Add files via upload

citrix-k8s-ingress-controller-cpx-cic.yaml.old.yaml

@@ -0,0 +1,170 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: cpx-ingress-k8s-role
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints", "ingresses", "pods", "secrets", "nodes", "routes", "namespaces", "configmaps"]
+    verbs: ["get", "list", "watch"]
+  # services/status is needed to update the loadbalancer IP in service status for integrating
+  # service of type LoadBalancer with external-dns
+  - apiGroups: [""]
+    resources: ["services/status"]
+    verbs: ["patch"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create"]
+  - apiGroups: ["extensions", "networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["extensions", "networking.k8s.io"]
+    resources: ["ingresses/status"]
+    verbs: ["patch"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["citrix.com"]
+    resources: ["rewritepolicies", "authpolicies", "ratelimits", "listeners", "httproutes", "continuousdeployments", "apigatewaypolicies", "wafs", "bots"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch"]
+  - apiGroups: ["citrix.com"]
+    resources: ["rewritepolicies/status", "continuousdeployments/status", "authpolicies/status", "ratelimits/status", "listeners/status", "httproutes/status", "wafs/status", "apigatewaypolicies/status", "bots/status"]
+    verbs: ["get", "list", "patch"]
+  - apiGroups: ["citrix.com"]
+    resources: ["vips"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: ["route.openshift.io"]
+    resources: ["routes"]
+    verbs: ["get", "list", "watch"]
+
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: cpx-ingress-k8s-role
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cpx-ingress-k8s-role
+subjects:
+- kind: ServiceAccount
+  name: cpx-ingress-k8s-role
+  namespace: default
+apiVersion: rbac.authorization.k8s.io/v1
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cpx-ingress-k8s-role
+  namespace: default
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: citrix101-lab04-demo01-cpx-ingress
+  labels:
+    name: citrix101-lab04-demo01-cpx-ingress
+    app: citrix101-lab04-demo01-cpx-ingress
+spec:
+  selector:
+    matchLabels:
+      app: citrix101-lab04-demo01-cpx-ingress
+  replicas: 1
+  template:
+    metadata:
+      name: citrix101-lab04-demo01-cpx-ingress
+      labels:
+        app: citrix101-lab04-demo01-cpx-ingress
+      annotations: null
+    spec:
+      serviceAccountName: cpx-ingress-k8s-role
+      containers:
+        - name: citrix101-lab04-demo01-cpx-ingress
+          image: quay.io/citrix/citrix-k8s-cpx-ingress:13.0-71.40
+          securityContext:
+             privileged: true
+          env:
+          - name: "EULA"
+            value: "yes"
+          - name: "KUBERNETES_TASK_ID"
+            value: ""
+          imagePullPolicy: Always
+          volumeMounts:
+            - mountPath: /var/deviceinfo
+              name: shared-data
+            - mountPath: /cpx/conf/
+              name: cpx-volume1
+            - mountPath: /cpx/crash/
+              name: cpx-volume2
+        # Add cic as a sidecar
+        - name: citrix101-lab04-demo01-cic
+          image: quay.io/citrix/citrix-k8s-ingress-controller:1.12.2
+          volumeMounts:
+          - mountPath: /var/deviceinfo
+            name: shared-data
+          args:
+          - --ingress-classes
+              cpx
+          env:
+          - name: "EULA"
+            value: "yes"
+          - name: "NS_IP"
+            value: "127.0.0.1"
+          - name: "NS_PROTOCOL"
+            value: "HTTP"
+          - name: "NS_PORT"
+            value: "80"
+          - name: "NS_DEPLOYMENT_MODE"
+            value: "SIDECAR"
+          - name: "NS_ENABLE_MONITORING"
+            value: "YES"
+          - name: "LOGLEVEL"
+            value: "INFO"
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.name
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: metadata.namespace
+          imagePullPolicy: Always
+      volumes:
+      - name: shared-data
+        emptyDir: {}
+      - name: cpx-volume1
+        emptyDir: {}
+      - name: cpx-volume2
+        emptyDir: {}
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: citrix101-lab04-demo01-cpx-service
+  labels:
+    app: citrix101-lab04-demo01-cpx-service
+spec:
+  type: NodePort
+  ports:
+  - port: 80
+    protocol: TCP
+    name: http
+  - port: 443
+    protocol: TCP
+    name: https
+  selector:
+    app: citrix101-lab04-demo01-cpx-ingress

citrix101-lab02-k8s-deploy-application.md

@@ -2,7 +2,7 @@
 
 ## 更新时间
 
-2021.01.24
+2021.02.28
 
 ## 1. 实验拓扑
 
@@ -75,6 +75,14 @@ kubectl describe pod citrix101-lab02-demo1
 
 ![](./images/101-lab2-k8s-deploy-application-04.png)
 
+获取容器的Shell
+
+```
+kubectl exec citrix101-lab02-demo1 -- ls -lah
+```
+
+![](./images/101-lab2-k8s-deploy-application-04a.png)
+
 SSH到2个Node节点（Worker1, Worker2)，然后查看当前正在运行的container信息
 
 ```

citrix101-lab03-demo05-cic-k8s-ingress-controller-vpx.yaml

@@ -0,0 +1,118 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cic-k8s-role
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints", "ingresses", "pods", "secrets", "nodes", "routes", "namespaces", "configmaps"]
+    verbs: ["get", "list", "watch"]
+  # services/status is needed to update the loadbalancer IP in service status for integrating
+  # service of type LoadBalancer with external-dns
+  - apiGroups: [""]
+    resources: ["services/status"]
+    verbs: ["patch"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create"]
+  - apiGroups: ["extensions", "networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["extensions", "networking.k8s.io"]
+    resources: ["ingresses/status"]
+    verbs: ["patch"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["citrix.com"]
+    resources: ["rewritepolicies", "authpolicies", "ratelimits", "listeners", "httproutes", "continuousdeployments", "apigatewaypolicies", "wafs", "bots"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch"]
+  - apiGroups: ["citrix.com"]
+    resources: ["rewritepolicies/status", "continuousdeployments/status", "authpolicies/status", "ratelimits/status", "listeners/status", "httproutes/status", "wafs/status", "apigatewaypolicies/status", "bots/status"]
+    verbs: ["get", "list", "patch"]
+  - apiGroups: ["citrix.com"]
+    resources: ["vips"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: ["route.openshift.io"]
+    resources: ["routes"]
+    verbs: ["get", "list", "watch"]
+
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cic-k8s-role
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cic-k8s-role
+subjects:
+- kind: ServiceAccount
+  name: cic-k8s-role
+  namespace: default
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cic-k8s-role
+  namespace: default
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cic-k8s-ingress-controller-vpx
+spec:
+  selector:
+    matchLabels:
+      app: cic-k8s-ingress-controller-vpx
+  replicas: 1
+  template:
+    metadata:
+      name: cic-k8s-ingress-controller-vpx
+      labels:
+        app: cic-k8s-ingress-controller-vpx
+      annotations:
+    spec: 
+      serviceAccountName: cic-k8s-role
+      containers:
+      - name: cic-k8s-ingress-controller-vpx
+        image: "quay.io/citrix/citrix-k8s-ingress-controller:1.12.2"
+        env:
+         # Set NetScaler NSIP/SNIP, SNIP in case of HA (mgmt has to be enabled) 
+         - name: "NS_IP"
+           value: "192.168.204.202"
+         # Set username for Nitro
+         - name: "NS_USER"
+           valueFrom:
+            secretKeyRef:
+             name: nslogin
+             key: username
+         - name: "LOGLEVEL"
+           value: "INFO"
+         # Set user password for Nitro
+         - name: "NS_PASSWORD"
+           valueFrom:
+            secretKeyRef:
+             name: nslogin
+             key: password
+         # Set log level
+         - name: "EULA"
+           value: "yes"
+         # Set Prefix of LB and CS configuration on VPX
+         - name: "NS_APPS_NAME_PREFIX"
+           value: "stu01"
+        args:
+          - --ingress-classes
+            citrix-cic-vpx
+          - --feature-node-watch
+            false
+        imagePullPolicy: Always

citrix101-lab03-demo05-ingress.yaml

@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   name: citrix101-lab03-demo05-ingress
   annotations:
-   kubernetes.io/ingress.class: "citrix"
+   kubernetes.io/ingress.class: "citrix-cic-vpx"
    ingress.citrix.com/insecure-termination: "redirect"
    ingress.citrix.com/frontend-ip: "192.168.203.14"
 spec:

citrix101-lab03-unified-ingress.md

@@ -2,7 +2,7 @@
 
 ## 更新时间
 
-2021.01.26
+2021.02.28
 
 ## 1. 实验拓扑
 
@@ -41,10 +41,10 @@ kubectl get deployments -o wide
 通过curl命令访问这4个Pod IP地址，确认业务访问
 
 ```
-curl http://10.36.0.2
-curl http://10.36.0.3
-curl http://10.44.0.2
-curl http://10.44.0.3
+curl http://10.10.10.65
+curl http://10.10.10.66
+curl http://10.10.10.193
+curl http://10.10.10.194
 ```
 
 ![](./images/101-lab03-k8s-unified-ingress-04.png)
@@ -217,8 +217,8 @@ kubectl apply -f citrix101-lab03-demo05.yaml
 ```
 kubectl expose deployment citrix101-lab03-demo05 --type=NodePort --name=citrix101-lab03-demo05-nodeport --port=8080 --target-port=80
 kubectl get svc -o wide
-curl http://10.100.227.224:8080
-curl http://192.168.204.11:31513
+curl http://10.106.185.244:8080
+curl http://192.168.204.12:31321
 ```
 
 ![](./images/101-lab03-k8s-unified-ingress-45.png)
@@ -231,18 +231,18 @@ kubectl create secret  generic nslogin --from-literal=username='nsroot' --from-l
 
 ![](./images/101-lab03-k8s-unified-ingress-46.png)
 
-查看Citrix Ingress Controller的yaml配置文件"citrix-k8s-ingress-controller.yaml"
+查看Citrix Ingress Controller的yaml配置文件"citrix101-lab03-demo05-cic-k8s-ingress-controller-vpx.yaml"，留意Prefix和Ingress Class的值
 
 ```
-cat citrix-k8s-ingress-controller.yaml
+cat citrix101-lab03-demo05-cic-k8s-ingress-controller-vpx.yaml
 ```
 
 ![](./images/101-lab03-k8s-unified-ingress-47.png)
 
 部署这个yaml文件，然后查看pod信息
 
 ```
-kubectl apply -f citrix-k8s-ingress-controller.yaml
+kubectl apply -f citrix101-lab03-demo05-cic-k8s-ingress-controller-vpx.yaml
 kubectl get deployments -o wide
 kubectl get pods -o wide
 ```
@@ -251,7 +251,9 @@ kubectl get pods -o wide
 
 查看ingress配置文件"citrix101-lab03-demo05-ingress.yaml"，在这个yaml文件里面通过Annotation功能配置了Load Balancing的VIP地址信息并关联ingress.class为"citrix"
 
+```
 cat citrix101-lab03-demo05-ingress.yaml
+```
 
 ![](./images/101-lab03-k8s-unified-ingress-49.png)