Merge branch 'pluhin:md-sa2-30-24' into md-sa2-30-24

Denis_Fedosevich/15.Kubernetes_CI_CD/README.md

@@ -0,0 +1,122 @@
+# 15. Kubernetes CI CD
+## Homework Assignment 1. ArgoCD deployment and application
+
+**List of links:**
+- [My Repository ArgoCD](https://github.com/fedos1993/argo-cd)
+- [My Helm Repository](https://github.com/fedos1993/helm-repo)
+- [Sealed Secret object](https://github.com/fedos1993/argo-cd/tree/master/argo-apps/sealed-secrets)
+
+### 1.Installing ArgoCD
+```shell
+$ wget https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.2/manifests/install.yaml -O argocd-install.yaml
+$ kubectl create namespace argocd
+$ kubectl apply -f argo-cd-install.yaml -n argocd
+```
+### 2.Obtaining a password for ArgoCD
+```shell
+$ kubectl -n argo-cd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
+```
+### 3.Connecting repositories
+**List of connected repositories**
+
+![List of connected repositories](./images/list_of_repo.png)
+
+### 4.Creating and Deploying Applications in ArgoCD
+
+**My Repository argo-cd**
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+  name: argo-app
+  namespace: argocd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    directory:
+      recurse: true
+    path: argo-apps
+    repoURL: https://github.com/fedos1993/argo-cd
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+```
+**Sealed secret controller**
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sealed-secret
+  namespace: argocd
+spec:
+  destination:
+    namespace: kube-system
+    server: https://kubernetes.default.svc
+  source:
+    repoURL: https://bitnami-labs.github.io/sealed-secrets
+    targetRevision: 2.17.0
+    chart: sealed-secrets
+    helm:
+      parameters:
+        - name: fullnameOverride
+          value: sealed-secrets-controller
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+```
+**My helm Repository**
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: jenkins
+  namespace: argocd
+spec:
+  project: default
+  destination:
+    namespace: ci-cd
+    server: https://kubernetes.default.svc
+  source:
+    chart: jenkins
+    repoURL: https://fedos1993.github.io/helm-repo
+    targetRevision: 0.3.0
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+```
+**Deploying**
+```shell
+$ kubectl apply -f applications/argo-app.yaml
+$ kubectl apply -f applications/sealed-secret-app.yaml
+$ kubectl apply -f applications/jenkins-app.yaml
+```
+**List of applications managed by ArgoCD**
+![List of applications](./images/applications.png)
+
+### 5.Retrieving and Encrypting Secrets from ArgoCD
+```shell
+$ kubectl get secret repo-4276310855  -n argocd -o yaml > secret-argo-repo.yaml
+$ kubectl get secret repo-3947450314  -n argocd -o yaml > secret-seals-repo.yaml
+$ kubectl get secret repo-453705849 -n argocd -o yaml > secret-helm-repo.yaml
+
+$ cat secret-argo-repo.yaml | kubeseal --format yaml >  sealed_argo_repo.yaml
+$ cat secret-seals-repo.yaml | kubeseal --format yaml >  sealed-seals-repo.yaml
+$ cat secret-helm-repo.yaml | kubeseal --format yaml >  sealed-helm-repo.yaml
+```
+### 6.Deployment of Sealed Secrets objects after pushing them to a remote repository tracked by ArgoCD
+
+**List of sealed secrets objects**
+![List of sealed secrets in dashboard](./images/sealed_secrets.png)

Yuliya_Buyalskaya/17.Log_monitoring/README.md

@@ -0,0 +1,26 @@
+## Homework Assignment 1: Use grafana Loki for log monitoring
+
+To use grafana Loki add corresponding [loki.yaml](https://github.com/Julie717/argocd/blob/master/app/monitoring/loki.yaml) to argocd
+
+Check that Loki appeared in argocd
+
+![loki](../17.Log_monitoring/pictures/1.jpg)
+
+Add loki data source in grafana
+
+![loki data source in grafana](../17.Log_monitoring/pictures/2.jpg)
+
+Create grafana dashboard and add variable for intervals
+
+![time interval](../17.Log_monitoring/pictures/3.jpg)
+
+Create graph for counting errors, using logql for writing query
+```text
+(count_over_time({app="drupal"} |~ "(?i)error" [$time_interval])) or (count_over_time({app="wordpress"} |~ "(?i)error" [$time_interval]))or (count_over_time({app="jenkins"} |~ "(?i)error" [$time_interval]))or (count_over_time({app="node-exporter"} |~ "(?i)error" [$time_interval])) or  (count_over_time({app="ingress-nginx"} |~ "(?i)error" [$time_interval]))
+```
+
+Mostly errors happened while restarting pods
+![errors graph](../17.Log_monitoring/pictures/4.jpg)
+
+On dashboard there is a possibility to change time interval
+![time interval changing](../17.Log_monitoring/pictures/5.jpg)

Yuliya_Buyalskaya/17.Log_monitoring/grafana_dashboard.json

@@ -0,0 +1,174 @@
+{
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "grafana",
+          "uid": "-- Grafana --"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
+          "type": "dashboard"
+        },
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "id": 1,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "datasource": {
+        "type": "loki",
+        "uid": "gfa_jUKNz"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "line",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 5,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 11,
+        "w": 12,
+        "x": 0,
+        "y": 0
+      },
+      "id": 2,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "loki",
+            "uid": "gfa_jUKNz"
+          },
+          "editorMode": "code",
+          "expr": "(count_over_time({app=\"drupal\"} |~ \"(?i)error\" [$time_interval])) or (count_over_time({app=\"wordpress\"} |~ \"(?i)error\" [$time_interval]))or (count_over_time({app=\"jenkins\"} |~ \"(?i)error\" [$time_interval]))or (count_over_time({app=\"node-exporter\"} |~ \"(?i)error\" [$time_interval])) or  (count_over_time({app=\"ingress-nginx\"} |~ \"(?i)error\" [$time_interval]))",
+          "queryType": "range",
+          "refId": "A"
+        }
+      ],
+      "title": "Count errors",
+      "type": "timeseries"
+    }
+  ],
+  "refresh": false,
+  "revision": 1,
+  "schemaVersion": 38,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "current": {
+          "selected": true,
+          "text": "5m",
+          "value": "5m"
+        },
+        "hide": 0,
+        "includeAll": false,
+        "multi": false,
+        "name": "time_interval",
+        "options": [
+          {
+            "selected": true,
+            "text": "5m",
+            "value": "5m"
+          },
+          {
+            "selected": false,
+            "text": "1h",
+            "value": "1h"
+          },
+          {
+            "selected": false,
+            "text": "1d",
+            "value": "1d"
+          }
+        ],
+        "query": "5m, 1h, 1d",
+        "queryValue": "",
+        "skipUrlSync": false,
+        "type": "custom"
+      }
+    ]
+  },
+  "time": {
+    "from": "2025-02-09T19:10:49.057Z",
+    "to": "2025-02-10T00:22:52.221Z"
+  },
+  "timepicker": {},
+  "timezone": "",
+  "title": "New dashboard",
+  "uid": "I5JBWQFNk",
+  "version": 5,
+  "weekStart": ""
+}

Yuliya_Buyalskaya/README.md

@@ -13,4 +13,5 @@
 [Homework 13. Kubernetes. Helm](../Yuliya_Buyalskaya/13.Kubernetes.Helm/README.md) \
 [Homework 14. Kubernetes application deployment](../Yuliya_Buyalskaya/14.Kubernetes_application_deployment/README.md) \
 [Homework 15. Kubernetes CI CD](../Yuliya_Buyalskaya/15.Kubernetes_CI_CD/README.md) \
-[Homework 16. Technical and service monitoring](../Yuliya_Buyalskaya/16.Technical_and_service_monitoring/README.md)
+[Homework 16. Technical and service monitoring](../Yuliya_Buyalskaya/16.Technical_and_service_monitoring/README.md) \
+[Homework 17. Log monitoring](../Yuliya_Buyalskaya/17.Log_monitoring/README.md)

demo/19.Jenkins/01_AuthorizationStrategy.groovy

@@ -0,0 +1,14 @@
+
+import jenkins.model.*
+import hudson.security.*
+
+def instance = Jenkins.getInstance()
+
+def strategy = instance.getAuthorizationStrategy()
+if (!(strategy instanceof GlobalMatrixAuthorizationStrategy)) {
+  strategy = new GlobalMatrixAuthorizationStrategy()
+  instance.setAuthorizationStrategy(strategy)
+  instance.save()
+  instance.doSafeRestart()
+}
+

demo/19.Jenkins/02_addUser.groovy

@@ -0,0 +1,17 @@
+
+
+import jenkins.model.*
+import hudson.security.*
+
+def instance = Jenkins.getInstance()
+
+def hudsonRealm = new HudsonPrivateSecurityRealm(false)
+hudsonRealm.createAccount("admin", "admin")
+instance.setSecurityRealm(hudsonRealm)
+
+def strategy = (GlobalMatrixAuthorizationStrategy) instance.getAuthorizationStrategy()
+strategy.add(Jenkins.ADMINISTER, "admin")
+instance.setAuthorizationStrategy(strategy)
+
+instance.save()
+

demo/19.Jenkins/README.md

@@ -0,0 +1,19 @@
+
+## Make ssh tunnel
+```bash
+ssh -L 8080:127.0.0.1:8080 user@192.168.204.85 -f -N
+```
+
+## Install node script
+
+```bash
+apt update && apt upgrade -yqq
+apt install -yqq openjdk-17-jre wget git curl
+useradd -m -d /var/lib/jenkins jenkins
+runuser -l jenkins -c 'mkdir /var/lib/jenkins/.ssh/'
+runuser -l jenkins -c 'cat /tmp/authorized_keys >> /var/lib/jenkins/.ssh/authorized_keys'
+chown jenkins:jenkins /var/lib/jenkins/.ssh/authorized_keys
+chmod 600 /var/lib/jenkins/.ssh/authorized_keys
+rm -f /tmp/authorized_keys
+echo "Client done!"
+```