Add example configurations for Custodia demosHEADmaster

13 files changed, 305 insertions, 0 deletions

diff --git a/kubernetes/wordpress-demo/README b/kubernetes/wordpress-demo/README
new file mode 100644
index 0000000..7ab1077
--- /dev/null
+++ b/kubernetes/wordpress-demo/README
@@ -0,0 +1,29 @@
+Based on http://www.severalnines.com/blog/wordpress-application-clustering-using-kubernetes-haproxy-and-keepalived
+
+Changes:
+
+ MySQL replication controller instead of plain MySQL pod
+ NodePort service
+ Custodia integration
+ custom entry points for go-secret
+
+Custodia setup
+--------------
+
+mkdir -p /var/lib/custodia /var/lib/custodia/client
+cp gustodia /var/lib/custodia/client/go-custodia
+
+modify example "custodia.conf"
+set [global] server_socket = /var/lib/custodia/client/server_socket
+
+curl --unix-socket /var/lib/custodia/client/server_socket \
+    -H "REMOTE_USER: curl" \
+    -X POST \
+    http://localhost/secrets/wordpress/
+curl --unix-socket /var/lib/custodia/client/server_socket \
+    -H "REMOTE_USER: curl" \
+    -H "Content-Type: application/json" \
+    -X PUT \
+    -d '{"type": "simple", "value": "yourpassword"}' \
+    http://localhost/secrets/wordpress/db_password
+
diff --git a/kubernetes/wordpress-demo/claim-db.yaml b/kubernetes/wordpress-demo/claim-db.yaml
new file mode 100644
index 0000000..a3ffd49
--- /dev/null
+++ b/kubernetes/wordpress-demo/claim-db.yaml
@@ -0,0 +1,13 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: myclaim-db
+  labels:
+    name: myclaim-db
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi
+
diff --git a/kubernetes/wordpress-demo/claim-web.yaml b/kubernetes/wordpress-demo/claim-web.yaml
new file mode 100644
index 0000000..1a04bec
--- /dev/null
+++ b/kubernetes/wordpress-demo/claim-web.yaml
@@ -0,0 +1,12 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: myclaim-web
+  labels:
+    name: myclaim-web
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 3Gi
diff --git a/kubernetes/wordpress-demo/mysql-custodia-rc.yaml b/kubernetes/wordpress-demo/mysql-custodia-rc.yaml
new file mode 100644
index 0000000..d83dbdd
--- /dev/null
+++ b/kubernetes/wordpress-demo/mysql-custodia-rc.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: mysql
+  labels:
+    name: mysql
+spec:
+  replicas: 1
+  selector:
+    name: mysql
+    version: v1
+  template:
+    metadata:
+      labels:
+        name: mysql
+        version: v1
+        secrets_namespace: wordpress
+    spec:
+      containers:
+        - name: mysql
+          image: mysql
+          command: ["/custodia/go-secret"]
+          args: ["/entrypoint.sh", "mysqld"]
+          ports:
+            - containerPort: 3306
+              name: mysql
+          env:
+            - name: SECRET_MYSQL_ROOT_PASSWORD
+              value: db_password
+          volumeMounts:
+            - name: mysql-persistent-storage
+              mountPath: /var/lib/mysql
+            - name: custodia
+              mountPath: /custodia
+              readOnly: true
+      volumes:
+        - name: mysql-persistent-storage
+          persistentVolumeClaim:
+            claimName: myclaim-db
+        - name: custodia
+          hostPath:
+            path: /var/lib/custodia/client
diff --git a/kubernetes/wordpress-demo/mysql-rc.yaml b/kubernetes/wordpress-demo/mysql-rc.yaml
new file mode 100644
index 0000000..24448f9
--- /dev/null
+++ b/kubernetes/wordpress-demo/mysql-rc.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: mysql
+  labels:
+    name: mysql
+spec:
+  replicas: 1
+  selector:
+    name: mysql
+    version: v1
+  template:
+    metadata:
+      labels:
+        name: mysql
+        version: v1
+    spec:
+      containers:
+        - name: mysql
+          image: mysql
+          ports:
+            - containerPort: 3306
+              name: mysql
+          env:
+            - name: MYSQL_ROOT_PASSWORD
+              value: yourpassword
+          volumeMounts:
+            - name: mysql-persistent-storage
+              mountPath: /var/lib/mysql
+      volumes:
+        - name: mysql-persistent-storage
+          persistentVolumeClaim:
+            claimName: myclaim-db
diff --git a/kubernetes/wordpress-demo/mysql-service.yaml b/kubernetes/wordpress-demo/mysql-service.yaml
new file mode 100644
index 0000000..2848558
--- /dev/null
+++ b/kubernetes/wordpress-demo/mysql-service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: mysql
+  name: mysql
+spec:
+  ports:
+    - port: 3306
+  selector:
+    name: mysql
+
diff --git a/kubernetes/wordpress-demo/pv-nfs-db.yaml b/kubernetes/wordpress-demo/pv-nfs-db.yaml
new file mode 100644
index 0000000..319b2f4
--- /dev/null
+++ b/kubernetes/wordpress-demo/pv-nfs-db.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv5gdb
+  labels:
+    name: wordpress-db
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Recycle
+  nfs:
+    path: /srv/kube-vol/wordpress/db
+    server: 10.34.78.249
+
diff --git a/kubernetes/wordpress-demo/pv-nfs-web.yaml b/kubernetes/wordpress-demo/pv-nfs-web.yaml
new file mode 100644
index 0000000..b69cd2b
--- /dev/null
+++ b/kubernetes/wordpress-demo/pv-nfs-web.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv5gweb
+  labels:
+    name: wordpress-web
+spec:
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Recycle
+  nfs:
+    path: /srv/kube-vol/wordpress/web
+    server: 10.34.78.249
+
+
diff --git a/kubernetes/wordpress-demo/remove.sh b/kubernetes/wordpress-demo/remove.sh
new file mode 100755
index 0000000..00589c7
--- /dev/null
+++ b/kubernetes/wordpress-demo/remove.sh
@@ -0,0 +1,8 @@
+kubectl delete rc frontend mysql
+kubectl delete svc frontend mysql
+kubectl delete pvc myclaim-db myclaim-web
+kubectl delete pv pv5gdb pv5gweb
+
+# rm -rf /srv/kube-vol/wordpress/web/*
+# rm -rf /srv/kube-vol/wordpress/db/*
+
diff --git a/kubernetes/wordpress-demo/setup.sh b/kubernetes/wordpress-demo/setup.sh
new file mode 100755
index 0000000..84c7ee1
--- /dev/null
+++ b/kubernetes/wordpress-demo/setup.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+set -e
+
+# rm -rf /srv/kube-vol/wordpress/web/*
+# rm -rf /srv/kube-vol/wordpress/db/*
+
+mkdir -p /srv/kube-vol/wordpress/web
+mkdir -p /srv/kube-vol/wordpress/db
+
+kubectl create -f pv-nfs-db.yaml
+kubectl create -f claim-db.yaml
+kubectl create -f mysql-custodia-rc.yaml
+kubectl create -f mysql-service.yaml
+
+sleep 5
+
+kubectl create -f pv-nfs-web.yaml
+kubectl create -f claim-web.yaml
+kubectl create -f wordpress-custodia-rc.yaml
+kubectl create -f wordpress-service.yaml
+
+sleep 5
+
+kubectl get pv,pvc
+kubectl get rc
+kubectl get po
+kubectl get svc
+
diff --git a/kubernetes/wordpress-demo/wordpress-custodia-rc.yaml b/kubernetes/wordpress-demo/wordpress-custodia-rc.yaml
new file mode 100644
index 0000000..afb7bf8
--- /dev/null
+++ b/kubernetes/wordpress-demo/wordpress-custodia-rc.yaml
@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: frontend
+  labels:
+    name: frontend
+spec:
+  replicas: 1
+  selector:
+    name: frontend
+    version: v1
+  template:
+    metadata:
+      labels:
+        name: frontend
+        version: v1
+        secrets_namespace: wordpress
+    spec:
+      containers:
+        - name: wordpress
+          image: wordpress
+          # $ docker pull wordpress
+          # $ docker inspect --format='{{json .Config.Entrypoint}} {{json .Config.Cmd}}' wordpress
+          command: ["/custodia/go-secret"]
+          args: ["/entrypoint.sh", "apache2-foreground"]
+          ports:
+          - containerPort: 80
+            name: wordpress
+          env:
+            - name: SECRET_WORDPRESS_DB_PASSWORD
+              value: db_password
+          volumeMounts:
+              # name must match the volume name below
+            - name: wordpress-persistent-storage
+              # mount path within the container
+              mountPath: /var/www/html
+            - name: custodia
+              mountPath: /custodia
+              readOnly: true
+      volumes:
+        - name: wordpress-persistent-storage
+          persistentVolumeClaim:
+           claimName: myclaim-web
+        - name: custodia
+          hostPath:
+            path: /var/lib/custodia/client
+
diff --git a/kubernetes/wordpress-demo/wordpress-rc.yaml b/kubernetes/wordpress-demo/wordpress-rc.yaml
new file mode 100644
index 0000000..9a64655
--- /dev/null
+++ b/kubernetes/wordpress-demo/wordpress-rc.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: frontend
+  labels:
+    name: frontend
+spec:
+  replicas: 1
+  selector:
+    name: frontend
+    version: v1
+  template:
+    metadata:
+      labels:
+        name: frontend
+        version: v1
+    spec:
+      containers:
+        - name: wordpress
+          image: wordpress
+          ports:
+          - containerPort: 80
+            name: wordpress
+          env:
+            - name: WORDPRESS_DB_PASSWORD
+              value: yourpassword
+          volumeMounts:
+            - name: wordpress-persistent-storage
+              mountPath: /var/www/html
+      volumes:
+        - name: wordpress-persistent-storage
+          persistentVolumeClaim:
+           claimName: myclaim-web
diff --git a/kubernetes/wordpress-demo/wordpress-service.yaml b/kubernetes/wordpress-demo/wordpress-service.yaml
new file mode 100644
index 0000000..beef04e
--- /dev/null
+++ b/kubernetes/wordpress-demo/wordpress-service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    name: frontend
+  name: frontend
+spec:
+  ports:
+    - port: 80
+      targetPort: 80
+      nodePort: 30777
+  selector:
+    name: frontend
+  type: NodePort
+