chaos/docker-images
2
1
Fork 0
Code Issues 1 Pull Requests Projects Releases 1 Wiki Activity

Compare commits

base: chaos:8fbf07efdff76fd0e82f2a4acc48aa77b970262c
Branches Tags
chaos:main chaos:master chaos:buster
chaos:pre-nomad chaos:zwave2mqtt-socat chaos:123 chaos:local-git chaos:hassio-resources-borked
...
compare: chaos:master
Branches Tags
chaos:main chaos:master chaos:buster
chaos:pre-nomad chaos:zwave2mqtt-socat chaos:123 chaos:local-git chaos:hassio-resources-borked

18 Commits
8fbf07efdf ... master

Author SHA1 Message Date
Udo Waechter
2e3bb35f86 coreddns update 2023-10-15 19:17:51 +02:00
Udo Waechter
47cbd88587 coredns / cluster upgrade 2023-01-16 18:57:58 +01:00
Udo Waechter
dd74762778 tekton PVC? required? 2023-01-12 20:54:31 +01:00
Udo Waechter
07d7f45e64 other stings 2023-01-12 20:53:46 +01:00
Udo Waechter
536c0c4ddc flannel 0.20 upgrade 2023-01-12 20:53:23 +01:00
Udo Waechter
fcb2e69615 upgrade galore from 1.23 to 1.26. and cluster ist still at 1.25? See: Readme.md 2023-01-12 20:52:46 +01:00
Udo Waechter
e2e032ac94 another nfs -client provisioner 2022-12-08 17:51:23 +01:00
Udo Waechter
4bbf79569c another nfs -client provisioner 2022-12-08 17:47:14 +01:00
Udo Waechter
273fb0e252 more updates 2022-12-08 17:09:38 +01:00
Udo Waechter
62f5788742 changing output dir 2022-12-08 16:47:19 +01:00
Udo Waechter
9b2d2a9d95 php-fpm 2022-12-08 16:43:36 +01:00
Udo Waechter
b5ff289f66 stuff 2022-12-08 16:39:52 +01:00
Udo Waechter
7cb8d572e7 stuff 2022-12-08 14:03:01 +01:00
Udo Waechter
14aceae467 new version and create dirs on run 2022-12-08 13:57:10 +01:00
Udo Waechter
604d065252 new version and create dirs on run 2022-12-08 13:09:24 +01:00
Udo Waechter
b50d6de8f7 cleanup 2022-11-18 10:26:13 +01:00
Udo Waechter
79c4e5e0c7 tekton stuff and install 2022-11-18 10:24:39 +01:00
Udo Waechter
d7241c7563 removed obsolete submods 2022-11-18 10:21:37 +01:00
20 changed files with 370 additions and 2626 deletions
Expand all files Collapse all files

2
.gitmodules vendored
View File

@@ -3,7 +3,7 @@
url = https://github.com/coreos/kube-prometheus.git url = https://github.com/coreos/kube-prometheus.git
[submodule "cluster-monitoring"] [submodule "cluster-monitoring"]
path = cluster-monitoring path = cluster-monitoring
url = https://github.com/carlosedp/cluster-monitoring.git url = git@git.lan:chaos/k8s-cluster-monitoring.git
[submodule "gluster-kubernetes"] [submodule "gluster-kubernetes"]
path = gluster-kubernetes path = gluster-kubernetes
url = https://github.com/jayflory/gluster-kubernetes.git url = https://github.com/jayflory/gluster-kubernetes.git

9
TODO.md Normal file
View File

@@ -0,0 +1,9 @@
root@pine01:/etc/kubernetes# kubeadm upgrade apply v1.24.9 --ignore-preflight-errors=CoreDNSUnsupportedPlugins
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
W0112 18:28:48.533830 21616 initconfiguration.go:120] Usage of CRI endpoints without URL scheme is deprecated and can cause kubelet errors in the future. Automatically prepending scheme "unix" to the "criSocket" with value "/run/containerd/containerd.sock". Please update your configuration!
CoreDNS v1.8.6 v1.9.3

33
_CI-CD/tekton-pvc.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: tektoncd-workspaces
namespace: default
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Gi
storageClassName: nfs-ssd-ebin02
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: tektoncd-workspaces
spec:
storageClassName: "nfs-ssd-ebin02"
nfs:
path: /data/raid1-ssd/k8s-data/tektoncd-workspaces
server: ebin02
capacity:
storage: 40Gi
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
persistentVolumeReclaimPolicy: Retain
claimRef:
kind: PersistentVolumeClaim
name: tektoncd-workspaces
namespace: default

4
_CI-CD/tektoncd-kaniko-pipeline.yaml
View File

@@ -22,8 +22,10 @@ spec:
value: $(params.git-revision) value: $(params.git-revision)
- name: submodules - name: submodules
value: false value: false
- subdirectory:
value: "source"
workspaces: workspaces:
- name: output - name: source
workspace: git-source workspace: git-source
- name: build-image - name: build-image
taskRef: taskRef:

17
_CI-CD/tektoncd-kaniko-task.yaml
View File

@@ -33,8 +33,7 @@ spec:
default: [] default: []
- name: BUILDER_IMAGE - name: BUILDER_IMAGE
description: The image on which builds will run (default is v1.5.1) description: The image on which builds will run (default is v1.5.1)
default: gcr.io/kaniko-project/executor:v1.8.0 default: gcr.io/kaniko-project/executor:v1.9.1
#default: gcr.io/kaniko-project/executor:v1.5.1@sha256:c6166717f7fe0b7da44908c986137ecfeab21f31ec3992f6e128fff8a94be8a5
workspaces: workspaces:
- name: source - name: source
description: Holds the context and docker file description: Holds the context and docker file
@@ -47,12 +46,21 @@ spec:
description: Digest of the image just built. description: Digest of the image just built.
steps: steps:
- name: debug
workingDir: $(workspaces.source.path)
image: bash
script: |
#!/usr/bin/env bash
export
pwd
mount
ls -al
- name: build-and-push - name: build-and-push
workingDir: $(workspaces.source.path) workingDir: $(workspaces.source.path)
image: $(params.BUILDER_IMAGE) image: $(params.BUILDER_IMAGE)
args: args:
- $(params.EXTRA_ARGS[*]) - $(params.EXTRA_ARGS[*])
- --dockerfile=$(workspaces.source.path)/$(params.DOCKERFILE) - --dockerfile=$(params.DOCKERFILE)
- --context=$(params.CONTEXT) # The user does not need to care the workspace and the source. - --context=$(params.CONTEXT) # The user does not need to care the workspace and the source.
- --destination=$(params.IMAGE) - --destination=$(params.IMAGE)
- --digest-file=/tekton/results/IMAGE-DIGEST - --digest-file=/tekton/results/IMAGE-DIGEST
@@ -60,6 +68,9 @@ spec:
- --single-snapshot - --single-snapshot
- --use-new-run - --use-new-run
- --skip-tls-verify - --skip-tls-verify
- --cache
- --cache-copy-layers
- --cache-dir=/workspace/cache
# kaniko assumes it is running as root, which means this example fails on platforms # kaniko assumes it is running as root, which means this example fails on platforms
# that default to run containers as random uid (like OpenShift). Adding this securityContext # that default to run containers as random uid (like OpenShift). Adding this securityContext
# makes it explicit that it needs to run as root. # makes it explicit that it needs to run as root.

84
_sys/README.md
View File

@@ -1,3 +1,87 @@
Upgrade:
```
export KV=1.26.0-00;
apt-mark unhold kubeadm=$KV kubectl=$KV kubelet=$KV;
apt install -y kubeadm=$KV;
```
```
kubeadm upgrade node #Other pines in the wood
```
```
#pine01
kubeadm upgrade plan --ignore-preflight-errors=CoreDNSUnsupportedPlugins;
kubeadm config images pull;
kubeadm upgrade apply ${KV/\-*/} --ignore-preflight-errors=CoreDNSUnsupportedPlugins --certificate-renewal=false; #sometimes true
```
```
apt install kubectl=$KV kubelet=$KV;
systemctl daemon-reload && systemctl restart kubelet;
apt-mark hold kubeadm=$KV kubectl=$KV kubelet=$KV;
echo 'You can now uncordon, der Geraet';
```
# Infos:
```
$ kubectl -n kube-system get cm kubeadm-config -o yaml
apiVersion: v1
data:
ClusterConfiguration: |
apiServer:
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.k8s.io
kind: ClusterConfiguration
kubernetesVersion: v1.23.15
networking:
dnsDomain: cluster.local
podSubnet: 172.23.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
ClusterStatus: |
apiEndpoints:
pine01:
advertiseAddress: 172.16.23.21
bindPort: 6443
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterStatus
kind: ConfigMap
metadata:
creationTimestamp: "2021-01-20T14:55:12Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:ClusterConfiguration: {}
f:ClusterStatus: {}
manager: kubeadm
operation: Update
time: "2021-01-20T14:55:12Z"
name: kubeadm-config
namespace: kube-system
resourceVersion: "441685033"
uid: c70fefd3-02c3-44c8-a37d-7b17ec445455
```
Descheduler (reschedule pods) Descheduler (reschedule pods)
# https://github.com/kubernetes-sigs/descheduler # https://github.com/kubernetes-sigs/descheduler
# kubectl apply -n kube-system -f https://raw.githubusercontent.com/kubernetes-sigs/descheduler/master/kubernetes/base/rbac.yaml # kubectl apply -n kube-system -f https://raw.githubusercontent.com/kubernetes-sigs/descheduler/master/kubernetes/base/rbac.yaml

122
_sys/coredns-1.26-x.yaml Normal file
View File

@@ -0,0 +1,122 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns
namespace: kube-system
uid: 7bf78c83-68ac-4dee-95f6-52964e38e2d3
resourceVersion: '441765420'
generation: 37
creationTimestamp: '2021-01-20T14:55:14Z'
labels:
k8s-app: kube-dns
annotations:
deployment.kubernetes.io/revision: '34'
spec:
replicas: 2
selector:
matchLabels:
k8s-app: kube-dns
template:
metadata:
creationTimestamp: null
labels:
k8s-app: kube-dns
spec:
volumes:
- name: config-volume
configMap:
name: coredns
items:
- key: Corefile
path: Corefile
defaultMode: 420
containers:
- name: coredns
image: registry.k8s.io/coredns/coredns:v1.9.3
args:
- '-conf'
- /etc/coredns/Corefile
ports:
- name: dns
containerPort: 53
protocol: UDP
- name: dns-tcp
containerPort: 53
protocol: TCP
- name: metrics
containerPort: 9153
protocol: TCP
resources:
limits:
memory: 170Mi
requests:
cpu: 100m
memory: 70Mi
volumeMounts:
- name: config-volume
readOnly: true
mountPath: /etc/coredns
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /ready
port: 8181
scheme: HTTP
timeoutSeconds: 1
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- all
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: Default
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: coredns
serviceAccount: coredns
securityContext: {}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: k8s-app
operator: In
values:
- kube-dns
topologyKey: kubernetes.io/hostname
schedulerName: default-scheduler
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
priorityClassName: system-cluster-critical
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600

73
_sys/coredns-deployment.yaml
View File

@@ -26,23 +26,45 @@ data:
reload reload
loadbalance loadbalance
} }
lan.db: "; lan. zone file\n$ORIGIN lan.\n@ 3600 IN SOA sns.dns.icann.org. lan.db: |
noc.dns.icann.org. 2021102006 7200 3600 1209600 3600\n 3600 IN NS 172.23.255.252\n\nns ;lan. zone file
\ IN A 172.23.255.252\nsalt IN A 192.168.10.2 \nmqtt $ORIGIN lan.
\ IN A 172.16.23.1\nwww-proxy IN A 172.23.255.1\ngit IN @ 600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2022032201 7200 600 1209600 600
\ A 172.23.255.2\npostgresql IN A 172.23.255.4\nmariadb IN A 3600 IN NS 172.23.255.252
\ 172.23.255.5\npihole IN A 172.23.255.253\nadm IN CNAME ns IN A 172.23.255.252
adm01.wks.\n\nprometheus IN CNAME www-proxy \nalertmanager IN CNAME salt IN A 192.168.10.2
www-proxy\nstats IN CNAME www-proxy\ncr-ui IN CNAME mqtt IN A 172.16.23.1
www-proxy\napt IN CNAME www-proxy\napt-cache IN CNAME www-proxy IN A 172.23.255.1
www-proxy\nnodered IN CNAME www-proxy\nfoto IN CNAME git IN A 172.23.255.2
www-proxy\nmusik IN CNAME www-proxy\nhassio IN CNAME postgresql IN A 172.23.255.4
www-proxy\nhassio-conf IN CNAME www-proxy \ngit-ui IN CNAME mariadb IN A 172.23.255.5
www-proxy\ngrav IN CNAME www-proxy\ntekton IN CNAME redis IN A 172.23.255.6
www-proxy\nnc IN CNAME www-proxy\nauth IN CNAME pihole IN A 172.23.255.253
www-proxy\npublic.auth IN CNAME www-proxy \nsecure.auth IN CNAME adm IN CNAME adm01.wks.
www-proxy\ndocker-registry IN CNAME adm\ncr IN CNAME adm\ndr-mirror
\ IN CNAME adm\nlog IN CNAME adm\n" prometheus IN CNAME www-proxy
alertmanager IN CNAME www-proxy
stats IN CNAME www-proxy
cr-ui IN CNAME www-proxy
apt IN CNAME www-proxy
apt-cache IN CNAME www-proxy
nodered IN CNAME www-proxy
foto IN CNAME www-proxy
musik IN CNAME www-proxy
hassio IN CNAME www-proxy
hassio-conf IN CNAME www-proxy
git-ui IN CNAME www-proxy
grav IN CNAME www-proxy
tekton IN CNAME www-proxy
nc IN CNAME www-proxy
dolibarr IN CNAME www-proxy
auth IN CNAME www-proxy
public.auth IN CNAME www-proxy
secure.auth IN CNAME www-proxy
docker-registry IN CNAME adm
cr IN CNAME adm
dr-mirror IN CNAME adm
log IN CNAME adm
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@@ -63,6 +85,7 @@ spec:
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: coredns
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
spec: spec:
@@ -86,7 +109,7 @@ spec:
- args: - args:
- -conf - -conf
- /etc/coredns/Corefile - /etc/coredns/Corefile
image: k8s.gcr.io/coredns/coredns:v1.8.4 image: registry.k8s.io/coredns/coredns:v1.9.3
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 5 failureThreshold: 5
@@ -109,6 +132,16 @@ spec:
- containerPort: 9153 - containerPort: 9153
name: metrics name: metrics
protocol: TCP protocol: TCP
livenessProbe:
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 5
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
httpGet: httpGet:
@@ -132,6 +165,7 @@ spec:
drop: drop:
- all - all
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
terminationMessagePath: /dev/termination-log terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File terminationMessagePolicy: File
volumeMounts: volumeMounts:
@@ -164,4 +198,5 @@ spec:
- key: lan.db - key: lan.db
path: lan.db path: lan.db
name: coredns name: coredns
name: config-volume name: config-volume

2
_sys/descheduler-cronjob.yaml
View File

@@ -16,7 +16,7 @@ spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
containers: containers:
- name: descheduler - name: descheduler
image: k8s.gcr.io/descheduler/descheduler:latest image: k8s.gcr.io/descheduler/descheduler:v0.25.0
volumeMounts: volumeMounts:
- mountPath: /policy-dir - mountPath: /policy-dir
name: policy-volume name: policy-volume

92
_sys/kube-flannel.yml
View File

@@ -1,60 +1,16 @@
--- ---
apiVersion: policy/v1beta1 kind: Namespace
kind: PodSecurityPolicy apiVersion: v1
metadata: metadata:
name: psp.flannel.unprivileged name: kube-flannel
annotations: labels:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default pod-security.kubernetes.io/enforce: privileged
seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
spec:
privileged: false
volumes:
- configMap
- secret
- emptyDir
- hostPath
allowedHostPaths:
- pathPrefix: "/etc/cni/net.d"
- pathPrefix: "/etc/kube-flannel"
- pathPrefix: "/run/flannel"
readOnlyRootFilesystem: false
# Users and groups
runAsUser:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
fsGroup:
rule: RunAsAny
# Privilege Escalation
allowPrivilegeEscalation: false
defaultAllowPrivilegeEscalation: false
# Capabilities
allowedCapabilities: ['NET_ADMIN', 'NET_RAW']
defaultAddCapabilities: []
requiredDropCapabilities: []
# Host namespaces
hostPID: false
hostIPC: false
hostNetwork: true
hostPorts:
- min: 0
max: 65535
# SELinux
seLinux:
# SELinux is unused in CaaSP
rule: 'RunAsAny'
--- ---
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: flannel name: flannel
rules: rules:
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: ['psp.flannel.unprivileged']
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@@ -66,6 +22,7 @@ rules:
resources: resources:
- nodes - nodes
verbs: verbs:
- get
- list - list
- watch - watch
- apiGroups: - apiGroups:
@@ -86,19 +43,19 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: flannel name: flannel
namespace: kube-system namespace: kube-flannel
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: flannel name: flannel
namespace: kube-system namespace: kube-flannel
--- ---
kind: ConfigMap kind: ConfigMap
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: kube-flannel-cfg name: kube-flannel-cfg
namespace: kube-system namespace: kube-flannel
labels: labels:
tier: node tier: node
app: flannel app: flannel
@@ -135,7 +92,7 @@ apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: kube-flannel-ds name: kube-flannel-ds
namespace: kube-system namespace: kube-flannel
labels: labels:
tier: node tier: node
app: flannel app: flannel
@@ -165,8 +122,21 @@ spec:
effect: NoSchedule effect: NoSchedule
serviceAccountName: flannel serviceAccountName: flannel
initContainers: initContainers:
- name: install-cni-plugin
#image: flannelcni/flannel-cni-plugin:v1.1.0 for ppc64le and mips64le (dockerhub limitations may apply)
image: docker.io/rancher/mirrored-flannelcni-flannel-cni-plugin:v1.1.0
command:
- cp
args:
- -f
- /flannel
- /opt/cni/bin/flannel
volumeMounts:
- name: cni-plugin
mountPath: /opt/cni/bin
- name: install-cni - name: install-cni
image: quay.io/coreos/flannel:v0.14.0 #image: flannelcni/flannel:v0.20.2 for ppc64le and mips64le (dockerhub limitations may apply)
image: docker.io/rancher/mirrored-flannelcni-flannel:v0.20.2
command: command:
- cp - cp
args: args:
@@ -180,7 +150,8 @@ spec:
mountPath: /etc/kube-flannel/ mountPath: /etc/kube-flannel/
containers: containers:
- name: kube-flannel - name: kube-flannel
image: quay.io/coreos/flannel:v0.14.0 #image: flannelcni/flannel:v0.20.2 for ppc64le and mips64le (dockerhub limitations may apply)
image: docker.io/rancher/mirrored-flannelcni-flannel:v0.20.2
command: command:
- /opt/bin/flanneld - /opt/bin/flanneld
args: args:
@@ -206,18 +177,29 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: EVENT_QUEUE_DEPTH
value: "5000"
volumeMounts: volumeMounts:
- name: run - name: run
mountPath: /run/flannel mountPath: /run/flannel
- name: flannel-cfg - name: flannel-cfg
mountPath: /etc/kube-flannel/ mountPath: /etc/kube-flannel/
- name: xtables-lock
mountPath: /run/xtables.lock
volumes: volumes:
- name: run - name: run
hostPath: hostPath:
path: /run/flannel path: /run/flannel
- name: cni-plugin
hostPath:
path: /opt/cni/bin
- name: cni - name: cni
hostPath: hostPath:
path: /etc/cni/net.d path: /etc/cni/net.d
- name: flannel-cfg - name: flannel-cfg
configMap: configMap:
name: kube-flannel-cfg name: kube-flannel-cfg
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate

6
_sys/nfs-provisioners/deployment_nfs-hdd-ebin01.yaml
View File

@@ -21,7 +21,7 @@ spec:
serviceAccountName: nfs-client-provisioner serviceAccountName: nfs-client-provisioner
containers: containers:
- name: nfs-hdd-ebin01 - name: nfs-hdd-ebin01
image: quay.io/external_storage/nfs-client-provisioner-arm:latest image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
volumeMounts: volumeMounts:
- name: nfs-client-root - name: nfs-client-root
mountPath: /persistentvolumes mountPath: /persistentvolumes
@@ -31,7 +31,7 @@ spec:
- name: NFS_SERVER - name: NFS_SERVER
value: ebin01 value: ebin01
- name: NFS_PATH - name: NFS_PATH
value: /data/raid1-hdd/k8s-data value: /data/k8s-data-hdd
affinity: affinity:
podAntiAffinity: podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
@@ -46,4 +46,4 @@ spec:
- name: nfs-client-root - name: nfs-client-root
nfs: nfs:
server: ebin01 server: ebin01
path: /data/raid1-hdd/k8s-data path: /data/k8s-data-hdd

2
_sys/nfs-provisioners/deployment_nfs-ssd-ebin01.yaml
View File

@@ -21,7 +21,7 @@ spec:
serviceAccountName: nfs-client-provisioner serviceAccountName: nfs-client-provisioner
containers: containers:
- name: nfs-ssd-ebin01 - name: nfs-ssd-ebin01
image: quay.io/external_storage/nfs-client-provisioner-arm:latest image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
volumeMounts: volumeMounts:
- name: nfs-client-root - name: nfs-client-root
mountPath: /persistentvolumes mountPath: /persistentvolumes

2
_sys/nfs-provisioners/deployment_nfs-ssd-ebin02.yaml
View File

@@ -21,7 +21,7 @@ spec:
serviceAccountName: nfs-client-provisioner serviceAccountName: nfs-client-provisioner
containers: containers:
- name: nfs-ssd-ebin02 - name: nfs-ssd-ebin02
image: quay.io/external_storage/nfs-client-provisioner-arm:latest image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
volumeMounts: volumeMounts:
- name: nfs-client-root - name: nfs-client-root
mountPath: /persistentvolumes mountPath: /persistentvolumes

1
apps/docker-registry/docker-registry-ui.yaml
View File

@@ -20,7 +20,6 @@ spec:
spec: spec:
containers: containers:
- name: registry-ui - name: registry-ui
#image: cr.lan/docker-registry-ui:arm64
image: docker.io/joxit/docker-registry-ui:latest image: docker.io/joxit/docker-registry-ui:latest
imagePullPolicy: Always imagePullPolicy: Always
env: env:

3
apps/rompr/files/run-httpd
View File

@@ -2,6 +2,7 @@
rm -f /var/run/nginx.pid rm -f /var/run/nginx.pid
mkdir -p /var/log/nginx mkdir -p /var/log/nginx
set -e set -e
mkdir -p /rompr/albumart /rompr/prefs
chown www-data:www-data -R /rompr/albumart /rompr/prefs
/etc/init.d/php7.4-fpm restart /etc/init.d/php7.4-fpm restart
exec /usr/sbin/nginx -g 'daemon off;' exec /usr/sbin/nginx -g 'daemon off;'

2
apps/rompr/tekton.yaml
View File

@@ -13,7 +13,7 @@ spec:
- name: path-to-image-context - name: path-to-image-context
value: apps/rompr value: apps/rompr
- name: path-to-dockerfile - name: path-to-dockerfile
value: apps/rompr/Dockerfile value: ./Dockerfile
- name: image-name - name: image-name
value: cr.lan/rompr value: cr.lan/rompr
workspaces: workspaces:

8
apps/tekton/README.md
View File

@@ -1,8 +1,6 @@
Install: Install:
# Pipelines: @kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml@ # Pipelines: @kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml@
# Triggers: @kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml@ #https://github.com/tektoncd/triggers/blob/master/docs/install.md # Triggers: @kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml@
# Dashboard: @kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml@ #https://github.com/tektoncd/triggers/blob/master/docs/install.md
## update submodule in ./dashboard # Dashboard: @kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml@
## Build: @docker build -t tekton-dashboard:arm64 -t docker-registry.lan/tekton-dashboard:arm64 --platform linux/arm64 --build-arg GOARCH=arm64 .@
## apply deployment.yaml

526
apps/tekton/tekton-dashboard-release.yaml
View File

@@ -1,526 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: extensions.dashboard.tekton.dev
spec:
additionalPrinterColumns:
- JSONPath: .spec.apiVersion
name: API version
type: string
- JSONPath: .spec.name
name: Kind
type: string
- JSONPath: .spec.displayname
name: Display name
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: dashboard.tekton.dev
names:
categories:
- tekton
- tekton-dashboard
kind: Extension
plural: extensions
shortNames:
- ext
- exts
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-backend
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- tekton.dev
resources:
- clustertasks
- clustertasks/status
verbs:
- get
- list
- watch
- apiGroups:
- triggers.tekton.dev
resources:
- clustertriggerbindings
verbs:
- get
- list
- watch
- apiGroups:
- dashboard.tekton.dev
resources:
- extensions
verbs:
- create
- update
- delete
- patch
- apiGroups:
- tekton.dev
resources:
- clustertasks
- clustertasks/status
verbs:
- create
- update
- delete
- patch
- apiGroups:
- triggers.tekton.dev
resources:
- clustertriggerbindings
verbs:
- create
- update
- delete
- patch
- add
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-dashboard
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- list
---
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.dashboard.tekton.dev/aggregate-to-dashboard: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-extensions
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-pipelines
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-tenant
rules:
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- dashboard.tekton.dev
resources:
- extensions
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
- pods/log
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- tekton.dev
resources:
- tasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
- conditions
- tasks/status
- taskruns/status
- pipelines/status
- pipelineruns/status
- taskruns/finalizers
- pipelineruns/finalizers
verbs:
- get
- list
- watch
- apiGroups:
- triggers.tekton.dev
resources:
- eventlisteners
- triggerbindings
- triggertemplates
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- update
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- tekton.dev
resources:
- tasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
- conditions
- taskruns/finalizers
- pipelineruns/finalizers
- tasks/status
- taskruns/status
- pipelines/status
- pipelineruns/status
verbs:
- create
- update
- delete
- patch
- apiGroups:
- triggers.tekton.dev
resources:
- eventlisteners
- triggerbindings
- triggertemplates
verbs:
- create
- update
- delete
- patch
- add
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-triggers
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-backend
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-backend
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: v1
kind: Service
metadata:
labels:
app: tekton-dashboard
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/name: dashboard
app.kubernetes.io/part-of: tekton-dashboard
app.kubernetes.io/version: v0.11.1
dashboard.tekton.dev/release: v0.11.1
version: v0.11.1
name: tekton-dashboard
namespace: tekton-pipelines
spec:
ports:
- name: http
port: 9097
protocol: TCP
targetPort: 9097
selector:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/name: dashboard
app.kubernetes.io/part-of: tekton-dashboard
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: tekton-dashboard
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/name: dashboard
app.kubernetes.io/part-of: tekton-dashboard
app.kubernetes.io/version: v0.11.1
dashboard.tekton.dev/release: v0.11.1
version: v0.11.1
name: tekton-dashboard
namespace: tekton-pipelines
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/name: dashboard
app.kubernetes.io/part-of: tekton-dashboard
template:
metadata:
labels:
app: tekton-dashboard
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/name: dashboard
app.kubernetes.io/part-of: tekton-dashboard
app.kubernetes.io/version: v0.11.1
name: tekton-dashboard
spec:
containers:
- args:
- --port=9097
- --logout-url=
- --pipelines-namespace=tekton-pipelines
- --triggers-namespace=tekton-pipelines
- --read-only=false
- --csrf-secure-cookie=false
- --log-level=info
- --log-format=json
- --namespace=
- --openshift=false
- --stream-logs=false
- --external-logs=
env:
- name: INSTALLED_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: WEB_RESOURCES_DIR
value: /go/src/github.com/tektoncd/dashboard/web
- name: TEKTON_PIPELINES_WEB_RESOURCES_DIR
value: /go/src/github.com/tektoncd/dashboard/web
#image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:744eb92d7d0365bbfb2405df4ba4d2a66c01edc26028c362bd5675e2bc1b9626
image: docker-registry.lan/tekton-dashboard:arm64
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /health
port: 9097
name: tekton-dashboard
ports:
- containerPort: 9097
readinessProbe:
httpGet:
path: /readiness
port: 9097
securityContext:
runAsNonRoot: true
runAsUser: 65532
serviceAccountName: tekton-dashboard
volumes: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-pipelines
namespace: tekton-pipelines
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-pipelines
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-dashboard
namespace: tekton-pipelines
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-dashboard
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-triggers
namespace: tekton-pipelines
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-triggers
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-tenant
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-tenant
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-extensions
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-extensions
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: tekton-dashboard
namespace: tekton-pipelines
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
spec:
rules:
- host: tekton.lan
http:
paths:
- backend:
serviceName: tekton-dashboard
servicePort: 9097

2006
apps/tekton/tektoncd-0.20.1-release.yaml
View File

File diff suppressed because it is too large Load Diff

2
cluster-monitoring

Submodule cluster-monitoring updated: b1d095f244...165060e756