From 9ecf5c1c272684428e25bd6f1d622e079e0c5b4f Mon Sep 17 00:00:00 2001 From: Sam Chow Date: Fri, 31 Aug 2018 15:39:56 -0400 Subject: [PATCH] Add all kube templates --- .../k8s_templates/quay-enterprise-app-rc.yml | 40 +++++++++++++++++++ .../quay-enterprise-config-secret.yml | 5 +++ .../quay-enterprise-namespace.yml | 4 ++ .../k8s_templates/quay-enterprise-redis.yml | 36 +++++++++++++++++ .../quay-enterprise-service-loadbalancer.yml | 18 +++++++++ .../quay-enterprise-service-nodeport.yml | 14 +++++++ ...quay-servicetoken-role-binding-k8s1-6.yaml | 12 ++++++ .../quay-servicetoken-role-k8s1-6.yaml | 21 ++++++++++ config_app/docs/kube_setup.md | 16 ++++---- 9 files changed, 158 insertions(+), 8 deletions(-) create mode 100644 config_app/docs/k8s_templates/quay-enterprise-app-rc.yml create mode 100644 config_app/docs/k8s_templates/quay-enterprise-config-secret.yml create mode 100644 config_app/docs/k8s_templates/quay-enterprise-namespace.yml create mode 100644 config_app/docs/k8s_templates/quay-enterprise-redis.yml create mode 100644 config_app/docs/k8s_templates/quay-enterprise-service-loadbalancer.yml create mode 100644 config_app/docs/k8s_templates/quay-enterprise-service-nodeport.yml create mode 100644 config_app/docs/k8s_templates/quay-servicetoken-role-binding-k8s1-6.yaml create mode 100644 config_app/docs/k8s_templates/quay-servicetoken-role-k8s1-6.yaml diff --git a/config_app/docs/k8s_templates/quay-enterprise-app-rc.yml b/config_app/docs/k8s_templates/quay-enterprise-app-rc.yml new file mode 100644 index 000000000..c4f8443b3 --- /dev/null +++ b/config_app/docs/k8s_templates/quay-enterprise-app-rc.yml @@ -0,0 +1,40 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + namespace: quay-enterprise + name: quay-enterprise-app + labels: + quay-enterprise-component: app +spec: + replicas: 1 + selector: + matchLabels: + quay-enterprise-component: app + template: + metadata: + namespace: quay-enterprise + labels: + quay-enterprise-component: app + spec: + volumes: + - name: configvolume + secret: + secretName: quay-enterprise-config-secret + containers: + - name: quay-enterprise-app + image: quay.io/coreos/quay:v2.9.3 + ports: + - containerPort: 80 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /health + port: 80 + initialDelaySeconds: 10 + periodSeconds: 5 + volumeMounts: + - name: configvolume + readOnly: false + mountPath: /conf/stack + imagePullSecrets: + - name: coreos-pull-secret diff --git a/config_app/docs/k8s_templates/quay-enterprise-config-secret.yml b/config_app/docs/k8s_templates/quay-enterprise-config-secret.yml new file mode 100644 index 000000000..83a49ab3a --- /dev/null +++ b/config_app/docs/k8s_templates/quay-enterprise-config-secret.yml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: quay-enterprise + name: quay-enterprise-config-secret diff --git a/config_app/docs/k8s_templates/quay-enterprise-namespace.yml b/config_app/docs/k8s_templates/quay-enterprise-namespace.yml new file mode 100644 index 000000000..cb4adf59b --- /dev/null +++ b/config_app/docs/k8s_templates/quay-enterprise-namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: quay-enterprise diff --git a/config_app/docs/k8s_templates/quay-enterprise-redis.yml b/config_app/docs/k8s_templates/quay-enterprise-redis.yml new file mode 100644 index 000000000..37982cbb2 --- /dev/null +++ b/config_app/docs/k8s_templates/quay-enterprise-redis.yml @@ -0,0 +1,36 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + namespace: quay-enterprise + name: quay-enterprise-redis + labels: + quay-enterprise-component: redis +spec: + replicas: 1 + selector: + matchLabels: + quay-enterprise-component: redis + template: + metadata: + namespace: quay-enterprise + labels: + quay-enterprise-component: redis + spec: + containers: + - name: redis-master + image: quay.io/quay/redis + ports: + - containerPort: 6379 +--- +apiVersion: v1 +kind: Service +metadata: + namespace: quay-enterprise + name: quay-enterprise-redis + labels: + quay-enterprise-component: redis +spec: + ports: + - port: 6379 + selector: + quay-enterprise-component: redis diff --git a/config_app/docs/k8s_templates/quay-enterprise-service-loadbalancer.yml b/config_app/docs/k8s_templates/quay-enterprise-service-loadbalancer.yml new file mode 100644 index 000000000..0cf47896f --- /dev/null +++ b/config_app/docs/k8s_templates/quay-enterprise-service-loadbalancer.yml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: quay-enterprise + name: quay-enterprise +spec: + type: LoadBalancer + ports: + - protocol: TCP + port: 80 + targetPort: 80 + name: http + - protocol: TCP + port: 443 + targetPort: 443 + name: https + selector: + quay-enterprise-component: app diff --git a/config_app/docs/k8s_templates/quay-enterprise-service-nodeport.yml b/config_app/docs/k8s_templates/quay-enterprise-service-nodeport.yml new file mode 100644 index 000000000..ea05cfde8 --- /dev/null +++ b/config_app/docs/k8s_templates/quay-enterprise-service-nodeport.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: quay-enterprise + name: quay-enterprise +spec: + type: NodePort + ports: + - protocol: TCP + port: 80 + targetPort: 80 + nodePort: 30080 + selector: + quay-enterprise-component: app diff --git a/config_app/docs/k8s_templates/quay-servicetoken-role-binding-k8s1-6.yaml b/config_app/docs/k8s_templates/quay-servicetoken-role-binding-k8s1-6.yaml new file mode 100644 index 000000000..045baad12 --- /dev/null +++ b/config_app/docs/k8s_templates/quay-servicetoken-role-binding-k8s1-6.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: quay-enterprise-secret-writer + namespace: quay-enterprise +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: quay-enterprise-serviceaccount +subjects: +- kind: ServiceAccount + name: default \ No newline at end of file diff --git a/config_app/docs/k8s_templates/quay-servicetoken-role-k8s1-6.yaml b/config_app/docs/k8s_templates/quay-servicetoken-role-k8s1-6.yaml new file mode 100644 index 000000000..610894eff --- /dev/null +++ b/config_app/docs/k8s_templates/quay-servicetoken-role-k8s1-6.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: quay-enterprise-serviceaccount + namespace: quay-enterprise +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - put + - patch + - update +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get diff --git a/config_app/docs/kube_setup.md b/config_app/docs/kube_setup.md index b6ecd88b1..9f6429ce7 100644 --- a/config_app/docs/kube_setup.md +++ b/config_app/docs/kube_setup.md @@ -20,12 +20,12 @@ This will be used later in the guide. Next, download each of the following files to your workstation, placing them alongside your pull secret: -- [quay-enterprise-namespace.yml](files/quay-enterprise-namespace.yml) -- [quay-enterprise-config-secret.yml](files/quay-enterprise-config-secret.yml) -- [quay-enterprise-redis.yml](files/quay-enterprise-redis.yml) -- [quay-enterprise-app-rc.yml](files/quay-enterprise-app-rc.yml) -- [quay-enterprise-service-nodeport.yml](files/quay-enterprise-service-nodeport.yml) -- [quay-enterprise-service-loadbalancer.yml](files/quay-enterprise-service-loadbalancer.yml) +- [quay-enterprise-namespace.yml](k8s_templates/quay-enterprise-namespace.yml) +- [quay-enterprise-config-secret.yml](k8s_templates/quay-enterprise-config-secret.yml) +- [quay-enterprise-redis.yml](k8s_templates/quay-enterprise-redis.yml) +- [quay-enterprise-app-rc.yml](k8s_templates/quay-enterprise-app-rc.yml) +- [quay-enterprise-service-nodeport.yml](k8s_templates/quay-enterprise-service-nodeport.yml) +- [quay-enterprise-service-loadbalancer.yml](k8s_templates/quay-enterprise-service-loadbalancer.yml) ## Role Based Access Control @@ -35,8 +35,8 @@ Kubernetes API has minor changes between versions 1.4 and 1.5, Download appropia ### Kubernetes v1.6.x and later RBAC Policies -- [quay-servicetoken-role.yaml](files/quay-servicetoken-role-k8s1-6.yaml) -- [quay-servicetoken-role-binding.yaml](files/quay-servicetoken-role-binding-k8s1-6.yaml) +- [quay-servicetoken-role.yaml](k8s_templates/quay-servicetoken-role-k8s1-6.yaml) +- [quay-servicetoken-role-binding.yaml](k8s_templates/quay-servicetoken-role-binding-k8s1-6.yaml) ## Deploy to Kubernetes