--- # Prepares the environment for the apps-review exercise, and cleans up afterwards. # # TODO: create some projects: # - one with a project node selector # and a deployment with conflicting node {selector|affinity} ??? # - one with a very low quota # and a deployment which exceeds the quota # - taint a node # and select a deployment to run a pod on it # then debug these conditions and fix them # # TODO: make two nodes unschedulable, create a project, and deploy an application, scale to three # make the nodes schedulable again, use podAntiAffinity to disperse the pods, scale to 6 and see scheduling # # simulate load (loadtest? loadgenerator?) beyond container's cpu limit and then improve performance by raising limit # # TODO: probes with extremely low cpu limit, see them crashloop, fix it # # use stress-ng ap to allocate all memory (more than limit), monitor the metrics to diagnose the crash # # client-server apps, low limits, monitor performance # # custom metrics, grafana # # TODO: run two instances on the same node, no pdb, drain the node - observe failure in another terminal # repeat with pdb, see no failures # # recreate strategy, rollout a change, observe outage in another terminal # switch to rolling w/maxUnavailable, repeat, see no failures # # deploy an app w/requests, generate load, observe timing # add HPA, generate load, compare # - name: Prepare the exercise of apps-review. hosts: localhost gather_subset: min become: no tasks: - name: Prereqs include_role: name: check-env - name: Ensure the projects are there kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: v1 kind: namespace name: "{{ item.name }}" resource_definition: metadata: annotations: openshift.io/node-selector: "{{ item.nodeselector | default(omit) }}" loop: - name: apps-selector-conflict nodeselector: kubernetes.io/hostname=worker03 - name: apps-selector-impossible - name: apps-lowquota - name: apps-taint - name: apps-antiaffinity #- name: apps-lowlimit - name: apps-pdb - name: Deployment conflicting node selector kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: apps/v1 kind: deployment namespace: apps-selector-conflict name: conflict resource_definition: spec: replicas: 3 selector: matchLabels: app: hello template: metadata: labels: app: hello spec: nodeSelector: kubernetes.io/hostname: worker01 containers: - name: hello image: quay.io/redhattraining/hello-world-nginx:latest ports: - name: http containerPort: 8080 - name: Deployment with an impossible node selector kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: apps/v1 kind: deployment namespace: apps-selector-impossible name: select resource_definition: spec: replicas: 3 selector: matchLabels: app: hello template: metadata: labels: app: hello spec: nodeSelector: impossible: nodelabel containers: - name: hello image: quay.io/redhattraining/hello-world-nginx:latest ports: - name: http containerPort: 8080 - name: Ensure low quota on the lowquota project kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: v1 kind: resourcequota resource_definition: metadata: name: compute-quota namespace: apps-lowquota spec: hard: requests.cpu: 500m requests.memory: 512Mi limits.cpu: 1000m limits.memory: 1Gi - name: Deployment exceeding quota kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: apps/v1 kind: deployment namespace: apps-lowquota name: quota resource_definition: spec: replicas: 3 selector: matchLabels: app: hello template: metadata: labels: app: hello spec: containers: - name: hello image: quay.io/redhattraining/hello-world-nginx:latest ports: - name: http containerPort: 8080 resources: requests: memory: 1Gi cpu: 2 - name: Taint a node kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: v1 kind: node name: worker01 state: patched resource_definition: spec: taints: - effect: NoSchedule key: foo value: bar - name: Deployment targetting tainted node kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: apps/v1 kind: deployment namespace: apps-taint name: tainted resource_definition: spec: replicas: 3 selector: matchLabels: app: hello template: metadata: labels: app: hello spec: nodeSelector: kubernetes.io/hostname: worker01 containers: - name: hello image: quay.io/redhattraining/hello-world-nginx:latest ports: - name: http containerPort: 8080 - name: Make nodes unschedulable kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: v1 kind: node name: "{{ item }}" state: patched resource_definition: spec: unschedulable: true loop: - worker01 - worker02 - name: Deployment on the only available node, to be preferred kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: apps/v1 kind: deployment namespace: apps-antiaffinity name: dislike resource_definition: spec: replicas: 3 selector: matchLabels: app: dislike template: metadata: labels: app: dislike spec: #affinity: # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: # - weight: 10 # podAffinityTerm: # labelSelector: # matchLabels: # app: dislike # topologyKey: kubernetes.io/hostname containers: - name: hello image: quay.io/redhattraining/hello-world-nginx:latest ports: - name: http containerPort: 8080 - name: Deployment on the only available node, to be required kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: apps/v1 kind: deployment namespace: apps-antiaffinity name: refuse resource_definition: spec: replicas: 3 selector: matchLabels: app: refuse template: metadata: labels: app: refuse spec: #affinity: # podAntiAffinity: # requiredDuringSchedulingIgnoredDuringExecution: # labelSelector: # matchLabels: # app: refuse # topologyKey: kubernetes.io/hostname containers: - name: hello image: quay.io/redhattraining/hello-world-nginx:latest ports: - name: http containerPort: 8080 - name: Make nodes schedulable again kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: v1 kind: node name: "{{ item }}" state: patched resource_definition: spec: unschedulable: false loop: - worker01 - worker02 - name: Deployment on the same node for PDB kubernetes.core.k8s: kubeconfig: tmp/kubeconfig-ocp4 validate_certs: no api_version: apps/v1 kind: deployment namespace: apps-pdb name: budget resource_definition: spec: replicas: 2 selector: matchLabels: app: hello template: metadata: labels: app: hello spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - preference: matchExpressions: - key: kubernetes.io/hostname operator: In values: - worker02 weight: 50 containers: - name: hello image: quay.io/redhattraining/hello-world-nginx:latest ports: - name: http containerPort: 8080 ...