Skip to content

Commit

Permalink
hw done
Browse files Browse the repository at this point in the history
  • Loading branch information
@voitenkov
voitenkov committed Nov 16, 2023
1 parent eeb738f commit 0e1ae7e
Show file tree
Hide file tree
Showing 6 changed files with 61 additions and 7 deletions.
13 changes: 10 additions & 3 deletions kubernetes/infra/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ module "a1-subnet" {
subnet_name = "subnet-${var.project}-${var.environment}-a1"
subnet_network_id = yandex_vpc_network.network-otus-devops-prod.id
subnet_zone = "ru-central1-a"
subnet_v4_cidr_blocks = local.cidr_local
subnet_v4_cidr_blocks = [local.cidr_local]

depends_on = [yandex_vpc_network.network-otus-devops-prod]
}
Expand Down Expand Up @@ -139,8 +139,8 @@ module "k8s-node-group-sa" {
sa_role = "container-registry.images.puller"
}

module "c1-k8s-cluster-calico" {
source = "../modules/k8s-cluster"
module "c1-k8s-cluster" {
source = "../modules/k8s-cluster-calico"
k8s_cluster_name = "cluster-1"
k8s_cluster_project = var.project
k8s_cluster_environment = var.environment
Expand Down Expand Up @@ -213,3 +213,10 @@ resource "yandex_dns_recordset" "r1-dns-rs-otus-devops-prod" {

depends_on = [yandex_dns_zone.z1-dns-zone-otus-devops]
}

resource "yandex_compute_disk" "disk-otus-devops-prod-k8s" {
name = "k8s"
type = "network-hdd"
zone = "ru-central1-a"
size = 4
}
3 changes: 0 additions & 3 deletions kubernetes/modules/k8s-cluster-calico/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,5 @@ resource "yandex_kubernetes_cluster" "k8s-cluster" {

service_account_id = data.yandex_iam_service_account.service_account.service_account_id
node_service_account_id = data.yandex_iam_service_account.node_service_account.service_account_id
cluster_ipv4_range = var.k8s_cluster_cluster_ipv4_range
service_ipv4_range = var.k8s_cluster_service_ipv4_range
network_policy_provider = "CALICO"

}
3 changes: 2 additions & 1 deletion kubernetes/reddit/mongo-deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,5 @@ spec:
mountPath: /data/db
volumes:
- name: mongo-persistent-storage
emptyDir: {}
persistentVolumeClaim:
claimName: mongo-pvc
24 changes: 24 additions & 0 deletions kubernetes/reddit/mongo-network-policy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-db-traffic
labels:
app: reddit
spec:
podSelector:
matchLabels:
app: reddit
component: mongo
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
app: reddit
component: comment
- podSelector:
matchLabels:
app: reddit
component: post
12 changes: 12 additions & 0 deletions kubernetes/reddit/persistence-volume-claim.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mongo-pvc
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
volumeName: mongo-pv
13 changes: 13 additions & 0 deletions kubernetes/reddit/persistent-volume.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: mongo-pv
spec:
capacity:
storage: 4Gi
accessModes:
- ReadWriteOnce
csi:
driver: disk-csi-driver.mks.ycloud.io
fsType: ext4
volumeHandle: fhmbc24g03jrlbb61p4g

0 comments on commit 0e1ae7e

Please sign in to comment.