add Apps

apps/test-configuration-dnssnp01/README

+install RedHat !
+conf réseau
+* /etc/hosts 
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 dnssnp01 dnssnp01.in.apps.education.fr
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+172.29.32.17 dnssnp01 dnssnp01.in.apps.education.fr
+
+* /etc/resolv.conf
+nameserver 172.29.32.17
+
+named-checkconf /etc/named.conf
+systemctl restart  named
\ No newline at end of file

apps/test-configuration-dnssnp01/named.conf

+# /etc/named.conf
+
+acl goodclients {
+        172.29.32.16/28;
+        172.29.32.32/27;
+        172.29.32.64/26;
+        172.29.32.11/32;
+        localhost;
+        localnets;
+};
+
+options {
+  directory "/var/named";
+  #recursion yes;
+  #allow-query { goodclients; };
+
+  forwarders {  8.8.8.8;  8.8.4.4;  };
+  forward only;
+
+  #dnssec-enable yes;
+  #dnssec-validation auto;
+  #auth-nxdomain no;    # conform to RFC1035
+  #listen-on-v6 { any; };
+  #filter-aaaa-on-v4 yes;
+
+};
+
+zone "." IN {
+  type hint;
+  file "named.ca";
+};
+
+include "/etc/named.rfc1912.zones";
+include "/etc/named.conf.local";

apps/test-configuration-dnssnp01/named.conf.local

+# /etc/named.conf.local 
+
+zone "in.apps.education.fr"  {
+  type master;
+  file "zone.in.apps.education.fr"; 
+};
+
+zone "32.29.172.in-addr.arpa" {
+        type master;
+        file "32.29.172.in-addr.arpa";
+};

apps/test-configuration-dnssnp01/zone.in.apps.education.fr

+; /var/named/zone.in.apps.education.fr
+$TTL 86400
+$ORIGIN in.apps.education.fr.
+@ IN SOA dnssnp01.in.apps.education.fr. ns.in.apps.education.fr. (
+   2019070801   ; sn
+        10800   ; refresh (3 heures)
+          600   ; retry (10 minutes)
+      1814400   ; expiry (3 semaines)
+        10800 ) ; minimum (3 heures)
+@ IN          NS      dnssnp01.in.apps.education.fr.
+esxsnp01    IN  A   172.29.32.1
+esxsnp02    IN  A   172.29.32.2
+esxsnp03    IN  A   172.29.32.3
+vcentersnp01    IN  A   172.29.32.11
+dnssnp01    IN  A   172.29.32.17
+dnssnp02    IN  A   172.29.32.18
+proxy01     IN  A   172.29.32.20
+serverone    IN A   172.29.32.65
+k8s01        IN A   172.29.32.70
+k8s02        IN A   172.29.32.71
+k8s03        IN A   172.29.32.72
+k8s04        IN A   172.29.32.73
+k8s05        IN A   172.29.32.74
+k8s06        IN A   172.29.32.75
+k8sG1        IN A   172.29.32.80
+k8sG2        IN A   172.29.32.81
+k8sG3        IN A   172.29.32.82
+
+web.in.apps.education.fr.   IN  CNAME  k8s02
+admin.in.apps.education.fr.   IN    CNAME  k8s01
+dashboard.in.apps.education.fr.   IN    CNAME  k8s01
+etna.in.apps.education.fr.   IN CNAME  k8s01
\ No newline at end of file

apps/test-configuration-kubelet/kubelet

+KUBELET_EXTRA_ARGS="--cloud-provider=vsphere --cloud-config=/etc/kubernetes/vsphere.conf"

apps/test-configuration-kubelet/vsphere.conf

+[Global]
+user = "xxxxxx@vsphere.local"
+password = "xxxxxxxx!"
+port = "443"
+insecure-flag = "1"
+
+[VirtualCenter "172.29.32.11"]
+datacenters = "DC_SNP_01"
+[Workspace]
+server = "172.29.32.11"
+datacenter = "DC_SNP_01"
+default-datastore = "DC_SNP_01/DCL_SNP_4T_01/DATASTORE-SNP-01"
+resourcepool-path = "ClusterNameHere/Resources"
+folder = "SNP_K8S"
+
+[Disk]
+scsicontrollertype = pvscsi
+

apps/test-configuration-node/set-label-nodes.sh

+kubectl label nodes k8s01 node-role.kubernetes.io/master=""
+kubectl label nodes k8s02 node-role.kubernetes.io/worker=""
+kubectl label nodes k8s03 node-role.kubernetes.io/worker=""
+kubectl label nodes k8s04 node-role.kubernetes.io/worker=""
+kubectl label nodes k8s05 node-role.kubernetes.io/worker=""
+kubectl label nodes k8s06 node-role.kubernetes.io/worker=""
+kubectl label nodes k8sg1 node-role.kubernetes.io/storage=""
+kubectl label nodes k8sg2 node-role.kubernetes.io/storage=""
+kubectl label nodes k8sg3 node-role.kubernetes.io/storage=""
+
+kubectl label nodes k8s01 app=executor
+kubectl label nodes k8s02 app=executor
+kubectl label nodes k8s03 app=executor
+kubectl label nodes k8s04 app=executor
+kubectl label nodes k8s05 app=executor
+kubectl label nodes k8s06 app=executor
+
+kubectl label nodes k8s01 k8s-app=kubernetes-dashboard
+kubectl label nodes k8s02 k8s-app=kubernetes-dashboard
+kubectl label nodes k8s03 k8s-app=kubernetes-dashboard
+kubectl label nodes k8s04 k8s-app=kubernetes-dashboard
+kubectl label nodes k8s05 k8s-app=kubernetes-dashboard
+kubectl label nodes k8s06 k8s-app=kubernetes-dashboard
+
+kubectl label nodes k8sg1 app=store 
+kubectl label nodes k8sg1 storagenode=glusterfs
+
+kubectl label nodes k8sg2 app=store 
+kubectl label nodes k8sg2 storagenode=glusterfs
+
+kubectl label nodes k8sg3 app=store 
+kubectl label nodes k8sg3 storagenode=glusterfs

apps/test-etnaweb/etnaweb-deployment.yaml

+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  annotations:
+    deployment.kubernetes.io/revision: "1"
+  creationTimestamp: "2019-07-08T12:15:40Z"
+  generation: 1
+  labels:
+    app: etna-web
+    k8s-app: etna-web
+    version: test
+  name: etna-web
+  namespace: default
+  resourceVersion: "113131"
+  selfLink: /apis/extensions/v1beta1/namespaces/default/deployments/etna-web
+  uid: 49d4e185-0969-48e6-87c7-26d3dd23ee40
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 2
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: etna-web
+      k8s-app: etna-web
+      version: test
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: etna-web
+        k8s-app: etna-web
+        version: test
+      name: etna-web
+    spec:
+      containers:
+      - image: luceole/etna-web:test
+        imagePullPolicy: IfNotPresent
+        name: etna-web
+        resources: {}
+        securityContext:
+          privileged: false
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+status:
+  availableReplicas: 2
+  conditions:
+  - lastTransitionTime: "2019-07-08T12:15:50Z"
+    lastUpdateTime: "2019-07-08T12:15:50Z"
+    message: Deployment has minimum availability.
+    reason: MinimumReplicasAvailable
+    status: "True"
+    type: Available
+  - lastTransitionTime: "2019-07-08T12:15:40Z"
+    lastUpdateTime: "2019-07-08T12:15:50Z"
+    message: ReplicaSet "etna-web-6bf54f889c" has successfully progressed.
+    reason: NewReplicaSetAvailable
+    status: "True"
+    type: Progressing
+  observedGeneration: 1
+  readyReplicas: 2
+  replicas: 2
+  updatedReplicas: 2

apps/test-etnaweb/etnaweb-ingress.yaml.old

+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: ingress-etnaweb
+spec:
+  rules:
+  - host: etna.apps.education.fr
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: etna-web 
+          servicePort: 80

apps/test-etnaweb/etnaweb-service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: etna-web
+    k8s-app: etna-web
+    version: test
+  name: etna-web
+  namespace: default
+spec:
+  ports:
+  - name: tcp-80-80-28mp8
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: etna-web
+    k8s-app: etna-web
+    version: test

apps/test-etnaweb/etnaweb-service1.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: etna-web
+spec:
+  ports:
+  - name: http
+    targetPort: 80
+    port: 80
+  selector:
+    app: etna-web

apps/test-graylog/01-namespace.yaml

+apiVersion: v1
+kind: Namespace
+metadata:
+  name: graylog 
+---

apps/test-graylog/README

+# https://github.com/helm/charts/tree/master/stable/graylog
+
+* sur k8sG1, k8sg2, k8sg3
+sudo lvcreate -n glusterfs-lv2 -L 100g glusterfs-vg
+sudo lvdisplay
+sudo mkfs -t ext4 /dev/glusterfs-vg/glusterfs-lv2
+sudo mkdir /opt/local-path-provisioner
+sudo mount /dev/glusterfs-vg/glusterfs-lv2 /opt/local-path-provisioner
+sudo ls /opt/local-path-provisioner
+sudo umount /opt/local-path-provisioner
+
+
+* install mongodb https://hub.helm.sh/charts/bitnami/mongodb/3.0.4
+
+* sur mon poste
+sudo helm repo update
+sudo helm install --name graylog-mongodb -f values-mongodb.yaml stable/mongodb --version 3.0.4 --namespace graylog 
+
+kubectl -n graylog get pod
+
+* install graylog https://hub.helm.sh/charts/stable/graylog
+
+sudo helm install --name graylog -f values-graylog.yaml stable/graylog --version 1.3.1 --namespace graylog
+sudo helm delete graylog --purge
+
+aller voir https://graylog.apps.education.fr/system/inputs
+* créer "system/inputs" 
+* select "GELF TCP" --> new input --> cocher "global" + titre=GELF-TCP + save
+* select "GELF UDP" --> new input --> cocher "global" + titre=GELF-UDP + save
+
+* installer fluentd (collecteur.yaml)
+kubectl apply -f collecteur.yaml
+
+sudo helm upgrade graylog -f values-graylog.yaml stable/graylog --version 1.3.1
\ No newline at end of file

apps/test-graylog/collecteur/collecteur.yaml

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fluentd
+  namespace: kube-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: fluentd
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: fluentd
+roleRef:
+  kind: ClusterRole
+  name: fluentd
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: ServiceAccount
+  name: fluentd
+  namespace: kube-system
+
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: fluentd
+  namespace: kube-system
+  labels:
+    k8s-app: fluentd-logging
+    version: v1
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        k8s-app: fluentd-logging
+        version: v1
+    spec:
+      serviceAccount: fluentd
+      serviceAccountName: fluentd
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/storage
+        effect: NoSchedule
+      containers:
+      - name: fluentd
+        image: fluent/fluentd-kubernetes-daemonset:v1.4.2-debian-graylog-1.1
+        imagePullPolicy: IfNotPresent
+        env:
+          - name:  FLUENT_GRAYLOG_HOST
+            value: graylog-udp.graylog
+          - name:  FLUENT_GRAYLOG_PORT
+            value: "12201"
+        resources:
+          requests:
+            cpu: 200m
+            memory: 0.5Gi
+          limits:
+            cpu: 1000m
+            memory: 1Gi
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers
\ No newline at end of file

apps/test-graylog/traefik-grant-service-account-to-graylog.yaml

+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: ingress-traefik-graylog:traefik-ingress-controller
+  labels:
+    subjectName: ingress-traefik-graylog
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: traefik-ingress-controller
+subjects:
+- kind: ServiceAccount
+  name: traefik-ingress-controller
+  namespace: graylog

apps/test-graylog/values-graylog.yaml

+graylog:
+  replicas: 1
+  nodeSelector:
+    node-role.kubernetes.io/storage: "" 
+  image:
+    repository: graylog/graylog:3.1
+  mongodb:
+    uri: mongodb://graylog:graylog@graylog-mongodb.graylog:27017/graylog
+  persistence:
+    storageClass: local-path
+    size: 5Gi
+  ingress:
+    enabled: true
+    hosts:
+    - graylog.apps.education.fr
+  input:
+    tcp:
+      service:
+        type: ClusterIP
+      ports:
+      - name: gelftcp
+        port: 12201
+    udp:
+      service:
+        type: ClusterIP
+      ports:
+      - name: gelfudp
+        port: 12201
+elasticsearch:
+  client:
+    nodeSelector:
+      node-role.kubernetes.io/storage: ""
+  master:
+    nodeSelector:
+      node-role.kubernetes.io/storage: ""
+    persistence:
+      storageClass: local-path
+  data:
+    nodeSelector:
+      node-role.kubernetes.io/storage: ""
+    persistence:
+      storageClass: local-path
+      size: 50Gi
+tags:
+  install-mongodb: false
\ No newline at end of file

apps/test-graylog/values-mongodb.yaml

+nodeSelector:
+  node-role.kubernetes.io/storage: ""
+mongodbUsername: graylog
+mongodbPassword: graylog
+mongodbDatabase: graylog
+persistence:
+  storageClass: local-path
+  size: 1Gi
\ No newline at end of file

apps/test-helloworld/README

+kubectl config set-context --current --namespace=default
+
+kubectl apply -f hello-world-deployment.yaml -n default
+
+kubectl get deployments hello-world  -n default
+
+kubectl get replicasets  -n default
+
+# pas utilisé car nous utilison traefik !
+#kubectl expose deployment hello-world --type=NodePort --name=example-service  -n default
+#kubectl describe services example-service
+#kubectl get pods --selector="run=load-balancer-example" --output=wide
+
+kubectl apply -f ingress-hello-word-apps-education-fr.yaml
\ No newline at end of file

apps/test-helloworld/hello-world-deployment.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hello-world
+spec:
+  selector:
+    matchLabels:
+      run: load-balancer-example
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        run: load-balancer-example
+    spec:
+      containers:
+        - name: hello-world
+          image: gcr.io/google-samples/node-hello:1.0
+          ports:
+            - containerPort: 8080
+              protocol: TCP

apps/test-helloworld/ingress-hello-apps-education-fr.yaml

+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: ingress-hello-apps-education-fr
+spec:
+  rules:
+  - host: hello.apps.education.fr
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: hello-service
+          servicePort: 8080