Showing preview only (709K chars total). Download the full file or copy to clipboard to get everything.
Repository: aws-samples/eks-workshop-greater-china
Branch: master
Commit: 05798670c0db
Files: 299
Total size: 566.1 KB
Directory structure:
gitextract_bpmfenia/
├── .github/
│ └── PULL_REQUEST_TEMPLATE.md
├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── china/
│ ├── 2020_EKS_Launch_Workshop/
│ │ ├── README.md
│ │ ├── resource/
│ │ │ ├── IRSA/
│ │ │ │ └── iam-pod.yaml
│ │ │ ├── alb-ingress-controller/
│ │ │ │ ├── alb-ingress-controller.yaml
│ │ │ │ ├── ingress-iam-policy.json
│ │ │ │ ├── nginx-alb-ingress.yaml
│ │ │ │ └── rbac-role.yaml
│ │ │ ├── aws-ebs-csi-driver/
│ │ │ │ ├── aws-ebs-csi-driver/
│ │ │ │ │ ├── .helmignore
│ │ │ │ │ ├── Chart.yaml
│ │ │ │ │ ├── templates/
│ │ │ │ │ │ ├── NOTES.txt
│ │ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ │ ├── daemonset.yaml
│ │ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ │ ├── rbac.yaml
│ │ │ │ │ │ ├── serviceaccount.yaml
│ │ │ │ │ │ └── statefulset.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ ├── deploy/
│ │ │ │ │ └── kubernetes/
│ │ │ │ │ ├── base/
│ │ │ │ │ │ ├── controller.yaml
│ │ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── node.yaml
│ │ │ │ │ │ └── rbac.yaml
│ │ │ │ │ ├── cluster/
│ │ │ │ │ │ └── crd_snapshotter.yaml
│ │ │ │ │ ├── overlays/
│ │ │ │ │ │ ├── alpha/
│ │ │ │ │ │ │ ├── controller_add_resizer.yaml
│ │ │ │ │ │ │ ├── controller_add_snapshotter.yaml
│ │ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ │ ├── rbac_add_resizer.yaml
│ │ │ │ │ │ │ ├── rbac_add_snapshot_controller.yaml
│ │ │ │ │ │ │ ├── rbac_add_snapshotter.yaml
│ │ │ │ │ │ │ └── snapshot_controller.yaml
│ │ │ │ │ │ ├── dev/
│ │ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ │ └── stable/
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── secret.yaml
│ │ │ │ ├── ebs-csi-iam-policy.json
│ │ │ │ ├── examples/
│ │ │ │ │ └── kubernetes/
│ │ │ │ │ ├── block-volume/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── specs/
│ │ │ │ │ │ ├── pod.yaml
│ │ │ │ │ │ ├── raw-claim.yaml
│ │ │ │ │ │ └── storageclass.yaml
│ │ │ │ │ ├── dynamic-provisioning/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── specs/
│ │ │ │ │ │ ├── claim.yaml
│ │ │ │ │ │ ├── pod.yaml
│ │ │ │ │ │ └── storageclass.yaml
│ │ │ │ │ ├── resizing/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── spec/
│ │ │ │ │ │ └── example.yaml
│ │ │ │ │ ├── snapshot/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── specs/
│ │ │ │ │ │ ├── app/
│ │ │ │ │ │ │ ├── claim.yaml
│ │ │ │ │ │ │ └── pod.yaml
│ │ │ │ │ │ ├── classes/
│ │ │ │ │ │ │ ├── snapshotclass.yaml
│ │ │ │ │ │ │ └── storageclass.yaml
│ │ │ │ │ │ ├── snapshot/
│ │ │ │ │ │ │ └── snapshot.yaml
│ │ │ │ │ │ ├── snapshot-import/
│ │ │ │ │ │ │ ├── volume-snapshot-content.yaml
│ │ │ │ │ │ │ └── volume-snapshot.yaml
│ │ │ │ │ │ └── snapshot-restore/
│ │ │ │ │ │ ├── claim.yaml
│ │ │ │ │ │ └── pod.yaml
│ │ │ │ │ ├── static-provisioning/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── specs/
│ │ │ │ │ │ └── example.yaml
│ │ │ │ │ └── storageclass/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ └── example.yaml
│ │ │ │ └── updaterole.sh
│ │ │ ├── aws-efs-csi-driver/
│ │ │ │ ├── .dockerignore
│ │ │ │ ├── .github/
│ │ │ │ │ ├── ISSUE_TEMPLATE/
│ │ │ │ │ │ ├── bug_report.md
│ │ │ │ │ │ ├── enhancement-request.md
│ │ │ │ │ │ ├── feature_request.md
│ │ │ │ │ │ └── support-request.md
│ │ │ │ │ ├── PULL_REQUEST_TEMPLATE.md
│ │ │ │ │ └── workflows/
│ │ │ │ │ └── container-image.yaml
│ │ │ │ ├── .gitignore
│ │ │ │ ├── .travis.yml
│ │ │ │ ├── deploy/
│ │ │ │ │ └── kubernetes/
│ │ │ │ │ ├── base/
│ │ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── node.yaml
│ │ │ │ │ └── overlays/
│ │ │ │ │ └── stable/
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── examples/
│ │ │ │ └── kubernetes/
│ │ │ │ ├── encryption_in_transit/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ ├── pod.yaml
│ │ │ │ │ ├── pv.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ ├── multiple_pods/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ ├── pod1.yaml
│ │ │ │ │ ├── pod2.yaml
│ │ │ │ │ ├── pv.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ ├── statefulset/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ └── example.yaml
│ │ │ │ ├── static_provisioning/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ ├── pod.yaml
│ │ │ │ │ ├── pv.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ └── volume_path/
│ │ │ │ ├── README.md
│ │ │ │ └── specs/
│ │ │ │ └── example.yaml
│ │ │ ├── cluster-autoscaler/
│ │ │ │ ├── cluster_autoscaler.yml
│ │ │ │ ├── k8s-asg-policy.json
│ │ │ │ └── nginx-to-scaleout.yaml
│ │ │ ├── efk/
│ │ │ │ └── fluent-bit.yaml
│ │ │ ├── eks-helm-demo/
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates/
│ │ │ │ │ ├── deployment/
│ │ │ │ │ │ ├── crystal.yaml
│ │ │ │ │ │ ├── frontend.yaml
│ │ │ │ │ │ └── nodejs.yaml
│ │ │ │ │ └── service/
│ │ │ │ │ ├── crystal.yaml
│ │ │ │ │ ├── frontend.yaml
│ │ │ │ │ └── nodejs.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── healthchecks/
│ │ │ │ ├── liveness-app.yaml
│ │ │ │ └── readiness-deployment.yaml
│ │ │ ├── hpa/
│ │ │ │ ├── hpa-v2.yaml
│ │ │ │ └── php-apache.yaml
│ │ │ ├── istio/
│ │ │ │ └── bookinfo/
│ │ │ │ ├── bookinfo-gateway.yaml
│ │ │ │ ├── bookinfo.yaml
│ │ │ │ ├── destination-rule-all.yaml
│ │ │ │ ├── virtual-service-all-v1.yaml
│ │ │ │ ├── virtual-service-ratings-test-abort.yaml
│ │ │ │ ├── virtual-service-ratings-test-delay.yaml
│ │ │ │ ├── virtual-service-reviews-50-v3.yaml
│ │ │ │ ├── virtual-service-reviews-test-v2.yaml
│ │ │ │ └── virtual-service-reviews-v3.yaml
│ │ │ ├── network-policy/
│ │ │ │ ├── calico.yaml
│ │ │ │ └── calico_resources/
│ │ │ │ ├── allow-ui-client.yaml
│ │ │ │ ├── allow-ui.yaml
│ │ │ │ ├── backend-policy.yaml
│ │ │ │ ├── backend.yaml
│ │ │ │ ├── client.yaml
│ │ │ │ ├── default-deny.yaml
│ │ │ │ ├── frontend-policy.yaml
│ │ │ │ ├── frontend.yaml
│ │ │ │ ├── management-ui.yaml
│ │ │ │ └── namespace.yaml
│ │ │ └── nginx-app/
│ │ │ └── nginx-nlb.yaml
│ │ ├── 步骤1-准备实验环境.md
│ │ ├── 步骤10-可用性-健康检查.md
│ │ ├── 步骤11-使用Calio加固EKS集群安全.md
│ │ ├── 步骤12-EFK日志收集.md
│ │ ├── 步骤13-Prometheus&Grafana监控.md
│ │ ├── 步骤14-在EKS集群上部署Istio服务网格.md
│ │ ├── 步骤2-创建EKS集群.md
│ │ ├── 步骤3-部署官方的KubernetesDashboard.md
│ │ ├── 步骤4-部署微服务以及配置ALBIngressController.md
│ │ ├── 步骤5-配置使用EBS.md
│ │ ├── 步骤6-配置使用EFS.md
│ │ ├── 步骤7-在EKS中使用IAMRole进行权限管理.md
│ │ ├── 步骤8-对应用Pod和集群进行自动扩展.md
│ │ └── 步骤9-使用Helm部署应用.md
│ ├── 2020_GCR_Kubeflow_Workshop/
│ │ ├── Kubeflow_Pipelines.md
│ │ ├── Kubeflow_fairing.md
│ │ ├── README.md
│ │ ├── resources/
│ │ │ └── mnist-tensorflow-jupyter.py
│ │ ├── 创建和使用jupter笔记本.md
│ │ ├── 安装Kubeflow.md
│ │ └── 清理资源.md
│ └── 2021_GCR_Kubeflow_on_EKS/
│ ├── Kubeflow on AWS EKS (GCR Region) 部署.md
│ ├── resource/
│ │ ├── app1.yaml
│ │ ├── aws-alb-config-map.yaml
│ │ ├── dex-config.yaml
│ │ ├── ingress-iam-policy.json
│ │ ├── kfctl_aws.v1.2.0.yaml
│ │ ├── kfctl_aws.v1.2.0.yaml.tpl
│ │ ├── kubeflow-workshop-eks.yaml
│ │ ├── mutating-webhook.yaml
│ │ └── s3-kubeflow-on-eks-app1.json
│ └── resource.tgz
└── global/
├── 2019_GCR_EKS_Workshop/
│ ├── README.md
│ ├── 步骤1-通过AWS Cloud9搭建服务器环境.md
│ ├── 步骤2-设置默认region, 安装eksctl, kubectl工具.md
│ ├── 步骤3-创建EKS集群(启用按需实例和Fargate).md
│ ├── 步骤4-部署示例应用,通过HPA测试Fargate弹性伸缩功能.md
│ └── 步骤5-在EKS中使用IAM Role进行权限管理(可选).md
├── 2020_GCR_SZ_ContainerDay/
│ ├── README.md
│ ├── docker/
│ │ ├── Lab2-Docker 基本操作.md
│ │ ├── Lab3-使用Docker 运行Web服务.md
│ │ └── Lab4-多容器管理实践.md
│ ├── resources/
│ │ ├── IRSA/
│ │ │ └── iam-pod.yaml
│ │ ├── alb-ingress-controller/
│ │ │ ├── alb-ingress-controller.yaml
│ │ │ ├── iam-policy.json
│ │ │ ├── nginx-alb-ingress.yaml
│ │ │ └── rbac-role.yaml
│ │ ├── aws-ebs-csi-driver/
│ │ │ ├── aws-ebs-csi-driver/
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates/
│ │ │ │ │ ├── NOTES.txt
│ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ ├── daemonset.yaml
│ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ ├── rbac.yaml
│ │ │ │ │ ├── serviceaccount.yaml
│ │ │ │ │ └── statefulset.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── deploy/
│ │ │ │ └── kubernetes/
│ │ │ │ ├── base/
│ │ │ │ │ ├── controller.yaml
│ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── node.yaml
│ │ │ │ │ └── rbac.yaml
│ │ │ │ ├── cluster/
│ │ │ │ │ └── crd_snapshotter.yaml
│ │ │ │ ├── overlays/
│ │ │ │ │ ├── alpha/
│ │ │ │ │ │ ├── controller_add_resizer.yaml
│ │ │ │ │ │ ├── controller_add_snapshotter.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── rbac_add_resizer.yaml
│ │ │ │ │ │ ├── rbac_add_snapshot_controller.yaml
│ │ │ │ │ │ ├── rbac_add_snapshotter.yaml
│ │ │ │ │ │ └── snapshot_controller.yaml
│ │ │ │ │ ├── dev/
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── stable/
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── secret.yaml
│ │ │ ├── ebs-csi-iam-policy.json
│ │ │ ├── examples/
│ │ │ │ └── kubernetes/
│ │ │ │ ├── block-volume/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── pod.yaml
│ │ │ │ │ ├── raw-claim.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ ├── dynamic-provisioning/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ ├── pod.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ ├── resizing/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── spec/
│ │ │ │ │ └── example.yaml
│ │ │ │ ├── snapshot/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── claim.yaml
│ │ │ │ │ │ └── pod.yaml
│ │ │ │ │ ├── classes/
│ │ │ │ │ │ ├── snapshotclass.yaml
│ │ │ │ │ │ └── storageclass.yaml
│ │ │ │ │ ├── snapshot/
│ │ │ │ │ │ └── snapshot.yaml
│ │ │ │ │ ├── snapshot-import/
│ │ │ │ │ │ ├── volume-snapshot-content.yaml
│ │ │ │ │ │ └── volume-snapshot.yaml
│ │ │ │ │ └── snapshot-restore/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ └── pod.yaml
│ │ │ │ ├── static-provisioning/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ └── example.yaml
│ │ │ │ └── storageclass/
│ │ │ │ ├── README.md
│ │ │ │ └── specs/
│ │ │ │ └── example.yaml
│ │ │ └── updaterole.sh
│ │ ├── cluster-autoscaler/
│ │ │ ├── cluster_autoscaler.yml
│ │ │ ├── cluster_autoscaler.yml.orgin
│ │ │ ├── k8s-asg-policy.json
│ │ │ └── nginx-to-scaleout.yaml
│ │ └── hpa/
│ │ ├── metrics-server-v0.3.6/
│ │ │ ├── .gitignore
│ │ │ ├── .golangci.yml
│ │ │ ├── .travis.yml
│ │ │ ├── CONTRIBUTING.md
│ │ │ ├── LICENSE
│ │ │ ├── Makefile
│ │ │ ├── OWNERS
│ │ │ ├── OWNERS_ALIASES
│ │ │ ├── README.md
│ │ │ ├── SECURITY_CONTACTS
│ │ │ ├── code-of-conduct.md
│ │ │ └── deploy/
│ │ │ ├── 1.7/
│ │ │ │ ├── auth-delegator.yaml
│ │ │ │ ├── auth-reader.yaml
│ │ │ │ ├── metrics-apiservice.yaml
│ │ │ │ ├── metrics-server-deployment.yaml
│ │ │ │ └── metrics-server-service.yaml
│ │ │ ├── 1.8+/
│ │ │ │ ├── aggregated-metrics-reader.yaml
│ │ │ │ ├── auth-delegator.yaml
│ │ │ │ ├── auth-reader.yaml
│ │ │ │ ├── metrics-apiservice.yaml
│ │ │ │ ├── metrics-server-deployment.yaml
│ │ │ │ ├── metrics-server-service.yaml
│ │ │ │ └── resource-reader.yaml
│ │ │ └── docker/
│ │ │ └── Dockerfile
│ │ └── php-apache.yaml
│ ├── resources.tgz
│ ├── 步骤1-通过AWS Cloud9搭建服务器环境.md
│ ├── 步骤2-设置默认region, 安装eksctl, kubectl工具.md
│ ├── 步骤3-创建EKS集群.md
│ ├── 步骤4-配置ALBIngressController.md
│ ├── 步骤5-部署官方的KubernetesDashboard.md
│ ├── 步骤6-使用EBS存储.md
│ ├── 步骤7-在EKS中使用IAMRole进行权限管理.md
│ └── 步骤8-实现应用Pod和集群进行自动扩展.md
├── 2021_GCR_MAD_Day/
│ ├── README.md
│ ├── lab1-serverless/
│ │ ├── 步骤1-从头开始写一个 serverless API.md
│ │ ├── 步骤1-使用serverless 快速构建Express应用.md
│ │ └── 步骤2-使用serverless 快速构建Express应用.md
│ ├── lab2-eks/
│ │ ├── 步骤1-设置默认region, 安装eksctl, kubectl工具.md
│ │ ├── 步骤2-创建EKS集群.md
│ │ ├── 步骤3-部署配置aws-load-balancer-controller&2048游戏.md
│ │ ├── 步骤4-可观测性-日志收集.md
│ │ ├── 步骤5-可观测性-prometheus-grafana.md
│ │ ├── 步骤6-使用CodePipeline 实现EKS环境CICD.md
│ │ ├── 步骤7-使用Karpenter实现EKS工作节点弹性伸缩.md
│ │ └── 步骤8-EBS使用.md
│ ├── resources/
│ │ ├── 1.25/
│ │ │ └── eksworkshop.tgz
│ │ ├── aws-load-balancer-controller/
│ │ │ ├── 2048_full_latest.yaml
│ │ │ ├── iam-policy.json
│ │ │ └── v2_2_1_full.yaml
│ │ ├── codepipeline/
│ │ │ ├── aws-auth-patch.yml
│ │ │ └── iam-role-policy
│ │ ├── nginx.yaml
│ │ └── observeration/
│ │ ├── elastisearch.yaml
│ │ ├── fluent-bit.yaml
│ │ ├── grafana.yaml
│ │ └── kibana.yaml
│ └── 通过AWS Cloud9搭建实验环境.md
└── karpenter_handson/
└── 使用Karpenter实现EKS工作节点弹性伸缩.md
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/PULL_REQUEST_TEMPLATE.md
================================================
*Issue #, if available:*
*Description of changes:*
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
================================================
FILE: .gitignore
================================================
.DS_Store
china/.DS_Store
global/.DS_Store
resource/china/ecsdemo-crystal
resource/china/ecsdemo-frontend
resource/china/ecsdemo-nodejs
resource/china/s3-echoer
resource/china/hpa/metrics-server-v0.3.6.tar.gz
resource/china/hpa/metrics-server-v0.3.6/*
================================================
FILE: CODE_OF_CONDUCT.md
================================================
## Code of Conduct
This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
opensource-codeofconduct@amazon.com with any additional questions or comments.
================================================
FILE: CONTRIBUTING.md
================================================
# Contributing Guidelines
Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
documentation, we greatly value feedback and contributions from our community.
Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
information to effectively respond to your bug report or contribution.
## Reporting Bugs/Feature Requests
We welcome you to use the GitHub issue tracker to report bugs or suggest features.
When filing an issue, please check [existing open](https://github.com/aws-samples/eks-workshop-greater-china/issues), or [recently closed](https://github.com/aws-samples/eks-workshop-greater-china/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
* A reproducible test case or series of steps
* The version of our code being used
* Any modifications you've made relevant to the bug
* Anything unusual about your environment or deployment
## Contributing via Pull Requests
Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
1. You are working against the latest source on the *master* branch.
2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
To send us a pull request, please:
1. Fork the repository.
2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
3. Ensure local tests pass.
4. Commit to your fork using clear commit messages.
5. Send us a pull request, answering any default questions in the pull request interface.
6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
## Finding contributions to work on
Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-samples/eks-workshop-greater-china/labels/help%20wanted) issues is a great place to start.
## Code of Conduct
This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
opensource-codeofconduct@amazon.com with any additional questions or comments.
## Security issue notifications
If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
## Licensing
See the [LICENSE](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
================================================
FILE: LICENSE
================================================
Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
================================================
FILE: README.md
================================================
## AWS GCR EKS Resource
[AWS EKS集群使用Karpenter实现EC2工作节点弹性伸缩](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/karpenter_handson/%E4%BD%BF%E7%94%A8Karpenter%E5%AE%9E%E7%8E%B0EKS%E5%B7%A5%E4%BD%9C%E8%8A%82%E7%82%B9%E5%BC%B9%E6%80%A7%E4%BC%B8%E7%BC%A9.md)
[Kubernetes 节点弹性伸缩开源组件 Karpenter 实践:部署GPU推理应用](https://aws.amazon.com/cn/blogs/china/kubernetes-node-elastic-scaling-open-source-component-karpenter-practice-deploying-gpu-inference-applications/)
[Kubernetes 节点弹性伸缩开源组件 Karpenter 实践:使用 Spot 实例进行成本优化](https://aws.amazon.com/cn/blogs/china/kubernetes-node-elastic-scaling-open-source-component-karpenter-practice-cost-optimization-using-spot-instance/)
[Unreal Engine 像素流送在g4dn上实现容器化部署实践(二)](https://aws.amazon.com/cn/blogs/china/practice-of-container-deployment-of-unreal-engine-pixel-streaming-on-g4dn-ii/)
#### China Region Workshop Resource
***
#### Tech Day 资料:
[AWS GCR 2020 EKS Launch Hands-on Workshop](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/README.md)
1. [步骤1-准备实验环境](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤1-准备实验环境.md)
2. [步骤2-创建EKS集群](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤2-创建EKS集群.md)
3. [步骤3-部署官方的KubernetesDashboard](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤3-部署官方的KubernetesDashboard.md)
4. [步骤4-部署微服务以及配置ALBIngressController](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤4-部署微服务以及配置ALBIngressController.md)
5. [步骤5-配置使用EBS](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤5-配置使用EBS.md)
6. [步骤6-配置使用EFS](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤6-配置使用EFS.md)
7. [步骤7-在EKS中使用IAMRole进行权限管理](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤7-在EKS中使用IAMRole进行权限管理.md)
8. [步骤8-对应用Pod和集群进行自动扩展](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤8-对应用Pod和集群进行自动扩展.md)
9. [步骤9-使用Helm部署应用](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤9-使用Helm部署应用.md)
10. [步骤10-可用性-健康检查](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤10-可用性-健康检查.md)
11. [步骤11-使用Calio加固EKS集群安全](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤11-使用Calio加固EKS集群安全.md)
12. [步骤12 使用EFK收集、处理日志](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤12-EFK日志收集.md)
13. [步骤13 部署Prometheus & Grafana监控](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤13-Prometheus&Grafana监控.md)
14. [步骤14 在EKS集群上部署Istio 服务网格](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_EKS_Launch_Workshop/步骤14-在EKS集群上部署Istio服务网格.md)
[2020_GCR_Kuberflow_Workshop](https://github.com/aws-samples/eks-workshop-greater-china/tree/master/china/2020_GCR_Kubeflow_Workshop)
1. [安装kubeflow](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_GCR_Kubeflow_Workshop/%E5%AE%89%E8%A3%85Kubeflow.md)
2. [创建和使用jupter笔记本.md](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_GCR_Kubeflow_Workshop/%E5%88%9B%E5%BB%BA%E5%92%8C%E4%BD%BF%E7%94%A8jupter%E7%AC%94%E8%AE%B0%E6%9C%AC.md)
3. [使用Kubeflow fairing](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_GCR_Kubeflow_Workshop/Kubeflow_fairing.md)
4. [使用Kubeflow pipeline](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/china/2020_GCR_Kubeflow_Workshop/Kubeflow_Pipelines.md)
#### Global Region Workshop Resource
***
#### Tech Day 资料:
[AWS 2021 Modern Application Development(MAD) Day](https://github.com/aws-samples/eks-workshop-greater-china/tree/master/global/2021_GCR_MAD_Day)
[通过Cloud9搭建准备实验环境](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/%E9%80%9A%E8%BF%87AWS%20Cloud9%E6%90%AD%E5%BB%BA%E5%AE%9E%E9%AA%8C%E7%8E%AF%E5%A2%83.md)
Lab1 Serverless
1. [步骤1-从头开始写一个 serverless API](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/lab2-eks/%E6%AD%A5%E9%AA%A41-%E8%AE%BE%E7%BD%AE%E9%BB%98%E8%AE%A4region%2C%20%E5%AE%89%E8%A3%85eksctl%2C%20kubectl%E5%B7%A5%E5%85%B7.md)
2. [步骤2-使用serverless 快速构建Express应用](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/lab1-serverless/%E6%AD%A5%E9%AA%A41-%E4%BD%BF%E7%94%A8serverless%20%E5%BF%AB%E9%80%9F%E6%9E%84%E5%BB%BAExpress%E5%BA%94%E7%94%A8.md)
Lab2 EKS 动手训练营
1. [步骤1-设置默认region, 安装eksctl, kubectl工具](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/lab2-eks/%E6%AD%A5%E9%AA%A41-%E8%AE%BE%E7%BD%AE%E9%BB%98%E8%AE%A4region%2C%20%E5%AE%89%E8%A3%85eksctl%2C%20kubectl%E5%B7%A5%E5%85%B7.md)
2. [步骤2, 创建EKS集群](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/lab2-eks/%E6%AD%A5%E9%AA%A42-%E5%88%9B%E5%BB%BAEKS%E9%9B%86%E7%BE%A4.md)
3. [步骤3, 配置aws-load-balancer-controller&部署2048游戏](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/lab2-eks/%E6%AD%A5%E9%AA%A43-%E9%83%A8%E7%BD%B2%E9%85%8D%E7%BD%AEaws-load-balancer-controller%262048%E6%B8%B8%E6%88%8F.md)
4. [步骤4-可观测性-日志收集](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/lab2-eks/%E6%AD%A5%E9%AA%A44-%E5%8F%AF%E8%A7%82%E6%B5%8B%E6%80%A7-%E6%97%A5%E5%BF%97%E6%94%B6%E9%9B%86.md)
5. [步骤5-可观测性-prometheus-grafana.md](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/lab2-eks/%E6%AD%A5%E9%AA%A45-%E5%8F%AF%E8%A7%82%E6%B5%8B%E6%80%A7-prometheus-grafana.md)
6. [步骤6-使用CodePipeline 实现EKS环境CICD.md](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/lab2-eks/%E6%AD%A5%E9%AA%A46-%E4%BD%BF%E7%94%A8CodePipeline%20%E5%AE%9E%E7%8E%B0EKS%E7%8E%AF%E5%A2%83CICD.md)
7. [步骤7 使用Karpenter实现EKS工作节点弹性伸缩](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2021_GCR_MAD_Day/lab2-eks/%E6%AD%A5%E9%AA%A47-%E4%BD%BF%E7%94%A8Karpenter%E5%AE%9E%E7%8E%B0EKS%E5%B7%A5%E4%BD%9C%E8%8A%82%E7%82%B9%E5%BC%B9%E6%80%A7%E4%BC%B8%E7%BC%A9.md)
[AWS GCR 2020 Container Day](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2020_GCR_SZ_ContainerDay/README.md)
1. [步骤1 , 通过Cloud9搭建准备实验环境](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2020_GCR_SZ_ContainerDay/%E6%AD%A5%E9%AA%A41-%E9%80%9A%E8%BF%87AWS%20Cloud9%E6%90%AD%E5%BB%BA%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%8E%AF%E5%A2%83.md)
2. [步骤2, 安装eksctl, kubectl , jq等工具](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2020_GCR_SZ_ContainerDay/%E6%AD%A5%E9%AA%A42-%E8%AE%BE%E7%BD%AE%E9%BB%98%E8%AE%A4region%2C%20%E5%AE%89%E8%A3%85eksctl%2C%20kubectl%E5%B7%A5%E5%85%B7.md)
3. [步骤3, 创建EKS集群](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2020_GCR_SZ_ContainerDay/%E6%AD%A5%E9%AA%A43-%E5%88%9B%E5%BB%BAEKS%E9%9B%86%E7%BE%A4.md)
4. [步骤4, 使用ALB Ingress](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2020_GCR_SZ_ContainerDay/%E6%AD%A5%E9%AA%A44-%E9%85%8D%E7%BD%AEALBIngressController.md)
5. [步骤5,使用Kubernetes Dashboard](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2020_GCR_SZ_ContainerDay/%E6%AD%A5%E9%AA%A45-%E9%83%A8%E7%BD%B2%E5%AE%98%E6%96%B9%E7%9A%84KubernetesDashboard.md)
6. [步骤6,使用EBS存储](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2020_GCR_SZ_ContainerDay/%E6%AD%A5%E9%AA%A46-%E4%BD%BF%E7%94%A8EBS%E5%AD%98%E5%82%A8.md)
7. [步骤7, IRSA(可选)](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2020_GCR_SZ_ContainerDay/%E6%AD%A5%E9%AA%A47-%E5%9C%A8EKS%E4%B8%AD%E4%BD%BF%E7%94%A8IAMRole%E8%BF%9B%E8%A1%8C%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86.md)
8. [步骤8, 实现应用Pod和集群进行自动扩展(可选)](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2020_GCR_SZ_ContainerDay/%E6%AD%A5%E9%AA%A48-%E5%AE%9E%E7%8E%B0%E5%BA%94%E7%94%A8Pod%E5%92%8C%E9%9B%86%E7%BE%A4%E8%BF%9B%E8%A1%8C%E8%87%AA%E5%8A%A8%E6%89%A9%E5%B1%95.md)
[AWS GCR 2019 EKS New Feature Workshop](https://github.com/aws-samples/eks-workshop-greater-china/tree/master/global/2019_GCR_EKS_Workshop)
1. [步骤1: 通过AWSCloud9搭建服务器环境](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2019_GCR_EKS_Workshop/%E6%AD%A5%E9%AA%A41-%E9%80%9A%E8%BF%87AWS%20Cloud9%E6%90%AD%E5%BB%BA%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%8E%AF%E5%A2%83.md)
2. [步骤2: 设置默认region, 安装eksctl,kubectl工具](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2019_GCR_EKS_Workshop/%E6%AD%A5%E9%AA%A42-%E8%AE%BE%E7%BD%AE%E9%BB%98%E8%AE%A4region%2C%20%E5%AE%89%E8%A3%85eksctl%2C%20kubectl%E5%B7%A5%E5%85%B7.md)
3. [步骤3: 创建EKS集群(启用按需实例和Fargate)](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2019_GCR_EKS_Workshop/%E6%AD%A5%E9%AA%A43-%E5%88%9B%E5%BB%BAEKS%E9%9B%86%E7%BE%A4(%E5%90%AF%E7%94%A8%E6%8C%89%E9%9C%80%E5%AE%9E%E4%BE%8B%E5%92%8CFargate).md)
4. [步骤4: 部署示例应用,通过HPA测试Fargate弹性伸缩功能](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2019_GCR_EKS_Workshop/%E6%AD%A5%E9%AA%A44-%E9%83%A8%E7%BD%B2%E7%A4%BA%E4%BE%8B%E5%BA%94%E7%94%A8%EF%BC%8C%E9%80%9A%E8%BF%87HPA%E6%B5%8B%E8%AF%95Fargate%E5%BC%B9%E6%80%A7%E4%BC%B8%E7%BC%A9%E5%8A%9F%E8%83%BD.md)
5. [步骤5: 在EKS中使用IAM Role进行权限管理](https://github.com/aws-samples/eks-workshop-greater-china/blob/master/global/2019_GCR_EKS_Workshop/%E6%AD%A5%E9%AA%A45-%E5%9C%A8EKS%E4%B8%AD%E4%BD%BF%E7%94%A8IAM%20Role%E8%BF%9B%E8%A1%8C%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86(%E5%8F%AF%E9%80%89).md)
## Other Resource
- [Amazon EKS 入门](https://docs.aws.amazon.com/zh_cn/eks/latest/userguide/getting-started.html)
- [eksworkshop.com](https://eksworkshop.com/)
- [eksctl doc](https://eksctl.io/)
## License Summary
This sample code is made available under the MIT-0 license. See the LICENSE file.
================================================
FILE: china/2020_EKS_Launch_Workshop/README.md
================================================
# AWS EKS China Region Launch Hands-on Workshop
* 概要
在本练习中,您将学习如何使用创建、管理AWS EKS平台,并学会如何在EKS中创建集群并使用使用托管节点组/非托管节点组,在实验中我们还会学习到如何Kubernets 如何与Amazon IAM一起进行权限管理, 如何使用Horizental Pod Autoscaler (HPA)进行Pod的自动扩展,等等常见EKS操作。
在此教程中,您将完成以下实验:
* [步骤1-准备实验环境](步骤1-准备实验环境.md)
* [步骤2-创建EKS集群](步骤2-创建EKS集群.md)
* [步骤3-部署官方的KubernetesDashboard](步骤3-部署官方的KubernetesDashboard.md)
* [步骤4-部署微服务以及配置ALBIngressController](步骤4-部署微服务以及配置ALBIngressController.md)
* [步骤5-配置使用EBS](步骤5-配置使用EBS.md)
* [步骤6-配置使用EFS](步骤6-配置使用EFS.md)
* [步骤7-在EKS中使用IAMRole进行权限管理](步骤7-在EKS中使用IAMRole进行权限管理.md)
* [步骤8-对应用Pod和集群进行自动扩展](步骤8-对应用Pod和集群进行自动扩展.md)
* [步骤9-使用Helm部署应用](步骤9-使用Helm部署应用.md)
* [步骤10-可用性-健康检查](步骤10-可用性-健康检查.md)
* [步骤11-使用Calio加固EKS集群安全](步骤11-使用Calio加固EKS集群安全.md)
* [步骤12 使用EFK收集、处理日志](步骤12-EFK日志收集.md)
* [步骤13 部署Prometheus & Grafana监控](步骤13-Prometheus&Grafana监控.md)
* [步骤14 在EKS集群上部署Istio 服务网格](步骤14-在EKS集群上部署Istio服务网格.md)
本实验使用宁夏ZHY(cn-northwest-1)Region
本文所需要的资源均在 china/2020_EKS_Lanuch_Workshop/resource/目录
>请下载本git repository
```bash
git clone https://github.com/aws-samples/eks-workshop-greater-china.git
```
**重要说明:** 本实验中使用到的gcr.io/k8s.gcr.io, quay.io镜像如果国内无法直接访问,请使用第三方image镜像或者个人dockerhub仓库,(可参考2.4 中国区镜像处理章节配置自动修改模式或者在实验中自行编辑对应的yaml文件).
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/IRSA/iam-pod.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: s3-echoer
spec:
serviceAccountName: s3-echoer
containers:
- name: main
image: atlassian/pipelines-awscli
command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']
env:
- name: AWS_DEFAULT_REGION
value: "cn-northwest-1"
- name: ENABLE_IRP
value: "true"
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/alb-ingress-controller/alb-ingress-controller.yaml
================================================
# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.
# This manifest details sensible defaults for deploying an ALB Ingress Controller.
# GitHub: https://github.com/kubernetes-sigs/aws-alb-ingress-controller
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
# Namespace the ALB Ingress Controller should run in. Does not impact which
# namespaces it's able to resolve ingress resource for. For limiting ingress
# namespace scope, see --watch-namespace.
namespace: kube-system
spec:
selector:
matchLabels:
app.kubernetes.io/name: alb-ingress-controller
template:
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
spec:
containers:
- name: alb-ingress-controller
args:
# Limit the namespace where this ALB Ingress Controller deployment will
# resolve ingress resources. If left commented, all namespaces are used.
# - --watch-namespace=your-k8s-namespace
# Setting the ingress-class flag below ensures that only ingress resources with the
# annotation kubernetes.io/ingress.class: "alb" are respected by the controller. You may
# choose any class you'd like for this controller to respect.
- --ingress-class=alb
# REQUIRED
# Name of your cluster. Used when naming resources created
# by the ALB Ingress Controller, providing distinction between
# clusters.
- --cluster-name=eksworkshop
# AWS VPC ID this ingress controller will use to create AWS resources.
# If unspecified, it will be discovered from ec2metadata.
# - --aws-vpc-id=vpc-xxxxxx
- --aws-vpc-id=<你的vpc-id>
# AWS region this ingress controller will operate in.
# If unspecified, it will be discovered from ec2metadata.
# List of regions: http://docs.aws.amazon.com/general/latest/gr/rande.html#vpc_region
- --aws-region=cn-northwest-1
# Enables logging on all outbound requests sent to the AWS API.
# If logging is desired, set to true.
# - --aws-api-debug
# Maximum number of times to retry the aws calls.
# defaults to 10.
# - --aws-max-retries=10
# 如果你在中国区使用alb-ingress-controller 1.1.7以及以上版本 需要禁用
#- --feature-gates=waf=false,wafv2=false
env:
- name: AWS_REGION
value: cn-northwest-1
# AWS key id for authenticating with the AWS API.
# This is only here for examples. It's recommended you instead use
# a project like kube2iam for granting access.
#- name: AWS_ACCESS_KEY_ID
# value: KEYVALUE
# AWS key secret for authenticating with the AWS API.
# This is only here for examples. It's recommended you instead use
# a project like kube2iam for granting access.
#- name: AWS_SECRET_ACCESS_KEY
# value: SECRETVALUE
# Repository location of the ALB Ingress Controller.
image: docker.io/amazon/aws-alb-ingress-controller:v1.1.5
serviceAccountName: alb-ingress-controller
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/alb-ingress-controller/ingress-iam-policy.json
================================================
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm:GetCertificate"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInternetGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcs",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:AddListenerCertificates",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListenerCertificates",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeSSLPolicies",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:RemoveListenerCertificates",
"elasticloadbalancing:RemoveTags",
"elasticloadbalancing:SetIpAddressType",
"elasticloadbalancing:SetSecurityGroups",
"elasticloadbalancing:SetSubnets",
"elasticloadbalancing:SetWebACL"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole",
"iam:GetServerCertificate",
"iam:ListServerCertificates"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cognito-idp:DescribeUserPoolClient"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"tag:GetResources",
"tag:TagResources"
],
"Resource": "*"
}
]
}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/alb-ingress-controller/nginx-alb-ingress.yaml
================================================
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment-ingress
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: "service-nginx-clusterip"
spec:
selector:
app: nginx
#type: ClusterIP
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "alb-ingress"
namespace: "default"
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
#alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/target-type: instance
labels:
app: nginx
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: "service-nginx-clusterip"
servicePort: 80
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/alb-ingress-controller/rbac-role.yaml
================================================
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
rules:
- apiGroups:
- ""
- extensions
resources:
- configmaps
- endpoints
- events
- ingresses
- ingresses/status
- services
verbs:
- create
- get
- list
- update
- watch
- patch
- apiGroups:
- ""
- extensions
resources:
- nodes
- pods
- secrets
- services
- namespaces
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: alb-ingress-controller
subjects:
- kind: ServiceAccount
name: alb-ingress-controller
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: alb-ingress-controller
name: alb-ingress-controller
namespace: kube-system
...
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/Chart.yaml
================================================
apiVersion: v1
appVersion: "0.5.0"
name: aws-ebs-csi-driver
description: A Helm chart for AWS EBS CSI Driver
version: 0.3.0
kubeVersion: ">=1.13.0-0"
home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
sources:
- https://github.com/kubernetes-sigs/aws-ebs-csi-driver
keywords:
- aws
- ebs
- csi
maintainers:
- name: leakingtapan
email: chengpan@amazon.com
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/NOTES.txt
================================================
To verify that aws-ebs-csi-driver has started, run:
kubectl get pod -n kube-system -l "app.kubernetes.io/name={{ include "aws-ebs-csi-driver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/_helpers.tpl
================================================
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "aws-ebs-csi-driver.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "aws-ebs-csi-driver.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "aws-ebs-csi-driver.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "aws-ebs-csi-driver.labels" -}}
app.kubernetes.io/name: {{ include "aws-ebs-csi-driver.name" . }}
helm.sh/chart: {{ include "aws-ebs-csi-driver.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Convert the `--extra-volume-tags` command line arg from a map.
*/}}
{{- define "aws-ebs-csi-driver.extra-volume-tags" -}}
{{- $result := dict "pairs" (list) -}}
{{- range $key, $value := .Values.extraVolumeTags -}}
{{- $noop := printf "%s=%s" $key $value | append $result.pairs | set $result "pairs" -}}
{{- end -}}
{{- if gt (len $result.pairs) 0 -}}
- --extra-volume-tags={{- join "," $result.pairs -}}
{{- end -}}
{{- end -}}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/csidriver.yaml
================================================
apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
name: ebs.csi.aws.com
spec:
attachRequired: true
podInfoOnMount: false
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/daemonset.yaml
================================================
# Node Service
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ebs-csi-node
namespace: kube-system
spec:
selector:
matchLabels:
app: ebs-csi-node
app.kubernetes.io/name: {{ include "aws-ebs-csi-driver.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app: ebs-csi-node
app.kubernetes.io/name: {{ include "aws-ebs-csi-driver.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.node.podAnnotations }}
annotations: {{ toYaml .Values.node.podAnnotations | nindent 8 }}
{{- end }}
spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
{{- with .Values.node.tolerations }}
{{ toYaml . | indent 8 }}
{{- end }}
containers:
- name: ebs-plugin
securityContext:
privileged: true
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
args:
- node
- --endpoint=$(CSI_ENDPOINT)
- --logtostderr
- --v=5
env:
- name: CSI_ENDPOINT
value: unix:/csi/csi.sock
volumeMounts:
- name: kubelet-dir
mountPath: /var/lib/kubelet
mountPropagation: "Bidirectional"
- name: plugin-dir
mountPath: /csi
- name: device-dir
mountPath: /dev
ports:
- name: healthz
containerPort: 9808
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
- name: node-driver-registrar
image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrarImage.repository .Values.sidecars.nodeDriverRegistrarImage.tag }}
args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --v=5
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"]
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
- name: liveness-probe
image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }}
args:
- --csi-address=/csi/csi.sock
volumeMounts:
- name: plugin-dir
mountPath: /csi
volumes:
- name: kubelet-dir
hostPath:
path: /var/lib/kubelet
type: Directory
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/ebs.csi.aws.com/
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
- name: device-dir
hostPath:
path: /dev
type: Directory
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/deployment.yaml
================================================
# Controller Service
kind: Deployment
apiVersion: apps/v1
metadata:
name: ebs-csi-controller
namespace: kube-system
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: ebs-csi-controller
app.kubernetes.io/name: {{ include "aws-ebs-csi-driver.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app: ebs-csi-controller
app.kubernetes.io/name: {{ include "aws-ebs-csi-driver.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.podAnnotations }}
annotations: {{ toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
spec:
nodeSelector:
beta.kubernetes.io/os: linux
{{- with .Values.nodeSelector }}
{{ toYaml . | indent 8 }}
{{- end }}
serviceAccountName: ebs-csi-controller-sa
priorityClassName: system-cluster-critical
{{- with .Values.affinity }}
affinity: {{ toYaml . | nindent 8 }}
{{- end }}
tolerations:
- operator: Exists
{{- with .Values.tolerations }}
{{ toYaml . | indent 8 }}
{{- end }}
containers:
- name: ebs-plugin
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- controller
- --endpoint=$(CSI_ENDPOINT)
{{ include "aws-ebs-csi-driver.extra-volume-tags" . }}
- --logtostderr
- --v=5
env:
- name: CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-secret
key: key_id
optional: true
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-secret
key: access_key
optional: true
{{- if .Values.region }}
- name: AWS_REGION
value: {{ .Values.region }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
ports:
- name: healthz
containerPort: 9808
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
{{- with .Values.resources }}
resources: {{ toYaml . | nindent 12 }}
{{- end }}
- name: csi-provisioner
image: {{ printf "%s:%s" .Values.sidecars.provisionerImage.repository .Values.sidecars.provisionerImage.tag }}
args:
- --csi-address=$(ADDRESS)
- --v=5
{{- if .Values.enableVolumeScheduling }}
- --feature-gates=Topology=true
{{- end}}
- --enable-leader-election
- --leader-election-type=leases
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-attacher
image: {{ printf "%s:%s" .Values.sidecars.attacherImage.repository .Values.sidecars.attacherImage.tag }}
args:
- --csi-address=$(ADDRESS)
- --v=5
- --leader-election=true
- --leader-election-type=leases
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
{{- if .Values.enableVolumeSnapshot }}
- name: csi-snapshotter
image: {{ printf "%s:%s" .Values.sidecars.snapshotterImage.repository .Values.sidecars.snapshotterImage.tag }}
args:
- --csi-address=$(ADDRESS)
- --leader-election=true
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
{{- end }}
{{- if .Values.enableVolumeResizing }}
- name: csi-resizer
image: {{ printf "%s:%s" .Values.sidecars.resizerImage.repository .Values.sidecars.resizerImage.tag }}
imagePullPolicy: Always
args:
- --csi-address=$(ADDRESS)
- --v=5
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
{{- end }}
- name: liveness-probe
image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }}
args:
- --csi-address=/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /csi
volumes:
- name: socket-dir
emptyDir: {}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/rbac.yaml
================================================
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-provisioner-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-provisioner-binding
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-external-provisioner-role
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-attacher-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-attacher-binding
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-external-attacher-role
apiGroup: rbac.authorization.k8s.io
{{- if .Values.enableVolumeSnapshot }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-snapshotter-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "list", "watch", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-snapshotter-binding
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-external-snapshotter-role
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-snapshot-controller-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-snapshot-controller-binding
subjects:
- kind: ServiceAccount
name: ebs-snapshot-controller
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-snapshot-controller-role
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-snapshot-controller-leaderelection
namespace: kube-system
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-leaderelection
namespace: kube-system
subjects:
- kind: ServiceAccount
name: ebs-snapshot-controller
namespace: kube-system
roleRef:
kind: Role
name: snapshot-controller-leaderelection
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- if .Values.enableVolumeResizing }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-resizer-role
rules:
# The following rule should be uncommented for plugins that require secrets
# for provisioning.
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-resizer-binding
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-external-resizer-role
apiGroup: rbac.authorization.k8s.io
{{- end}}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/serviceaccount.yaml
================================================
apiVersion: v1
kind: ServiceAccount
metadata:
name: ebs-csi-controller-sa
namespace: kube-system
{{- with .Values.serviceAccount.controller.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ebs-snapshot-controller
namespace: kube-system
{{- with .Values.serviceAccount.snapshot.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/statefulset.yaml
================================================
{{- if .Values.enableVolumeSnapshot }}
#Snapshot controller
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: ebs-snapshot-controller
namespace: kube-system
spec:
serviceName: ebs-snapshot-controller
replicas: 1
selector:
matchLabels:
app: ebs-snapshot-controller
template:
metadata:
labels:
app: ebs-snapshot-controller
spec:
serviceAccount: ebs-snapshot-controller
containers:
- name: snapshot-controller
image: quay.io/k8scsi/snapshot-controller:v2.0.1
args:
- --v=5
- --leader-election=false
{{- end }}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/values.yaml
================================================
# Default values for aws-ebs-csi-driver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 2
image:
repository: amazon/aws-ebs-csi-driver
tag: "v0.5.0"
pullPolicy: IfNotPresent
sidecars:
provisionerImage:
repository: quay.io/k8scsi/csi-provisioner
tag: "v1.5.0"
attacherImage:
repository: quay.io/k8scsi/csi-attacher
tag: "v1.2.0"
snapshotterImage:
repository: quay.io/k8scsi/csi-snapshotter
tag: "v2.0.1"
livenessProbeImage:
repository: quay.io/k8scsi/livenessprobe
tag: "v1.1.0"
resizerImage:
repository: quay.io/k8scsi/csi-resizer
tag: "v0.3.0"
nodeDriverRegistrarImage:
repository: quay.io/k8scsi/csi-node-driver-registrar
tag: "v1.1.0"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
# True if enable volume scheduling for dynamic volume provisioning
enableVolumeScheduling: false
# True if enable volume resizing
enableVolumeResizing: false
# True if enable volume snapshot
enableVolumeSnapshot: false
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# Extra volume tags to attach to each dynamically provisioned volume.
# ---
# extraVolumeTags:
# key1: value1
# key2: value2
extraVolumeTags: {}
# AWS region to use. If not specified then the region will be looked up via the AWS EC2 metadata
# service.
# ---
# region: us-east-1
region: ""
node:
podAnnotations: {}
tolerations: []
serviceAccount:
controller:
annotations: {}
snapshot:
annotations: {}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/controller.yaml
================================================
---
# Controller Service
kind: Deployment
apiVersion: apps/v1
metadata:
name: ebs-csi-controller
namespace: kube-system
spec:
replicas: 2
selector:
matchLabels:
app: ebs-csi-controller
template:
metadata:
labels:
app: ebs-csi-controller
spec:
nodeSelector:
beta.kubernetes.io/os: linux
serviceAccount: ebs-csi-controller-sa
priorityClassName: system-cluster-critical
tolerations:
- key: CriticalAddonsOnly
operator: Exists
containers:
- name: ebs-plugin
image: amazon/aws-ebs-csi-driver:latest
args :
# - {all,controller,node} # specify the driver mode
- --endpoint=$(CSI_ENDPOINT)
- --logtostderr
- --v=5
env:
- name: CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-secret
key: key_id
optional: true
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-secret
key: access_key
optional: true
# overwrite the AWS region instead of looking it up dynamically via the AWS EC2 metadata svc
# - name: AWS_REGION
# value: us-east-1
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
ports:
- name: healthz
containerPort: 9808
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
- name: csi-provisioner
image: quay.io/k8scsi/csi-provisioner:v1.5.0
args:
- --csi-address=$(ADDRESS)
- --v=5
- --feature-gates=Topology=true
- --enable-leader-election
- --leader-election-type=leases
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-attacher
image: quay.io/k8scsi/csi-attacher:v1.2.0
args:
- --csi-address=$(ADDRESS)
- --v=5
- --leader-election=true
- --leader-election-type=leases
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: liveness-probe
image: quay.io/k8scsi/livenessprobe:v1.1.0
args:
- --csi-address=/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /csi
volumes:
- name: socket-dir
emptyDir: {}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/csidriver.yaml
================================================
---
apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
name: ebs.csi.aws.com
spec:
attachRequired: true
podInfoOnMount: false
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/kustomization.yaml
================================================
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- controller.yaml
- node.yaml
- rbac.yaml
- csidriver.yaml
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/node.yaml
================================================
---
# Node Service
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ebs-csi-node
namespace: kube-system
spec:
selector:
matchLabels:
app: ebs-csi-node
template:
metadata:
labels:
app: ebs-csi-node
spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
containers:
- name: ebs-plugin
securityContext:
privileged: true
image: amazon/aws-ebs-csi-driver:latest
args:
- --endpoint=$(CSI_ENDPOINT)
- --logtostderr
- --v=5
env:
- name: CSI_ENDPOINT
value: unix:/csi/csi.sock
volumeMounts:
- name: kubelet-dir
mountPath: /var/lib/kubelet
mountPropagation: "Bidirectional"
- name: plugin-dir
mountPath: /csi
- name: device-dir
mountPath: /dev
ports:
- name: healthz
containerPort: 9808
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
- name: node-driver-registrar
image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0
args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --v=5
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"]
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
- name: liveness-probe
image: quay.io/k8scsi/livenessprobe:v1.1.0
args:
- --csi-address=/csi/csi.sock
volumeMounts:
- name: plugin-dir
mountPath: /csi
volumes:
- name: kubelet-dir
hostPath:
path: /var/lib/kubelet
type: Directory
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/ebs.csi.aws.com/
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
- name: device-dir
hostPath:
path: /dev
type: Directory
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/rbac.yaml
================================================
apiVersion: v1
kind: ServiceAccount
metadata:
name: ebs-csi-controller-sa
namespace: kube-system
#Enable if EKS IAM for SA is used
#annotations:
# eks.amazonaws.com/role-arn: arn:aws:iam::586565787010:role/ebs-csi-role
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-provisioner-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-provisioner-binding
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-external-provisioner-role
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-attacher-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-attacher-binding
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-external-attacher-role
apiGroup: rbac.authorization.k8s.io
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/cluster/crd_snapshotter.yaml
================================================
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139"
creationTimestamp: null
name: volumesnapshotclasses.snapshot.storage.k8s.io
spec:
group: snapshot.storage.k8s.io
names:
kind: VolumeSnapshotClass
listKind: VolumeSnapshotClassList
plural: volumesnapshotclasses
singular: volumesnapshotclass
scope: Cluster
preserveUnknownFields: false
validation:
openAPIV3Schema:
description: VolumeSnapshotClass specifies parameters that a underlying storage
system uses when creating a volume snapshot. A specific VolumeSnapshotClass
is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses
are non-namespaced
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
deletionPolicy:
description: deletionPolicy determines whether a VolumeSnapshotContent created
through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot
is deleted. Supported values are "Retain" and "Delete". "Retain" means
that the VolumeSnapshotContent and its physical snapshot on underlying
storage system are kept. "Delete" means that the VolumeSnapshotContent
and its physical snapshot on underlying storage system are deleted. Required.
enum:
- Delete
- Retain
type: string
driver:
description: driver is the name of the storage driver that handles this
VolumeSnapshotClass. Required.
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
parameters:
additionalProperties:
type: string
description: parameters is a key-value map with storage driver specific
parameters for creating snapshots. These values are opaque to Kubernetes.
type: object
required:
- deletionPolicy
- driver
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139"
creationTimestamp: null
name: volumesnapshotcontents.snapshot.storage.k8s.io
spec:
group: snapshot.storage.k8s.io
names:
kind: VolumeSnapshotContent
listKind: VolumeSnapshotContentList
plural: volumesnapshotcontents
singular: volumesnapshotcontent
scope: Cluster
subresources:
status: {}
preserveUnknownFields: false
validation:
openAPIV3Schema:
description: VolumeSnapshotContent represents the actual "on-disk" snapshot
object in the underlying storage system
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
spec:
description: spec defines properties of a VolumeSnapshotContent created
by the underlying storage system. Required.
properties:
deletionPolicy:
description: deletionPolicy determines whether this VolumeSnapshotContent
and its physical snapshot on the underlying storage system should
be deleted when its bound VolumeSnapshot is deleted. Supported values
are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent
and its physical snapshot on underlying storage system are kept. "Delete"
means that the VolumeSnapshotContent and its physical snapshot on
underlying storage system are deleted. In dynamic snapshot creation
case, this field will be filled in with the "DeletionPolicy" field
defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For
pre-existing snapshots, users MUST specify this field when creating
the VolumeSnapshotContent object. Required.
enum:
- Delete
- Retain
type: string
driver:
description: driver is the name of the CSI driver used to create the
physical snapshot on the underlying storage system. This MUST be the
same as the name returned by the CSI GetPluginName() call for that
driver. Required.
type: string
source:
description: source specifies from where a snapshot will be created.
This field is immutable after creation. Required.
properties:
snapshotHandle:
description: snapshotHandle specifies the CSI "snapshot_id" of a
pre-existing snapshot on the underlying storage system. This field
is immutable.
type: string
volumeHandle:
description: volumeHandle specifies the CSI "volume_id" of the volume
from which a snapshot should be dynamically taken from. This field
is immutable.
type: string
type: object
volumeSnapshotClassName:
description: name of the VolumeSnapshotClass to which this snapshot
belongs.
type: string
volumeSnapshotRef:
description: volumeSnapshotRef specifies the VolumeSnapshot object to
which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName
field must reference to this VolumeSnapshotContent's name for the
bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent
object, name and namespace of the VolumeSnapshot object MUST be provided
for binding to happen. This field is immutable after creation. Required.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an
entire object, this string should contain a valid JSON/Go field
access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within
a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]"
(container with index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part of an object.
TODO: this design is not final and this field is subject to change
in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is
made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
required:
- deletionPolicy
- driver
- source
- volumeSnapshotRef
type: object
status:
description: status represents the current information of a snapshot.
properties:
creationTime:
description: creationTime is the timestamp when the point-in-time snapshot
is taken by the underlying storage system. In dynamic snapshot creation
case, this field will be filled in with the "creation_time" value
returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing
snapshot, this field will be filled with the "creation_time" value
returned from the CSI "ListSnapshots" gRPC call if the driver supports
it. If not specified, it indicates the creation time is unknown. The
format of this field is a Unix nanoseconds time encoded as an int64.
On Unix, the command `date +%s%N` returns the current time in nanoseconds
since 1970-01-01 00:00:00 UTC.
format: int64
type: integer
error:
description: error is the latest observed error during snapshot creation,
if any.
properties:
message:
description: 'message is a string detailing the encountered error
during snapshot creation if specified. NOTE: message may be logged,
and it should not contain sensitive information.'
type: string
time:
description: time is the timestamp when the error was encountered.
format: date-time
type: string
type: object
readyToUse:
description: readyToUse indicates if a snapshot is ready to be used
to restore a volume. In dynamic snapshot creation case, this field
will be filled in with the "ready_to_use" value returned from CSI
"CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this
field will be filled with the "ready_to_use" value returned from the
CSI "ListSnapshots" gRPC call if the driver supports it, otherwise,
this field will be set to "True". If not specified, it means the readiness
of a snapshot is unknown.
type: boolean
restoreSize:
description: restoreSize represents the complete size of the snapshot
in bytes. In dynamic snapshot creation case, this field will be filled
in with the "size_bytes" value returned from CSI "CreateSnapshotRequest"
gRPC call. For a pre-existing snapshot, this field will be filled
with the "size_bytes" value returned from the CSI "ListSnapshots"
gRPC call if the driver supports it. When restoring a volume from
this snapshot, the size of the volume MUST NOT be smaller than the
restoreSize if it is specified, otherwise the restoration will fail.
If not specified, it indicates that the size is unknown.
format: int64
minimum: 0
type: integer
snapshotHandle:
description: snapshotHandle is the CSI "snapshot_id" of a snapshot on
the underlying storage system. If not specified, it indicates that
dynamic snapshot creation has either failed or it is still in progress.
type: string
type: object
required:
- spec
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139"
creationTimestamp: null
name: volumesnapshots.snapshot.storage.k8s.io
spec:
group: snapshot.storage.k8s.io
names:
kind: VolumeSnapshot
listKind: VolumeSnapshotList
plural: volumesnapshots
singular: volumesnapshot
scope: Namespaced
subresources:
status: {}
preserveUnknownFields: false
validation:
openAPIV3Schema:
description: VolumeSnapshot is a user's request for either creating a point-in-time
snapshot of a persistent volume, or binding to a pre-existing snapshot.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
spec:
description: 'spec defines the desired characteristics of a snapshot requested
by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots
Required.'
properties:
source:
description: source specifies where a snapshot will be created from.
This field is immutable after creation. Required.
properties:
persistentVolumeClaimName:
description: persistentVolumeClaimName specifies the name of the
PersistentVolumeClaim object in the same namespace as the VolumeSnapshot
object where the snapshot should be dynamically taken from. This
field is immutable.
type: string
volumeSnapshotContentName:
description: volumeSnapshotContentName specifies the name of a pre-existing
VolumeSnapshotContent object. This field is immutable.
type: string
type: object
volumeSnapshotClassName:
description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass
requested by the VolumeSnapshot. If not specified, the default snapshot
class will be used if one exists. If not specified, and there is no
default snapshot class, dynamic snapshot creation will fail. Empty
string is not allowed for this field. TODO(xiangqian): a webhook validation
on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes'
type: string
required:
- source
type: object
status:
description: 'status represents the current information of a snapshot. NOTE:
status can be modified by sources other than system controllers, and must
not be depended upon for accuracy. Controllers should only use information
from the VolumeSnapshotContent object after verifying that the binding
is accurate and complete.'
properties:
boundVolumeSnapshotContentName:
description: 'boundVolumeSnapshotContentName represents the name of
the VolumeSnapshotContent object to which the VolumeSnapshot object
is bound. If not specified, it indicates that the VolumeSnapshot object
has not been successfully bound to a VolumeSnapshotContent object
yet. NOTE: Specified boundVolumeSnapshotContentName alone does not
mean binding is valid. Controllers MUST always verify bidirectional
binding between VolumeSnapshot and VolumeSnapshotContent to
avoid possible security issues.'
type: string
creationTime:
description: creationTime is the timestamp when the point-in-time snapshot
is taken by the underlying storage system. In dynamic snapshot creation
case, this field will be filled in with the "creation_time" value
returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing
snapshot, this field will be filled with the "creation_time" value
returned from the CSI "ListSnapshots" gRPC call if the driver supports
it. If not specified, it indicates that the creation time of the snapshot
is unknown.
format: date-time
type: string
error:
description: error is the last observed error during snapshot creation,
if any. This field could be helpful to upper level controllers(i.e.,
application controller) to decide whether they should continue on
waiting for the snapshot to be created based on the type of error
reported.
properties:
message:
description: 'message is a string detailing the encountered error
during snapshot creation if specified. NOTE: message may be logged,
and it should not contain sensitive information.'
type: string
time:
description: time is the timestamp when the error was encountered.
format: date-time
type: string
type: object
readyToUse:
description: readyToUse indicates if a snapshot is ready to be used
to restore a volume. In dynamic snapshot creation case, this field
will be filled in with the "ready_to_use" value returned from CSI
"CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this
field will be filled with the "ready_to_use" value returned from the
CSI "ListSnapshots" gRPC call if the driver supports it, otherwise,
this field will be set to "True". If not specified, it means the readiness
of a snapshot is unknown.
type: boolean
restoreSize:
description: restoreSize represents the complete size of the snapshot
in bytes. In dynamic snapshot creation case, this field will be filled
in with the "size_bytes" value returned from CSI "CreateSnapshotRequest"
gRPC call. For a pre-existing snapshot, this field will be filled
with the "size_bytes" value returned from the CSI "ListSnapshots"
gRPC call if the driver supports it. When restoring a volume from
this snapshot, the size of the volume MUST NOT be smaller than the
restoreSize if it is specified, otherwise the restoration will fail.
If not specified, it indicates that the size is unknown.
type: string
type: object
required:
- spec
type: object
version: v1beta1
versions:
- name: v1beta1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml
================================================
kind: Deployment
apiVersion: apps/v1
metadata:
name: ebs-csi-controller
namespace: kube-system
spec:
template:
spec:
containers:
- name: csi-resizer
image: quay.io/k8scsi/csi-resizer:v0.3.0
args:
- --csi-address=$(ADDRESS)
- --v=5
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml
================================================
kind: Deployment
apiVersion: apps/v1
metadata:
name: ebs-csi-controller
namespace: kube-system
spec:
template:
spec:
containers:
- name: csi-snapshotter
image: quay.io/k8scsi/csi-snapshotter:v2.0.1
args:
- --csi-address=$(ADDRESS)
- --leader-election=true
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/kustomization.yaml
================================================
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
images:
- name: amazon/aws-ebs-csi-driver
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/aws-ebs-csi-driver
newTag: v0.4.0
- name: quay.io/k8scsi/csi-provisioner
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-provisioner
newTag: v1.3.0
- name: quay.io/k8scsi/csi-attacher
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-attacher
newTag: v1.2.0
- name: quay.io/k8scsi/livenessprobe
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-liveness-probe
newTag: v1.1.0
- name: quay.io/k8scsi/csi-node-driver-registrar
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-node-driver-registrar
newTag: v1.1.0
patches:
- controller_add_snapshotter.yaml
- controller_add_resizer.yaml
resources:
- rbac_add_snapshotter.yaml
- rbac_add_resizer.yaml
- rbac_add_snapshot_controller.yaml
- snapshot_controller.yaml
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml
================================================
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-resizer-role
rules:
# The following rule should be uncommented for plugins that require secrets
# for provisioning.
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-resizer-binding
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-external-resizer-role
apiGroup: rbac.authorization.k8s.io
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller.yaml
================================================
# RBAC file for the snapshot controller.
apiVersion: v1
kind: ServiceAccount
metadata:
name: ebs-snapshot-controller
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-snapshot-controller-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-snapshot-controller-binding
subjects:
- kind: ServiceAccount
name: ebs-snapshot-controller
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-snapshot-controller-role
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-snapshot-controller-leaderelection
namespace: kube-system
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: snapshot-controller-leaderelection
namespace: kube-system
subjects:
- kind: ServiceAccount
name: ebs-snapshot-controller
namespace: kube-system
roleRef:
kind: Role
name: snapshot-controller-leaderelection
apiGroup: rbac.authorization.k8s.io
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml
================================================
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-external-snapshotter-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "list", "watch", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-snapshotter-binding
subjects:
- kind: ServiceAccount
name: ebs-csi-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: ebs-external-snapshotter-role
apiGroup: rbac.authorization.k8s.io
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/snapshot_controller.yaml
================================================
---
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: ebs-snapshot-controller
namespace: kube-system
spec:
serviceName: ebs-snapshot-controller
replicas: 1
selector:
matchLabels:
app: ebs-snapshot-controller
template:
metadata:
labels:
app: ebs-snapshot-controller
spec:
serviceAccount: ebs-snapshot-controller
containers:
- name: snapshot-controller
image: quay.io/k8scsi/snapshot-controller:v2.0.1
args:
- --v=5
- --leader-election=false
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/dev/kustomization.yaml
================================================
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
images:
- name: amazon/aws-ebs-csi-driver
newTag: latest
newName: chengpan/aws-ebs-csi-driver
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/kustomization.yaml
================================================
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
images:
- name: amazon/aws-ebs-csi-driver
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/aws-ebs-csi-driver
newTag: v0.4.0
- name: quay.io/k8scsi/csi-provisioner
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-provisioner
newTag: v1.3.0
- name: quay.io/k8scsi/csi-attacher
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-attacher
newTag: v1.2.0
- name: quay.io/k8scsi/livenessprobe
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-liveness-probe
newTag: v1.1.0
- name: quay.io/k8scsi/csi-node-driver-registrar
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-node-driver-registrar
newTag: v1.1.0
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/secret.yaml
================================================
apiVersion: v1
kind: Secret
metadata:
name: aws-secret
namespace: kube-system
stringData:
key_id: ""
access_key: ""
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/ebs-csi-iam-policy.json
================================================
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AttachVolume",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteSnapshot",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DetachVolume"
],
"Resource": "*"
}
]
}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/block-volume/README.md
================================================
## Raw Block Volume
This example shows how to consume a dynamically-provisioned EBS volume as a raw block device.
### Edit [Persistence Volume Claim Spec](./specs/raw-claim.yaml)
Make sure the `volumeMode` is `Block`.
### Edit [Application Pod](./specs/pod.yaml)
Make sure the pod is consuming the PVC with the defined name and `volumeDevices` is used instead of `volumeMounts`.
### Deploy the Application
```sh
kubectl apply -f examples/kubernetes/block-volume/specs/storageclass.yaml
kubectl apply -f examples/kubernetes/block-volume/specs/raw-claim.yaml
kubectl apply -f examples/kubernetes/block-volume/specs/pod.yaml
```
### Access Block Device
After the objects are created, verify that pod is running:
```sh
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
app 1/1 Running 0 16m
```
Verify the device node is mounted inside the container:
```sh
$ kubectl exec -ti app -- ls -al /dev/xvda
brw-rw---- 1 root disk 202, 23296 Mar 12 04:23 /dev/xvda
```
Write to the device using:
```sh
dd if=/dev/zero of=/dev/xvda bs=1024k count=100
100+0 records in
100+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.0492386 s, 2.1 GB/s
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/block-volume/specs/pod.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
containers:
- name: app
image: busybox
command: ["/bin/sh", "-c"]
args: ["tail -f /dev/null"]
volumeDevices:
- name: data
devicePath: /dev/xvda
volumes:
- name: data
persistentVolumeClaim:
claimName: block-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/block-volume/specs/raw-claim.yaml
================================================
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: block-claim
spec:
accessModes:
- ReadWriteOnce
volumeMode: Block
storageClassName: ebs-sc
resources:
requests:
storage: 10Gi
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/block-volume/specs/storageclass.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/dynamic-provisioning/README.md
================================================
# Dynamic Volume Provisioning
This example shows how to create a EBS volume and consume it from container dynamically.
## Prerequisites
1. Kubernetes 1.13+ (CSI 1.0).
1. The [aws-ebs-csi-driver driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) is installed.
## Usage
1. Create a sample app along with the StorageClass and the PersistentVolumeClaim:
```
kubectl apply -f specs/
```
2. Validate the volume was created and `volumeHandle` contains an EBS volumeID:
```
kubectl describe pv
```
3. Validate the pod successfully wrote data to the volume:
```
kubectl exec -it app cat /data/out.txt
```
4. Cleanup resources:
```
kubectl delete -f specs/
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/dynamic-provisioning/specs/claim.yaml
================================================
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ebs-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: ebs-sc
resources:
requests:
storage: 4Gi
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/dynamic-provisioning/specs/pod.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
containers:
- name: app
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: ebs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/dynamic-provisioning/specs/storageclass.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/resizing/README.md
================================================
## Volume Resizing
This example shows how to resize EBS persistence volume using volume resizing features.
**Note**
1. CSI volume resizing is still alpha as of Kubernetes 1.15
2. EBS has a limit of one volume modification every 6 hours. Refer to [EBS documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVolume.html) for more details.
## Usage
1. Add `allowVolumeExpansion: true` in the StorageClass spec in [example manifest](./specs/example.yaml) to enable volume expansion. You can only expand a PVC if its storage class’s allowVolumeExpansion field is set to true
2. Deploy the example:
```sh
kubectl apply -f specs/
```
3. Verify the volume is created and Pod is running:
```sh
kubectl get pv
kubectl get po app
```
4. Expand the volume size by increasing the capacity in PVC's `spec.resources.requests.storage`:
```sh
kubectl edit pvc ebs-claim
```
Save the result at the end of the edit.
5. Verify that both the persistence volume and persistence volume claim are resized:
```sh
kubectl get pv
kubectl get pvc
```
You should see that both should have the new value relfected in the capacity fields.
6. Verify that the application is continuously running without any interruption:
```sh
kubectl exec -it app cat /data/out.txt
```
7. Cleanup resources:
```
kubectl delete -f specs/
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/resizing/spec/example.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: resize-sc
provisioner: ebs.csi.aws.com
allowVolumeExpansion: true
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ebs-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: resize-sc
resources:
requests:
storage: 4Gi
---
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
containers:
- name: app
image: centos
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: ebs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/README.md
================================================
# Volume Snapshots
## Overview
This driver implements basic volume snapshotting functionality using the [external snapshotter](https://github.com/kubernetes-csi/external-snapshotter) sidecar and creates snapshots of EBS volumes using the `VolumeSnapshot` custom resources.
## Prerequisites
1. Kubernetes 1.13+ (CSI 1.0).
1. The `VolumeSnapshotDataSource` must be set in `--feature-gates=` in the `kube-apiserver`.
1. The [aws-ebs-csi-driver driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) is installed.
### Usage
1. Create the `StorageClass` and `VolumeSnapshotClass`:
```
kubectl apply -f specs/classes/
```
2. Create a sample app and the `PersistentVolumeClaim`:
```
kubectl apply -f specs/app/
```
3. Validate the volume was created and `volumeHandle` contains an EBS volumeID:
```
kubectl describe pv
```
4. Validate the pod successfully wrote data to the volume, taking note of the timestamp of the first entry:
```
kubectl exec -it app cat /data/out.txt
```
5. Create a `VolumeSnapshot` referencing the `PersistentVolumeClaim` name:
```
kubectl apply -f specs/snapshot/
```
6. Wait for the `Ready To Use: true` attribute of the `VolumeSnapshot`:
```
kubectl describe volumesnapshot.snapshot.storage.k8s.io ebs-volume-snapshot
```
7. Delete the existing app:
```
kubectl delete -f specs/app/
```
8. Restore a volume from the snapshot with a `PersistentVolumeClaim` referencing the `VolumeSnapshot` in its `dataSource`:
```
kubectl apply -f specs/snapshot-restore/
```
9. Validate the new pod has the restored data by comparing the timestamp of the first entry to that of in step 4:
```
kubectl exec -it app cat /data/out.txt
```
10. Cleanup resources:
```
kubectl delete -f specs/snapshot-restore
kubectl delete -f specs/snapshot
kubectl delete -f specs/classes
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/app/claim.yaml
================================================
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ebs-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: ebs-sc
resources:
requests:
storage: 4Gi
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/app/pod.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
containers:
- name: app
image: centos
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: ebs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/classes/snapshotclass.yaml
================================================
apiVersion: snapshot.storage.k8s.io/v1beta1
kind: VolumeSnapshotClass
metadata:
name: csi-aws-vsc
driver: ebs.csi.aws.com
deletionPolicy: Delete
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/classes/storageclass.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot/snapshot.yaml
================================================
apiVersion: snapshot.storage.k8s.io/v1beta1
kind: VolumeSnapshot
metadata:
name: ebs-volume-snapshot
spec:
volumeSnapshotClassName: csi-aws-vsc
source:
persistentVolumeClaimName: ebs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot-import/volume-snapshot-content.yaml
================================================
apiVersion: snapshot.storage.k8s.io/v1beta1
kind: VolumeSnapshotContent
metadata:
name: static-snapshot-content
spec:
volumeSnapshotRef:
kind: VolumeSnapshot
name: static-snapshot-demo
namespace: default
source:
snapshotHandle: snap-0fba4d7649d765c50
driver: ebs.csi.aws.com
volumeSnapshotClassName: csi-aws-vsc
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot-import/volume-snapshot.yaml
================================================
apiVersion: snapshot.storage.k8s.io/v1beta1
kind: VolumeSnapshot
metadata:
name: static-snapshot-demo
namespace: default
spec:
volumeSnapshotClassName: csi-aws-vsc
source:
volumeSnapshotContentName: static-snapshot-content
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot-restore/claim.yaml
================================================
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ebs-snapshot-restored-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: ebs-sc
resources:
requests:
storage: 4Gi
dataSource:
name: ebs-volume-snapshot
kind: VolumeSnapshot
apiGroup: snapshot.storage.k8s.io
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot-restore/pod.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
containers:
- name: app
image: centos
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: ebs-snapshot-restored-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/static-provisioning/README.md
================================================
# Static Provisioning
This example shows how to create and consume persistence volume from exising EBS using static provisioning.
## Usage
1. Edit the PersistentVolume spec in [example manifest](./specs/example.yaml). Update `volumeHandle` with EBS volume ID that you are going to use, and update the `fsType` with the filesystem type of the volume. In this example, I have a pre-created EBS volume in us-east-1c availability zone and it is formatted with xfs filesystem.
```
apiVersion: v1
kind: PersistentVolume
metadata:
name: test-pv
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: ebs-sc
csi:
driver: ebs.csi.aws.com
volumeHandle: {volumeId}
fsType: xfs
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: topology.ebs.csi.aws.com/zone
operator: In
values:
- us-east-1c
```
Note that node affinity is used here since EBS volume is created in us-east-1c, hence only node in the same AZ can consume this persisence volume.
2. Deploy the example:
```sh
kubectl apply -f specs/
```
3. Verify application pod is running:
```sh
kubectl describe po app
```
4. Validate the pod successfully wrote data to the volume:
```sh
kubectl exec -it app cat /data/out.txt
```
5. Cleanup resources:
```sh
kubectl delete -f specs/
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/static-provisioning/specs/example.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: test-pv
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
storageClassName: ebs-sc
csi:
driver: ebs.csi.aws.com
volumeHandle: vol-05786ec9ec9526b67
fsType: xfs
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: topology.ebs.csi.aws.com/zone
operator: In
values:
- us-east-1c
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ebs-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: ebs-sc
resources:
requests:
storage: 50Gi
---
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
containers:
- name: app
image: centos
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: ebs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/storageclass/README.md
================================================
# Configuring StorageClass
This example shows how to configure Kubernetes storageclass to provision EBS volumes with various configuration parameters. EBS CSI driver is compatiable with in-tree EBS plugin on StorageClass parameters. For the full list of in-tree EBS plugin parameters, please refer to Kubernetes documentation of [StorageClass Parameter](https://kubernetes.io/docs/concepts/storage/storage-classes/#aws-ebs).
## Usage
1. Edit the StorageClass spec in [example manifest](./specs/example.yaml) and update storageclass parameters to desired value. In this example, a `io1` EBS volume will be created and formatted to `xfs` filesystem with encryption enabled using the default KMS key.
2. Deploy the example:
```sh
kubectl apply -f specs/
```
3. Verify the volume is created:
```sh
kubectl describe pv
```
4. Validate the pod successfully wrote data to the volume:
```sh
kubectl exec -it app cat /data/out.txt
```
5. Cleanup resources:
```sh
kubectl delete -f specs/
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/storageclass/specs/example.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: ebs-sc
provisioner: ebs.csi.aws.com
volumeBindingMode: WaitForFirstConsumer
parameters:
csi.storage.k8s.io/fstype: xfs
type: io1
iopsPerGB: "50"
encrypted: "true"
allowedTopologies:
- matchLabelExpressions:
- key: topology.ebs.csi.aws.com/zone
values:
- us-east-1a
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ebs-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: ebs-sc
resources:
requests:
storage: 4Gi
---
apiVersion: v1
kind: Pod
metadata:
name: app
spec:
containers:
- name: app
image: centos
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: ebs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/updaterole.sh
================================================
echo "CSI Policy ARN| $1"
CSI_ARN=$1
ROLES=$(aws iam list-roles --query 'Roles[?contains(RoleName,`nodegr`)].RoleName' --output text)
for i in $ROLES
do
echo attach [$CSI_ARN] to [$i]
aws iam attach-role-policy \
--policy-arn $CSI_ARN \
--role-name $i \
--region cn-northwest-1
done
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.dockerignore
================================================
vendor/
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve EBS CSI Driver
labels:
---
/kind bug
**What happened?**
**What you expected to happen?**
**How to reproduce it (as minimally and precisely as possible)?**
**Anything else we need to know?**:
**Environment**
- Kubernetes version (use `kubectl version`):
- Driver version:
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/ISSUE_TEMPLATE/enhancement-request.md
================================================
---
name: Enhancement request
about: Suggest an idea for this project
labels:
---
**Is your feature request related to a problem?/Why is this needed**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
/feature
**Describe the solution you'd like in detail**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/ISSUE_TEMPLATE/feature_request.md
================================================
---
name: Feature request
about: Suggest an idea for this project
labels:
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like in detail**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/ISSUE_TEMPLATE/support-request.md
================================================
---
name: Support request
about: Ask questions about the driver
labels:
---
<!--
STOP -- PLEASE READ!
GitHub is not the right place for support requests.
If you're looking for help, post your question on the [Kubernetes Slack ](http://slack.k8s.io/) Sig-AWS Channel.
If the matter is security related, please disclose it privately via https://kubernetes.io/security/.
-->
<!-- DO NOT EDIT BELOW THIS LINE -->
/triage support
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/PULL_REQUEST_TEMPLATE.md
================================================
**Is this a bug fix or adding new feature?**
**What is this PR about? / Why do we need it?**
**What testing is done?**
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/workflows/container-image.yaml
================================================
name: Container Images
on: push
jobs:
build:
# this is to prevent the job to run at forked projects
if: github.repository == 'kubernetes-sigs/aws-efs-csi-driver'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build container image
run: |
docker build -t aws-efs-csi-driver .
- name: Push to Github registry
run: |
USER=$(echo $GITHUB_REPOSITORY | cut -d'/' -f1)
BRANCH=$(echo $GITHUB_REF | cut -d'/' -f3)
IMAGE=aws-efs-csi-driver
if [ "$BRANCH" = "master" ]; then
TAG="latest"
else
TAG=$BRANCH
fi
docker login docker.pkg.github.com -u $USER -p ${{ secrets.REGISTRY_TOKEN }}
docker tag aws-efs-csi-driver docker.pkg.github.com/$GITHUB_REPOSITORY/$IMAGE:$TAG
docker push docker.pkg.github.com/$GITHUB_REPOSITORY/$IMAGE:$TAG
- name: Push to Dockerhub registry
run: |
BRANCH=$(echo $GITHUB_REF | cut -d'/' -f3)
REPO=amazon/aws-efs-csi-driver
if [ "$BRANCH" = "master" ]; then
TAG="latest"
else
TAG=$BRANCH
fi
docker login -u ${{ secrets.DOCKERHUB_USER }} -p ${{ secrets.DOCKERHUB_TOKEN }}
docker tag aws-efs-csi-driver $REPO:$TAG
docker push $REPO:$TAG
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.gitignore
================================================
*.swp
bin/
vendor/
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.travis.yml
================================================
language: go
go_import_path: github.com/kubernetes-sigs/aws-efs-csi-driver
env:
global:
- GO111MODULE=on
go:
- "1.13.4"
before_install:
- go get github.com/mattn/goveralls
script:
- make
- go test -covermode=count -coverprofile=profile.cov $(go list ./pkg/... | grep -v /driver)
# TODO stop skipping controller tests when controller is implemented
- go test -covermode=count -coverprofile=profile.cov ./pkg/driver/... -ginkgo.skip='\[Controller.Server\]'
- $GOPATH/bin/goveralls -coverprofile=profile.cov -service=travis-ci
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/deploy/kubernetes/base/csidriver.yaml
================================================
---
apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
name: efs.csi.aws.com
spec:
attachRequired: false
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/deploy/kubernetes/base/kustomization.yaml
================================================
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kube-system
resources:
- node.yaml
- csidriver.yaml
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/deploy/kubernetes/base/node.yaml
================================================
---
# Node Service
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: efs-csi-node
namespace: kube-system
spec:
selector:
matchLabels:
app: efs-csi-node
template:
metadata:
labels:
app: efs-csi-node
spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
priorityClassName: system-node-critical
tolerations:
- operator: Exists
containers:
- name: efs-plugin
securityContext:
privileged: true
image: amazon/aws-efs-csi-driver:latest
args:
- --endpoint=$(CSI_ENDPOINT)
- --logtostderr
- --v=5
env:
- name: CSI_ENDPOINT
value: unix:/csi/csi.sock
volumeMounts:
- name: kubelet-dir
mountPath: /var/lib/kubelet
mountPropagation: "Bidirectional"
- name: plugin-dir
mountPath: /csi
- name: efs-state-dir
mountPath: /var/run/efs
ports:
- containerPort: 9809
name: healthz
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 2
failureThreshold: 5
- name: csi-driver-registrar
image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0
args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --v=5
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins/efs.csi.aws.com/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
- name: liveness-probe
imagePullPolicy: Always
image: quay.io/k8scsi/livenessprobe:v1.1.0
args:
- --csi-address=/csi/csi.sock
- --health-port=9809
volumeMounts:
- mountPath: /csi
name: plugin-dir
volumes:
- name: kubelet-dir
hostPath:
path: /var/lib/kubelet
type: Directory
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/efs.csi.aws.com/
type: DirectoryOrCreate
- name: efs-state-dir
hostPath:
path: /var/run/efs
type: DirectoryOrCreate
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/kustomization.yaml
================================================
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
images:
- name: amazon/aws-efs-csi-driver
newTag: v0.3.0
newName: amazon/aws-efs-csi-driver
- name: quay.io/k8scsi/livenessprobe
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-liveness-probe
newTag: v1.1.0
- name: quay.io/k8scsi/csi-node-driver-registrar
newName: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/csi-node-driver-registrar
newTag: v1.1.0
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/README.md
================================================
## Encryption in Transit
This example shows how to make a static provisioned EFS persistence volume (PV) mounted inside container with encryption in transit enabled.
**Note**: this example requires Kubernetes v1.13+
### Edit [Persistence Volume Spec](./specs/pv.yaml)
```
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
mountOptions:
- tls
csi:
driver: efs.csi.aws.com
volumeHandle: [FileSystemId]
```
Note that encryption in transit is enabled using mount option `tls`. Replace `VolumeHandle` value with `FileSystemId` of the EFS filesystem that needs to be mounted.
You can find it using AWS CLI:
```sh
>> aws efs describe-file-systems --query "FileSystems[*].FileSystemId"
```
### Deploy the Example
Create PV, persistence volume claim (PVC) and storage class:
```sh
>> kubectl apply -f examples/kubernetes/encryption_in_transit/specs/storageclass.yaml
>> kubectl apply -f examples/kubernetes/encryption_in_transit/specs/pv.yaml
>> kubectl apply -f examples/kubernetes/encryption_in_transit/specs/claim.yaml
>> kubectl apply -f examples/kubernetes/encryption_in_transit/specs/pod.yaml
```
### Check EFS filesystem is used
After the objects are created, verify that pod is running:
```sh
>> kubectl get pods
```
Also you can verify that data is written onto EFS filesystem:
```sh
>> kubectl exec -ti efs-app -- tail -f /data/out.txt
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/specs/claim.yaml
================================================
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/specs/pod.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: efs-app
spec:
containers:
- name: app
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/specs/pv.yaml
================================================
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
mountOptions:
- tls
csi:
driver: efs.csi.aws.com
volumeHandle: fs-4af69aab
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/specs/storageclass.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: efs-sc
provisioner: efs.csi.aws.com
mountOptions:
- tls
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/README.md
================================================
## Multiple Pods Read Write Many
This example shows how to create a static provisioned EFS persistence volume (PV) and access it from multiple pods with RWX access mode.
### Edit Persistent Volume
Edit persistent volume using sample [spec](./specs/pv.yaml):
```
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
csi:
driver: efs.csi.aws.com
volumeHandle: [FileSystemId]
```
Replace `volumeHandle` value with `FileSystemId` of the EFS filesystem that needs to be mounted. Note that the access mode is `RWX` which means the PV can be read and written from multiple pods.
You can get `FileSystemId` using AWS CLI:
```sh
>> aws efs describe-file-systems --query "FileSystems[*].FileSystemId"
```
### Deploy the Example Application
Create PV, persistence volume claim (PVC), storageclass and the pods that consume the PV:
```sh
>> kubectl apply -f examples/kubernetes/multiple_pods/specs/storageclass.yaml
>> kubectl apply -f examples/kubernetes/multiple_pods/specs/pv.yaml
>> kubectl apply -f examples/kubernetes/multiple_pods/specs/claim.yaml
>> kubectl apply -f examples/kubernetes/multiple_pods/specs/pod1.yaml
>> kubectl apply -f examples/kubernetes/multiple_pods/specs/pod2.yaml
```
In the example, both pod1 and pod2 are writing to the same EFS filesystem at the same time.
### Check the Application uses EFS filesystem
After the objects are created, verify that pod is running:
```sh
>> kubectl get pods
```
Also verify that data is written onto EFS filesystem from both pods:
```sh
>> kubectl exec -ti app1 -- tail -f /data/out1.txt
>> kubectl exec -ti app2 -- tail -f /data/out2.txt
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/claim.yaml
================================================
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/pod1.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: app1
spec:
containers:
- name: app1
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out1.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/pod2.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: app2
spec:
containers:
- name: app2
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out2.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/pv.yaml
================================================
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
csi:
driver: efs.csi.aws.com
volumeHandle: fs-9c48a679
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/storageclass.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: efs-sc
provisioner: efs.csi.aws.com
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/statefulset/README.md
================================================
## Use in Stateful Set
This example shows how to consume EFS filesystem from StatefulSets using the driver. Before the example, refer to [StatefulSets](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) for what it is.
## Deploy the example
```sh
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/master/examples/kubernetes/statefulset/specs/example.yaml
```
## Check the StatefulSets Application
Check StatefulSets is deployed successfully:
```sh
$ kubectl get sts
NAME READY AGE
efs-app-sts 3/3 70m
```
Check the pods are running:
```sh
$ kubectl get po
NAME READY STATUS RESTARTS AGE
efs-app-sts-0 1/1 Running 0 71m
efs-app-sts-1 1/1 Running 0 71m
efs-app-sts-2 1/1 Running 0 71m
```
Check data are written onto EFS filesystem:
```sh
$ kubectl exec -ti efs-app-sts-0 -- tail -f /efs-data/out.txt
Mon May 6 00:50:15 UTC 2019
Mon May 6 00:50:18 UTC 2019
Mon May 6 00:50:19 UTC 2019
Mon May 6 00:50:20 UTC 2019
Mon May 6 00:50:23 UTC 2019
Mon May 6 00:50:24 UTC 2019
Mon May 6 00:50:25 UTC 2019
Mon May 6 00:50:28 UTC 2019
Mon May 6 00:50:29 UTC 2019
Mon May 6 00:50:30 UTC 2019
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/statefulset/specs/example.yaml
================================================
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
csi:
driver: efs.csi.aws.com
volumeHandle: fs-4af69aab
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: efs-app-sts
spec:
selector:
matchLabels:
app: test-efs
serviceName: efs-app
replicas: 3
template:
metadata:
labels:
app: test-efs
spec:
terminationGracePeriodSeconds: 10
containers:
- name: linux
image: amazonlinux:2
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /efs-data/out.txt; sleep 5; done"]
volumeMounts:
- name: efs-storage
mountPath: /efs-data
volumes:
- name: efs-storage
persistentVolumeClaim:
claimName: efs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/README.md
================================================
## Static Provisioning
This example shows how to make a static provisioned EFS persistence volume (PV) mounted inside container.
### Edit [Persistence Volume Spec](./specs/pv.yaml)
```
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
csi:
driver: efs.csi.aws.com
volumeHandle: [FileSystemId]
```
Replace `VolumeHandle` value with `FileSystemId` of the EFS filesystem that needs to be mounted.
You can find it using AWS CLI:
```sh
>> aws efs describe-file-systems --query "FileSystems[*].FileSystemId"
```
### Deploy the Example Application
Create PV, persistence volume claim (PVC) and storage class:
```sh
>> kubectl apply -f examples/kubernetes/static_provisioning/specs/storageclass.yaml
>> kubectl apply -f examples/kubernetes/static_provisioning/specs/pv.yaml
>> kubectl apply -f examples/kubernetes/static_provisioning/specs/claim.yaml
>> kubectl apply -f examples/kubernetes/static_provisioning/specs/pod.yaml
```
### Check EFS filesystem is used
After the objects are created, verify that pod is running:
```sh
>> kubectl get pods
```
Also you can verify that data is written onto EFS filesystem:
```sh
>> kubectl exec -ti efs-app -- tail -f /data/out.txt
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/specs/claim.yaml
================================================
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim
spec:
accessModes:
- ReadWriteOnce
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/specs/pod.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: efs-app
spec:
containers:
- name: app
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
volumeMounts:
- name: persistent-storage
mountPath: /data
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: efs-claim
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/specs/pv.yaml
================================================
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
csi:
driver: efs.csi.aws.com
volumeHandle: fs-9c48a679
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/specs/storageclass.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: efs-sc
provisioner: efs.csi.aws.com
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/volume_path/README.md
================================================
## EFS Volume Path
Similar to [static provisioning example](../static_provisioning). A sub directory of EFS can be mounted inside container. This gives cluster operator the flexibility to restrict the amount of data being accessed from different containers on EFS.
**Note**: this feature requires the sub directory to mount precreated on EFS before consuming the volume from pod.
### Edit [Persistence Volume Spec](./specs/example.yaml)
```
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv1
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
csi:
driver: efs.csi.aws.com
volumeHandle: [FileSystemId]:[Path]
```
Replace `FileSystemId` of the EFS filesystem ID that needs to be mounted. And replace `Path` with a existing path on the filesystem.
You can find it using AWS CLI:
```sh
>> aws efs describe-file-systems --query "FileSystems[*].FileSystemId"
```
### Deploy the Example Application
Create PV, persistence volume claim (PVC) and storage class:
```sh
>> kubectl apply -f examples/kubernetes/volume_path/specs/example.yaml
```
### Check EFS filesystem is used
After the objects are created, verify that pod is running:
```sh
>> kubectl get pods
```
Also you can verify that data is written onto EFS filesystem:
```sh
>> kubectl exec -ti efs-app -- tail -f /data-dir1/out.txt
>> kubectl exec -ti efs-app -- ls /data-dir2
```
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/volume_path/specs/example.yaml
================================================
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: efs-sc
provisioner: efs.csi.aws.com
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv1
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
mountOptions:
- tls
csi:
driver: efs.csi.aws.com
volumeHandle: fs-e8a95a42:/dir1
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim1
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: efs-pv2
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: efs-sc
mountOptions:
- tls
csi:
driver: efs.csi.aws.com
volumeHandle: fs-e8a95a42:/dir2
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: efs-claim2
spec:
accessModes:
- ReadWriteMany
storageClassName: efs-sc
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: Pod
metadata:
name: efs-app
spec:
containers:
- name: app
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo $(date -u) >> /data-dir1/out.txt; sleep 5; done"]
volumeMounts:
- name: efs-volume-1
mountPath: /data-dir1
- name: efs-volume-2
mountPath: /data-dir2
volumes:
- name: efs-volume-1
persistentVolumeClaim:
claimName: efs-claim1
- name: efs-volume-2
persistentVolumeClaim:
claimName: efs-claim2
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/cluster-autoscaler/cluster_autoscaler.yml
================================================
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
name: cluster-autoscaler
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-autoscaler
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
rules:
- apiGroups: [""]
resources: ["events", "endpoints"]
verbs: ["create", "patch"]
- apiGroups: [""]
resources: ["pods/eviction"]
verbs: ["create"]
- apiGroups: [""]
resources: ["pods/status"]
verbs: ["update"]
- apiGroups: [""]
resources: ["endpoints"]
resourceNames: ["cluster-autoscaler"]
verbs: ["get", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["watch", "list", "get", "update"]
- apiGroups: [""]
resources:
- "pods"
- "services"
- "replicationcontrollers"
- "persistentvolumeclaims"
- "persistentvolumes"
verbs: ["watch", "list", "get"]
- apiGroups: ["extensions"]
resources: ["replicasets", "daemonsets"]
verbs: ["watch", "list", "get"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["watch", "list"]
- apiGroups: ["apps"]
resources: ["statefulsets", "replicasets", "daemonsets"]
verbs: ["watch", "list", "get"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["watch", "list", "get"]
- apiGroups: ["batch", "extensions"]
resources: ["jobs"]
verbs: ["get", "list", "watch", "patch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cluster-autoscaler
namespace: kube-system
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["cluster-autoscaler-status", "cluster-autoscaler-priority-expander"]
verbs: ["delete", "get", "update", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-autoscaler
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-autoscaler
subjects:
- kind: ServiceAccount
name: cluster-autoscaler
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cluster-autoscaler
namespace: kube-system
labels:
k8s-addon: cluster-autoscaler.addons.k8s.io
k8s-app: cluster-autoscaler
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cluster-autoscaler
subjects:
- kind: ServiceAccount
name: cluster-autoscaler
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cluster-autoscaler
namespace: kube-system
labels:
app: cluster-autoscaler
spec:
replicas: 1
selector:
matchLabels:
app: cluster-autoscaler
template:
metadata:
labels:
app: cluster-autoscaler
spec:
serviceAccountName: cluster-autoscaler
#nodeSelector:
# intent: control-apps
containers:
- image: k8s.gcr.io/cluster-autoscaler:v1.14.7
name: cluster-autoscaler
resources:
limits:
cpu: 100m
memory: 300Mi
requests:
cpu: 100m
memory: 300Mi
command:
- ./cluster-autoscaler
- --v=4
- --stderrthreshold=info
- --cloud-provider=aws
- --skip-nodes-with-local-storage=false
- --nodes=1:3:eksctl-eksworkshop-nodegroup-ng-6ee72264-NodeGroup-1HV2SGGAPW9U3
- --expander=random
- --expendable-pods-priority-cutoff=-10
- --scale-down-unneeded-time=2m0s
- --scale-down-unready-time=3m0s
- --scale-down-delay-after-add=2m0s
- --scale-down-utilization-threshold=0.7
- --balance-similar-node-groups
- --max-total-unready-percentage=75
- --ok-total-unready-count=20
- --max-empty-bulk-delete=30
env:
- name: AWS_REGION
value: cn-northwest-1
volumeMounts:
- name: ssl-certs
mountPath: /etc/ssl/certs/ca-certificates.crt
readOnly: true
imagePullPolicy: "Always"
volumes:
- name: ssl-certs
hostPath:
path: "/etc/ssl/certs/ca-bundle.crt"
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/cluster-autoscaler/k8s-asg-policy.json
================================================
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:DescribeTags"
],
"Resource": "*"
}
]
}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/cluster-autoscaler/nginx-to-scaleout.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-to-scaleout
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
service: nginx
app: nginx
spec:
containers:
- image: nginx
name: nginx-to-scaleout
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 500m
memory: 512Mi
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/efk/fluent-bit.yaml
================================================
apiVersion: v1
kind: ServiceAccount
metadata:
name: fluent-bit
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: pod-log-reader
rules:
- apiGroups: [""]
resources:
- namespaces
- pods
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: pod-log-crb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pod-log-reader
subjects:
- kind: ServiceAccount
name: fluent-bit
namespace: default
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit-config
labels:
app.kubernetes.io/name: fluentbit
data:
fluent-bit.conf: |
[SERVICE]
Parsers_File parsers.conf
[INPUT]
Name tail
Tag kube.*
Path /var/log/containers/*.log
Parser docker
DB /var/log/flb_kube.db
Mem_Buf_Limit 5MB
Skip_Long_Lines On
Refresh_Interval 10
[FILTER]
Name parser
Match **
Parser nginx
Key_Name log
[OUTPUT]
Name cloudwatch
Match *
region cn-northwest-1
log_group_name fluent-bit-cloudwatch
log_stream_prefix from-fluent-bit-
auto_create_group true
parsers.conf: |
[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")? \"-\"$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
# Command | Decoder | Field | Optional Action
# =============|==================|=================
Decode_Field_As escaped log
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentbit
labels:
app.kubernetes.io/name: fluentbit
spec:
selector:
matchLabels:
name: fluentbit
template:
metadata:
labels:
name: fluentbit
spec:
serviceAccountName: fluent-bit
containers:
- name: aws-for-fluent-bit
image: amazon/aws-for-fluent-bit:2.3.0
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
- name: fluent-bit-config
mountPath: /fluent-bit/etc/
- name: mnt
mountPath: /mnt
readOnly: true
resources:
limits:
memory: 500Mi
requests:
cpu: 500m
memory: 100Mi
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: fluent-bit-config
configMap:
name: fluent-bit-config
- name: mnt
hostPath:
path: /mnt
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/.helmignore
================================================
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/Chart.yaml
================================================
apiVersion: v2
name: eks-helm-demo
description: A Helm chart for EKS Workshop Microservices application
version: 0.1.0
appVersion: 1.0
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/deployment/crystal.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: ecsdemo-crystal
labels:
app: ecsdemo-crystal
namespace: default
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: ecsdemo-crystal
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ecsdemo-crystal
spec:
containers:
- image: {{ .Values.crystal.image }}:{{ .Values.version }}
imagePullPolicy: Always
name: ecsdemo-crystal
ports:
- containerPort: 3000
protocol: TCP
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/deployment/frontend.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: ecsdemo-frontend
labels:
app: ecsdemo-frontend
namespace: default
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: ecsdemo-frontend
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ecsdemo-frontend
spec:
containers:
- image: {{ .Values.frontend.image }}:{{ .Values.version }}
imagePullPolicy: Always
name: ecsdemo-frontend
ports:
- containerPort: 3000
protocol: TCP
env:
- name: CRYSTAL_URL
value: "http://ecsdemo-crystal.default.svc.cluster.local/crystal"
- name: NODEJS_URL
value: "http://ecsdemo-nodejs.default.svc.cluster.local/"
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/deployment/nodejs.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: ecsdemo-nodejs
labels:
app: ecsdemo-nodejs
namespace: default
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: ecsdemo-nodejs
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: ecsdemo-nodejs
spec:
containers:
- image: {{ .Values.nodejs.image }}:{{ .Values.version }}
imagePullPolicy: Always
name: ecsdemo-nodejs
ports:
- containerPort: 3000
protocol: TCP
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/service/crystal.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: ecsdemo-crystal
spec:
selector:
app: ecsdemo-crystal
ports:
- protocol: TCP
port: 80
targetPort: 3000
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/service/frontend.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: ecsdemo-frontend
spec:
selector:
app: ecsdemo-frontend
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 3000
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/service/nodejs.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: ecsdemo-nodejs
spec:
selector:
app: ecsdemo-nodejs
ports:
- protocol: TCP
port: 80
targetPort: 3000
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/values.yaml
================================================
# Default values for eksdemo.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Release-wide Values
replicas: 3
version: 'latest'
# Service Specific Values
nodejs:
#image: brentley/ecsdemo-nodejs
image: brentley/ecsdemo-nodejs-non-existing
crystal:
image: brentley/ecsdemo-crystal
frontend:
image: brentley/ecsdemo-frontend
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/healthchecks/liveness-app.yaml
================================================
apiVersion: v1
kind: Pod
metadata:
name: liveness-app
spec:
containers:
- name: liveness
image: brentley/ecsdemo-nodejs
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 5
periodSeconds: 5
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/healthchecks/readiness-deployment.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: readiness-deployment
spec:
replicas: 3
selector:
matchLabels:
app: readiness-deployment
template:
metadata:
labels:
app: readiness-deployment
spec:
containers:
- name: readiness-deployment
image: alpine
command: ["sh", "-c", "touch /tmp/healthy && sleep 86400"]
readinessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 5
periodSeconds: 3
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/hpa/hpa-v2.yaml
================================================
apiVersion: v1
items:
- apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
creationTimestamp: "2020-03-06T13:47:52Z"
name: php-apache
namespace: default
resourceVersion: "582901"
selfLink: /apis/autoscaling/v2beta2/namespaces/default/horizontalpodautoscalers/php-apache
uid: 13758845-5fb1-11ea-ab77-02aadf7bd768
spec:
maxReplicas: 5
minReplicas: 1
metrics:
# - resource:
# name: cpu
# target:
# averageUtilization: 30
# type: Utilization
# type: Resource
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 50
- type: Pods
pods:
metric:
name: packets-per-second
target:
type: AverageValue
averageValue: 1k
- type: Object
object:
metric:
name: requests-per-second
describedObject:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
name: main-route
target:
type: Value
value: 10k
scaleTargetRef:
apiVersion: extensions/v1beta1
kind: Deployment
name: php-apache
status:
conditions:
- lastTransitionTime: "2020-03-06T13:48:08Z"
message: recommended size matches current size
reason: ReadyForNewScale
status: "True"
type: AbleToScale
- lastTransitionTime: "2020-03-06T13:48:08Z"
message: the HPA was able to successfully calculate a replica count from cpu
resource utilization (percentage of request)
reason: ValidMetricFound
status: "True"
type: ScalingActive
- lastTransitionTime: "2020-03-06T14:03:48Z"
message: the desired replica count is increasing faster than the maximum scale
rate
reason: TooFewReplicas
status: "True"
type: ScalingLimited
currentMetrics:
- resource:
current:
averageUtilization: 0
averageValue: 1m
name: cpu
type: Resource
currentReplicas: 1
desiredReplicas: 1
lastScaleTime: "2020-03-06T14:03:48Z"
kind: List
metadata:
resourceVersion: ""
selfLink: ""
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/hpa/php-apache.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
name: php-apache
spec:
selector:
matchLabels:
run: php-apache
replicas: 1
template:
metadata:
labels:
run: php-apache
spec:
containers:
- name: php-apache
image: k8s.gcr.io/hpa-example
ports:
- containerPort: 80
resources:
limits:
cpu: 500m
requests:
cpu: 200m
---
apiVersion: v1
kind: Service
metadata:
name: php-apache
labels:
run: php-apache
spec:
ports:
- port: 80
selector:
run: php-apache
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/bookinfo-gateway.yaml
================================================
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: bookinfo-gateway
spec:
selector:
istio: ingressgateway # use istio default controller
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: bookinfo
spec:
hosts:
- "*"
gateways:
- bookinfo-gateway
http:
- match:
- uri:
exact: /productpage
- uri:
prefix: /static
- uri:
exact: /login
- uri:
exact: /logout
- uri:
prefix: /api/v1/products
route:
- destination:
host: productpage
port:
number: 9080
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/bookinfo.yaml
================================================
# Copyright 2017 Istio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##################################################################################################
# This file defines the services, service accounts, and deployments for the Bookinfo sample.
#
# To apply all 4 Bookinfo services, their corresponding service accounts, and deployments:
#
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml
#
# Alternatively, you can deploy any resource separately:
#
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l service=reviews # reviews Service
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l account=reviews # reviews ServiceAccount
# kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml -l app=reviews,version=v3 # reviews-v3 Deployment
##################################################################################################
##################################################################################################
# Details service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: details
labels:
app: details
service: details
spec:
ports:
- port: 9080
name: http
selector:
app: details
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-details
labels:
account: details
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: details-v1
labels:
app: details
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: details
version: v1
template:
metadata:
labels:
app: details
version: v1
spec:
serviceAccountName: bookinfo-details
containers:
- name: details
image: docker.io/istio/examples-bookinfo-details-v1:1.15.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
##################################################################################################
# Ratings service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: ratings
labels:
app: ratings
service: ratings
spec:
ports:
- port: 9080
name: http
selector:
app: ratings
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-ratings
labels:
account: ratings
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ratings-v1
labels:
app: ratings
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: ratings
version: v1
template:
metadata:
labels:
app: ratings
version: v1
spec:
serviceAccountName: bookinfo-ratings
containers:
- name: ratings
image: docker.io/istio/examples-bookinfo-ratings-v1:1.15.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
---
##################################################################################################
# Reviews service
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: reviews
labels:
app: reviews
service: reviews
spec:
ports:
- port: 9080
name: http
selector:
app: reviews
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-reviews
labels:
account: reviews
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v1
labels:
app: reviews
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v1
template:
metadata:
labels:
app: reviews
version: v1
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v1:1.15.0
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v2
labels:
app: reviews
version: v2
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v2
template:
metadata:
labels:
app: reviews
version: v2
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v2:1.15.0
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: reviews-v3
labels:
app: reviews
version: v3
spec:
replicas: 1
selector:
matchLabels:
app: reviews
version: v3
template:
metadata:
labels:
app: reviews
version: v3
spec:
serviceAccountName: bookinfo-reviews
containers:
- name: reviews
image: docker.io/istio/examples-bookinfo-reviews-v3:1.15.0
imagePullPolicy: IfNotPresent
env:
- name: LOG_DIR
value: "/tmp/logs"
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
- name: wlp-output
mountPath: /opt/ibm/wlp/output
volumes:
- name: wlp-output
emptyDir: {}
- name: tmp
emptyDir: {}
---
##################################################################################################
# Productpage services
##################################################################################################
apiVersion: v1
kind: Service
metadata:
name: productpage
labels:
app: productpage
service: productpage
spec:
ports:
- port: 9080
name: http
selector:
app: productpage
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: bookinfo-productpage
labels:
account: productpage
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: productpage-v1
labels:
app: productpage
version: v1
spec:
replicas: 1
selector:
matchLabels:
app: productpage
version: v1
template:
metadata:
labels:
app: productpage
version: v1
spec:
serviceAccountName: bookinfo-productpage
containers:
- name: productpage
image: docker.io/istio/examples-bookinfo-productpage-v1:1.15.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9080
volumeMounts:
- name: tmp
mountPath: /tmp
volumes:
- name: tmp
emptyDir: {}
---
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/destination-rule-all.yaml
================================================
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: productpage
spec:
host: productpage
subsets:
- name: v1
labels:
version: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: reviews
spec:
host: reviews
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v3
labels:
version: v3
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: ratings
spec:
host: ratings
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
- name: v2-mysql
labels:
version: v2-mysql
- name: v2-mysql-vm
labels:
version: v2-mysql-vm
---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: details
spec:
host: details
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
---
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-all-v1.yaml
================================================
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: productpage
spec:
hosts:
- productpage
http:
- route:
- destination:
host: productpage
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- route:
- destination:
host: ratings
subset: v1
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: details
spec:
hosts:
- details
http:
- route:
- destination:
host: details
subset: v1
---
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-ratings-test-abort.yaml
================================================
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- match:
- headers:
end-user:
exact: jason
fault:
abort:
percentage:
value: 100.0
httpStatus: 500
route:
- destination:
host: ratings
subset: v1
- route:
- destination:
host: ratings
subset: v1
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-ratings-test-delay.yaml
================================================
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: ratings
spec:
hosts:
- ratings
http:
- match:
- headers:
end-user:
exact: jason
fault:
delay:
percentage:
value: 100.0
fixedDelay: 7s
route:
- destination:
host: ratings
subset: v1
- route:
- destination:
host: ratings
subset: v1
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-reviews-50-v3.yaml
================================================
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v1
weight: 50
- destination:
host: reviews
subset: v3
weight: 50
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-reviews-test-v2.yaml
================================================
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- match:
- headers:
end-user:
exact: jason
route:
- destination:
host: reviews
subset: v2
- route:
- destination:
host: reviews
subset: v1
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-reviews-v3.yaml
================================================
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
host: reviews
subset: v3
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico.yaml
================================================
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: calico-node
namespace: kube-system
labels:
k8s-app: calico-node
spec:
selector:
matchLabels:
k8s-app: calico-node
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
k8s-app: calico-node
spec:
priorityClassName: system-node-critical
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
serviceAccountName: calico-node
# Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
terminationGracePeriodSeconds: 0
containers:
# Runs calico/node container on each Kubernetes node. This
# container programs network policy and routes on each
# host.
- name: calico-node
image: quay.io/calico/node:v3.8.1
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
value: "kubernetes"
# Use eni not cali for interface prefix
- name: FELIX_INTERFACEPREFIX
value: "eni"
# Enable felix info logging.
- name: FELIX_LOGSEVERITYSCREEN
value: "info"
# Don't enable BGP.
- name: CALICO_NETWORKING_BACKEND
value: "none"
# Cluster type to identify the deployment type
- name: CLUSTER_TYPE
value: "k8s,ecs"
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
- name: FELIX_TYPHAK8SSERVICENAME
value: "calico-typha"
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: "ACCEPT"
# This will make Felix honor AWS VPC CNI's mangle table
# rules.
- name: FELIX_IPTABLESMANGLEALLOWACTION
value: Return
# Disable IPV6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: "false"
# Wait for the datastore.
- name: WAIT_FOR_DATASTORE
value: "true"
- name: FELIX_LOGSEVERITYSYS
value: "none"
- name: FELIX_PROMETHEUSMETRICSENABLED
value: "true"
- name: NO_DEFAULT_POOLS
value: "true"
# Set based on the k8s node name.
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# No IP address needed.
- name: IP
value: ""
- name: FELIX_HEALTHENABLED
value: "true"
securityContext:
privileged: true
livenessProbe:
httpGet:
path: /liveness
port: 9099
host: localhost
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
readinessProbe:
exec:
command:
- /bin/calico-node
- -felix-ready
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- mountPath: /var/run/calico
name: var-run-calico
readOnly: false
- mountPath: /var/lib/calico
name: var-lib-calico
readOnly: false
volumes:
# Used to ensure proper kmods are installed.
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-run-calico
hostPath:
path: /var/run/calico
- name: var-lib-calico
hostPath:
path: /var/lib/calico
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
tolerations:
# Make sure calico/node gets scheduled on all nodes.
- effect: NoSchedule
operator: Exists
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
---
# Create all the CustomResourceDefinitions needed for
# Calico policy-only mode.
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: felixconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: FelixConfiguration
plural: felixconfigurations
singular: felixconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamblocks.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: IPAMBlock
plural: ipamblocks
singular: ipamblock
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: blockaffinities.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: BlockAffinity
plural: blockaffinities
singular: blockaffinity
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgpconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: BGPConfiguration
plural: bgpconfigurations
singular: bgpconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgppeers.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: BGPPeer
plural: bgppeers
singular: bgppeer
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ippools.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: IPPool
plural: ippools
singular: ippool
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: hostendpoints.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: HostEndpoint
plural: hostendpoints
singular: hostendpoint
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterinformations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: ClusterInformation
plural: clusterinformations
singular: clusterinformation
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworkpolicies.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: GlobalNetworkPolicy
plural: globalnetworkpolicies
singular: globalnetworkpolicy
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworksets.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: GlobalNetworkSet
plural: globalnetworksets
singular: globalnetworkset
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networkpolicies.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networksets.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
versions:
- name: v1
served: true
storage: true
names:
kind: NetworkSet
plural: networksets
singular: networkset
---
# Create the ServiceAccount and roles necessary for Calico.
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-node
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-node
rules:
- apiGroups: [""]
resources:
- namespaces
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- pods/status
verbs:
- patch
- apiGroups: [""]
resources:
- nodes/status
verbs:
- patch
- update
- apiGroups: [""]
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- services
verbs:
- get
- apiGroups: [""]
resources:
- endpoints
verbs:
- get
- apiGroups: [""]
resources:
- nodes
verbs:
- get
- list
- update
- watch
- apiGroups: ["extensions"]
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs:
- watch
- list
- apiGroups: ["crd.projectcalico.org"]
resources:
- globalfelixconfigs
- felixconfigurations
- bgppeers
- globalbgpconfigs
- bgpconfigurations
- ippools
- ipamblocks
- globalnetworkpolicies
- globalnetworksets
- networkpolicies
- networksets
- clusterinformations
- hostendpoints
verbs:
- create
- get
- list
- update
- watch
- apiGroups: ["crd.projectcalico.org"]
resources:
- blockaffinities
- ipamblocks
- ipamhandles
verbs:
- get
- list
- create
- update
- delete
- apiGroups: ["crd.projectcalico.org"]
resources:
- blockaffinities
verbs:
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: calico-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-node
subjects:
- kind: ServiceAccount
name: calico-node
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: calico-typha
namespace: kube-system
labels:
k8s-app: calico-typha
spec:
revisionHistoryLimit: 2
selector:
matchLabels:
k8s-app: calico-typha
template:
metadata:
labels:
k8s-app: calico-typha
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: 'true'
spec:
priorityClassName: system-cluster-critical
nodeSelector:
beta.kubernetes.io/os: linux
tolerations:
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
hostNetwork: true
serviceAccountName: calico-node
containers:
- image: quay.io/calico/typha:v3.8.1
name: calico-typha
ports:
- containerPort: 5473
name: calico-typha
protocol: TCP
env:
# Use eni not cali for interface prefix
- name: FELIX_INTERFACEPREFIX
value: "eni"
- name: TYPHA_LOGFILEPATH
value: "none"
- name: TYPHA_LOGSEVERITYSYS
value: "none"
- name: TYPHA_LOGSEVERITYSCREEN
value: "info"
- name: TYPHA_PROMETHEUSMETRICSENABLED
value: "true"
- name: TYPHA_CONNECTIONREBALANCINGMODE
value: "kubernetes"
- name: TYPHA_PROMETHEUSMETRICSPORT
value: "9093"
- name: TYPHA_DATASTORETYPE
value: "kubernetes"
- name: TYPHA_MAXCONNECTIONSLOWERLIMIT
value: "1"
- name: TYPHA_HEALTHENABLED
value: "true"
# This will make Felix honor AWS VPC CNI's mangle table
# rules.
- name: FELIX_IPTABLESMANGLEALLOWACTION
value: Return
livenessProbe:
httpGet:
path: /liveness
port: 9098
host: localhost
periodSeconds: 30
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /readiness
port: 9098
host: localhost
periodSeconds: 10
---
# This manifest creates a Pod Disruption Budget for Typha to allow K8s Cluster Autoscaler to evict
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: calico-typha
namespace: kube-system
labels:
k8s-app: calico-typha
spec:
maxUnavailable: 1
selector:
matchLabels:
k8s-app: calico-typha
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: typha-cpha
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: typha-cpha
subjects:
- kind: ServiceAccount
name: typha-cpha
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: typha-cpha
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list"]
---
kind: ConfigMap
apiVersion: v1
metadata:
name: calico-typha-horizontal-autoscaler
namespace: kube-system
data:
ladder: |-
{
"coresToReplicas": [],
"nodesToReplicas":
[
[1, 1],
[10, 2],
[100, 3],
[250, 4],
[500, 5],
[1000, 6],
[1500, 7],
[2000, 8]
]
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: calico-typha-horizontal-autoscaler
namespace: kube-system
labels:
k8s-app: calico-typha-autoscaler
spec:
selector:
matchLabels:
k8s-app: calico-typha-autoscaler
replicas: 1
template:
metadata:
labels:
k8s-app: calico-typha-autoscaler
spec:
priorityClassName: system-cluster-critical
nodeSelector:
beta.kubernetes.io/os: linux
containers:
- image: k8s.gcr.io/cluster-proportional-autoscaler-amd64:1.1.2
name: autoscaler
command:
- /cluster-proportional-autoscaler
- --namespace=kube-system
- --configmap=calico-typha-horizontal-autoscaler
- --target=deployment/calico-typha
- --logtostderr=true
- --v=2
resources:
requests:
cpu: 10m
limits:
cpu: 10m
serviceAccountName: typha-cpha
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: typha-cpha
namespace: kube-system
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
- apiGroups: ["extensions"]
resources: ["deployments/scale"]
verbs: ["get", "update"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: typha-cpha
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: typha-cpha
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: typha-cpha
subjects:
- kind: ServiceAccount
name: typha-cpha
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
name: calico-typha
namespace: kube-system
labels:
k8s-app: calico-typha
spec:
ports:
- port: 5473
protocol: TCP
targetPort: calico-typha
name: calico-typha
selector:
k8s-app: calico-typha
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/allow-ui-client.yaml
================================================
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
namespace: client
name: allow-ui
spec:
podSelector:
matchLabels: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
role: management-ui
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/allow-ui.yaml
================================================
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
namespace: stars
name: allow-ui
spec:
podSelector:
matchLabels: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
role: management-ui
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/backend-policy.yaml
================================================
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
namespace: stars
name: backend-policy
spec:
podSelector:
matchLabels:
role: backend
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 6379
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/backend.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: backend
namespace: stars
spec:
ports:
- port: 6379
targetPort: 6379
selector:
role: backend
---
apiVersion: v1
kind: ReplicationController
metadata:
name: backend
namespace: stars
spec:
replicas: 1
template:
metadata:
labels:
role: backend
spec:
containers:
- name: backend
image: calico/star-probe:v0.1.0
imagePullPolicy: Always
command:
- probe
- --http-port=6379
- --urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status
ports:
- containerPort: 6379
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/client.yaml
================================================
kind: Namespace
apiVersion: v1
metadata:
name: client
labels:
role: client
---
apiVersion: v1
kind: ReplicationController
metadata:
name: client
namespace: client
spec:
replicas: 1
template:
metadata:
labels:
role: client
spec:
containers:
- name: client
image: calico/star-probe:v0.1.0
imagePullPolicy: Always
command:
- probe
- --urls=http://frontend.stars:80/status,http://backend.stars:6379/status
ports:
- containerPort: 9000
---
apiVersion: v1
kind: Service
metadata:
name: client
namespace: client
spec:
ports:
- port: 9000
targetPort: 9000
selector:
role: client
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/default-deny.yaml
================================================
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: default-deny
spec:
podSelector:
matchLabels: {}
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/frontend-policy.yaml
================================================
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
namespace: stars
name: frontend-policy
spec:
podSelector:
matchLabels:
role: frontend
ingress:
- from:
- namespaceSelector:
matchLabels:
role: client
ports:
- protocol: TCP
port: 80
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/frontend.yaml
================================================
apiVersion: v1
kind: Service
metadata:
name: frontend
namespace: stars
spec:
ports:
- port: 80
targetPort: 80
selector:
role: frontend
---
apiVersion: v1
kind: ReplicationController
metadata:
name: frontend
namespace: stars
spec:
replicas: 1
template:
metadata:
labels:
role: frontend
spec:
containers:
- name: frontend
image: calico/star-probe:v0.1.0
imagePullPolicy: Always
command:
- probe
- --http-port=80
- --urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status
ports:
- containerPort: 80
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/management-ui.yaml
================================================
apiVersion: v1
kind: Namespace
metadata:
name: management-ui
labels:
role: management-ui
---
apiVersion: v1
kind: Service
metadata:
name: management-ui
namespace: management-ui
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 9001
selector:
role: management-ui
---
apiVersion: v1
kind: ReplicationController
metadata:
name: management-ui
namespace: management-ui
spec:
replicas: 1
template:
metadata:
labels:
role: management-ui
spec:
containers:
- name: management-ui
image: calico/star-collect:v0.1.0
imagePullPolicy: Always
ports:
- containerPort: 9001
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/namespace.yaml
================================================
kind: Namespace
apiVersion: v1
metadata:
name: stars
================================================
FILE: china/2020_EKS_Launch_Workshop/resource/nginx-app/nginx-nlb.yaml
================================================
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx-deployment
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
name: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: "service-nginx"
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
spec:
selector:
app: nginx
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 80
================================================
FILE: china/2020_EKS_Launch_Workshop/步骤1-准备实验环境.md
================================================
# 步骤1 准备实验环境
本次workshop 需要的软件环境有 aws cli , eksctl ,kubectl,以及eks对应操作的IAM权限。
1.1 安装配置 aws cli , version > 1.18.200
>1.1.1 安装
利用pip安装
```bash
pip3 install awscli --upgrade --user
```
利用awscli-bundle安装
[linux / macOS ](https://s3.amazonaws.com/aws-cli/awscli-bundle.zip)
```bash
curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
```
>[windows 64 bit MSI installer](https://s3.amazonaws.com/aws-cli/AWSCLI64PY3.msi)
windows 默认的安装路径在C:\Program Files\Amazon\AWSCLI (64-bit version)\
```bash
$aws --version
aws-cli/1.18.203 Python/3.8.2 Darwin/19.6.0 botocore/1.19.43
```
>1.1.2 配置aws cli 角色
```bash
#配置aws cli的用户权限
$aws configure
AWS Access Key ID :
AWS Secret Access Key :
Default region name:
Default output format [None]:
#测试AK/SK是否生效
aws sts get-caller-identity
#如果可以正常返回以下内容(包含account id),则表示已经正确设置角色权限
{
"Account": "<your account id, etc.11111111>",
"UserId": "AIDAIG42GHSYU2TYCMCZW",
"Arn": "arn:aws-cn:iam::<your account id, etc.11111111>:user/<iam user>"
}
```
1.2 安装eksctl (0.36.0-rc.0), kubectl (v1.18.9)
* [masOS](https://github.com/weaveworks/eksctl/releases/download/0.15.0/eksctl_Darwin_amd64.tar.gz)
* [linux](https://github.com/weaveworks/eksctl/releases/download/0.15.0/eksctl_Linux_amd64.tar.gz)
* [windows](https://github.com/weaveworks/eksctl/releases/download/0.15.0/eksctl_Windows_amd64.zip)
```bash
#设置默认region
export AWS_REG
gitextract_bpmfenia/
├── .github/
│ └── PULL_REQUEST_TEMPLATE.md
├── .gitignore
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── README.md
├── china/
│ ├── 2020_EKS_Launch_Workshop/
│ │ ├── README.md
│ │ ├── resource/
│ │ │ ├── IRSA/
│ │ │ │ └── iam-pod.yaml
│ │ │ ├── alb-ingress-controller/
│ │ │ │ ├── alb-ingress-controller.yaml
│ │ │ │ ├── ingress-iam-policy.json
│ │ │ │ ├── nginx-alb-ingress.yaml
│ │ │ │ └── rbac-role.yaml
│ │ │ ├── aws-ebs-csi-driver/
│ │ │ │ ├── aws-ebs-csi-driver/
│ │ │ │ │ ├── .helmignore
│ │ │ │ │ ├── Chart.yaml
│ │ │ │ │ ├── templates/
│ │ │ │ │ │ ├── NOTES.txt
│ │ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ │ ├── daemonset.yaml
│ │ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ │ ├── rbac.yaml
│ │ │ │ │ │ ├── serviceaccount.yaml
│ │ │ │ │ │ └── statefulset.yaml
│ │ │ │ │ └── values.yaml
│ │ │ │ ├── deploy/
│ │ │ │ │ └── kubernetes/
│ │ │ │ │ ├── base/
│ │ │ │ │ │ ├── controller.yaml
│ │ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── node.yaml
│ │ │ │ │ │ └── rbac.yaml
│ │ │ │ │ ├── cluster/
│ │ │ │ │ │ └── crd_snapshotter.yaml
│ │ │ │ │ ├── overlays/
│ │ │ │ │ │ ├── alpha/
│ │ │ │ │ │ │ ├── controller_add_resizer.yaml
│ │ │ │ │ │ │ ├── controller_add_snapshotter.yaml
│ │ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ │ ├── rbac_add_resizer.yaml
│ │ │ │ │ │ │ ├── rbac_add_snapshot_controller.yaml
│ │ │ │ │ │ │ ├── rbac_add_snapshotter.yaml
│ │ │ │ │ │ │ └── snapshot_controller.yaml
│ │ │ │ │ │ ├── dev/
│ │ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ │ └── stable/
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── secret.yaml
│ │ │ │ ├── ebs-csi-iam-policy.json
│ │ │ │ ├── examples/
│ │ │ │ │ └── kubernetes/
│ │ │ │ │ ├── block-volume/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── specs/
│ │ │ │ │ │ ├── pod.yaml
│ │ │ │ │ │ ├── raw-claim.yaml
│ │ │ │ │ │ └── storageclass.yaml
│ │ │ │ │ ├── dynamic-provisioning/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── specs/
│ │ │ │ │ │ ├── claim.yaml
│ │ │ │ │ │ ├── pod.yaml
│ │ │ │ │ │ └── storageclass.yaml
│ │ │ │ │ ├── resizing/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── spec/
│ │ │ │ │ │ └── example.yaml
│ │ │ │ │ ├── snapshot/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── specs/
│ │ │ │ │ │ ├── app/
│ │ │ │ │ │ │ ├── claim.yaml
│ │ │ │ │ │ │ └── pod.yaml
│ │ │ │ │ │ ├── classes/
│ │ │ │ │ │ │ ├── snapshotclass.yaml
│ │ │ │ │ │ │ └── storageclass.yaml
│ │ │ │ │ │ ├── snapshot/
│ │ │ │ │ │ │ └── snapshot.yaml
│ │ │ │ │ │ ├── snapshot-import/
│ │ │ │ │ │ │ ├── volume-snapshot-content.yaml
│ │ │ │ │ │ │ └── volume-snapshot.yaml
│ │ │ │ │ │ └── snapshot-restore/
│ │ │ │ │ │ ├── claim.yaml
│ │ │ │ │ │ └── pod.yaml
│ │ │ │ │ ├── static-provisioning/
│ │ │ │ │ │ ├── README.md
│ │ │ │ │ │ └── specs/
│ │ │ │ │ │ └── example.yaml
│ │ │ │ │ └── storageclass/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ └── example.yaml
│ │ │ │ └── updaterole.sh
│ │ │ ├── aws-efs-csi-driver/
│ │ │ │ ├── .dockerignore
│ │ │ │ ├── .github/
│ │ │ │ │ ├── ISSUE_TEMPLATE/
│ │ │ │ │ │ ├── bug_report.md
│ │ │ │ │ │ ├── enhancement-request.md
│ │ │ │ │ │ ├── feature_request.md
│ │ │ │ │ │ └── support-request.md
│ │ │ │ │ ├── PULL_REQUEST_TEMPLATE.md
│ │ │ │ │ └── workflows/
│ │ │ │ │ └── container-image.yaml
│ │ │ │ ├── .gitignore
│ │ │ │ ├── .travis.yml
│ │ │ │ ├── deploy/
│ │ │ │ │ └── kubernetes/
│ │ │ │ │ ├── base/
│ │ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ └── node.yaml
│ │ │ │ │ └── overlays/
│ │ │ │ │ └── stable/
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── examples/
│ │ │ │ └── kubernetes/
│ │ │ │ ├── encryption_in_transit/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ ├── pod.yaml
│ │ │ │ │ ├── pv.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ ├── multiple_pods/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ ├── pod1.yaml
│ │ │ │ │ ├── pod2.yaml
│ │ │ │ │ ├── pv.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ ├── statefulset/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ └── example.yaml
│ │ │ │ ├── static_provisioning/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ ├── pod.yaml
│ │ │ │ │ ├── pv.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ └── volume_path/
│ │ │ │ ├── README.md
│ │ │ │ └── specs/
│ │ │ │ └── example.yaml
│ │ │ ├── cluster-autoscaler/
│ │ │ │ ├── cluster_autoscaler.yml
│ │ │ │ ├── k8s-asg-policy.json
│ │ │ │ └── nginx-to-scaleout.yaml
│ │ │ ├── efk/
│ │ │ │ └── fluent-bit.yaml
│ │ │ ├── eks-helm-demo/
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates/
│ │ │ │ │ ├── deployment/
│ │ │ │ │ │ ├── crystal.yaml
│ │ │ │ │ │ ├── frontend.yaml
│ │ │ │ │ │ └── nodejs.yaml
│ │ │ │ │ └── service/
│ │ │ │ │ ├── crystal.yaml
│ │ │ │ │ ├── frontend.yaml
│ │ │ │ │ └── nodejs.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── healthchecks/
│ │ │ │ ├── liveness-app.yaml
│ │ │ │ └── readiness-deployment.yaml
│ │ │ ├── hpa/
│ │ │ │ ├── hpa-v2.yaml
│ │ │ │ └── php-apache.yaml
│ │ │ ├── istio/
│ │ │ │ └── bookinfo/
│ │ │ │ ├── bookinfo-gateway.yaml
│ │ │ │ ├── bookinfo.yaml
│ │ │ │ ├── destination-rule-all.yaml
│ │ │ │ ├── virtual-service-all-v1.yaml
│ │ │ │ ├── virtual-service-ratings-test-abort.yaml
│ │ │ │ ├── virtual-service-ratings-test-delay.yaml
│ │ │ │ ├── virtual-service-reviews-50-v3.yaml
│ │ │ │ ├── virtual-service-reviews-test-v2.yaml
│ │ │ │ └── virtual-service-reviews-v3.yaml
│ │ │ ├── network-policy/
│ │ │ │ ├── calico.yaml
│ │ │ │ └── calico_resources/
│ │ │ │ ├── allow-ui-client.yaml
│ │ │ │ ├── allow-ui.yaml
│ │ │ │ ├── backend-policy.yaml
│ │ │ │ ├── backend.yaml
│ │ │ │ ├── client.yaml
│ │ │ │ ├── default-deny.yaml
│ │ │ │ ├── frontend-policy.yaml
│ │ │ │ ├── frontend.yaml
│ │ │ │ ├── management-ui.yaml
│ │ │ │ └── namespace.yaml
│ │ │ └── nginx-app/
│ │ │ └── nginx-nlb.yaml
│ │ ├── 步骤1-准备实验环境.md
│ │ ├── 步骤10-可用性-健康检查.md
│ │ ├── 步骤11-使用Calio加固EKS集群安全.md
│ │ ├── 步骤12-EFK日志收集.md
│ │ ├── 步骤13-Prometheus&Grafana监控.md
│ │ ├── 步骤14-在EKS集群上部署Istio服务网格.md
│ │ ├── 步骤2-创建EKS集群.md
│ │ ├── 步骤3-部署官方的KubernetesDashboard.md
│ │ ├── 步骤4-部署微服务以及配置ALBIngressController.md
│ │ ├── 步骤5-配置使用EBS.md
│ │ ├── 步骤6-配置使用EFS.md
│ │ ├── 步骤7-在EKS中使用IAMRole进行权限管理.md
│ │ ├── 步骤8-对应用Pod和集群进行自动扩展.md
│ │ └── 步骤9-使用Helm部署应用.md
│ ├── 2020_GCR_Kubeflow_Workshop/
│ │ ├── Kubeflow_Pipelines.md
│ │ ├── Kubeflow_fairing.md
│ │ ├── README.md
│ │ ├── resources/
│ │ │ └── mnist-tensorflow-jupyter.py
│ │ ├── 创建和使用jupter笔记本.md
│ │ ├── 安装Kubeflow.md
│ │ └── 清理资源.md
│ └── 2021_GCR_Kubeflow_on_EKS/
│ ├── Kubeflow on AWS EKS (GCR Region) 部署.md
│ ├── resource/
│ │ ├── app1.yaml
│ │ ├── aws-alb-config-map.yaml
│ │ ├── dex-config.yaml
│ │ ├── ingress-iam-policy.json
│ │ ├── kfctl_aws.v1.2.0.yaml
│ │ ├── kfctl_aws.v1.2.0.yaml.tpl
│ │ ├── kubeflow-workshop-eks.yaml
│ │ ├── mutating-webhook.yaml
│ │ └── s3-kubeflow-on-eks-app1.json
│ └── resource.tgz
└── global/
├── 2019_GCR_EKS_Workshop/
│ ├── README.md
│ ├── 步骤1-通过AWS Cloud9搭建服务器环境.md
│ ├── 步骤2-设置默认region, 安装eksctl, kubectl工具.md
│ ├── 步骤3-创建EKS集群(启用按需实例和Fargate).md
│ ├── 步骤4-部署示例应用,通过HPA测试Fargate弹性伸缩功能.md
│ └── 步骤5-在EKS中使用IAM Role进行权限管理(可选).md
├── 2020_GCR_SZ_ContainerDay/
│ ├── README.md
│ ├── docker/
│ │ ├── Lab2-Docker 基本操作.md
│ │ ├── Lab3-使用Docker 运行Web服务.md
│ │ └── Lab4-多容器管理实践.md
│ ├── resources/
│ │ ├── IRSA/
│ │ │ └── iam-pod.yaml
│ │ ├── alb-ingress-controller/
│ │ │ ├── alb-ingress-controller.yaml
│ │ │ ├── iam-policy.json
│ │ │ ├── nginx-alb-ingress.yaml
│ │ │ └── rbac-role.yaml
│ │ ├── aws-ebs-csi-driver/
│ │ │ ├── aws-ebs-csi-driver/
│ │ │ │ ├── .helmignore
│ │ │ │ ├── Chart.yaml
│ │ │ │ ├── templates/
│ │ │ │ │ ├── NOTES.txt
│ │ │ │ │ ├── _helpers.tpl
│ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ ├── daemonset.yaml
│ │ │ │ │ ├── deployment.yaml
│ │ │ │ │ ├── rbac.yaml
│ │ │ │ │ ├── serviceaccount.yaml
│ │ │ │ │ └── statefulset.yaml
│ │ │ │ └── values.yaml
│ │ │ ├── deploy/
│ │ │ │ └── kubernetes/
│ │ │ │ ├── base/
│ │ │ │ │ ├── controller.yaml
│ │ │ │ │ ├── csidriver.yaml
│ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ ├── node.yaml
│ │ │ │ │ └── rbac.yaml
│ │ │ │ ├── cluster/
│ │ │ │ │ └── crd_snapshotter.yaml
│ │ │ │ ├── overlays/
│ │ │ │ │ ├── alpha/
│ │ │ │ │ │ ├── controller_add_resizer.yaml
│ │ │ │ │ │ ├── controller_add_snapshotter.yaml
│ │ │ │ │ │ ├── kustomization.yaml
│ │ │ │ │ │ ├── rbac_add_resizer.yaml
│ │ │ │ │ │ ├── rbac_add_snapshot_controller.yaml
│ │ │ │ │ │ ├── rbac_add_snapshotter.yaml
│ │ │ │ │ │ └── snapshot_controller.yaml
│ │ │ │ │ ├── dev/
│ │ │ │ │ │ └── kustomization.yaml
│ │ │ │ │ └── stable/
│ │ │ │ │ └── kustomization.yaml
│ │ │ │ └── secret.yaml
│ │ │ ├── ebs-csi-iam-policy.json
│ │ │ ├── examples/
│ │ │ │ └── kubernetes/
│ │ │ │ ├── block-volume/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── pod.yaml
│ │ │ │ │ ├── raw-claim.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ ├── dynamic-provisioning/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ ├── pod.yaml
│ │ │ │ │ └── storageclass.yaml
│ │ │ │ ├── resizing/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── spec/
│ │ │ │ │ └── example.yaml
│ │ │ │ ├── snapshot/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ ├── app/
│ │ │ │ │ │ ├── claim.yaml
│ │ │ │ │ │ └── pod.yaml
│ │ │ │ │ ├── classes/
│ │ │ │ │ │ ├── snapshotclass.yaml
│ │ │ │ │ │ └── storageclass.yaml
│ │ │ │ │ ├── snapshot/
│ │ │ │ │ │ └── snapshot.yaml
│ │ │ │ │ ├── snapshot-import/
│ │ │ │ │ │ ├── volume-snapshot-content.yaml
│ │ │ │ │ │ └── volume-snapshot.yaml
│ │ │ │ │ └── snapshot-restore/
│ │ │ │ │ ├── claim.yaml
│ │ │ │ │ └── pod.yaml
│ │ │ │ ├── static-provisioning/
│ │ │ │ │ ├── README.md
│ │ │ │ │ └── specs/
│ │ │ │ │ └── example.yaml
│ │ │ │ └── storageclass/
│ │ │ │ ├── README.md
│ │ │ │ └── specs/
│ │ │ │ └── example.yaml
│ │ │ └── updaterole.sh
│ │ ├── cluster-autoscaler/
│ │ │ ├── cluster_autoscaler.yml
│ │ │ ├── cluster_autoscaler.yml.orgin
│ │ │ ├── k8s-asg-policy.json
│ │ │ └── nginx-to-scaleout.yaml
│ │ └── hpa/
│ │ ├── metrics-server-v0.3.6/
│ │ │ ├── .gitignore
│ │ │ ├── .golangci.yml
│ │ │ ├── .travis.yml
│ │ │ ├── CONTRIBUTING.md
│ │ │ ├── LICENSE
│ │ │ ├── Makefile
│ │ │ ├── OWNERS
│ │ │ ├── OWNERS_ALIASES
│ │ │ ├── README.md
│ │ │ ├── SECURITY_CONTACTS
│ │ │ ├── code-of-conduct.md
│ │ │ └── deploy/
│ │ │ ├── 1.7/
│ │ │ │ ├── auth-delegator.yaml
│ │ │ │ ├── auth-reader.yaml
│ │ │ │ ├── metrics-apiservice.yaml
│ │ │ │ ├── metrics-server-deployment.yaml
│ │ │ │ └── metrics-server-service.yaml
│ │ │ ├── 1.8+/
│ │ │ │ ├── aggregated-metrics-reader.yaml
│ │ │ │ ├── auth-delegator.yaml
│ │ │ │ ├── auth-reader.yaml
│ │ │ │ ├── metrics-apiservice.yaml
│ │ │ │ ├── metrics-server-deployment.yaml
│ │ │ │ ├── metrics-server-service.yaml
│ │ │ │ └── resource-reader.yaml
│ │ │ └── docker/
│ │ │ └── Dockerfile
│ │ └── php-apache.yaml
│ ├── resources.tgz
│ ├── 步骤1-通过AWS Cloud9搭建服务器环境.md
│ ├── 步骤2-设置默认region, 安装eksctl, kubectl工具.md
│ ├── 步骤3-创建EKS集群.md
│ ├── 步骤4-配置ALBIngressController.md
│ ├── 步骤5-部署官方的KubernetesDashboard.md
│ ├── 步骤6-使用EBS存储.md
│ ├── 步骤7-在EKS中使用IAMRole进行权限管理.md
│ └── 步骤8-实现应用Pod和集群进行自动扩展.md
├── 2021_GCR_MAD_Day/
│ ├── README.md
│ ├── lab1-serverless/
│ │ ├── 步骤1-从头开始写一个 serverless API.md
│ │ ├── 步骤1-使用serverless 快速构建Express应用.md
│ │ └── 步骤2-使用serverless 快速构建Express应用.md
│ ├── lab2-eks/
│ │ ├── 步骤1-设置默认region, 安装eksctl, kubectl工具.md
│ │ ├── 步骤2-创建EKS集群.md
│ │ ├── 步骤3-部署配置aws-load-balancer-controller&2048游戏.md
│ │ ├── 步骤4-可观测性-日志收集.md
│ │ ├── 步骤5-可观测性-prometheus-grafana.md
│ │ ├── 步骤6-使用CodePipeline 实现EKS环境CICD.md
│ │ ├── 步骤7-使用Karpenter实现EKS工作节点弹性伸缩.md
│ │ └── 步骤8-EBS使用.md
│ ├── resources/
│ │ ├── 1.25/
│ │ │ └── eksworkshop.tgz
│ │ ├── aws-load-balancer-controller/
│ │ │ ├── 2048_full_latest.yaml
│ │ │ ├── iam-policy.json
│ │ │ └── v2_2_1_full.yaml
│ │ ├── codepipeline/
│ │ │ ├── aws-auth-patch.yml
│ │ │ └── iam-role-policy
│ │ ├── nginx.yaml
│ │ └── observeration/
│ │ ├── elastisearch.yaml
│ │ ├── fluent-bit.yaml
│ │ ├── grafana.yaml
│ │ └── kibana.yaml
│ └── 通过AWS Cloud9搭建实验环境.md
└── karpenter_handson/
└── 使用Karpenter实现EKS工作节点弹性伸缩.md
SYMBOL INDEX (5 symbols across 1 files) FILE: china/2020_GCR_Kubeflow_Workshop/resources/mnist-tensorflow-jupyter.py function preprocessing (line 15) | def preprocessing(): function train (line 35) | def train(train_images, train_labels, epochs, model_summary_path): function eval (line 59) | def eval(model, test_images, test_labels): function export_model (line 63) | def export_model(model, model_export_path): function main (line 76) | def main(argv=None):
Condensed preview — 299 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (688K chars).
[
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"chars": 197,
"preview": "*Issue #, if available:*\n\n*Description of changes:*\n\n\nBy submitting this pull request, I confirm that you can use, modif"
},
{
"path": ".gitignore",
"chars": 251,
"preview": ".DS_Store\nchina/.DS_Store\nglobal/.DS_Store\nresource/china/ecsdemo-crystal\nresource/china/ecsdemo-frontend\nresource/china"
},
{
"path": "CODE_OF_CONDUCT.md",
"chars": 309,
"preview": "## Code of Conduct\nThis project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-condu"
},
{
"path": "CONTRIBUTING.md",
"chars": 3639,
"preview": "# Contributing Guidelines\n\nThank you for your interest in contributing to our project. Whether it's a bug report, new fe"
},
{
"path": "LICENSE",
"chars": 931,
"preview": "Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.\n\nPermission is hereby granted, free of charge, t"
},
{
"path": "README.md",
"chars": 10446,
"preview": "## AWS GCR EKS Resource \n\n\n\n[AWS EKS集群使用Karpenter实现EC2工作节点弹性伸缩](https://github.com/aws-samples/eks-workshop-greater-chin"
},
{
"path": "china/2020_EKS_Launch_Workshop/README.md",
"chars": 1338,
"preview": "# AWS EKS China Region Launch Hands-on Workshop \n* 概要\n 在本练习中,您将学习如何使用创建、管理AWS EKS平台,并学会如何在EKS中创建集群并使用使用托管节点组/非托管节点组,在"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/IRSA/iam-pod.yaml",
"chars": 337,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: s3-echoer\nspec:\n serviceAccountName: s3-echoer\n containers:\n - name: main\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/alb-ingress-controller/alb-ingress-controller.yaml",
"chars": 3351,
"preview": "# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.\n# This manifest details sensible defaults for "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/alb-ingress-controller/ingress-iam-policy.json",
"chars": 3187,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"acm:DescribeCert"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/alb-ingress-controller/nginx-alb-ingress.yaml",
"chars": 1052,
"preview": "---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-deployment-ingress\n labels:\n app: nginx\nspec:\n rep"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/alb-ingress-controller/rbac-role.yaml",
"chars": 1163,
"preview": "---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n app.kubernetes.io/name: alb-ingre"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/.helmignore",
"chars": 342,
"preview": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/Chart.yaml",
"chars": 378,
"preview": "apiVersion: v1\nappVersion: \"0.5.0\"\nname: aws-ebs-csi-driver\ndescription: A Helm chart for AWS EBS CSI Driver\nversion: 0."
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/NOTES.txt",
"chars": 205,
"preview": "To verify that aws-ebs-csi-driver has started, run:\n\n kubectl get pod -n kube-system -l \"app.kubernetes.io/name={{ in"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/_helpers.tpl",
"chars": 1916,
"preview": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"aws-ebs-csi-driver.name\" -}}\n{"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/csidriver.yaml",
"chars": 138,
"preview": "apiVersion: storage.k8s.io/v1beta1\nkind: CSIDriver\nmetadata:\n name: ebs.csi.aws.com\nspec:\n attachRequired: true\n podI"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/daemonset.yaml",
"chars": 3522,
"preview": "# Node Service\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-node\n namespace: kube-system\nspec:\n selec"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/deployment.yaml",
"chars": 5325,
"preview": "# Controller Service\nkind: Deployment\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-controller\n namespace: kube-system\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/rbac.yaml",
"chars": 7124,
"preview": "---\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: ebs-external-provisioner-role\nrules:\n "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/serviceaccount.yaml",
"chars": 437,
"preview": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: ebs-csi-controller-sa\n namespace: kube-system\n {{- with .Values."
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/statefulset.yaml",
"chars": 645,
"preview": "{{- if .Values.enableVolumeSnapshot }}\r\n#Snapshot controller\r\nkind: StatefulSet\r\napiVersion: apps/v1\r\nmetadata:\r\n name:"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/aws-ebs-csi-driver/values.yaml",
"chars": 2012,
"preview": "# Default values for aws-ebs-csi-driver.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your tem"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/controller.yaml",
"chars": 3161,
"preview": "---\n# Controller Service\nkind: Deployment\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-controller\n namespace: kube-sys"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/csidriver.yaml",
"chars": 143,
"preview": "---\n\napiVersion: storage.k8s.io/v1beta1\nkind: CSIDriver\nmetadata:\n name: ebs.csi.aws.com\nspec:\n attachRequired: true\n "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/kustomization.yaml",
"chars": 157,
"preview": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nnamespace: kube-system\nresources:\n- controller.yaml\n- no"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/node.yaml",
"chars": 2860,
"preview": "---\n# Node Service\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-node\n namespace: kube-system\nspec:\n s"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/base/rbac.yaml",
"chars": 2460,
"preview": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: ebs-csi-controller-sa\n namespace: kube-system\n #Enable if EKS IA"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/cluster/crd_snapshotter.yaml",
"chars": 21389,
"preview": "---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n controller-gen."
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml",
"chars": 520,
"preview": "kind: Deployment\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-controller\n namespace: kube-system\nspec:\n template:\n "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml",
"chars": 544,
"preview": "kind: Deployment\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-controller\n namespace: kube-system\nspec:\n template:\n "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/kustomization.yaml",
"chars": 1004,
"preview": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nbases:\n- ../../base\nimages:\n- name: amazon/aws-ebs-csi-d"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml",
"chars": 1132,
"preview": "---\n\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: ebs-external-resizer-role\nrules:\n # T"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/rbac_add_snapshot_controller.yaml",
"chars": 2113,
"preview": "# RBAC file for the snapshot controller.\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: ebs-snapshot-controller\n "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml",
"chars": 1704,
"preview": "---\n\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: ebs-external-snapshotter-role\nrules:\n "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/snapshot_controller.yaml",
"chars": 552,
"preview": "---\nkind: StatefulSet\napiVersion: apps/v1\nmetadata:\n name: ebs-snapshot-controller\n namespace: kube-system\nspec:\n ser"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/dev/kustomization.yaml",
"chars": 182,
"preview": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nbases:\n- ../../base\nimages:\n- name: amazon/aws-ebs-csi-d"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/kustomization.yaml",
"chars": 806,
"preview": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nbases:\n- ../../base\nimages:\n- name: amazon/aws-ebs-csi-d"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/deploy/kubernetes/secret.yaml",
"chars": 124,
"preview": "apiVersion: v1\nkind: Secret\nmetadata:\n name: aws-secret\n namespace: kube-system\nstringData:\n key_id: \"\"\n access_key:"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/ebs-csi-iam-policy.json",
"chars": 485,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:AttachVolume"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/block-volume/README.md",
"chars": 1188,
"preview": "## Raw Block Volume\nThis example shows how to consume a dynamically-provisioned EBS volume as a raw block device.\n\n### E"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/block-volume/specs/pod.yaml",
"chars": 312,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: app \nspec:\n containers:\n - name: app \n image: busybox \n command: [\"/b"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/block-volume/specs/raw-claim.yaml",
"chars": 208,
"preview": "apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: block-claim\nspec:\n accessModes:\n - ReadWriteOnce\n volu"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/block-volume/specs/storageclass.yaml",
"chars": 143,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: ebs-sc\nprovisioner: ebs.csi.aws.com\nvolumeBindingMode"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/dynamic-provisioning/README.md",
"chars": 671,
"preview": "# Dynamic Volume Provisioning\nThis example shows how to create a EBS volume and consume it from container dynamically.\n\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/dynamic-provisioning/specs/claim.yaml",
"chars": 185,
"preview": "apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: ebs-claim\nspec:\n accessModes:\n - ReadWriteOnce\n storag"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/dynamic-provisioning/specs/pod.yaml",
"chars": 374,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: app\nspec:\n containers:\n - name: app\n image: busybox\n command: [\"/bin/"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/dynamic-provisioning/specs/storageclass.yaml",
"chars": 143,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: ebs-sc\nprovisioner: ebs.csi.aws.com\nvolumeBindingMode"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/resizing/README.md",
"chars": 1327,
"preview": "## Volume Resizing\nThis example shows how to resize EBS persistence volume using volume resizing features.\n\n**Note**\n1. "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/resizing/spec/example.yaml",
"chars": 702,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: resize-sc\nprovisioner: ebs.csi.aws.com\nallowVolumeExp"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/README.md",
"chars": 1807,
"preview": "# Volume Snapshots\n\n## Overview\n\nThis driver implements basic volume snapshotting functionality using the [external snap"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/app/claim.yaml",
"chars": 185,
"preview": "apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: ebs-claim\nspec:\n accessModes:\n - ReadWriteOnce\n storag"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/app/pod.yaml",
"chars": 373,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: app\nspec:\n containers:\n - name: app\n image: centos\n command: [\"/bin/s"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/classes/snapshotclass.yaml",
"chars": 147,
"preview": "apiVersion: snapshot.storage.k8s.io/v1beta1\nkind: VolumeSnapshotClass\nmetadata:\n name: csi-aws-vsc\ndriver: ebs.csi.aws."
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/classes/storageclass.yaml",
"chars": 143,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: ebs-sc\nprovisioner: ebs.csi.aws.com\nvolumeBindingMode"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot/snapshot.yaml",
"chars": 199,
"preview": "apiVersion: snapshot.storage.k8s.io/v1beta1\nkind: VolumeSnapshot\nmetadata:\n name: ebs-volume-snapshot\nspec:\n volumeSna"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot-import/volume-snapshot-content.yaml",
"chars": 339,
"preview": "apiVersion: snapshot.storage.k8s.io/v1beta1\nkind: VolumeSnapshotContent\nmetadata:\n name: static-snapshot-content\nspec:\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot-import/volume-snapshot.yaml",
"chars": 236,
"preview": "apiVersion: snapshot.storage.k8s.io/v1beta1\nkind: VolumeSnapshot\nmetadata:\n name: static-snapshot-demo\n namespace: def"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot-restore/claim.yaml",
"chars": 310,
"preview": "apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: ebs-snapshot-restored-claim\nspec:\n accessModes:\n - Read"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/snapshot/specs/snapshot-restore/pod.yaml",
"chars": 391,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: app\nspec:\n containers:\n - name: app\n image: centos\n command: [\"/bin/s"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/static-provisioning/README.md",
"chars": 1390,
"preview": "# Static Provisioning \nThis example shows how to create and consume persistence volume from exising EBS using static pro"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/static-provisioning/specs/example.yaml",
"chars": 1205,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: ebs-sc\nprovisioner: ebs.csi.aws.com\nvolumeBindingMode"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/storageclass/README.md",
"chars": 988,
"preview": "# Configuring StorageClass\nThis example shows how to configure Kubernetes storageclass to provision EBS volumes with var"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/examples/kubernetes/storageclass/specs/example.yaml",
"chars": 916,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: ebs-sc\nprovisioner: ebs.csi.aws.com\nvolumeBindingMode"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-ebs-csi-driver/updaterole.sh",
"chars": 336,
"preview": "\necho \"CSI Policy ARN| $1\"\n\nCSI_ARN=$1\nROLES=$(aws iam list-roles --query 'Roles[?contains(RoleName,`nodegr`)].RoleName"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.dockerignore",
"chars": 8,
"preview": "vendor/\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/ISSUE_TEMPLATE/bug_report.md",
"chars": 342,
"preview": "---\nname: Bug report\nabout: Create a report to help us improve EBS CSI Driver\nlabels: \n\n---\n\n/kind bug\n\n**What happened?"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/ISSUE_TEMPLATE/enhancement-request.md",
"chars": 595,
"preview": "---\nname: Enhancement request\nabout: Suggest an idea for this project\nlabels: \n\n---\n\n**Is your feature request related t"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/ISSUE_TEMPLATE/feature_request.md",
"chars": 579,
"preview": "---\nname: Feature request\nabout: Suggest an idea for this project\nlabels: \n\n---\n\n**Is your feature request related to a "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/ISSUE_TEMPLATE/support-request.md",
"chars": 434,
"preview": "---\nname: Support request\nabout: Ask questions about the driver\nlabels: \n\n---\n\n<!-- \nSTOP -- PLEASE READ!\n\nGitHub is not"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/PULL_REQUEST_TEMPLATE.md",
"chars": 122,
"preview": "**Is this a bug fix or adding new feature?**\n\n**What is this PR about? / Why do we need it?**\n\n**What testing is done?**"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.github/workflows/container-image.yaml",
"chars": 1305,
"preview": "name: Container Images\n\non: push\njobs:\n build:\n # this is to prevent the job to run at forked projects\n if: githu"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.gitignore",
"chars": 19,
"preview": "*.swp\nbin/\nvendor/\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/.travis.yml",
"chars": 550,
"preview": "language: go\ngo_import_path: github.com/kubernetes-sigs/aws-efs-csi-driver\n\nenv:\n global:\n - GO111MODULE=on\n\ngo:\n -"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/deploy/kubernetes/base/csidriver.yaml",
"chars": 120,
"preview": "---\n\napiVersion: storage.k8s.io/v1beta1\nkind: CSIDriver\nmetadata:\n name: efs.csi.aws.com\nspec:\n attachRequired: false\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/deploy/kubernetes/base/kustomization.yaml",
"chars": 127,
"preview": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nnamespace: kube-system\nresources:\n- node.yaml\n- csidrive"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/deploy/kubernetes/base/node.yaml",
"chars": 2918,
"preview": "---\n# Node Service\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: efs-csi-node\n namespace: kube-system\nspec:\n s"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/kustomization.yaml",
"chars": 481,
"preview": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nbases:\n- ../../base\nimages:\n- name: amazon/aws-efs-csi-d"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/README.md",
"chars": 1543,
"preview": "## Encryption in Transit\nThis example shows how to make a static provisioned EFS persistence volume (PV) mounted inside "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/specs/claim.yaml",
"chars": 185,
"preview": "apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: efs-claim\nspec:\n accessModes:\n - ReadWriteOnce\n storag"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/specs/pod.yaml",
"chars": 378,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: efs-app\nspec:\n containers:\n - name: app\n image: busybox\n command: [\"/"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/specs/pv.yaml",
"chars": 316,
"preview": "apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: efs-pv\nspec:\n capacity:\n storage: 5Gi\n volumeMode: Filesyst"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/encryption_in_transit/specs/storageclass.yaml",
"chars": 125,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: efs-sc\nprovisioner: efs.csi.aws.com\nmountOptions:\n -"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/README.md",
"chars": 1788,
"preview": "## Multiple Pods Read Write Many \nThis example shows how to create a static provisioned EFS persistence volume (PV) and "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/claim.yaml",
"chars": 185,
"preview": "apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: efs-claim\nspec:\n accessModes:\n - ReadWriteMany\n storag"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/pod1.yaml",
"chars": 377,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: app1\nspec:\n containers:\n - name: app1\n image: busybox\n command: [\"/bi"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/pod2.yaml",
"chars": 377,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: app2\nspec:\n containers:\n - name: app2\n image: busybox\n command: [\"/bi"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/pv.yaml",
"chars": 290,
"preview": "apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: efs-pv\nspec:\n capacity:\n storage: 5Gi\n volumeMode: Filesyst"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/multiple_pods/specs/storageclass.yaml",
"chars": 103,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: efs-sc\nprovisioner: efs.csi.aws.com\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/statefulset/README.md",
"chars": 1233,
"preview": "## Use in Stateful Set\nThis example shows how to consume EFS filesystem from StatefulSets using the driver. Before the e"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/statefulset/specs/example.yaml",
"chars": 1127,
"preview": "apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: efs-pv\nspec:\n capacity:\n storage: 5Gi\n volumeMode: Filesyst"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/README.md",
"chars": 1364,
"preview": "## Static Provisioning\nThis example shows how to make a static provisioned EFS persistence volume (PV) mounted inside co"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/specs/claim.yaml",
"chars": 185,
"preview": "apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n name: efs-claim\nspec:\n accessModes:\n - ReadWriteOnce\n storag"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/specs/pod.yaml",
"chars": 378,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: efs-app\nspec:\n containers:\n - name: app\n image: busybox\n command: [\"/"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/specs/pv.yaml",
"chars": 290,
"preview": "apiVersion: v1\nkind: PersistentVolume\nmetadata:\n name: efs-pv\nspec:\n capacity:\n storage: 5Gi\n volumeMode: Filesyst"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/static_provisioning/specs/storageclass.yaml",
"chars": 103,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: efs-sc\nprovisioner: efs.csi.aws.com\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/volume_path/README.md",
"chars": 1473,
"preview": "## EFS Volume Path\nSimilar to [static provisioning example](../static_provisioning). A sub directory of EFS can be mount"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/aws-efs-csi-driver/examples/kubernetes/volume_path/specs/example.yaml",
"chars": 1649,
"preview": "kind: StorageClass\napiVersion: storage.k8s.io/v1\nmetadata:\n name: efs-sc\nprovisioner: efs.csi.aws.com\n---\napiVersion: v"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/cluster-autoscaler/cluster_autoscaler.yml",
"chars": 4620,
"preview": "---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n labels:\n k8s-addon: cluster-autoscaler.addons.k8s.io\n k8s-app:"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/cluster-autoscaler/k8s-asg-policy.json",
"chars": 375,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"autoscaling:Desc"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/cluster-autoscaler/nginx-to-scaleout.yaml",
"chars": 455,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-to-scaleout\nspec:\n replicas: 1\n selector:\n matchLabels"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/efk/fluent-bit.yaml",
"chars": 3146,
"preview": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: fluent-bit\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind:"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/.helmignore",
"chars": 349,
"preview": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/Chart.yaml",
"chars": 135,
"preview": "apiVersion: v2\nname: eks-helm-demo\ndescription: A Helm chart for EKS Workshop Microservices application\nversion: 0.1.0\na"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/deployment/crystal.yaml",
"chars": 618,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: ecsdemo-crystal\n labels:\n app: ecsdemo-crystal\n namespace: d"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/deployment/frontend.yaml",
"chars": 836,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: ecsdemo-frontend\n labels:\n app: ecsdemo-frontend\n namespace:"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/deployment/nodejs.yaml",
"chars": 612,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: ecsdemo-nodejs\n labels:\n app: ecsdemo-nodejs\n namespace: def"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/service/crystal.yaml",
"chars": 174,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: ecsdemo-crystal\nspec:\n selector:\n app: ecsdemo-crystal\n ports:\n - "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/service/frontend.yaml",
"chars": 197,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: ecsdemo-frontend\nspec:\n selector:\n app: ecsdemo-frontend\n type: Load"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/templates/service/nodejs.yaml",
"chars": 172,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: ecsdemo-nodejs\nspec:\n selector:\n app: ecsdemo-nodejs\n ports:\n - p"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/eks-helm-demo/values.yaml",
"chars": 373,
"preview": "# Default values for eksdemo.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\n# "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/healthchecks/liveness-app.yaml",
"chars": 257,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: liveness-app\nspec:\n containers:\n - name: liveness\n image: brentley/ecsde"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/healthchecks/readiness-deployment.yaml",
"chars": 549,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: readiness-deployment\nspec:\n replicas: 3\n selector:\n matchLab"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/hpa/hpa-v2.yaml",
"chars": 2207,
"preview": "apiVersion: v1\nitems:\n- apiVersion: autoscaling/v2beta2\n kind: HorizontalPodAutoscaler\n metadata:\n creationTimestam"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/hpa/php-apache.yaml",
"chars": 591,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: php-apache\nspec:\n selector:\n matchLabels:\n run: php-apac"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/bookinfo-gateway.yaml",
"chars": 708,
"preview": "apiVersion: networking.istio.io/v1alpha3\nkind: Gateway\nmetadata:\n name: bookinfo-gateway\nspec:\n selector:\n istio: i"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/bookinfo.yaml",
"chars": 7674,
"preview": "# Copyright 2017 Istio Authors\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/destination-rule-all.yaml",
"chars": 972,
"preview": "apiVersion: networking.istio.io/v1alpha3\nkind: DestinationRule\nmetadata:\n name: productpage\nspec:\n host: productpage\n "
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-all-v1.yaml",
"chars": 804,
"preview": "apiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: productpage\nspec:\n hosts:\n - productpa"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-ratings-test-abort.yaml",
"chars": 423,
"preview": "apiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: ratings\nspec:\n hosts:\n - ratings\n htt"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-ratings-test-delay.yaml",
"chars": 422,
"preview": "apiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: ratings\nspec:\n hosts:\n - ratings\n htt"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-reviews-50-v3.yaml",
"chars": 290,
"preview": "apiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: reviews\nspec:\n hosts:\n - reviews\n h"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-reviews-test-v2.yaml",
"chars": 334,
"preview": "apiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: reviews\nspec:\n hosts:\n - reviews\n h"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/istio/bookinfo/virtual-service-reviews-v3.yaml",
"chars": 196,
"preview": "apiVersion: networking.istio.io/v1alpha3\nkind: VirtualService\nmetadata:\n name: reviews\nspec:\n hosts:\n - reviews\n h"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico.yaml",
"chars": 16158,
"preview": "---\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: ca"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/allow-ui-client.yaml",
"chars": 254,
"preview": "kind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n namespace: client \n name: allow-ui \nspec:\n podSelecto"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/allow-ui.yaml",
"chars": 252,
"preview": "kind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n namespace: stars\n name: allow-ui \nspec:\n podSelector:"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/backend-policy.yaml",
"chars": 321,
"preview": "kind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n namespace: stars\n name: backend-policy\nspec:\n podSele"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/backend.yaml",
"chars": 677,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: backend \n namespace: stars\nspec:\n ports:\n - port: 6379\n targetPort:"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/client.yaml",
"chars": 700,
"preview": "kind: Namespace\napiVersion: v1\nmetadata:\n name: client\n labels:\n role: client\n---\napiVersion: v1\nkind: ReplicationC"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/default-deny.yaml",
"chars": 124,
"preview": "kind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n name: default-deny\nspec:\n podSelector:\n matchLabels"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/frontend-policy.yaml",
"chars": 325,
"preview": "kind: NetworkPolicy\napiVersion: networking.k8s.io/v1\nmetadata:\n namespace: stars\n name: frontend-policy\nspec:\n podSel"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/frontend.yaml",
"chars": 675,
"preview": "apiVersion: v1\nkind: Service\nmetadata:\n name: frontend \n namespace: stars\nspec:\n ports:\n - port: 80 \n targetPort:"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/management-ui.yaml",
"chars": 673,
"preview": "apiVersion: v1\nkind: Namespace\nmetadata:\n name: management-ui \n labels:\n role: management-ui \n---\napiVersion: v1\nki"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/network-policy/calico_resources/namespace.yaml",
"chars": 54,
"preview": "kind: Namespace\napiVersion: v1\nmetadata:\n name: stars"
},
{
"path": "china/2020_EKS_Launch_Workshop/resource/nginx-app/nginx-nlb.yaml",
"chars": 593,
"preview": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n labels:\n app: nginx\n name: nginx-deployment\nspec:\n replicas: 1\n s"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤1-准备实验环境.md",
"chars": 2479,
"preview": "# 步骤1 准备实验环境\n本次workshop 需要的软件环境有 aws cli , eksctl ,kubectl,以及eks对应操作的IAM权限。\n\n1.1 安装配置 aws cli , version > 1.18.200\n\n >1."
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤10-可用性-健康检查.md",
"chars": 6285,
"preview": "# 步骤10 可用性-健康检查\n默认情况下,如果容器出于任何原因崩溃,Kubernetes将重新它。它使用Liveness和Readiness探针,可以将其配置识别运行状况良好的容器以向其发送流量并在需要时重启它们,保证应用程序运行健壮。\n"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤11-使用Calio加固EKS集群安全.md",
"chars": 5481,
"preview": "# 步骤11 使用Calio加固EKS集群安全\n\nKubernetes Network Policy 网络策略是有关如何允许Pod组与彼此以及其他网络端点进行通信的规范。\nNetwork Policy资源使用标签选择Pods并定义规则,这些"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤12-EFK日志收集.md",
"chars": 7579,
"preview": "12.1 配置工作线程节点的权限\n\n获取工作线程节点Role ARN\n\n```\nSTACK_NAME=$(eksctl get nodegroup --cluster eksworkshop -o json | jq -r '.[].Sta"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤13-Prometheus&Grafana监控.md",
"chars": 7157,
"preview": "13.1 前提条件\n\n检查Helm是否已安装\n\n```\nhelm list\n```\n如未安装Helm,请参照\" 步骤9-使用Helm部署应用/9.1 Install Helm \"安装Helm,并添加stable repository\n\n``"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤14-在EKS集群上部署Istio服务网格.md",
"chars": 6308,
"preview": "# 步骤14 在 EKS 集群上部署 Istio 服务网格\n\n服务网格用来描述组成应用程序的微服务网络以及它们之间的交互。随着服务网格的规模和复杂性不断的增长,它将会变得越来越难以理解和管理。它的需求包括服务发现、负载均衡、故障恢复、度量和"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤2-创建EKS集群.md",
"chars": 6283,
"preview": "# 步骤2 创建EKS集群\n\n2.1 使用eksctl 创建EKS集群(操作需要10-15分钟),该命令同时会创建一个使用t3.small的受管节点组。\n\n详细参考手册\n* [creating-and-managing-clusters]("
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤3-部署官方的KubernetesDashboard.md",
"chars": 781,
"preview": "# 步骤3 部署官方的Kubernetes dashboard\n\n3.1 下载配置文件\n\n```bash\n# 如果采用了2.4 中的镜像webhook,直接进行部署,否则需要修改kubernetes-dashboard.yaml中镜像位置为"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤4-部署微服务以及配置ALBIngressController.md",
"chars": 8420,
"preview": "# 步骤4 部署微服务以及配置ALB Ingress Controller\n\n4.1 参考 eksworkshop的样例,部署微服务 (可选)\n* [eksworkshop的样例微服务] (https://eksworkshop.com/b"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤5-配置使用EBS.md",
"chars": 3611,
"preview": "# 步骤5 配置使用EBS CSI\n\n* [官方ebs-csi指导](https://docs.aws.amazon.com/zh_cn/eks/latest/userguide/ebs-csi.html)\n* [官方eks-persist"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤6-配置使用EFS.md",
"chars": 3943,
"preview": "# 步骤6 配置使用EFS\n\n6.1 创建EFS file system\n```bash\n# 创建EFS Security group\nVPC_ID=$(aws eks describe-cluster --name ${CLUSTER_N"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤7-在EKS中使用IAMRole进行权限管理.md",
"chars": 2780,
"preview": "# 步骤7 在EKS中使用IAM Role进行权限管理\n我们将要为ServiceAccount配置一个S3的访问角色,并且部署一个job应用到EKS集群,完成S3的写入。\n\n[官方文档](https://aws.amazon.com/blo"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤8-对应用Pod和集群进行自动扩展.md",
"chars": 5967,
"preview": "# 步骤8 使用HPA对Pod进行自动扩展, 使用CA对集群进行自动扩展\n\n> 本节目的\n1. 为集群配置一个HPA,并且部署一个应用进行压力测试,验证Pod 横向扩展能力。\n2. 为集群配置一个CA,使用CA对集群进行自动扩展\n\n[官方文"
},
{
"path": "china/2020_EKS_Launch_Workshop/步骤9-使用Helm部署应用.md",
"chars": 8198,
"preview": "# 步骤9 使用Helm部署应用\nHelm帮助您管理Kubernetes应用程序。在原来Kubernetes项目中都是基于yaml文件来进行部署发布微服务化应用的,会分成很多个组件来部署,每个组件可能对应一个deployment.yaml,"
},
{
"path": "china/2020_GCR_Kubeflow_Workshop/Kubeflow_Pipelines.md",
"chars": 5242,
"preview": "### Kubeflow Pipelines与sagemaker集成\n\nKubeflow pipeline是工具包的核心组件之一,在安装Kubeflow时自动部署。Kubeflow管道包括:\n\n- 用于管理和跟踪实验、作业和运行的用户界面("
},
{
"path": "china/2020_GCR_Kubeflow_Workshop/Kubeflow_fairing.md",
"chars": 2651,
"preview": "Kubeflow Fairing是一个Python软件包,可轻松在[Kubeflow](https://www.kubeflow.org/docs/about/kubeflow/)上训练和部署ML模型。Kubeflow Fairing还可以"
},
{
"path": "china/2020_GCR_Kubeflow_Workshop/README.md",
"chars": 567,
"preview": "#### 概要 \n\nKubeflow提供了一种在Kubernetes上运行机器学习工作负载的简单、可移植和可伸缩的方法,使机器学习(ML)工作流在Kubernetes上的部署变得简单、可移植和可伸缩。在本练习中,您将学习如何在EKS中部署和"
},
{
"path": "china/2020_GCR_Kubeflow_Workshop/resources/mnist-tensorflow-jupyter.py",
"chars": 3154,
"preview": "from __future__ import print_function\n\nimport tensorflow as tf\nfrom tensorflow import keras\n\n# Helper libraries\nimport n"
},
{
"path": "china/2020_GCR_Kubeflow_Workshop/创建和使用jupter笔记本.md",
"chars": 2221,
"preview": "#### 配置kubeflow dashboard\n\n检查kubeflow dashboard状态\n\n```bash\nkubectl get service istio-ingressgateway -n istio-system\nNAME"
},
{
"path": "china/2020_GCR_Kubeflow_Workshop/安装Kubeflow.md",
"chars": 18932,
"preview": "#### 前提\n\n本kubeflow workshop 需要的软件环境有 aws cli , eksctl ,kubectl,e aws-iam-authenticator以及eks对应操作的IAM权限。具体安装步骤请参考[2020_EKS"
},
{
"path": "china/2020_GCR_Kubeflow_Workshop/清理资源.md",
"chars": 279,
"preview": "使用以下命令将其删除\n\n```bash\ncd ${KF_DIR} \n#这将删除通过kfctl创建的kubeflow和istio-system名称空间。\nkfctl delete -f ${CONFIG_FILE} \n#删除eks clus"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/Kubeflow on AWS EKS (GCR Region) 部署.md",
"chars": 6333,
"preview": "## Kubeflow on AWS EKS (GCR Region)\n\n### 前置条件\n\n* 安装命令行工具\n\n```bash\n#使用pip安装aws cli ,其他方式请阅读参考文档\npip install awscli\n#配置权限\n"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/resource/app1.yaml",
"chars": 439,
"preview": "apiVersion: kubeflow.org/v1beta1\nkind: Profile\nmetadata:\n name: app1 # replace with the name of profile you want, this"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/resource/aws-alb-config-map.yaml",
"chars": 244,
"preview": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n labels:\n app: aws-alb-ingress-controller\n kustomize.component: aws-alb-"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/resource/dex-config.yaml",
"chars": 731,
"preview": "issuer: http://dex.auth.svc.cluster.local:5556/dex\nstorage:\n type: kubernetes\n config:\n inCluster: true\nweb:\n http"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/resource/ingress-iam-policy.json",
"chars": 3187,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"acm:DescribeCert"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/resource/kfctl_aws.v1.2.0.yaml",
"chars": 3174,
"preview": "apiVersion: kfdef.apps.kubeflow.org/v1\nkind: KfDef\nmetadata:\n clusterName: VOLVO-KUBEFLOW-EKS.cn-northwest-1.eksctl.io\n"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/resource/kfctl_aws.v1.2.0.yaml.tpl",
"chars": 3502,
"preview": "apiVersion: kfdef.apps.kubeflow.org/v1\nkind: KfDef\nmetadata:\n annotations:\n kfctl.kubeflow.io/force-delete: \"false\"\n"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/resource/kubeflow-workshop-eks.yaml",
"chars": 836,
"preview": "apiVersion: eksctl.io/v1alpha5\nkind: ClusterConfig\n\nmetadata:\n name: kubeflow-workshop\n region: cn-northwest-1\n versi"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/resource/mutating-webhook.yaml",
"chars": 2340,
"preview": "apiVersion: admissionregistration.k8s.io/v1beta1\nkind: MutatingWebhookConfiguration\nmetadata:\n name: image-mutating\nweb"
},
{
"path": "china/2021_GCR_Kubeflow_on_EKS/resource/s3-kubeflow-on-eks-app1.json",
"chars": 537,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"A"
},
{
"path": "global/2019_GCR_EKS_Workshop/README.md",
"chars": 1441,
"preview": "##AWS EKS Workshop Greater China\n\nAWS EKS Workshop for Learning EKS for Greater China\n\n- [步骤1: 通过AWSCloud9搭建服务器环境](htt"
},
{
"path": "global/2019_GCR_EKS_Workshop/步骤1-通过AWS Cloud9搭建服务器环境.md",
"chars": 1830,
"preview": "# 进入实验环境\n\n通过浏览器进入 https://dashboard.eventengine.run/ ,填入12位code\n# 步骤1: 通过AWS Cloud9搭建服务器环境\nAWS Cloud9 为您提供了EC2基础设施资源并且一个"
},
{
"path": "global/2019_GCR_EKS_Workshop/步骤2-设置默认region, 安装eksctl, kubectl工具.md",
"chars": 760,
"preview": "# 步骤2: 设置默认region, 安装eksctl, kubectl工具\n\n我们将在步骤1创建的AWS Cloud9 环境里面安装eksctl,kubectl。进入Cloud9编辑器环境后,在终端中输入以下命令,进行安装。\n\n```ba"
},
{
"path": "global/2019_GCR_EKS_Workshop/步骤3-创建EKS集群(启用按需实例和Fargate).md",
"chars": 1463,
"preview": "# 步骤3: 创建EKS集群(启用按需实例和Fargate)\n\n3.1 打开Cloud9终端管理控制台, 使用eksctl 创建EKS集群(操作需要10-15分钟),该命令同时会创建一个使用t3.small的受管节点组。\n\n ```bash"
},
{
"path": "global/2019_GCR_EKS_Workshop/步骤4-部署示例应用,通过HPA测试Fargate弹性伸缩功能.md",
"chars": 2057,
"preview": "# 步骤4: 部署示例应用,通过HPA测试Fargate弹性伸缩功能\r\n我们将要部署Metrics Server,部署标准HPA实例程序hpa-example ,并通过Horizontal Pod Autoscaler (HPA)设置CP"
},
{
"path": "global/2019_GCR_EKS_Workshop/步骤5-在EKS中使用IAM Role进行权限管理(可选).md",
"chars": 1132,
"preview": "# 步骤5:在EKS中使用IAM Role进行权限管理(可选)\r\n我们将要为ServiceAccount配置一个S3的访问角色,并且部署一个job应用到EKS集群,完成S3的写入。\r\n\r\n5.1 配置IAM Role、ServiceAcco"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/README.md",
"chars": 2295,
"preview": "### 0730 深圳 Container Day\n### 0923 成都 Container Day\n\n\n\n实验环境设置\n\n[步骤1 , 通过Cloud9搭建准备实验环境](https://github.com/aws-samples/e"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/docker/Lab2-Docker 基本操作.md",
"chars": 3197,
"preview": "# Docker 基本操作\n\nDocker 是一个开源的商业产品,有两个版本:社区版(Community Edition,缩写为 CE)和企业版(Enterprise Edition,缩写为 EE)。企业版包含了一些收费服务,个人开发者一般"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/docker/Lab3-使用Docker 运行Web服务.md",
"chars": 2619,
"preview": "# 使用Docker 运行Web服务\n\n\n## 实验前准备工作\n\n接下来的实验我们需要构建一个网站,所以我们需要提前开放实例的安全组端口。\n\n- 首先我们需要构建一个额外的安全组开放TCP流量。在运行这个命令前,我们需要提前获取到我们Clo"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/docker/Lab4-多容器管理实践.md",
"chars": 11109,
"preview": "# 多容器管理实践(可选)\n\n在上一节中,我们从一个简单的静态网站开始,然后尝试了Flask应用。只需少量命令,我们都可以在本地和云中运行这两种方法。这两个应用程序的共同点是它们在单个容器中运行。\n\n那些具有在生产环境中运行服务的经验的人知"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/IRSA/iam-pod.yaml",
"chars": 332,
"preview": "apiVersion: v1\nkind: Pod\nmetadata:\n name: s3-echoer\nspec:\n serviceAccountName: s3-echoer\n containers:\n - name: main\n"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/alb-ingress-controller/alb-ingress-controller.yaml",
"chars": 3357,
"preview": "# Application Load Balancer (ALB) Ingress Controller Deployment Manifest.\n# This manifest details sensible defaults for "
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/alb-ingress-controller/iam-policy.json",
"chars": 4071,
"preview": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"acm:DescribeCert"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/alb-ingress-controller/nginx-alb-ingress.yaml",
"chars": 984,
"preview": "---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: nginx-deployment-ingress\n labels:\n app: nginx\nspec:\n rep"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/alb-ingress-controller/rbac-role.yaml",
"chars": 1163,
"preview": "---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n app.kubernetes.io/name: alb-ingre"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/.helmignore",
"chars": 342,
"preview": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/Chart.yaml",
"chars": 378,
"preview": "apiVersion: v1\nappVersion: \"0.5.0\"\nname: aws-ebs-csi-driver\ndescription: A Helm chart for AWS EBS CSI Driver\nversion: 0."
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/NOTES.txt",
"chars": 205,
"preview": "To verify that aws-ebs-csi-driver has started, run:\n\n kubectl get pod -n kube-system -l \"app.kubernetes.io/name={{ in"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/_helpers.tpl",
"chars": 1916,
"preview": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"aws-ebs-csi-driver.name\" -}}\n{"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/csidriver.yaml",
"chars": 138,
"preview": "apiVersion: storage.k8s.io/v1beta1\nkind: CSIDriver\nmetadata:\n name: ebs.csi.aws.com\nspec:\n attachRequired: true\n podI"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/daemonset.yaml",
"chars": 3522,
"preview": "# Node Service\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-node\n namespace: kube-system\nspec:\n selec"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/deployment.yaml",
"chars": 5325,
"preview": "# Controller Service\nkind: Deployment\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-controller\n namespace: kube-system\n"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/rbac.yaml",
"chars": 7124,
"preview": "---\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: ebs-external-provisioner-role\nrules:\n "
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/serviceaccount.yaml",
"chars": 437,
"preview": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: ebs-csi-controller-sa\n namespace: kube-system\n {{- with .Values."
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/templates/statefulset.yaml",
"chars": 645,
"preview": "{{- if .Values.enableVolumeSnapshot }}\r\n#Snapshot controller\r\nkind: StatefulSet\r\napiVersion: apps/v1\r\nmetadata:\r\n name:"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/aws-ebs-csi-driver/values.yaml",
"chars": 2012,
"preview": "# Default values for aws-ebs-csi-driver.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your tem"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/deploy/kubernetes/base/controller.yaml",
"chars": 3161,
"preview": "---\n# Controller Service\nkind: Deployment\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-controller\n namespace: kube-sys"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/deploy/kubernetes/base/csidriver.yaml",
"chars": 143,
"preview": "---\n\napiVersion: storage.k8s.io/v1beta1\nkind: CSIDriver\nmetadata:\n name: ebs.csi.aws.com\nspec:\n attachRequired: true\n "
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/deploy/kubernetes/base/kustomization.yaml",
"chars": 157,
"preview": "apiVersion: kustomize.config.k8s.io/v1beta1\nkind: Kustomization\nnamespace: kube-system\nresources:\n- controller.yaml\n- no"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/deploy/kubernetes/base/node.yaml",
"chars": 2860,
"preview": "---\n# Node Service\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-node\n namespace: kube-system\nspec:\n s"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/deploy/kubernetes/base/rbac.yaml",
"chars": 2460,
"preview": "apiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: ebs-csi-controller-sa\n namespace: kube-system\n #Enable if EKS IA"
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/deploy/kubernetes/cluster/crd_snapshotter.yaml",
"chars": 21389,
"preview": "---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n annotations:\n controller-gen."
},
{
"path": "global/2020_GCR_SZ_ContainerDay/resources/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml",
"chars": 520,
"preview": "kind: Deployment\napiVersion: apps/v1\nmetadata:\n name: ebs-csi-controller\n namespace: kube-system\nspec:\n template:\n "
}
]
// ... and 99 more files (download for full content)
About this extraction
This page contains the full source code of the aws-samples/eks-workshop-greater-china GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 299 files (566.1 KB), approximately 185.1k tokens, and a symbol index with 5 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.