matharoo

## vpa.yaml
apiVersion: autoscaling.k8s.io/v1beta2
kind: VerticalPodAutoscaler
metadata:
  name: mynode-app-vpa-recommender
spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: Deployment
    name: mynode-app
  updatePolicy:

## kind-config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
# patch the generated kubeadm config with some extra settings
kubeadmConfigPatches:
- |
  apiVersion: kubelet.config.k8s.io/v1beta1
  kind: KubeletConfiguration
  evictionHard:
    nodefs.available: "0%"
# patch it further using a JSON 6902 patch

## poddisruptionbudget.yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
  name: mynode-pdb
spec:
  minAvailable: 3
  selector:
    matchLabels:
      app: mynode-app

## hpa.yaml
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
  name: mynode-app-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: mynode-app
  minReplicas: 2

## role-binding-mike.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: read-pods
  namespace: nodejs
subjects:
- kind: User
  name: mike
  apiGroup: rbac.authorization.k8s.io
roleRef:

## role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: nodejs
  name: pod-reader
rules:
- apiGroups: [""] # “” indicates the core API group
  resources: ["pods"]
  verbs: ["get", "watch", "list"]

## certificate.yaml
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: selfsigned-crt
spec:
  secretName: tls-secret
  duration: 170000h
  renewBefore: 72h
  issuerRef:
    kind: Issuer

## mynode-ingress-tls.yaml
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: mynode-ingress
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    cert-manager.io/issuer: "selfsigned"
spec:
  tls:

## letsencrypt-issuer-dns01.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: YOUR EMAIL ID
    privateKeySecretRef:
      name: letsencrypt-prod

## letsencrypt-issuer-http01.yaml
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: letsencrypt
  namespace: cert-manager
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt
	apiVersion: autoscaling.k8s.io/v1beta2
	kind: VerticalPodAutoscaler
	metadata:
	name: mynode-app-vpa-recommender
	spec:
	targetRef:
	apiVersion: "apps/v1"
	kind: Deployment
	name: mynode-app
	updatePolicy:
	kind: Cluster
	apiVersion: kind.x-k8s.io/v1alpha4
	# patch the generated kubeadm config with some extra settings
	kubeadmConfigPatches:
	- \|
	apiVersion: kubelet.config.k8s.io/v1beta1
	kind: KubeletConfiguration
	evictionHard:
	nodefs.available: "0%"
	# patch it further using a JSON 6902 patch
	apiVersion: policy/v1beta1
	kind: PodDisruptionBudget
	metadata:
	name: mynode-pdb
	spec:
	minAvailable: 3
	selector:
	matchLabels:
	app: mynode-app
	apiVersion: autoscaling/v1
	kind: HorizontalPodAutoscaler
	metadata:
	name: mynode-app-hpa
	spec:
	scaleTargetRef:
	apiVersion: apps/v1
	kind: Deployment
	name: mynode-app
	minReplicas: 2
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: read-pods
	namespace: nodejs
	subjects:
	- kind: User
	name: mike
	apiGroup: rbac.authorization.k8s.io
	roleRef:
	kind: Role
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	namespace: nodejs
	name: pod-reader
	rules:
	- apiGroups: [""] # “” indicates the core API group
	resources: ["pods"]
	verbs: ["get", "watch", "list"]
	apiVersion: cert-manager.io/v1alpha2
	kind: Certificate
	metadata:
	name: selfsigned-crt
	spec:
	secretName: tls-secret
	duration: 170000h
	renewBefore: 72h
	issuerRef:
	kind: Issuer
	apiVersion: networking.k8s.io/v1beta1
	kind: Ingress
	metadata:
	name: mynode-ingress
	annotations:
	nginx.ingress.kubernetes.io/ssl-redirect: "false"
	nginx.ingress.kubernetes.io/enable-cors: "true"
	cert-manager.io/issuer: "selfsigned"
	spec:
	tls:
	apiVersion: cert-manager.io/v1alpha2
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod
	spec:
	acme:
	server: https://acme-v02.api.letsencrypt.org/directory
	email: YOUR EMAIL ID
	privateKeySecretRef:
	name: letsencrypt-prod