Skip to content

Commit

Permalink
docu
Browse files Browse the repository at this point in the history 
Signed-off-by: Ralph Soika <[email protected]>
  • Loading branch information
@rsoika
rsoika committed Apr 25, 2020
1 parent 9687f1d commit 9c45893
Show file tree
Hide file tree
Showing 6 changed files with 319 additions and 1 deletion.
3 changes: 2 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,11 @@ If you have any questions just open a new [Issue on Github](https://github.com/i

#### Features

- [Easy setup](./doc/SETUP.md)
- [K9S Terminal Tool](tools/k9s/README.md)
- [Traefik Ingress Integration](./doc/INGRESS.md)
- [Longhorn Distributed Storage](./doc/STORAGE.md)
- [Habro Docker Registry](./doc/REGISTRY.md)
- [Habor Docker Registry](./doc/REGISTRY.md)
- [Security Configuration](./doc/SECURITY.md)

**Note:** My first version was based on [docker-swarm](https://docs.docker.com/engine/swarm/). If you want to run your cluster with docker-swarm switch into the [docker-swarm branch](https://github.com/imixs/imixs-cloud/tree/docker-swarm).
Expand Down
96 changes: 96 additions & 0 deletions management/ceph/app-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: office-workflow
labels:
app: office-workflow
spec:
replicas: 1
selector:
matchLabels:
app: office-workflow
strategy:
type: Recreate
template:
metadata:
labels:
app: office-workflow
spec:
containers:
- env:
- name: POSTGRES_CONNECTION
value: jdbc:postgresql://db/office
- name: POSTGRES_PASSWORD
value: offiA111333
- name: POSTGRES_USER
value: officeAdemo
- name: TZ
value: Europe/Berlin
- name: WILDFLY_PASS
value: imixs4.null
image: imixs/imixs-office-workflow:latest
name: office-workflow
# run as root because of cephfs
securityContext:
runAsUser: 0
allowPrivilegeEscalation: false

ports:
- name: web
containerPort: 8080
- name: admin
containerPort: 9990

livenessProbe:
httpGet:
path: /health
port: 9990
initialDelaySeconds: 30
periodSeconds: 5

resources: {}
volumeMounts:
- mountPath: /home/imixs
name: appdata
restartPolicy: Always
volumes:
- name: appdata
persistentVolumeClaim:
claimName: appdata


# Services
---
apiVersion: v1
kind: Service
metadata:
name: office-workflow
spec:
ports:
- protocol: TCP
name: web
port: 8080
selector:
app: office-workflow



# Persistence Volume Claim
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: appdata
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn
resources:
requests:
storage: 2Gi






110 changes: 110 additions & 0 deletions management/ceph/ceph-rbd-provisioner.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-provisioner
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
- apiGroups: [""]
resources: ["services"]
resourceNames: ["kube-dns","coredns"]
verbs: ["list", "get"]
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbd-provisioner
subjects:
- kind: ServiceAccount
name: rdb-provisioner
namespace: kube-system
roleRef:
kind: ClusterRole
name: rbd-provisioner
apiGroup: rbac.authorization.k8s.io


---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: rbd-provisioner
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create", "get", "delete"]
# - apiGroups: [""]
# resources: ["endpoints"]
# verbs: ["get", "list", "watch", "create", "update", "patch"]


---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: rbd-provisioner
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rbd-provisioner
subjects:
- kind: ServiceAccount
name: rbd-provisioner
namespace: kube-system

---
apiVersion: v1
kind: ServiceAccount
metadata:
name: rbd-provisioner
namespace: kube-system


---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rbd-provisioner
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: rbd-provisioner
strategy:
type: Recreate
template:
metadata:
labels:
app: rbd-provisioner
spec:
containers:
- name: rbd-provisioner
image: "quay.io/external_storage/rbd-provisioner:latest"
env:
- name: PROVISIONER_NAME
value: ceph.com/rbd
- name: PROVISIONER_SECRET_NAMESPACE
value: kube-system
# command:
# - "/usr/local/bin/cephfs-provisioner"
# args:
# - "-id=cephfs-provisioner-1"
serviceAccount: rbd-provisioner
25 changes: 25 additions & 0 deletions management/ceph/ceph-rbd-storageclass.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# The <cluster-id> is used by the CSI plugin to uniquely identify and use a
# Ceph cluster, the value MUST match the value provided as `clusterID` in the
# StorageClass
# The <MONValue#> fields are the various monitor addresses for the Ceph cluster
# identified by the <cluster-id>
#
# To get both the Ceph cluster unique fsid and the monitor addresses run:
# $ ceph mon dump
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: csi-rbd-sc
provisioner: rbd.csi.ceph.com
parameters:
clusterID: <cluster-id>
pool: kubernetes
csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret
csi.storage.k8s.io/provisioner-secret-namespace: default
csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret
csi.storage.k8s.io/node-stage-secret-namespace: default
reclaimPolicy: Delete
#reclaimPolicy: Retain
mountOptions:
- discard
82 changes: 82 additions & 0 deletions management/ceph/db-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: db
labels:
app: db
spec:
replicas: 1
selector:
matchLabels:
app: db
strategy:
type: Recreate
template:
metadata:
labels:
app: db
spec:
containers:
- env:
- name: POSTGRES_DB
value: office
- name: POSTGRES_PASSWORD
value: offiA111333
- name: POSTGRES_USER
value: officeAdemo
image: postgres:9.6.1
name: db

livenessProbe:
tcpSocket:
port: 5432
initialDelaySeconds: 30
periodSeconds: 10

ports:
- containerPort: 5432
resources: {}
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: dbdata
subPath: postgres
restartPolicy: Always
volumes:
- name: dbdata
persistentVolumeClaim:
claimName: dbdata
#readOnly: false


# Service
---
apiVersion: v1
kind: Service
metadata:
name: db
labels:
app: db
spec:
ports:
- name: tcp
port: 5432
targetPort: 5432
selector:
app: db


# Storage
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: dbdata
spec:
accessModes:
#- ReadWriteOnce
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
storageClassName: csi-rbd-sc
4 changes: 4 additions & 0 deletions scripts/setup_debian.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@ systemctl daemon-reload
systemctl restart docker
# Setup docker daemon - END -

echo "#############################################"
echo " setup for docker and kubernetes completed."
echo "#############################################"


#####################################################################################
# Kubernetes is now installed. To setup a new kubernetes cluster with a master node
Expand Down

0 comments on commit 9c45893

Please sign in to comment.