def basic_vault_agent_architecture(): with Diagram(name="Vault Agent Architecture", show=False, direction="LR"): with Cluster("Control Plane"): apiserver = APIServer() with Cluster("Vault"): svc = Service(":8200") certs_secret = Secret("Certs Secret") vault_configmap = ConfigMap("Vault Config") vault = Vault("Vault") file_backend = PV("Encrypted Store") vault >> file_backend vault >> Edge() << svc vault << certs_secret vault << vault_configmap with Cluster("Secure Pod"): vault_agent = Custom("Vault Agent", crio_icon) vault_init_agent = Custom("Init Vault Agent", crio_icon) manual = [vault_init_agent, vault_agent] app_container = Custom("App", crio_icon) inMemory = Vol("In Memory") manual >> inMemory app_container << inMemory manual << svc << manual >> Edge() << app_container apiserver >> Edge() << vault
super(Vault, self).__init__(label, './img/vault.png') class ExternalSecrets(Custom): def __init__(self, label): super(ExternalSecrets, self).__init__(label, './img/external-secrets.png') with Diagram("Secret Management Flow", graph_attr=graph_attr, outformat="jpg", show=False): init_script = Python("vault_init.py") init_secrets = Secret('Kubernetes secrets') with Cluster("External-secrets components") as external_secrets_cluster: external_service_account = ServiceAccount('Service account') external_secrets = ExternalSecrets("Secret workers") external_secrets_manifests = Secret('External secrets') external_secrets << external_secrets_manifests external_secrets << external_service_account with Cluster("Vault components") as vault_cluster: vault = Vault('vault') vault_init_secrets = Secret('vault-init-secrets') init_script >> vault >> external_secrets >> init_secrets
} with Diagram("Setup a blog on k3s", show=False, graph_attr=graph_attr, node_attr=node_attr, direction="TB"): users = Users("Users") with Cluster("LetsEncrypt API Servers", graph_attr=graph_attr): letsencrypt = LetsEncrypt("LE SSL Certificate") with Cluster("BareMetal Server", graph_attr=graph_attr): with Cluster("K8S Cluster", graph_attr=graph_attr): with Cluster("NS Cert-Manager", graph_attr=graph_attr): certificate_request = CertManager("mywebsite.com") with Cluster("NS www", graph_attr=graph_attr): website_secret = Secret("mywebsite.com") with Cluster("Ingress", graph_attr=graph_attr): ingress = Ingress("https") with Cluster("Pods", graph_attr=graph_attr): pod = Pod('website') with Cluster("Deployment", graph_attr=graph_attr): pod_deploy = Deployment("website") with Cluster("RS", graph_attr=graph_attr): pod_rs = RS("website") letsencrypt >> website_secret >> ingress certificate_request >> letsencrypt users >> ingress >> pod pod_rs >> pod
from diagrams.onprem.network import Internet from diagrams.onprem.network import Internet from diagrams.k8s.compute import Deploy from diagrams.k8s.network import Ingress from diagrams.k8s.podconfig import Secret from diagrams.k8s.podconfig import ConfigMap with Diagram("kubernetes deployment nodejs postgresql ingress", show=False): with Cluster("Kubernetes Components"): with Cluster("Services"): service_internal_node = Service("Internal Node Service") service_internal_postgres = Service("Internal Postgres Service") with Cluster("Ingress"): ingress = Ingress("Ingress") with Cluster("Pods"): postgresql = Pod("Postgresql") nodejs = Pod("Nodejs") with Cluster("configuration"): deployment = Deploy("Deployment") configmap = ConfigMap("ConfigMap") secret = Secret("Secret") deployment >> secret deployment >> configmap deployment >> Edge(label="defines") >> service_internal_node deployment >> Edge(label="defines") >> service_internal_postgres nodejs >> service_internal_postgres >> postgresql inet = Internet("Internet") inet >> ingress >> service_internal_node >> nodejs
} with Diagram("Deployments",outformat="svg",filename="deployments_prow",show=True, graph_attr=diagram_attrib,node_attr=node_attrib,edge_attr=edge_attrib,direction="TB"): with Cluster("Deployments",graph_attr={"fontsize": "67"}): ing_chartmuseum = Nginx("Ingress") #ing_deck = Nginx("deck") #ing_hook = Nginx("hook") #ing_crier = Nginx("crier") with Cluster("Registries",graph_attr={"fontsize": "47"}): with Cluster("Nexus"): svc_nexus = custom.Custom("Nexus","assets/img/logos/logo_nexus.png") pod_nexus = Pod("nexus") secret_nexus = Secret("nexus") token_nexus = Secret("default-token") sa_nexus = ServiceAccount("default") data_volume = PVC("nexus-data-volume") config_volume_nexus = PV("nexus") configmap_nexus = ConfigMap("nexus") pod_nexus - Edge(color="gray", style="dashed") - secret_nexus - Edge(color="gray", style="dashed") - token_nexus - Edge(color="gray", style="dashed") - sa_nexus pod_nexus - Edge(color="gray", style="dashed") - config_volume_nexus svc_nexus >> pod_nexus with Cluster("Chartmusem"): svc_chartmuseum = custom.Custom("Chartmuseum","assets/img/logos/logo_chartmuseum.png") pod = Pod("chartmuseum")
from diagrams import Cluster, Diagram, Edge from diagrams.k8s.compute import Deployment, Pod from diagrams.k8s.controlplane import API from diagrams.k8s.group import NS from diagrams.k8s.podconfig import Secret from diagrams.oci.compute import OCIR with Diagram("regcred-injector", show=True): api = API("Control Plane") ocir = OCIR("DockerHub") injector = None with Cluster("kube-system"): injector = Deployment("regcred-injector") secret = Secret("Credential/Certs") api << Edge(label="1 mutate webhook") << injector << Edge( label="4 return mutated response") << api injector >> Edge(label="2 fetch credential") >> secret with Cluster("default"): pod = Pod("new-pod") secret = Secret("regcred") api >> Edge(label="5 create pod") >> pod >> Edge( label="6 use registry credential") >> secret injector >> Edge(label="3 create registry credential") >> secret pod >> Edge(label="7 authenticated pull") >> ocir
app_lb_int = LoadBalancing("App LB (TCP/internal)") app_ingress_ext = Ingress("App Ingress (external)") app_fw = FirewallRules("Firewall") with Cluster("GKE"): with Cluster("App Namespace"): # Resources app_dep = Deployment("App Deployment") app_rs = ReplicaSet("App ReplicaSet") app_replica_set_count = 3 app_pods = [ Pod("App Pod") for pod in range(0, app_replica_set_count, 1) ] app_secret = Secret( "App Secret\n(contains DB credentials & host)") app_svc_ext = Service("App Service (external)") app_svc_int = Service("App Service (internal)") # Relationships app_dep >> app_rs >> app_pods << app_svc_ext << app_ingress_ext << app_lb_ext << app_fw # app_pods << app_svc_int << app_lb_int << app_fw app_secret << app_dep with Cluster("DB Namespace"): # Pgpool # Resources pgpool_dep = Deployment("Pgpool Deployment") pgpool_rs = ReplicaSet("Pgpool ReplicaSet") pgpool_replica_set_count = 1 pgpool_pods = [
node_attr=node_attrib, edge_attr=edge_attrib, direction="TB"): with Cluster("Deployments", graph_attr={"fontsize": "67"}): ing_chartmuseum = Nginx("Ingress") #ing_deck = Nginx("deck") #ing_hook = Nginx("hook") #ing_crier = Nginx("crier") with Cluster("Registries", graph_attr={"fontsize": "47"}): with Cluster("Nexus"): svc_nexus = custom.Custom("Nexus", "assets/img/logos/logo_nexus.png") pod_nexus = Pod("nexus") secret_nexus = Secret("nexus") token_nexus = Secret("default-token") sa_nexus = ServiceAccount("default") data_volume = PVC("nexus-data-volume") config_volume_nexus = PV("nexus") configmap_nexus = ConfigMap("nexus") pod_nexus - Edge( color="gray", style="dashed") - secret_nexus - Edge( color="gray", style="dashed") - token_nexus - Edge( color="gray", style="dashed") - sa_nexus pod_nexus - Edge(color="gray", style="dashed") - config_volume_nexus svc_nexus >> pod_nexus
from diagrams.custom import Custom from diagrams.k8s.compute import Pod from diagrams.k8s.network import Service from diagrams.k8s.podconfig import Secret, ConfigMap from diagrams.oci.compute import Container from diagrams.onprem.container import Docker from diagrams.onprem.network import Gunicorn from diagrams.programming.framework import Flask with Diagram("Lorem Ipsum Cloud Native Books Service", show=True, filename='lorem_ipsum_cloud_native_books_service'): with Cluster("Kube"): svc = Service('svc') pod = Pod('pod') secrets = Secret('secrets') cm = ConfigMap('cm') with Cluster('Runtime'): stats = Custom('stats', './resources/statsd.png') app = Container('app') statsd = Container('statsd') docker = Docker('') web = Flask('web') wsgi = Gunicorn('wsgi') app >> Edge(label='runs_on') >> docker app >> Edge(label='runs') >> [wsgi] app >> Edge(label='uses') >> [web] wsgi >> stats svc >> pod >> [app, statsd] pod << [secrets, cm]