AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

eindelijk weer eens een push

Browse Source
This commit is contained in:
allard
2026-05-31 16:07:30 +02:00
parent 01cff8e165
commit ff21c258e0
2747 changed files with 302316 additions and 131101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
riscv/prometheus/clusterRole.yaml
Executable
+33
View File
@@ -0,0 +1,33 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus
rules:
- apiGroups: [""]
resources:
- nodes
- nodes/proxy
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
- apiGroups:
- extensions
resources:
- ingresses
verbs: ["get", "list", "watch"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus
subjects:
- kind: ServiceAccount
name: default
namespace: monitoring
riscv/prometheus/prometheus-configmap.yaml
Executable
+137
View File
@@ -0,0 +1,137 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: prometheus-server-conf
labels:
name: prometheus-server-conf
namespace: monitoring
data:
prometheus.rules: |-
groups:
- name: devopscube demo alert
rules:
- alert: High Pod Memory
expr: sum(container_memory_usage_bytes) > 1
for: 1m
labels:
severity: slack
annotations:
summary: High Memory Usage
prometheus.yml: |-
global:
scrape_interval: 5s
evaluation_interval: 5s
rule_files:
- /etc/prometheus/prometheus.rules
alerting:
alertmanagers:
- scheme: http
static_configs:
- targets:
- "alertmanager.monitoring.svc:9093"
scrape_configs:
- job_name: 'node-exporter'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_endpoints_name]
regex: 'node-exporter'
action: keep
- job_name: 'kubernetes-apiservers'
kubernetes_sd_configs:
- role: endpoints
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_endpoint_port_name]
action: keep
regex: default;kubernetes;https
- job_name: 'kubernetes-nodes'
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- target_label: __address__
replacement: kubernetes.default.svc:443
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/${1}/proxy/metrics
- job_name: 'kubernetes-pods'
kubernetes_sd_configs:
- role: pod
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
target_label: __address__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: kubernetes_pod_name
- job_name: 'kube-state-metrics'
static_configs:
- targets: ['kube-state-metrics.kube-system.svc.cluster.local:8080']
- job_name: 'kubernetes-cadvisor'
scheme: https
tls_config:
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
kubernetes_sd_configs:
- role: node
relabel_configs:
- action: labelmap
regex: __meta_kubernetes_node_label_(.+)
- target_label: __address__
replacement: kubernetes.default.svc:443
- source_labels: [__meta_kubernetes_node_name]
regex: (.+)
target_label: __metrics_path__
replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor
- job_name: 'kubernetes-service-endpoints'
kubernetes_sd_configs:
- role: endpoints
relabel_configs:
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
action: replace
target_label: __scheme__
regex: (https?)
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
action: replace
target_label: __address__
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
- action: labelmap
regex: __meta_kubernetes_service_label_(.+)
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: kubernetes_namespace
- source_labels: [__meta_kubernetes_service_name]
action: replace
target_label: kubernetes_name
riscv/prometheus/prometheus.yaml
Executable
+87
View File
@@ -0,0 +1,87 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: prometheus-deployment
namespace: monitoring
labels:
app: prometheus-server
spec:
replicas: 1
selector:
matchLabels:
app: prometheus-server
template:
metadata:
labels:
app: prometheus-server
spec:
containers:
- name: prometheus
image: allardkrings/riscv64-prometheus
imagePullPolicy: Always
command: ["prometheus"]
args:
- "--config.file=/etc/prometheus/prometheus.yml"
- "--storage.tsdb.path=/prometheus/"
ports:
- containerPort: 9090
volumeMounts:
# - name: prometheus-config-volume
# mountPath: /etc/prometheus/
- name: prometheus-storage-volume
mountPath: /prometheus/
volumes:
- name: prometheus-config-volume
configMap:
defaultMode: 420
name: prometheus-server-conf
- name: prometheus-storage-volume
emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
name: prometheus-service
namespace: monitoring
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '9090'
spec:
selector:
app: prometheus-server
type: ClusterIP
ports:
- port: 9090
targetPort: 9090
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: prometheus-http
namespace: monitoring
spec:
entryPoints:
- web
routes:
- match: Host(`prometheus-riscv.allarddcs.nl`)
kind: Rule
services:
- name: prometheus-service
port: 9090
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: prometheus-tls
namespace: monitoring
spec:
entryPoints:
- websecure
routes:
- match: Host(`prometheus-riscv.allarddcs.nl`)
kind: Rule
services:
- name: prometheus-service
port: 9090
tls:
certResolver: letsencrypt
riscv/rabbitmq/create-que.sh
Executable
+6
View File
@@ -0,0 +1,6 @@
./rabbitmqadmin --host=rabbitmq-riscv.allarddcs.nl \
--port=443 \
--ssl \
--username=guest \
--password=guest \
declare queue name=testqueue durable=true
riscv/rabbitmq/rabbitmq.yaml
Executable
+150
View File
@@ -0,0 +1,150 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: rabbitmq
namespace: rabbitmq
labels:
app: rabbitmq
spec:
replicas: 1
selector:
matchLabels:
app: rabbitmq
template:
metadata:
labels:
app: rabbitmq
spec:
containers:
- name: rabbitmq
image: docker.io/riscv64/rabbitmq:3-management
volumeMounts:
- mountPath: /var/lib/rabbitmq
name: rabbitmq
subPath: rabbitmq/data
- mountPath: /var/log/rabbitmq
name: rabbitmq
subPath: rabbitmq/log
volumes:
- name: rabbitmq
persistentVolumeClaim:
claimName: rabbitmq-pvc
---
apiVersion: v1
kind: Service
metadata:
name: rabbitmq
namespace: rabbitmq
spec:
ports:
- name: port1
targetPort: 5672
port: 5672
- name: port2
targetPort: 15672
port: 15672
- name: port3
targetPort: 55670
port: 55670
- name: port4
targetPort: 55674
port: 55674
selector:
app: rabbitmq
type: NodePort
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: rabbitmq-pv
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/rabbitmq/riscv
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rabbitmq-pvc
namespace: rabbitmq
spec:
storageClassName: ""
volumeName: rabbitmq-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 1Gi
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: rabbitmq-http
namespace: rabbitmq
spec:
entryPoints:
- web
routes:
- match: Host(`rabbitmq-riscv.allarddcs.nl`)
kind: Rule
middlewares:
- name: redirect-to-https
namespace: rabbitmq
services:
- name: rabbitmq
port: 15672
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: rabbitmq-tls
namespace: rabbitmq
spec:
entryPoints:
- websecure
routes:
- match: Host(`rabbitmq-riscv.allarddcs.nl`)
kind: Rule
services:
- name: rabbitmq
port: 15672
tls:
certResolver: letsencrypt
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-to-https
namespace: rabbitmq
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: v1
kind: Service
metadata:
name: rabbitmq-amqp
namespace: rabbitmq
spec:
type: NodePort
ports:
- port: 5672
targetPort: 5672
protocol: TCP
nodePort: 31541 # You can specify or let k8s pick one in 30000-32767 range
name: amqp
selector:
app.kubernetes.io/name: rabbitmq
riscv/rabbitmq/rabbitmqadmin
Executable
+1190
View File
File diff suppressed because it is too large Load Diff
riscv/rabbitmq/read-message.sh
Executable
+8
View File
@@ -0,0 +1,8 @@
./rabbitmqadmin \
--host=rabbitmq-riscv.allarddcs.nl \
--port=443 \
--ssl \
--username=guest \
--password=guest \
get queue=testqueue count=1 \
--arguments='{"requeue":false}'
riscv/rabbitmq/send-message.sh
Executable
+6
View File
@@ -0,0 +1,6 @@
./rabbitmqadmin --host=rabbitmq-riscv.allarddcs.nl \
--port=443 \
--ssl \
--username=guest \
--password=guest \
publish routing_key=testqueue payload="Hello from CLI"
riscv/traefik/K3S-Ingressroute-dashboard.yaml
+16
View File
@@ -0,0 +1,16 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- match: Host(`traefik-prod.allarddcs.nl`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
kind: Rule
services:
- name: api@internal
kind: TraefikService
tls:
certResolver: le
riscv/wordpress/README.md
+2
View File
@@ -0,0 +1,2 @@
user: admin
password: Wz76)2Tbv%vB!4)5R&
riscv/wordpress/ingressroutes.yaml
+46
View File
@@ -0,0 +1,46 @@
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wordpress-http
namespace: wordpress
spec:
entryPoints:
- web
routes:
- match: Host(`wordpress-riscv.allarddcs.nl`)
kind: Rule
services:
- name: joomla
port: 80
middlewares:
- name: redirect-to-https
namespace: wordpress
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wordpress-tls
namespace: wordpress
spec:
entryPoints:
- websecure
routes:
- match: Host(`wordpress-riscv.allarddcs.nl`)
kind: Rule
services:
- name: wordpress
port: 80
tls:
certResolver: letsencrypt
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-to-https
namespace: wordpress
spec:
redirectScheme:
scheme: https
permanent: true
riscv/wordpress/wordpress.yaml
Executable
+153
View File
@@ -0,0 +1,153 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: wordpress
namespace: wordpress
labels:
app: wordpress
spec:
replicas: 1
selector:
matchLabels:
app: wordpress
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: wordpress
spec:
containers:
- image: riscv64/wordpress:6.7.2-php8.1-fpm-alpine
name: wordpress
imagePullPolicy: Always
env:
- name: WORDPRESS_DB_HOST
value: "mariadb.mariadb"
- name: WORDPRESS_DB_PASSWORD
value: "wordpress"
- name: WORDPRESS_DB_USER
value: "wordpress"
- name: WORDPRESS_DB_NAME
value: "wordpress"
ports:
- containerPort: 9000
name: php-fpm
protocol: TCP
volumeMounts:
- name: nfs-wordpress
mountPath: /var/www/html
subPath: html
- name: nginx
image: riscv64/nginx:1.27.4-alpine
ports:
- containerPort: 80
volumeMounts:
- name: nfs-wordpress
mountPath: /var/www/html
subPath: html
- name: nfs-wordpress
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
volumes:
- name: nfs-wordpress
persistentVolumeClaim:
claimName: wordpress-pvc
---
apiVersion: v1
kind: Service
metadata:
name: wordpress
namespace: wordpress
spec:
selector:
app: wordpress
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: wordpress-pv
spec:
storageClassName: ""
capacity:
storage: 2Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nfsvers=4.1
nfs:
server: 192.168.2.110
path: /mnt/nfs_share/wordpress/riscv
readOnly: false
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: wordpress-pvc
namespace: wordpress
spec:
storageClassName: ""
volumeName: wordpress-pv
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wordpress-http
namespace: wordpress
spec:
entryPoints:
- web
routes:
- match: Host(`wordpress-riscv.allarddcs.nl`)
kind: Rule
services:
- name: wordpress
port: 80
middlewares:
- name: redirect-to-https
namespace: wordpress
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: wordpress-tls
namespace: wordpress
spec:
entryPoints:
- websecure
routes:
- match: Host(`wordpress-riscv.allarddcs.nl`)
kind: Rule
services:
- name: wordpress
port: 80
tls:
certResolver: letsencrypt
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-to-https
namespace: wordpress
spec:
redirectScheme:
scheme: https
permanent: true