add resource limits

2020-07-11 21:38:00 -04:00
parent 659aae57f3
commit 9fbc00c3cc
6 changed files with 16 additions and 4 deletions
--- a/adduser.sh
+++ b/adduser.sh
@@ -1,2 +0,0 @@
 kubectl config set-credentials $USER --client-certificate=$HOME/.kube/users/$USER/$USER.crt  --client-key=$HOME/.kube/users/$USER/$USER.key
 kubectl config set-context $USER --cluster=mainframe --namespace=kube-system --user=$USER
--- a/createadmin.sh
+++ b/createadmin.sh
@@ -2,7 +2,7 @@ export USER=$1
 docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048
 docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=admin/O=manager"
 kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr
-kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000
+kubectl --context admin exec certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000
 kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt
 kubectl config set-credentials $USER --client-certificate=$HOME/.kube/users/$USER/$USER.crt  --client-key=$HOME/.kube/users/$USER/$USER.key
 kubectl config set-context $USER --cluster=mainframe --namespace=kube-system --user=$USER
--- a/certsigner/pod.yaml
+++ b/certsigner/pod.yaml
@@ -24,7 +24,7 @@ spec:
  volumes:
    - name: keys
      secret:
-        secretName: certs
+        secretName: certsigner
    - name: certs
      emptyDir: {}
--- a/createuserspace.sh
+++ b/createuserspace.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 export USER=$1
 openssl req -in $HOME/.kube/users/$USER/$USER.csr -noout -text
 helm template $USER ./namespace | kubectl --context admin apply -f -
 kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr
 kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000
--- a/namespace/templates/resourcequota.yaml
+++ b/namespace/templates/resourcequota.yaml
@@ -0,0 +1,11 @@
 apiVersion: v1
 kind: ResourceQuota
 metadata:
  name: default
  namespace: {{ .Release.Name }}
 spec:
  hard:
    requests.cpu: "12"
    requests.memory: "24G"
    limits.cpu: "48"
    limits.memory: "64G"
--- a/namespace/templates/role.yaml
+++ b/namespace/templates/role.yaml
@@ -14,6 +14,7 @@ rules:
    - traefik.containo.us
    - rbac.authorization.k8s.io
    - metrics.k8s.io
    - policy
  resources: 
    - deployments
    - replicasets
@@ -48,6 +49,7 @@ rules:
    - roles
  verbs:
    - list
    - get
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1beta1
		`@@ -1,2 +0,0 @@`
			`kubectl config set-credentials $USER --client-certificate=$HOME/.kube/users/$USER/$USER.crt --client-key=$HOME/.kube/users/$USER/$USER.key`
			`kubectl config set-context $USER --cluster=mainframe --namespace=kube-system --user=$USER`