ekojs/apache.yaml

## apache.yaml
apiVersion: v1
kind: Service
metadata:
  name: apache
  labels:
    app: apache
spec:
  ports:
  - port: 80
    name: theweb
  selector:
    app: apache
    env: prod
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: theweb
spec:
  serviceName: "apache"
  replicas: 2
  selector:
    matchLabels:
      app: apache
  template:
    metadata:
      labels:
        app: apache
        env: prod
    spec:
      containers:
      - name: apache
        image: php:8.2.4-apache
        ports:
        - containerPort: 80
          name: theweb
        volumeMounts:
        - name: www
          mountPath: /var/www/html
  volumeClaimTemplates:
  - metadata:
      name: www
    spec:
      storageClassName: your-ns-local-pv
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 100Mi

## devops_roles.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: your-ns
  labels:
    name: your-ns
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: your-ns
  name: devops-mgr
rules:
- apiGroups: ["", "extensions", "apps", "batch", "autoscaling"]
  resources: ["pods/attach" , "pods/log", "pods/exec", "pods/portforward", "pods/proxy", "secrets", "services/proxy", "services", "deployments", "deployments/scale", "replicasets", "pods", "replicationcontrollers", "daemonsets", "statefulsets", "statefulsets/scale", "horizontalpodautoscalers", "cronjobs", "jobs"]
  #verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]
  verbs: ["*"]
- apiGroups: [""]
  resources: ["persistentvolumeclaims"]
  verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: devops-mgr-binding
  namespace: your-ns
subjects:
- kind: User
  name: your-user
  apiGroup: ""
roleRef:
  kind: Role
  name: devops-mgr
  apiGroup: ""

## pv.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: your-ns-local-pv
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: your-ns-local-pv
  labels:
    app: theweb
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: your-ns-local-pv
  local:
    path: /opt/k8s/your-ns/local-pv/pv
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: kubernetes.io/hostname
          operator: In
          values:
          - your-node
	apiVersion: v1
	kind: Service
	metadata:
	name: apache
	labels:
	app: apache
	spec:
	ports:
	- port: 80
	name: theweb
	selector:
	app: apache
	env: prod
	---
	apiVersion: apps/v1
	kind: StatefulSet
	metadata:
	name: theweb
	spec:
	serviceName: "apache"
	replicas: 2
	selector:
	matchLabels:
	app: apache
	template:
	metadata:
	labels:
	app: apache
	env: prod
	spec:
	containers:
	- name: apache
	image: php:8.2.4-apache
	ports:
	- containerPort: 80
	name: theweb
	volumeMounts:
	- name: www
	mountPath: /var/www/html
	volumeClaimTemplates:
	- metadata:
	name: www
	spec:
	storageClassName: your-ns-local-pv
	accessModes: [ "ReadWriteOnce" ]
	resources:
	requests:
	storage: 100Mi
	apiVersion: v1
	kind: Namespace
	metadata:
	name: your-ns
	labels:
	name: your-ns
	---
	kind: Role
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	namespace: your-ns
	name: devops-mgr
	rules:
	- apiGroups: ["", "extensions", "apps", "batch", "autoscaling"]
	resources: ["pods/attach" , "pods/log", "pods/exec", "pods/portforward", "pods/proxy", "secrets", "services/proxy", "services", "deployments", "deployments/scale", "replicasets", "pods", "replicationcontrollers", "daemonsets", "statefulsets", "statefulsets/scale", "horizontalpodautoscalers", "cronjobs", "jobs"]
	#verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]
	verbs: ["*"]
	- apiGroups: [""]
	resources: ["persistentvolumeclaims"]
	verbs: ["*"]
	---
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: devops-mgr-binding
	namespace: your-ns
	subjects:
	- kind: User
	name: your-user
	apiGroup: ""
	roleRef:
	kind: Role
	name: devops-mgr
	apiGroup: ""
	apiVersion: storage.k8s.io/v1
	kind: StorageClass
	metadata:
	name: your-ns-local-pv
	provisioner: kubernetes.io/no-provisioner
	volumeBindingMode: WaitForFirstConsumer
	---
	apiVersion: v1
	kind: PersistentVolume
	metadata:
	name: your-ns-local-pv
	labels:
	app: theweb
	spec:
	capacity:
	storage: 1Gi
	volumeMode: Filesystem
	accessModes:
	- ReadWriteOnce
	persistentVolumeReclaimPolicy: Retain
	storageClassName: your-ns-local-pv
	local:
	path: /opt/k8s/your-ns/local-pv/pv
	nodeAffinity:
	required:
	nodeSelectorTerms:
	- matchExpressions:
	- key: kubernetes.io/hostname
	operator: In
	values:
	- your-node