shipa wip

2025-06-06 17:01:30 +00:00 · 2020-11-24 11:33:08 +11:00 · 2020-11-24 11:33:08 +11:00 · 921737efb3
commit 921737efb3
parent d384353ef9
9 changed files with 104 additions and 39 deletions
--- a/.gitignore
+++ b/.gitignore
@ -8,4 +8,5 @@ __pycache__/
 .terraform
 *.tfstate
 *.tfstate.*
-security/letsencrypt/introduction/certs/**
+security/letsencrypt/introduction/certs/**
+kubernetes/shipa/installs/shipa-helm-chart-1.1.1/
--- a/kubernetes/shipa/README.md
+++ b/kubernetes/shipa/README.md
@ -6,6 +6,8 @@ To get the most out of Shipa, I'll be using real Cloud Provider Kubernetes as we
 `minikube` cluster. <br/>
 To create a Kubernetes cluster, you can follow my guides on each Cloud provider below: <br/>

+## Kubernetes in the Cloud
+
 |Cloud   | Kubernetes   | Video  | Source Code  |   |
 |---|---|---|---|---|
 |Azure          | AKS  |[Source Code](../cloud/azure/getting-started.md) | <a href="https://youtu.be/eyvLwK5C2dw" title="AKS"><img src="https://i.ytimg.com/vi/eyvLwK5C2dw/hqdefault.jpg" width="25%" height="25%" alt="AKS Guide" /></a>  |   
@ -15,6 +17,8 @@ To create a Kubernetes cluster, you can follow my guides on each Cloud provider
 |Linode         | LKE |[Source Code](../cloud/linode/getting-started.md)  | <a href="https://youtu.be/VSPUWEtqtnY" title="LKE"><img src="https://i.ytimg.com/vi/VSPUWEtqtnY/hqdefault.jpg" width="25%" height="25%" alt="LKE Guide" /></a>  |   


+## Minikube 
+
 I will start with a local minikube cluster to get Shipa running: <br/>

 ```
@ -125,52 +129,44 @@ helm install shipa . `

 kubectl get pods
 NAME                                       READY   STATUS      RESTARTS   AGE
-dashboard-web-1-6f8b58fb89-bjf7c           1/1     Running     0          3h12m
-node-container-busybody-theonepool-zz7sw   1/1     Running     0          3h15m
-node-container-netdata-theonepool-kqb5z    1/1     Running     0          3h15m
-shipa-api-57b69645d9-rd2bz                 1/1     Running     0          3h21m
-shipa-clair-d7554fc6f-8nqgz                1/1     Running     1          3h21m
-shipa-docker-registry-5885d6f467-dvkjb     1/1     Running     0          3h18m
-shipa-etcd-85cc6c6458-6cgx6                1/1     Running     1          3h21m
-shipa-guardian-5466f58668-25zkf            1/1     Running     0          3h16m
-shipa-init-job-1-9xdgw                     0/1     Completed   0          3h21m
-shipa-metrics-786468c5cc-h7zfb             1/1     Running     0          3h21m
-shipa-mongodb-replicaset-0                 1/1     Running     0          3h21m
-shipa-nginx-ingress-75dccdb4fb-nq7xq       1/1     Running     0          3h21m
-shipa-postgres-7c55df4758-7s64w            1/1     Running     0          3h21m
+dashboard-web-1-6f8b58fb89-bjf7c           1/1     Running     0          12m
+node-container-busybody-theonepool-zz7sw   1/1     Running     0          15m
+node-container-netdata-theonepool-kqb5z    1/1     Running     0          15m
+shipa-api-57b69645d9-rd2bz                 1/1     Running     0          21m
+shipa-clair-d7554fc6f-8nqgz                1/1     Running     1          21m
+shipa-docker-registry-5885d6f467-dvkjb     1/1     Running     0          18m
+shipa-etcd-85cc6c6458-6cgx6                1/1     Running     1          21m
+shipa-guardian-5466f58668-25zkf            1/1     Running     0          16m
+shipa-init-job-1-9xdgw                     0/1     Completed   0          21m
+shipa-metrics-786468c5cc-h7zfb             1/1     Running     0          21m
+shipa-mongodb-replicaset-0                 1/1     Running     0          21m
+shipa-nginx-ingress-75dccdb4fb-nq7xq       1/1     Running     0          21m
+shipa-postgres-7c55df4758-7s64w            1/1     Running     0          21m

 kubectl get svc 
 NAME                              TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                      AGE
-dashboard-web-1                   ClusterIP   10.96.3.55       <none>        8888/TCP                                     3h12m
-dashboard-web-1-units             ClusterIP   None             <none>        8888/TCP                                     3h12m
-kubernetes                        ClusterIP   10.96.0.1        <none>        443/TCP                                      3h46m
-shipa-api                         ClusterIP   10.100.120.116   <none>        8080/TCP,8081/TCP                            3h21m
-shipa-clair                       ClusterIP   10.111.91.38     <none>        6060/TCP,6061/TCP                            3h21m
-shipa-docker-registry             ClusterIP   10.104.180.204   <none>        5000/TCP                                     3h21m
-shipa-etcd                        ClusterIP   10.110.16.90     <none>        2379/TCP                                     3h21m
-shipa-guardian                    ClusterIP   10.97.114.38     <none>        8000/TCP,22/TCP                              3h21m
-shipa-ingress-nginx               ClusterIP   10.100.10.10     <none>        22/TCP,5000/TCP,8081/TCP,8080/TCP,2379/TCP   3h21m
-shipa-metrics                     ClusterIP   10.108.223.229   <none>        9090/TCP,9091/TCP                            3h21m
-shipa-mongodb-replicaset          ClusterIP   None             <none>        27017/TCP                                    3h21m
-shipa-mongodb-replicaset-client   ClusterIP   None             <none>        27017/TCP                                    3h21m
-shipa-postgres                    ClusterIP   10.104.18.123    <none>        5432/TCP                                     3h21m
-
-
-# access the dashboard
-
-kubectl port-forward svc/dashboard-web-1 8888
-
+dashboard-web-1                   ClusterIP   10.96.3.55       <none>        8888/TCP                                     12m
+dashboard-web-1-units             ClusterIP   None             <none>        8888/TCP                                     12m
+kubernetes                        ClusterIP   10.96.0.1        <none>        443/TCP                                      6m
+shipa-api                         ClusterIP   10.100.120.116   <none>        8080/TCP,8081/TCP                            21m
+shipa-clair                       ClusterIP   10.111.91.38     <none>        6060/TCP,6061/TCP                            21m
+shipa-docker-registry             ClusterIP   10.104.180.204   <none>        5000/TCP                                     21m
+shipa-etcd                        ClusterIP   10.110.16.90     <none>        2379/TCP                                     21m
+shipa-guardian                    ClusterIP   10.97.114.38     <none>        8000/TCP,22/TCP                              21m
+shipa-ingress-nginx               ClusterIP   10.100.10.10     <none>        22/TCP,5000/TCP,8081/TCP,8080/TCP,2379/TCP   21m
+shipa-metrics                     ClusterIP   10.108.223.229   <none>        9090/TCP,9091/TCP                            21m
+shipa-mongodb-replicaset          ClusterIP   None             <none>        27017/TCP                                    21m
+shipa-mongodb-replicaset-client   ClusterIP   None             <none>        27017/TCP                                    21m
+shipa-postgres                    ClusterIP   10.104.18.123    <none>        5432/TCP                                     21m
 ```

-We should now be able to access the dashboard on `http://localhost:8888`
-
 ## Targets

 ```
-# add a route for NGINX
+# add a route for accessing Shipa API
 route add 10.100.10.10/32 MASK 255.255.255.255  $(minikube ip)

-# add a route for Traefik
+# add a route for accessing our Applications
 route add 10.100.10.20/32 MASK 255.255.255.255  $(minikube ip)

 shipa target-add dev 10.100.10.10
@ -183,7 +179,7 @@ shipa target-set dev
 https://learn.shipa.io/docs/pool-management

 ```
-shipa pool-add dev --public --kube-namespace blue-team --provisioner kubernetes
+shipa pool-add prod --public --kube-namespace blue-team --provisioner kubernetes
 shipa pool-list

 ```
@ -209,14 +205,46 @@ shipa app-create go-helloworld static -t admin -o theonepool

 cd kubernetes\shipa\developers

-docker build aimvector/shipa-golang:v1
+docker build .-t aimvector/shipa-golang:v1
 docker push aimvector/shipa-golang:v1

 shipa app-deploy -i aimvector/shipa-golang:v1 -a go-helloworld

+
+cd .\kubernetes\shipa\developers\docker\python\
+
+docker build . -t aimvector/shipa-python:v1
+docker push aimvector/shipa-python:v1
+
+shipa app-create python-helloworld static -t admin -o theonepool
+shipa env set FLASK_APP=/app/server.py -a python-helloworld
+shipa app-deploy -i aimvector/shipa-python:v1 -a python-helloworld
+
+
+
+# deploy to prod
+
+shipa app-create python-helloworld-prod static -t admin -o prod
+shipa env set FLASK_APP=/app/server.py -a python-helloworld-prod
+shipa app-deploy -i aimvector/shipa-python:v1 -a python-helloworld-prod
+
+
+shipa app-create go-helloworld-prod static -t admin -o prod
+shipa app-deploy -i aimvector/shipa-golang:v1 -a go-helloworld-prod
+
 ```


+```
+kubectl apply -f shipa-admin-service-account.yaml
+
+# get the sa token
+kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep shipa-admin | awk '{print $1}')
+# get the k8s CA
+
+kubectl get secret $(kubectl get secret | grep default-token | awk '{print $1}') -o jsonpath='{.data.ca\.crt}' | base64 -d
+
+```



--- a/kubernetes/shipa/developers/docker/golang/dockerfile
+++ b/kubernetes/shipa/developers/docker/golang/dockerfile
--- a/kubernetes/shipa/developers/docker/golang/main.go
+++ b/kubernetes/shipa/developers/docker/golang/main.go
--- a/kubernetes/shipa/developers/docker/python/dockerfile
+++ b/kubernetes/shipa/developers/docker/python/dockerfile
@ -0,0 +1,10 @@
+FROM python:3.7.3-alpine3.9
+RUN mkdir /app
+WORKDIR /app
+COPY ./requirements.txt /app/requirements.txt
+RUN pip install -r requirements.txt
+ADD . /app/
+ENV FLASK_APP=/app/server.py
+RUN chmod +x entrypoint.sh
+ENTRYPOINT ./entrypoint.sh
+EXPOSE 5000
--- a/kubernetes/shipa/developers/docker/python/entrypoint.sh
+++ b/kubernetes/shipa/developers/docker/python/entrypoint.sh
@ -0,0 +1 @@
+flask run -h 0.0.0 -p 5000
--- a/kubernetes/shipa/developers/docker/python/requirements.txt
+++ b/kubernetes/shipa/developers/docker/python/requirements.txt
@ -0,0 +1 @@
+Flask == 1.0.3
--- a/kubernetes/shipa/developers/docker/python/server.py
+++ b/kubernetes/shipa/developers/docker/python/server.py
@ -0,0 +1,6 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route("/")
+def hello():
+    return "Hello World!"
--- a/kubernetes/shipa/devops/shipa-admin-service-account.yaml
+++ b/kubernetes/shipa/devops/shipa-admin-service-account.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: shipa-admin
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: shipa-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: shipa-admin
+  namespace: kube-system