Merge branch 'cncamp:master' into master

Author: SignorMercurio

module10/loki-stack/readme.MD

@@ -20,7 +20,7 @@ cd loki-stack
 ```
 ### replace all `rbac.authorization.k8s.io/v1beta1` with `rbac.authorization.k8s.io/v1` by 
 ```
-sed s#rbac.authorization.k8s.io/v1beta1#rbac.authorization.k8s.io/v1#g *.yaml
+sed -i s#rbac.authorization.k8s.io/v1beta1#rbac.authorization.k8s.io/v1#g *.yaml
 ```
 ### install loki locally
 ```

module11/drain-node/drain.MD

@@ -9,13 +9,13 @@ kubectl uncordon
 ```
 
 ```
-curl -v -H 'Content-type: application/json' --key admin.key --cert admin.crt https://192.168.34.2:6443/api/v1/namespaces/default/pods/nginx-deployment-9b44bf4b5-x4xc4/eviction -d @eviction.json
+curl -v -H 'Content-type: application/json' --key client.key --cert client.crt https://192.168.34.2:6443/api/v1/namespaces/default/pods/nginx-deployment-6799fc88d8-ds499/eviction -d @eviction.json
 
 {
   "apiVersion": "policy/v1",
   "kind": "Eviction",
   "metadata": {
-    "name": "nginx-deployment-9b44bf4b5-x4xc4",
+    "name": "nginx-deployment-6799fc88d8-ds499",
     "namespace": "default"
   }
 }

module11/drain-node/pdb.yaml

@@ -3,7 +3,7 @@ kind: PodDisruptionBudget
 metadata:
   name: nginx-deployment
 spec:
-  minAvailable: 0
+  minAvailable: 1
   selector:
     matchLabels:
       app: nginx

module11/hpa/readme.MD

@@ -1,3 +1,6 @@
 ```
-kubectl autoscale deployment php-apache --cpu-percent=50 --min=1 --max=10
+kubectl create -f php-apache.yaml
+kubectl create -f hpav2.yaml
+kubectl run -i --tty load-generator --rm --image=busybox --restart=Never -- /bin/sh -c "while sleep 0.01; do wget -q -O- http://php-apache; done"
+watch kubectl top pods
 ```

module11/operator/kubebuilder.md

@@ -0,0 +1,80 @@
+### create a kubebuilder project, it requires an empty folder
+```
+kubebuilder init --domain cncamp.io
+```
+
+### check project layout
+```
+cat PROJECT
+domain: cncamp.io
+layout:
+- go.kubebuilder.io/v3
+projectName: mysts
+repo: github.com/cncamp/demo-operator
+version: "3"
+```
+### create API, create resource[Y], create controller[Y]
+```
+kubebuilder create api --group apps --version v1beta1 --kind MyDaemonset
+```
+### open project by IDE and edit api/v1alpha1/simplestatefulset_types.go
+```
+// MyDaemonsetSpec defines the desired state of MyDaemonset
+type MyDaemonsetSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of MyDaemonset. Edit mydaemonset_types.go to remove/update
+	Image string `json:"image,omitempty"`
+}
+
+// MyDaemonsetStatus defines the observed state of MyDaemonset
+type MyDaemonsetStatus struct {
+	AvaiableReplicas int `json:"avaiableReplicas,omitempty"`
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+```
+### check Makefile
+```
+Build targets:
+    ### create code skeletion
+    manifests: generate crd
+    generate: generate api functions, like deepCopy
+    
+    ### generate crd and install
+    run: Run a controller from your host.
+    install: Install CRDs into the K8s cluster specified in ~/.kube/config.
+    
+    ### docker build and deploy
+    docker-build: Build docker image with the manager.
+    docker-push: Push docker image with the manager.
+    deploy: Deploy controller to the K8s cluster specified in ~/.kube/config.
+
+```
+### generate crd
+```
+make manifests
+```
+### build & install
+```
+make build
+make docker-build
+make docker-push
+make deploy
+```
+## enable webhooks
+### install cert-manager
+```
+kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.yaml
+```
+### create webhooks
+```
+kubebuilder create webhook --group apps --version v1beta1 --kind MyDaemonset --defaulting --programmatic-validation
+```
+### change code
+### enable webhook in
+```
+config/default/kustomization.yaml
+```
+### redeploy

module11/qos-pods/deployment-min-ready.yaml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: centos-qos
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: centos
+  template:
+    metadata:
+      labels:
+        app: centos
+    spec:
+      containers:
+      - command:
+        - tail
+        - -f
+        - /dev/null
+        image: centos
+        name: centos
+        resources:
+          requests:
+            cpu: 250m
+            memory: 1Gi
+          limits:
+            cpu: 250m
+            memory: 1Gi
+        env:
+          - name: SYSTEM_NAMESPACE_ENV
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: PODIP
+            valueFrom:
+              fieldRef:
+                fieldPath: status.podIP
+          - name: CPU_LIMIT
+            valueFrom:
+              resourceFieldRef:
+                containerName: centos
+                resource: limits.cpu
+                divisor: 1m

module11/vpa/readme.MD

@@ -3,5 +3,24 @@
 git clone https://github.com/kubernetes/autoscaler.git
 ```
 ### install vpa
+```
 cd vertical-pod-autoscaler
 ./hack/vpa-up.sh
+```
+### test vpa
+```
+kubectl apply -f vpa.yaml
+```
+### recommmender run once per min, updater run once per min
+### check updater parameter for rate limit config
+### updater flows
+```
+1. get all pods-> 
+2. get live pods-> 
+3. get pods managed by vpa && evictable -> 
+4. add to updater queue-> 
+5. if (within recommend range && no oom) || (oom but resourcediff==0) -->no update
+else pods enqueue with priority-> 
+6. sort by priority -> 
+7. kill with ratelimit configured in command line parameter
+```

module12/envoy/envoy-deploy.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    run: envoy
+  name: envoy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: envoy
+  template:
+    metadata:
+      labels:
+        run: envoy
+    spec:
+      containers:
+        - image: envoyproxy/envoy-dev
+          name: envoy
+          volumeMounts:
+            - name: envoy-config
+              mountPath: "/etc/envoy"
+              readOnly: true
+      volumes:
+        - name: envoy-config
+          configMap:
+            name: envoy-config

module12/envoy/envoy.yaml

@@ -0,0 +1,40 @@
+admin:
+  address:
+    socket_address: { address: 127.0.0.1, port_value: 9901 }
+
+static_resources:
+  listeners:
+    - name: listener_0
+      address:
+        socket_address: { address: 0.0.0.0, port_value: 10000 }
+      filter_chains:
+        - filters:
+            - name: envoy.filters.network.http_connection_manager
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+                stat_prefix: ingress_http
+                codec_type: AUTO
+                route_config:
+                  name: local_route
+                  virtual_hosts:
+                    - name: local_service
+                      domains: ["*"]
+                      routes:
+                        - match: { prefix: "/" }
+                          route: { cluster: some_service }
+                http_filters:
+                  - name: envoy.filters.http.router
+  clusters:
+    - name: some_service
+      connect_timeout: 0.25s
+      type: LOGICAL_DNS
+      lb_policy: ROUND_ROBIN
+      load_assignment:
+        cluster_name: some_service
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: simple
+                      port_value: 80

module12/envoy/readme.MD

@@ -0,0 +1,9 @@
+### deploy simple
+```
+kubectl create -f simple.yaml
+```
+### deploy envoy
+```
+kubectl create configmap envoy-config --from-file=envoy.yaml
+kubectl create -f envoy-deploy.yaml
+```