Commit d6adacba authored by GRANDGERARD Gilles's avatar GRANDGERARD Gilles
Browse files

add Apps

parent 0a8f1893
install RedHat !
conf réseau
* /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 dnssnp01 dnssnp01.in.apps.education.fr
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.29.32.17 dnssnp01 dnssnp01.in.apps.education.fr
* /etc/resolv.conf
nameserver 172.29.32.17
named-checkconf /etc/named.conf
systemctl restart named
\ No newline at end of file
# /etc/named.conf
acl goodclients {
172.29.32.16/28;
172.29.32.32/27;
172.29.32.64/26;
172.29.32.11/32;
localhost;
localnets;
};
options {
directory "/var/named";
#recursion yes;
#allow-query { goodclients; };
forwarders { 8.8.8.8; 8.8.4.4; };
forward only;
#dnssec-enable yes;
#dnssec-validation auto;
#auth-nxdomain no; # conform to RFC1035
#listen-on-v6 { any; };
#filter-aaaa-on-v4 yes;
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.conf.local";
# /etc/named.conf.local
zone "in.apps.education.fr" {
type master;
file "zone.in.apps.education.fr";
};
zone "32.29.172.in-addr.arpa" {
type master;
file "32.29.172.in-addr.arpa";
};
; /var/named/zone.in.apps.education.fr
$TTL 86400
$ORIGIN in.apps.education.fr.
@ IN SOA dnssnp01.in.apps.education.fr. ns.in.apps.education.fr. (
2019070801 ; sn
10800 ; refresh (3 heures)
600 ; retry (10 minutes)
1814400 ; expiry (3 semaines)
10800 ) ; minimum (3 heures)
@ IN NS dnssnp01.in.apps.education.fr.
esxsnp01 IN A 172.29.32.1
esxsnp02 IN A 172.29.32.2
esxsnp03 IN A 172.29.32.3
vcentersnp01 IN A 172.29.32.11
dnssnp01 IN A 172.29.32.17
dnssnp02 IN A 172.29.32.18
proxy01 IN A 172.29.32.20
serverone IN A 172.29.32.65
k8s01 IN A 172.29.32.70
k8s02 IN A 172.29.32.71
k8s03 IN A 172.29.32.72
k8s04 IN A 172.29.32.73
k8s05 IN A 172.29.32.74
k8s06 IN A 172.29.32.75
k8sG1 IN A 172.29.32.80
k8sG2 IN A 172.29.32.81
k8sG3 IN A 172.29.32.82
web.in.apps.education.fr. IN CNAME k8s02
admin.in.apps.education.fr. IN CNAME k8s01
dashboard.in.apps.education.fr. IN CNAME k8s01
etna.in.apps.education.fr. IN CNAME k8s01
\ No newline at end of file
KUBELET_EXTRA_ARGS="--cloud-provider=vsphere --cloud-config=/etc/kubernetes/vsphere.conf"
[Global]
user = "xxxxxx@vsphere.local"
password = "xxxxxxxx!"
port = "443"
insecure-flag = "1"
[VirtualCenter "172.29.32.11"]
datacenters = "DC_SNP_01"
[Workspace]
server = "172.29.32.11"
datacenter = "DC_SNP_01"
default-datastore = "DC_SNP_01/DCL_SNP_4T_01/DATASTORE-SNP-01"
resourcepool-path = "ClusterNameHere/Resources"
folder = "SNP_K8S"
[Disk]
scsicontrollertype = pvscsi
kubectl label nodes k8s01 node-role.kubernetes.io/master=""
kubectl label nodes k8s02 node-role.kubernetes.io/worker=""
kubectl label nodes k8s03 node-role.kubernetes.io/worker=""
kubectl label nodes k8s04 node-role.kubernetes.io/worker=""
kubectl label nodes k8s05 node-role.kubernetes.io/worker=""
kubectl label nodes k8s06 node-role.kubernetes.io/worker=""
kubectl label nodes k8sg1 node-role.kubernetes.io/storage=""
kubectl label nodes k8sg2 node-role.kubernetes.io/storage=""
kubectl label nodes k8sg3 node-role.kubernetes.io/storage=""
kubectl label nodes k8s01 app=executor
kubectl label nodes k8s02 app=executor
kubectl label nodes k8s03 app=executor
kubectl label nodes k8s04 app=executor
kubectl label nodes k8s05 app=executor
kubectl label nodes k8s06 app=executor
kubectl label nodes k8s01 k8s-app=kubernetes-dashboard
kubectl label nodes k8s02 k8s-app=kubernetes-dashboard
kubectl label nodes k8s03 k8s-app=kubernetes-dashboard
kubectl label nodes k8s04 k8s-app=kubernetes-dashboard
kubectl label nodes k8s05 k8s-app=kubernetes-dashboard
kubectl label nodes k8s06 k8s-app=kubernetes-dashboard
kubectl label nodes k8sg1 app=store
kubectl label nodes k8sg1 storagenode=glusterfs
kubectl label nodes k8sg2 app=store
kubectl label nodes k8sg2 storagenode=glusterfs
kubectl label nodes k8sg3 app=store
kubectl label nodes k8sg3 storagenode=glusterfs
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
creationTimestamp: "2019-07-08T12:15:40Z"
generation: 1
labels:
app: etna-web
k8s-app: etna-web
version: test
name: etna-web
namespace: default
resourceVersion: "113131"
selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/etna-web
uid: 49d4e185-0969-48e6-87c7-26d3dd23ee40
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: etna-web
k8s-app: etna-web
version: test
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: etna-web
k8s-app: etna-web
version: test
name: etna-web
spec:
containers:
- image: luceole/etna-web:test
imagePullPolicy: IfNotPresent
name: etna-web
resources: {}
securityContext:
privileged: false
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
status:
availableReplicas: 2
conditions:
- lastTransitionTime: "2019-07-08T12:15:50Z"
lastUpdateTime: "2019-07-08T12:15:50Z"
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: "True"
type: Available
- lastTransitionTime: "2019-07-08T12:15:40Z"
lastUpdateTime: "2019-07-08T12:15:50Z"
message: ReplicaSet "etna-web-6bf54f889c" has successfully progressed.
reason: NewReplicaSetAvailable
status: "True"
type: Progressing
observedGeneration: 1
readyReplicas: 2
replicas: 2
updatedReplicas: 2
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-etnaweb
spec:
rules:
- host: etna.apps.education.fr
http:
paths:
- path: /
backend:
serviceName: etna-web
servicePort: 80
apiVersion: v1
kind: Service
metadata:
labels:
app: etna-web
k8s-app: etna-web
version: test
name: etna-web
namespace: default
spec:
ports:
- name: tcp-80-80-28mp8
port: 80
protocol: TCP
targetPort: 80
selector:
app: etna-web
k8s-app: etna-web
version: test
apiVersion: v1
kind: Service
metadata:
name: etna-web
spec:
ports:
- name: http
targetPort: 80
port: 80
selector:
app: etna-web
apiVersion: v1
kind: Namespace
metadata:
name: graylog
---
# https://github.com/helm/charts/tree/master/stable/graylog
* sur k8sG1, k8sg2, k8sg3
sudo lvcreate -n glusterfs-lv2 -L 100g glusterfs-vg
sudo lvdisplay
sudo mkfs -t ext4 /dev/glusterfs-vg/glusterfs-lv2
sudo mkdir /opt/local-path-provisioner
sudo mount /dev/glusterfs-vg/glusterfs-lv2 /opt/local-path-provisioner
sudo ls /opt/local-path-provisioner
sudo umount /opt/local-path-provisioner
* install mongodb https://hub.helm.sh/charts/bitnami/mongodb/3.0.4
* sur mon poste
sudo helm repo update
sudo helm install --name graylog-mongodb -f values-mongodb.yaml stable/mongodb --version 3.0.4 --namespace graylog
kubectl -n graylog get pod
* install graylog https://hub.helm.sh/charts/stable/graylog
sudo helm install --name graylog -f values-graylog.yaml stable/graylog --version 1.3.1 --namespace graylog
sudo helm delete graylog --purge
aller voir https://graylog.apps.education.fr/system/inputs
* créer "system/inputs"
* select "GELF TCP" --> new input --> cocher "global" + titre=GELF-TCP + save
* select "GELF UDP" --> new input --> cocher "global" + titre=GELF-UDP + save
* installer fluentd (collecteur.yaml)
kubectl apply -f collecteur.yaml
sudo helm upgrade graylog -f values-graylog.yaml stable/graylog --version 1.3.1
\ No newline at end of file
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: fluentd
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: fluentd
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- pods
- namespaces
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: fluentd
roleRef:
kind: ClusterRole
name: fluentd
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: fluentd
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: fluentd
namespace: kube-system
labels:
k8s-app: fluentd-logging
version: v1
spec:
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
k8s-app: fluentd-logging
version: v1
spec:
serviceAccount: fluentd
serviceAccountName: fluentd
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/storage
effect: NoSchedule
containers:
- name: fluentd
image: fluent/fluentd-kubernetes-daemonset:v1.4.2-debian-graylog-1.1
imagePullPolicy: IfNotPresent
env:
- name: FLUENT_GRAYLOG_HOST
value: graylog-udp.graylog
- name: FLUENT_GRAYLOG_PORT
value: "12201"
resources:
requests:
cpu: 200m
memory: 0.5Gi
limits:
cpu: 1000m
memory: 1Gi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
\ No newline at end of file
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: ingress-traefik-graylog:traefik-ingress-controller
labels:
subjectName: ingress-traefik-graylog
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: graylog
graylog:
replicas: 1
nodeSelector:
node-role.kubernetes.io/storage: ""
image:
repository: graylog/graylog:3.1
mongodb:
uri: mongodb://graylog:graylog@graylog-mongodb.graylog:27017/graylog
persistence:
storageClass: local-path
size: 5Gi
ingress:
enabled: true
hosts:
- graylog.apps.education.fr
input:
tcp:
service:
type: ClusterIP
ports:
- name: gelftcp
port: 12201
udp:
service:
type: ClusterIP
ports:
- name: gelfudp
port: 12201
elasticsearch:
client:
nodeSelector:
node-role.kubernetes.io/storage: ""
master:
nodeSelector:
node-role.kubernetes.io/storage: ""
persistence:
storageClass: local-path
data:
nodeSelector:
node-role.kubernetes.io/storage: ""
persistence:
storageClass: local-path
size: 50Gi
tags:
install-mongodb: false
\ No newline at end of file
nodeSelector:
node-role.kubernetes.io/storage: ""
mongodbUsername: graylog
mongodbPassword: graylog
mongodbDatabase: graylog
persistence:
storageClass: local-path
size: 1Gi
\ No newline at end of file
kubectl config set-context --current --namespace=default
kubectl apply -f hello-world-deployment.yaml -n default
kubectl get deployments hello-world -n default
kubectl get replicasets -n default
# pas utilisé car nous utilison traefik !
#kubectl expose deployment hello-world --type=NodePort --name=example-service -n default
#kubectl describe services example-service
#kubectl get pods --selector="run=load-balancer-example" --output=wide
kubectl apply -f ingress-hello-word-apps-education-fr.yaml
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello-world
spec:
selector:
matchLabels:
run: load-balancer-example
replicas: 2
template:
metadata:
labels:
run: load-balancer-example
spec:
containers:
- name: hello-world
image: gcr.io/google-samples/node-hello:1.0
ports:
- containerPort: 8080
protocol: TCP
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-hello-apps-education-fr
spec:
rules:
- host: hello.apps.education.fr
http:
paths:
- path: /
backend:
serviceName: hello-service
servicePort: 8080
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment