The following is a good diagram of the various services running. Note, we can use infranodes to pull those cluster services from the compute nodes (things like registry, observability, monitoring, etc). Diagram from the docs.
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: podman-priv | |
| spec: | |
| containers: | |
| - name: priv | |
| image: quay.io/podman/stable:v4.4.1 | |
| args: | |
| - sleep |
The code for this project is here git@github.com:jkeam/spring-petclinic-pac.git and the file we should be using is .gitlab-ci-kube.yml so in the repo that's in GitLab, make sure to blow away the original .gitlab-ci.yml and rename .gitlab-ci-kube.yml to .gitlab-ci.yml.
Something like below:
KUBE_CONFIG with fresh OCP token| # Pod Security Admission Demo | |
| ## Part 1 - What is this | |
| 1. New Project: | |
| oc new-project psa-test | |
| 2. Create deployment | |
| oc create -f https://raw.githubusercontent.com/radikaled/psa/main/deploy/psa-test-deployment.yaml |
Automatically create an EgressNetworkPolicy (note this is for OpenShiftSDN, for OVNKubernetes use EgressFirewall)
oc new-project before
oc get EgressNetworkPolicy # notice nothing is returned
| #!/bin/bash | |
| openssl genrsa -des3 -out server.pass.key 2048 | |
| openssl rsa -in server.pass.key -out server.key | |
| openssl req -nodes -new -key server.key -out server.csr |
| #!/bin/bash | |
| stern --selector=app=sticky-sessions-app | |
| # add timestamps: stern -t --selector=app=sticky-sessions-app |
| #!/bin/bash | |
| # Types of Droplets | |
| # s-2vcpu-4gb | |
| # s-4vcpu-8gb | |
| # | |
| # Creation Params | |
| # doctl compute ssh-key list | |
| # doctl compute droplet list | |
| # |