openssl req \
-new \
-newkey rsa:4096 \
-days 365 \
-nodes \
-x509 \
-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \
-keyout www.example.com.key \
-out www.example.com.certmore : https://superuser.com/questions/226192/avoid-password-prompt-for-keys-and-prompts-for-dn-information
version: '3'
services:
opensearch-node1:
image: opensearchproject/opensearch:latest
container_name: opensearch-node1
environment:
- discovery.type=single-node
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /opt/opensearch:/usr/share/opensearch/data
ports:
- 9200:9200
- 9600:9600
opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:latest
container_name: opensearch-dashboards
ports:
- 5601:5601
expose:
- "5601"
environment:
OPENSEARCH_HOSTS: '["https://opensearch-node1:9200"]'
cat server.crt server.key > server.includesprivatekey.pemhttps://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files
Why?
– No need to create directory manually on nfs server
– Easy
helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
helm upgrade --install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner --set nfs.server=192.168.0.182 --set nfs.path=/mnt/nfs2 --set storageClass.defaultClass=true --set storageClass.onDelete=retain
deployment-nginx.yml
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx
spec:
selector:
matchLabels:
run: my-nginx
replicas: 1
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
volumeMounts:
- name: pvc-claim
mountPath: /data
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "100m"
volumes:
- name: pvc-claim
persistentVolumeClaim:
claimName: test-claim
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: test-claim
annotations:
nfs.io/storage-path: "test-path"
spec:
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10MiMore : https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-deployment
labels:
app: redis
env: prod
spec:
replicas: 1
selector:
matchLabels:
app: redis
env: prod
template:
metadata:
labels:
app: redis
env: prod
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: "kubernetes.io/arch"
operator: "In"
values:
- arm64
tolerations:
- key: "key"
operator: "Equal"
value: "arm"
effect: "NoSchedule"
containers:
- name: redis-container
image: redis:6.2
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "300m"
volumeMounts:
- name: redis-data
mountPath: /data
ports:
- containerPort: 9090
volumes:
- name: redis-data
nfs:
server: 192.168.0.182
path: "/mnt/nfs1/redis"
---
kind: Service
apiVersion: v1
metadata:
name: redis-service
labels:
app: redis
env: prod
spec:
selector:
app: redis
env: prod
ports:
- name: redis
protocol: TCP
port: 6379
targetPort: 6379
nodePort: 31000
type: NodePort
redis cli:
127.0.0.1:6379> set var1 100
OK
127.0.0.1:6379> get var1
"100"
127.0.0.1:6379> incr var1
(integer) 101
127.0.0.1:6379> get var1
"101"
prometheus-ec2) with AmazonEC2ReadOnlyAccess policy
prometheus.yml
kind: ConfigMap
apiVersion: v1
metadata:
name: prometheus-conf
data:
prometheus.yml: |
global:
scrape_interval: 10s
evaluation_interval: 10s
scrape_configs:
- job_name: 'ec2-node'
ec2_sd_configs:
- region: ap-south-1
port: 9100
relabel_configs:
- source_labels: [__meta_ec2_tag_app]
action: keep
regex: 'pro.*'
- source_labels: [__meta_ec2_private_ip]
action: replace
target_label: ec2_private_ip
