initialize commit

z2/argocd-app.yml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: tasks-app
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/miracleqxz/K8s_project.git
+    targetRevision: main
+    path: tasks-app
+    helm:
+      valueFiles:
+        - values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: application
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

z2/backend/.dockerignore

@@ -0,0 +1 @@
+Dockerfile

z2/backend/Dockerfile

@@ -0,0 +1,6 @@
+FROM python:3.12
+WORKDIR /usr/src/app
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+COPY . .
+CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:5000", "app:app"]

z2/backend/app.py

@@ -0,0 +1,231 @@
+from flask import Flask, jsonify, request
+from flask_restful import Api, Resource
+from pymongo import MongoClient
+import bcrypt
+
+app = Flask(__name__)
+api = Api(app)
+client = MongoClient("mongodb://db:27017")
+db = client.BankAPI
+users = db["Users"]
+
+def UserExist(username):
+    if users.find_one({"Username": username}) is not None:
+        return True
+    return False
+
+class Register(Resource):
+    def post(self):
+        postedData = request.get_json()
+        username = postedData["username"]
+        password = postedData["password"]
+
+        if UserExist(username):
+            retJson = {
+                "status": 301,
+                "msg": "Invalid username"
+            }
+            return jsonify(retJson)
+        hashed_pw = bcrypt.hashpw(password.encode('utf8'), bcrypt.gensalt())
+
+        users.insert_one({
+            "Username": username,
+            "Password": hashed_pw,
+            "Own": 0,
+            "Debt": 0
+        })
+        retJson = {
+            "status": 200,
+            "msg": "You successfully signed up for the API"
+        }
+        return jsonify(retJson)
+    
+def verifyPw(username, password):
+    if not UserExist(username):
+        return False
+    hashed_pw = users.find_one({
+        "Username": username
+    })["Password"]
+    if bcrypt.hashpw(password.encode('utf8'), hashed_pw) == hashed_pw:
+        return True
+    else:        
+        return False
+        
+def cashWithUser(username):
+    cash = users.find_one({"Username": username})["Own"]
+    return cash
+    
+def debtWithUser(username):
+    debt = users.find_one({"Username": username})["Debt"]
+    return debt
+    
+def generateReturnDictionary(status,msg):
+    retJson = {
+        "status": status,
+        "msg": msg
+    }
+    return retJson
+    
+def verifyCredentials(username, password):
+    if not UserExist(username):
+        return generateReturnDictionary(301, "Invalid username"), True
+        
+    correct_pw = verifyPw(username, password)
+    if not correct_pw:
+        return generateReturnDictionary(302, "Invalid password"), True
+    return None, False
+    
+def updateAccount(username, balance):
+    users.update_one({
+        "Username": username
+    }, {
+        "$set": {
+            "Own": balance
+        }
+    })
+
+def updateDebt(username, balance):
+    users.update_one({
+        "Username": username
+    }, {
+        "$set": {
+            "Debt": balance
+        }
+    })
+
+
+class Add(Resource):
+    def post(self):
+        postedData = request.get_json()
+        username = postedData["username"]
+
+        password = postedData["password"]
+        amount = postedData["amount"]
+
+        retJson, error = verifyCredentials(username, password)
+        if error:
+            return jsonify(retJson)
+        
+        if amount <= 0:
+            return jsonify(generateReturnDictionary(304, "The money amount entered must be positive!"))
+
+        cash = cashWithUser(username)
+        
+        amount -=1
+        bank_cash = cashWithUser("BANK")
+        updateAccount("BANK", bank_cash + 1)
+        updateAccount(username, cash + amount)
+
+        return jsonify(generateReturnDictionary(200, "Amount added successfully to account"))
+
+
+
+class Transfer(Resource):
+    def post(self):
+        postedData = request.get_json()
+        username = postedData["username"]
+        password = postedData["password"]
+        to = postedData["to"]
+        money = postedData["amount"]
+
+        retJson, error = verifyCredentials(username, password)
+        if error:
+            return jsonify(retJson)
+        
+        cash = cashWithUser(username)
+        if cash <= 0:
+            return jsonify(generateReturnDictionary(304, "You`re out of money, please add or take a loan"))
+
+        if not UserExist(to):
+            return jsonify(generateReturnDictionary(301, "Receiver username is invalid"))
+        
+        cash_from = cashWithUser(username)
+        cash_to = cashWithUser(to)
+        bank_cash = cashWithUser("BANK")
+        updateAccount("BANK", bank_cash + 1)
+        updateAccount(to, cash_to + money - 1)
+        updateAccount(username, cash_from - money)
+
+        return jsonify(generateReturnDictionary(200, "Amount transferred successfully"))
+    
+class Balance(Resource):
+    def post(self):
+        postedData = request.get_json()
+        username = postedData["username"]
+        password = postedData["password"]
+        retJson, error = verifyCredentials(username, password)
+        if error:
+            return jsonify(retJson)
+        
+        retJson = users.find_one({
+            "Username": username
+        }, { 
+            "Password": 0,
+            "_id": 0
+        })
+
+        return jsonify(retJson)
+    
+class TakeLoan(Resource):
+    def post(self):
+        postedData = request.get_json()
+
+        username = postedData["username"]
+        password = postedData["password"]
+        money = postedData["amount"]
+
+        retJson, error = verifyCredentials(username, password)
+
+        if error:
+            return jsonify(retJson)
+        cash = cashWithUser(username)
+        debt = debtWithUser(username)
+        updateAccount(username, cash + money)
+        updateDebt(username, debt + money)
+        return jsonify(generateReturnDictionary(200, "Loan added successfully!"))
+    
+
+class PayLoan(Resource):
+    def post(self):
+        postedData = request.get_json()
+
+        username = postedData["username"]
+        password = postedData["password"]
+        money = postedData["amount"]
+
+        retJson, error = verifyCredentials(username, password)
+        if error:
+            return jsonify(retJson)
+        
+        cash = cashWithUser(username)
+        if cash < money:
+            return jsonify(generateReturnDictionary(303, "You don`t have enough money to pay the loan!"))
+        
+        debt = debtWithUser(username)
+        updateAccount(username, cash - money)
+        updateDebt(username, debt - money)
+
+        return jsonify(generateReturnDictionary(200, "Loan paid successfully!"))
+
+
+api.add_resource(Register, "/register")
+api.add_resource(Add, "/add")
+api.add_resource(Transfer, "/transfer")
+api.add_resource(Balance, "/balance")
+api.add_resource(TakeLoan, "/take_loan")
+api.add_resource(PayLoan, "/pay_loan")
+
+def init_bank_account():
+    if not UserExist("BANK"):
+        users.insert_one({
+            "Username": "BANK",
+            "Password": bcrypt.hashpw("admin".encode('utf8'), bcrypt.gensalt()),
+            "Own": 0,
+            "Debt": 0
+        })
+
+init_bank_account()
+
+if __name__ == "__main__":
+    app.run(host='0.0.0.0', debug=True)
+    

z2/backend/database.py

@@ -0,0 +1,61 @@
+import os
+import bcrypt
+from pymongo import MongoClient
+
+
+class Database:
+    def __init__(self):
+        mongo_host = os.environ.get("MONGO_HOST", "mongodb://db:27017")
+        self._client = MongoClient(mongo_host)
+        self._db = self._client.BankAPI
+        self._users = self._db["Users"]
+        self._ensure_bank_account()
+
+    def _ensure_bank_account(self):
+        if not self.user_exists("BANK"):
+            self._users.insert_one({
+                "Username": "BANK",
+                "Password": b"",
+                "Own": 0,
+                "Debt": 0
+            })
+
+    def user_exists(self, username):
+        return self._users.find_one({"Username": username}) is not None
+
+    def register(self, username, password):
+        hashed = bcrypt.hashpw(password.encode("utf8"), bcrypt.gensalt())
+        self._users.insert_one({
+            "Username": username,
+            "Password": hashed,
+            "Own": 0,
+            "Debt": 0
+        })
+
+    def verify_password(self, username, password):
+        stored = self._users.find_one({"Username": username})["Password"]
+        return bcrypt.hashpw(password.encode("utf8"), stored) == stored
+
+    def get_balance(self, username):
+        return self._users.find_one(
+            {"Username": username},
+            {"Password": 0, "_id": 0}
+        )
+
+    def get_cash(self, username):
+        return self._users.find_one({"Username": username})["Own"]
+
+    def get_debt(self, username):
+        return self._users.find_one({"Username": username})["Debt"]
+
+    def update_cash(self, username, amount):
+        self._users.update_one(
+            {"Username": username},
+            {"$set": {"Own": amount}}
+        )
+
+    def update_debt(self, username, amount):
+        self._users.update_one(
+            {"Username": username},
+            {"$set": {"Debt": amount}}
+        )

z2/backend/db/Dockerfile

@@ -0,0 +1 @@
+FROM mongo:latest

z2/backend/requirements.txt

@@ -0,0 +1,5 @@
+Flask
+flask_restful
+pymongo
+bcrypt
+gunicorn

z2/fluent-bit/fluent-bit.conf

@@ -0,0 +1,12 @@
+[INPUT]
+    Name              forward
+
+[OUTPUT]
+    Name stdout
+    Match *
+[FILTER]
+    Name record_modifier
+    # для всех лог-сообщений
+    Match *
+    # оставить только поле log
+    Whitelist_key log

z2/frontend/index.html

@@ -0,0 +1,122 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Bank API</title>
+  <style>
+    body {
+      font-family: monospace;
+      max-width: 600px;
+      margin: 40px auto;
+      padding: 0 20px;
+    }
+
+    h1 {
+      font-size: 18px;
+    }
+
+    h2 {
+      font-size: 14px;
+      margin-top: 24px;
+      border-bottom: 1px solid #ccc;
+      padding-bottom: 4px;
+    }
+
+    input,
+    button {
+      font-family: monospace;
+      font-size: 13px;
+      padding: 4px 8px;
+      margin: 2px 0;
+    }
+
+    button {
+      cursor: pointer;
+    }
+
+    .result {
+      background: #f0f0f0;
+      padding: 8px;
+      margin-top: 8px;
+      white-space: pre-wrap;
+      font-size: 13px;
+      min-height: 20px;
+    }
+  </style>
+</head>
+
+<body>
+  <h1>Bank API</h1>
+
+  <h2>Register</h2>
+  <input id="reg-user" placeholder="username">
+  <input id="reg-pass" placeholder="password" type="password">
+  <button
+    onclick="api('/api/register', {username: v('reg-user'), password: v('reg-pass')}, 'reg-res')">Register</button>
+  <div class="result" id="reg-res"></div>
+
+  <h2>Add Money</h2>
+  <input id="add-user" placeholder="username">
+  <input id="add-pass" placeholder="password" type="password">
+  <input id="add-amount" placeholder="amount" type="number">
+  <button
+    onclick="api('/api/add', {username: v('add-user'), password: v('add-pass'), amount: n('add-amount')}, 'add-res')">Add</button>
+  <div class="result" id="add-res"></div>
+
+  <h2>Transfer</h2>
+  <input id="tr-user" placeholder="username">
+  <input id="tr-pass" placeholder="password" type="password">
+  <input id="tr-to" placeholder="to">
+  <input id="tr-amount" placeholder="amount" type="number">
+  <button
+    onclick="api('/api/transfer', {username: v('tr-user'), password: v('tr-pass'), to: v('tr-to'), amount: n('tr-amount')}, 'tr-res')">Transfer</button>
+  <div class="result" id="tr-res"></div>
+
+  <h2>Balance</h2>
+  <input id="bal-user" placeholder="username">
+  <input id="bal-pass" placeholder="password" type="password">
+  <button onclick="api('/api/balance', {username: v('bal-user'), password: v('bal-pass')}, 'bal-res')">Check</button>
+  <div class="result" id="bal-res"></div>
+
+  <h2>Take Loan</h2>
+  <input id="loan-user" placeholder="username">
+  <input id="loan-pass" placeholder="password" type="password">
+  <input id="loan-amount" placeholder="amount" type="number">
+  <button
+    onclick="api('/api/take_loan', {username: v('loan-user'), password: v('loan-pass'), amount: n('loan-amount')}, 'loan-res')">Take
+    Loan</button>
+  <div class="result" id="loan-res"></div>
+
+  <h2>Pay Loan</h2>
+  <input id="pay-user" placeholder="username">
+  <input id="pay-pass" placeholder="password" type="password">
+  <input id="pay-amount" placeholder="amount" type="number">
+  <button
+    onclick="api('/api/pay_loan', {username: v('pay-user'), password: v('pay-pass'), amount: n('pay-amount')}, 'pay-res')">Pay
+    Loan</button>
+  <div class="result" id="pay-res"></div>
+
+  <script>
+    function v(id) { return document.getElementById(id).value; }
+    function n(id) { return Number(document.getElementById(id).value); }
+    async function api(url, body, resId) {
+      const el = document.getElementById(resId);
+      el.textContent = 'Loading...';
+      try {
+        const res = await fetch(url, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify(body)
+        });
+        const data = await res.json();
+        el.textContent = JSON.stringify(data, null, 2);
+      } catch (e) {
+        el.textContent = 'Error: ' + e.message;
+      }
+    }
+  </script>
+</body>
+
+</html>

z2/k8s_manifests/monitoring/values.yml

@@ -0,0 +1,47 @@
+prometheus:
+  service:
+    type: NodePort
+    nodePort: 30090
+  prometheusSpec:
+    retention: 5d
+    resources:
+      requests:
+        cpu: 200m
+        memory: 256Mi
+      limits:
+        memory: 512Mi
+    storageSpec:
+      volumeClaimTemplate:
+        spec:
+          accessModes: ["ReadWriteOnce"]
+          resources:
+            requests:
+              storage: 5Gi
+    serviceMonitorSelectorNilUsesHelmValues: false
+    ruleSelectorNilUsesHelmValues: false
+
+alertmanager:
+  enabled: true
+  alertmanagerSpec:
+    storage:
+      volumeClaimTemplate:
+        spec:
+          accessModes: ["ReadWriteOnce"]
+          resources:
+            requests:
+              storage: 1Gi
+
+grafana:
+  adminPassword: "strong-password"
+  persistence:
+    enabled: true
+    size: 1Gi
+  service:
+    type: NodePort
+    nodePort: 30000
+  initChownData:
+    enabled: false
+  securityContext:
+    runAsUser: 472
+    runAsGroup: 472
+    fsGroup: 472

z2/nginx/nginx.conf

@@ -0,0 +1,66 @@
+worker_processes auto;
+
+worker_rlimit_nofile 1035;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+    multi_accept on;
+}
+
+
+http {
+
+    upstream backend {
+        server backend:5000;
+    }
+
+    charset utf-8;
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+
+    open_file_cache max=1000 inactive=20s;
+    open_file_cache_valid 30s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors on;
+
+    client_max_body_size 10m;
+    client_body_buffer_size 16k;
+    client_header_buffer_size 1k;
+    large_client_header_buffers 2 1k;
+
+    client_body_timeout 12;
+    client_header_timeout 12;
+
+    send_timeout 10;
+
+    server_tokens off;
+
+  include /etc/nginx/mime.types;
+
+    server {
+        listen 80;
+        server_name localhost;
+        root /usr/share/nginx/html;
+        index index.html;
+
+        location / {
+            error_log /var/log/nginx/static_errors.log debug;
+            access_log off;
+            try_files $uri $uri/ /index.html;
+        }
+        location /api/ {
+            proxy_pass http://backend;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+
+    }
+
+}

z2/tasks-app/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

z2/tasks-app/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: tasks-app
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

z2/tasks-app/argocd-app.yml

@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: tasks-app
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/miracleqxz/K8s_project.git
+    targetRevision: main
+    path: tasks-app
+    helm:
+      valueFiles:
+        - values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: application
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

z2/tasks-app/k8s_manual/.vagrant/bundler/global.sol

@@ -0,0 +1 @@
+{"dependencies":[["racc",["~> 1.4"]],["nokogiri",["~> 1.6"]],["diffy",[">= 0"]],["rexml",[">= 0"]],["xml-simple",[">= 0"]],["logger",[">= 0"]],["mime-types-data",["~> 3.2025",">= 3.2025.0507"]],["mime-types",[">= 0"]],["io-console",["~> 0.5"]],["reline",[">= 0"]],["formatador",[">= 0.2","< 2.0"]],["excon",["~> 1.0"]],["builder",[">= 0"]],["fog-core",["~> 2"]],["ruby-libvirt",[">= 0.7.0"]],["json",[">= 0"]],["fog-xml",["~> 0.1.1"]],["multi_json",["~> 1.10"]],["fog-json",[">= 0"]],["fog-libvirt",[">= 0.6.0"]],["vagrant-libvirt",["= 0.12.2"]]],"checksum":"b69e3c206e3d26fb25b062fbb15a80865764c5efb5e9cce85cfac1f745449033","vagrant_version":"2.4.9"}

z2/tasks-app/k8s_manual/.vagrant/machines/master/libvirt/action_provision

@@ -0,0 +1 @@
+1.5:fb1ee880-af31-47e4-8257-9b6942229d85

z2/tasks-app/k8s_manual/.vagrant/machines/master/libvirt/box_meta

@@ -0,0 +1 @@
+{"name":"generic/ubuntu2204","version":"4.3.12","provider":"libvirt","directory":"boxes/generic-VAGRANTSLASH-ubuntu2204/4.3.12/amd64/libvirt"}

z2/tasks-app/k8s_manual/.vagrant/machines/master/libvirt/created_networks

@@ -0,0 +1,16 @@
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604

z2/tasks-app/k8s_manual/.vagrant/machines/master/libvirt/creator_uid

@@ -0,0 +1 @@
+1000

z2/tasks-app/k8s_manual/.vagrant/machines/master/libvirt/id

@@ -0,0 +1 @@
+fb1ee880-af31-47e4-8257-9b6942229d85

z2/tasks-app/k8s_manual/.vagrant/machines/master/libvirt/index_uuid

@@ -0,0 +1 @@
+021e3e0b226f406aac0bd39cd4969856

z2/tasks-app/k8s_manual/.vagrant/machines/master/libvirt/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACBS02VuYXy2eHhr3mUHj91WhrbQRF62QC5ulUeR
+IK46KAAAAJD85A88/OQPPAAAAAtzc2gtZWQyNTUxOQAAACBS02VuYXy2eHhr
+3mUHj91WhrbQRF62QC5ulUeRIK46KAAAAEBXYMaWzuG4tZdGHqPkk3q8jKE1
+NfvBVHJutsnBhtUTEFLTZW5hfLZ4eGveZQeP3VaGttBEXrZALm6VR5Egrjoo
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

z2/tasks-app/k8s_manual/.vagrant/machines/master/libvirt/synced_folders

@@ -0,0 +1 @@
+{}

z2/tasks-app/k8s_manual/.vagrant/machines/master/libvirt/vagrant_cwd

@@ -0,0 +1 @@
+/home/pavel/K8s_project/k8s_manual

z2/tasks-app/k8s_manual/.vagrant/machines/worker-1/libvirt/action_provision

@@ -0,0 +1 @@
+1.5:e31b6a83-be42-4a1f-8afa-1241262e96df

z2/tasks-app/k8s_manual/.vagrant/machines/worker-1/libvirt/box_meta

@@ -0,0 +1 @@
+{"name":"generic/ubuntu2204","version":"4.3.12","provider":"libvirt","directory":"boxes/generic-VAGRANTSLASH-ubuntu2204/4.3.12/amd64/libvirt"}

z2/tasks-app/k8s_manual/.vagrant/machines/worker-1/libvirt/created_networks

@@ -0,0 +1,16 @@
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604

z2/tasks-app/k8s_manual/.vagrant/machines/worker-1/libvirt/creator_uid

@@ -0,0 +1 @@
+1000

z2/tasks-app/k8s_manual/.vagrant/machines/worker-1/libvirt/id

@@ -0,0 +1 @@
+e31b6a83-be42-4a1f-8afa-1241262e96df

z2/tasks-app/k8s_manual/.vagrant/machines/worker-1/libvirt/index_uuid

@@ -0,0 +1 @@
+29daa6b87e3c4d6d90102d3ac373caae

z2/tasks-app/k8s_manual/.vagrant/machines/worker-1/libvirt/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACBaK+qV9FCXssfPTv8IqW5VbEOOedFnsVP4MVrp
+9qKQdAAAAJDqn/Ty6p/08gAAAAtzc2gtZWQyNTUxOQAAACBaK+qV9FCXssfP
+Tv8IqW5VbEOOedFnsVP4MVrp9qKQdAAAAEBzm/9P82nTcicTfT0y+Ni3iPwE
+c+AMggac/Ni1eDipeFor6pX0UJeyx89O/wipblVsQ4550WexU/gxWun2opB0
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

z2/tasks-app/k8s_manual/.vagrant/machines/worker-1/libvirt/synced_folders

@@ -0,0 +1 @@
+{}

z2/tasks-app/k8s_manual/.vagrant/machines/worker-1/libvirt/vagrant_cwd

@@ -0,0 +1 @@
+/home/pavel/K8s_project/k8s_manual

z2/tasks-app/k8s_manual/.vagrant/machines/worker-2/libvirt/action_provision

@@ -0,0 +1 @@
+1.5:4bf079f3-c084-4087-a83f-97a585c3d705

z2/tasks-app/k8s_manual/.vagrant/machines/worker-2/libvirt/box_meta

@@ -0,0 +1 @@
+{"name":"generic/ubuntu2204","version":"4.3.12","provider":"libvirt","directory":"boxes/generic-VAGRANTSLASH-ubuntu2204/4.3.12/amd64/libvirt"}

z2/tasks-app/k8s_manual/.vagrant/machines/worker-2/libvirt/created_networks

@@ -0,0 +1,16 @@
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604
+a4ec2c9f-4014-4a68-a3a4-2a944bce1750
+68e2412b-1309-40a6-98f9-e7274b6a0604

z2/tasks-app/k8s_manual/.vagrant/machines/worker-2/libvirt/creator_uid

@@ -0,0 +1 @@
+1000

z2/tasks-app/k8s_manual/.vagrant/machines/worker-2/libvirt/id

@@ -0,0 +1 @@
+4bf079f3-c084-4087-a83f-97a585c3d705

z2/tasks-app/k8s_manual/.vagrant/machines/worker-2/libvirt/index_uuid

@@ -0,0 +1 @@
+87c47bfa3e15444fb3943a829ffac979

z2/tasks-app/k8s_manual/.vagrant/machines/worker-2/libvirt/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACDVc9ubngiOpSM6dPy43qqtGWfoM4wg3G+cp+3g
+OVE3ZgAAAJC/UjXAv1I1wAAAAAtzc2gtZWQyNTUxOQAAACDVc9ubngiOpSM6
+dPy43qqtGWfoM4wg3G+cp+3gOVE3ZgAAAECQ0UWHxmdvU+y4URXN7VJvOLco
+IqGP55L4DDr0WIC5hNVz25ueCI6lIzp0/Ljeqq0ZZ+gzjCDcb5yn7eA5UTdm
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

z2/tasks-app/k8s_manual/.vagrant/machines/worker-2/libvirt/synced_folders

@@ -0,0 +1 @@
+{}

z2/tasks-app/k8s_manual/.vagrant/machines/worker-2/libvirt/vagrant_cwd

@@ -0,0 +1 @@
+/home/pavel/K8s_project/k8s_manual

z2/tasks-app/k8s_manual/.vagrant/rgloader/loader.rb

@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

z2/tasks-app/k8s_manual/Vagrantfile

@@ -0,0 +1,20 @@
+Vagrant.configure("2") do |config|
+  config.vm.box = "generic/ubuntu2204"
+
+  nodes = [
+    { name: "master",   ip: "192.168.56.10", mem: 3072, cpus: 2 },
+    { name: "worker-1", ip: "192.168.56.11", mem: 3072, cpus: 2 },
+    { name: "worker-2", ip: "192.168.56.12", mem: 3072, cpus: 2 }
+  ]
+
+  nodes.each do |node|
+    config.vm.define node[:name] do |n|
+      n.vm.hostname = node[:name]
+      n.vm.network "private_network", ip: node[:ip], libvirt__forward_mode: "nat"
+      n.vm.provider :libvirt do |v|
+        v.memory = node[:mem]
+        v.cpus = node[:cpus]
+      end
+    end
+  end
+end

z2/tasks-app/k8s_manual/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+inventory = inventory.ini
+host_key_checking = False

z2/tasks-app/k8s_manual/inventory.ini

@@ -0,0 +1,11 @@
+[master]
+master ansible_host=192.168.56.10
+
+[workers]
+worker-1 ansible_host=192.168.56.11
+worker-2 ansible_host=192.168.56.12
+
+[all:vars]
+ansible_user=vagrant
+ansible_ssh_private_key_file=.vagrant/machines/{{ inventory_hostname }}/libvirt/private_key
+ansible_ssh_common_args='-o StrictHostKeyChecking=no'

z2/tasks-app/k8s_manual/k8s-setup.yml

@@ -0,0 +1,18 @@
+---
+- name: Prepare K8s nodes
+  hosts: all
+  become: true
+  roles:
+    - common
+
+- name: Configure Master node
+  hosts: master
+  become: true
+  roles:
+    - master
+
+- name: Configure Worker nodes
+  hosts: workers
+  become: true
+  roles:
+    - worker

z2/tasks-app/k8s_manual/roles/common/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

z2/tasks-app/k8s_manual/roles/common/defaults/main.yml

@@ -0,0 +1,30 @@
+---
+k8s_version: "1.31"
+k8s_package_version: "1.31.14-1.1"
+
+k8s_kernel_modules:
+  - overlay
+  - br_netfilter
+
+k8s_sysctl_params:
+  - { name: "net.bridge.bridge-nf-call-iptables", value: "1" }
+  - { name: "net.bridge.bridge-nf-call-ip6tables", value: "1" }
+  - { name: "net.ipv4.ip_forward", value: "1" }
+
+k8s_required_packages:
+  - containerd
+  - conntrack
+  - socat
+  - apt-transport-https
+  - curl
+
+k8s_packages:
+  - kubelet
+  - kubeadm
+  - kubectl
+
+containerd_config_path: /etc/containerd/config.toml
+
+k8s_gpg_key_url: "https://pkgs.k8s.io/core:/stable:/v{{ k8s_version }}/deb/Release.key"
+k8s_gpg_keyring: /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+k8s_repo: "deb [signed-by={{ k8s_gpg_keyring }}] https://pkgs.k8s.io/core:/stable:/v{{ k8s_version }}/deb/ /"

z2/tasks-app/k8s_manual/roles/common/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+# handlers file for common
+- name: Restart Containerd
+  service: name=containerd state=restarted

z2/tasks-app/k8s_manual/roles/common/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

z2/tasks-app/k8s_manual/roles/common/tasks/main.yml

@@ -0,0 +1,84 @@
+---
+- name: Disable SWAP
+  shell: |
+    swapoff -a
+    sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
+
+- name: Mask swap.target to prevent swap after reboot
+  systemd:
+    name: swap.target
+    masked: yes
+
+- name: Load kernel modules
+  modprobe:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ k8s_kernel_modules }}"
+
+- name: Persist kernel modules across reboots
+  copy:
+    dest: /etc/modules-load.d/k8s.conf
+    content: "{% for mod in k8s_kernel_modules %}{{ mod }}\n{% endfor %}"
+
+- name: Set sysctl parameters
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+    sysctl_file: /etc/sysctl.d/k8s.conf
+    reload: yes
+  loop: "{{ k8s_sysctl_params }}"
+
+- name: Install containerd & utils
+  apt:
+    name: "{{ k8s_required_packages }}"
+    state: present
+    update_cache: yes
+
+- name: Check if containerd is already configured
+  stat:
+    path: "{{ containerd_config_path }}"
+  register: containerd_config
+
+- name: Generate default containerd config
+  shell: |
+    mkdir -p /etc/containerd
+    containerd config default > {{ containerd_config_path }}
+  when: not containerd_config.stat.exists
+  notify: Restart Containerd
+
+- name: Enable systemdCgroup in containerd
+  replace:
+    path: "{{ containerd_config_path }}"
+    regexp: "SystemdCgroup = false"
+    replace: "SystemdCgroup = true"
+  notify: Restart Containerd
+
+- name: Download K8s GPG key
+  get_url:
+    url: "{{ k8s_gpg_key_url }}"
+    dest: "{{ k8s_gpg_keyring | regex_replace('.gpg$', '.asc') }}"
+    mode: "0644"
+
+- name: Dearmor K8s GPG key
+  shell: "gpg --dearmor -o {{ k8s_gpg_keyring }} {{ k8s_gpg_keyring | regex_replace('.gpg$', '.asc') }}"
+  args:
+    creates: "{{ k8s_gpg_keyring }}"
+
+- name: Add K8s repository
+  apt_repository:
+    repo: "{{ k8s_repo }}"
+    state: present
+    filename: kubernetes
+
+- name: Install K8s tools
+  apt:
+    name: "{{ k8s_packages | map('regex_replace', '$', '=' + k8s_package_version) | list }}"
+    state: present
+    update_cache: yes
+
+- name: Hold K8s packages at current version
+  dpkg_selections:
+    name: "{{ item }}"
+    selection: hold
+  loop: "{{ k8s_packages }}"

z2/tasks-app/k8s_manual/roles/common/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

z2/tasks-app/k8s_manual/roles/common/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - common

z2/tasks-app/k8s_manual/roles/common/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for common

z2/tasks-app/k8s_manual/roles/master/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

z2/tasks-app/k8s_manual/roles/master/defaults/main.yml

@@ -0,0 +1,20 @@
+---
+# defaults file for master
+master_apiserver_address: "192.168.56.10"
+master_pod_network_cidr: "10.244.0.0/16"
+master_user: vagrant
+
+flannel_manifest_url: "https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml"
+metrics_server_manifest_url: "https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml"
+metrics_server_insecure_tls: true
+metrics_server_ready_retries: 20
+metrics_server_ready_delay: 10
+
+master_remove_taint: true
+
+argocd_manifest_url: "https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml"
+local_path_provisioner_url: "https://raw.githubusercontent.com/rancher/local-path-provisioner/v0.0.35/deploy/local-path-storage.yaml"
+
+install_helm: "https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-4"
+
+git_repo_url: "https://github.com/miracleqxz/K8s_project.git"

z2/tasks-app/k8s_manual/roles/master/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for master

z2/tasks-app/k8s_manual/roles/master/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

z2/tasks-app/k8s_manual/roles/master/tasks/main.yml

@@ -0,0 +1,124 @@
+---
+# tasks file for master
+- name: Initialize K8s cluster
+  shell: >
+    kubeadm init
+    --apiserver-advertise-address={{ master_apiserver_address }}
+    --pod-network-cidr={{ master_pod_network_cidr }}
+  args:
+    creates: /etc/kubernetes/admin.conf
+
+- name: Setup kubeconfig for {{ master_user }}
+  shell: |
+    mkdir -p /home/{{ master_user }}/.kube
+    cp -i /etc/kubernetes/admin.conf /home/{{ master_user }}/.kube/config
+    chown {{ master_user }}:{{ master_user }} /home/{{ master_user }}/.kube/config
+  args:
+    creates: "/home/{{ master_user }}/.kube/config"
+
+- name: Wait for API server to be ready
+  become: false
+  shell: kubectl cluster-info
+  register: api_check
+  until: api_check.rc == 0
+  retries: 30
+  delay: 10
+  changed_when: false
+
+- name: Install Flannel CNI
+  become: false
+  shell: "kubectl apply -f {{ flannel_manifest_url }}"
+
+- name: Check if metrics server is installed
+  become: false
+  shell: kubectl get deployment metrics-server -n kube-system -o name
+  register: metrics_check
+  failed_when: false
+  changed_when: false
+
+- name: Remove taint
+  become: false
+  shell: "kubectl taint nodes {{ inventory_hostname }} node-role.kubernetes.io/control-plane:NoSchedule-"
+  register: taint_result
+  failed_when: taint_result.rc != 0 and 'not found' not in taint_result.stderr
+  changed_when: taint_result.rc == 0
+  when: master_remove_taint
+
+- name: Install metrics server
+  become: false
+  shell: "kubectl apply -f {{ metrics_server_manifest_url }}"
+  when: metrics_check.rc != 0
+
+- name: Check if insecure-tls flag is already set
+  become: false
+  shell: >
+    kubectl get deployment metrics-server -n kube-system
+    -o jsonpath='{.spec.template.spec.containers[0].args}'
+  register: metrics_args
+  changed_when: false
+  when: metrics_server_insecure_tls
+
+- name: Patch metrics server to allow insecure TLS
+  become: false
+  shell: >
+    kubectl patch deployment metrics-server -n kube-system --type='json'
+    -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]'
+  when:
+    - metrics_server_insecure_tls
+    - "'--kubelet-insecure-tls' not in metrics_args.stdout"
+
+- name: Wait for metrics server to be ready
+  become: false
+  shell: kubectl get deployment metrics-server -n kube-system -o jsonpath='{.status.readyReplicas}'
+  register: ready_replicas
+  until: ready_replicas.stdout == "1"
+  retries: "{{ metrics_server_ready_retries }}"
+  delay: "{{ metrics_server_ready_delay }}"
+  changed_when: false
+
+- name: Get join command
+  shell: kubeadm token create --print-join-command
+  register: join_command_raw
+
+- name: Set join command fact
+  set_fact:
+    join_command: "{{ join_command_raw.stdout }}"
+
+- name: Install Helm
+  shell: curl {{ install_helm }} | bash
+  args:
+    creates: /usr/local/bin/helm
+
+- name: Install local-path-provisioner
+  become: false
+  shell: kubectl apply -f {{ local_path_provisioner_url }}
+
+- name: Set local-path as default StorageClass
+  become: false
+  shell: >
+    kubectl patch storageclass local-path
+    -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+
+- name: Create argocd namespace
+  become: false
+  shell: kubectl create namespace argocd
+  register: argocd_ns
+  failed_when: argocd_ns.rc != 0 and 'already exists' not in argocd_ns.stderr
+  changed_when: argocd_ns.rc == 0
+
+- name: Install ArgoCD
+  become: false
+  shell: kubectl apply -n argocd -f {{ argocd_manifest_url }} --server-side
+
+- name: Patch ArgoCD server to NodePort
+  become: false
+  shell: >
+    kubectl patch svc argocd-server -n argocd
+    -p '{"spec": {"type": "NodePort"}}'
+
+- name: Clone Git repository
+  git:
+    repo: "{{ git_repo_url }}"
+    dest: /home/{{ master_user }}/K8s_project
+    version: main
+  become: false

z2/tasks-app/k8s_manual/roles/master/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

z2/tasks-app/k8s_manual/roles/master/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - master

z2/tasks-app/k8s_manual/roles/master/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for master

z2/tasks-app/k8s_manual/roles/worker/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

z2/tasks-app/k8s_manual/roles/worker/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+# defaults file for worker
+master_hostname: master

z2/tasks-app/k8s_manual/roles/worker/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for worker

z2/tasks-app/k8s_manual/roles/worker/meta/main.yml

@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

z2/tasks-app/k8s_manual/roles/worker/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+# tasks file for worker
+- name: Join Workers to cluster
+  shell: "{{ hostvars[master_hostname]['join_command'] }}"
+  args:
+    creates: /etc/kubernetes/kubelet.conf

z2/tasks-app/k8s_manual/roles/worker/tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

z2/tasks-app/k8s_manual/roles/worker/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - worker

z2/tasks-app/k8s_manual/roles/worker/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for worker

z2/tasks-app/templates/backend-configMap.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backend-config
+  namespace: {{ .Values.namespace }}
+data:
+  MONGO_HOST: "mongodb://{{ .Values.config.dbHost }}:{{ .Values.config.dbPort }}"

z2/tasks-app/templates/backend.yml

@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: {{ .Values.namespace }}
+spec:
+  replicas: {{ .Values.backend.replicas }}
+  selector:
+    matchLabels:
+      app: backend
+  template:
+    metadata:
+      labels:
+        app: backend
+    spec:
+      containers:
+        - name: backend
+          image: {{ .Values.backend.image }}:{{ .Values.backend.tag }}
+          resources:
+            requests:
+              memory: {{ .Values.backend.resources.requests.memory }}
+            limits:
+              memory: {{ .Values.backend.resources.limits.memory }}
+          envFrom:
+            - configMapRef:
+                name: backend-config
+          ports:
+            - containerPort: {{ .Values.backend.port }}

z2/tasks-app/templates/frontend.yml

@@ -0,0 +1,33 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: {{ .Values.namespace }}
+spec:
+  replicas: {{ .Values.frontend.replicas }}
+  selector:
+    matchLabels:
+      app: frontend
+  template:
+    metadata:
+      labels:
+        app: frontend
+    spec:
+      containers:
+        - name: frontend
+          image: {{ .Values.frontend.image }}:{{ .Values.frontend.tag }}
+          resources:
+            requests:
+              memory: {{ .Values.frontend.resources.requests.memory }}
+            limits:
+              memory: {{ .Values.frontend.resources.limits.memory }}
+          ports:
+            - containerPort: {{ .Values.frontend.port }}
+          volumeMounts:
+            - name: nginx-config
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
+      volumes:
+        - name: nginx-config
+          configMap:
+            name: nginx-config

z2/tasks-app/templates/namespace.yml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.namespace }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring

z2/tasks-app/templates/nginx-configMap.yml

@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+    name: nginx-config
+    namespace: {{ .Values.namespace }}
+data:
+    nginx.conf: |
+        worker_processes auto;
+        worker_rlimit_nofile 1035;
+        pid /var/run/nginx.pid;
+
+        events {
+            worker_connections 1024;
+            multi_accept on;
+        }
+
+        http {
+            upstream backend {
+                server backend:5000;
+            }
+
+            charset utf-8;
+            sendfile on;
+            tcp_nopush on;
+            tcp_nodelay on;
+            keepalive_timeout 65;
+            types_hash_max_size 2048;
+
+            open_file_cache max=1000 inactive=20s;
+            open_file_cache_valid 30s;
+            open_file_cache_min_uses 2;
+            open_file_cache_errors on;
+
+            client_max_body_size 10m;
+            client_body_buffer_size 16k;
+            client_header_buffer_size 1k;
+            large_client_header_buffers 2 1k;
+
+            client_body_timeout 12;
+            client_header_timeout 12;
+
+            send_timeout 10;
+
+            server_tokens off;
+
+            include /etc/nginx/mime.types;
+
+            server {
+                listen 80;
+                server_name localhost;
+                root /usr/share/nginx/html;
+                index index.html;
+
+                location / {
+                    try_files $uri $uri/ /index.html;
+                }
+
+                location /api/ {
+                    proxy_pass http://backend;
+                    proxy_set_header Host $host;
+                    proxy_set_header X-Real-IP $remote_addr;
+                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                    proxy_set_header X-Forwarded-Proto $scheme;
+                }
+            }
+        }

z2/tasks-app/templates/servicemonitor.yml

@@ -0,0 +1,15 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: backend-monitor
+  namespace: {{ .Values.namespace }}
+  labels:
+    release: monitoring
+spec:
+  selector:
+    matchLabels:
+      app: backend
+  endpoints:
+    - port: http
+      path: /metrics
+      interval: 15s

z2/tasks-app/templates/services.yml

@@ -0,0 +1,49 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongodb
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: mongodb
+spec:
+  selector:
+    app: mongodb
+  ports:
+    - protocol: TCP
+      port: {{ .Values.mongodb.port }}
+      targetPort: {{ .Values.mongodb.port }}
+  type: ClusterIP
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+  namespace: {{ .Values.namespace }}
+spec:
+  selector:
+    app: frontend
+  ports:
+    - protocol: TCP
+      port: {{ .Values.frontend.port }}
+      targetPort: {{ .Values.frontend.port }}
+      nodePort: {{ .Values.frontend.nodePort }}
+  type: NodePort
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: backend
+spec:
+  selector:
+    app: backend
+  ports:
+    - protocol: TCP
+      port: {{ .Values.backend.port }}
+      targetPort: {{ .Values.backend.port }}
+      name: http
+  type: ClusterIP

z2/tasks-app/templates/statefulset.yml

@@ -0,0 +1,57 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: mongodb-pv
+spec:
+  capacity:
+    storage: {{ .Values.mongodb.storageSize }}
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: /opt/mongodb-data
+  persistentVolumeReclaimPolicy: Retain
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mongodb-pvc
+  namespace: {{ .Values.namespace }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: ""
+  resources:
+    requests:
+      storage: {{ .Values.mongodb.storageSize }}
+  volumeName: mongodb-pv
+
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongodb
+  namespace: {{ .Values.namespace }}
+spec:
+  serviceName: mongodb
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mongodb
+  template:
+    metadata:
+      labels:
+        app: mongodb
+    spec:
+      containers:
+        - name: mongodb
+          image: {{ .Values.mongodb.image }}:{{ .Values.mongodb.tag }}
+          ports:
+            - containerPort: {{ .Values.mongodb.port }}
+          volumeMounts:
+            - name: mongodb-storage
+              mountPath: /data/db
+      volumes:
+        - name: mongodb-storage
+          persistentVolumeClaim:
+            claimName: mongodb-pvc

z2/tasks-app/values.yaml

@@ -0,0 +1,36 @@
+namespace: application
+
+backend:
+  image: ghcr.io/miracleqxz/k8s_project/backend
+  tag: "bf61386ebbd27aef40641dfccc19819382341655"
+  replicas: 2
+  port: 5000
+  resources:
+    requests:
+      memory: "100Mi"
+    limits:
+      memory: "200Mi"
+
+frontend:
+  image: ghcr.io/miracleqxz/k8s_project/web
+  tag: "bf61386ebbd27aef40641dfccc19819382341655"
+  replicas: 1
+  port: 80
+  nodePort: 30856
+  resources:
+    requests:
+      memory: "100Mi"
+    limits:
+      memory: "200Mi"
+
+mongodb:
+  image: mongo
+  tag: "latest"
+  replicas: 1
+  port: 27017
+  storageSize: 1Gi
+
+config:
+  dbHost: mongodb
+  dbPort: "27017"
+  dbName: BANK