From 6135fc724bcb745f9bd00deb80302bff2d83a467 Mon Sep 17 00:00:00 2001
From: Dmitriy Creed <creed@soramitsu.co.jp>
Date: Wed, 9 Nov 2022 09:13:27 +0700
Subject: [PATCH 1/3] Upload the Lab 11 assignment

Signed-off-by: Dmitriy Creed <creed@soramitsu.co.jp>
---
 LAB10.md | 62 ++++++++++++++++++++++++++++++++------------------------
 1 file changed, 36 insertions(+), 26 deletions(-)

diff --git a/LAB10.md b/LAB10.md
index 12bde5264..6274f1f42 100644
--- a/LAB10.md
+++ b/LAB10.md
@@ -1,44 +1,54 @@
-# 10
+# 11
 
-## Helm
-
-In this lab you need to get familiar with `Helm`. Setup local development environment and prepare a few manifests for your application.
+## K8s secrets and resources
 
 ### 10 points
 
-1. Read about `Helm`:
-    * [Helm Architecture](https://helm.sh/docs/topics/architecture/)
-    * [Charts](https://helm.sh/docs/topics/charts/)
+In this lab you will figure out how to manage sensitive data such as a password, a token, or a key in kubernetes. Then you will set up CPU and memory limits for your app.
+
+1. Create a secret in your cluster using `kubctl`.
+
+    * [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/)
+    * [Managing secrets](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/#decoding-secret)
+
+2. Verify and decode your secret, then create 11.md in the k8s folder and provide the output of the commands inside.
+
+3. So we'll skip configuration file for secret, let's use helm.
 
-2. Install helm:
-    * [Installing Helm](https://helm.sh/docs/intro/install/)
-    * [Chart repository](https://helm.sh/docs/intro/quickstart/#initialize-a-helm-chart-repository)
+    * You need to create `secrets.yaml` file in `templates` folder.
+    * Create a `secret` object inside.
+    * Add `env` field to your `Deployment`. Path that you will need: `spec.template.spec.containers.env.`
 
-3. Create your own chart:
-    * [Example](https://helm.sh/docs/intro/using_helm/#creating-your-own-charts)
-    * Inside the `k8s` folder use `helm create your-app` to create a template.
-    * To use your own application repository instead of the default repository provided, replace the default repository and tag inside the `values.yaml` with your repository name.
-    * Don't forget to change `containerPort` in the `deployment.yml`.
-    * If you can't troubleshoot `livenessProbe` and `readinessProbe` - comment it.
+        > [Helm secrets](https://www.youtube.com/watch?v=hRSlKRvYe1A)
 
-    > Use `minikube dashboard` command for troubleshooting.
+    * Update your helm deployment (instructions are present in the video). Get pods: `kubectl get po.` Use the name of the pod to provide a proof of your success. Check your secret inside pod, example: `kubectl exec demo- 5f898f5f4c-2gpnd -- printenv | grep MY_PASS.`
 
-4. Install your helm chart and make sure that all services are healthy. Check `Workloads` page in the `minikube` dashboard.
+4. Read about Resources management:
 
-5. Check it with the `minikube service your_service_name` command. Also provide the output of the `kubectl get pods,svc` command in the report.
+    * [Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
 
-6. Create a PR to the forked repo lab9 branch, ask your teammates to review it and review PRs of your teammates.
+5. Set up requests and limits for CPU and memory for your application and test that it works.
 
-7. Create a PR in your own repository from the lab10 branch to the lab9 one. It will help us with grading.
+6. Create a PR to the forked repo lab11 branch, ask your teammates to review it and review PRs of your teammates.
+
+7. Create a PR in your own repository from the lab11 branch to the lab10 one. It will help us with grading.
 
 ### List of requirements
 
-* Helm Chart
-* Output of `kubectl get pods,svc` command in `README.md` in `k8s` folder
+* proof of work with a secret in 11.md for the step 2
+* secrets.yaml
+* proof of work with  a secret in 11.md for the step 3
+* resource requests and limits for cpu and memory
 
 ## Bonus
 
-### 1 point
+### 2 points
+
+1. Add environment variables for your containers:
+
+   * Read about it:
+
+       * [K8s env vars](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)
 
-1. Prepare a helm chart for your extra app.
-2. Read about `Library Charts` and `Umbrella charts`, provide the explanation in a nutshell, as you understand it. No copy paste.
+   * Update your helm chart with several environment variables, but use named templates, move them to `_helpers.tpl` file:
+       * [Helm named templates](https://helm.sh/docs/chart_template_guide/named_templates/)

From 0050fe4235b856a25c699f591cbdd6bd09eac55e Mon Sep 17 00:00:00 2001
From: Alexey Posikera <posikera@bk.ru>
Date: Mon, 14 Nov 2022 15:00:44 +0300
Subject: [PATCH 2/3] fix lab number

---
 LAB10.md => LAB11.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename LAB10.md => LAB11.md (100%)

diff --git a/LAB10.md b/LAB11.md
similarity index 100%
rename from LAB10.md
rename to LAB11.md

From 94a2c6cfd48ecb53482051328ff6c46150f38c37 Mon Sep 17 00:00:00 2001
From: Alexey Posikera <posikera@bk.ru>
Date: Mon, 14 Nov 2022 16:25:34 +0300
Subject: [PATCH 3/3] lab11 done

---
 k8s/.gitignore                        |  1 +
 k8s/11.md                             | 21 +++++++++++++++++++++
 k8s/secrets.yaml                      | 27 +++++++++++++++++++++++++++
 k8s/timeweb/templates/deployment.yaml |  6 ++++++
 k8s/timeweb/templates/secrets.yaml    |  8 ++++++++
 k8s/timeweb/values.yaml               |  9 ++++++++-
 6 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 k8s/.gitignore
 create mode 100644 k8s/11.md
 create mode 100644 k8s/secrets.yaml
 create mode 100644 k8s/timeweb/templates/secrets.yaml

diff --git a/k8s/.gitignore b/k8s/.gitignore
new file mode 100644
index 000000000..231da07d3
--- /dev/null
+++ b/k8s/.gitignore
@@ -0,0 +1 @@
+*.dec
diff --git a/k8s/11.md b/k8s/11.md
new file mode 100644
index 000000000..6214ec05c
--- /dev/null
+++ b/k8s/11.md
@@ -0,0 +1,21 @@
+# k8s secrets
+
+* Verify secret
+
+![](https://i.ibb.co/djxg1VT/1.png)
+
+* Decode secret
+
+![](https://i.ibb.co/yVVDR3b/2.png)
+
+* Created secrets and install the app
+
+![](https://i.ibb.co/MnMbWNW/3.png)
+
+* Check that the secret is in envs
+
+![](https://i.ibb.co/VJjHJGz/4.png)
+
+* Apply resources requests and limits
+
+![](https://i.ibb.co/JCBhHz4/5.png)
diff --git a/k8s/secrets.yaml b/k8s/secrets.yaml
new file mode 100644
index 000000000..e24a2848c
--- /dev/null
+++ b/k8s/secrets.yaml
@@ -0,0 +1,27 @@
+mysupersecret: ENC[AES256_GCM,data:qmYMOKMUORFnsYo=,iv:fvO12q/kusb01PDqFhFLgu0k3oEOrMEupTV6GeAEPGc=,tag:1wF56n5IjjarD8hXutS7UA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    lastmodified: '2022-11-14T12:57:47Z'
+    mac: ENC[AES256_GCM,data:2JrHoYXalnru+oZpz+d+7lzYP6SDGFN/Qo9WZCNDYTxG1eSyWwM5h4HJHT1WwL0BJXbiCDMh36I83THPhNlPEGQ8MRSObpgmcBc+/vGXOxCbAB/EVu8NFh9sp2JRoBqH4x3hVVqBf0ME/0BNaNI2qKO+Wq1t659qkjDLcM0M1ts=,iv:Zrivs0x2RnKE01TaW+T4MPTqd19Xn2oHp7wm9fKbkfg=,tag:bUgeTEe6Wx7Uj27N5oyCdw==,type:str]
+    pgp:
+    -   created_at: '2022-11-14T12:57:34Z'
+        enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQGMA/6XL2lOyjutAQv/dH4ZxyPYpTm/LbSs2BrCeIb73Wtya5meghYFh2UqKlze
+            5SBZu86Zv0sDNXTqDGLfi4316PuanBeq/85WN3LuTSvg2Ht3YE67/AGRYTzH/XDJ
+            gl/UxcXj/ylOanwBCv/HpmL6e+Br0zxTw+16LWcgPP2ai6I7ual7q/C+f2lNuY3p
+            z9ZRLikQXjAwCJoTylsVvsmzRUqo2aZ+MRm2MPvDHViAYCylIzfUUw398Biw/HDz
+            2Ed1FkLsXzvRVmvu9xkh+h3yRbY35cZxlAvMill0gGfKDcj5gpKy9rWMFQaI4asc
+            NxYPg16sx/m/Era6NzYf/tNslVt9w2hL5KdbNtVfXPmFd14QamT0jMAJ9AvdVeCg
+            AFjNAq5yRzdTvdLfRNJPdSeDCpdlMq8y5RI64yCu3YAvECg0o8vHgSqgxjnX78Ub
+            tuvMT1NzTQiejZnYnc+ElKxzAus/fMNjpMTQTduki3hxnV3dsK5qdMz7jRWNFBsZ
+            gvAGQ6Ic4+LlSzMG8txF0l4BiBgK7szPUede1knySwwN475LtM1lUv2jz7NJCoEJ
+            JlU2UYTJhHizflO981o8r+ZUQBmi9vKftQKM4dzBLdv8IUbuQlGPXpBiV0A30wcL
+            AluAaS4c5JkcX05RhOlD
+            =6R08
+            -----END PGP MESSAGE-----
+        fp: 8963F045E474951F9FAB08801DBBA7A58A0FC87A
+    unencrypted_suffix: _unencrypted
+    version: 3.0.3
diff --git a/k8s/timeweb/templates/deployment.yaml b/k8s/timeweb/templates/deployment.yaml
index 0e126a6b2..dca3136a6 100644
--- a/k8s/timeweb/templates/deployment.yaml
+++ b/k8s/timeweb/templates/deployment.yaml
@@ -33,6 +33,12 @@ spec:
             {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: TEST_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: secrets
+                  key: mysupersecret
           ports:
             - name: http
               containerPort: 50000
diff --git a/k8s/timeweb/templates/secrets.yaml b/k8s/timeweb/templates/secrets.yaml
new file mode 100644
index 000000000..a040d95d6
--- /dev/null
+++ b/k8s/timeweb/templates/secrets.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secrets
+  labels:
+    {{- include "timeweb.labels" . | nindent 4 }}
+data:
+  mysupersecret: {{ .Values.mysupersecret | b64enc | quote }}
diff --git a/k8s/timeweb/values.yaml b/k8s/timeweb/values.yaml
index 3271d0d85..3a5ec4ed3 100644
--- a/k8s/timeweb/values.yaml
+++ b/k8s/timeweb/values.yaml
@@ -57,7 +57,14 @@ ingress:
   #    hosts:
   #      - chart-example.local
 
-resources: {}
+resources:
+  requests:
+    memory: "64Mi"
+    cpu: "250m"
+  limits:
+    memory: "128Mi"
+    cpu: "500m"
+
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
   # resources, such as Minikube. If you do want to specify resources, uncomment the following