From 9c4589337983b0d4e8a7f6999023379898a33642 Mon Sep 17 00:00:00 2001 From: Ralph Soika Date: Sat, 25 Apr 2020 23:36:36 +0200 Subject: [PATCH] docu Signed-off-by: Ralph Soika --- README.md | 3 +- management/ceph/app-deployment.yaml | 96 +++++++++++++++++++ management/ceph/ceph-rbd-provisioner.yml | 110 ++++++++++++++++++++++ management/ceph/ceph-rbd-storageclass.yml | 25 +++++ management/ceph/db-deployment.yaml | 82 ++++++++++++++++ scripts/setup_debian.sh | 4 + 6 files changed, 319 insertions(+), 1 deletion(-) create mode 100644 management/ceph/app-deployment.yaml create mode 100644 management/ceph/ceph-rbd-provisioner.yml create mode 100644 management/ceph/ceph-rbd-storageclass.yml create mode 100644 management/ceph/db-deployment.yaml diff --git a/README.md b/README.md index 5dd74eb..e3a8191 100644 --- a/README.md +++ b/README.md @@ -16,10 +16,11 @@ If you have any questions just open a new [Issue on Github](https://github.com/i #### Features + - [Easy setup](./doc/SETUP.md) - [K9S Terminal Tool](tools/k9s/README.md) - [Traefik Ingress Integration](./doc/INGRESS.md) - [Longhorn Distributed Storage](./doc/STORAGE.md) - - [Habro Docker Registry](./doc/REGISTRY.md) + - [Habor Docker Registry](./doc/REGISTRY.md) - [Security Configuration](./doc/SECURITY.md) **Note:** My first version was based on [docker-swarm](https://docs.docker.com/engine/swarm/). If you want to run your cluster with docker-swarm switch into the [docker-swarm branch](https://github.com/imixs/imixs-cloud/tree/docker-swarm). diff --git a/management/ceph/app-deployment.yaml b/management/ceph/app-deployment.yaml new file mode 100644 index 0000000..99e1d63 --- /dev/null +++ b/management/ceph/app-deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: office-workflow + labels: + app: office-workflow +spec: + replicas: 1 + selector: + matchLabels: + app: office-workflow + strategy: + type: Recreate + template: + metadata: + labels: + app: office-workflow + spec: + containers: + - env: + - name: POSTGRES_CONNECTION + value: jdbc:postgresql://db/office + - name: POSTGRES_PASSWORD + value: offiA111333 + - name: POSTGRES_USER + value: officeAdemo + - name: TZ + value: Europe/Berlin + - name: WILDFLY_PASS + value: imixs4.null + image: imixs/imixs-office-workflow:latest + name: office-workflow + # run as root because of cephfs + securityContext: + runAsUser: 0 + allowPrivilegeEscalation: false + + ports: + - name: web + containerPort: 8080 + - name: admin + containerPort: 9990 + + livenessProbe: + httpGet: + path: /health + port: 9990 + initialDelaySeconds: 30 + periodSeconds: 5 + + resources: {} + volumeMounts: + - mountPath: /home/imixs + name: appdata + restartPolicy: Always + volumes: + - name: appdata + persistentVolumeClaim: + claimName: appdata + + +# Services +--- +apiVersion: v1 +kind: Service +metadata: + name: office-workflow +spec: + ports: + - protocol: TCP + name: web + port: 8080 + selector: + app: office-workflow + + + +# Persistence Volume Claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: appdata +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn + resources: + requests: + storage: 2Gi + + + + + + diff --git a/management/ceph/ceph-rbd-provisioner.yml b/management/ceph/ceph-rbd-provisioner.yml new file mode 100644 index 0000000..ebf7174 --- /dev/null +++ b/management/ceph/ceph-rbd-provisioner.yml @@ -0,0 +1,110 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rbd-provisioner + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["services"] + resourceNames: ["kube-dns","coredns"] + verbs: ["list", "get"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rbd-provisioner +subjects: + - kind: ServiceAccount + name: rdb-provisioner + namespace: kube-system +roleRef: + kind: ClusterRole + name: rbd-provisioner + apiGroup: rbac.authorization.k8s.io + + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: rbd-provisioner + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "delete"] +# - apiGroups: [""] +# resources: ["endpoints"] +# verbs: ["get", "list", "watch", "create", "update", "patch"] + + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rbd-provisioner + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rbd-provisioner +subjects: +- kind: ServiceAccount + name: rbd-provisioner + namespace: kube-system + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rbd-provisioner + namespace: kube-system + + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: rbd-provisioner + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: rbd-provisioner + strategy: + type: Recreate + template: + metadata: + labels: + app: rbd-provisioner + spec: + containers: + - name: rbd-provisioner + image: "quay.io/external_storage/rbd-provisioner:latest" + env: + - name: PROVISIONER_NAME + value: ceph.com/rbd + - name: PROVISIONER_SECRET_NAMESPACE + value: kube-system +# command: +# - "/usr/local/bin/cephfs-provisioner" +# args: +# - "-id=cephfs-provisioner-1" + serviceAccount: rbd-provisioner diff --git a/management/ceph/ceph-rbd-storageclass.yml b/management/ceph/ceph-rbd-storageclass.yml new file mode 100644 index 0000000..945f0d7 --- /dev/null +++ b/management/ceph/ceph-rbd-storageclass.yml @@ -0,0 +1,25 @@ +# The is used by the CSI plugin to uniquely identify and use a +# Ceph cluster, the value MUST match the value provided as `clusterID` in the +# StorageClass +# The fields are the various monitor addresses for the Ceph cluster +# identified by the +# +# To get both the Ceph cluster unique fsid and the monitor addresses run: +# $ ceph mon dump +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: csi-rbd-sc +provisioner: rbd.csi.ceph.com +parameters: + clusterID: + pool: kubernetes + csi.storage.k8s.io/provisioner-secret-name: csi-rbd-secret + csi.storage.k8s.io/provisioner-secret-namespace: default + csi.storage.k8s.io/node-stage-secret-name: csi-rbd-secret + csi.storage.k8s.io/node-stage-secret-namespace: default +reclaimPolicy: Delete +#reclaimPolicy: Retain +mountOptions: + - discard diff --git a/management/ceph/db-deployment.yaml b/management/ceph/db-deployment.yaml new file mode 100644 index 0000000..a4e1139 --- /dev/null +++ b/management/ceph/db-deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: db + labels: + app: db +spec: + replicas: 1 + selector: + matchLabels: + app: db + strategy: + type: Recreate + template: + metadata: + labels: + app: db + spec: + containers: + - env: + - name: POSTGRES_DB + value: office + - name: POSTGRES_PASSWORD + value: offiA111333 + - name: POSTGRES_USER + value: officeAdemo + image: postgres:9.6.1 + name: db + + livenessProbe: + tcpSocket: + port: 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + + ports: + - containerPort: 5432 + resources: {} + volumeMounts: + - mountPath: /var/lib/postgresql/data + name: dbdata + subPath: postgres + restartPolicy: Always + volumes: + - name: dbdata + persistentVolumeClaim: + claimName: dbdata + #readOnly: false + + +# Service +--- +apiVersion: v1 +kind: Service +metadata: + name: db + labels: + app: db +spec: + ports: + - name: tcp + port: 5432 + targetPort: 5432 + selector: + app: db + + +# Storage +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: dbdata +spec: + accessModes: + #- ReadWriteOnce + - ReadWriteMany + volumeMode: Filesystem + resources: + requests: + storage: 1Gi + storageClassName: csi-rbd-sc diff --git a/scripts/setup_debian.sh b/scripts/setup_debian.sh index bc90334..b44ba90 100755 --- a/scripts/setup_debian.sh +++ b/scripts/setup_debian.sh @@ -74,6 +74,10 @@ systemctl daemon-reload systemctl restart docker # Setup docker daemon - END - +echo "#############################################" +echo " setup for docker and kubernetes completed." +echo "#############################################" + ##################################################################################### # Kubernetes is now installed. To setup a new kubernetes cluster with a master node