underpost 2.89.37 → 2.89.45
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -2
- package/bin/deploy.js +22 -15
- package/cli.md +89 -61
- package/manifests/deployment/dd-default-development/deployment.yaml +2 -2
- package/manifests/deployment/dd-test-development/deployment.yaml +6 -2
- package/manifests/deployment/dd-test-development/proxy.yaml +2 -0
- package/manifests/deployment/kafka/deployment.yaml +0 -2
- package/manifests/deployment/spark/spark-pi-py.yaml +0 -1
- package/manifests/deployment/tensorflow/tf-gpu-test.yaml +0 -2
- package/manifests/envoy-service-nodeport.yaml +0 -1
- package/manifests/kubeadm-calico-config.yaml +10 -115
- package/manifests/letsencrypt-prod.yaml +0 -1
- package/manifests/mariadb/statefulset.yaml +1 -1
- package/manifests/mongodb/statefulset.yaml +11 -11
- package/manifests/mongodb-4.4/service-deployment.yaml +1 -3
- package/manifests/mysql/pv-pvc.yaml +1 -1
- package/manifests/mysql/statefulset.yaml +1 -1
- package/manifests/valkey/service.yaml +0 -1
- package/manifests/valkey/statefulset.yaml +2 -3
- package/package.json +1 -1
- package/scripts/device-scan.sh +43 -21
- package/scripts/rpmfusion-ffmpeg-setup.sh +1 -0
- package/src/cli/cluster.js +58 -57
- package/src/cli/deploy.js +51 -89
- package/src/cli/index.js +30 -3
- package/src/cli/monitor.js +12 -6
- package/src/cli/repository.js +1 -1
- package/src/cli/run.js +32 -19
- package/src/client/components/core/Logger.js +1 -1
- package/src/client/components/core/Modal.js +5 -0
- package/src/client/components/core/ObjectLayerEngineModal.js +334 -71
- package/src/client/components/core/ObjectLayerEngineViewer.js +170 -403
- package/src/client/components/core/Router.js +10 -1
- package/src/client/services/default/default.management.js +25 -5
- package/src/index.js +1 -1
- package/src/server/client-build.js +5 -4
- package/src/server/conf.js +1 -1
- package/manifests/kubelet-config.yaml +0 -65
- package/manifests/mongodb/backup-access.yaml +0 -16
- package/manifests/mongodb/backup-cronjob.yaml +0 -42
- package/manifests/mongodb/backup-pv-pvc.yaml +0 -22
- package/manifests/mongodb/configmap.yaml +0 -26
package/README.md
CHANGED
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
|
|
19
19
|
<!-- badges -->
|
|
20
20
|
|
|
21
|
-
[](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [](https://www.npmjs.com/package/underpost) [](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [](https://www.npmjs.com/package/underpost) [](https://socket.dev/npm/package/underpost/overview/2.89.45) [](https://coveralls.io/github/underpostnet/engine?branch=master) [](https://www.npmjs.org/package/underpost) [](https://www.npmjs.com/package/underpost)
|
|
22
22
|
|
|
23
23
|
<!-- end-badges -->
|
|
24
24
|
|
|
@@ -66,7 +66,7 @@ Run dev client server
|
|
|
66
66
|
npm run dev
|
|
67
67
|
```
|
|
68
68
|
<!-- -->
|
|
69
|
-
## underpost ci/cd cli v2.89.
|
|
69
|
+
## underpost ci/cd cli v2.89.45
|
|
70
70
|
|
|
71
71
|
### Usage: `underpost [options] [command]`
|
|
72
72
|
```
|
|
@@ -84,6 +84,7 @@ Commands:
|
|
|
84
84
|
env [deploy-id] [env] [subConf] Sets environment variables and configurations related to a specific deployment ID.
|
|
85
85
|
config [options] <operator> [key] [value] Manages Underpost configurations using various operators.
|
|
86
86
|
root Displays the root path of the npm installation.
|
|
87
|
+
ip [options] Displays the current public machine IP addresses.
|
|
87
88
|
cluster [options] [pod-name] Manages Kubernetes clusters, defaulting to Kind cluster initialization.
|
|
88
89
|
deploy [options] [deploy-list] [env] Manages application deployments, defaulting to deploying development pods.
|
|
89
90
|
secret [options] <platform> Manages secrets for various platforms.
|
package/bin/deploy.js
CHANGED
|
@@ -216,7 +216,7 @@ try {
|
|
|
216
216
|
if (argHost.length && argPath.length && (!argHost.includes(host) || !argPath.includes(path))) {
|
|
217
217
|
delete serverConf[host][path];
|
|
218
218
|
} else {
|
|
219
|
-
serverConf[host][path].liteBuild =
|
|
219
|
+
serverConf[host][path].liteBuild = false;
|
|
220
220
|
serverConf[host][path].minifyBuild = process.env.NODE_ENV === 'production' ? true : false;
|
|
221
221
|
if (serverConf[host][path].singleReplica && serverConf[host][path].replicas) {
|
|
222
222
|
deployIdSingleReplicas = deployIdSingleReplicas.concat(
|
|
@@ -1071,34 +1071,39 @@ EOF`);
|
|
|
1071
1071
|
shellExec(args.join(' '));
|
|
1072
1072
|
}
|
|
1073
1073
|
if (process.argv.includes('secret')) {
|
|
1074
|
+
const namespace = process.argv.find((arg) => arg.startsWith('--namespace='))?.split('=')[1] || 'default';
|
|
1074
1075
|
{
|
|
1075
1076
|
const secretSelector = `fastapi-postgres-credentials`;
|
|
1076
|
-
shellExec(`sudo kubectl delete secret ${secretSelector}`);
|
|
1077
|
+
shellExec(`sudo kubectl delete secret ${secretSelector} -n ${namespace} --ignore-not-found`);
|
|
1077
1078
|
shellExec(
|
|
1078
1079
|
`sudo kubectl create secret generic ${secretSelector}` +
|
|
1079
1080
|
` --from-literal=POSTGRES_DB=postgresdb` +
|
|
1080
1081
|
` --from-literal=POSTGRES_USER=admin` +
|
|
1081
|
-
` --from-file=POSTGRES_PASSWORD=/home/dd/engine/engine-private/postgresql-password
|
|
1082
|
+
` --from-file=POSTGRES_PASSWORD=/home/dd/engine/engine-private/postgresql-password` +
|
|
1083
|
+
` --dry-run=client -o yaml | kubectl apply -f - -n ${namespace}`,
|
|
1082
1084
|
);
|
|
1083
1085
|
}
|
|
1084
1086
|
{
|
|
1085
1087
|
const secretSelector = `fastapi-backend-config-secret`;
|
|
1086
|
-
shellExec(`sudo kubectl delete secret ${secretSelector}`);
|
|
1088
|
+
shellExec(`sudo kubectl delete secret ${secretSelector} -n ${namespace} --ignore-not-found`);
|
|
1087
1089
|
shellExec(
|
|
1088
1090
|
`sudo kubectl create secret generic ${secretSelector}` +
|
|
1089
1091
|
` --from-file=SECRET_KEY=/home/dd/engine/engine-private/postgresql-password` +
|
|
1090
1092
|
` --from-literal=FIRST_SUPERUSER=development@underpost.net` +
|
|
1091
|
-
` --from-file=FIRST_SUPERUSER_PASSWORD=/home/dd/engine/engine-private/postgresql-password
|
|
1093
|
+
` --from-file=FIRST_SUPERUSER_PASSWORD=/home/dd/engine/engine-private/postgresql-password` +
|
|
1094
|
+
` --dry-run=client -o yaml | kubectl apply -f - -n ${namespace}`,
|
|
1092
1095
|
);
|
|
1093
1096
|
}
|
|
1094
1097
|
}
|
|
1095
1098
|
if (process.argv.includes('run-back')) {
|
|
1096
|
-
|
|
1097
|
-
shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/backend-
|
|
1099
|
+
const namespace = process.argv.find((arg) => arg.startsWith('--namespace='))?.split('=')[1] || 'default';
|
|
1100
|
+
shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/backend-deployment.yml -n ${namespace}`);
|
|
1101
|
+
shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/backend-service.yml -n ${namespace}`);
|
|
1098
1102
|
}
|
|
1099
1103
|
if (process.argv.includes('run-front')) {
|
|
1100
|
-
|
|
1101
|
-
shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/frontend-
|
|
1104
|
+
const namespace = process.argv.find((arg) => arg.startsWith('--namespace='))?.split('=')[1] || 'default';
|
|
1105
|
+
shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/frontend-deployment.yml -n ${namespace}`);
|
|
1106
|
+
shellExec(`sudo kubectl apply -f ./manifests/deployment/fastapi/frontend-service.yml -n ${namespace}`);
|
|
1102
1107
|
}
|
|
1103
1108
|
break;
|
|
1104
1109
|
}
|
|
@@ -1117,14 +1122,15 @@ EOF`);
|
|
|
1117
1122
|
|
|
1118
1123
|
case 'kafka': {
|
|
1119
1124
|
// https://medium.com/@martin.hodges/deploying-kafka-on-a-kind-kubernetes-cluster-for-development-and-testing-purposes-ed7adefe03cb
|
|
1125
|
+
const namespace = process.argv.find((arg) => arg.startsWith('--namespace='))?.split('=')[1] || 'kafka';
|
|
1120
1126
|
const imageName = `doughgle/kafka-kraft`;
|
|
1121
1127
|
shellExec(`docker pull ${imageName}`);
|
|
1122
1128
|
if (!process.argv.includes('kubeadm'))
|
|
1123
1129
|
shellExec(
|
|
1124
1130
|
`${process.argv.includes('kubeadm') ? `ctr -n k8s.io images import` : `kind load docker-image`} ${imageName}`,
|
|
1125
1131
|
);
|
|
1126
|
-
shellExec(`kubectl create namespace
|
|
1127
|
-
shellExec(`kubectl apply -f ./manifests/deployment/kafka/deployment.yaml`);
|
|
1132
|
+
shellExec(`kubectl create namespace ${namespace} --dry-run=client -o yaml | kubectl apply -f -`);
|
|
1133
|
+
shellExec(`kubectl apply -f ./manifests/deployment/kafka/deployment.yaml -n ${namespace}`);
|
|
1128
1134
|
// kubectl logs kafka-0 -n kafka | grep STARTED
|
|
1129
1135
|
// kubectl logs kafka-1 -n kafka | grep STARTED
|
|
1130
1136
|
// kubectl logs kafka-2 -n kafka | grep STARTED
|
|
@@ -1152,9 +1158,9 @@ libnvidia-container-tools-${NVIDIA_CONTAINER_TOOLKIT_VERSION} \
|
|
|
1152
1158
|
libnvidia-container1-${NVIDIA_CONTAINER_TOOLKIT_VERSION}`);
|
|
1153
1159
|
|
|
1154
1160
|
// https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/latest/getting-started.html
|
|
1155
|
-
|
|
1156
|
-
shellExec(`kubectl create ns
|
|
1157
|
-
shellExec(`kubectl label --overwrite ns
|
|
1161
|
+
const namespace = 'gpu-operator';
|
|
1162
|
+
shellExec(`kubectl create ns ${namespace} --dry-run=client -o yaml | kubectl apply -f -`);
|
|
1163
|
+
shellExec(`kubectl label --overwrite ns ${namespace} pod-security.kubernetes.io/enforce=privileged`);
|
|
1158
1164
|
|
|
1159
1165
|
shellExec(`helm repo add nvidia https://helm.ngc.nvidia.com/nvidia \
|
|
1160
1166
|
&& helm repo update`);
|
|
@@ -1209,7 +1215,8 @@ nvidia/gpu-operator \
|
|
|
1209
1215
|
process.argv.includes('kubeadm') ? `ctr -n k8s.io images import` : `kind load docker-image`
|
|
1210
1216
|
} ${image}`,
|
|
1211
1217
|
);
|
|
1212
|
-
|
|
1218
|
+
const namespace = process.argv.find((arg) => arg.startsWith('--namespace='))?.split('=')[1] || 'default';
|
|
1219
|
+
shellExec(`kubectl apply -f ./manifests/deployment/spark/spark-pi-py.yaml -n ${namespace}`);
|
|
1213
1220
|
|
|
1214
1221
|
// Check the status of the Spark job:
|
|
1215
1222
|
// kubectl get sparkapplications.sparkoperator.k8s.io -n default
|
package/cli.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
## underpost ci/cd cli v2.89.
|
|
1
|
+
## underpost ci/cd cli v2.89.45
|
|
2
2
|
|
|
3
3
|
### Usage: `underpost [options] [command]`
|
|
4
4
|
```
|
|
@@ -16,6 +16,7 @@ Commands:
|
|
|
16
16
|
env [deploy-id] [env] [subConf] Sets environment variables and configurations related to a specific deployment ID.
|
|
17
17
|
config [options] <operator> [key] [value] Manages Underpost configurations using various operators.
|
|
18
18
|
root Displays the root path of the npm installation.
|
|
19
|
+
ip [options] Displays the current public machine IP addresses.
|
|
19
20
|
cluster [options] [pod-name] Manages Kubernetes clusters, defaulting to Kind cluster initialization.
|
|
20
21
|
deploy [options] [deploy-list] [env] Manages application deployments, defaulting to deploying development pods.
|
|
21
22
|
secret [options] <platform> Manages secrets for various platforms.
|
|
@@ -224,6 +225,19 @@ Options:
|
|
|
224
225
|
```
|
|
225
226
|
|
|
226
227
|
|
|
228
|
+
### `ip` :
|
|
229
|
+
```
|
|
230
|
+
Usage: underpost ip [options]
|
|
231
|
+
|
|
232
|
+
Displays the current public machine IP addresses.
|
|
233
|
+
|
|
234
|
+
Options:
|
|
235
|
+
--copy Copies the IP addresses to the clipboard.
|
|
236
|
+
-h, --help display help for command
|
|
237
|
+
|
|
238
|
+
```
|
|
239
|
+
|
|
240
|
+
|
|
227
241
|
### `cluster` :
|
|
228
242
|
```
|
|
229
243
|
Usage: underpost cluster [options] [pod-name]
|
|
@@ -231,66 +245,79 @@ Options:
|
|
|
231
245
|
Manages Kubernetes clusters, defaulting to Kind cluster initialization.
|
|
232
246
|
|
|
233
247
|
Arguments:
|
|
234
|
-
pod-name
|
|
235
|
-
|
|
248
|
+
pod-name Optional: Filters information by a
|
|
249
|
+
specific pod name.
|
|
236
250
|
|
|
237
251
|
Options:
|
|
238
|
-
--reset
|
|
239
|
-
|
|
240
|
-
--mariadb
|
|
241
|
-
|
|
242
|
-
--mysql
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
--
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
--
|
|
252
|
-
|
|
253
|
-
--
|
|
254
|
-
|
|
255
|
-
--
|
|
256
|
-
|
|
257
|
-
--
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
--
|
|
266
|
-
|
|
267
|
-
--
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
--
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
--
|
|
274
|
-
|
|
275
|
-
--
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
--
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
--
|
|
292
|
-
|
|
293
|
-
|
|
252
|
+
--reset Deletes all clusters and prunes all
|
|
253
|
+
related data and caches.
|
|
254
|
+
--mariadb Initializes the cluster with a MariaDB
|
|
255
|
+
statefulset.
|
|
256
|
+
--mysql Initializes the cluster with a MySQL
|
|
257
|
+
statefulset.
|
|
258
|
+
--mongodb Initializes the cluster with a MongoDB
|
|
259
|
+
statefulset.
|
|
260
|
+
--mongo-db-host <host> Set custom mongo db host
|
|
261
|
+
--postgresql Initializes the cluster with a
|
|
262
|
+
PostgreSQL statefulset.
|
|
263
|
+
--mongodb4 Initializes the cluster with a MongoDB
|
|
264
|
+
4.4 service.
|
|
265
|
+
--valkey Initializes the cluster with a Valkey
|
|
266
|
+
service.
|
|
267
|
+
--contour Initializes the cluster with Project
|
|
268
|
+
Contour base HTTPProxy and Envoy.
|
|
269
|
+
--cert-manager Initializes the cluster with a Let's
|
|
270
|
+
Encrypt production ClusterIssuer.
|
|
271
|
+
--dedicated-gpu Initializes the cluster with dedicated
|
|
272
|
+
GPU base resources and environment
|
|
273
|
+
settings.
|
|
274
|
+
--full Initializes the cluster with all
|
|
275
|
+
available statefulsets and services.
|
|
276
|
+
--ns-use <ns-name> Switches the current Kubernetes context
|
|
277
|
+
to the specified namespace (creates if
|
|
278
|
+
it doesn't exist).
|
|
279
|
+
--kubeadm Initializes the cluster using kubeadm
|
|
280
|
+
for control plane management.
|
|
281
|
+
--pod-network-cidr <cidr> Sets custom pod network CIDR for kubeadm
|
|
282
|
+
cluster initialization (defaults to
|
|
283
|
+
"192.168.0.0/16").
|
|
284
|
+
--control-plane-endpoint <endpoint> Sets custom control plane endpoint for
|
|
285
|
+
kubeadm cluster initialization (defaults
|
|
286
|
+
to "localhost:6443").
|
|
287
|
+
--grafana Initializes the cluster with a Grafana
|
|
288
|
+
deployment.
|
|
289
|
+
--prom [hosts] Initializes the cluster with a
|
|
290
|
+
Prometheus Operator deployment and
|
|
291
|
+
monitor scrap for specified hosts.
|
|
292
|
+
--dev Initializes a development-specific
|
|
293
|
+
cluster configuration.
|
|
294
|
+
--list-pods Displays detailed information about all
|
|
295
|
+
pods.
|
|
296
|
+
--info-capacity Displays the current total machine
|
|
297
|
+
capacity information.
|
|
298
|
+
--info-capacity-pod Displays the current machine capacity
|
|
299
|
+
information per pod.
|
|
300
|
+
--pull-image Sets an optional associated image to
|
|
301
|
+
pull during initialization.
|
|
302
|
+
--init-host Installs necessary Kubernetes node CLI
|
|
303
|
+
tools (e.g., kind, kubeadm, docker,
|
|
304
|
+
podman, helm).
|
|
305
|
+
--uninstall-host Uninstalls all host components installed
|
|
306
|
+
by init-host.
|
|
307
|
+
--config Sets the base Kubernetes node
|
|
308
|
+
configuration.
|
|
309
|
+
--worker Sets the context for a worker node.
|
|
310
|
+
--chown Sets the appropriate ownership for
|
|
311
|
+
Kubernetes kubeconfig files.
|
|
312
|
+
--k3s Initializes the cluster using K3s
|
|
313
|
+
(Lightweight Kubernetes).
|
|
314
|
+
--hosts <hosts> A comma-separated list of cluster
|
|
315
|
+
hostnames or IP addresses.
|
|
316
|
+
--remove-volume-host-paths Removes specified volume host paths
|
|
317
|
+
after execution.
|
|
318
|
+
--namespace <namespace> Kubernetes namespace for cluster
|
|
319
|
+
operations (defaults to "default").
|
|
320
|
+
-h, --help display help for command
|
|
294
321
|
|
|
295
322
|
```
|
|
296
323
|
|
|
@@ -317,8 +344,6 @@ Options:
|
|
|
317
344
|
configuration.
|
|
318
345
|
--expose Exposes services matching the provided
|
|
319
346
|
deployment ID list.
|
|
320
|
-
--info-util Displays useful `kubectl` utility
|
|
321
|
-
management commands.
|
|
322
347
|
--cert Resets TLS/SSL certificate secrets for
|
|
323
348
|
deployments.
|
|
324
349
|
--cert-hosts <hosts> Resets TLS/SSL certificate secrets for
|
|
@@ -350,6 +375,8 @@ Options:
|
|
|
350
375
|
--restore-hosts Restores default `/etc/hosts` entries.
|
|
351
376
|
--disable-update-underpost-config Disables updates to Underpost
|
|
352
377
|
configuration during deployment.
|
|
378
|
+
--namespace <namespace> Kubernetes namespace for deployment
|
|
379
|
+
operations (defaults to "default").
|
|
353
380
|
-h, --help display help for command
|
|
354
381
|
|
|
355
382
|
```
|
|
@@ -666,6 +693,7 @@ Options:
|
|
|
666
693
|
--runtime-class-name <name> Sets the runtime class name for the job in deploy-job.
|
|
667
694
|
--image-pull-policy <policy> Sets the image pull policy for the job in deploy-job.
|
|
668
695
|
--api-version <version> Sets the API version for the job manifest in deploy-job.
|
|
696
|
+
--labels <labels> Optional: Specifies a comma-separated list of key-value pairs for labels (e.g., "app=my-app,env=prod").
|
|
669
697
|
--claim-name <name> Optional: Specifies the claim name for volume mounting in deploy-job.
|
|
670
698
|
--kind <kind-type> Specifies the kind of Kubernetes resource (e.g., Job, Deployment) for deploy-job.
|
|
671
699
|
--kubeadm Flag to indicate Kubeadm cluster type context
|
|
@@ -17,7 +17,7 @@ spec:
|
|
|
17
17
|
spec:
|
|
18
18
|
containers:
|
|
19
19
|
- name: dd-default-development-blue
|
|
20
|
-
image: localhost/rockylinux9-underpost:v2.89.
|
|
20
|
+
image: localhost/rockylinux9-underpost:v2.89.45
|
|
21
21
|
# resources:
|
|
22
22
|
# requests:
|
|
23
23
|
# memory: "124Ki"
|
|
@@ -100,7 +100,7 @@ spec:
|
|
|
100
100
|
spec:
|
|
101
101
|
containers:
|
|
102
102
|
- name: dd-default-development-green
|
|
103
|
-
image: localhost/rockylinux9-underpost:v2.89.
|
|
103
|
+
image: localhost/rockylinux9-underpost:v2.89.45
|
|
104
104
|
# resources:
|
|
105
105
|
# requests:
|
|
106
106
|
# memory: "124Ki"
|
|
@@ -3,6 +3,7 @@ apiVersion: apps/v1
|
|
|
3
3
|
kind: Deployment
|
|
4
4
|
metadata:
|
|
5
5
|
name: dd-test-development-blue
|
|
6
|
+
namespace: default
|
|
6
7
|
labels:
|
|
7
8
|
app: dd-test-development-blue
|
|
8
9
|
spec:
|
|
@@ -17,7 +18,7 @@ spec:
|
|
|
17
18
|
spec:
|
|
18
19
|
containers:
|
|
19
20
|
- name: dd-test-development-blue
|
|
20
|
-
image: localhost/rockylinux9-underpost:v2.89.
|
|
21
|
+
image: localhost/rockylinux9-underpost:v2.89.45
|
|
21
22
|
# resources:
|
|
22
23
|
# requests:
|
|
23
24
|
# memory: "96294Ki"
|
|
@@ -49,6 +50,7 @@ apiVersion: v1
|
|
|
49
50
|
kind: Service
|
|
50
51
|
metadata:
|
|
51
52
|
name: dd-test-development-blue-service
|
|
53
|
+
namespace: default
|
|
52
54
|
spec:
|
|
53
55
|
selector:
|
|
54
56
|
app: dd-test-development-blue
|
|
@@ -94,6 +96,7 @@ apiVersion: apps/v1
|
|
|
94
96
|
kind: Deployment
|
|
95
97
|
metadata:
|
|
96
98
|
name: dd-test-development-green
|
|
99
|
+
namespace: default
|
|
97
100
|
labels:
|
|
98
101
|
app: dd-test-development-green
|
|
99
102
|
spec:
|
|
@@ -108,7 +111,7 @@ spec:
|
|
|
108
111
|
spec:
|
|
109
112
|
containers:
|
|
110
113
|
- name: dd-test-development-green
|
|
111
|
-
image: localhost/rockylinux9-underpost:v2.89.
|
|
114
|
+
image: localhost/rockylinux9-underpost:v2.89.45
|
|
112
115
|
# resources:
|
|
113
116
|
# requests:
|
|
114
117
|
# memory: "96294Ki"
|
|
@@ -140,6 +143,7 @@ apiVersion: v1
|
|
|
140
143
|
kind: Service
|
|
141
144
|
metadata:
|
|
142
145
|
name: dd-test-development-green-service
|
|
146
|
+
namespace: default
|
|
143
147
|
spec:
|
|
144
148
|
selector:
|
|
145
149
|
app: dd-test-development-green
|
|
@@ -4,6 +4,7 @@ apiVersion: projectcontour.io/v1
|
|
|
4
4
|
kind: HTTPProxy
|
|
5
5
|
metadata:
|
|
6
6
|
name: test.nexodev.org
|
|
7
|
+
namespace: default
|
|
7
8
|
spec:
|
|
8
9
|
virtualhost:
|
|
9
10
|
fqdn: test.nexodev.org
|
|
@@ -31,6 +32,7 @@ apiVersion: projectcontour.io/v1
|
|
|
31
32
|
kind: HTTPProxy
|
|
32
33
|
metadata:
|
|
33
34
|
name: stagging.nexodev.org
|
|
35
|
+
namespace: default
|
|
34
36
|
spec:
|
|
35
37
|
virtualhost:
|
|
36
38
|
fqdn: stagging.nexodev.org
|
|
@@ -2,7 +2,6 @@ apiVersion: apps/v1
|
|
|
2
2
|
kind: StatefulSet
|
|
3
3
|
metadata:
|
|
4
4
|
name: kafka
|
|
5
|
-
namespace: kafka
|
|
6
5
|
labels:
|
|
7
6
|
app: kafka-app
|
|
8
7
|
spec:
|
|
@@ -54,7 +53,6 @@ apiVersion: v1
|
|
|
54
53
|
kind: Service
|
|
55
54
|
metadata:
|
|
56
55
|
name: kafka-svc
|
|
57
|
-
namespace: kafka
|
|
58
56
|
labels:
|
|
59
57
|
app: kafka-app
|
|
60
58
|
spec:
|
|
@@ -3,7 +3,6 @@ apiVersion: v1
|
|
|
3
3
|
kind: ConfigMap
|
|
4
4
|
metadata:
|
|
5
5
|
name: tf-gpu-test-script
|
|
6
|
-
namespace: default
|
|
7
6
|
data:
|
|
8
7
|
main_tf_gpu_test.py: |
|
|
9
8
|
import os
|
|
@@ -37,7 +36,6 @@ apiVersion: v1
|
|
|
37
36
|
kind: Pod
|
|
38
37
|
metadata:
|
|
39
38
|
name: tf-gpu-test-pod
|
|
40
|
-
namespace: default
|
|
41
39
|
spec:
|
|
42
40
|
restartPolicy: Never
|
|
43
41
|
runtimeClassName: nvidia
|
|
@@ -1,119 +1,14 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
# 2. A permissive Egress NetworkPolicy for the 'default' namespace
|
|
4
|
-
#
|
|
5
|
-
# These are standard Kubernetes resources that can be applied directly using 'kubectl apply'.
|
|
6
|
-
# The kubeadm-specific ClusterConfiguration and InitConfiguration have been removed
|
|
7
|
-
# as they are only processed by the 'kubeadm init' command, not 'kubectl apply'.
|
|
8
|
-
|
|
9
|
-
# --- Calico Installation: Base configuration for Calico ---
|
|
10
|
-
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation
|
|
11
|
-
apiVersion: operator.tigera.io/v1
|
|
12
|
-
kind: Installation
|
|
1
|
+
apiVersion: crd.projectcalico.org/v1
|
|
2
|
+
kind: GlobalNetworkPolicy
|
|
13
3
|
metadata:
|
|
14
|
-
name:
|
|
4
|
+
name: allow-all-egress-cluster
|
|
15
5
|
spec:
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
ipPools:
|
|
20
|
-
- blockSize: 26
|
|
21
|
-
cidr: 192.168.0.0/16
|
|
22
|
-
encapsulation: VXLANCrossSubnet
|
|
23
|
-
natOutgoing: Enabled
|
|
24
|
-
nodeSelector: all()
|
|
25
|
-
|
|
26
|
-
---
|
|
27
|
-
# This section configures the Calico API server.
|
|
28
|
-
# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer
|
|
29
|
-
apiVersion: operator.tigera.io/v1
|
|
30
|
-
kind: APIServer
|
|
31
|
-
metadata:
|
|
32
|
-
name: default
|
|
33
|
-
spec: {}
|
|
34
|
-
|
|
35
|
-
---
|
|
36
|
-
# This consolidated NetworkPolicy file ensures that all pods in the specified namespaces
|
|
37
|
-
# have unrestricted egress (outbound) access.
|
|
38
|
-
# This is useful for troubleshooting or for environments where strict egress control
|
|
39
|
-
# is not immediately required for these system/default namespaces.
|
|
40
|
-
|
|
41
|
-
---
|
|
42
|
-
# Policy for the 'default' namespace
|
|
43
|
-
apiVersion: networking.k8s.io/v1
|
|
44
|
-
kind: NetworkPolicy
|
|
45
|
-
metadata:
|
|
46
|
-
name: allow-all-egress-default-namespace
|
|
47
|
-
namespace: default # This policy applies to the 'default' namespace
|
|
48
|
-
spec:
|
|
49
|
-
podSelector: {} # Selects all pods in this namespace
|
|
50
|
-
policyTypes:
|
|
51
|
-
- Egress
|
|
52
|
-
egress:
|
|
53
|
-
- to:
|
|
54
|
-
- ipBlock:
|
|
55
|
-
cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
|
|
56
|
-
|
|
57
|
-
---
|
|
58
|
-
# Policy for the 'kube-system' namespace
|
|
59
|
-
apiVersion: networking.k8s.io/v1
|
|
60
|
-
kind: NetworkPolicy
|
|
61
|
-
metadata:
|
|
62
|
-
name: allow-all-egress-kube-system-namespace
|
|
63
|
-
namespace: kube-system # This policy applies to the 'kube-system' namespace
|
|
64
|
-
spec:
|
|
65
|
-
podSelector: {} # Selects all pods in this namespace
|
|
66
|
-
policyTypes:
|
|
67
|
-
- Egress
|
|
68
|
-
egress:
|
|
69
|
-
- to:
|
|
70
|
-
- ipBlock:
|
|
71
|
-
cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
|
|
72
|
-
|
|
73
|
-
---
|
|
74
|
-
# Policy for the 'kube-node-lease' namespace
|
|
75
|
-
apiVersion: networking.k8s.io/v1
|
|
76
|
-
kind: NetworkPolicy
|
|
77
|
-
metadata:
|
|
78
|
-
name: allow-all-egress-kube-node-lease-namespace
|
|
79
|
-
namespace: kube-node-lease # This policy applies to the 'kube-node-lease' namespace
|
|
80
|
-
spec:
|
|
81
|
-
podSelector: {} # Selects all pods in this namespace
|
|
82
|
-
policyTypes:
|
|
83
|
-
- Egress
|
|
84
|
-
egress:
|
|
85
|
-
- to:
|
|
86
|
-
- ipBlock:
|
|
87
|
-
cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
|
|
88
|
-
|
|
89
|
-
---
|
|
90
|
-
# Policy for the 'kube-public' namespace
|
|
91
|
-
apiVersion: networking.k8s.io/v1
|
|
92
|
-
kind: NetworkPolicy
|
|
93
|
-
metadata:
|
|
94
|
-
name: allow-all-egress-kube-public-namespace
|
|
95
|
-
namespace: kube-public # This policy applies to the 'kube-public' namespace
|
|
96
|
-
spec:
|
|
97
|
-
podSelector: {} # Selects all pods in this namespace
|
|
98
|
-
policyTypes:
|
|
99
|
-
- Egress
|
|
100
|
-
egress:
|
|
101
|
-
- to:
|
|
102
|
-
- ipBlock:
|
|
103
|
-
cidr: 0.0.0.0/0 # Allows traffic to any IPv4 address
|
|
104
|
-
|
|
105
|
-
---
|
|
106
|
-
# Policy for the 'tigera-operator' namespace
|
|
107
|
-
apiVersion: networking.k8s.io/v1
|
|
108
|
-
kind: NetworkPolicy
|
|
109
|
-
metadata:
|
|
110
|
-
name: allow-all-egress-tigera-operator-namespace
|
|
111
|
-
namespace: tigera-operator # This policy applies to the 'tigera-operator' namespace
|
|
112
|
-
spec:
|
|
113
|
-
podSelector: {} # Selects all pods in this namespace
|
|
114
|
-
policyTypes:
|
|
6
|
+
selector: all()
|
|
7
|
+
order: 1000
|
|
8
|
+
types:
|
|
115
9
|
- Egress
|
|
116
10
|
egress:
|
|
117
|
-
-
|
|
118
|
-
|
|
119
|
-
|
|
11
|
+
- action: Allow
|
|
12
|
+
destination:
|
|
13
|
+
nets:
|
|
14
|
+
- 0.0.0.0/0
|