Commit 8764bbb6 authored by Wim's avatar Wim

dod-docs

parents
Pipeline #2015 passed with stages
in 14 seconds
image: google/cloud-sdk:206.0.0-alpine
# All available Hugo versions are listed here: https://gitlab.com/pages/hugo/container_registry
# image: registry.gitlab.com/pages/hugo:latest
test-pages:
image: registry.gitlab.com/pages/hugo:latest
script:
- hugo
except:
- master
pages:
image: registry.gitlab.com/pages/hugo:latest
script:
- hugo
artifacts:
paths:
- public
only:
- master
FROM ubuntu:latest as builder
# install hugo
ENV HUGO_VERSION=0.44
ADD https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_Linux-64bit.tar.gz /tmp/
RUN tar -xf /tmp/hugo_${HUGO_VERSION}_Linux-64bit.tar.gz -C /usr/local/bin/
# install syntax highlighting
RUN apt-get update
RUN apt-get install -y python3-pygments
# build site
COPY . /source
RUN hugo --source=/source/ --destination=/public/
FROM nginx:stable-alpine
COPY --from=builder /public/ /usr/share/nginx/html/
EXPOSE 80
---
title: "{{ replace .Name "-" " " | title }}"
date: {{ .Date }}
draft: true
---
baseURL = "http://dod2019.pages.olindata.com/dod-docs"
languageCode = "en-us"
title = "KUBERNETES DEV - IT WORKS ON MY MACHINE"
theme = "hugo-theme-learn"
CanonifyUrls = true
metaDataFormat = "yaml"
defaultContentLanguageInSubdir = true
PygmentsCodeFences = true
[outputs]
home = [ "HTML", "RSS", "JSON" ]
[params]
editURL = "https://gitlab.olindata.com/dod2019/dod-docs/edit/master/content/"
author = ""
description = "KUBERNETES DEV - IT WORKS ON MY MACHINE"
showVisitedLinks = true
disableSearch = false
disableAssetsBusting = false
disableInlineCopyToClipBoard = false
disableShortcutsTitle = false
disableLanguageSwitchingButton = true
ordersectionsby = "weight"
themeVariant = "def"
---
title: "K8s dev - It works on my machine"
---
# Kubernetes dev - It works on my machine
## Quick Links
* [Minikube Docs](https://kubernetes.io/docs/setup/learning-environment/minikube/)
* [Minikube Github](https://github.com/kubernetes/minikube)
* [Minikube Cheatsheet](https://cheatsheet.dennyzhang.com/cheatsheet-minikube-a4)
* [Kubectl Cheatsheet](https://cheatsheet.dennyzhang.com/cheatsheet-kubernetes-A4)
* [Helm Cheatsheet]({{%relref "dev/helm-cheatsheet.md" %}})
![dods](https://devopsdays.org/events/2019-amsterdam/logo-square.jpg)
## Contribute to this documentation
Feel free to update this content, just click the **Edit this page** link displayed on top right of each page, and pullrequest it
## Documentation website
This current documentation has been statically generated with Hugo and Gitlab CI. Currently, [Hugo-theme-learn](http://github.com/matcornic/hugo-theme-learn) is used, which is a theme for [Hugo](https://gohugo.io/), and is **fully designed for documentation**.
This theme is a partial porting of the [Learn theme](http://learn.getgrav.org/) of [Grav](https://getgrav.org/), a modern flat-file CMS written in PHP.
---
title: Minikube Addons
weight: 20
chapter: true
pre: "<b>2. </b>"
---
# Minikube Addons
Using Minikube Addons
---
title: Addons
---
## Addons
Out of the box, minikube ships with a number of addons: common applications in
Kubernetes world.
minikube addons list
- addon-manager: enabled
- dashboard: enabled
- default-storageclass: enabled
- efk: disabled
- freshpod: disabled
- gvisor: disabled
- heapster: disabled
- ingress: enabled
- logviewer: enabled
- metrics-server: disabled
- nvidia-driver-installer: disabled
- nvidia-gpu-device-plugin: disabled
- registry: disabled
- registry-creds: disabled
- storage-provisioner: enabled
- storage-provisioner-gluster: disabled
Enabling an addon is very simple, yet some seem to require restarting minikube
VM:
minikube addons dashboard enable
## Highlighting a couple of addons
### NGINX Ingress
[Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) is
a K8s API object that manages external access to a service. Basically, its a
reverse proxy. [nginx-ingress](https://github.com/kubernetes/ingress-nginx) is a
popular "ingress controller".
minikube addons ingress enable
kubectl -n kube-system get pod -l app.kubernetes.io/name=nginx-ingress-controller
helm upgrade --install hackmd stable/hackmd --set ingress.enabled=true --set "ingress.hosts[0]=hackmd.192.168.39.98.xip.io"
kubectl get ing hackmd
curl hackmd.192.168.39.98.xip.io
In "real-life", NGINX Ingress works great with [cert-manager](https://github.com/jetstack/cert-manager) and [external-dns](https://github.com/kubernetes-incubator/external-dnshttps://github.com/kubernetes-incubator/external-dns), for automated SSL management and DNS configuration.
### Metrics Server
The [metrics
server](https://kubernetes.io/docs/tasks/debug-application-cluster/resource-metrics-pipeline/)
addon exposes resource usage, such as CPU and RAM utilization. These metrics can
be viewed with `kubectl top` for example, but its also required for the K8s
[Horizontal Pod
Autoscaler](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/).
Heapster has been deprecated in favor of Metrics Server.
minikube addons metrics-server enable
### Logging
EFK is ... ELK with [fluentd](https://www.fluentd.org/) instead of Logstash.
Enabling this addon deploys a complete EFK setup, and exposes Kibana via a
NodePort (so you can access it via `minikube service`). EFK requires quite a lof
of resources, an alternative is the lightweight `logviewer` addon. The
latter requires restarting of the minikube vm. After restarting, its available
via `minikube service`.
minikube addons efk enable
minikube addons logviewer enable
### Dashboard
[dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/)
enables the "official" kubernetes Web UI. It might be useful locally, however,
I'd suggest to disable the usage of the dashboard in production environments.
minikube addons dashboard enable
https://arstechnica.com/information-technology/2018/02/tesla-cloud-resources-are-hacked-to-run-cryptocurrency-mining-malware/
### Freshpod
[freshpod](https://github.com/GoogleCloudPlatform/freshpod) restarts your pod
after building a new version. Kind of like `skaffold`, but just 'watches' your
Dockerfile + its deployment on the cluster.
---
title: "101"
---
As [mentioned](https://devopsdays.org/events/2019-amsterdam/program/wim-bonthuis/), `minikube` and `kubectl` should have been installed.
If not, take care of that first. See [the official docs](https://kubernetes.io/docs/tasks/tools/install-minikube/).
## Minikube
Lets fire it up!
minikube start --cpus 2 --memory 6144 --vm-driver kvm2
😄 minikube v1.1.1 on linux (amd64)
🔥 Creating kvm2 VM (CPUs=2, Memory=6144MB, Disk=20000MB) ...
🐳 Configuring environment for Kubernetes v1.14.3 on Docker 18.09.6
🚜 Pulling images ...
🚀 Launching Kubernetes ...
⌛ Verifying: apiserver proxy etcd scheduler controller dns
🏄 Done! kubectl is now configured to use "minikube"
I'm using the
[KVM2](https://github.com/kubernetes/minikube/blob/master/docs/drivers.md#kvm2-driver) driver, which I suggest if you're using Linux. Other drivers are also available,
like VirtualBox, HyperV and Hyperkit. Take a look at https://github.com/kubernetes/minikube/blob/master/docs/drivers.md for more details.
And validate the machine:
minikube status
host: Running
kubelet: Running
apiserver: Running
kubectl: Correctly Configured: pointing to minikube-vm at 192.168.39.98
You could use some `minikube` commands in environment variables:
export mip=$(minikube ip)
ping $mip
PING 192.168.39.98 (192.168.39.98) 56(84) bytes of data.
64 bytes from 192.168.39.98: icmp_seq=1 ttl=64 time=0.542 ms
And launch a terminal into the virtual machine:
minikube ssh
$ uname -a
Linux minikube 4.15.0 #1 SMP Thu Jun 6 15:07:18 PDT 2019 x86_64 GNU/Linux
You can find exposed services as well:
minikube service list
|-------------|----------------------|----------------------------|
| NAMESPACE | NAME | URL |
|-------------|----------------------|----------------------------|
| default | kubernetes | No node port |
| kube-system | default-http-backend | http://192.168.39.98:30001 |
| kube-system | kube-dns | No node port |
|-------------|----------------------|----------------------------|
curl -vI $(minikube service default-http-backend --url -n kube-system)
..
* Connected to 192.168.39.98 (192.168.39.98) port 30001 (#0)
..
You might not see the `default-http-backend` service yet, we'll enable it later
anyways.
## Kubectl
Minikube is up and running! Now lets see if we can use `kubectl`: its command
line interface:
kubectl get nodes
NAME STATUS ROLES AGE VERSION
minikube Ready master 19m v1.14.3
Quick tip: pretty much everything can be abbreviated: `kubectl get nodes` ->
`kubectl get no`, or `kubectl get deploy` instead of `kubectl get deployments`.
Also, use TAB a lot: kubectl <TAB>:
kubectl
annotate attach cluster-info cordon describe exec
kustomize patch replace set version
api-resources auth completion cp diff
explain label plugin rollout taint wait
api-versions autoscale config create drain
expose logs port-forward run top
apply certificate convert delete edit get
options proxy scale uncordon
And add a verb, like `get`:
kubectl get
apiservices.apiregistration.k8s.io networkpolicies.extensions
certificatesigningrequests.certificates.k8s.io networkpolicies.networking.k8s.io
clusterrolebindings.rbac.authorization.k8s.io nodes
clusterroles.rbac.authorization.k8s.io persistentvolumeclaims
componentstatuses persistentvolumes
configmaps poddisruptionbudgets.policy
controllerrevisions.apps pods
cronjobs.batch podsecuritypolicies.extensions
csidrivers.storage.k8s.io podsecuritypolicies.policy
csinodes.storage.k8s.io podtemplates
customresourcedefinitions.apiextensions.k8s.io priorityclasses.scheduling.k8s.io
daemonsets.apps replicasets.apps
daemonsets.extensions replicasets.extensions
deployments.apps replicationcontrollers
deployments.extensions resourcequotas
endpoints rolebindings.rbac.authorization.k8s.io
events roles.rbac.authorization.k8s.io
events.events.k8s.io runtimeclasses.node.k8s.io
horizontalpodautoscalers.autoscaling secrets
ingresses.extensions serviceaccounts
ingresses.networking.k8s.io services
jobs.batch statefulsets.apps
leases.coordination.k8s.io storageclasses.storage.k8s.io
limitranges validatingwebhookconfigurations.admissionregistration.k8s.io
To see if every "system" pod has started, run `get po`:
kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-fb8b8dccf-29v87 1/1 Running 0 20m
coredns-fb8b8dccf-xqcxc 1/1 Running 0 20m
default-http-backend-6864bbb7db-fc5pn 1/1 Running 0 20m
etcd-minikube 1/1 Running 0 19m
kube-addon-manager-minikube 1/1 Running 0 19m
kube-apiserver-minikube 1/1 Running 0 19m
kube-controller-manager-minikube 1/1 Running 0 19m
kube-proxy-zcqlw 1/1 Running 0 20m
kube-scheduler-minikube 1/1 Running 0 19m
nginx-ingress-controller-586cdc477c-q7drs 1/1 Running 0 20m
storage-provisioner 1/1 Running 0 20m
`kubectl` works with contexts, which define to what k8s cluster you're talking
to:
kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* minikube minikube minikube
kubectl config current-context
minikube
kubectl config view --minify
apiVersion: v1
clusters:
- cluster:
certificate-authority: /home/wim/.minikube/ca.crt
server: https://192.168.39.98:8443
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /home/wim/.minikube/client.crt
client-key: /home/wim/.minikube/client.key
## Launch a pod real quick!
kubectl run --generator=run-pod/v1 echoserver --image=k8s.gcr.io/echoserver:1.10 --port=8080
kubectl expose deploy echoserver --type NodePort
curl $(minikube service echoserver --url)
Hostname: echoserver
Pod Information:
-no pod information available-
Server values:
server_version=nginx: 1.13.3 - lua: 10008
Request Information:
client_address=172.17.0.1
method=GET
real path=/
query=
request_version=1.1
request_scheme=http
request_uri=http://192.168.39.98:8080/
Request Headers:
accept=*/*
host=192.168.39.98:32324
user-agent=curl/7.65.1
Request Body:
-no body in request-
Before we clean it up, lets take a quick look at the two resources we've just
deployed:
kubectl get po,svc echoserver
NAME READY STATUS RESTARTS AGE
pod/echoserver 1/1 Running 0 2m25s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/echoserver NodePort 10.100.242.211 <none> 8080:32324/TCP 114s
Tip: try adding `-o yaml` to the previous command!
kubectl delete po,svc echoserver
pod "echoserver" deleted
service "echoserver" deleted
## Dashboard
minikube addons enable dashboard
✅ dashboard was successfully enabled
minikube dashboard
![dash](/images/dash.png)
Voila!
## Troubleshooting
_just crank up debugging!_
```
minikube start -v 9 --logtostderr
```
Or, use `kubectl describe`, `kubectl logs`, `kubectl exec`. `kubectl` is obviously a very useful
tool.
## DODWIMTOPTIP
For local kubernetes development, you'll be using `kubectl` _a lot_. There are a
number of tools to make your life a little easier:
* [shell autocompletion](https://kubernetes.io/docs/tasks/tools/install-kubectl/#enabling-shell-autocompletion)
* [kubectx: a kubectl context switcher](https://github.com/ahmetb/kubectx)
* [kubectl-aliases](https://github.com/ahmetb/kubectl-aliases)
* [zsh-kubectl-prompt](https://github.com/superbrothers/zsh-kubectl-prompt)
* [kubectl magic](https://gist.github.com/so0k/42313dbb3b547a0f51a547bb968696ba)
---
title: "201"
---
kubectl run -it --rm --restart=Never nslookup --image=busybox:1.28 nslookup kubernetes
kubectl run -it --rm --restart=Never wget --image alpine -- wget -qO- --timeout=2 http://echoserver:8080
nodeport vs clusterip (in minikube)
❯ kubectl expose pod echoserver --type NodePort
service/echoserver exposed
~/projects/private/demos/devopsdays/2019/minik8s/static dod2019*
❯ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
echoserver NodePort 10.98.106.115 <none> 8080:32386/TCP 3s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 64m
kubectl edit svc echoserver
minikube service echoserver --url w/ clusterip
minikube config set
kubectl run example
demo nip/xip
minikube profiles
minilube tunnel (?)
minikube logs
minikube -ho
eval $(minikube docker-env)
minikube ssh whoami
---
title: Minikube Getting started
weight: 10
chapter: true
pre: "<b>1. </b>"
---
## Bootstrapping Minikube
Start up a cluster and make sure both `minikube` and `kubectl` are working.
After that, we'll take a quick look at some basic/useful commands.
---
title: Minikube Development
weight: 30
chapter: true
pre: "<b>3. </b>"
---
# Minikube Development
Using `minikube` as a local development environment.
---
title: A Couple of Notes
---
## 100% Compatible?
While its possible to run/replicate most workloads with minikube, there are some
exceptions of course:
* service type loadbalancer -> This service type allocates an (external)
loadbalancer, where you're running Kubernetes
* ingress domains -> This seems obvious I guess?
Another notable resource are network policies: allow/deny access based on
labels. To test network policies with minikube, you need to install a policy
framework (forgot its name)!
## Kubectl
Try to get comfortable using `kubectl` for debugging purposes: