cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: restore
namespace: monitoring
spec:
securityContext:
fsGroup: 1000 # GID del usuario del container tf-infra
containers:
- name: restore
image: ubuntu:latest
imagePullPolicy: IfNotPresent
command: [ "/bin/sh", "-c", "--" ]
args: [ "while true; do sleep 30; done;" ]
volumeMounts:
- name: loki
mountPath: /data/loki
- name: prometheus
mountPath: /data/prometheus
restartPolicy: Never
volumes:
- name: loki
persistentVolumeClaim:
claimName: storage-loki-stack-0
- name: prometheus
persistentVolumeClaim:
claimName: prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0
EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
# block not whitelilsted ips returns a 403 error
nginx.ingress.kubernetes.io/whitelist-source-range: 1.1.1.1/32,2.2.2.2/32
nginx.ingress.kubernetes.io/server-snippet: |
error_page 403 = @errorpages; # catch the error
location @errorpages {
return 503 "We are on maintenance mode.
Please come back later.";
}
helm repo add cert-manager https://charts.jetstack.io
helm repo update
helm search repo <repo_name>
helm pull [chart URL | repo/chartname] [...] [flags]
# evaluar el values.yaml en el template
helm template ./chart
apiVersion: v1
kind: Pod
metadata:
name: ubuntu
namespace: devops
labels:
app: ubuntu
spec:
containers:
- image: ubuntu:latest
imagePullPolicy: Always
name: ubuntu
command: [ "/bin/sh", "-c", "--" ]
args: [ "while true; do sleep 30; done;" ]
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: NodeGroup
operator: In
values:
- system
tolerations:
- key: dedicated
operator: Equal
value: system
effect: NoSchedule