Table of Contents generated with DocToc
- k8s
- Requirements:
- Source: postgresql/templates/secrets.yaml
- Source: postgresql/templates/svc.yaml
- Create secret for access to Docker Register.
- Changing the reclaim policy of a PersistentVolume
- Create containers with support FUSO.
- Secret Container Register Auth
- KONG
- Restore WA(dev) PS DataBase
- SET ACL Google Storage
- Media FOLDER
- Set Default object ACL for a bucket - 1. Check Access - 2. Change Default object ACL for a bucket
- Mongo Connection
- Check RabbitMq connection stript.
- set amqp connection parameters
- Do not forget to give access to Google Captcha
- GitLab. Autodevops
- Create special nodes pools in kubernetes with Label “app=genpdf”
- kubectl taint nodes gke-cluster-u4u-producti-default-pool-213b4150-jktr app=genpdf:NoSchedule
- kubectl label nodes gke-cluster-u4u-producti-default-pool-213b4150-jktr app=genpdf
- kubectl get nodes –show-labels
- Fix MEDIA url path to images in GenPdf
- Gitlab wildcard DNS record.
- GitLab runner register example
- Set permissions for Gitlab runner
- GitLab Email settings
- GitLab backup every night
- BackUp gitlab to folder /var/opt/gitlab/backups
- Create Как стать модератором (moder) или пользователем(user)
- U4U The Chart Repository Guide - Web access http://chart.helm.u4u.online/
- Helm Chart repo configuration in Google cloud bucket
- Backup all old prod.sh - 1. Refresh Images - 1.2 Refresh Images - 2 Create backup files. Copy to Google cloud - 2.1 Backup mongodb Collections - 2.1 Backup postgresql bases - 3 Create backup files. Copy to Google cloud
- Kong local settings
- ConfigMap
- Helm install different/other namespace
- Configure Access to Multiple Clusters
k8s
U4U Project DevOps: Kubernetes manifests. Helm packeges.
Requirements:
1. Kubernetes
K8s: Intro To Kubernetes: https://writings.fyi/k8s-intro-to-kubernetes-3a2f721ebcc7 .
2. Helm
K8s: Intro To Helm https://writings.fyi/k8s-intro-to-helm-20fb12b0cd63
Source: postgresql/templates/secrets.yaml
Source: postgresql/templates/pvc.yaml
Source: postgresql/templates/svc.yaml
Source: postgresql/templates/deployment.yaml
Create secret for access to Docker Register.
Changing the reclaim policy of a PersistentVolume
List the PersistentVolumes in your cluster:
The output is similar to this:
This list also includes the name of the claims that are bound to each volume for easier identification of dynamically provisioned volumes.
Choose one of your PersistentVolumes and change its reclaim policy:
Verify that your chosen PersistentVolume has the right policy:
The output is similar to this:
Usefull Links:
- Reuse existing Persistent Volume (GCE) https://github.com/kubernetes/kubernetes/issues/48609
Error Example:
Have to be the samo Node:
Coming back to this one; it’d be strongly advised to use nodeSelector on your pod/deployments https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
Create containers with support FUSO.
Mount media path in POD containers.
Usefull Links:
- https://cloud.google.com/storage/docs/gcs-fuse
- https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/docs/installing.md
- https://github.com/maciekrb/gcs-fuse-sample
- https://karlstoney.com/2017/03/01/fuse-mount-in-kubernetes/
1. create ubuntu fuse from ubuntudev brance fuse
Output:
Output:
2. create python fuse from ubuntudev brance fuse
Output:
3. create wa fuse from python brance python fuse
3.1 Auth information
Create kubernetes service example:
https://raw.githubusercontent.com/maciekrb/gcs-fuse-sample/master/deployment.yml
Secret Container Register Auth
Advanced Authentication Methods
https://cloud.google.com/container-registry/docs/advanced-authentication
HISTORY OF COMMANDS:
Resutl (Console Output):
KONG
1. URL Routers Config Files
2. Example Structure.
Please see kong API documentation. Below
Example parameters:
3. KONG API plugin descriptions
https://getkong.org/docs/0.13.x/admin-api/
KONG Docker hub
https://github.com/Kong/docker-kong/blob/6e2035c5739482f0616021a7eda04ec6809d9f3e/centos/Dockerfile https://hub.docker.com/_/kong/
4. New Kong image
Restore WA(dev) PS DataBase
1. Restore:
Second time from docker-composer
2. CREATE DB
https://www.tutorialspoint.com/postgresql/postgresql_create_database.htm
https://gist.github.com/ricjcosme/cf576d3d4272cc35de1335a98c547da6
3. Connect Locale to Kubernetes DateBase
SET ACL Google Storage
README: https://cloud.google.com/storage/docs/gsutil/commands/acl
➜ k8s cat acl.txt
[
{
"entity": "project-owners-1036361587373",
"projectTeam": {
"projectNumber": "1036361587373",
"team": "owners"
},
"role": "OWNER"
},
{
"entity": "project-editors-1036361587373",
"projectTeam": {
"projectNumber": "1036361587373",
"team": "editors"
},
"role": "OWNER"
},
{
"entity": "project-viewers-1036361587373",
"projectTeam": {
"projectNumber": "1036361587373",
"team": "viewers"
},
"role": "READER"
},
{
"email": "err-repor-log-monitor-admin-gc@u4u-project.iam.gserviceaccount.com",
"entity": "user-err-repor-log-monitor-admin-gc@u4u-project.iam.gserviceaccount.com",
"role": "OWNER"
}
]
➜ k8s
$gsutil -m acl set -R acl.txt gs://media.dev.u4u.online/
Media FOLDER
Usefull Links:
TODO !!!Have to be next line. have to be checked. AiratKh!!!:
2. GRAND Acces to http://media.dev.u4u.online/
gsutil -m acl -r ch -u AllUsers:R 'gs://media.dev.u4u.online/404-page.html'
3. Setting MainPageSuffix and NotFoundPage
https://cloud.google.com/storage/docs/hosting-static-website#assign-pages
Set Default object ACL for a bucket
https://cloud.google.com/storage/docs/access-control/create-manage-lists#defaultobjects
1. Check Access
gsutil acl get gs://media.dev.u4u.online
2. Change Default object ACL for a bucket
$ gsutil defacl ch -u allUsers:READER gs://media.dev.u4u.online
Mongo Connection
1. BackUp Restore mongodb
1.1 BackUp
root@8ce0dfc5a201:/# cat /usr/local/bin/backup
#!/bin/bash
rm -rf /tmp/backup/*
mkdir /tmp/backup/$1
mongodump -h 'mongo' -u '' -p 'zGoKolv594KFdsmZvCx50029OplvkdSz' --out /tmp/backup/$1/mongo.dump --gzip >> /var/log/backup.log 2>&1
gsutil -m rsync -r /tmp/backup/$1/ gs://u4u-backup/testing/$1/ >> /var/log/backup.log 2>&1
root@8ce0dfc5a201:/#
1.2. Restore
root@8ce0dfc5a201:/# which restore
/usr/local/bin/restore
root@8ce0dfc5a201:/# cat /usr/local/bin/restore
#!/bin/bash
rm -rf /tmp/backup/*
mkdir /tmp/backup/$1
gsutil -m rsync -r gs://u4u-backup/testing/$1/ /tmp/backup/$1/ >> /var/log/restore.log 2>&1
mongorestore --drop -h 'mongo' -u '' -p 'zGoKolv594KFdsmZvCx50029OplvkdSz' /tmp/backup/$1/mongo.dump --gzip >> /var/log/restore.log 2>&1
root@8ce0dfc5a201:/#
gsutil cp -R gs://u4u-backup/stage/ua-16_04_2018/ ~/Downloads/ua-16_04_2018
$kubectl cp ./mongo.dump mongodb-69958c9899-m8glj:/
1.3 In mongodb hostname
$mongorestore --drop -h 'mongodb' -u '' -p 'zGoKolv594KFdsmZvCx50029OplvkdSz' mongo.dump --gzip
Generates table of contents for markdown files
inside local git repository. Links are compatible with anchors generated by github or other sites via a command line flag.
Table of Contents generated with DocToc
https://github.com/thlorenz/doctoc
Check RabbitMq connection stript.
Display usage information.
Do not forget to give access to Google Captcha
GitLab. Autodevops
https://gitlab.u4u.online/help/topics/autodevops/quick_start_guide.md#point-dns-at-cluster-ip
Example configuration
https://gitlab.u4u.online/help/topics/autodevops/quick_start_guide.md#point-dns-at-cluster-ip
Unable to install Ingress to Kubernetes with Auto DevOps
Issue https://gitlab.com/gitlab-org/gitlab-ce/issues/46286 Summary After deploying a new Kubernetes cluster using Auto DevOps, installing Ingress failed with Error: release ingress failed: clusterroles.rbac.authorization.k8s.io “ingress-nginx-ingress” is forbidden
Fixed command:
Create special nodes pools in kubernetes with Label “app=genpdf”
1. Controlling Scheduling with Node Taints
Useful Link
https://cloud.google.com/kubernetes-engine/docs/how-to/node-taints
Add more CPU core. Special nodes only for genpdf
in genpdf/value.yaml:
Fix MEDIA url path to images in GenPdf
Use KUBERNETES_ENVIRONMENT = True/False
In code:
In Genpdf/deployment.yaml
Gitlab wildcard DNS record.
Саш добавь пожалуйста в DNS записть Надо настроить wildcard DNS record hostname: *.review.u4u.online -> IP: 35.195.147.53
GitLab runner register example
1. Localhost Docker version install
https://docs.gitlab.com/runner/install/docker.html
Set permissions for Gitlab runner
GitLab Email settings
Standart SMPT ports disabled https://cloud.google.com/vpc/docs/firewalls
POSTFIX settings https://sendgrid.com/docs/Integrate/Mail_Servers/postfix.html https://cloud.google.com/compute/docs/tutorials/sending-mail/using-sendgrid
GitLab settingss (SMTP without SSL) https://docs.gitlab.com/omnibus/settings/smtp.html#smtp-on-localhost
Check/Debug sent email https://sendgrid.com/docs/API_Reference/SMTP_API/getting_started_smtp.html https://docs.gitlab.com/ee/administration/troubleshooting/debug.html
2. Helm Kubernetes version
Documents: https://docs.gitlab.com/ee/install/kubernetes/gitlab_runner_chart.html
Сharts gitlab-runner: https://gitlab.com/charts/gitlab-runner
Existing List Runners: https://gitlab.u4u.online/admin/runners
GitLab backup every night
Create Как стать модератором (moder) или пользователем(user)
U4U The Chart Repository Guide
Links:
https://github.com/kubernetes/helm/blob/master/docs/chart_repository.md
Create GOOGLE storage bucket “chart.helm.u4u.online” http://chart.helm.u4u.online.storage.googleapis.com/
Web access http://chart.helm.u4u.online/
Helm Chart repo configuration in Google cloud bucket
Usefull Links
The Chart Repository Guide https://docs.helm.sh/developing_charts/#the-chart-repository-guide
Syncing Your Chart Repository Note: This example is specifically for a Google Cloud Storage (GCS) bucket which serves a chart repository. https://docs.helm.sh/developing_charts/#syncing-your-chart-repository
Cloud Storage Authentication https://cloud.google.com/storage/docs/authentication
Documentation gsutil Tool https://cloud.google.com/storage/docs/gsutil
Job settings. Google Cloud SDKbundle with all components and dependencies https://hub.docker.com/r/google/cloud-sdk/
Hosting Static website https://cloud.google.com/storage/docs/hosting-static-website
Backup all old prod.sh
Kong local settings
ConfigMap
Create:
Update ConfigMap
Get Information from Existing ConfigMap
Helm install different/other namespace
#Error Can not find correct datebase
Install gitlab runner
Configure Access to Multiple Clusters
Usefull links Configure Access to Multiple Clusters: https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/
Organizing Cluster Access Using kubeconfig Files: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/
Some commands example
EMBEDED client certificate data in the “cluster-admin” entry
Common examples link: https://github.com/fabric8io/kansible/blob/master/vendor/k8s.io/kubernetes/docs/user-guide/kubectl/kubectl_config_set-credentials.md
More commands examples (workflow)