{ "k8s Ingress with TLS": { "prefix": "k-ingress-tls", "description": "k8s Ingress with TLS", "body": [ "# https://kubernetes.io/docs/concepts/services-networking/ingress/#tls", "apiVersion: v1", "kind: Secret", "metadata:", " name: ${1:testsecret-tls}", " namespace: ${2:default}", "type: kubernetes.io/tls", "# The TLS secret must contain keys named 'tls.crt' and 'tls.key' that contain the certificate and private key to use for TLS.", "data:", " tls.crt: base64 encoded cert", " tls.key: base64 encoded key", "", "---", "apiVersion: networking.k8s.io/v1", "kind: Ingress", "metadata:", " name: ${3:tls-example-ingress}", " namespace: ${2:default}", "spec:", " tls:", " - hosts:", " - ${4:https-example.foo.com}", " secretName: ${1:testsecret-tls}", " rules:", " - host: ${4:https-example.foo.com}", " http:", " paths:", " - path: /${5}", " pathType: Prefix", " backend:", " service:", " name: ${6:service1}", " port:", " number: ${7:80}", "---", "$0" ] }, "k8s Ingress": { "prefix": "k-ingress", "description": "k8s Ingress", "body": [ "# https://kubernetes.io/docs/concepts/services-networking/ingress/", "apiVersion: networking.k8s.io/v1", "kind: Ingress", "metadata:", " name: ${1:example-ingress}", " namespace: ${2:default}", "spec:", " rules:", " - host: ${3:example.foo.com}", " http:", " paths:", " - path: /${4}", " pathType: ${5|Prefix,Exact|}", " backend:", " service:", " name: ${6:service1}", " port:", " number: ${7:80}", "---", "$0" ] }, "k8s Ingress with Rewrite rule": { "prefix": "k-ingress-rewrite", "description": "k8s Ingress with Rewrite rule", "body": [ "# https://kubernetes.io/docs/concepts/services-networking/ingress/", "apiVersion: networking.k8s.io/v1", "kind: Ingress", "metadata:", " name: ${1:example-ingress}", " namespace: ${2:default}", " # https://kubernetes.github.io/ingress-nginx/examples/rewrite/", " annotations:", " nginx.ingress.kubernetes.io/rewrite-target: /\\$1", "spec:", " rules:", " - host: ${3:example.foo.com}", " http:", " paths:", " - path: ${4:/api/(.*)}", " pathType: Prefix", " backend:", " service:", " name: ${5:service1}", " port:", " number: ${6:80}", "---", "$0" ] }, "k8s Deployment": { "prefix": "k-deploymment", "description": "k8s Deployment", "body": [ "# https://kubernetes.io/docs/concepts/workloads/controllers/deployment/", "apiVersion: apps/v1", "kind: Deployment", "metadata:", " name: ${1:myjob}", " namespace: ${2:default}", " labels:", " app: ${1:myjob}", "spec:", " selector:", " matchLabels:", " app: ${1:myjob}", " replicas: 1", " strategy:", " rollingUpdate:", " maxSurge: 25%", " maxUnavailable: 25%", " type: RollingUpdate", " template:", " metadata:", " labels:", " app: ${1:myjob}", " spec:", " # initContainers:", " # Init containers are exactly like regular containers, except:", " # - Init containers always run to completion.", " # - Each init container must complete successfully before the next one starts.", " containers:", " - name: ${1:myjob}", " image: ${3:myjob:latest}", " imagePullPolicy: ${4|IfNotPresent,Always,Never|}", " resources:", " requests:", " cpu: 100m", " memory: 100Mi", " limits:", " cpu: 100m", " memory: 100Mi", " livenessProbe:", " tcpSocket:", " port: ${5:80}", " initialDelaySeconds: 5", " timeoutSeconds: 5", " successThreshold: 1", " failureThreshold: 3", " periodSeconds: 10", " readinessProbe:", " httpGet:", " path: /_status/healthz", " port: ${5:80}", " initialDelaySeconds: 5", " timeoutSeconds: 2", " successThreshold: 1", " failureThreshold: 3", " periodSeconds: 10", " env:", " - name: ACCEPT_EULA", " value: \"Y\"", " - name: DB_HOST", " valueFrom:", " configMapKeyRef:", " name: ${1:myjob}", " key: DB_HOST", " - name: DB_HOST", " valueFrom:", " secretKeyRef:", " name: ${1:mysecret}", " key: MSSQL_SA_PASSWORD", " ports:", " - containerPort: ${5:80}", " name: ${1:myjob}", " volumeMounts:", " - name: localtime", " mountPath: /etc/localtime", " volumes:", " - name: localtime", " hostPath:", " path: /usr/share/zoneinfo/Asia/Taipei", " restartPolicy: Always", "---", "$0" ] }, "k8s Service": { "prefix": "k-service", "description": "k8s Service", "body": [ "# https://kubernetes.io/docs/concepts/services-networking/service/", "apiVersion: v1", "kind: Service", "metadata:", " name: ${1:myjob}", " namespace: ${2:default}", "spec:", " selector:", " app: ${1:myjob}", " type: ${3|ClusterIP,NodePort,LoadBalancer|}", " ports:", " - name: ${1:myjob}", " protocol: ${4|TCP,UDP|}", " port: ${5:80}", " targetPort: ${6:5000}", " nodePort: ${7:30001}", "---", "$0" ] }, "k8s ConfigMap": { "prefix": "k-configmap", "description": "k8s ConfigMap", "body": [ "# https://kubernetes.io/docs/concepts/configuration/configmap/", "kind: ConfigMap", "apiVersion: v1", "metadata:", " name: ${1:myconfig}", " namespace: ${2:default}", "data:", " ${3:key}: ${4:value}", "---", "$0" ] }, "k8s Secret": { "prefix": "k-secret", "description": "k8s Secret", "body": [ "# https://kubernetes.io/docs/concepts/configuration/secret/", "apiVersion: v1", "kind: Secret", "metadata:", " name: ${1:mysecret}", " namespace: ${2:default}", "type: ${3|Opaque,kubernetes.io/dockerconfigjson,kubernetes.io/dockercfg,kubernetes.io/basic-auth,kubernetes.io/ssh-auth,kubernetes.io/tls,kubernetes.io/service-account-token,bootstrap.kubernetes.io/token|}", "data:", " # Example:", " # password: {{ .Values.password | b64enc }}", "# stringData:", "# username: admin # required field for kubernetes.io/basic-auth", "# password: t0p-Secret # required field for kubernetes.io/basic-auth", "# immutable: true", "---", "$0" ] }, "k8s Job": { "prefix": "k-job", "description": "k8s Job", "body": [ "# https://kubernetes.io/docs/concepts/workloads/controllers/job/", "apiVersion: batch/v1", "kind: Job", "metadata:", " name: ${1:myjob}", " namespace: ${2:default}", " labels:", " app: ${1:myjob}", "spec:", " template:", " metadata:", " name: ${1:myjob}", " labels:", " app: ${1:myjob}", " spec:", " containers:", " - name: ${1:myjob}", " image: ${3:python:3.7.6-alpine3.10}", " command: ['sh', '-c', '${4:python3 manage.py makemigrations && python3 manage.py migrate}']", " env:", " - name: ENV_NAME", " value: ENV_VALUE", " volumeMounts:", " - name: localtime", " mountPath: /etc/localtime", " volumes:", " - name: localtime", " hostPath:", " path: /usr/share/zoneinfo/Asia/Taipei", " restartPolicy: OnFailure", " dnsPolicy: ClusterFirst", "---", "$0" ] }, "k8s CronJob": { "prefix": "k-cronjob", "description": "k8s CronJob", "body": [ "# https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/", "apiVersion: batch/v1beta1", "kind: CronJob", "metadata:", " name: ${1:cronjobname}", " namespace: ${2:default}", "spec:", " schedule: \"${3:*/1 * * * *}\"", " jobTemplate:", " spec:", " template:", " spec:", " containers:", " - name: ${4:jobname}", " image: ${5:busybox}", " args: ['/bin/sh', '-c', '${6:date; echo Hello from the Kubernetes cluster}']", " restartPolicy: OnFailure", "---", "$0" ] }, "k8s Pod": { "prefix": "k-pod", "description": "k8s Pod", "body": [ "# https://kubernetes.io/docs/concepts/workloads/pods/", "apiVersion: v1", "kind: Pod", "metadata:", " name: \"${1:myapp}\"", " namespace: ${2:default}", " labels:", " app: \"${1:myapp}\"", "spec:", " containers:", " - name: ${1:myapp}", " image: \"${3:debian-slim:latest}\"", " resources:", " limits:", " cpu: 200m", " memory: 500Mi", " requests:", " cpu: 100m", " memory: 200Mi", " env:", " - name: DB_HOST", " valueFrom:", " configMapKeyRef:", " name: myapp", " key: DB_HOST", " ports:", " - containerPort: ${4:80}", " name: http", " volumeMounts:", " - name: localtime", " mountPath: /etc/localtime", " volumes:", " - name: localtime", " hostPath:", " path: /usr/share/zoneinfo/Asia/Taipei", " restartPolicy: Always", "---", "$0" ] }, "k8s PersistentVolumeClaim": { "prefix": "k-pvc", "description": "k8s PersistentVolumeClaim", "body": [ "# https://kubernetes.io/docs/concepts/storage/persistent-volumes/", "apiVersion: v1", "kind: PersistentVolumeClaim", "metadata:", " name: ${1:myapp}", " namespace: ${2:default}", " labels:", " app: ${1:myapp}", "spec:", " # AKS: default,managed-premium", " # GKE: standard", " # EKS: gp2 (custom)", " # Rook: rook-ceph-block,rook-ceph-fs", " storageClassName: ${3|default,managed-premium,standard,gp2,rook-ceph-block,rook-ceph-fs|}", " accessModes:", " - ${4|ReadWriteOnce,ReadWriteMany,ReadOnlyMany|}", " resources:", " requests:", " storage: ${5:2Gi}", "---", "$0" ] }, "k8s DaemonSet": { "prefix": "k-daemonset", "description": "k8s DaemonSet", "body": [ "# https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/", "apiVersion: apps/v1", "kind: DaemonSet", "metadata:", " name: ${1:myapp}", " namespace: ${2:default}", " labels:", " app: ${1:myapp}", "spec:", " selector:", " matchLabels:", " app: ${1:myapp}", " template:", " metadata:", " labels:", " app: ${1:myapp}", " spec:", " tolerations:", " # this toleration is to have the daemonset runnable on master nodes", " # remove it if your masters can't run pods", " - key: node-role.kubernetes.io/master", " effect: NoSchedule", " containers:", " - name: ${1:myapp}", " image: ${3:debian}", " resources:", " limits:", " memory: 200Mi", " requests:", " cpu: 100m", " memory: 200Mi", " volumeMounts:", " - name: localtime", " mountPath: /etc/localtime", " terminationGracePeriodSeconds: 30", " volumes:", " - name: localtime", " hostPath:", " path: /usr/share/zoneinfo/Asia/Taipei", "---", "$0" ] }, "k8s StatefulSet": { "prefix": "k-statefulset", "description": "k8s StatefulSet", "body": [ "# https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/", "apiVersion: apps/v1", "kind: StatefulSet", "metadata:", " name: ${1:myapp}", " namespace: ${2:default}", "spec:", " selector:", " matchLabels:", " app: ${1:myapp} # has to match .spec.template.metadata.labels", " serviceName: \"${1:myapp}\"", " replicas: ${3:3} # by default is 1", " template:", " metadata:", " labels:", " app: ${1:myapp} # has to match .spec.selector.matchLabels", " spec:", " terminationGracePeriodSeconds: 10", " containers:", " - name: ${1:myapp}", " image: ${4:${1:myapp}-slim:1.16.1}", " ports:", " - containerPort: ${5:80}", " name: ${1:myapp}", " volumeMounts:", " - name: ${6:www}", " mountPath: /usr/share/nginx/html", " volumeClaimTemplates:", " - metadata:", " name: ${6:www}", " spec:", " storageClassName: ${7:my-storage-class}", " accessModes:", " - ${8|ReadWriteOnce,ReadWriteMany,ReadOnlyMany|}", " resources:", " requests:", " storage: ${9:1Gi}", "---", "$0" ] }, "k8s NetworkPolicy": { "prefix": "k-networkpolicy", "description": "k8s NetworkPolicy", "body": [ "# https://kubernetes.io/docs/concepts/services-networking/network-policies/", "apiVersion: networking.k8s.io/v1", "kind: NetworkPolicy", "metadata:", " name: ${1:mypolicy}", " namespace: ${2:default}", "spec:", " podSelector:", " matchLabels:", " app: ${1:myapp}", " policyTypes:", " - Ingress", " ingress:", " - from:", " - podSelector:", " matchLabels:", " ${3:access}: ${4:granted}", " ports:", " - protocol: TCP", " port: ${5:8080}", "---", "$0" ] }, "k8s Role": { "prefix": "k-role", "description": "k8s Role", "body": [ "# https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "apiVersion: rbac.authorization.k8s.io/v1", "kind: Role", "metadata:", " name: ${1:role}", " namespace: ${2:default}", "rules:", "- apiGroups: [${3:\"\"}] # \"\" indicates the core API group", " resources: [${4:\"pods\"}]", " verbs: [${5:\"get\", \"watch\", \"list\"}]", "---", "$0" ] }, "k8s ClusterRole": { "prefix": "k-clusterrole", "description": "k8s ClusterRole", "body": [ "# https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "apiVersion: rbac.authorization.k8s.io/v1", "kind: ClusterRole", "metadata:", " name: ${1:clusterrole}", "rules:", "- apiGroups: [${3:\"\"}] # \"\" indicates the core API group", " resources: [${4:\"secrets\"}]", " verbs: [${5:\"get\", \"watch\", \"list\"}]", "---", "$0" ] }, "k8s RoleBinding": { "prefix": "k-rolebinding", "description": "k8s RoleBinding", "body": [ "# https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "apiVersion: rbac.authorization.k8s.io/v1", "kind: RoleBinding", "metadata:", " name: ${1:rolebinding}", " namespace: ${2:default}", "subjects:", "- kind: ${3|User,Group,ServiceAccount|}", " name: ${4:name} # Name is case sensitive", " apiGroup: rbac.authorization.k8s.io", "roleRef:", " kind: ${5:Role}", " name: ${6:RoleName}", " apiGroup: rbac.authorization.k8s.io", "---", "$0" ] }, "k8s ClusterRoleBinding": { "prefix": "k-clusterrolebinding", "description": "k8s ClusterRoleBinding", "body": [ "# https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "apiVersion: rbac.authorization.k8s.io/v1", "kind: ClusterRoleBinding", "metadata:", " name: ${1:clusterrolebinding}", "subjects:", "- kind: ${2|User,Group,ServiceAccount|}", " name: ${3:name} # Name is case sensitive", " apiGroup: rbac.authorization.k8s.io", "roleRef:", " kind: ${4:ClusterRole}", " name: ${5:RoleName}", " apiGroup: rbac.authorization.k8s.io", "---", "$0" ] }, "k8s ServiceAccount": { "prefix": "k-serviceaccount", "description": "k8s ServiceAccount", "body": [ "# https://kubernetes.io/docs/reference/access-authn-authz/rbac/", "apiVersion: rbac.authorization.k8s.io/v1", "kind: ServiceAccount", "metadata:", " name: ${1:serviceaccount}", " namespace: ${2:default}", "---", "$0" ] }, "k8s ServiceAccount-ImagePullSecrets": { "prefix": "k-serviceaccount-imagepullsecrets", "description": "k8s ServiceAccount with ImagePullSecrets", "body": [ "# https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account", "apiVersion: rbac.authorization.k8s.io/v1", "kind: ServiceAccount", "metadata:", " name: ${1:serviceaccount}", " namespace: ${2:default}", "imagePullSecrets:", " - name: ${3:myregistrykey}", "---", "$0" ] } }