initial upload

README.md

@@ -0,0 +1 @@
+# files for my CKA online course

busybox-svc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: busybox-service
+spec:
+  selector:
+    app: busybox
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 9376

busybox.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: busybox2
+  namespace: default
+  labels:
+    app: busybox
+spec:
+  containers:
+  - name: busy
+    image: busybox
+    command:
+      - sleep
+      - "3600" 

counter.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+COUNTER=$1
+COUNTER=$(( COUNTER * 60 ))
+
+while true
+do
+	echo $COUNTER seconds remaining
+	sleep 1
+	COUNTER=$(( COUNTER - 1 ))
+done

crd-backup.yaml

@@ -0,0 +1,8 @@
+apiVersion: "stable.linux.com/v1"
+kind: BackUp
+metadata:
+  name: mybackup
+spec: 
+  timeSpec: "* * * * */5"
+  image: linux-backup-image
+  replicas: 5

crd-crontab-beta1.yaml

@@ -0,0 +1,31 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: crontabs.stable.example.com
+spec:
+  group: stable.example.com
+  versions:
+     - name: v1
+       served: true
+       storage: true
+  scope: Namespaced
+  names:
+    plural: crontabs
+    singular: crontab
+    kind: CronTab
+    shortNames:
+    - ct
+  preserveUnknownFields: false
+  validation:
+    openAPIV3Schema:
+      type: object
+      properties:
+        spec:
+          type: object
+          properties:
+            cronSpec:
+              type: string
+            image: 
+              type: string
+            replicas:
+              type: integer

crd-crontab.yaml

@@ -0,0 +1,33 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: crontabs.stable.example.com
+spec:
+  group: stable.example.com
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                spec:
+                  type: object
+                  properties:
+                    cronSpec:
+                      type: string
+                    image:
+                      type: string
+                    replicas:
+                      type: integer
+  scope: Namespaced
+  names:
+    plural: crontabs
+    singular: crontab
+    kind: CronTab
+    shortNames:
+    - ct

crd-object.yaml

@@ -0,0 +1,14 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: backups.stable.linux.com
+spec:
+  group: stable.linux.com
+  version: v1
+  scope: Namespaced
+  names:
+    plural: backups
+    singular: backup
+    shortNames:
+     - bks
+    kind: BackUp

daemonset-fluentd.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: fluentd-elasticsearch
+  namespace: kube-system
+  labels:
+    k8s-app: fluentd-logging
+spec:
+  selector:
+    matchLabels:
+      name: fluentd-elasticsearch
+  template:
+    metadata:
+      labels:
+        name: fluentd-elasticsearch
+    spec:
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      containers:
+      - name: fluentd-elasticsearch
+        image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
+        resources:
+          limits:
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 200Mi
+        volumeMounts:
+        - name: varlog
+          mountPath: /var/log
+        - name: varlibdockercontainers
+          mountPath: /var/lib/docker/containers
+          readOnly: true
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: varlog
+        hostPath:
+          path: /var/log
+      - name: varlibdockercontainers
+        hostPath:
+          path: /var/lib/docker/containers

dev-role.yaml

@@ -0,0 +1,10 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  namespace: development
+  name: developer
+rules:
+- apiGroups: ["", "extensions", "apps"]
+  resources: ["deployments", "replicasets", "pods"]
+  verbs: ["list", "get", "watch", "create", "update", "patch", "delete"] 
+

init-container.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: init-demo
+  labels: 
+    app: init-demo
+spec:
+  containers:
+  - name: demo-container
+    image: busybox
+    command: ['sh', '-c', 'sleep 3600']
+  initContainers:
+  - name: init-container
+    image: busybox
+    command: ['sh', '-c', 'sleep 30']

init1.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Pod
+metadata: 
+  name: initpod
+spec:
+  containers:
+  - name: after-init
+    image: busybox
+    command: ['sh', '-c', 'echo its running! && sleep 3600'] 
+  initContainers:
+  - name: init-myservice
+    image: busybox
+    command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] 

init2.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: myservice
+spec:
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 9376

join-net.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# run this on worker node only
+# make sure this matches the mey in the output of the kubeadm init command
+
+kubeadm join 192.168.4.110:8080 --token d0xzor.dns5rialmgzp5asv \
+    --discovery-token-ca-cert-hash sha256:79e7203a963d1445d19707ea2c6f5c3c6f3c568bd97f825542575dea15a597ba

kube-setup.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+#
+# verified on Fedora 29 Server
+
+
+# add vbox repo
+rm -f /etc/yum.repos.d/vbox.repo
+
+cat << REPO >> /etc/yum.repos.d/vbox.repo
+[virtualbox]
+name=Fedora $releasever - $basearch - VirtualBox
+baseurl=http://download.virtualbox.org/virtualbox/rpm/fedora/\$releasever/\$basearch
+enabled=1
+gpgcheck=0
+repo_gpgcheck=0
+gpgkey=https://www.virtualbox.org/download/oracle_vbox.asc
+REPO
+
+dnf clean all
+dnf upgrade
+
+# install vbox
+echo installing virtualbox
+dnf install make perl kernel-devel gcc elfutils-libelf-devel -y
+dnf install VirtualBox-5.2 -y
+echo installing kubectl
+dnf install kubernetes-client -y
+echo downloading minikube, check version
+curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
+
+chmod +x minikube
+cp minikube /usr/local/bin
+
+echo at this point, reboot your Fedora Server. After reboot, manually run:
+echo vboxconfig
+echo minikube start

lab21.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# RHCSA Labs lesson 21 script
+# SvV
+# version 0.1
+
+grep -i enforcing /etc/sysconfig/selinux >/dev/null 2>&1 || echo no enforcing set in /etc/sysconfig/selinux
+getenforce | grep -i enforcing >/dev/null 2>&1 || echo currently not in enforcing mode
+history | tail -20 | grep restorecon >/dev/null 2>&1 || echo you have not run the restorecon command recently

lab7-1.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: init-pod
+  labels:
+    app: initapp
+spec:
+  containers:
+  - name: main-container
+    image: busybox
+    command: ['sh', '-c', 'echo main app running && sleep 3600'] 
+  initContainers:
+  - name: init-myservie
+    image: busybox
+    command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done'] 
+  - name: init-db
+    image: busybox
+    command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done'] 

lab7-2.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: myservice
+spec:
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 9376
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mydb
+spec:
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 9377

my-crontab.yaml

@@ -0,0 +1,7 @@
+apiVersion: "stable.example.com/v1"
+kind: CronTab
+metadata:
+  name: my-new-cronjob
+spec:
+  cronSpec: "* * * * */5"
+  image: my-cron-image

networkpolicy-example.yaml

@@ -0,0 +1,34 @@
+apiVersion: networking.k8s.io/v1 
+kind: NetworkPolicy
+metadata:
+  name: test-network-policy
+  namespace: default 
+spec:
+  podSelector: 
+    matchLabels:
+      role: db 
+  policyTypes: 
+  - Ingress
+  - Egress 
+  ingress:
+  - from:
+    - ipBlock:
+        cidr: 172.17.0.0/16 
+        except:
+        - 172.17.1.0/24
+    - namespaceSelector: 
+        matchLabels:
+          project: myproject 
+    - podSelector:
+        matchLabels: 
+          role: frontend
+    ports:
+    - protocol: TCP
+      port: 6379 
+  egress:
+  - to:
+    - ipBlock:
+      cidr: 10.0.0.0/24 
+  ports:
+  - protocol: TCP 
+    port: 5978

pod-with-node-affinity.yaml

@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: with-node-affinity
+spec:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: kubernetes.io/e2e-az-name
+            operator: In
+            values:
+            - e2e-az1
+            - e2e-az2
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 1
+        preference:
+          matchExpressions:
+          - key: another-node-label-key
+            operator: In
+            values:
+            - another-node-label-value
+  containers:
+  - name: with-node-affinity
+    image: k8s.gcr.io/pause:2.0

pod-with-pod-affinity.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: with-pod-affinity
+spec:
+  affinity:
+    podAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+          - key: security
+            operator: In
+            values:
+            - S1
+        topologyKey: failure-domain.beta.kubernetes.io/zone
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+            - key: security
+              operator: In
+              values:
+              - S2
+          topologyKey: failure-domain.beta.kubernetes.io/zone
+  containers:
+  - name: with-pod-affinity
+    image: k8s.gcr.io/pause:2.0

prod-role.yaml

@@ -0,0 +1,10 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  namespace: production
+  name: dev-prod
+rules:
+- apiGroups: ["", "extensions", "apps"]
+  resources: ["deployments", "replicasets", "pods"]
+  verbs: ["list", "get", "watch"] 
+

redis-with-pod-affinity.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis-cache
+spec:
+  selector:
+    matchLabels:
+      app: store
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: store
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - store
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+      - name: redis-server
+        image: redis:3.2-alpine

rolebind.yaml

@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: developer-role-binding
+  namespace: development
+subjects:
+- kind: User
+  name: anna
+  apiGroup: ""
+roleRef:
+  kind: Role
+  name: developer
+  apiGroup: ""

rolebindprod.yaml

@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: production-role-binding
+  namespace: production
+subjects:
+- kind: User
+  name: anna
+  apiGroup: ""
+roleRef:
+  kind: Role
+  name: dev-prod
+  apiGroup: ""

security-context.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo
+spec:
+  securityContext:
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 2000
+  volumes:
+  - name: securevol
+    emptyDir: {}
+  containers:
+  - name: sec-demo
+    image: busybox
+    command: ["sh", "-c", "sleep 3600"]
+    volumeMounts:
+    - name: securevol
+      mountPath: /data/demo
+    securityContext:
+      allowPrivilegeEscalation: false

selector-pod.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx
+spec:
+  containers:
+  - name: nginx
+    image: nginx
+    imagePullPolicy: IfNotPresent
+  nodeSelector:
+    disktype: ssd

setup-docker.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+# script that runs 
+# https://kubernetes.io/docs/setup/production-environment/container-runtime
+
+yum install -y vim yum-utils device-mapper-persistent-data lvm2
+yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+
+# notice that only verified versions of Docker may be installed
+# verify the documentation to check if a more recent version is available
+
+yum install -y docker-ce
+[ ! -d /etc/docker ] && mkdir /etc/docker
+
+cat > /etc/docker/daemon.json <<EOF
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
+EOF
+
+cat >> /etc/hosts << EOF
+{
+  192.168.4.111 control.example.com control
+  192.168.4.112 worker1.example.com worker1
+  192.168.4.113 worker2.example.com worker2
+}
+EOF
+
+mkdir -p /etc/systemd/system/docker.service.d
+
+systemctl daemon-reload
+systemctl restart docker
+systemctl enable docker
+
+if [[ $HOSTNAME = control.example.com ]]
+then
+  firewall-cmd --add-port 6443/tcp --permanent
+  firewall-cmd --add-port 2379-2380/tcp --permanent
+  firewall-cmd --add-port 10250/tcp --permanent
+  firewall-cmd --add-port 10251/tcp --permanent
+  firewall-cmd --add-port 10252/tcp --permanent
+fi
+
+if echo $HOSTNAME | grep worker
+then
+  firewall-cmd --add-port 10250/tcp --permanent
+  firewall-cmd --add-port 30000-32767/tcp --permanent
+fi
+
+systemctl restart firewalld

setup-kubetools.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# kubeadm installation instructions as on
+# https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
+
+cat <<EOF > /etc/yum.repos.d/kubernetes.repo
+[kubernetes]
+name=Kubernetes
+baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+EOF
+
+# Set SELinux in permissive mode (effectively disabling it)
+setenforce 0
+sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
+
+# disable swap (assuming that the name is /dev/centos/swap
+sed -i 's/^\/dev\/mapper\/centos-swap/#\/dev\/mapper\/centos-swap/' /etc/fstab
+swapoff /dev/mapper/centos-swap
+
+yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
+
+systemctl enable --now kubelet
+
+# Set iptables bridging
+cat <<EOF >  /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+EOF
+sysctl --system

taint-toleration.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-toleration
+  labels: 
+    env: test
+spec:
+  containers:
+  - name: nginx-toleration
+    image: nginx
+    imagePullPolicy: IfNotPresent
+  tolerations:
+  - key: "example-key"
+    operator: "Exists"
+    effect: "NoSchedule"

webserver-with-pod-affinity.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: web-server
+spec:
+  selector:
+    matchLabels:
+      app: web-store
+  replicas: 3
+  template:
+    metadata:
+      labels:
+        app: web-store
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - web-store
+            topologyKey: "kubernetes.io/hostname"
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - store
+            topologyKey: "kubernetes.io/hostname"
+      containers:
+      - name: web-app
+        image: nginx:1.12-alpine