Commit para início do curso da Udemy

README.md

@@ -0,0 +1,101 @@
+# devops
+Material do curso de treinamento de DevOps
+
+
+DevOps Ninja
+
+## Aula 1 -  Introdução
+	- Apresentacao
+	- Agenda
+
+## Aula 2 -  Containers
+
+	- Falar sobre o conceito do DEVOPS - Pegar do material da AWS que eu fiz.
+
+	- Containers Docker
+	- Registro
+	- Kubernetes
+	- Arquitetura do Rancher e Documentação do kubernetes na documentação oficial do Rancher.
+
+## Aula 3 - DevOps
+	- Falar sobre as práticas DevOps
+
+	https://www.slideshare.net/ShannonWilliams14/supercharing-cicd-with-gitlab-and-rancher-june-2017-online-meetup
+
+	slides 13 e 14
+
+
+## Aula 4 - Ambiente 
+	- Verificar ambiente
+	- Fazer docker login nos host's
+
+
+## Aula 5 - Construindo sua aplicação 
+	- Fazer build dos containers e rodar aplicação no host
+	- Cada aluno irá construir as imagens para seus projetos
+	- Fazer push para o registro
+
+## Aula 6 - Rancher - Single Node
+	- Instalar Rancher Single Node
+
+## Aula 7 - Kubernetes
+	- Criar cluster Kubernetes com 2 nós
+
+## Aula 8 - Kubectl 
+	- Usar kubectl
+
+## Aula 9 - DNS
+	- Deployment do Traefik
+
+## Aula 10 - Volume
+	- Deployment do Longhorn e da aplicação mariadb volume.
+
+## Aula 11 - Log
+	- Deployment do Graylog
+
+## Aula 12 - Monitoramento
+	- Deployment do Prometheus+Grafana
+
+## Aula 13 - CronJob
+	- Deployment de cronjob
+
+## Aula 14 -ConfigMap
+	- Deployment de configmap
+
+## Aula 15 - Secrets
+	- Deployment de secrets
+
+## Aula 16 - Liveness
+	- Deployment de aplicação com health-check
+
+## Aula 17 - Rolling-Update
+	- Deployment de aplicação com Rolling-Update
+
+## Aula 18 - Autoscaling
+	- Autoscaling de aplicação
+
+## Aula 19 - Scheduling
+	- Deployment de aplicação usando agendamento.
+
+## Aula 20 - PipeLine
+	- Criação execução de pipeline de CI/CD, usando Rancher+Github
+
+## Aula 21 - Kubeless
+	- Plataforma de funções dentro do Kubernetes, serviço muito semelhante ao AWS Lambda
+
+## Aula 22 - HELM - Gerenciador de pacotes do kubernetes
+	- Iremos instalar e configurar o Helm, bem como fazer o deployment de uma aplicação através dele.
+
+## Aula 23 - Como construir uma estratégia de containers Enterprise.
+
+	How to Build an Enterprise Kubernetes Strategy -- June 2019.pdf
+
+
+# Roadmap
+
+## Políticas de rede
+## Istio - ServiceMesh
+## CSI Scans
+## Database in containers
+
+?????

exercicios/app.yml

@@ -0,0 +1,125 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: logs
+  # namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - nodes/proxy
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+
+
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: logs
+  # namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: logs
+subjects:
+
+
+- kind: Group
+  name: system:serviceaccounts
+  apiGroup: rbac.authorization.k8s.io
+- kind: ServiceAccount
+  name: logs
+  namespace: kube-system
+
+
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: logs
+  # namespace: whoami5
+
+
+---
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: whoami5
+  # namespace: whoami5
+  labels:
+    allow.http: "false"
+    application: whoami5
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      application: whoami5
+  template:
+    metadata:
+      labels:
+        application: whoami5
+    spec:
+      serviceAccount: logs
+      containers:
+      - name: whoami5
+        image: registry.rancher.signallink.us/jonathan/whoami
+        env:
+        - name: PASS
+          value: "jon"
+        - name: USER
+          value: "jon"
+        ports:
+        - containerPort: 8778
+        securityContext:
+          privileged: true
+
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: whoami5
+  # namespace: whoami5
+spec:
+  type: ClusterIP
+  ports:
+  - port: 80 # Porta a ser exposta pelo SERVICE
+    targetPort: 8778 # Porta que a aplicação está rodando no POD
+  selector:
+    application: whoami5
+
+
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: whoami5
+  # namespace: whoami5
+  annotations:
+    allow.http: "false"
+
+spec:
+  rules:
+  - host: app.rancher.instrutor.signallink.us
+    http:
+      paths:
+        - path: /
+          backend:
+            serviceName: whoami5
+            servicePort: 80 # Porta que sera usada pelo SERVICE - DEVE SER A MESMA do SERVICE
+
+
+

exercicios/app/docker-compose.yml

@@ -0,0 +1,52 @@
+# Versão 2 do Docker-Compose
+version: '2'
+
+services:
+
+    nginx:
+        restart: "always"
+        image: <dockerhub-user>/nginx:devops
+        ports:
+            - "80:80"
+        links:
+            # Colocar mais nós para escalar
+            - node
+            # - node-2
+
+    redis:
+        restart: "always"
+        image: <dockerhub-user>/redis:devops
+        ports:
+            - 6379
+
+    mysql:
+        restart: "always"
+        image: mysql
+        ports:
+            - 3306
+        environment:
+            MYSQL_ROOT_PASSWORD: 123
+            MYSQL_DATABASE: books
+            MYSQL_USER: apitreinamento
+            MYSQL_PASSWORD: 123 
+
+# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+
+    node:
+        restart: "always"
+        image: <dockerhub-user>/node:devops
+        links:
+            - redis
+            - mysql
+        ports:
+            - 8080
+        volumes:
+            -  volumeteste:/tmp/volumeteste
+
+# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+
+# Mapeamento dos volumes
+volumes:
+    volumeteste:
+        external: false
+

exercicios/app/limpar-host.md

@@ -0,0 +1,27 @@
+
+### Limpar o host
+Algumas vezes é preciso sanitizar o host, e deixar ele apto para receber carga novamente. Para isso, muitas vezes é preciso remover o docker, suas dependências, arquivos do kubernetes, entre outros.
+
+Não itemos limpar o host nesse passo, mas os comandos estão aqui como referência.
+```sh
+$ docker rm -f $(docker ps -qa)
+$ docker rmi -f $(docker images -q)
+$ docker volume rm $(docker volume ls)
+$ systemctl stop docker
+$ for mount in $(mount | grep tmpfs | grep '/var/lib/kubelet' | awk '{ print $3 }') /var/lib/kubelet /var/lib/rancher; do umount $mount; done
+$ rm -rf /etc/ceph /etc/cni /etc/kubernetes /opt/cni /opt/rke /run/secrets/kubernetes.io /run/calico /run/flannel /var/lib/calico /var/lib/etcd /var/lib/cni /var/lib/kubelet /var/lib/rancher/rke/log /var/log/containers /var/log/pods /var/run/calico /opt/rancher
+$ systemctl start docker
+```
+
+
+### FirewallD
+Talvez o firewall esteja ativado nos host's, será preciso desativar.
+```sh
+$ iptables -L -n -v
+$ systemctl stop firewalld
+$ systemctl disable firewalld
+
+
+$ iptables -F
+$ vi /etc/selinux/config
+```

exercicios/app/nginx/Dockerfile

@@ -0,0 +1,11 @@
+	# Setar a imagem do nginx
+FROM nginx
+
+	# Autor/Mantenedor
+MAINTAINER Jonathan Baraldi
+
+	# Copiar configurações customizadas do diretório atual
+COPY nginx.conf /etc/nginx/nginx.conf
+
+COPY certificado/certificado.crt  /etc/ssl/certificado.crt
+COPY certificado/certificado.key  /etc/ssl/certificado.key

exercicios/app/nginx/certificado/certificado.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACCQCDSEGANuPHUDANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMC
+QlIxCzAJBgNVBAgTAlJTMRYwFAYDVQQHEw1Ob3ZvIEhhbWJ1cmdvMRkwFwYDVQQK
+ExBKb25hdGhhbiBCYXJhbGRpMRkwFwYDVQQLExBKb25hdGhhbiBCYXJhbGRpMRkw
+FwYDVQQDExBKb25hdGhhbiBCYXJhbGRpMSgwJgYJKoZIhvcNAQkBFhlqb25hdGhh
+bmJhcmFsZGlAZ21haWwuY29tMB4XDTE2MDYyOTE4Mjg0MloXDTE3MDYyOTE4Mjg0
+Mlowga0xCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJSUzEWMBQGA1UEBxMNTm92byBI
+YW1idXJnbzEZMBcGA1UEChMQSm9uYXRoYW4gQmFyYWxkaTEZMBcGA1UECxMQSm9u
+YXRoYW4gQmFyYWxkaTEZMBcGA1UEAxMQSm9uYXRoYW4gQmFyYWxkaTEoMCYGCSqG
+SIb3DQEJARYZam9uYXRoYW5iYXJhbGRpQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAL5Nik4j/Su39MY911WLuYTb4KefFkmwcdY0Z10B
+TELxNw0av3UQ2JUVU16k6azkOHahxm4QYBakSY8KuoLwTQbxigRoDiKf5VPQSaDe
+jpyQ0Y5CAPSoa7fiA++Vc0WTdlnuykkkHgFfkKHzXRO8gxrKGzPpFoyBgkwzP+YK
+M5KLKX8G7GDO2GR3vRCBgMt5f4Zm0kVWeneuDZYdw0fR5/dQX+Ww/uXnWvu8DZow
+SD8HSxnPe6sPcBF506fGd4CaETqnz/oEyADkjL0sjT+X9rr86tdy3w5RVd28GYR/
+1yUa/b/D9pfYDKZ8k886uD31mliEYw/Pn+Wg22ReiE6g220CAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAFlEakykk1cDhZq3XPsTgWhI/t/mEjnTUV5pPg7hUfYLAXRIU
+YZglpLoXfwYsbfekpaljdOLaxkkjxKdyo+oqtW/zlyV+Z1eXLQJa+W2BO4lK7FJU
+yuXhA9r7cRoBzfwarO/jpqPux4XGhAlWBrFwCHtBPo5qQV6qmAccRjlFsXf3mZXK
+j2cQ8Qli1edGAGBeA06fYVen9glIuXzCbpbaU0dp+yGBaV8NpjjV18HixiMKnCw/
+kB7JqOVPvKRTWoCz2OyaQqkkrCK/IPgAE0z+9Z4b8bwmnWhlmKcO2lvRIZJ72XVi
+c4vlzZA9GV74b3e3mrEYkRnkFTdUr4EoqaEbag==
+-----END CERTIFICATE-----

exercicios/app/nginx/certificado/certificado.csr

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDLTCCAhUCAQAwga0xCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJSUzEWMBQGA1UE
+BxMNTm92byBIYW1idXJnbzEZMBcGA1UEChMQSm9uYXRoYW4gQmFyYWxkaTEZMBcG
+A1UECxMQSm9uYXRoYW4gQmFyYWxkaTEZMBcGA1UEAxMQSm9uYXRoYW4gQmFyYWxk
+aTEoMCYGCSqGSIb3DQEJARYZam9uYXRoYW5iYXJhbGRpQGdtYWlsLmNvbTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5Nik4j/Su39MY911WLuYTb4Kef
+FkmwcdY0Z10BTELxNw0av3UQ2JUVU16k6azkOHahxm4QYBakSY8KuoLwTQbxigRo
+DiKf5VPQSaDejpyQ0Y5CAPSoa7fiA++Vc0WTdlnuykkkHgFfkKHzXRO8gxrKGzPp
+FoyBgkwzP+YKM5KLKX8G7GDO2GR3vRCBgMt5f4Zm0kVWeneuDZYdw0fR5/dQX+Ww
+/uXnWvu8DZowSD8HSxnPe6sPcBF506fGd4CaETqnz/oEyADkjL0sjT+X9rr86tdy
+3w5RVd28GYR/1yUa/b/D9pfYDKZ8k886uD31mliEYw/Pn+Wg22ReiE6g220CAwEA
+AaA6MBcGCSqGSIb3DQEJBzEKEwgxMnF3YXN6eDAfBgkqhkiG9w0BCQIxEhMQSm9u
+YXRoYW4gQmFyYWxkaTANBgkqhkiG9w0BAQUFAAOCAQEAYhLydl4tL51AxNrDaY8W
+Zg69VSvoRQorb7dubgUgJ5FX/GOt6w8EWG5/XpiEPZn0HFjSMY4hi6cMuUyZLPlI
+HaHWmjeC2W4jlWLXfP8oG3hz6xTxwGbAGBu9D2P4SdMxO7hGHVfbwemobg7zOfrC
+b4W5SJckZ1Q6EeV3UVlAUFPf3mQdgtxN63diYqX984nQH+WKUWffW881QiUWEHSA
+Ll+MGteCQxi2XJ2awO0Mdv5oZDAjvKxr/+5mHWmkfU/VB1UMDtT/KhvDIwyNJbkU
+YYpi1xXpOSW4+GVXKhJf5qW85NC1iiblcV4ZhorPmfjXmrS2M9FdwP75Fg5n2zcF
+Nw==
+-----END CERTIFICATE REQUEST-----

exercicios/app/nginx/certificado/certificado.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvk2KTiP9K7f0xj3XVYu5hNvgp58WSbBx1jRnXQFMQvE3DRq/
+dRDYlRVTXqTprOQ4dqHGbhBgFqRJjwq6gvBNBvGKBGgOIp/lU9BJoN6OnJDRjkIA
+9Khrt+ID75VzRZN2We7KSSQeAV+QofNdE7yDGsobM+kWjIGCTDM/5gozkospfwbs
+YM7YZHe9EIGAy3l/hmbSRVZ6d64Nlh3DR9Hn91Bf5bD+5eda+7wNmjBIPwdLGc97
+qw9wEXnTp8Z3gJoROqfP+gTIAOSMvSyNP5f2uvzq13LfDlFV3bwZhH/XJRr9v8P2
+l9gMpnyTzzq4PfWaWIRjD8+f5aDbZF6ITqDbbQIDAQABAoIBAHdPJebXqWI/crbX
+DqoTb7xcHfz5QH/yn2wsbqFgru9JS7prip1acm8Fb79mpRo/+yZlRoK6wYNwfK2x
+jD2Lar9vr5gTpMkQdjaV35N79O0z3i3SM8cv0Fj42n7as+prCUhY7XntquIxh/wB
+F9nH1mp1S5jACeMNTyN2/hi7TJoSkKRbXDp4TwIUpJMKqTRvgJHO45rpn0NI8qdv
++WfafGkDazUPvkaCwlwqt4MzaYayFmnD/1MqMFIxzjsvBFcpHYBUaR+Zw1NMYXtU
+Qor51FO3jhf/6ChmcDuQ2SISttypO+QWBUaTrWI92sw9Zu8JQny2twAfOQwYuRwp
+alTdYAECgYEA4HK+8w++439y3iKcLztHZRXa0/4Sq5DP1CbDB3seIKGAFDn0mA2a
+Df61x9dvf7Wm+hFpJyVk/QM003Q5x7Ml4p+MiPi0cf0hWBcVKKSitxMzcC5VP7CT
+Cr/++RtsRRvlpEQ/jfVdmuwPk86gSH9HOu2hso1yhmp21AV/cuR1HFECgYEA2Q4A
+Mc2+jUDot5qpIVHWD0QwWIj6EzUsC0bdUfs7hx0xERnSz5QbzMuyaVzNqd6JmwcJ
+9kWbRmr3cMS2jxD1cu7uweViD/O26gilwupVJz89Tk1QqXuPFkTPVx8IphPGV83y
+mxkmx+wAKJzDlou9N4FCEXapTdjCuBZ7Ws8B8l0CgYAcgfaG4MUaGCH63OKBjUHw
+MOpuaqLsb6Q2CgZTeOvGsTyXVRUgCvo6NNPZ4h8jVWsz7+ovMqy1Bic7hFOibbqu
+Ih2zeANTRxdpHOVvGBoirqml4fyp7j9+6gv0j+scjAKK7rAz06pj9v+zglcRXjkp
+3uzexOB6+iLFoz0g1quZQQKBgERNWpRRiSgMB+9W9OfuR60QKSKDICaRMeXui9Cz
+fTz8W6dk9+ioU8MzSlZLhNByndyx71mW99DF8k2DKWuFy6c6Ntm/JAefCq1EwVy/
+vsIV7WXJgJuErTc1ugVRV7hjOqQAw9o4pPJ+emJNSmMCYC2qOC8kpww/LK8fK/wc
+biFlAoGBAIBpY5Hk+MzAavppIJk8Ze1FAUCh7n7Vli/5afArZv4+a4Njxzggn6om
+tsXhZwIiRNucqlrn+67Ssxz5DmvrixkIjraHAPh6MUKyyWHyTVQWXkOCtnH6+H5n
+LurI53Xcr7nLEktKPgD9TDcSlhadl1+fmFwuf8+P6ssKgPseKqYp
+-----END RSA PRIVATE KEY-----