From 3d563ad55013ea28488f468742701bd3eed19f63 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Fri, 20 Nov 2020 18:09:29 +1100 Subject: [PATCH 1/5] shipa wip --- kubernetes/shipa/README.md | 270 +++++++++++++++++++++++++++++++++++++ 1 file changed, 270 insertions(+) create mode 100644 kubernetes/shipa/README.md diff --git a/kubernetes/shipa/README.md b/kubernetes/shipa/README.md new file mode 100644 index 0000000..3b735d1 --- /dev/null +++ b/kubernetes/shipa/README.md @@ -0,0 +1,270 @@ +# Introduction to Shipa + +## We need a Kubernetes cluster + +To get the most out of Shipa, I'll be using real Cloud Provider Kubernetes as well as a local
+`minikube` cluster.
+To create a Kubernetes cluster, you can follow my guides on each Cloud provider below:
+ +|Cloud | Kubernetes | Video | Source Code | | +|---|---|---|---|---| +|Azure | AKS |[Source Code](../cloud/azure/getting-started.md) | AKS Guide | +|Amazon | EKS |[Source Code](../cloud/amazon/getting-started.md) | EKS Guide | +|Google | GKE |[Source Code](../cloud/google/getting-started.md) | GKE Guide | +|Digital Ocean | DO |[Source Code](../cloud/digitalocean/getting-started.md) | DO Guide | +|Linode | LKE |[Source Code](../cloud/linode/getting-started.md) | LKE Guide | + + +I will start with a local minikube cluster to get Shipa running:
+ +``` +# start up a cluster + +minikube start --kubernetes-version='v1.18.2' --memory='5gb' --disk-size='20gb' --driver=hyperv + +# check our cluster + +kubectl get nodes +NAME STATUS ROLES AGE VERSION +minikube Ready master 45s v1.18.2 + +``` + +# Getting Started with Shipa + +## Install Dependencies + +``` +docker run -it --rm -v ${PWD}:/work -w /work alpine sh +apk add --no-cache curl unzip + +cd kubernetes/shipa/ +mkdir installs && cd installs + +``` + +## Install Kubectl + +``` +curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.4/bin/windows/amd64/kubectl.exe + +``` + +## Install Helm CLI + +``` +curl -LO https://get.helm.sh/helm-v3.4.1-windows-amd64.zip && \ +unzip helm-v3.4.1-windows-amd64.zip && \ +mv windows-amd64/helm.exe . && \ +rm -rf windows-amd64 && \ +rm helm-v3.4.1-windows-amd64.zip + +``` + +## Install Shipa CLI + +``` +curl -LO https://storage.googleapis.com/shipa-client/v1.1/shipa_windows_amd64.exe +mv shipa_windows_amd64.exe shipa.exe +``` + + +## Add all the CLI to our $PATH + +We can now add the CLI executables to a folder somewhere on our machine
+Then we add it to our `$PATH` + +* installs/helm.exe +* installs/kubectl.exe +* installs/shipa.exe + +## Download Shipa Helm Chart + +Official Docs [here](https://learn.shipa.io/docs/installing-shipa) +We can find all the releases of Shipa [here](https://github.com/shipa-corp/helm-chart/releases) +In this demo, I will use version `1.1.1` + +Let's download Shipa:
+ +``` +curl -L -s -o shipa1.1.1.zip https://github.com/shipa-corp/helm-chart/archive/v1.1.1.zip && \ +unzip shipa1.1.1.zip && rm shipa1.1.1.zip && \ +mv helm-chart-1.1.1 shipa-helm-chart-1.1.1 && \ + +# we can abandon this container +exit + +``` + +## Install Shipa + +Let's add Shipa to our `minikube` cluster:
+ +``` +cd .\kubernetes\shipa\installs\shipa-helm-chart-1.1.1\ + +kubectl apply -f limits.yaml + +# deploy shipa dependencies + +helm dep up + +# install + +helm install shipa . ` +--timeout=15m ` +--set=metrics.image=gcr.io/shipa-1000/metrics:30m ` +--set=auth.adminUser=admin@shipa.io ` +--set=auth.adminPassword=shipa2020 ` +--set=shipaCore.serviceType=ClusterIP ` +--set=shipaCore.ip=10.100.10.20 ` +--set=service.nginx.serviceType=ClusterIP ` +--set=service.nginx.clusterIP=10.100.10.10 + +# ensure everything is up and running + +kubectl get pods +NAME READY STATUS RESTARTS AGE +dashboard-web-1-6f8b58fb89-bjf7c 1/1 Running 0 3h12m +node-container-busybody-theonepool-zz7sw 1/1 Running 0 3h15m +node-container-netdata-theonepool-kqb5z 1/1 Running 0 3h15m +shipa-api-57b69645d9-rd2bz 1/1 Running 0 3h21m +shipa-clair-d7554fc6f-8nqgz 1/1 Running 1 3h21m +shipa-docker-registry-5885d6f467-dvkjb 1/1 Running 0 3h18m +shipa-etcd-85cc6c6458-6cgx6 1/1 Running 1 3h21m +shipa-guardian-5466f58668-25zkf 1/1 Running 0 3h16m +shipa-init-job-1-9xdgw 0/1 Completed 0 3h21m +shipa-metrics-786468c5cc-h7zfb 1/1 Running 0 3h21m +shipa-mongodb-replicaset-0 1/1 Running 0 3h21m +shipa-nginx-ingress-75dccdb4fb-nq7xq 1/1 Running 0 3h21m +shipa-postgres-7c55df4758-7s64w 1/1 Running 0 3h21m + +kubectl get svc +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +dashboard-web-1 ClusterIP 10.96.3.55 8888/TCP 3h12m +dashboard-web-1-units ClusterIP None 8888/TCP 3h12m +kubernetes ClusterIP 10.96.0.1 443/TCP 3h46m +shipa-api ClusterIP 10.100.120.116 8080/TCP,8081/TCP 3h21m +shipa-clair ClusterIP 10.111.91.38 6060/TCP,6061/TCP 3h21m +shipa-docker-registry ClusterIP 10.104.180.204 5000/TCP 3h21m +shipa-etcd ClusterIP 10.110.16.90 2379/TCP 3h21m +shipa-guardian ClusterIP 10.97.114.38 8000/TCP,22/TCP 3h21m +shipa-ingress-nginx ClusterIP 10.100.10.10 22/TCP,5000/TCP,8081/TCP,8080/TCP,2379/TCP 3h21m +shipa-metrics ClusterIP 10.108.223.229 9090/TCP,9091/TCP 3h21m +shipa-mongodb-replicaset ClusterIP None 27017/TCP 3h21m +shipa-mongodb-replicaset-client ClusterIP None 27017/TCP 3h21m +shipa-postgres ClusterIP 10.104.18.123 5432/TCP 3h21m + + +# access the dashboard + +kubectl port-forward svc/dashboard-web-1 8888 + +``` + +We should now be able to access the dashboard on `http://localhost:8888` + +## Targets + +``` +# add a route for shipa API +route add 10.100.10.10/32 MASK 255.255.255.255 $(minikube ip) + +# add a route for shipa ingress +route add 10.100.10.20/32 MASK 255.255.255.255 $(minikube ip) + +shipa target-add dev 10.100.10.10 +shipa target-list +shipa target-set dev +``` + +## Pools + +https://learn.shipa.io/docs/pool-management + +``` +shipa pool-add dev --public --kube-namespace blue-team --provisioner kubernetes +shipa pool-list + +``` + +## Clusters + +``` +shipa cluster-list ++------------+-------------+---------------+-------------+---------+------------+-------+-------+ +| Name | Provisioner | Addresses | Custom Data | Default | Pools | Teams | Error | ++------------+-------------+---------------+-------------+---------+------------+-------+-------+ +| shipa-core | kubernetes | 10.96.0.1:443 | | false | theonepool | | | ++------------+-------------+---------------+-------------+---------+------------+-------+-------+ + +``` + +## Applications + +``` +shipa login +shipa app-create helloworld static -t admin -o theonepool + +shipa app-deploy -i aimvector/python:1.0.4 -a helloworld + +``` + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +https://collabnix.com/the-rise-of-shipa-a-continuous-operation-platform/ + +1. Configured default user: + +Username: admin@admin.com +Password: adminadmin123 + +2. If this is a production cluster, please configure persistent volumes. + The default reclaimPolicy for dynamically provisioned persistent volumes is "Delete" and + users are advised to change it for production + + The code snippet below can be used to set reclaimPolicy to "Retain" for all volumes: + +PVCs=$(kubectl --namespace=shipa-system get pvc -l release=shipa -o name) + +for pvc in $PVCs; do + volumeName=$(kubectl -n shipa-system get $pvc -o template --template=\{\{.spec.volumeName\}\}) + kubectl -n shipa-system patch pv $volumeName -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' +done + +3. Set default target for shipa-client: +export SHIPA_HOST=$(kubectl --namespace=shipa-system get svc shipa-ingress-nginx -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + +shipa target-add shipa $SHIPA_HOST -s + +shipa login admin@admin.com +shipa node-list +shipa app-list + +``` \ No newline at end of file From d384353ef9b527df63197631f97c5de4a247cb8c Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Sun, 22 Nov 2020 19:07:37 +1100 Subject: [PATCH 2/5] app build + deploy --- kubernetes/shipa/README.md | 14 ++++++++++---- kubernetes/shipa/developers/dockerfile | 6 ++++++ kubernetes/shipa/developers/main.go | 20 ++++++++++++++++++++ 3 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 kubernetes/shipa/developers/dockerfile create mode 100644 kubernetes/shipa/developers/main.go diff --git a/kubernetes/shipa/README.md b/kubernetes/shipa/README.md index 3b735d1..c2d4c35 100644 --- a/kubernetes/shipa/README.md +++ b/kubernetes/shipa/README.md @@ -167,10 +167,10 @@ We should now be able to access the dashboard on `http://localhost:8888` ## Targets ``` -# add a route for shipa API +# add a route for NGINX route add 10.100.10.10/32 MASK 255.255.255.255 $(minikube ip) -# add a route for shipa ingress +# add a route for Traefik route add 10.100.10.20/32 MASK 255.255.255.255 $(minikube ip) shipa target-add dev 10.100.10.10 @@ -204,9 +204,15 @@ shipa cluster-list ``` shipa login -shipa app-create helloworld static -t admin -o theonepool +shipa app-create go-helloworld static -t admin -o theonepool -shipa app-deploy -i aimvector/python:1.0.4 -a helloworld + +cd kubernetes\shipa\developers + +docker build aimvector/shipa-golang:v1 +docker push aimvector/shipa-golang:v1 + +shipa app-deploy -i aimvector/shipa-golang:v1 -a go-helloworld ``` diff --git a/kubernetes/shipa/developers/dockerfile b/kubernetes/shipa/developers/dockerfile new file mode 100644 index 0000000..515986f --- /dev/null +++ b/kubernetes/shipa/developers/dockerfile @@ -0,0 +1,6 @@ +FROM golang +RUN mkdir /app +WORKDIR /app +ADD . /app/ +RUN go build . +ENTRYPOINT ./app \ No newline at end of file diff --git a/kubernetes/shipa/developers/main.go b/kubernetes/shipa/developers/main.go new file mode 100644 index 0000000..82d1962 --- /dev/null +++ b/kubernetes/shipa/developers/main.go @@ -0,0 +1,20 @@ +package main + +import ( + "fmt" + "net/http" + "os" +) + +func main() { + http.HandleFunc("/", hello) + fmt.Println("hello world") + err := http.ListenAndServe(":" + os.Getenv("PORT"), nil) + if err != nil { + panic(err) + } +} + +func hello(res http.ResponseWriter, req *http.Request) { + fmt.Fprintln(res, "Hello World! from Golang on Shipa") +} \ No newline at end of file From 921737efb350d81761f37815c7e8fd19b318a611 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Tue, 24 Nov 2020 11:33:08 +1100 Subject: [PATCH 3/5] shipa wip --- .gitignore | 3 +- kubernetes/shipa/README.md | 104 +++++++++++------- .../developers/{ => docker/golang}/dockerfile | 0 .../developers/{ => docker/golang}/main.go | 0 .../shipa/developers/docker/python/dockerfile | 10 ++ .../developers/docker/python/entrypoint.sh | 1 + .../developers/docker/python/requirements.txt | 1 + .../shipa/developers/docker/python/server.py | 6 + .../devops/shipa-admin-service-account.yaml | 18 +++ 9 files changed, 104 insertions(+), 39 deletions(-) rename kubernetes/shipa/developers/{ => docker/golang}/dockerfile (100%) rename kubernetes/shipa/developers/{ => docker/golang}/main.go (100%) create mode 100644 kubernetes/shipa/developers/docker/python/dockerfile create mode 100644 kubernetes/shipa/developers/docker/python/entrypoint.sh create mode 100644 kubernetes/shipa/developers/docker/python/requirements.txt create mode 100644 kubernetes/shipa/developers/docker/python/server.py create mode 100644 kubernetes/shipa/devops/shipa-admin-service-account.yaml diff --git a/.gitignore b/.gitignore index 69b85cc..e3a86f4 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,5 @@ __pycache__/ .terraform *.tfstate *.tfstate.* -security/letsencrypt/introduction/certs/** \ No newline at end of file +security/letsencrypt/introduction/certs/** +kubernetes/shipa/installs/shipa-helm-chart-1.1.1/ diff --git a/kubernetes/shipa/README.md b/kubernetes/shipa/README.md index c2d4c35..3a6883c 100644 --- a/kubernetes/shipa/README.md +++ b/kubernetes/shipa/README.md @@ -6,6 +6,8 @@ To get the most out of Shipa, I'll be using real Cloud Provider Kubernetes as we `minikube` cluster.
To create a Kubernetes cluster, you can follow my guides on each Cloud provider below:
+## Kubernetes in the Cloud + |Cloud | Kubernetes | Video | Source Code | | |---|---|---|---|---| |Azure | AKS |[Source Code](../cloud/azure/getting-started.md) | AKS Guide | @@ -15,6 +17,8 @@ To create a Kubernetes cluster, you can follow my guides on each Cloud provider |Linode | LKE |[Source Code](../cloud/linode/getting-started.md) | LKE Guide | +## Minikube + I will start with a local minikube cluster to get Shipa running:
``` @@ -125,52 +129,44 @@ helm install shipa . ` kubectl get pods NAME READY STATUS RESTARTS AGE -dashboard-web-1-6f8b58fb89-bjf7c 1/1 Running 0 3h12m -node-container-busybody-theonepool-zz7sw 1/1 Running 0 3h15m -node-container-netdata-theonepool-kqb5z 1/1 Running 0 3h15m -shipa-api-57b69645d9-rd2bz 1/1 Running 0 3h21m -shipa-clair-d7554fc6f-8nqgz 1/1 Running 1 3h21m -shipa-docker-registry-5885d6f467-dvkjb 1/1 Running 0 3h18m -shipa-etcd-85cc6c6458-6cgx6 1/1 Running 1 3h21m -shipa-guardian-5466f58668-25zkf 1/1 Running 0 3h16m -shipa-init-job-1-9xdgw 0/1 Completed 0 3h21m -shipa-metrics-786468c5cc-h7zfb 1/1 Running 0 3h21m -shipa-mongodb-replicaset-0 1/1 Running 0 3h21m -shipa-nginx-ingress-75dccdb4fb-nq7xq 1/1 Running 0 3h21m -shipa-postgres-7c55df4758-7s64w 1/1 Running 0 3h21m +dashboard-web-1-6f8b58fb89-bjf7c 1/1 Running 0 12m +node-container-busybody-theonepool-zz7sw 1/1 Running 0 15m +node-container-netdata-theonepool-kqb5z 1/1 Running 0 15m +shipa-api-57b69645d9-rd2bz 1/1 Running 0 21m +shipa-clair-d7554fc6f-8nqgz 1/1 Running 1 21m +shipa-docker-registry-5885d6f467-dvkjb 1/1 Running 0 18m +shipa-etcd-85cc6c6458-6cgx6 1/1 Running 1 21m +shipa-guardian-5466f58668-25zkf 1/1 Running 0 16m +shipa-init-job-1-9xdgw 0/1 Completed 0 21m +shipa-metrics-786468c5cc-h7zfb 1/1 Running 0 21m +shipa-mongodb-replicaset-0 1/1 Running 0 21m +shipa-nginx-ingress-75dccdb4fb-nq7xq 1/1 Running 0 21m +shipa-postgres-7c55df4758-7s64w 1/1 Running 0 21m kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -dashboard-web-1 ClusterIP 10.96.3.55 8888/TCP 3h12m -dashboard-web-1-units ClusterIP None 8888/TCP 3h12m -kubernetes ClusterIP 10.96.0.1 443/TCP 3h46m -shipa-api ClusterIP 10.100.120.116 8080/TCP,8081/TCP 3h21m -shipa-clair ClusterIP 10.111.91.38 6060/TCP,6061/TCP 3h21m -shipa-docker-registry ClusterIP 10.104.180.204 5000/TCP 3h21m -shipa-etcd ClusterIP 10.110.16.90 2379/TCP 3h21m -shipa-guardian ClusterIP 10.97.114.38 8000/TCP,22/TCP 3h21m -shipa-ingress-nginx ClusterIP 10.100.10.10 22/TCP,5000/TCP,8081/TCP,8080/TCP,2379/TCP 3h21m -shipa-metrics ClusterIP 10.108.223.229 9090/TCP,9091/TCP 3h21m -shipa-mongodb-replicaset ClusterIP None 27017/TCP 3h21m -shipa-mongodb-replicaset-client ClusterIP None 27017/TCP 3h21m -shipa-postgres ClusterIP 10.104.18.123 5432/TCP 3h21m - - -# access the dashboard - -kubectl port-forward svc/dashboard-web-1 8888 - +dashboard-web-1 ClusterIP 10.96.3.55 8888/TCP 12m +dashboard-web-1-units ClusterIP None 8888/TCP 12m +kubernetes ClusterIP 10.96.0.1 443/TCP 6m +shipa-api ClusterIP 10.100.120.116 8080/TCP,8081/TCP 21m +shipa-clair ClusterIP 10.111.91.38 6060/TCP,6061/TCP 21m +shipa-docker-registry ClusterIP 10.104.180.204 5000/TCP 21m +shipa-etcd ClusterIP 10.110.16.90 2379/TCP 21m +shipa-guardian ClusterIP 10.97.114.38 8000/TCP,22/TCP 21m +shipa-ingress-nginx ClusterIP 10.100.10.10 22/TCP,5000/TCP,8081/TCP,8080/TCP,2379/TCP 21m +shipa-metrics ClusterIP 10.108.223.229 9090/TCP,9091/TCP 21m +shipa-mongodb-replicaset ClusterIP None 27017/TCP 21m +shipa-mongodb-replicaset-client ClusterIP None 27017/TCP 21m +shipa-postgres ClusterIP 10.104.18.123 5432/TCP 21m ``` -We should now be able to access the dashboard on `http://localhost:8888` - ## Targets ``` -# add a route for NGINX +# add a route for accessing Shipa API route add 10.100.10.10/32 MASK 255.255.255.255 $(minikube ip) -# add a route for Traefik +# add a route for accessing our Applications route add 10.100.10.20/32 MASK 255.255.255.255 $(minikube ip) shipa target-add dev 10.100.10.10 @@ -183,7 +179,7 @@ shipa target-set dev https://learn.shipa.io/docs/pool-management ``` -shipa pool-add dev --public --kube-namespace blue-team --provisioner kubernetes +shipa pool-add prod --public --kube-namespace blue-team --provisioner kubernetes shipa pool-list ``` @@ -209,14 +205,46 @@ shipa app-create go-helloworld static -t admin -o theonepool cd kubernetes\shipa\developers -docker build aimvector/shipa-golang:v1 +docker build .-t aimvector/shipa-golang:v1 docker push aimvector/shipa-golang:v1 shipa app-deploy -i aimvector/shipa-golang:v1 -a go-helloworld + +cd .\kubernetes\shipa\developers\docker\python\ + +docker build . -t aimvector/shipa-python:v1 +docker push aimvector/shipa-python:v1 + +shipa app-create python-helloworld static -t admin -o theonepool +shipa env set FLASK_APP=/app/server.py -a python-helloworld +shipa app-deploy -i aimvector/shipa-python:v1 -a python-helloworld + + + +# deploy to prod + +shipa app-create python-helloworld-prod static -t admin -o prod +shipa env set FLASK_APP=/app/server.py -a python-helloworld-prod +shipa app-deploy -i aimvector/shipa-python:v1 -a python-helloworld-prod + + +shipa app-create go-helloworld-prod static -t admin -o prod +shipa app-deploy -i aimvector/shipa-golang:v1 -a go-helloworld-prod + ``` +``` +kubectl apply -f shipa-admin-service-account.yaml + +# get the sa token +kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep shipa-admin | awk '{print $1}') +# get the k8s CA + +kubectl get secret $(kubectl get secret | grep default-token | awk '{print $1}') -o jsonpath='{.data.ca\.crt}' | base64 -d + +``` diff --git a/kubernetes/shipa/developers/dockerfile b/kubernetes/shipa/developers/docker/golang/dockerfile similarity index 100% rename from kubernetes/shipa/developers/dockerfile rename to kubernetes/shipa/developers/docker/golang/dockerfile diff --git a/kubernetes/shipa/developers/main.go b/kubernetes/shipa/developers/docker/golang/main.go similarity index 100% rename from kubernetes/shipa/developers/main.go rename to kubernetes/shipa/developers/docker/golang/main.go diff --git a/kubernetes/shipa/developers/docker/python/dockerfile b/kubernetes/shipa/developers/docker/python/dockerfile new file mode 100644 index 0000000..f1a685b --- /dev/null +++ b/kubernetes/shipa/developers/docker/python/dockerfile @@ -0,0 +1,10 @@ +FROM python:3.7.3-alpine3.9 +RUN mkdir /app +WORKDIR /app +COPY ./requirements.txt /app/requirements.txt +RUN pip install -r requirements.txt +ADD . /app/ +ENV FLASK_APP=/app/server.py +RUN chmod +x entrypoint.sh +ENTRYPOINT ./entrypoint.sh +EXPOSE 5000 \ No newline at end of file diff --git a/kubernetes/shipa/developers/docker/python/entrypoint.sh b/kubernetes/shipa/developers/docker/python/entrypoint.sh new file mode 100644 index 0000000..bd60eef --- /dev/null +++ b/kubernetes/shipa/developers/docker/python/entrypoint.sh @@ -0,0 +1 @@ +flask run -h 0.0.0 -p 5000 \ No newline at end of file diff --git a/kubernetes/shipa/developers/docker/python/requirements.txt b/kubernetes/shipa/developers/docker/python/requirements.txt new file mode 100644 index 0000000..9614ae3 --- /dev/null +++ b/kubernetes/shipa/developers/docker/python/requirements.txt @@ -0,0 +1 @@ +Flask == 1.0.3 \ No newline at end of file diff --git a/kubernetes/shipa/developers/docker/python/server.py b/kubernetes/shipa/developers/docker/python/server.py new file mode 100644 index 0000000..6c8be82 --- /dev/null +++ b/kubernetes/shipa/developers/docker/python/server.py @@ -0,0 +1,6 @@ +from flask import Flask +app = Flask(__name__) + +@app.route("/") +def hello(): + return "Hello World!" \ No newline at end of file diff --git a/kubernetes/shipa/devops/shipa-admin-service-account.yaml b/kubernetes/shipa/devops/shipa-admin-service-account.yaml new file mode 100644 index 0000000..4379b61 --- /dev/null +++ b/kubernetes/shipa/devops/shipa-admin-service-account.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: shipa-admin + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: shipa-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: shipa-admin + namespace: kube-system \ No newline at end of file From 1b2bce85fef6acc1d81aafc98d2087d2ccb570e6 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Sun, 29 Nov 2020 10:50:04 +1100 Subject: [PATCH 4/5] updates --- .../shipa/{devops => ops}/shipa-admin-service-account.yaml | 0 kubernetes/shipa/ops/values.override.yaml | 3 +++ 2 files changed, 3 insertions(+) rename kubernetes/shipa/{devops => ops}/shipa-admin-service-account.yaml (100%) create mode 100644 kubernetes/shipa/ops/values.override.yaml diff --git a/kubernetes/shipa/devops/shipa-admin-service-account.yaml b/kubernetes/shipa/ops/shipa-admin-service-account.yaml similarity index 100% rename from kubernetes/shipa/devops/shipa-admin-service-account.yaml rename to kubernetes/shipa/ops/shipa-admin-service-account.yaml diff --git a/kubernetes/shipa/ops/values.override.yaml b/kubernetes/shipa/ops/values.override.yaml new file mode 100644 index 0000000..973566b --- /dev/null +++ b/kubernetes/shipa/ops/values.override.yaml @@ -0,0 +1,3 @@ +auth: + adminUser: prod-aks-admin@shipa.io + adminPassword: shipa-prod-aks2020 From 45b2aecdbf347d1b1d992b11e82757a431fc2c65 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Sun, 29 Nov 2020 14:33:00 +1100 Subject: [PATCH 5/5] shipa wip --- kubernetes/shipa/README.md | 179 ++++++++++++++++++++++++++++--------- 1 file changed, 136 insertions(+), 43 deletions(-) diff --git a/kubernetes/shipa/README.md b/kubernetes/shipa/README.md index 3a6883c..ea657ec 100644 --- a/kubernetes/shipa/README.md +++ b/kubernetes/shipa/README.md @@ -4,18 +4,6 @@ To get the most out of Shipa, I'll be using real Cloud Provider Kubernetes as well as a local
`minikube` cluster.
-To create a Kubernetes cluster, you can follow my guides on each Cloud provider below:
- -## Kubernetes in the Cloud - -|Cloud | Kubernetes | Video | Source Code | | -|---|---|---|---|---| -|Azure | AKS |[Source Code](../cloud/azure/getting-started.md) | AKS Guide | -|Amazon | EKS |[Source Code](../cloud/amazon/getting-started.md) | EKS Guide | -|Google | GKE |[Source Code](../cloud/google/getting-started.md) | GKE Guide | -|Digital Ocean | DO |[Source Code](../cloud/digitalocean/getting-started.md) | DO Guide | -|Linode | LKE |[Source Code](../cloud/linode/getting-started.md) | LKE Guide | - ## Minikube @@ -34,6 +22,16 @@ minikube Ready master 45s v1.18.2 ``` +## Minikube Traffic Routes + +``` +# add a route for accessing Shipa API +route add 10.100.10.10/32 MASK 255.255.255.255 $(minikube ip) + +# add a route for accessing our Applications +route add 10.100.10.20/32 MASK 255.255.255.255 $(minikube ip) +``` + # Getting Started with Shipa ## Install Dependencies @@ -163,15 +161,14 @@ shipa-postgres ClusterIP 10.104.18.123 543 ## Targets ``` -# add a route for accessing Shipa API -route add 10.100.10.10/32 MASK 255.255.255.255 $(minikube ip) - -# add a route for accessing our Applications -route add 10.100.10.20/32 MASK 255.255.255.255 $(minikube ip) - shipa target-add dev 10.100.10.10 shipa target-list shipa target-set dev +shipa login + +#username: admin@shipa.io +#password: shipa2020 + ``` ## Pools @@ -179,11 +176,19 @@ shipa target-set dev https://learn.shipa.io/docs/pool-management ``` -shipa pool-add prod --public --kube-namespace blue-team --provisioner kubernetes +shipa pool-add dev --public --kube-namespace dev-team --provisioner kubernetes shipa pool-list ``` +## Teams + +``` +shipa team-create dev-team +shipa pool-constraint-set theonepool team dev-team --append + +``` + ## Clusters ``` @@ -196,53 +201,141 @@ shipa cluster-list ``` -## Applications +## Deploy Applications to Shipa (minikube) ``` -shipa login -shipa app-create go-helloworld static -t admin -o theonepool +cd kubernetes\shipa\developers\docker\golang - -cd kubernetes\shipa\developers - -docker build .-t aimvector/shipa-golang:v1 +docker build . -t aimvector/shipa-golang:v1 docker push aimvector/shipa-golang:v1 -shipa app-deploy -i aimvector/shipa-golang:v1 -a go-helloworld +# create an app: Golang +shipa app-create go-helloworld static -t dev-team -o theonepool +# deploy the app: Golang +shipa app-deploy -i aimvector/shipa-golang:v1 -a go-helloworld +shipa app-list cd .\kubernetes\shipa\developers\docker\python\ docker build . -t aimvector/shipa-python:v1 docker push aimvector/shipa-python:v1 -shipa app-create python-helloworld static -t admin -o theonepool +# create an app: Python +shipa app-create python-helloworld static -t dev-team -o theonepool shipa env set FLASK_APP=/app/server.py -a python-helloworld + +# deploy the app: Python shipa app-deploy -i aimvector/shipa-python:v1 -a python-helloworld - - - -# deploy to prod - -shipa app-create python-helloworld-prod static -t admin -o prod -shipa env set FLASK_APP=/app/server.py -a python-helloworld-prod -shipa app-deploy -i aimvector/shipa-python:v1 -a python-helloworld-prod - - -shipa app-create go-helloworld-prod static -t admin -o prod -shipa app-deploy -i aimvector/shipa-golang:v1 -a go-helloworld-prod +shipa app-list ``` +## Kubernetes in the Cloud + +To create a Kubernetes cluster, you can follow my guides on each Cloud provider below:
+ +|Cloud | Kubernetes | Source | Video | | +|---|---|---|---|---| +|Azure | AKS |[Source Code](../cloud/azure/getting-started.md) | AKS Guide | +|Amazon | EKS |[Source Code](../cloud/amazon/getting-started.md) | EKS Guide | +|Google | GKE |[Source Code](../cloud/google/getting-started.md) | GKE Guide | +|Digital Ocean | DO |[Source Code](../cloud/digitalocean/getting-started.md) | DO Guide | +|Linode | LKE |[Source Code](../cloud/linode/getting-started.md) | LKE Guide | + + +## Deploy Shipa to Azure AKS + +Let's add Shipa to each one of our clusters running in the Cloud. +In the video I will deploy Shipa to an Azure AKS cluster: ``` -kubectl apply -f shipa-admin-service-account.yaml +# ensure we are pointing to AKS Or the +kubectl get nodes -# get the sa token +# deploy Shipa to AKS + +cd kubernetes/shipa + +# create username + password override +cat > ops/values.override.yaml << EOF +auth: + adminUser: prod-aks-admin@shipa.io + adminPassword: shipa-prod-aks2020 +EOF + +kubectl create ns shipa-system + +kubectl apply -n shipa-system -f limits.yaml + +helm install shipa ./installs/shipa-helm-chart-1.1.1 --timeout=1000s --namespace=shipa-system -f ops/values.override.yaml + +#wait until the dashboard pod is up! +kubectl --namespace=shipa-system get pods + +# get the ingress IP for the Shipa API +kubectl --namespace=shipa-system get svc shipa-ingress-nginx -o jsonpath="{.status.loadBalancer.ingress[0].ip}" + +# add the ingress IP as our Shipa target for AKS dev +shipa target-add dev-aks 20.53.128.244 -s +shipa target-set dev-aks +shipa target-list + +# lets login, view the node, and dashboard app URL +shipa login prod-aks-admin@shipa.io +shipa node-list +shipa app-list + +#add a host file entry for the dashboard, I.E: +20.193.20.106 dashboard.20.193.20.106.shipa.cloud + +# create a team for developers +shipa team-create dev-team + +#allow dev-team to deploy to AKS pool +shipa pool-constraint-set theonepool team dev-team --append + +``` + +## MultiCloud - Add Shipa to Amazon EKS + +``` +# add service account to EKS cluster to allow Shipa to connect +kubectl apply -f ops/shipa-admin-service-account.yaml + +#add a pool allow people to deploy to Amazon +shipa pool-add amazon --public --kube-namespace dev-team --provisioner kubernetes + +# allow dev-team to deploy to Amazon +shipa pool-constraint-set amazon team dev-team --append + +# We will need the EKS token of the service account to allow connection kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep shipa-admin | awk '{print $1}') -# get the k8s CA +# We will also need the CA cert of Kubernetes kubectl get secret $(kubectl get secret | grep default-token | awk '{print $1}') -o jsonpath='{.data.ca\.crt}' | base64 -d +``` + +On the dashboard, we add the cluster using the above information.
+We can obtain the EKS address in the Amazon console.
+ +## Deploying Apps to MultiCloud + +``` +# create an app: Golang +shipa app-create go-helloworld static -t dev-team -o theonepool + +# deploy the app: Golang +shipa app-deploy -i aimvector/shipa-golang:v1 -a go-helloworld +shipa app-list + +# create an app: Python +shipa app-create python-helloworld static -t dev-team -o amazon +shipa env set FLASK_APP=/app/server.py -a python-helloworld + +# deploy the app: Python +shipa app-deploy -i aimvector/shipa-python:v1 -a python-helloworld +shipa app-list ```