +pdb: + create: true diff --git a/practice/13.templating/wordpress/ci/values-metrics-and-ingress.yaml b/practice/13.templating/wordpress/ci/values-metrics-and-ingress.yaml new file mode 100644 index 0000000..45682c1 --- /dev/null +++ b/practice/13.templating/wordpress/ci/values-metrics-and-ingress.yaml @@ -0,0 +1,9 @@ +ingress: + enabled: true + tls: true + +service: + type: ClusterIP + +metrics: + enabled: true diff --git a/practice/13.templating/wordpress/templates/NOTES.txt b/practice/13.templating/wordpress/templates/NOTES.txt new file mode 100644 index 0000000..170fd3a --- /dev/null +++ b/practice/13.templating/wordpress/templates/NOTES.txt @@ -0,0 +1,82 @@ + +** Please be patient while the chart is being deployed ** + +Your WordPress site can be accessed through the following DNS name from within your cluster: + + {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.service.port }}) + +To access your WordPress site from outside the cluster follow the steps below: + +{{- if .Values.ingress.enabled }} + +1. Get the WordPress URL and associate WordPress hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "WordPress URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" + echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts + +{{- else }} +{{- $port := .Values.service.port | toString }} + +1. Get the WordPress URL by running these commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "WordPress URL: http://$NODE_IP:$NODE_PORT/" + echo "WordPress Admin URL: http://$NODE_IP:$NODE_PORT/admin" + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo "WordPress URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" + echo "WordPress Admin URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/admin" + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & + echo "WordPress URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}//" + echo "WordPress Admin URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}//admin" + +{{- end }} +{{- end }} + +2. Open a browser and access WordPress using the obtained URL. + +3. Login with the following credentials below to see your blog: + + echo Username: {{ .Values.wordpressUsername }} + echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.wordpress-password}" | base64 --decode) + +{{- if .Values.metrics.enabled }} + +You can access Apache Prometheus metrics following the steps below: + +1. Get the Apache Prometheus metrics URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} & + echo "Apache Prometheus metrics URL: http://127.0.0.1:{{ .Values.metrics.service.port }}/metrics" + +2. Open a browser and access Apache Prometheus metrics using the obtained URL. + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- $passwordValidationErrors := list -}} +{{- if not .Values.existingSecret -}} + {{- $secretName := include "wordpress.secretName" . -}} + {{- $requiredWordPressPassword := dict "valueKey" "wordpressPassword" "secret" $secretName "field" "wordpress-password" "context" $ -}} + {{- $requiredWordPressPasswordError := include "common.validations.values.single.empty" $requiredWordPressPassword -}} + {{- $passwordValidationErrors = append $passwordValidationErrors $requiredWordPressPasswordError -}} +{{- end }} +{{- if .Values.mariadb.enabled }} + {{- $mariadbSecretName := include "wordpress.databaseSecretName" . -}} + {{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} + {{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} +{{- end }} +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/practice/13.templating/wordpress/templates/_helpers.tpl b/practice/13.templating/wordpress/templates/_helpers.tpl new file mode 100644 index 0000000..61cd809 --- /dev/null +++ b/practice/13.templating/wordpress/templates/_helpers.tpl @@ -0,0 +1,134 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "wordpress.mariadb.fullname" -}} +{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper WordPress image name +*/}} +{{- define "wordpress.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "wordpress.metrics.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "wordpress.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "wordpress.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Return the proper Storage Class +*/}} +{{- define "wordpress.storageClass" -}} +{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "wordpress.customHTAccessCM" -}} +{{- printf "%s" .Values.customHTAccessCM -}} +{{- end -}} + +{{/* +Return the MariaDB Hostname +*/}} +{{- define "wordpress.databaseHost" -}} +{{- if .Values.mariadb.enabled }} + {{- if eq .Values.mariadb.architecture "replication" }} + {{- printf "%s-%s" (include "wordpress.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s" (include "wordpress.mariadb.fullname" .) -}} + {{- end -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.host -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Port +*/}} +{{- define "wordpress.databasePort" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "3306" -}} +{{- else -}} + {{- printf "%d" (.Values.externalDatabase.port | int ) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Database Name +*/}} +{{- define "wordpress.databaseName" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "%s" .Values.mariadb.auth.database -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.database -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB User +*/}} +{{- define "wordpress.databaseUser" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "%s" .Values.mariadb.auth.username -}} +{{- else -}} + {{- printf "%s" .Values.externalDatabase.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return the MariaDB Secret Name +*/}} +{{- define "wordpress.databaseSecretName" -}} +{{- if .Values.mariadb.enabled }} + {{- printf "%s" (include "wordpress.mariadb.fullname" .) -}} +{{- else if .Values.externalDatabase.existingSecret -}} + {{- printf "%s" .Values.externalDatabase.existingSecret -}} +{{- else -}} + {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the WordPress Secret Name +*/}} +{{- define "wordpress.secretName" -}} +{{- if .Values.existingSecret }} + {{- printf "%s" .Values.existingSecret -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the SMTP Secret Name +*/}} +{{- define "wordpress.smtpSecretName" -}} +{{- if .Values.smtpExistingSecret }} + {{- printf "%s" .Values.smtpExistingSecret -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/practice/13.templating/wordpress/templates/configmap.yaml b/practice/13.templating/wordpress/templates/configmap.yaml new file mode 100644 index 0000000..76c51fa --- /dev/null +++ b/practice/13.templating/wordpress/templates/configmap.yaml @@ -0,0 +1,8 @@ +{{- if .Values.customPostInitScripts }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }}-postinit +data: +{{- include "common.tplvalues.render" (dict "value" .Values.customPostInitScripts "context" $) | nindent 2 }} +{{- end }} diff --git a/practice/13.templating/wordpress/templates/deployment.yaml b/practice/13.templating/wordpress/templates/deployment.yaml new file mode 100644 index 0000000..30cba8c --- /dev/null +++ b/practice/13.templating/wordpress/templates/deployment.yaml @@ -0,0 +1,276 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.podAnnotations .Values.metrics.enabled }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "wordpress.imagePullSecrets" . | nindent 6 }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ .Values.serviceAccountName }} + {{- if .Values.hostAliases }} + # yamllint disable rule:indentation + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + # yamllint enable rule:indentation + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if or (and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled) (.Values.initContainers) }} + initContainers: + {{- if and .Values.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: "{{ template "wordpress.volumePermissions.image" . }}" + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/sh + - -cx + - | + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /bitnami/wordpress + {{- else }} + chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/wordpress + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto "}} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /bitnami/wordpress + name: wordpress-data + subPath: wordpress + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: wordpress + image: {{ template "wordpress.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" ( dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: {{- include "common.tplvalues.render" ( dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + {{- if .Values.image.debug }} + - name: NAMI_DEBUG + value: "--log-level trace" + {{- end }} + - name: ALLOW_EMPTY_PASSWORD + value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} + - name: MARIADB_HOST + value: {{ include "wordpress.databaseHost" . | quote }} + - name: MARIADB_PORT_NUMBER + value: {{ include "wordpress.databasePort" . | quote }} + - name: WORDPRESS_DATABASE_NAME + value: {{ include "wordpress.databaseName" . | quote }} + - name: WORDPRESS_DATABASE_USER + value: {{ include "wordpress.databaseUser" . | quote }} + - name: WORDPRESS_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.databaseSecretName" . }} + key: mariadb-password + - name: WORDPRESS_USERNAME + value: {{ .Values.wordpressUsername | quote }} + - name: WORDPRESS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.secretName" . }} + key: wordpress-password + - name: WORDPRESS_EMAIL + value: {{ .Values.wordpressEmail | quote }} + - name: WORDPRESS_FIRST_NAME + value: {{ .Values.wordpressFirstName | quote }} + - name: WORDPRESS_LAST_NAME + value: {{ .Values.wordpressLastName | quote }} + - name: WORDPRESS_HTACCESS_OVERRIDE_NONE + value: {{ ternary "yes" "no" .Values.allowOverrideNone | quote }} + - name: WORDPRESS_HTACCESS_PERSISTENCE_ENABLED + value: {{ ternary "yes" "no" .Values.htaccessPersistenceEnabled | quote }} + - name: WORDPRESS_BLOG_NAME + value: {{ .Values.wordpressBlogName | quote }} + - name: WORDPRESS_SKIP_INSTALL + value: {{ ternary "yes" "no" .Values.wordpressSkipInstall | quote }} + - name: WORDPRESS_TABLE_PREFIX + value: {{ .Values.wordpressTablePrefix | quote }} + - name: WORDPRESS_SCHEME + value: {{ .Values.wordpressScheme | quote }} + - name: WORDPRESS_EXTRA_WP_CONFIG_CONTENT + value: {{ .Values.wordpressExtraConfigContent | quote }} + {{- if .Values.smtpHost }} + - name: SMTP_HOST + value: {{ .Values.smtpHost | quote }} + {{- end }} + {{- if .Values.smtpPort }} + - name: SMTP_PORT + value: {{ .Values.smtpPort | quote }} + {{- end }} + {{- if .Values.smtpUser }} + - name: SMTP_USER + value: {{ .Values.smtpUser | quote }} + {{- end }} + {{- if or .Values.smtpPassword .Values.smtpExistingSecret }} + - name: SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.smtpSecretName" . }} + key: smtp-password + {{- end }} + {{- if .Values.smtpProtocol }} + - name: SMTP_PROTOCOL + value: {{ .Values.smtpProtocol | quote }} + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + - name: https + containerPort: {{ .Values.containerPorts.https }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /bitnami/wordpress + name: wordpress-data + subPath: wordpress + {{- if and .Values.allowOverrideNone .Values.customHTAccessCM }} + - mountPath: /htaccess + name: custom-htaccess + {{- end }} + {{- if .Values.customPostInitScripts }} + - mountPath: /docker-entrypoint-init.d + name: custom-postinit + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "wordpress.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + command: + - /bin/apache_exporter + - --scrape_uri + - http://status.localhost:8080/server-status/?auto + ports: + - name: metrics + containerPort: 9117 + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 15 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if and .Values.allowOverrideNone .Values.customHTAccessCM }} + - name: custom-htaccess + configMap: + name: {{ template "wordpress.customHTAccessCM" . }} + items: + - key: wordpress-htaccess.conf + path: wordpress-htaccess.conf + {{- end }} + {{- if .Values.customPostInitScripts }} + - name: custom-postinit + configMap: + name: {{ include "common.names.fullname" . }}-postinit + defaultMode: 0755 + {{- end }} + - name: wordpress-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/practice/13.templating/wordpress/templates/externaldb-secrets.yaml b/practice/13.templating/wordpress/templates/externaldb-secrets.yaml new file mode 100644 index 0000000..19fde1c --- /dev/null +++ b/practice/13.templating/wordpress/templates/externaldb-secrets.yaml @@ -0,0 +1,16 @@ +{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-externaldb" (include "common.names.fullname" .) }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }} +{{- end }} diff --git a/practice/13.templating/wordpress/templates/extra-list.yaml b/practice/13.templating/wordpress/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/practice/13.templating/wordpress/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/practice/13.templating/wordpress/templates/hpa.yaml b/practice/13.templating/wordpress/templates/hpa.yaml new file mode 100644 index 0000000..6915bc3 --- /dev/null +++ b/practice/13.templating/wordpress/templates/hpa.yaml @@ -0,0 +1,34 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ template "common.names.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- end }} + {{- if .Values.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- end }} +{{- end }} diff --git a/practice/13.templating/wordpress/templates/ingress.yaml b/practice/13.templating/wordpress/templates/ingress.yaml new file mode 100644 index 0000000..9527f78 --- /dev/null +++ b/practice/13.templating/wordpress/templates/ingress.yaml @@ -0,0 +1,59 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if or .Values.ingress.tls .Values.ingress.extraTls }} + tls: + {{- if .Values.ingress.tls }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + {{- range .Values.ingress.extraHosts }} + - {{ .name | quote }} + {{- end }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/practice/13.templating/wordpress/templates/metrics-svc.yaml b/practice/13.templating/wordpress/templates/metrics-svc.yaml new file mode 100644 index 0000000..f357bd5 --- /dev/null +++ b/practice/13.templating/wordpress/templates/metrics-svc.yaml @@ -0,0 +1,29 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + ports: + - name: metrics + port: {{ .Values.metrics.service.port }} + protocol: TCP + targetPort: metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} +{{- end }} diff --git a/practice/13.templating/wordpress/templates/pdb.yaml b/practice/13.templating/wordpress/templates/pdb.yaml new file mode 100644 index 0000000..4d32389 --- /dev/null +++ b/practice/13.templating/wordpress/templates/pdb.yaml @@ -0,0 +1,23 @@ +{{- if .Values.pdb.create }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/practice/13.templating/wordpress/templates/pvc.yaml b/practice/13.templating/wordpress/templates/pvc.yaml new file mode 100644 index 0000000..ff10453 --- /dev/null +++ b/practice/13.templating/wordpress/templates/pvc.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "wordpress.storageClass" . | nindent 2 }} + {{- if .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/practice/13.templating/wordpress/templates/secrets.yaml b/practice/13.templating/wordpress/templates/secrets.yaml new file mode 100644 index 0000000..ba218f3 --- /dev/null +++ b/practice/13.templating/wordpress/templates/secrets.yaml @@ -0,0 +1,27 @@ +{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if not .Values.existingSecret }} + {{- if .Values.wordpressPassword }} + wordpress-password: {{ .Values.wordpressPassword | b64enc | quote }} + {{- else }} + wordpress-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} + {{- end }} + {{- if and .Values.smtpPassword (not .Values.smtpExistingSecret) }} + {{- if .Values.smtpPassword }} + smtp-password: {{ .Values.smtpPassword | b64enc | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/practice/13.templating/wordpress/templates/servicemonitor.yaml b/practice/13.templating/wordpress/templates/servicemonitor.yaml new file mode 100644 index 0000000..2f18531 --- /dev/null +++ b/practice/13.templating/wordpress/templates/servicemonitor.yaml @@ -0,0 +1,37 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: metrics +{{- end }} diff --git a/practice/13.templating/wordpress/templates/svc.yaml b/practice/13.templating/wordpress/templates/svc.yaml new file mode 100644 index 0000000..4aa3d42 --- /dev/null +++ b/practice/13.templating/wordpress/templates/svc.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} + loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} + {{- end }} + {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.port }} + protocol: TCP + targetPort: http + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: https + port: {{ .Values.service.httpsPort }} + protocol: TCP + targetPort: {{ .Values.service.httpsTargetPort }} + {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} + nodePort: {{ .Values.service.nodePorts.https }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/practice/13.templating/wordpress/templates/tests/test-mariadb-connection.yaml b/practice/13.templating/wordpress/templates/tests/test-mariadb-connection.yaml new file mode 100644 index 0000000..0ca310f --- /dev/null +++ b/practice/13.templating/wordpress/templates/tests/test-mariadb-connection.yaml @@ -0,0 +1,39 @@ +{{- if .Values.mariadb.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ .Release.Name }}-credentials-test" + annotations: + "helm.sh/hook": test-success +spec: + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + containers: + - name: {{ .Release.Name }}-credentials-test + image: {{ template "wordpress.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + env: + - name: MARIADB_HOST + value: {{ include "wordpress.databaseHost" . | quote }} + - name: MARIADB_PORT + value: "3306" + - name: WORDPRESS_DATABASE_NAME + value: {{ default "" .Values.mariadb.auth.database | quote }} + - name: WORDPRESS_DATABASE_USER + value: {{ default "" .Values.mariadb.auth.username | quote }} + - name: WORDPRESS_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "wordpress.databaseSecretName" . }} + key: mariadb-password + command: + - /bin/bash + - -ec + - | + mysql --host=$MARIADB_HOST --port=$MARIADB_PORT --user=$WORDPRESS_DATABASE_USER --password=$WORDPRESS_DATABASE_PASSWORD + restartPolicy: Never +{{- end }} diff --git a/practice/13.templating/wordpress/templates/tls-secrets.yaml b/practice/13.templating/wordpress/templates/tls-secrets.yaml new file mode 100644 index 0000000..74e5888 --- /dev/null +++ b/practice/13.templating/wordpress/templates/tls-secrets.yaml @@ -0,0 +1,43 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- else if and .Values.ingress.tls (not .Values.ingress.certManager) }} +{{- $ca := genCA "wordpress-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/practice/13.templating/wordpress/values.schema.json b/practice/13.templating/wordpress/values.schema.json new file mode 100644 index 0000000..af92161 --- /dev/null +++ b/practice/13.templating/wordpress/values.schema.json @@ -0,0 +1,222 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "wordpressUsername": { + "type": "string", + "title": "Username", + "form": true + }, + "wordpressPassword": { + "type": "string", + "title": "Password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set" + }, + "wordpressEmail": { + "type": "string", + "title": "Admin email", + "form": true + }, + "wordpressBlogName": { + "type": "string", + "title": "Blog Name", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "mariadb": { + "type": "object", + "title": "MariaDB Details", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "title": "Use a new MariaDB database hosted in the cluster", + "form": true, + "description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database details" + }, + "primary": { + "type": "object", + "properties": { + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Volume Size", + "form": true, + "hidden": { + "value": false, + "path": "mariadb/enabled" + }, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + } + } + } + } + }, + "externalDatabase": { + "type": "object", + "title": "External Database Details", + "description": "If MariaDB is disabled. Use this section to specify the external database details", + "form": true, + "properties": { + "host": { + "type": "string", + "form": true, + "title": "Database Host", + "hidden": "mariadb/enabled" + }, + "user": { + "type": "string", + "form": true, + "title": "Database Username", + "hidden": "mariadb/enabled" + }, + "password": { + "type": "string", + "form": true, + "title": "Database Password", + "hidden": "mariadb/enabled" + }, + "database": { + "type": "string", + "form": true, + "title": "Database Name", + "hidden": "mariadb/enabled" + }, + "port": { + "type": "integer", + "form": true, + "title": "Database Port", + "hidden": "mariadb/enabled" + } + } + }, + "ingress": { + "type": "object", + "form": true, + "title": "Ingress Configuration", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Use a custom hostname", + "description": "Enable the ingress resource that allows you to access the WordPress installation." + }, + "hostname": { + "type": "string", + "form": true, + "title": "Hostname", + "hidden": { + "value": false, + "path": "ingress/enabled" + } + }, + "certManager": { + "type": "boolean", + "form": true, + "title": "Enable CertManager", + "description": "This will add the required annotation for CertManager to add certificates.", + "hidden": { + "value": false, + "path": "ingress/enabled" + } + }, + "tls": { + "type": "boolean", + "form": true, + "title": "Create a TLS secret", + "hidden": { + "value": false, + "path": "ingress/enabled" + } + } + } + }, + "service": { + "type": "object", + "form": true, + "title": "Service Configuration", + "properties": { + "type": { + "type": "string", + "form": true, + "title": "Service Type", + "description": "Allowed values: \"ClusterIP\", \"NodePort\" and \"LoadBalancer\"" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Metrics", + "description": "Prometheus Exporter / Metrics", + "form": true + } + } + } + } +} diff --git a/practice/13.templating/wordpress/values.yaml b/practice/13.templating/wordpress/values.yaml new file mode 100644 index 0000000..657b420 --- /dev/null +++ b/practice/13.templating/wordpress/values.yaml @@ -0,0 +1,747 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami WordPress image version +## ref: https://hub.docker.com/r/bitnami/wordpress/tags/ +## +image: + registry: docker.io + repository: bitnami/wordpress + tag: 5.6.2-debian-10-r0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## + debug: false + +## Force target Kubernetes version (using Helm capabilites if not set) +## +kubeVersion: + +## String to partially override aspnet-core.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override aspnet-core.fullname template +## +# fullnameOverride: + +## Add labels to all the deployed resources +## +commonLabels: {} + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local + +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: + # Necessary for apache-exporter to work + - ip: "127.0.0.1" + hostnames: + - "status.localhost" + +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] + +## Use a service account for the WordPress pod +## +serviceAccountName: default + +## User of the application +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +wordpressUsername: user + +## Application password +## Defaults to a random 10-character alphanumeric string if not set +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +# wordpressPassword: + +## Use existing secret (does not create the WordPress Secret object) +## Must contain key `wordpress-secret` +## NOTE: When it's set, the `wordpressPassword` parameter is ignored +## +# existingSecret: + +## Admin email +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +wordpressEmail: user@example.com + +## First name +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +wordpressFirstName: FirstName + +## Last name +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +wordpressLastName: LastName + +## Blog name +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +wordpressBlogName: User's Blog! + +## Table prefix +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +wordpressTablePrefix: wp_ + +## Scheme to generate application URLs +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +wordpressScheme: http + +## Skip wizard installation (only if you use an external database that already contains WordPress data) +## ref: https://github.com/bitnami/bitnami-docker-wordpress#connect-wordpress-docker-container-to-an-existing-database +## +wordpressSkipInstall: false + +## Add extra content to the default configuration file +## +wordpressExtraConfigContent: "" + +## Set to `false` to allow the container to be started with blank passwords +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +allowEmptyPassword: true + +## Set Apache allowOverride to None +## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables +## +allowOverrideNone: false + +## Persist the custom changes of the htaccess. It depends on the value of +## `.Values.allowOverrideNone`, when `yes` it will persist `/opt/bitnami/wordpress/wordpress-htaccess.conf` +## if `no` it will persist `/opt/bitnami/wordpress/.htaccess` +## +htaccessPersistenceEnabled: false + +## ConfigMap with custom wordpress-htaccess.conf file (requires allowOverrideNone to true) +## +customHTAccessCM: + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +args: [] + +## Set up update strategy for wordpress installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first. +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## Example: +## updateStrategy: +## type: RollingUpdate +## rollingUpdate: +## maxSurge: 25% +## maxUnavailable: 25% +## +updateStrategy: + type: RollingUpdate + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## SMTP mail delivery configuration +## ref: https://github.com/bitnami/bitnami-docker-wordpress/#smtp-configuration +## +# smtpHost: +# smtpPort: +# smtpUser: +# smtpPassword: +# smtpProtocol: + +## Use an existing secret for the SMTP Password +## Can be the same secret as existingSecret +## Must contain key `smtp-password` +## NOTE: When it's set, the `smtpPassword` parameter is ignored +## +# smtpExistingSecret: + +## Number of replicas (requires ReadWriteMany PVC support) +## +replicaCount: 1 + +## An array to add extra env vars +## Example: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] + +## ConfigMap with extra environment variables +## +extraEnvVarsCM: + +## Secret with extra environment variables +## +extraEnvVarsSecret: + +## Extra volumes to add to the deployment +## +extraVolumes: [] + +## Extra volume mounts to add to the container +## +extraVolumeMounts: [] + +## Add sidecars to the pod. +## Example: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} + +## Add init containers to the pod. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## Example: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## command: ['sh', '-c', 'copy themes and plugins from git and push to /bitnami/wordpress/wp-content. Should work with extraVolumeMounts and extraVolumes'] +## +initContainers: {} + +## Pod Labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} + +## Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" + +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft + +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + +## Affinity for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} + +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: {} + +## WordPress containers' resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + limits: {} + requests: + memory: 512Mi + cpu: 300m + +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## +podSecurityContext: + enabled: true + fsGroup: 1001 + +## Configure Container Security Context (only main container) +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + +## WordPress containers' liveness and readiness probes. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## +livenessProbe: + enabled: true + httpGet: + path: /wp-admin/install.php + port: http + scheme: HTTP + ## If using an HTTPS-terminating load-balancer, the probes may need to behave + ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes + ## docs, 302 should be considered "successful", but this issue on GitHub + ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. + ## + ## httpHeaders: + ## - name: X-Forwarded-Proto + ## value: https + ## + httpHeaders: [] + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +readinessProbe: + enabled: true + httpGet: + path: /wp-login.php + port: http + scheme: HTTP + ## If using an HTTPS-terminating load-balancer, the probes may need to behave + ## like the balancer to prevent HTTP 302 responses. According to the Kubernetes + ## docs, 302 should be considered "successful", but this issue on GitHub + ## (https://github.com/kubernetes/kubernetes/issues/47893) shows that it isn't. + ## + ## httpHeaders: + ## - name: X-Forwarded-Proto + ## value: https + ## + httpHeaders: [] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Custom liveness and readiness probes, it overrides the default one (evaluated as a template) +## +customLivenessProbe: {} +customReadinessProbe: {} + +## Container ports +## +containerPorts: + http: 8080 + https: 8443 + +## Kubernetes configuration +## For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP +## +service: + type: LoadBalancer + ## HTTP Port + ## + port: 80 + ## HTTPS Port + ## + httpsPort: 443 + ## HTTPS Target Port + ## defaults to https unless overridden to the specified port. + ## if you want the target port to be "http" or "80" you can specify that here. + ## + httpsTargetPort: https + ## Node Ports to expose + ## nodePorts: + ## http: + ## https: + ## + nodePorts: + http: "" + https: "" + ## Service clusterIP. + ## + # clusterIP: None + ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + # loadBalancerIP: + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## Example: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## Enable client source IP preservation + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## Provide any additional annotations which may be required (evaluated as a template). + ## + annotations: {} + ## Extra ports to expose (normally used with the `sidecar` value) + ## + # extraPorts: + +## Configure the ingress resource that allows you to access the +## WordPress installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## Set to true to enable ingress record generation + ## + enabled: false + + ## Set this to true in order to add the corresponding annotations for cert-manager + ## + certManager: false + + ## Ingress Path type + ## + pathType: ImplementationSpecific + + ## Override API Version (automatically detected if not set) + ## + apiVersion: + + ## When the ingress is enabled, a host pointing to this will be created + ## + hostname: wordpress.local + + ## The Path to WordPress. You may need to set this to '/*' in order to use this + ## with ALB ingress controllers. + ## + path: / + + ## Ingress annotations done as key:value pairs + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + ## + ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set + ## + annotations: {} + + ## Enable TLS configuration for the hostname defined at ingress.hostname parameter + ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} + ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it + ## + tls: false + + ## The list of additional hostnames to be covered with this ingress record. + ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array + ## extraHosts: + ## - name: wordpress.local + ## path: / + ## + + ## Any additional arbitrary paths that may need to be added to the ingress under the main host. + ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + + ## The tls configuration for additional hostnames to be covered with this ingress record. + ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## extraTls: + ## - hosts: + ## - wordpress.local + ## secretName: wordpress.local-tls + ## + + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## + secrets: [] + ## - name: wordpress.local-tls + ## key: + ## certificate: + ## + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + enabled: false + ## wordpress data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + accessMode: ReadWriteOnce + size: 10Gi + ## Custom dataSource + ## + dataSource: {} + +## Wordpress Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ +## +pdb: + create: false + ## Min number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## Max number of pods that can be unavailable after the eviction + ## + # maxUnavailable: 1 + +## Wordpress Autoscaling configuration +## +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 11 + # targetCPU: 50 + # targetMemory: 50 + +## Prometheus Exporter / Metrics +## +metrics: + enabled: false + image: + registry: docker.io + repository: bitnami/apache-exporter + tag: 0.8.0-debian-10-r305 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Prometheus expoter service parameters + ## + service: + ## Metrics port + ## + port: 9117 + ## Annotations for the Prometheus exporter service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.port }}" + + ## Metrics exporter containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + limits: {} + requests: {} + + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: false + ## Specify the namespace in which the serviceMonitor resource will be created + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 30s + ## Specify the timeout after which the scrape is ended + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + +## +## MariaDB chart configuration +## +## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml +## +mariadb: + ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters + ## + enabled: true + ## MariaDB architecture. Allowed values: standalone or replication + ## + architecture: standalone + ## MariaDB Authentication parameters + ## + auth: + ## MariaDB root password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run + ## + rootPassword: "" + ## MariaDB custom user and database + ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run + ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run + ## + database: bitnami_wordpress + username: bn_wordpress + password: "" + primary: + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + enabled: false + ## mariadb data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + +## +## External Database Configuration +## +## All of these values are only used when mariadb.enabled is set to false +## +externalDatabase: + ## Database host + ## + host: localhost + ## non-root Username for Wordpress Database + ## + user: bn_wordpress + ## Database password + ## + password: "" + ## Database name + ## + database: bitnami_wordpress + ## Database port number + ## + port: 3306 + ## Use existing secret (ignores previous password) + ## must contain key `mariadb-password` + ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored + ## + # existingSecret: + +## Make use of custom post-init.d user scripts functionality inside the bitnami/wordpress image +## ref: https://github.com/bitnami/bitnami-docker-wordpress/tree/master/5/debian-10/rootfs/post-init.d +## +## The logic of the post-init.d user scripts is that all is all files with extensions .sh, .sql or .php are executed for one time only, at the very first initialization of the pod as the very last step of entrypoint.sh. +## Example: +## customPostInitScripts: +## enable-multisite.sh: | +## #!/bin/bash +## chmod +w /bitnami/wordpress/wp-config.php +## wp core multisite-install --url=example.com --title="Welcome to the WordPress Multisite" --admin_user="doesntmatternotreallyused" --admin_password="doesntmatternotreallyused" --admin_email="user@example.com" +## cat /docker-entrypoint-init.d/.htaccess > /bitnami/wordpress/.htaccess +## chmod -w bitnami/wordpress/wp-config.php +## .htaccess: | +## RewriteEngine On +## RewriteBase / +## ... +## +## NOTE: Combined with extraVolume and extraVolumeMounts to mount the configmap to /docker-entrypoint-init.d where custom user init scripts are looked for +## +customPostInitScripts: {} + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: {} + # cpu: 100m + # memory: 128Mi + + ## Init container Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false + ## + securityContext: + runAsUser: 0 diff --git a/practice/14.ci-cd/1.1.prepare_cluster/README.md b/practice/14.ci-cd/1.1.prepare_cluster/README.md new file mode 100644 index 0000000..1158ac9 --- /dev/null +++ b/practice/14.ci-cd/1.1.prepare_cluster/README.md @@ -0,0 +1,70 @@ +# Подготовка кластера + +## 1. Создаем ns и RBAC + +Для этого запускаем скрипт `setup.sh`, перед запуском `<Ваш номер логина> меняем на свой номер студента!!`. + +```bash +bash ~/slurm/practice/14.ci-cd/1.1.prepare_cluster/setup.sh s<Ваш номер логина>-xpaste production +``` + +В конце своего выполнения скрипт выдаст нам токен, который необходимо сохранить. + +## 2. Создание variables в gitlab + +Для доступа из Gitlab в Kubernetes нам необходимо добавить в Gitlab переменную, в которой будет содержаться токен с предыдущего шага. + +* Переходим в Gitlab + +Для этого открываем в браузере свой форк xpaste. `<Ваш номер логина> меняем на свой номер студента`: + +```bash +https://gitlab.slurm.io/s<Ваш номер логина>/xpaste +``` + +* Добавляем переменную + +Для этого в левом меню находим `Settings -> CI/CD -> Variables` и нажимаем Expand. Жмем кнопку `Add Variable` и в поле `Key` вводим имя переменной: + +```bash +K8S_CI_TOKEN +``` + +В поле `Value` вводим скопированный токен из вывода команды setup.sh (пункт 1) и нажимаем `Add Variable`. + +## 3. Создаем token для доступа в registry + +Для этого переходим в раздел `Settings -> Repository -> Deploy tokens` и нажимаем Expand. + +В поле `Name` вводим + +```bash +k8s-pull-token +``` + +Cтавим галочку рядом с `read_registry`. Все остальные поля оставляем пустыми. Нажимаем `Create deploy token`. + +```!!НЕ ЗАКРЫВАЕМ ОКНО БРАУЗЕРА!!``` + +## 4. Создаем secret в kubernetes + +Создаем secret, который будет использоваться для image pull. Для этого возвращаемся на первый master и выполняем команду: +Вносим нужные данные в скрипт `docker_pull_secret.sh` и запускаем его: + +Соответственно подставляя на место `<>` нужные параметры, которые получили на `шаге 3`. + +```bash +vim docker_pull_secret.sh +./docker_pull_secret.sh +``` + +## 6. Создание секрета для приложения + +Создаем секрет, из которого при деплое будут взяты значения для переменных окружения, таких как доступы к БД и секретный ключ. +Вносим нужные данные в скрипт xpaste_secret.sh и запускаем его: + +```bash +vim xpaste_secret.sh +./xpaste_secret.sh +``` +`secret-key-base xxxxxxxxxxxxx` это не плэйсхолдер. Можно так и оставить. diff --git a/practice/14.ci-cd/1.1.prepare_cluster/docker_pull_secret.sh b/practice/14.ci-cd/1.1.prepare_cluster/docker_pull_secret.sh new file mode 100755 index 0000000..79d0478 --- /dev/null +++ b/practice/14.ci-cd/1.1.prepare_cluster/docker_pull_secret.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +NS=s<Ваш номер логина>-xpaste-production + +kubectl delete secret xpaste-gitlab-registry --namespace "$NS" + +kubectl create secret docker-registry xpaste-gitlab-registry \ + --docker-server registry.slurm.io \ + --docker-email 'student@slurm.io' \ + --docker-username '<первая строчка из окна создания токена в gitlab>' \ + --docker-password '<вторая строчка из окна создания токена в gitlab>' \ + --namespace "$NS" diff --git a/practice/14.ci-cd/1.1.prepare_cluster/setup.sh b/practice/14.ci-cd/1.1.prepare_cluster/setup.sh new file mode 100755 index 0000000..cb8aae2 --- /dev/null +++ b/practice/14.ci-cd/1.1.prepare_cluster/setup.sh @@ -0,0 +1,95 @@ +#!/bin/bash + +CI_PROJECT_PATH_SLUG=$1 +CI_ENVIRONMENT_NAME=$2 + + +GREEN='\033[0;32m' +NC='\033[0m' + + +usage() { + echo "Usage: $0 CI_PROJECT_PATH_SLUG CI_ENVIRONMENT_NAME" +} + +base64_decode_key() { +if [[ "$OSTYPE" == "linux"* ]]; then + echo "-d" +elif [[ "$OSTYPE" == "darwin"* ]]; then + echo "-D" +else + echo "--help" +fi +} + + +if [ -z "$CI_PROJECT_PATH_SLUG" ] || [ -z "$CI_ENVIRONMENT_NAME" ]; then + usage + exit 1 +fi + +NS="$CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME" +SA="$CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME" +ROLE="$CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME" +ROLEBIND="$CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME" + +if kubectl get ns "$NS"; then + echo -e "${GREEN}namespace for project already exists${NC}" +else + echo -e "${GREEN}creating namespace for project${NC}" + kubectl create namespace "$NS" + echo +fi + +if kubectl -n "$NS" get sa "$SA"; then + echo -e "${GREEN}serviceaccount for project already exists${NC}" +else + echo + echo -e "${GREEN}creating CI serviceaccount for project${NC}" + kubectl create serviceaccount \ + --namespace "$NS" \ + "$SA" + echo +fi + +if kubectl -n "$NS" get role "$ROLE"; then + echo -e "${GREEN}role for project already exists${NC}" +else + echo -e "${GREEN}creating CI role for project${NC}" + cat << EOF | kubectl apply --namespace $NS -f - + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: "$ROLE" + rules: + - apiGroups: ["", "extensions", "apps", "batch", "events", "certmanager.k8s.io", "cert-manager.io", "monitoring.coreos.com"] + resources: ["*"] + verbs: ["*"] +EOF + echo +fi + +if kubectl -n "$NS" get rolebinding "$ROLEBIND"; then + echo -e "${GREEN}rolebinding for project already exists${NC}" +else + echo -e "${GREEN}creating CI rolebinding for project${NC}" + kubectl create rolebinding \ + --namespace "$NS" \ + --serviceaccount "$NS":"$SA" \ + --role "$ROLE" \ + "$ROLEBIND" + echo +fi + +echo -e "${GREEN}access token for new CI user:${NC}" +kubectl get secret \ + --namespace "$NS" \ + $( \ + kubectl get serviceaccount \ + --namespace "$NS" \ + "$SA" \ + -o jsonpath='{.secrets[].name}'\ + ) \ + -o jsonpath='{.data.token}' | base64 $(base64_decode_key) +echo + diff --git a/practice/14.ci-cd/1.1.prepare_cluster/xpaste_secret.sh b/practice/14.ci-cd/1.1.prepare_cluster/xpaste_secret.sh new file mode 100755 index 0000000..5cab7e3 --- /dev/null +++ b/practice/14.ci-cd/1.1.prepare_cluster/xpaste_secret.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +NS=s<Ваш номер логина>-xpaste-production + +kubectl delete secret slurm-xpaste --namespace "$NS" + +kubectl create secret generic slurm-xpaste \ + --from-literal secret-key-base=xxxxxxxxxxxxxxxxxxxxxxxxx \ + --from-literal db-user='s<Ваш номер логина>' \ + --from-literal db-password='<Ваш пароль от логина>' \ + --namespace "$NS" diff --git a/practice/14.ci-cd/1.2.deploy/.gitlab-ci.yml b/practice/14.ci-cd/1.2.deploy/.gitlab-ci.yml new file mode 100644 index 0000000..0ed4d92 --- /dev/null +++ b/practice/14.ci-cd/1.2.deploy/.gitlab-ci.yml @@ -0,0 +1,65 @@ +variables: + K8S_API_URL: https://172.20.100.2:6443 + +stages: + - build + - test + - cleanup + - push + - deploy + +build: + stage: build + script: + - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID . + +test: + stage: test + image: + name: docker/compose:1.27.4 + entrypoint: [""] + script: + - docker-compose + -p "$CI_PROJECT_NAME"_"$CI_PIPELINE_ID" + up + --abort-on-container-exit + --exit-code-from app + --quiet-pull + +cleanup: + stage: cleanup + image: + name: docker/compose:1.27.4 + entrypoint: [""] + script: + - docker-compose -p "$CI_PROJECT_NAME"_"$CI_PIPELINE_ID" down + when: always + +push: + stage: push + before_script: + - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY + script: + - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + only: + - master + +deploy: + stage: deploy + image: centosadmin/kubernetes-helm:3.3.4 + environment: + name: production + resource_group: deploy_production + script: + - kubectl config set-cluster k8s --insecure-skip-tls-verify=true --server=$K8S_API_URL + - kubectl config set-credentials ci --token=$K8S_CI_TOKEN + - kubectl config set-context ci --cluster=k8s --user=ci + - kubectl config use-context ci + - helm upgrade --install $CI_PROJECT_PATH_SLUG .helm + --set image=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME + --set imageTag=$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + --debug + --namespace $CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME + only: + - master + diff --git a/practice/14.ci-cd/1.2.deploy/README.md b/practice/14.ci-cd/1.2.deploy/README.md new file mode 100644 index 0000000..ea08278 --- /dev/null +++ b/practice/14.ci-cd/1.2.deploy/README.md @@ -0,0 +1,108 @@ +# Добавляем конфиг CI/CD в Gitlab + +В этой части добавляем последний шаг - конфиг для Gitlab CI/CD для сборки, тестирования и деплоя приложения в кластер k8s. Деплой производится с использованием утилиты Helm v3. + +Gitlab CI/CD описывается в файле `.gitlab-ci.yml` в формате `yaml`. По умолчанию Gitlab ищет этот файл в корне проекта, путь до файла может быть переопределен в настройках проекта. + +## 1. Подготавливаем CI/CD + +Для этого скопируем заранее подготовленный шаблон `.gitlab-ci.yml` в проект `xpaste`, выполнив команду: + +```bash +cp ~/slurm/practice/14.ci-cd/1.2.deploy/.gitlab-ci.yml ~/xpaste/ +``` + +## 2. Адрес Kubernetes API + +В файле `.gitlab-ci.yml` указан IP-адрес нашего общего kube api. + +## 3. Настройка базы данных + +Сервер базы данных общий для всех студентов, каждому студенту выделена своя база данных. +Логин и пароль для доступа к БД мы указывали при создании секрета, а в параметрах чарта укажен название БД. + +Для этого откроем `values.yaml`: + +```bash +vi ~/xpaste/.helm/values.yaml +``` + +В начале файла необходимо заменить строку `<Ваш номер логина> - меняем на свой номер студента!!`: + +```diff +- DB_NAME: <номер своего логина>_xpaste ++ DB_NAME: s000001_xpaste +``` + + +## 3. Настройка ingress + +Доступ к приложению будет осуществляться через ingress. Ingress устанавливается вместе с приложением, но для его корректной работы необходимо прописать ему адрес. +Для этого откроем `values.yaml`: + +```bash +vi ~/xpaste/.helm/values.yaml +``` + +В конце файла необходимо заменить строку `<Ваш номер логина> - меняем на свой номер студента!!`: + +```diff +- host: xpaste.s<Ваш номер логина>.k8s.slurm.io ++ host: xpaste.s000001.k8s.slurm.io +``` + +Сохраняем все изменения и пушим их в gitlab. Для этого необходимо выполнить команды: + +```bash +cd ~/xpaste +git add . +git commit -am "Add CI/CD config" +git push +``` + +## 4. Переключаемся в namespace приложения + +До сих пор мы работали в неймспейсе кластера Kubernetes с названием `s<номер_студента>` + +Но наше приложение xpaste устанавливается в другой namespace `s<номер_студента>-xpaste-production`. +Для удобства работы, чтобы не набирать каждый раз опцию `--namespace` изменим namespace, который kubectl использует по умолчанию: + +```bash +kubectl config set-context --current --namespace=s<номер_студента>-xpaste-production +``` + +## 5. Проверка результата + +Для проверки результата необходимо перейти в Gitlab в раздел `ci/cd -> pipelines` форка проекта xpaste. +Можно воспользоваться прямой ссылкой: `https://gitlab.slurm.io/sXXXXXX/xpaste/pipelines`. `sXXXXXX` необходимо заменить на номер своего студента. + +В результате все job должны закончиться без ошибок. + +## 6.Открываем приложение в браузере + +В браузере открываем URL: http://xpaste.s<Ваш номер логина>.k8s.slurm.io. `<Ваш номер логина>` необходимо заменить на номер своего студента. Открывать нужно в режиме `инкогнито`. + +Если вы увидели `503` ошибку, значит практику выполнили верно. + +## 7. Самостоятельная работа + +Самостоятельная работа продолжительностью 5 минут. Во время самостоятельной работы надо попробовать ответить на вопросы: + +* Почему деплой закончился успешно, а приложение недоступно? +* Что надо исправить в CI/CD ? +* Что надо исправить в приложении или его настройках ? + +Ошибку пока исправлять не надо. + +## 8. Доработка CI/CD + +* Для корректировки поведения CI/CD необходимо внести изменения в ci/cd, описанные в [snippet](https://gitlab.slurm.io/-/snippets/107) + +Удаляем установленный релиз helm чарта: + +```bash +helm delete s<номер_студента>-xpaste +``` +Далее пушим изменения и смотрим за процессом CI/CD. + +После внесения изменений процесс деплоя должен завершиться с ошибкой. diff --git a/practice/14.ci-cd/1.3.logs/.gitlab-ci.yml b/practice/14.ci-cd/1.3.logs/.gitlab-ci.yml new file mode 100644 index 0000000..f7f71aa --- /dev/null +++ b/practice/14.ci-cd/1.3.logs/.gitlab-ci.yml @@ -0,0 +1,70 @@ +variables: + K8S_API_URL: https://172.20.100.2:6443 + +stages: + - build + - test + - cleanup + - push + - deploy + +build: + stage: build + script: + - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID . + +test: + stage: test + image: + name: docker/compose:1.27.4 + entrypoint: [""] + script: + - docker-compose + -p "$CI_PROJECT_NAME"_"$CI_PIPELINE_ID" + up + --abort-on-container-exit + --exit-code-from app + --quiet-pull + +cleanup: + stage: cleanup + image: + name: docker/compose:1.27.4 + entrypoint: [""] + script: + - docker-compose -p "$CI_PROJECT_NAME"_"$CI_PIPELINE_ID" down + when: always + +push: + stage: push + before_script: + - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY + script: + - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + only: + - master + +deploy: + stage: deploy + image: centosadmin/kubernetes-helm:3.3.4 + environment: + name: production + resource_group: deploy_production + script: + - kubectl config set-cluster k8s --insecure-skip-tls-verify=true --server=$K8S_API_URL + - kubectl config set-credentials ci --token=$K8S_CI_TOKEN + - kubectl config set-context ci --cluster=k8s --user=ci + - kubectl config use-context ci + - helm upgrade --install $CI_PROJECT_PATH_SLUG .helm + --set image=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME + --set imageTag=$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + --timeout 180s + --atomic + --debug + --namespace $CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME + after_script: + - kubectl -n $CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME logs -lcomponent=atomiclog --tail=-1 + - kubectl -n $CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME delete job -lcomponent=atomiclog + only: + - master + diff --git a/practice/14.ci-cd/1.3.logs/README.md b/practice/14.ci-cd/1.3.logs/README.md new file mode 100644 index 0000000..b3ad6a3 --- /dev/null +++ b/practice/14.ci-cd/1.3.logs/README.md @@ -0,0 +1,38 @@ +# Добавляем helm hook + +## 1. Добавляем манифест job + +```bash +cp job.yaml ~/xpaste/.helm/templates/job.yaml + +cd ~/xpaste +``` + +## 2. Добавляем просмотр результатов работы job в CI/CD + +Добавляем в `.gitlab-ci.yml` в шаг `deploy:` раздел `after_script:` + +```yaml +deploy: + ... + after_script: + - kubectl -n $CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME logs -lcomponent=atomiclog --tail=-1 + - kubectl -n $CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME delete job -lcomponent=atomiclog +``` + +## 3. Пушим, смотрим в вывод CI/CD + +``` +git add -A +git commit -am "Add job template for getting k8s logs if deploy has failed" +git push + +``` + +## 4. Исправление настроек приложения + +Ищем ошибку в выводе логов пода. + +* Для исправления ошибки в работе приложения необходимо внести изменения в `values.yml` чарта, описанные в [snippet](https://gitlab.slurm.io/-/snippets/83) + +Для проверки открываем в браузере URL: `http://xpaste.s<Ваш номер логина>.k8s.slurm.io`. `<Ваш номер логина>` необходимо заменить на номер своего студента. Открывать нужно в режиме `инкогнито`. Теперь приложение должно быть доступно. diff --git a/practice/14.ci-cd/1.3.logs/job.yaml b/practice/14.ci-cd/1.3.logs/job.yaml new file mode 100644 index 0000000..dafd735 --- /dev/null +++ b/practice/14.ci-cd/1.3.logs/job.yaml @@ -0,0 +1,43 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ .Release.Name }}-atomiclog" + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation + labels: + app: {{ .Chart.Name }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: atomiclog +spec: + activeDeadlineSeconds: 100 + template: + metadata: + labels: + app: {{ .Chart.Name }} + release: {{ .Release.Name }} + component: atomiclog + spec: + containers: + - name: atomiclog + image: centosadmin/kubernetes-helm:3.3.4 + imagePullPolicy: IfNotPresent + command: + - /bin/bash + args: + - /usr/local/bin/hooklog.sh + - {{ .Release.Namespace }} + - {{ .Release.Name }} + resources: + limits: + cpu: 50m + memory: 256Mi + requests: + cpu: 50m + memory: 128Mi + dnsPolicy: ClusterFirst + restartPolicy: Never + serviceAccountName: {{ .Release.Namespace }} diff --git a/practice/14.ci-cd/1.3.logs/scripts/hooklog.sh b/practice/14.ci-cd/1.3.logs/scripts/hooklog.sh new file mode 100755 index 0000000..2e89998 --- /dev/null +++ b/practice/14.ci-cd/1.3.logs/scripts/hooklog.sh @@ -0,0 +1,111 @@ +#!/bin/bash +set -u +# +# file: https://galaxy.southbridge.io/templates/antools/-/blob/master/scripts/hooklog.sh +# version: 0.1.0 +# +# Use this script with Helm pre-rollback hook for logs and events printing. +# +# Nikolay Mesropyan and Southbridge LLC team, 2020 A.D. +# + +_main() { + local fn=${FUNCNAME[0]} + + trap '_except $LINENO' ERR + + if [[ "${1:-NOP}" != NOP ]]; then + local ns="$1" + else + _help; exit 0 + fi + + if [[ "${2:-NOP}" != NOP ]]; then + local release="$2" + else + _help; exit 0 + fi + + printf '\033[1;31m%s\033[1;35m' "Get pods status: " + printf -- '-%.0s' {1..130} + printf '\033[0m\n' + kubectl -n "$ns" get po -lrelease="$release" -o wide | grep -Fv atomiclog + + printf '\033[1;31m%s\033[1;35m' "Tail of overall 'Warning' events: " + printf -- '-%.0s' {1..108} + printf '\033[0m\n' + kubectl -n "$ns" get events --field-selector type=Warning --sort-by='.metadata.creationTimestamp' | tail + + local -a Daemonsets=() Deployments=() Jobs=() Statefulsets=() + + mapfile -t Daemonsets < <( kubectl -n "$ns" get daemonset -lrelease="$release" --no-headers -o custom-columns=":metadata.name" ) + mapfile -t Deployments < <( kubectl -n "$ns" get deployment -lrelease="$release" --no-headers -o custom-columns=":metadata.name" ) + mapfile -t Jobs < <( kubectl -n "$ns" get job -lrelease="$release" --no-headers -o custom-columns=":metadata.name" ) + mapfile -t Statefulsets < <( kubectl -n "$ns" get statefulset -lrelease="$release" --no-headers -o custom-columns=":metadata.name" ) + + for (( i = 0; i < ${#Daemonsets[@]}; i++ )); do + __not_ready DaemonSet "${Daemonsets[i]}" + done + + for (( i = 0; i < ${#Deployments[@]}; i++ )); do + __not_ready Deployment "${Deployments[i]}" + done + + for (( i = 0; i < ${#Jobs[@]}; i++ )); do + __not_ready Job "${Jobs[i]}" + done + + for (( i = 0; i < ${#Statefulsets[@]}; i++ )); do + __not_ready StatefulSet "${Statefulsets[i]}" + done + + exit 0 +} + +__not_ready() { + local not_ready_pod="" + local text="of the first not-ready pod" + + not_ready_pod=$(kubectl -n "$ns" get po -lrelease="$release" --no-headers | grep "^$2" \ + | gawk -F' *|/' '$4 !~ "Completed|Evicted" { print $0 }' \ + | gawk -F' *|/' '$2 != $3 || $4 != "Running" { print $1; exit }') + + if [[ -n "$not_ready_pod" ]]; then + __events "$@" + __logs "$@" + fi +} + +__events() { + printf '\033[1;31m%s\033[1;35m' "$1 ${2}: events ${text}: " + printf -- '-%.0s' {1..76} + printf '\033[0m\n' + kubectl -n "$ns" get events --field-selector involvedObject.name="$not_ready_pod" || : +} + +__logs() { + local -a Containers=() + + mapfile -t Containers < <( kubectl -n "$ns" get po "$not_ready_pod" --no-headers -o jsonpath="{.spec.containers[*].name}" | sed 's/\s\+/\n/g' ) + + for (( i = 0; i < ${#Containers[@]}; i++ )); do + printf '\033[1;31m%s\033[1;35m' "$1 ${2}: logs ${text}, container '${Containers[i]}': " + printf -- '-%.0s' {1..56} + printf '\033[0m\n' + kubectl -n "$ns" logs "$not_ready_pod" "${Containers[i]}" --ignore-errors=true --tail=-1 || : + done +} + +_except() { + local ret=$? + local no=${1:-no_line} + + echo "error occured in function '$fn' near line ${no}, exit code ${ret}. Continuing..." +} + +_help() { + echo "Usage: $0 " >&2 +} + +_main "$@" + diff --git a/practice/14.ci-cd/1.4.improvement_cicd/.gitlab-ci.yml b/practice/14.ci-cd/1.4.improvement_cicd/.gitlab-ci.yml new file mode 100644 index 0000000..ff4a6b0 --- /dev/null +++ b/practice/14.ci-cd/1.4.improvement_cicd/.gitlab-ci.yml @@ -0,0 +1,94 @@ +variables: + K8S_API_URL: https://172.20.100.2:6443 + +stages: + - linter + - build + - test + - cleanup + - push + - template + - deploy + +build: + stage: build + script: + - docker build -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID . + +test: + stage: test + image: + name: docker/compose:1.27.4 + entrypoint: [""] + script: + - docker-compose + -p "$CI_PROJECT_NAME"_"$CI_PIPELINE_ID" + up + --abort-on-container-exit + --exit-code-from app + --quiet-pull + +cleanup: + stage: cleanup + image: + name: docker/compose:1.27.4 + entrypoint: [""] + script: + - docker-compose -p "$CI_PROJECT_NAME"_"$CI_PIPELINE_ID" down + when: always + +push: + stage: push + before_script: + - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY + script: + - docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + only: + - master + +deploy: + stage: deploy + image: centosadmin/kubernetes-helm:3.3.4 + environment: + name: production + resource_group: deploy_production + script: + - kubectl config set-cluster k8s --insecure-skip-tls-verify=true --server=$K8S_API_URL + - kubectl config set-credentials ci --token=$K8S_CI_TOKEN + - kubectl config set-context ci --cluster=k8s --user=ci + - kubectl config use-context ci + - helm upgrade --install $CI_PROJECT_PATH_SLUG .helm + --set image=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME + --set imageTag=$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + --timeout 180s + --atomic + --namespace $CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME + after_script: + - kubectl -n $CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME logs -lcomponent=atomiclog --tail=-1 + - kubectl -n $CI_PROJECT_PATH_SLUG-$CI_ENVIRONMENT_NAME delete job -lcomponent=atomiclog + only: + - master + +helm_lint: + stage: linter + image: centosadmin/kubernetes-helm:3.3.4 + environment: + name: production + script: + - helm lint .helm + --set image=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME + --set imageTag=$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + only: + - master + +template: + stage: template + image: centosadmin/kubernetes-helm:3.3.4 + environment: + name: production + script: + - helm template $CI_PROJECT_PATH_SLUG .helm + --set image=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME + --set imageTag=$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + only: + - master diff --git a/practice/14.ci-cd/1.4.improvement_cicd/README.md b/practice/14.ci-cd/1.4.improvement_cicd/README.md new file mode 100644 index 0000000..c4c9c84 --- /dev/null +++ b/practice/14.ci-cd/1.4.improvement_cicd/README.md @@ -0,0 +1,56 @@ +# Ещё больше улучшений в конфиге CI/CD + +## 1. Добавляем helm linter и вывод манифестов. + +Добавляем новые шаги: + +``` +helm_lint: + stage: linter + image: centosadmin/kubernetes-helm:3.3.4 + environment: + name: production + script: + - helm lint .helm + --set image=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME + --set imageTag=$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + only: + - master +``` + +``` +template: + stage: template + image: centosadmin/kubernetes-helm:3.3.4 + environment: + name: production + script: + - helm template $CI_PROJECT_PATH_SLUG .helm + --set image=$CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME + --set imageTag=$CI_COMMIT_REF_SLUG.$CI_PIPELINE_ID + only: + - master +``` + +Заносим их в список стейджей + +``` +stages: + - linter + - build + - test + - cleanup + - push + - template + - deploy +``` + +Или копируем готовый файл `.gitlab-ci.yml` в репозиторий xpaste. + +Пушим, смотрим результат. + +## 2. Самостоятельная работа + +Исправляем Error в выводе линтера, Warning можно пропустить. + +PS: В принципе можно убрать ключ `--debug` из шага deploy. diff --git a/practice/14.ci-cd/1.5.two_containers/README.md b/practice/14.ci-cd/1.5.two_containers/README.md new file mode 100644 index 0000000..25c93db --- /dev/null +++ b/practice/14.ci-cd/1.5.two_containers/README.md @@ -0,0 +1,25 @@ +# Запускаем приложение в несколько реплик + +## 1. Копируем манифест deployment + +``` +cp deployment.yaml ~/xpaste/.helm/templates/ +``` + +## 2. Пушим, ждем запуска, рассматриваем + +``` +cd ~/xpaste +git add .helm/templates/deployment.yaml +git commit -m "Run app with nginx in separate containers" +git push +``` + +## 3. Смотрим описание пода, список запущенных процессов + +``` +kubectl describe pod ... +kubectl exec -it ... + +ps ax +``` diff --git a/practice/14.ci-cd/1.5.two_containers/deployment.yaml b/practice/14.ci-cd/1.5.two_containers/deployment.yaml new file mode 100644 index 0000000..55f7d63 --- /dev/null +++ b/practice/14.ci-cd/1.5.two_containers/deployment.yaml @@ -0,0 +1,120 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ .Chart.Name }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: app + name: {{ .Release.Name }} +spec: + progressDeadlineSeconds: 180 + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Chart.Name }} + release: {{ .Release.Name }} + component: app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + revisionHistoryLimit: 5 + template: + metadata: + creationTimestamp: null + labels: + app: {{ .Chart.Name }} + release: {{ .Release.Name }} + component: app + spec: + containers: + - name: nginx + command: ["/usr/sbin/nginx"] + args: ["-g", "daemon off;"] + image: {{ .Values.image }}:{{ .Values.imageTag }} + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /var/run + name: socket + ports: + - containerPort: {{ .Values.service.port }} + name: http + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: / + port: {{ .Values.service.port }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + initialDelaySeconds: 90 + failureThreshold: 3 + httpGet: + path: / + port: {{ .Values.service.port }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + - env: + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} + {{- end }} + {{- range $key, $val := .Values.envSecret }} + - name: {{ $key | quote }} + valueFrom: + secretKeyRef: + key: {{ $key | lower | replace "_" "-" }} + name: {{ $val }} + {{- end }} + image: {{ .Values.image }}:{{ .Values.imageTag}} + imagePullPolicy: IfNotPresent + name: app + command: ["/bin/sh"] + args: ["-c","bundle exec rake db:migrate && exec bundle exec puma -b unix:///var/run/puma.sock -e $RAILS_ENV config.ru"] + volumeMounts: + - mountPath: /var/run + name: socket + readinessProbe: + failureThreshold: 30 + httpGet: + path: / + port: {{ .Values.service.port }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + initialDelaySeconds: 90 + failureThreshold: 3 + httpGet: + path: / + port: {{ .Values.service.port }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + resources: +{{ toYaml .Values.resources | indent 12 }} + dnsPolicy: ClusterFirst + restartPolicy: Always + terminationGracePeriodSeconds: 20 + imagePullSecrets: + - name: {{ .Values.imagePullSecret }} + volumes: + - name: socket + emptyDir: {} diff --git a/practice/14.ci-cd/1.6.job.migration/README.md b/practice/14.ci-cd/1.6.job.migration/README.md new file mode 100644 index 0000000..f9a5931 --- /dev/null +++ b/practice/14.ci-cd/1.6.job.migration/README.md @@ -0,0 +1,18 @@ +# Добавляем pre-install hook с миграцией БД + +## 1. Копируем манифест deployment и job.migrate + +``` +cp job.migrate.yaml ~/xpaste/.helm/templates/ +cp deployment.yaml ~/xpaste/.helm/templates/ +``` + +## 2. Пушим, ждем запуска, рассматриваем + +``` +cd ~/xpaste +git add .helm/templates/job.migrate.yaml +git add .helm/templates/deployment.yaml +git commit -m "Add migrate job" +git push +``` diff --git a/practice/14.ci-cd/1.6.job.migration/deployment.yaml b/practice/14.ci-cd/1.6.job.migration/deployment.yaml new file mode 100644 index 0000000..74e1e7b --- /dev/null +++ b/practice/14.ci-cd/1.6.job.migration/deployment.yaml @@ -0,0 +1,120 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ .Chart.Name }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: app + name: {{ .Release.Name }} +spec: + progressDeadlineSeconds: 180 + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Chart.Name }} + release: {{ .Release.Name }} + component: app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + revisionHistoryLimit: 5 + template: + metadata: + creationTimestamp: null + labels: + app: {{ .Chart.Name }} + release: {{ .Release.Name }} + component: app + spec: + containers: + - name: nginx + command: ["/usr/sbin/nginx"] + args: ["-g", "daemon off;"] + image: {{ .Values.image }}:{{ .Values.imageTag }} + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /var/run + name: socket + ports: + - containerPort: {{ .Values.service.port }} + name: http + protocol: TCP + readinessProbe: + failureThreshold: 30 + httpGet: + path: / + port: {{ .Values.service.port }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + initialDelaySeconds: 90 + failureThreshold: 3 + httpGet: + path: / + port: {{ .Values.service.port }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + - env: + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} + {{- end }} + {{- range $key, $val := .Values.envSecret }} + - name: {{ $key | quote }} + valueFrom: + secretKeyRef: + key: {{ $key | lower | replace "_" "-" }} + name: {{ $val }} + {{- end }} + image: {{ .Values.image }}:{{ .Values.imageTag}} + imagePullPolicy: IfNotPresent + name: app + command: ["/bin/sh"] + args: ["-c","exec bundle exec puma -b unix:///var/run/puma.sock -e $RAILS_ENV config.ru"] + volumeMounts: + - mountPath: /var/run + name: socket + readinessProbe: + failureThreshold: 30 + httpGet: + path: / + port: {{ .Values.service.port }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + initialDelaySeconds: 90 + failureThreshold: 3 + httpGet: + path: / + port: {{ .Values.service.port }} + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + resources: +{{ toYaml .Values.resources | indent 12 }} + dnsPolicy: ClusterFirst + restartPolicy: Always + terminationGracePeriodSeconds: 20 + imagePullSecrets: + - name: {{ .Values.imagePullSecret }} + volumes: + - name: socket + emptyDir: {} diff --git a/practice/14.ci-cd/1.6.job.migration/job.migrate.yaml b/practice/14.ci-cd/1.6.job.migration/job.migrate.yaml new file mode 100644 index 0000000..66bec37 --- /dev/null +++ b/practice/14.ci-cd/1.6.job.migration/job.migrate.yaml @@ -0,0 +1,56 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ .Release.Name }}-dbmigrate" + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation + labels: + app: {{ .Chart.Name }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + component: dbmigrate +spec: + activeDeadlineSeconds: 180 + template: + metadata: + labels: + app: {{ .Chart.Name }} + release: {{ .Release.Name }} + component: dbmigrate + spec: + containers: + - name: dbmigrate + image: {{ .Values.image }}:{{ .Values.imageTag }} + imagePullPolicy: IfNotPresent + command: + - bundle + args: + - exec + - rake + - db:migrate + env: + {{- range $key, $val := .Values.env }} + - name: {{ $key | quote }} + value: {{ $val | quote }} + {{- end }} + {{- range $key, $val := .Values.envSecret }} + - name: {{ $key | quote }} + valueFrom: + secretKeyRef: + key: {{ $key | lower | replace "_" "-" }} + name: {{ $val }} + {{- end }} + resources: + limits: + cpu: 50m + memory: 128Mi + requests: + cpu: 50m + memory: 128Mi + dnsPolicy: ClusterFirst + restartPolicy: Never + imagePullSecrets: + - name: {{ .Values.imagePullSecret }} diff --git a/practice/14.ci-cd/README.md b/practice/14.ci-cd/README.md new file mode 100644 index 0000000..c1c632a --- /dev/null +++ b/practice/14.ci-cd/README.md @@ -0,0 +1,32 @@ +# CI/CD в Kubernetes с помощью Gitlab + +## Список практик + +[1.1 Prepare Cluster](1.1.prepare_cluster/README.md) + +[1.2 Deploy](1.2.deploy/README.md) + +[1.3 Show Logs](1.3.logs/README.md) + +[1.4 Improvement_cicd](1.4.improvement_cicd/README.md) + +[1.5 Two containers/](1.5.two_containers//README.md) + +[1.6 Job for migration](1.6.job.migration/README.md) + +## Форк проекта + +> Открываем в браузере репозиторий xpaste. Он находится по адресу + +https://gitlab.slurm.io/devk8s/xpaste + + +> Справа на одной линии с названием проекта видим кнопку fork. Нажимаем ее. +> Выбираем в качестве нэймспэйса в следующем окне свой логин. +> И дожидаемся окончания процесса форка. +> Последним шагом клонируем получившийся форк к себе на админбокс. + +```bash +cd ~ +git clone git@gitlab.slurm.io:s<номер своего логина>/xpaste.git +``` diff --git a/practice/15.kubernetes-features-for-app/.gitkeep b/practice/15.kubernetes-features-for-app/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/practice/2.application-abstractions/1.pod/README.md b/practice/2.application-abstractions/1.pod/README.md new file mode 100644 index 0000000..6a5ebc4 --- /dev/null +++ b/practice/2.application-abstractions/1.pod/README.md @@ -0,0 +1,81 @@ +# Pod + +## 1. Создаем Pod + +Для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/2.application-abstractions/1.pod/pod.yaml +``` + +Проверим результат, для чего выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно следующим: + +```bash +NAME READY STATUS RESTARTS AGE +my-pod 0/1 ContainerCreating 0 2s +``` + +Через какое-то время Pod должен перейти в состояние `Running` +и вывод команды `kubectl get po` станет таким: + +```bash +NAME READY STATUS RESTARTS AGE +my-pod 1/1 Running 0 59s +``` + +## 2. Скейлим приложение + +Открываем файл pod.yaml редактором: + +```bash +vim ~/slurm/practice/2.application-abstractions/1.pod/pod.yaml +``` + +Входим в режим редактирования нажатием `i` и заменяем там строку: + +```diff +- name: my-pod ++ name: my-pod-1 +``` + +Сохраняем и выходим. + +> Для vim нужно нажать последовательность кнопок +> +> `:wq` +> **Esc** - выход из режима редактирования, +> комбинация **:wq** - сохраняет внесенные изменения + +Применяем изменения, для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/2.application-abstractions/1.pod/pod.yaml +``` + +Проверяем результат, для этого выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно следующим: + +```bash +NAME READY STATUS RESTARTS AGE +my-pod 1/1 Running 0 10m +my-pod-1 1/1 Running 0 59s +``` + +## 3. Чистим за собой кластер + +Для этого выполним команду: + +```bash +kubectl delete pod --all +``` diff --git a/practice/2.application-abstractions/1.pod/pod.yaml b/practice/2.application-abstractions/1.pod/pod.yaml new file mode 100644 index 0000000..ebe9dd0 --- /dev/null +++ b/practice/2.application-abstractions/1.pod/pod.yaml @@ -0,0 +1,13 @@ +--- +# file: practice/2.application-abstractions/1.pod/pod.yaml +apiVersion: v1 +kind: Pod +metadata: + name: my-pod +spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 +... diff --git a/practice/2.application-abstractions/2.replicaset/README.md b/practice/2.application-abstractions/2.replicaset/README.md new file mode 100644 index 0000000..d147a8f --- /dev/null +++ b/practice/2.application-abstractions/2.replicaset/README.md @@ -0,0 +1,218 @@ +# ReplicaSet + +## 1. Создаем Replicaset + +Для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/2.application-abstractions/2.replicaset/replicaset.yaml +``` + +Проверим результат, для этого выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно следующим: + +```bash +NAME READY STATUS RESTARTS AGE +my-replicaset-pbtdm 0/1 ContainerCreating 0 2s +my-replicaset-z7rwm 0/1 ContainerCreating 0 2s +``` + +## 2. Скейлим Replicaset + +Для этого выполним команду: + +```bash +kubectl scale replicaset my-replicaset --replicas 3 +``` + +Проверим результат, для этого выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно следующим: + +```bash +NAME READY STATUS RESTARTS AGE +my-replicaset-pbtdm 1/1 Running 0 2m +my-replicaset-szqgz 0/1 ContainerCreating 0 1s +my-replicaset-z7rwm 1/1 Running 0 2m +``` + +## 3. Удаляем один из Pod + +Для этого выполним команду подставив имя своего Pod: + +> можно воспользоваться автоподстановкой по TAB + +```bash +kubectl delete pod my-replicaset-pbtdm +``` + +Проверим результат, для этого выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно следующим: + +```bash +NAME READY STATUS RESTARTS AGE +my-replicaset-55qdj 0/1 ContainerCreating 0 1s +my-replicaset-pbtdm 1/1 Running 0 4m +my-replicaset-szqgz 1/1 Running 0 2m +my-replicaset-z7rwm 0/1 Terminating 0 4m +``` + +## 4. Добавляем в Replicaset лишний Pod + +Открываем файл `2.replicaset/pod.yaml` + +```bash +vim ~/slurm/practice/2.application-abstractions/2.replicaset/pod.yaml +``` + +И в него после metadata: на следующей строке добавляем: + +```yaml + labels: + app: my-app +``` + +В итоге должно получиться: + +```yaml +............. +kind: Pod +metadata: + name: my-pod + labels: + app: my-app +spec: +............. +``` + +Сохраняем и выходим. + +Создаем дополнительный Pod, для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/2.application-abstractions/2.replicaset/pod.yaml +``` + +Проверяем результат, для этого выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно следующим: + +```bash +NAME READY STATUS RESTARTS AGE +my-pod 0/1 Terminating 0 1s +my-replicaset-55qdj 1/1 Running 0 3m +my-replicaset-pbtdm 1/1 Running 0 8m +my-replicaset-szqgz 1/1 Running 0 6m +``` + +## 5. Обновляем версию Image + +Для этого выполним команду: + +```bash +kubectl set image replicaset my-replicaset nginx=nginx:1.13 +``` + +Проверяем результат, для этого выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно следующим: + +```bash +NAME READY STATUS RESTARTS AGE +my-replicaset-55qdj 1/1 Running 0 3m +my-replicaset-pbtdm 1/1 Running 0 8m +my-replicaset-szqgz 1/1 Running 0 6m +``` + +И проверяем сам Replicaset, для чего выполним команду: + +```bash +kubectl describe replicaset my-replicaset +``` + +В результате находим строку Image и видим: + +```bash + Containers: + nginx: + Image: nginx:1.13 +``` + +Проверяем версию image в pod. Для этого выполним команду, подставив имя своего Pod + +```bash +kubectl describe pod my-replicaset-55qdj +``` + +Видим что версия имаджа в поде не изменилась: + +```bash + Containers: + nginx: + Image: nginx:1.12 +``` + +Помогаем поду обновиться - для этого выполним команду, подставив имя своего Pod + +```bash +kubectl delete po my-replicaset-55qdj +``` + +Проверяем результат, для этого выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно следующим: + +```bash +NAME READY STATUS RESTARTS AGE +my-replicaset-55qdj 0/1 Terminating 0 11m +my-replicaset-cwjlf 0/1 ContainerCreating 0 1s +my-replicaset-pbtdm 1/1 Running 0 16m +my-replicaset-szqgz 1/1 Running 0 14m +``` + +Проверяем версию Image в новом Pod. Для этого выполним команду, +подставив имя своего Pod + +```bash +kubectl describe pod my-replicaset-cwjlf +``` + +Результат должен быть примерно следующим: + +```bash + Image: nginx:1.13 +``` + +## 6. Чистим за собой кластер + +Для этого выполним команду: + +```bash +kubectl delete replicaset --all +``` diff --git a/practice/2.application-abstractions/2.replicaset/pod.yaml b/practice/2.application-abstractions/2.replicaset/pod.yaml new file mode 100644 index 0000000..49c1854 --- /dev/null +++ b/practice/2.application-abstractions/2.replicaset/pod.yaml @@ -0,0 +1,13 @@ +--- +# file: practice/2.application-abstractions/2.replicaset/pod.yaml +apiVersion: v1 +kind: Pod +metadata: + name: my-pod +spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 +... diff --git a/practice/2.application-abstractions/2.replicaset/replicaset.yaml b/practice/2.application-abstractions/2.replicaset/replicaset.yaml new file mode 100644 index 0000000..ec868da --- /dev/null +++ b/practice/2.application-abstractions/2.replicaset/replicaset.yaml @@ -0,0 +1,22 @@ +--- +# file: practice/2.application-abstractions/2.replicaset/replicaset.yaml +apiVersion: apps/v1 +kind: ReplicaSet +metadata: + name: my-replicaset +spec: + replicas: 2 + selector: + matchLabels: + app: my-app + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 +... diff --git a/practice/2.application-abstractions/3.deployment/README.md b/practice/2.application-abstractions/3.deployment/README.md new file mode 100644 index 0000000..fa459a8 --- /dev/null +++ b/practice/2.application-abstractions/3.deployment/README.md @@ -0,0 +1,102 @@ +# Deployment + +## 1. Создаем deployment + +Для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/2.application-abstractions/3.deployment/ +``` + +Проверяем список pods, для этого выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно таким: + +```bash +NAME READY STATUS RESTARTS AGE +my-deployment-7c768c95c4-47jxz 0/1 ContainerCreating 0 2s +my-deployment-7c768c95c4-lx9bm 0/1 ContainerCreating 0 2s +``` + +Проверяем список replicaset, для этого выполним команду: + +```bash +kubectl get replicaset +``` + +Результат должен быть примерно таким: + +```bash +NAME DESIRED CURRENT READY AGE +my-deployment-7c768c95c4 2 2 2 1m +``` + +## 2. Обновляем версию image + +Обновляем версию image для container в deployment my-deployment. +Для этого выполним команду: + +```bash +kubectl set image deployment my-deployment nginx=nginx:1.13 +``` + +Проверяем результат, для этого выполним команду: + +```bash +kubectl get pod +``` + +Результат должен быть примерно таким: + +```bash +NAME READY STATUS RESTARTS AGE +my-deployment-685879478f-7t6ws 0/1 ContainerCreating 0 1s +my-deployment-685879478f-gw7sq 0/1 ContainerCreating 0 1s +my-deployment-7c768c95c4-47jxz 0/1 Terminating 0 5m +my-deployment-7c768c95c4-lx9bm 1/1 Running 0 5m +``` + +И через какое-то время вывод этой команды станет: + +```bash +NAME READY STATUS RESTARTS AGE +my-deployment-685879478f-7t6ws 1/1 Running 0 33s +my-deployment-685879478f-gw7sq 1/1 Running 0 33s +``` + +Проверяем что в новых pod новый image. Для этого выполним команду, +заменив имя pod на имя вашего pod: + +```bash +kubectl describe pod my-deployment-685879478f-7t6ws +``` + +Результат должен быть примерно таким: + +```bash + Image: nginx:1.13 +``` + +Проверяем что стало с replicaset, для этого выполним команду: + +```bash +kubectl get replicaset +``` + +Результат должен быть примерно таким: + +```bash +NAME DESIRED CURRENT READY AGE +my-deployment-685879478f 2 2 2 2m +my-deployment-7c768c95c4 0 0 0 7m +``` + +## 3. Чистим за собой кластер + +```bash +kubectl delete deployment --all +``` diff --git a/practice/2.application-abstractions/3.deployment/deployment.yaml b/practice/2.application-abstractions/3.deployment/deployment.yaml new file mode 100644 index 0000000..acc1a80 --- /dev/null +++ b/practice/2.application-abstractions/3.deployment/deployment.yaml @@ -0,0 +1,22 @@ +--- +# file: practice/2.application-abstractions/3.deployment/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 2 + selector: + matchLabels: + app: my-app + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 +... diff --git a/practice/2.application-abstractions/4.resources/README.md b/practice/2.application-abstractions/4.resources/README.md new file mode 100644 index 0000000..df7385e --- /dev/null +++ b/practice/2.application-abstractions/4.resources/README.md @@ -0,0 +1,63 @@ +# Resources + +## 1. Создаем deployment с ресурсами + +```bash +kubectl apply -f ~/slurm/practice/2.application-abstractions/4.resources/ +``` + +Смотрим что получилось + +```bash +kubectl get pod +``` + +Должны увидеть что-то типа такого + +```bash +NAME READY STATUS RESTARTS AGE +my-deployment-57fff9c845-2qv5l 0/1 ContainerCreating 0 1s +my-deployment-57fff9c845-h8bbw 0/1 ContainerCreating 0 1s +``` + +## 2. Увеличиваем количество ресурсов для нашего деплоймента + +```bash +kubectl patch deployment my-deployment --patch '{"spec":{"template":{"spec":{"containers":[{"name":"nginx","resources":{"requests":{"cpu":"10"},"limits":{"cpu":"10"}}}]}}}}' +``` + +Смотрим что получилось + +```bash +kubectl get pod +``` + +Должны увидеть что-то типа такого + +```bash +NAME READY STATUS RESTARTS AGE +my-deployment-68684546b9-gm894 0/1 Pending 0 37s +my-deployment-9ddd794f9-jvff6 1/1 Running 0 51s +my-deployment-9ddd794f9-ztvq9 1/1 Running 0 51s +``` + +Смотрим, почему поды не могут создаться + +```bash +kubectl describe po my-deployment-845d88fdcf-9bd29 +``` + +Видим в эвентах что-то типа + +```bash +Events: + Type Reason Age From Message + ---- ------ ---- ---- ------- + Warning FailedScheduling 87s default-scheduler 0/8 nodes are available: 8 Insufficient cpu. +``` + +## 3. Чистим за собой кластер + +```bash +kubectl delete deployment --all +``` diff --git a/practice/2.application-abstractions/4.resources/deployment-with-resources.yaml b/practice/2.application-abstractions/4.resources/deployment-with-resources.yaml new file mode 100644 index 0000000..10f0222 --- /dev/null +++ b/practice/2.application-abstractions/4.resources/deployment-with-resources.yaml @@ -0,0 +1,29 @@ +--- +# file: practice/2.application-abstractions/4.resources/deployment-with-resources.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 2 + selector: + matchLabels: + app: my-app + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi +... diff --git a/practice/3.saving-configurations/1.env/README.md b/practice/3.saving-configurations/1.env/README.md new file mode 100644 index 0000000..5bac349 --- /dev/null +++ b/practice/3.saving-configurations/1.env/README.md @@ -0,0 +1,47 @@ +# Secret + +1) Применим манифесты для создания configmap и запуск deployment + +Для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/3.saving-configurations/1.env/deployment-with-env.yaml +``` + +2) Проверяем результат + +Для этого выполним команду, подставив вместо < RANDOM > нужное значение(`автоподстановка по TAB`): + +```bash +kubectl describe pod my-deployment-< RANDOM > +``` + +Результат должен содержать: + +```bash +Environment: + TEST: foo +``` + +3) Создаем configmap + +```bash +kubectl apply -f ~/slurm/practice/3.saving-configurations/1.env/configmap.yaml +kubectl apply -f ~/slurm/practice/3.saving-configurations/1.env/deployment-with-env-cm.yaml +``` + +4) Проверяем результат + +Для этого выполним команду, подставив вместо < RANDOM > нужное значение(`автоподстановка по TAB`): + +```bash +kubectl exec -it my-deployment-< RANDOM > -- env +``` + +Результат должен содержать: + +```bash +TEST=foo +dbhost=postgresql +DEBUG=false +``` diff --git a/practice/3.saving-configurations/1.env/configmap.yaml b/practice/3.saving-configurations/1.env/configmap.yaml new file mode 100644 index 0000000..dcd5f21 --- /dev/null +++ b/practice/3.saving-configurations/1.env/configmap.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-configmap-env +data: + dbhost: postgresql + DEBUG: "false" +... diff --git a/practice/3.saving-configurations/1.env/deployment-with-env-cm.yaml b/practice/3.saving-configurations/1.env/deployment-with-env-cm.yaml new file mode 100644 index 0000000..285de23 --- /dev/null +++ b/practice/3.saving-configurations/1.env/deployment-with-env-cm.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + env: + - name: TEST + value: foo + envFrom: + - configMapRef: + name: my-configmap-env + ports: + - containerPort: 80 + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi +... diff --git a/practice/3.saving-configurations/1.env/deployment-with-env.yaml b/practice/3.saving-configurations/1.env/deployment-with-env.yaml new file mode 100644 index 0000000..7b79ce8 --- /dev/null +++ b/practice/3.saving-configurations/1.env/deployment-with-env.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + env: + - name: TEST + value: foo + ports: + - containerPort: 80 + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi +... diff --git a/practice/3.saving-configurations/2.secret/README.md b/practice/3.saving-configurations/2.secret/README.md new file mode 100644 index 0000000..2088e94 --- /dev/null +++ b/practice/3.saving-configurations/2.secret/README.md @@ -0,0 +1,62 @@ +# Secret + +1) Создаем секрет + +Для этого выполним команду: + +```bash +kubectl create secret generic test --from-literal=test1=asdf --from-literal=dbpassword=1q2w3e +kubectl get secret +kubectl get secret test -o yaml +``` + +2) Применим наш деплоймент + +Для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/3.saving-configurations/2.secret/deployment-with-secret.yaml +``` + +3) Проверяем результат + +Для этого выполним команду, подставив вместо < RANDOM > нужное значение(`автоподстановка по TAB`): + +```bash +kubectl describe pod my-deployment-< RANDOM > +``` + +Результат должен содержать: + +```bash +Environment: + TEST: foo + TEST_1: Optional: false +``` + +4) Применяем манифест с секретом + +```bash +kubectl apply -f ~/slurm/practice/3.saving-configurations/2.secret/secret.yaml +``` + +5) Проверяем что в секрете + +```bash +kubectl get secret test -o yaml +``` + +6) Исправляем манифест секрета и применяем + +```bash +# изменяем ключ test на test1 +vim secret.yaml + +kubectl apply -f secret.yaml +``` + +7) Проверяем что в секрете + +```bash +kubectl get secret test -o yaml +``` diff --git a/practice/3.saving-configurations/2.secret/deployment-with-secret.yaml b/practice/3.saving-configurations/2.secret/deployment-with-secret.yaml new file mode 100644 index 0000000..975f608 --- /dev/null +++ b/practice/3.saving-configurations/2.secret/deployment-with-secret.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + envFrom: + - configMapRef: + name: my-configmap-env + env: + - name: TEST + value: foo + - name: TEST_1 + valueFrom: + secretKeyRef: + name: test + key: test1 + ports: + - containerPort: 80 + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi +... diff --git a/practice/3.saving-configurations/2.secret/secret.yaml b/practice/3.saving-configurations/2.secret/secret.yaml new file mode 100644 index 0000000..4fbdb76 --- /dev/null +++ b/practice/3.saving-configurations/2.secret/secret.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: test +stringData: + test: updated +... diff --git a/practice/3.saving-configurations/3.configmap/README.md b/practice/3.saving-configurations/3.configmap/README.md new file mode 100644 index 0000000..1aabd56 --- /dev/null +++ b/practice/3.saving-configurations/3.configmap/README.md @@ -0,0 +1,44 @@ +# Configmap + +1) Создаем configmap + +Для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/3.saving-configurations/3.configmap/ +``` + +2) Проверяем + +Проверим, что configmap попал в контейнер, для этого пробросим порт из пода и выполним curl. +Для этого выполним команду, заменив имя pod на имя вашего pod(``можно воспользоваться автоподстановкой по TAB``). + +& - это запуск команд в фоновом режиме, потом вводим следующую команду. +```bash +kubectl port-forward my-deployment-5b47d48b58-l4t67 8080:80 & +curl 127.0.0.1:8080 +``` + +В результате выполнения curl увидим имя пода, который обработал запрос. Результат должен быть примерно таким: + +```bash +my-deployment-5b47d48b58-l4t67 +``` + +3) Обновим configmap + +```bash +kubectl edit configmap my-configmap + +# изменим текст ответа + + return 200 '$hostname\nOK\n'; +``` + +4) Проверим вывод пода + +```bash +curl 127.0.0.1:8080 +``` + +Вывод не изменился diff --git a/practice/3.saving-configurations/3.configmap/configmap.yaml b/practice/3.saving-configurations/3.configmap/configmap.yaml new file mode 100644 index 0000000..9a758d6 --- /dev/null +++ b/practice/3.saving-configurations/3.configmap/configmap.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-configmap +data: + default.conf: | + server { + listen 80 default_server; + server_name _; + + default_type text/plain; + + location / { + return 200 '$hostname\n'; + } + } +... diff --git a/practice/3.saving-configurations/3.configmap/deployment-with-configmap.yaml b/practice/3.saving-configurations/3.configmap/deployment-with-configmap.yaml new file mode 100644 index 0000000..1c71268 --- /dev/null +++ b/practice/3.saving-configurations/3.configmap/deployment-with-configmap.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: config + mountPath: /etc/nginx/conf.d/ + volumes: + - name: config + configMap: + name: my-configmap +... diff --git a/practice/3.saving-configurations/4.downward/README.md b/practice/3.saving-configurations/4.downward/README.md new file mode 100644 index 0000000..dfc77a0 --- /dev/null +++ b/practice/3.saving-configurations/4.downward/README.md @@ -0,0 +1,41 @@ +# Secret + +1) Применим деплоймент + +Для этого выполним команду: + +```bash +kubectl apply -f ~/slurm/practice/3.saving-configurations/4.downward/ +``` + +2) Смотрим переменные окружения в контейнере + +Для этого выполним команду, подставив вместо < RANDOM > нужное значение(`автоподстановка по TAB`): + +```bash +kubectl exec -it my-deployment-< RANDOM > -- env +``` + +3) Смотрим файлы в контейнере /etc/podinfo + +Для этого выполним команду, подставив вместо < RANDOM > нужное значение(`автоподстановка по TAB`): + +```bash +kubectl exec -it my-deployment-< RANDOM > -- cat /etc/podinfo/labels + +kubectl exec -it my-deployment-< RANDOM > -- cat /etc/podinfo/annotations +``` + +PS: Документация + +https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/ +https://kubernetes.io/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/ + +4) Очистка + +``` +kubectl delete deployment my-deployment +kubectl delete configmap my-configmap-env +kubectl delete configmap my-configmap +kubectl delete secret test +``` diff --git a/practice/3.saving-configurations/4.downward/deployment-with-downward-api.yaml b/practice/3.saving-configurations/4.downward/deployment-with-downward-api.yaml new file mode 100644 index 0000000..03bd6d6 --- /dev/null +++ b/practice/3.saving-configurations/4.downward/deployment-with-downward-api.yaml @@ -0,0 +1,83 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + env: + - name: TEST + value: foo + - name: TEST_1 + valueFrom: + secretKeyRef: + name: test + key: test1 + - name: __NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: __POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: __POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: __POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: __NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: __POD_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + ports: + - containerPort: 80 + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: config + mountPath: /etc/nginx/conf.d/ + - name: podinfo + mountPath: /etc/podinfo + volumes: + - name: config + configMap: + name: my-configmap + - name: podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations +... diff --git a/practice/4.saving-data/1.hostpath/README.md b/practice/4.saving-data/1.hostpath/README.md new file mode 100644 index 0000000..bdc7093 --- /dev/null +++ b/practice/4.saving-data/1.hostpath/README.md @@ -0,0 +1,11 @@ +# Hostpath + +1) Применяем манифест + +```bash +kubectl apply -f ~/slurm/practice/4.saving-data/1.hostpath/ + +kubectl get pod +kubectl get all +kubectl describe replicaset +``` diff --git a/practice/4.saving-data/1.hostpath/deployment.yaml b/practice/4.saving-data/1.hostpath/deployment.yaml new file mode 100644 index 0000000..7c002ed --- /dev/null +++ b/practice/4.saving-data/1.hostpath/deployment.yaml @@ -0,0 +1,40 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: data + mountPath: /files + volumes: + - name: data + hostPath: + path: /data_pod +... diff --git a/practice/4.saving-data/2.emptydir/README.md b/practice/4.saving-data/2.emptydir/README.md new file mode 100644 index 0000000..4deee98 --- /dev/null +++ b/practice/4.saving-data/2.emptydir/README.md @@ -0,0 +1,31 @@ +# EmptyDir + +1) Применяем манифест + +```bash +kubectl apply -f ~/slurm/practice/4.saving-data/2.emptydir/ +``` + +2) Заходим в под и создаем файлик на томе empty dir + +```bash +kubectl exec -it my-deployment- -- sh -c 'echo "Some data" > /files/data.txt' + +kubectl exec -it my-deployment- -- cat /files/data.txt +``` + +3) Удаляем под и ищем данные + +```bash +kubectl delete pod my-deployment- +``` + +```bash +kubectl exec -it my-deployment- -- cat /files/data.txt +``` + +4) Очищаем + +```bash +kubectl delete deployment my-deployment +``` diff --git a/practice/4.saving-data/2.emptydir/deployment.yaml b/practice/4.saving-data/2.emptydir/deployment.yaml new file mode 100644 index 0000000..dd6a460 --- /dev/null +++ b/practice/4.saving-data/2.emptydir/deployment.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 1 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: data + mountPath: /files + volumes: + - name: data + emptyDir: {} +... diff --git a/practice/4.saving-data/3.pvc/README.md b/practice/4.saving-data/3.pvc/README.md new file mode 100644 index 0000000..90c4d1e --- /dev/null +++ b/practice/4.saving-data/3.pvc/README.md @@ -0,0 +1,29 @@ +# PV/PVC + +1) Применяем манифест pvc.yml + +```bash +kubectl apply -f ~/slurm/practice/4.saving-data/3.pvc/pvc.yaml + +kubectl get pvc +kubectl get pv +``` + +2) Запустим приложение, использующее PV + +```bash +kubectl apply -f ~/slurm/practice/4.saving-data/3.pvc/ +``` + +3) Посмотрим describe и смонтированные тома в контейнере + +```bash +kubectl describe pod fileshare- +kubectl exec -it fileshare- -- df -h +``` + +4) Очищаем + +```bash +kubectl delete -f ~/slurm/practice/4.saving-data/3.pvc/ +``` diff --git a/practice/4.saving-data/3.pvc/configmap.yaml b/practice/4.saving-data/3.pvc/configmap.yaml new file mode 100644 index 0000000..5db8007 --- /dev/null +++ b/practice/4.saving-data/3.pvc/configmap.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fileshare +data: + default.conf: | + server { + listen 80 default_server; + server_name _; + + default_type text/plain; + + location / { + return 200 '$hostname\n'; + } + + location /files { + alias /data; + autoindex on; + client_body_temp_path /tmp; + dav_methods PUT DELETE MKCOL COPY MOVE; + create_full_put_path on; + dav_access user:rw group:rw all:r; + } + } diff --git a/practice/4.saving-data/3.pvc/deployment.yaml b/practice/4.saving-data/3.pvc/deployment.yaml new file mode 100644 index 0000000..4fc2787 --- /dev/null +++ b/practice/4.saving-data/3.pvc/deployment.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fileshare +spec: + replicas: 2 + selector: + matchLabels: + app: fileshare + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: fileshare + spec: + initContainers: + - image: busybox + name: mount-permissions-fix + command: ["sh", "-c", "chmod 777 /data"] + volumeMounts: + - name: data + mountPath: /data + containers: + - image: centosadmin/reloadable-nginx:1.12 + name: nginx + ports: + - containerPort: 80 + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi + volumeMounts: + - name: config + mountPath: /etc/nginx/conf.d + - name: data + mountPath: /data + volumes: + - name: config + configMap: + name: fileshare + - name: data + persistentVolumeClaim: + claimName: fileshare diff --git a/practice/4.saving-data/3.pvc/pvc.yaml b/practice/4.saving-data/3.pvc/pvc.yaml new file mode 100644 index 0000000..a8e51cc --- /dev/null +++ b/practice/4.saving-data/3.pvc/pvc.yaml @@ -0,0 +1,11 @@ +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: fileshare +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/practice/5.network-abstractions/1.probes/README.md b/practice/5.network-abstractions/1.probes/README.md new file mode 100644 index 0000000..ab43ba4 --- /dev/null +++ b/practice/5.network-abstractions/1.probes/README.md @@ -0,0 +1,43 @@ +### Resources and Probes + +Создаем deployment с ресурсами и пробами + +```bash +kubectl apply -f deployment-with-stuff.yaml +``` + +Смотрим что получилось + +```bash +kubectl get pod +``` + +Должны увидеть что-то типа такого: + +```bash +NAME READY STATUS RESTARTS AGE +my-deployment-69695544f6-v97jr 1/1 Running 0 20s +my-deployment-69695544f6-xcpq9 1/1 Running 0 20s +``` + +Поменяем специально Readiness Probe на заведомо неверную в манифесте и применим его снова + +```bash +vim deployment-with-stuff.yaml +kubectl apply -f deployment-with-stuff.yaml +``` + +Смотрим что получилось + +```bash +kubectl get pod +``` + +Видим что pod'ы не переходят в статус `1/1 Running`. Смотрим describe pod'а: +```bash +kubectl describe po my-deployment-845d88fdcf-9bd29 +``` +Чистим за собой кластер +```bash +kubectl delete deployment --all +``` diff --git a/practice/5.network-abstractions/1.probes/deployment-with-stuff.yaml b/practice/5.network-abstractions/1.probes/deployment-with-stuff.yaml new file mode 100644 index 0000000..338b149 --- /dev/null +++ b/practice/5.network-abstractions/1.probes/deployment-with-stuff.yaml @@ -0,0 +1,57 @@ +--- +# file: practice/1.kube-basics-lecture/4.resources-and-probes/deployment-with-stuff.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 2 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 80 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 80 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 10 + startupProbe: + httpGet: + path: / + port: 80 + failureThreshold: 30 + periodSeconds: 10 + resources: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 100m + memory: 100Mi +... diff --git a/practice/5.network-abstractions/2.ingress-and-services/README.md b/practice/5.network-abstractions/2.ingress-and-services/README.md new file mode 100644 index 0000000..b250b26 --- /dev/null +++ b/practice/5.network-abstractions/2.ingress-and-services/README.md @@ -0,0 +1,87 @@ +## Смотрим на Service'ы Kubernetes'а + +1) Деплоим "основное" приложение + +```bash +cd ~/slurm/practice/5.network-abstractions/2.ingress-and-services/ + +kubectl apply -f app +``` + +2) Запустим тестовое приложение, с которого мы будем обращаться к основному: + +```bash +kubectl run test --image=amouat/network-utils -it bash + +exit +``` + +3) Создаем Service типа ClusterIP: + +```bash +kubectl apply -f clusterip.yaml +``` + +4) Убедимся, что Service работает. Узнаем его IP, зайдем внутрь нашего тестового Pod'а и обратимся к основному приложению, используя имя сервиса и IP: + +```bash +kubectl get svc +kubectl exec test -it bash + +curl +curl my-service + +exit +``` + +5) Создаем Service типа Nodeport: + +```bash +kubectl apply -f nodeport.yaml +``` + +6) Проверяем что все ОК. Смотрим наши Service'ы, находим NodePort. Фиксируем, какой порт нам открылся и проверяем работу Service'а: + +```bash +kubectl get svc + +curl node-1.slurm.io:<свой номер порта> + +curl master-1.slurm.io:<свой номер порта> +``` + +7) Создаем Service LoadBalancer: + +```bash +kubectl create -f loadbalancer.yaml + +kubectl get svc +``` + +8) Подчищаем за собой: + +```bash +kubectl delete svc my-service-lb my-service-np +``` + +## Разбираемся с Ingress'ами + +1) Создадим Ingress без указания хоста: + +```bash +kubectl apply -f nginx-ingress.yaml +kubectl get ing +``` + +2) Попробуем покурлить разные домены: + +```bash +curl my.s<свой номер логина>.k8s.slurm.io + +curl notmy.s<свой номер логина>.k8s.slurm.io +``` + +**САМОСТОЯТЕЛЬНАЯ РАБОТА:** +- Подправить Ingress таким образом, чтобы он работал только на домене `my.s<свой номер логина>.k8s.slurm.io` + +Правильный ответ лежит в `right_answers/` diff --git a/practice/5.network-abstractions/2.ingress-and-services/app/configmap.yaml b/practice/5.network-abstractions/2.ingress-and-services/app/configmap.yaml new file mode 100644 index 0000000..0bda58e --- /dev/null +++ b/practice/5.network-abstractions/2.ingress-and-services/app/configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-configmap +data: + default.conf: | + server { + listen 80 default_server; + server_name _; + default_type text/plain; + + location / { + return 200 '$hostname\n'; + } + } diff --git a/practice/5.network-abstractions/2.ingress-and-services/app/deployment-with-configmap.yaml b/practice/5.network-abstractions/2.ingress-and-services/app/deployment-with-configmap.yaml new file mode 100644 index 0000000..9b3603c --- /dev/null +++ b/practice/5.network-abstractions/2.ingress-and-services/app/deployment-with-configmap.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: my-deployment +spec: + replicas: 2 + selector: + matchLabels: + app: my-app + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: my-app + spec: + containers: + - image: nginx:1.12 + name: nginx + ports: + - containerPort: 80 + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 80 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 80 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 10 + resources: + requests: + cpu: 10m + memory: 100Mi + limits: + cpu: 10m + memory: 100Mi + volumeMounts: + - name: config + mountPath: /etc/nginx/conf.d/ + volumes: + - name: config + configMap: + name: my-configmap diff --git a/practice/5.network-abstractions/2.ingress-and-services/clusterip.yaml b/practice/5.network-abstractions/2.ingress-and-services/clusterip.yaml new file mode 100644 index 0000000..581b3fc --- /dev/null +++ b/practice/5.network-abstractions/2.ingress-and-services/clusterip.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: my-service +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: my-app + type: ClusterIP diff --git a/practice/5.network-abstractions/2.ingress-and-services/loadbalancer.yaml b/practice/5.network-abstractions/2.ingress-and-services/loadbalancer.yaml new file mode 100644 index 0000000..0d317a5 --- /dev/null +++ b/practice/5.network-abstractions/2.ingress-and-services/loadbalancer.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: my-service-lb +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: my-app + type: LoadBalancer diff --git a/practice/5.network-abstractions/2.ingress-and-services/nginx-ingress.yaml b/practice/5.network-abstractions/2.ingress-and-services/nginx-ingress.yaml new file mode 100644 index 0000000..5cfad95 --- /dev/null +++ b/practice/5.network-abstractions/2.ingress-and-services/nginx-ingress.yaml @@ -0,0 +1,17 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: my-ingress-nginx + annotations: + kubernetes.io/ingress.class: "nginx" +spec: + rules: + - http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: my-service + port: + number: 80 diff --git a/practice/5.network-abstractions/2.ingress-and-services/nodeport.yaml b/practice/5.network-abstractions/2.ingress-and-services/nodeport.yaml new file mode 100644 index 0000000..d9f536f --- /dev/null +++ b/practice/5.network-abstractions/2.ingress-and-services/nodeport.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: my-service-np +spec: + ports: + - port: 80 + targetPort: 80 + selector: + app: my-app + type: NodePort diff --git a/practice/5.network-abstractions/2.ingress-and-services/right_answers/.gitkeep b/practice/5.network-abstractions/2.ingress-and-services/right_answers/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/practice/5.network-abstractions/2.ingress-and-services/right_answers/host-ingress.yaml b/practice/5.network-abstractions/2.ingress-and-services/right_answers/host-ingress.yaml new file mode 100644 index 0000000..ee2e4c1 --- /dev/null +++ b/practice/5.network-abstractions/2.ingress-and-services/right_answers/host-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: my-ingress-nginx + annotations: + kubernetes.io/ingress.class: "nginx" +spec: + rules: + - host: my.s<свой номер логина>.k8s.slurm.io + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: my-service + port: + number: 80 diff --git a/practice/7.oneshot-tasks/1.job/README.md b/practice/7.oneshot-tasks/1.job/README.md new file mode 100644 index 0000000..3069102 --- /dev/null +++ b/practice/7.oneshot-tasks/1.job/README.md @@ -0,0 +1,198 @@ +# Job + +### Запускаем простой job + +1) Создаем job + +```bash +cd ~/slurm/practice/7.oneshot-tasks/1.job +kubectl apply -f job.yaml +``` + +2) Проверяем + +```bash +kubectl get job +``` + +Видим: + +```bash +NAME COMPLETIONS DURATION AGE +hello 1/1 2s 88s +``` + +3) Смотрим на поды + +```bash +kubectl get pod +``` + +Видим под, созданный джобой: + +```bash +NAME READY STATUS RESTARTS AGE +hello-6l9tv 0/1 Completed 0 2m6s +``` + +4) Смотрим его логи + +```bash +kubectl logs hello-6l9tv +``` + +Видим что все отработало правильно: + +```bash +Mon Mar 18 15:06:10 UTC 2019 +Hello from the Kubernetes cluster +``` + +5) Удаляем джоб + +```bash +kubectl delete job hello +``` + +### Проверяем работу параметра backoffLimit + +6) Открываем файл job.yaml и находим командy выполняющуюся в поде + +```yaml +args: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster +``` + +И ломаем полностью: + +```yaml +args: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster; exit 1 +``` + +7) Создаем джоб + +```bash +kubectl apply -f job.yaml +``` + +8) Проверяем + +```bash +kubectl get job +``` + +Видим: + +```bash +NAME COMPLETIONS DURATION AGE +hello 0/1 27s 27s +``` + +9) Смотрим на поды + +```bash +kubectl get pod +``` + +Видим поды, созданные джобой: + +```bash +NAME READY STATUS RESTARTS AGE +hello-5nvqf 0/1 Error 0 22m +hello-ks4ks 0/1 Error 0 22m +hello-rl984 0/1 Error 0 22m +``` + +Они в статусе Error + +10) Смотрим в описание джобы + +```bash +kubectl describe job hello +``` + +Видим, что backoffLimit сработал + +```bash + Warning BackoffLimitExceeded 23m job-controller Job has reached the specified backoff limit +``` + +11) Удаляем джоб + +```bash +kubectl delete job hello +``` + +### Проверяем работу параметра activeDeadlineSeconds + +12) Открываем файл job.yaml и находим командy, выполняющуюся в поде + +```yaml +args: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster +``` + +И делаем ее бесконечной + +```yaml +args: + - /bin/sh + - -c + - while true; do date; echo Hello from the Kubernetes cluster; sleep 1; done +``` + +13) Создаем джоб + +```bash +kubectl apply -f job.yaml +``` + +14) Проверяем + +```bash +kubectl get job +``` + +Видим: + +```bash +NAME COMPLETIONS DURATION AGE +hello 0/1 27s 27s +``` + +15) Смотрим на поды + +```bash +kubectl get pod +``` + +Видим поды, созданный джобой + +```bash +NAME READY STATUS RESTARTS AGE +hello-bt6g6 1/1 Running 0 5s +``` + +16) Ждем 60 секунд и проверяем джоб + +```bash +kubectl describe job hello +``` + +Видим, что activeDeadlineSeconds сработал +```bash + Warning DeadlineExceeded 2m17s job-controller Job was active longer than specified deadline +``` + +17) Удаляем джоб + +```bash +kubectl delete job hello +``` diff --git a/practice/7.oneshot-tasks/1.job/job.yaml b/practice/7.oneshot-tasks/1.job/job.yaml new file mode 100644 index 0000000..06623ae --- /dev/null +++ b/practice/7.oneshot-tasks/1.job/job.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: hello +spec: + backoffLimit: 2 + activeDeadlineSeconds: 60 + template: + spec: + containers: + - name: hello + image: busybox + args: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster + restartPolicy: Never diff --git a/practice/7.oneshot-tasks/2.cronjob/README.md b/practice/7.oneshot-tasks/2.cronjob/README.md new file mode 100644 index 0000000..278d6db --- /dev/null +++ b/practice/7.oneshot-tasks/2.cronjob/README.md @@ -0,0 +1,59 @@ +# CronJob + +1) Создаем крон джоб + +```bash +cd ~/slurm/practice/7.oneshot-tasks/2.cronjob +kubectl apply -f cronjob.yaml +``` + +2) Проверяем + +```bash +kubectl get cronjob +``` + +Видим: + +```bash +NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE +hello */1 * * * * False 0 14s +``` + +3) Через минуту пробуем посмотреть на джобы + +```bash +kubectl get job +``` + +Видим созданный джоб + +```bash +NAME COMPLETIONS DURATION AGE +hello-1552924260 1/1 2s 49s +``` + +4) Смотрим на поды + +```bash +kubectl get pod +``` + +Видим под + +```bash +NAME READY STATUS RESTARTS AGE +hello-1552924260-gp7pk 0/1 Completed 0 80s +``` + +5) Если мы подождем 5-10 минут, то увидим что старые джобы и поды удаляются по мере появления новых + +```bash +kubectl get job,pod +``` + +6) Удаляем крон джоб + +```bash +kubectl delete -f cronjob.yaml +``` diff --git a/practice/7.oneshot-tasks/2.cronjob/cronjob.yaml b/practice/7.oneshot-tasks/2.cronjob/cronjob.yaml new file mode 100644 index 0000000..3c1c9be --- /dev/null +++ b/practice/7.oneshot-tasks/2.cronjob/cronjob.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: hello +spec: + schedule: "*/1 * * * *" + concurrencyPolicy: Allow + jobTemplate: + spec: + backoffLimit: 2 + activeDeadlineSeconds: 100 + template: + spec: + containers: + - name: hello + image: busybox + args: + - /bin/sh + - -c + - date; echo Hello from the Kubernetes cluster + restartPolicy: Never diff --git a/practice/8.deployment-alternative/1.daemonset/README.md b/practice/8.deployment-alternative/1.daemonset/README.md new file mode 100644 index 0000000..8ef0407 --- /dev/null +++ b/practice/8.deployment-alternative/1.daemonset/README.md @@ -0,0 +1,39 @@ +# DaemonSet + +1) Переходим в директорию с практикой. + +```bash +cd ~/slurm/practice/4.advanced-abstractions/1.daemonset +``` + +2) Создаем демонсет + +```bash +kubectl apply -f daemonset.yaml +``` + +В ответ должны увидеть + +```bash +daemonset.apps/node-exporter created +``` + +3) Смотрим на поды + +```bash +kubectl get pod -o wide +``` + +Видим +```bash +NAME READY STATUS RESTARTS AGE IP NODE +node-exporter-g5tt8 2/2 Running 0 11s 10.107.32.4 gke-s000-default-pool-41fb7951-ntk8 +node-exporter-jczbm 2/2 Running 0 32s 10.107.32.3 gke-s000-default-pool-41fb7951-4sns +node-exporter-xpb9f 2/2 Running 0 22s 10.107.32.2 gke-s000-default-pool-41fb7951-lkjn +``` + +4) Чистим за собой кластер + +```bash +kubectl delete -f daemonset.yaml +``` diff --git a/practice/8.deployment-alternative/1.daemonset/daemonset.yaml b/practice/8.deployment-alternative/1.daemonset/daemonset.yaml new file mode 100644 index 0000000..ccc0dbf --- /dev/null +++ b/practice/8.deployment-alternative/1.daemonset/daemonset.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: node-exporter + name: node-exporter +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: node-exporter + template: + metadata: + labels: + app: node-exporter + spec: + containers: + - name: node-exporter + image: k8s.gcr.io/pause:3.3 + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 10m + memory: 64Mi + requests: + cpu: 10m + memory: 64Mi + nodeSelector: + beta.kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + runAsUser: 65534 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/ingress diff --git a/practice/8.deployment-alternative/2.statefulset/README.md b/practice/8.deployment-alternative/2.statefulset/README.md new file mode 100644 index 0000000..afc6001 --- /dev/null +++ b/practice/8.deployment-alternative/2.statefulset/README.md @@ -0,0 +1,116 @@ +# StatefulSet + +### Создаем стэйтфулсет + +1) Применяем каталог с манифестами + +```bash +kubectl apply -f rabbitmq-statefulset +``` + +В ответ должны увидеть + +```bash +configmap/rabbitmq-config created +role.rbac.authorization.k8s.io/endpoint-reader created +rolebinding.rbac.authorization.k8s.io/endpoint-reader created +service/rabbitmq created +serviceaccount/rabbitmq created +statefulset.apps/rabbitmq created +``` + +3) Смотрим на поды + +```bash +kubectl get pod +``` + +Видим: + +```bash +NAME READY STATUS RESTARTS AGE +rabbitmq-0 0/1 ContainerCreating 0 31s +``` + +Поды начали создаваться по одному, с нулевого +Ждем, пока get pod не вернет все три работающих пода +Должно быть так: + +```bash +NAME READY STATUS RESTARTS AGE +rabbitmq-0 1/1 Running 0 10m +rabbitmq-1 1/1 Running 0 7m +``` + +4) Проверяем что под каждый pod создался pvc + +```bash + kubectl get pvc +``` + +Видим: + +```bash +NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE +data-rabbitmq-0 Bound pvc-d9030631-496e-11e9-96e5-4201ac101193 2Gi RWO standard 10m +data-rabbitmq-1 Bound pvc-01c40ac5-496f-11e9-96e5-4201ac101193 2Gi RWO standard 7m +``` + +## Проверяем сервис + +5) Запускаем под для тестов + +```bash +kubectl run -t -i --rm --image centosadmin/utils test bash +``` + +6) Дальше уже из этого пода выполняем: + +```bash +nslookup rabbitmq +``` + +В ответ видим, что DNS возвращает IP всех подов (IP подов можно проверить в соседней консоли через kubectl get pod -o wide) + +```bash +Server: 10.107.0.10 +Address: 10.107.0.10#53 + +Name: rabbitmq.default.svc.cluster.local +Address: 10.107.16.12 +Name: rabbitmq.default.svc.cluster.local +Address: 10.107.16.13 +Name: rabbitmq.default.svc.cluster.local +Address: 10.107.18.24 +``` + +7) Пробуем резолвить конкретный инстанс + +```bash +nslookup rabbitmq-0.rabbitmq +``` + +В ответ видим, что DNS возвращает IP пода rabbitmq-0 + +```bash +Server: 10.107.0.10 +Address: 10.107.0.10#53 + +Name: rabbitmq-0.rabbitmq.default.svc.cluster.local +Address: 10.107.16.12 +``` + +8) Выходим из тестового пода + +```bash +exit +``` + +9) Чистим за собой кластер + +```bash +kubectl delete -f rabbitmq-statefulset +kubectl delete pvc --all +``` + +Обязательно удаляем PVC отдельно! Удаление стэйтфулсета не чистит PVC diff --git a/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/configmap.yaml b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/configmap.yaml new file mode 100644 index 0000000..a27b471 --- /dev/null +++ b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/configmap.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: rabbitmq-config +data: + enabled_plugins: | + [rabbitmq_peer_discovery_k8s]. + rabbitmq.conf: | + ## Cluster formation. See http://www.rabbitmq.com/cluster-formation.html to learn more. + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default + ## Should RabbitMQ node name be computed from the pod's hostname or IP address? + ## IP addresses are not stable, so using [stable] hostnames is recommended when possible. + ## Set to "hostname" to use pod hostnames. + ## When this value is changed, so should the variable used to set the RABBITMQ_NODENAME + ## environment variable. + cluster_formation.k8s.address_type = hostname + ## How often should node cleanup checks run? + cluster_formation.node_cleanup.interval = 30 + ## Set to false if automatic removal of unknown/absent nodes + ## is desired. This can be dangerous, see + ## * http://www.rabbitmq.com/cluster-formation.html#node-health-checks-and-cleanup + ## * https://groups.google.com/forum/#!msg/rabbitmq-users/wuOfzEywHXo/k8z_HWIkBgAJ + cluster_formation.node_cleanup.only_log_warning = true + cluster_partition_handling = autoheal + ## See http://www.rabbitmq.com/ha.html#master-migration-data-locality + queue_master_locator=min-masters + ## See http://www.rabbitmq.com/access-control.html#loopback-users + loopback_users.guest = false diff --git a/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/role.yaml b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/role.yaml new file mode 100644 index 0000000..6937a73 --- /dev/null +++ b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/role.yaml @@ -0,0 +1,9 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: endpoint-reader +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get"] diff --git a/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/rolebinding.yaml b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/rolebinding.yaml new file mode 100644 index 0000000..0e5babb --- /dev/null +++ b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/rolebinding.yaml @@ -0,0 +1,12 @@ +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: endpoint-reader +subjects: + - kind: ServiceAccount + name: rabbitmq +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: endpoint-reader diff --git a/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/service.yaml b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/service.yaml new file mode 100644 index 0000000..c8e2f6d --- /dev/null +++ b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/service.yaml @@ -0,0 +1,16 @@ +--- +kind: Service +apiVersion: v1 +metadata: + name: rabbitmq + labels: + app: rabbitmq +spec: + clusterIP: None + ports: + - name: amqp + protocol: TCP + port: 5672 + targetPort: 5672 + selector: + app: rabbitmq diff --git a/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/serviceaccount.yaml b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/serviceaccount.yaml new file mode 100644 index 0000000..81ce324 --- /dev/null +++ b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/serviceaccount.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rabbitmq diff --git a/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/statefulset.yaml b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/statefulset.yaml new file mode 100644 index 0000000..d20f9d2 --- /dev/null +++ b/practice/8.deployment-alternative/2.statefulset/rabbitmq-statefulset/statefulset.yaml @@ -0,0 +1,92 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: rabbitmq +spec: + serviceName: rabbitmq + replicas: 2 + selector: + matchLabels: + app: rabbitmq + template: + metadata: + labels: + app: rabbitmq + spec: + serviceAccountName: rabbitmq + terminationGracePeriodSeconds: 10 + containers: + - name: rabbitmq-k8s + image: rabbitmq:3.7 + env: + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: RABBITMQ_USE_LONGNAME + value: "true" + - name: RABBITMQ_NODENAME + value: "rabbit@$(MY_POD_IP)" + - name: K8S_SERVICE_NAME + value: "rabbitmq" + - name: RABBITMQ_ERLANG_COOKIE + value: "mycookie" + ports: + - name: amqp + protocol: TCP + containerPort: 5672 + resources: + limits: + cpu: 1000m + memory: 1024Mi + requests: + cpu: 250m + memory: 512Mi + livenessProbe: + exec: + command: ["rabbitmqctl", "status"] + initialDelaySeconds: 60 + periodSeconds: 60 + timeoutSeconds: 15 + readinessProbe: + exec: + command: ["rabbitmqctl", "status"] + initialDelaySeconds: 20 + periodSeconds: 60 + timeoutSeconds: 10 + imagePullPolicy: Always + volumeMounts: + - name: config-volume + mountPath: /etc/rabbitmq + - name: data + mountPath: /var/lib/rabbitmq + volumes: + - name: config-volume + configMap: + name: rabbitmq-config + items: + - key: rabbitmq.conf + path: rabbitmq.conf + - key: enabled_plugins + path: enabled_plugins + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - rabbitmq + topologyKey: kubernetes.io/hostname + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: 1Gi diff --git a/practice/9.cluster-authorization/1.rbac/README.md b/practice/9.cluster-authorization/1.rbac/README.md new file mode 100644 index 0000000..f063b91 --- /dev/null +++ b/practice/9.cluster-authorization/1.rbac/README.md @@ -0,0 +1,79 @@ +# RBAC + +1) Исправляем манифесты + +Исправляем название namespace в rolebinding + +```bash +cd ~/slurm/practice/9.cluster-authorization/1.rbac +vim rolebinding.yaml +``` + +2) Создаем объекты + +```bash +cd ~/slurm/practice/9.cluster-authorization/1.rbac +kubectl apply -f . + +``` + +Видим: + +```bash +configmap/my-configmap-env created +rolebinding.rbac.authorization.k8s.io/user created +secret/my-secret created +serviceaccount/user created +``` + +3) Пробуем получить список configmap под юзером + +```bash +kubectl get configmap --as=system:serviceaccount:s<номер студента>:user +``` + +Список возвращается: +```bash +NAME DATA AGE +my-configmap-env 2 4m44 +``` + +4) Пробуем получить список secret под юзером + +```bash +kubectl get secret --as=system:serviceaccount:s<номер студента>:user +``` + +Выдается ошибка: +```bash +Error from server (Forbidden): secrets is forbidden: User "system:serviceaccount:s000001:user" cannot list resource "secrets" in API group "" in the namespace "s000001" +``` + +5) Пробуем получить список сервисов под юзером в неймспейсе kube-system + +```bash +kubectl get service --as=system:serviceaccount:s<номер студента>:user -n kube-system +``` + +Возвращается ошибка: +```bash +Error from server (Forbidden): services is forbidden: User "system:serviceaccount:s000001:user" cannot list resource "services" in API group "" in the namespace "kube-system" +``` + +6) Теперь пробуем удалить конфигмап под юзером + +```bash +kubectl delete configmap my-configmap-env --as=system:serviceaccount:s<номер студента>:user kubernetes +``` + +Видим что RBAC работает: + +```bash +Error from server (Forbidden): configmaps "my-configmap-env" is forbidden: User "system:serviceaccount:s000001:user" cannot delete resource "configmaps" in API group "" in the namespace "s000001" +``` + +7) Чистим за собой кластер + +```bash +kubectl delete -f . +``` diff --git a/practice/9.cluster-authorization/1.rbac/configmap.yaml b/practice/9.cluster-authorization/1.rbac/configmap.yaml new file mode 100644 index 0000000..dcd5f21 --- /dev/null +++ b/practice/9.cluster-authorization/1.rbac/configmap.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: my-configmap-env +data: + dbhost: postgresql + DEBUG: "false" +... diff --git a/practice/9.cluster-authorization/1.rbac/rolebinding.yaml b/practice/9.cluster-authorization/1.rbac/rolebinding.yaml new file mode 100644 index 0000000..77b23e4 --- /dev/null +++ b/practice/9.cluster-authorization/1.rbac/rolebinding.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: user +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: view +subjects: + - kind: ServiceAccount + name: user + namespace: s<номер студента> diff --git a/practice/9.cluster-authorization/1.rbac/secret.yml b/practice/9.cluster-authorization/1.rbac/secret.yml new file mode 100644 index 0000000..5330b61 --- /dev/null +++ b/practice/9.cluster-authorization/1.rbac/secret.yml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: my-secret +stringData: + dbpassword: mypass +... diff --git a/practice/9.cluster-authorization/1.rbac/serviceaccount.yaml b/practice/9.cluster-authorization/1.rbac/serviceaccount.yaml new file mode 100644 index 0000000..cc8db88 --- /dev/null +++ b/practice/9.cluster-authorization/1.rbac/serviceaccount.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: user