From d3b133d97a2eebb75fafd18d2fff93987b6789ea Mon Sep 17 00:00:00 2001 From: WoozyMasta Date: Sun, 7 Feb 2021 14:08:00 +0300 Subject: [PATCH] Added and change examples --- deploy/cronjob-git-key.yaml | 17 ++++++++-- deploy/pod-sa-git-key.yaml | 62 +++++++++++++++++++++++++++++++++++++ deploy/pod-sa.yaml | 6 ++-- docs/conjob.md | 9 +++++- docs/pod.md | 16 ++++++++++ 5 files changed, 103 insertions(+), 7 deletions(-) create mode 100644 deploy/pod-sa-git-key.yaml diff --git a/deploy/cronjob-git-key.yaml b/deploy/cronjob-git-key.yaml index 7b92d8d..3cf4bb7 100644 --- a/deploy/cronjob-git-key.yaml +++ b/deploy/cronjob-git-key.yaml @@ -23,21 +23,27 @@ spec: env: - name: MODE value: "dump" + - name: DESTINATION_DIR + value: "/data/dump" - name: GIT_PUSH value: "true" - name: GIT_BRANCH - value: "k8s-cluster" + value: "master" + - name: GIT_COMMIT_USER + value: "Kube Dump" + - name: GIT_COMMIT_EMAIL + value: "kube@dump.local" - name: GIT_REMOTE_URL value: "git@corp-gitlab.com:devops/cluster-bkp.git" volumeMounts: + - name: data + mountPath: /data - name: key mountPath: /root/.ssh/id_ed25519 subPath: id_ed25519 - readOnly: true - name: key-pub mountPath: /root/.ssh/id_ed25519.pub subPath: id_ed25519.pub - readOnly: true resources: limits: cpu: 500m @@ -47,15 +53,20 @@ spec: memory: 100Mi restartPolicy: OnFailure volumes: + - name: data + persistentVolumeClaim: + claimName: kube-dump - name: key secret: secretName: kube-dump-key items: - key: kube-dump path: id_ed25519 + mode: 0600 - name: key-pub secret: secretName: kube-dump-key items: - key: kube-dump.pub path: id_ed25519.pub + mode: 0600 diff --git a/deploy/pod-sa-git-key.yaml b/deploy/pod-sa-git-key.yaml new file mode 100644 index 0000000..4970cec --- /dev/null +++ b/deploy/pod-sa-git-key.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + labels: + app: kube-dump + name: kube-dump + namespace: kube-dump +spec: + serviceAccountName: kube-dump + containers: + - name: kube-dump + image: woozymasta/kube-dump:1.0 + imagePullPolicy: IfNotPresent + command: ["/bin/bash", "-c", "--"] + args: ["while true; do sleep 60; done;"] + env: + - name: MODE + value: "dump" + - name: DESTINATION_DIR + value: "/data/dump" + - name: GIT_PUSH + value: "true" + - name: GIT_BRANCH + value: "master" + - name: GIT_REMOTE_URL + value: "git@corp-gitlab.com:devops/cluster-bkp.git" + volumeMounts: + - name: data + mountPath: /data + - name: key + mountPath: /root/.ssh/id_ed25519 + subPath: id_ed25519 + - name: key-pub + mountPath: /root/.ssh/id_ed25519.pub + subPath: id_ed25519.pub + resources: + limits: + cpu: 500m + memory: 200Mi + requests: + cpu: 200m + memory: 100Mi + restartPolicy: OnFailure + volumes: + - name: data + persistentVolumeClaim: + claimName: kube-dump + - name: key + secret: + secretName: kube-dump-key + items: + - key: kube-dump + path: id_ed25519 + mode: 0600 + - name: key-pub + secret: + secretName: kube-dump-key + items: + - key: kube-dump.pub + path: id_ed25519.pub + mode: 0600 diff --git a/deploy/pod-sa.yaml b/deploy/pod-sa.yaml index f7a7b5e..46154de 100644 --- a/deploy/pod-sa.yaml +++ b/deploy/pod-sa.yaml @@ -14,6 +14,9 @@ spec: imagePullPolicy: IfNotPresent command: ["/bin/bash", "-c", "--"] args: ["while true; do sleep 60; done;"] + volumeMounts: + - name: data + mountPath: /data resources: limits: cpu: 500m @@ -21,9 +24,6 @@ spec: requests: cpu: 200m memory: 100Mi - volumeMounts: - - name: data - mountPath: /data restartPolicy: OnFailure volumes: - name: data diff --git a/docs/conjob.md b/docs/conjob.md index b88b0f8..e91a9f1 100644 --- a/docs/conjob.md +++ b/docs/conjob.md @@ -74,6 +74,12 @@ Show public ssh key and add to repository deployment keys with write access. cat ./.ssh/kube-dump.pub ``` +Create pvc for store data such as cache + +```shell +kubectl apply -n kube-dump -f deploy/pvc.yaml +``` + Create secret with private ssh key ```shell @@ -82,7 +88,8 @@ kubectl -n kube-dump create secret generic kube-dump-key \ --from-file=./.ssh/kube-dump.pub ``` -And apply the cron job manifest: +And apply the cron job manifest, +previously you could set up environment variables ```shell kubectl apply -n kube-dump -f deploy/cronjob-git-key.yaml diff --git a/docs/pod.md b/docs/pod.md index e0b981d..9ddb971 100644 --- a/docs/pod.md +++ b/docs/pod.md @@ -52,3 +52,19 @@ kubectl apply -n kube-dump -f deploy/cluster-role-view.yaml kubectl apply -n kube-dump -f deploy/pvc.yaml kubectl apply -n kube-dump -f deploy/pod-kubeconfig.yaml ``` + +## Deploy with serviceaccount, ssh key and volume + +```shell +mkdir -p ./.ssh +chmod 0700 ./.ssh +ssh-keygen -t ed25519 -C "kube-dump" -f ./.ssh/kube-dump +cat ./.ssh/kube-dump.pub +kubectl -n kube-dump create secret generic kube-dump-key \ + --from-file=./.ssh/kube-dump \ + --from-file=./.ssh/kube-dump.pub +kubectl create ns kube-dump +kubectl apply -n kube-dump -f deploy/cluster-role-view.yaml +kubectl apply -n kube-dump -f deploy/pvc.yaml +kubectl apply -n kube-dump -f deploy/pod-sa-git-key.yaml +```