Execicrio cap 5 network-ingress, arquivo deployment

5858cca8 · Marcones Silva · 2ebf57a0 · 5858cca8 · 5858cca8 · 5858cca8
Commit 5858cca8 authored Dec 01, 2021 by Marcones Silva
7 changed files
--- a/README.md
+++ b/README.md
@@ -3,3 +3,7 @@
 ## Material de apoio ao curso Adminsitração OKD II.

 Cada Branch corresponde a um exercicio pratico.
+
+```
+git checkout network-ingress
+```
\ No newline at end of file
--- a/network-ingress/certs/openssl-commands.txt
+++ b/network-ingress/certs/openssl-commands.txt
+openssl rand -base64 24 > passphrase.txt
+
+envsubst < training.template > training.ext
+
+openssl genrsa -des3 -out training-CA.key -passout file:passphrase.txt 2048
+
+openssl req -x509 -new -nodes -sha256 -days 1825 -key training-CA.key -subj "/C=US/ST=Nort Carolina/L=Raleigh/O=Red Hat/CN=api.crc.testing" -passin file:passphrase.txt -out training-CA.pem
+
+
+## Run the following command to create the private key
+
+openssl genrsa -out training.key 2048
+
+## Run the following command to generate a certificate signing request
+
+openssl req -new \
+  -subj "/C=US/ST=North Carolina/L=Raleigh/O=Red Hat/CN=todo-https.apps.ocp4.example.com" \
+  -key training.key -out training.csr
+
+## Run the following command to generate a certificate
+
+openssl x509 -req -in training.csr \
+  -passin file:passphrase.txt \
+  -CA training-CA.pem -CAkey training-CA.key -CAcreateserial \
+  -out training.crt -days 1825 -sha256 -extfile training.ext
--- a/network-ingress/certs/passphrase.txt
+++ b/network-ingress/certs/passphrase.txt
+RedHat123@!
\ No newline at end of file
--- a/network-ingress/certs/training.template
+++ b/network-ingress/certs/training.template
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+# Replace with your domain name (i.e. domain.example.com)
+DNS.1 = *.${RHT_OCP4_BASE_DOMAIN}
+
+# Replace with the content of ${RHT_OCP4_WILDCARD_DOMAIN}
+DNS.2 = *.${RHT_OCP4_WILDCARD_DOMAIN}
--- a/network-ingress/tcpdump-command.txt
+++ b/network-ingress/tcpdump-command.txt
+## Run the following commands to intercept the traffic on your workstation.
+* Refresh the web page to capture some data
+
+* To retrieve the name of the main interface, run the following command:
+ip a | grep 172.25.250.9
+
+## Tcpdump command
+sudo tcpdump -i eth0 -A -n port 80 | grep js
--- a/network-ingress/todo-app-v1.yaml
+++ b/network-ingress/todo-app-v1.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: todo-http
+  labels:
+    app: todo-http
+    name: todo-http
+  namespace: network-ingress
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: todo-http
+      name: todo-http
+  template:
+    metadata:
+      labels:
+        app: todo-http
+        name: todo-http
+    spec:
+      containers:
+      - resources:
+          limits:
+            cpu: '0.5'
+        image: quay.io/redhattraining/todo-angular:v1.1
+        name: todo-http
+        ports:
+        - containerPort: 8080
+          name: todo-http
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: todo-http
+    name: todo-http
+  name: todo-http
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    name: todo-http
\ No newline at end of file
--- a/network-ingress/todo-app-v2.yaml
+++ b/network-ingress/todo-app-v2.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: todo-https
+  labels:
+    app: todo-https
+    name: todo-https
+  namespace: network-ingress
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: todo-https
+      name: todo-https
+  template:
+    metadata:
+      labels:
+        app: todo-https
+        name: todo-https
+    spec:
+      containers:
+      - resources:
+          limits:
+            cpu: '0.5'
+        image: quay.io/redhattraining/todo-angular:v1.2
+        name: todo-https
+        ports:
+        - containerPort: 8080
+          name: todo-http
+        - containerPort: 8443
+          name: todo-https
+        volumeMounts:
+        - name: tls-certs
+          readOnly: true
+          mountPath: /usr/local/etc/ssl/certs
+      resources:
+        limits:
+          memory: 64Mi
+      volumes:
+      - name: tls-certs
+        secret:
+          secretName: todo-certs
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: todo-https
+    name: todo-https
+  name: todo-https
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: 8443
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    name: todo-https