Merge remote-tracking branch 'craft/master'

README.md

@@ -0,0 +1,105 @@
+# Craft Kubernetes Workshop
+
+In this workshop you will learn how to:
+
+* Provision a basic Kubernetes cluster from the ground up using [Google Compute Engine](https://cloud.google.com/compute)
+* Provision a complete Kubernetes using [Google Container Engine](https://cloud.google.com/container-engine)
+* Deploy and manage Docker containers using kubectl
+
+Kubernetes Version: 1.2.2
+
+## Google Compute Engine (GCE)
+
+GCE will be used to setup a Kubernetes cluster from the ground up. This workshop will require the ability to create the following resources:
+
+* Virtual Machines
+* Routes
+* Firewall Rules
+
+### Setup GCE and Enable Cloud Shell 
+
+In this section you will create a Google Compute Engine (GCE) account. GCE will allow you to the create VMs, Networks, and Storage volumes required for this workshop. GCE also provides the [Cloud Shell](https://cloud.google.com/shell/docs) computing environment that will be used complete the labs.
+
+#### Labs
+
+
+  * [Create a GCE Account](labs/create-gce-account.md)
+  * [Enable and explore Cloud Shell](labs/enable-and-explore-cloud-shell.md)
+
+### Clone this Repository
+
+Login into your Cloud Shell environment and clone this repository.
+
+```
+git clone https://github.com/kelseyhightower/craft-kubernetes-workshop.git
+```
+
+## Provision a Kubernetes cluster from scratch
+
+Kubernetes is a distributed system composed of a collection of microservices. Like any system Kubernetes must be installed and configured. In this section you will install Kubernetes from the ground up with the minimal configuration required to get a cluster up and running.
+
+### Core Infrastructure
+
+A Kubernetes cluster requires compute resources which can come from VMs or bare-metal machines, a container runtime environment such as Docker, and assumes the Kubernetes network model is in place.
+
+#### Labs
+
+  * [Provision Ubuntu on GCE](labs/provisioning-ubuntu-on-gce.md)
+  * [Install and configure Docker](labs/install-and-configure-docker.md)
+  * [Configure Networking](labs/configure-networking.md)
+
+### Provision the Kubernetes Controller
+
+Kubernetes can be broken up into two parts: the controller and worker nodes. The Kubernetes controller is where all cluster configuration is stored and is home to the Kubernetes API, Controller Manager, and Scheduler.
+
+#### Labs
+
+  * [Install and configure etcd](labs/install-and-configure-etcd.md)
+  * [Download a Kubernetes release](labs/download-a-kubernetes-release.md)
+  * [Install and configure the API Server](labs/install-and-configure-apiserver.md)
+  * [Install and configure the Controller Manager](labs/install-and-configure-controller-manager.md)
+  * [Install and configure the Scheduler](labs/install-and-configure-scheduler.md)
+
+### Provision the Worker Nodes
+
+Kubernetes worker nodes are responsible for running containers (inside of pods), service loadbalancing, and reporting status information and metrics for nodes and pods. In this section you will setup the Kubernetes worker nodes and install the following components:
+
+* kubelet
+
+#### Labs
+
+  * [Install and configure the kubelet](labs/install-and-configure-kubelet.md)
+
+## Provision Kubernetes using GKE
+
+Kubernetes can be configured with many options and add-ons, but can be time consuming to bootstrap from the ground up. In this section you will bootstrap Kubernetes using [Google Container Engine](https://cloud.google.com/container-engine) (GKE).
+
+  * [Provision a Kubernetes Cluster with GKE](labs/provision-kubernetes-cluster-with-gke.md)
+
+## Managing Applications with Kubernetes
+
+Kubernetes is all about applications and in this section you will utilize the Kubernetes API to deploy, manage, and upgrade applications. In this part of the workshop you will use an example application called "app" to complete the labs.
+
+[App](https://github.com/kelseyhightower/app) is hosted on GitHub and provides an example 12 Facter application. During this workshop you will be working with the following Docker images:
+
+* [kelseyhightower/monolith](https://hub.docker.com/r/kelseyhightower/monolith) - Monolith includes auth and hello services.
+* [kelseyhightower/auth](https://hub.docker.com/r/kelseyhightower/auth) - Auth microservice. Generates JWT tokens for authenticated users.
+* [kelseyhightower/hello](https://hub.docker.com/r/kelseyhightower/hello) - Hello microservice. Greets authenticated users.
+* [ngnix](https://hub.docker.com/_/nginx) - Frontend to the auth and hello services.
+
+#### Labs
+
+  * [Creating and managing pods](labs/creating-and-managing-pods.md)
+  * [Monitoring and health checks](labs/monitoring-and-health-checks.md)
+  * [Managing application configurations and secrets](labs/managing-application-configurations-and-secrets.md)
+  * [Creating and managing services](labs/creating-and-managing-services.md)
+  * [Creating and managing deployments](labs/creating-and-managing-deployments.md)
+  * [Rolling out updates](labs/rolling-out-updates.md)
+
+## Links
+
+  * [Kubernetes](http://googlecloudplatform.github.io/kubernetes)
+  * [gcloud Tool Guide](https://cloud.google.com/sdk/gcloud)
+  * [Docker](https://docs.docker.com)
+  * [etcd](https://coreos.com/docs/distributed-configuration/getting-started-with-etcd)
+  * [nginx](http://nginx.org)

cleanup.sh

@@ -0,0 +1,3 @@
+gcloud compute instances delete node0 node1
+gcloud compute routes delete default-route-10-200-1-0-24 default-route-10-200-0-0-24
+gcloud compute firewall-rules delete default-allow-local-api

kubernetes/cleanup.sh

@@ -0,0 +1,5 @@
+kubectl delete pods healthy-monolith monolith secure-monolith
+kubectl delete services monolith auth frontend hello
+kubectl delete deployments auth frontend hello
+kubectl delete secrets tls-certs
+kubectl delete configmaps nginx-frontend-conf nginx-proxy-conf

kubernetes/deployments/auth.yaml

@@ -0,0 +1,39 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: auth
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: auth
+        track: stable
+    spec:
+      containers:
+        - name: auth
+          image: "kelseyhightower/auth:1.0.0"
+          ports:
+            - name: http
+              containerPort: 80
+            - name: health
+              containerPort: 81
+          resources:
+            limits:
+              cpu: 0.2
+              memory: "10Mi"
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 81
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 15
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /readiness
+              port: 81
+              scheme: HTTP
+            initialDelaySeconds: 5
+            timeoutSeconds: 1

kubernetes/deployments/frontend.yaml

@@ -0,0 +1,34 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: frontend
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: frontend
+        track: stable
+    spec:
+      containers:
+        - name: nginx
+          image: "nginx:1.9.14"
+          lifecycle:
+            preStop:
+              exec:
+                command: ["/usr/sbin/nginx","-s","quit"]
+          volumeMounts:
+            - name: "nginx-frontend-conf"
+              mountPath: "/etc/nginx/conf.d"
+            - name: "tls-certs"
+              mountPath: "/etc/tls"
+      volumes:
+        - name: "tls-certs"
+          secret:
+            secretName: "tls-certs"
+        - name: "nginx-frontend-conf"
+          configMap:
+            name: "nginx-frontend-conf"
+            items:
+              - key: "frontend.conf"
+                path: "frontend.conf"

kubernetes/deployments/hello.yaml

@@ -0,0 +1,39 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: hello
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: hello
+        track: stable
+    spec:
+      containers:
+        - name: hello
+          image: "kelseyhightower/hello:1.0.0"
+          ports:
+            - name: http
+              containerPort: 80
+            - name: health
+              containerPort: 81
+          resources:
+            limits:
+              cpu: 0.2
+              memory: "10Mi"
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 81
+              scheme: HTTP
+            initialDelaySeconds: 5
+            periodSeconds: 15
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /readiness
+              port: 81
+              scheme: HTTP
+            initialDelaySeconds: 5
+            timeoutSeconds: 1

kubernetes/nginx/frontend.conf

@@ -0,0 +1,23 @@
+upstream hello {
+    server hello.default.svc.cluster.local;
+}
+
+upstream auth {
+    server auth.default.svc.cluster.local;
+}
+
+server {
+    listen 443;
+    ssl    on;
+
+    ssl_certificate     /etc/tls/cert.pem;
+    ssl_certificate_key /etc/tls/key.pem;
+
+    location / {
+        proxy_pass http://hello;
+    }
+
+    location /login {
+        proxy_pass http://auth;
+    }
+}

kubernetes/nginx/proxy.conf

@@ -0,0 +1,11 @@
+server {
+  listen 443;
+  ssl    on;
+
+  ssl_certificate     /etc/tls/cert.pem;
+  ssl_certificate_key /etc/tls/key.pem;
+
+  location / {
+    proxy_pass http://127.0.0.1:80;
+  }
+}

kubernetes/pods/healthy-monolith.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "healthy-monolith"
+  labels:
+    app: monolith
+spec:
+  containers:
+    - name: monolith
+      image: kelseyhightower/monolith:1.0.0
+      ports:
+        - name: http
+          containerPort: 80
+        - name: health
+          containerPort: 81
+      resources:
+        limits:
+          cpu: 0.2
+          memory: "10Mi"
+      livenessProbe:
+        httpGet:
+          path: /healthz
+          port: 81
+          scheme: HTTP
+        initialDelaySeconds: 5
+        periodSeconds: 15
+        timeoutSeconds: 5
+      readinessProbe:
+        httpGet:
+          path: /readiness
+          port: 81
+          scheme: HTTP
+        initialDelaySeconds: 5
+        timeoutSeconds: 1

kubernetes/pods/monolith.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: monolith
+  labels:
+    app: monolith
+spec:
+  containers:
+    - name: monolith
+      image: kelseyhightower/monolith:1.0.0
+      args:
+        - "-http=0.0.0.0:80"
+        - "-health=0.0.0.0:81"
+        - "-secret=secret"
+      ports:
+        - name: http
+          containerPort: 80
+        - name: health
+          containerPort: 81
+      resources:
+        limits:
+          cpu: 0.2
+          memory: "10Mi"

kubernetes/pods/secure-monolith.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "secure-monolith"
+  labels:
+    app: monolith
+spec:
+  containers:
+    - name: nginx
+      image: "nginx:1.9.14"
+      lifecycle:
+        preStop:
+          exec:
+            command: ["/usr/sbin/nginx","-s","quit"]
+      volumeMounts:
+        - name: "nginx-proxy-conf"
+          mountPath: "/etc/nginx/conf.d"
+        - name: "tls-certs"
+          mountPath: "/etc/tls"
+    - name: monolith
+      image: "kelseyhightower/monolith:1.0.0"
+      ports:
+        - name: http
+          containerPort: 80
+        - name: health
+          containerPort: 81
+      resources:
+        limits:
+          cpu: 0.2
+          memory: "10Mi"
+      livenessProbe:
+        httpGet:
+          path: /healthz
+          port: 81
+          scheme: HTTP
+        initialDelaySeconds: 5
+        periodSeconds: 15
+        timeoutSeconds: 5
+      readinessProbe:
+        httpGet:
+          path: /readiness
+          port: 81
+          scheme: HTTP
+        initialDelaySeconds: 5
+        timeoutSeconds: 1
+  volumes:
+    - name: "tls-certs"
+      secret:
+        secretName: "tls-certs"
+    - name: "nginx-proxy-conf"
+      configMap:
+        name: "nginx-proxy-conf"
+        items:
+          - key: "proxy.conf"
+            path: "proxy.conf"

kubernetes/services/auth.yaml

@@ -0,0 +1,11 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: "auth"
+spec:
+  selector:
+    app: "auth"
+  ports:
+    - protocol: "TCP"
+      port: 80
+      targetPort: 80