· 6 years ago · Dec 17, 2019, 09:36 AM
1********************************************************************
2 Lab11 Manage Probes
3********************************************************************
4A Probe is a diagnostic performed periodically by the kubelet on a Container. To perform a diagnostic, the kubelet calls a Handler implemented by the Container. There are three types of handlers:
5
6ExecAction: Executes a specified command inside the Container. The diagnostic is considered successful if the command exits with a status code of 0.
7
8TCPSocketAction: Performs a TCP check against the Container’s IP address on a specified port. The diagnostic is considered successful if the port is open.
9
10HTTPGetAction: Performs an HTTP Get request against the Container’s IP address on a specified port and path. The diagnostic is considered successful if the response has a status code greater than or equal to 200 and less than 400.
11
12Each probe has one of three results:
13
14Success: The Container passed the diagnostic.
15Failure: The Container failed the diagnostic.
16Unknown: The diagnostic failed, so no action should be taken.
17
181-livenessProbe
19Indicates whether the Container is running. If the liveness probe fails, the kubelet kills the Container, and the Container is subjected to its restart policy. If a Container does not provide a liveness probe, the default state is Success.
20
21$ cat exec-liveness.yaml
22apiVersion: v1
23kind: Pod
24metadata:
25 labels:
26 test: liveness
27 name: liveness-exec
28spec:
29 containers:
30 - name: liveness
31 image: k8s.gcr.io/busybox
32 args:
33 - /bin/sh
34 - -c
35 - touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy; sleep 600
36 livenessProbe:
37 exec:
38 command:
39 - cat
40 - /tmp/healthy
41 initialDelaySeconds: 5
42 periodSeconds: 5
43
44--> The periodSeconds field specifies that the kubelet should perform a liveness probe every 5 seconds.
45--> The initialDelaySeconds field tells the kubelet that it should wait 5 second before performing the first probe.
46
47$ kubectl apply -f exec-liveness.yaml
48$ kubectl describe pod liveness-exec
49Events:
50 Type Reason Age From Message
51 ---- ------ ---- ---- -------
52 Normal Scheduled 8s default-scheduler Successfully assigned default/live ness-exec to node2-ib
53 Normal Pulling 7s kubelet, node2-ib Pulling image "k8s.gcr.io/busybox"
54 Normal Pulled 5s kubelet, node2-ib Successfully pulled image "k8s.gcr .io/busybox"
55 Normal Created 5s kubelet, node2-ib Created container liveness
56 Normal Started 5s kubelet, node2-ib Started container liveness
57
58--> Within 30 seconds, view the Pod events:
59
60Events:
61 Type Reason Age From Message
62 ---- ------ ---- ---- -------
63 Normal Scheduled 38s default-scheduler Successfully assigned default/liv eness-exec to node2-ib
64 Normal Pulling 37s kubelet, node2-ib Pulling image "k8s.gcr.io/busybox "
65 Normal Pulled 35s kubelet, node2-ib Successfully pulled image "k8s.gc r.io/busybox"
66 Normal Created 35s kubelet, node2-ib Created container liveness
67 Normal Started 35s kubelet, node2-ib Started container liveness
68 Warning Unhealthy 3s kubelet, node2-ib Liveness probe failed: cat: can't open '/tmp/healthy': No such file or directory
69
70$ kubectl describe pod liveness-exec
71
72--> After 35 seconds, view the Pod events again:
73
74Events:
75 Type Reason Age From Message
76 ---- ------ ---- ---- -------
77 Normal Scheduled 38s default-scheduler Successfully assigned default/liv eness-exec to node2-ib
78 Normal Pulling 37s kubelet, node2-ib Pulling image "k8s.gcr.io/busybox "
79 Normal Pulled 35s kubelet, node2-ib Successfully pulled image "k8s.gc r.io/busybox"
80 Normal Created 35s kubelet, node2-ib Created container liveness
81 Normal Started 35s kubelet, node2-ib Started container liveness
82 Warning Unhealthy 3s kubelet, node2-ib Liveness probe failed: cat: can't open '/tmp/healthy': No such file or directory
83
84$ kubectl describe pod liveness-exec
85
86Events:
87 Type Reason Age From Message
88 ---- ------ ---- ---- -------
89 Normal Scheduled 60s default-scheduler Successfully assigne d default/liveness-exec to node2-ib
90 Normal Pulling 59s kubelet, node2-ib Pulling image "k8s.g cr.io/busybox"
91 Normal Pulled 57s kubelet, node2-ib Successfully pulled image "k8s.gcr.io/busybox"
92 Normal Created 57s kubelet, node2-ib Created container li veness
93 Normal Started 57s kubelet, node2-ib Started container li veness
94 Warning Unhealthy 15s (x3 over 25s) kubelet, node2-ib Liveness probe faile d: cat: can't open '/tmp/healthy': No such file or directory
95 Normal Killing 15s kubelet, node2-ib Container liveness f ailed liveness probe, will be restarted
96
97-->Wait another 30 seconds, and verify that the Container has been restarted:
98
99$ kubectl get pod liveness-exec
100
101Events:
102 Type Reason Age From Message
103 ---- ------ ---- ---- -------
104 Normal Scheduled 76s default-scheduler Successfully assigne d default/liveness-exec to node2-ib
105 Normal Started 73s kubelet, node2-ib Started container li veness
106 Warning Unhealthy 31s (x3 over 41s) kubelet, node2-ib Liveness probe faile d: cat: can't open '/tmp/healthy': No such file or directory
107 Normal Killing 31s kubelet, node2-ib Container liveness f ailed liveness probe, will be restarted
108 Normal Pulling 1s (x2 over 75s) kubelet, node2-ib Pulling image "k8s.g cr.io/busybox"
109 Normal Pulled 0s (x2 over 73s) kubelet, node2-ib Successfully pulled image "k8s.gcr.io/busybox"
110 Normal Created 0s (x2 over 73s) kubelet, node2-ib Created container li veness
111
112$ kubectl get pod liveness-exec
113
114Events:
115 Type Reason Age From Message
116 ---- ------ ---- ---- -------
117 Normal Scheduled 80s default-scheduler Successfully assigne d default/liveness-exec to node2-ib
118 Warning Unhealthy 35s (x3 over 45s) kubelet, node2-ib Liveness probe faile d: cat: can't open '/tmp/healthy': No such file or directory
119 Normal Killing 35s kubelet, node2-ib Container liveness f ailed liveness probe, will be restarted
120 Normal Pulling 5s (x2 over 79s) kubelet, node2-ib Pulling image "k8s.g cr.io/busybox"
121 Normal Pulled 4s (x2 over 77s) kubelet, node2-ib Successfully pulled image "k8s.gcr.io/busybox"
122 Normal Created 4s (x2 over 77s) kubelet, node2-ib Created container li veness
123 Normal Started 4s (x2 over 77s) kubelet, node2-ib Started container li veness
124
125
126
1272-readinessProbe
128
129Indicates whether the Container is ready to service requests. If the readiness probe fails, the endpoints controller removes the Pod’s IP address from the endpoints of all Services that match the Pod. The default state of readiness before the initial delay is Failure. If a Container does not provide a readiness probe, the default state is Success.
130
131$ cat exec-readiness.yaml
132apiVersion: v1
133kind: Pod
134metadata:
135 labels:
136 test: readiness
137 name: readiness-exec
138spec:
139 containers:
140 - name: readiness
141 image: nginx
142 readinessProbe:
143 exec:
144 command:
145 - cat
146 - /var/ready
147 initialDelaySeconds: 5
148 periodSeconds: 5
149
150$ kubectl apply -f exec-readiness.yaml
151
152-->View the Pod status
153
154$ kubectl get pod readiness-exec
155NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
156readiness-exec 0/1 Running 0 111s 10.44.0.6 node1 <none> <none>
157
158$ kubectl describe pod readiness-exec
159Events:
160 Type Reason Age From Message
161 ---- ------ ---- ---- -------
162 Normal Scheduled 90s default-scheduler Successfully assigned default/readiness-exec to node1
163 Normal Pulling 89s kubelet, node1 Pulling image "nginx"
164 Normal Pulled 87s kubelet, node1 Successfully pulled image "nginx"
165 Normal Created 87s kubelet, node1 Created container readiness
166 Normal Started 87s kubelet, node1 Started container readiness
167 Warning Unhealthy 3s (x16 over 78s) kubelet, node1 Readiness probe failed: cat: /var/ready: No such file or directory
168
169
170-->Try to create the /var/ready file
171
172$ kubectl exec readiness-exec -- touch /var/ready
173
174-->View the Pod status again
175
176$ kubectl get pod readiness-exec
177
178NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
179readiness-exec 1/1 Running 0 3m11s 10.44.0.6 node1 <none> <none>
180
181
182********************************************************************
183 Lab12 Manage Helm (The Package Manager for Kubernetes )
184********************************************************************
185
186Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
187https://helm.sh/
188
1891-Install And Configure Helm And Tiller
190Helm is composed of two parts: Helm (the client) and Tiller (the server). Follow the steps below to complete both Helm and Tiller installation and create the necessary Kubernetes objects to make Helm work with Role-Based Access Control (RBAC):
191
192To install Helm, run the following commands on master node:
193
194$ curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get > get_helm.sh
195$ chmod 700 get_helm.sh
196$ ./get_helm.sh
197Downloading https://kubernetes-helm.storage.googleapis.com/helm-v2.14.0-linux-amd64.tar.gz
198Preparing to install helm and tiller into /usr/local/bin
199helm installed into /usr/local/bin/helm
200tiller installed into /usr/local/bin/tiller
201Run 'helm init' to configure helm.
202
2032-Create a ClusterRole configuration file with the content below. In this example, it is named clusterrole.yaml (Only when using Minicube cluster)
204$ cat clusterrole.yaml
205apiVersion: rbac.authorization.k8s.io/v1
206kind: ClusterRole
207metadata:
208 annotations:
209 rbac.authorization.kubernetes.io/autoupdate: "true"
210 labels:
211 kubernetes.io/bootstrapping: rbac-defaults
212 name: cluster-admin
213rules:
214- apiGroups:
215 - '*'
216 resources:
217 - '*'
218 verbs:
219 - '*'
220- nonResourceURLs:
221 - '*'
222 verbs:
223 - '*'
224
225$ kubectl get clusterrole
226$ kubectl create -f clusterrole.yaml
227
2283-create a ServiceAccount and associate it with the ClusterRole, use a ClusterRoleBinding, as below:
229
230$ kubectl create serviceaccount -n kube-system tiller
231serviceaccount/tiller created
232
233$ kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
234clusterrolebinding.rbac.authorization.k8s.io/tiller-cluster-rule created
235
2364-Initialize Helm as shown below:
237
238$ helm init --service-account tiller
239Creating /home/vagrant/.helm
240Creating /home/vagrant/.helm/repository
241Creating /home/vagrant/.helm/repository/cache
242Creating /home/vagrant/.helm/repository/local
243Creating /home/vagrant/.helm/plugins
244Creating /home/vagrant/.helm/starters
245Creating /home/vagrant/.helm/cache/archive
246Creating /home/vagrant/.helm/repository/repositories.yaml
247Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
248Adding local repo with URL: http://127.0.0.1:8879/charts
249$HELM_HOME has been configured at /home/vagrant/.helm.
250
251Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
252
253Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
254To prevent this, run `helm init` with the --tiller-tls-verify flag.
255For more information on securing your installation see: https://docs.helm.sh/using_helm/#securing-your-helm-installation
256
257Note : If you have previously initialized Helm, execute the following command to upgrade it:
258
259$ helm init --upgrade --service-account tiller
260
2615-Check if Tiller is correctly installed by checking the output of kubectl get pods as shown below:
262
263$ kubectl --namespace kube-system get pods | grep tiller
264tiller-deploy-598f58dd45-q2cbq 1/1 Running 0 59s
265
266
2676-Install An Application Using A Helm Chart
268
269A Helm chart describes a specific version of an application, also known as a “release”. The “release” includes files with Kubernetes-needed resources and files that describe the installation, configuration, usage and license of a chart.
270
271For more details https://hub.kubeapps.com/charts/search?q=bitnami
272
2736.1-Install Wordpress Helm chart :
274https://github.com/helm/charts/tree/master/stable/wordpress#coniguration
275$ helm install --name my-release stable/wordpress
276NAME: my-release
277LAST DEPLOYED: Mon May 20 00:33:10 2019
278NAMESPACE: default
279STATUS: DEPLOYED
280
281RESOURCES:
282==> v1/ConfigMap
283NAME DATA AGE
284my-release-mariadb 1 1s
285my-release-mariadb-tests 1 1s
286
287==> v1/Deployment
288NAME READY UP-TO-DATE AVAILABLE AGE
289my-release-wordpress 0/1 1 0 1s
290
291==> v1/PersistentVolumeClaim
292NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
293my-release-wordpress Pending default-storage 1s
294
295==> v1/Pod(related)
296NAME READY STATUS RESTARTS AGE
297my-release-wordpress-68b59ff76f-8pwdc 0/1 Pending 0 0s
298
299==> v1/Secret
300NAME TYPE DATA AGE
301my-release-mariadb Opaque 2 1s
302my-release-wordpress Opaque 1 1s
303
304==> v1/Service
305NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
306my-release-mariadb ClusterIP 10.101.130.135 <none> 3306/TCP 1s
307my-release-wordpress LoadBalancer 10.104.17.11 <pending> 80:30992/TCP,443:31587/TCP 1s
308
309==> v1beta1/StatefulSet
310NAME READY AGE
311my-release-mariadb 0/1 0s
312
313
314NOTES:
3151. Get the WordPress URL:
316
317 NOTE: It may take a few minutes for the LoadBalancer IP to be available.
318 Watch the status with: 'kubectl get svc --namespace default -w my-release-wordpress'
319 export SERVICE_IP=$(kubectl get svc --namespace default my-release-wordpress --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
320 echo "WordPress URL: http://$SERVICE_IP/"
321 echo "WordPress Admin URL: http://$SERVICE_IP/admin"
322
3232. Login with the following credentials to see your blog
324
325 echo Username: user
326 echo Password: $(kubectl get secret --namespace default my-release-wordpress -o jsonpath="{.data.wordpress-password}" | base64 --decode)
327
3286.2-Uninstalling the Chart
329$ helm delete my-release
330release "my-release" deleted
331$ helm del --purge my-release
332release "my-release" deleted
333
3346.3-Install Wordpress Helm chart with configurable parameters :
335
336$ helm install --name my-release \
337 --set persistence.storageClass=default-storage,persistence.size=2Gi,wordpressUsername=admin,wordpressPassword=password,mariadb.mariadbRootPassword=secretpassword \
338 stable/wordpress
339NAME: my-release
340LAST DEPLOYED: Mon May 20 00:37:44 2019
341NAMESPACE: default
342STATUS: DEPLOYED
343
344RESOURCES:
345==> v1/ConfigMap
346NAME DATA AGE
347my-release-mariadb 1 0s
348my-release-mariadb-tests 1 0s
349
350==> v1/Deployment
351NAME READY UP-TO-DATE AVAILABLE AGE
352my-release-wordpress 0/1 1 0 0s
353
354==> v1/PersistentVolumeClaim
355NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
356my-release-wordpress Pending default-storage 0s
357
358==> v1/Pod(related)
359NAME READY STATUS RESTARTS AGE
360my-release-mariadb-0 0/1 Pending 0 0s
361my-release-wordpress-554dcf569-tnh7k 0/1 Pending 0 0s
362
363==> v1/Secret
364NAME TYPE DATA AGE
365my-release-mariadb Opaque 2 0s
366my-release-wordpress Opaque 1 0s
367
368==> v1/Service
369NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
370my-release-mariadb ClusterIP 10.97.86.182 <none> 3306/TCP 0s
371my-release-wordpress LoadBalancer 10.96.202.180 <pending> 80:32730/TCP,443:31752/TCP 0s
372
373==> v1beta1/StatefulSet
374NAME READY AGE
375my-release-mariadb 0/1 0s
376
377
378NOTES:
3791. Get the WordPress URL:
380
381 NOTE: It may take a few minutes for the LoadBalancer IP to be available.
382 Watch the status with: 'kubectl get svc --namespace default -w my-release-wordpress'
383 export SERVICE_IP=$(kubectl get svc --namespace default my-release-wordpress --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
384 echo "WordPress URL: http://$SERVICE_IP/"
385 echo "WordPress Admin URL: http://$SERVICE_IP/admin"
386
3872. Login with the following credentials to see your blog
388
389 echo Username: admin
390 echo Password: $(kubectl get secret --namespace default my-release-wordpress -o jsonpath="{.data.wordpress-password}" | base64 --decode)
391
3926.3-Uninstalling the Chart
393$ helm delete my-release
394release "my-release" deleted
395$ helm del --purge my-release
396release "my-release" deleted
397
398
399********************************************************************
400 Lab13 Create your Helm Chart
401
402********************************************************************
403For a typical cloud-native application with a 3-tier architecture (DataBase tier ex MariaDB, Backend tier ex Wordpress and Frontend tier ex nginx). In this architecture, each tier consists of a Deployment and Service object, and may additionally define ConfigMap or Secret objects. Each of these objects are typically defined in separate YAML files, and are fed into the kubectl command line tool.
404
405A Helm chart encapsulates each of these YAML definitions, provides a mechanism for configuration at deploy-time and allows you to define metadata and documentation that might be useful when sharing the package. Helm can be useful in different scenarios:
406
407-Find and use popular software packaged as Kubernetes charts
408-Share your own applications as Kubernetes charts
409-Create reproducible builds of your Kubernetes applications
410-Intelligently manage your Kubernetes object definitions
411-Manage releases of Helm packages
412
4131-Create Your First Chart
414
415 $ helm create mychart
416Creating mychart
417
418$ ls mychart/
419charts Chart.yaml templates values.yaml
420
4211.1-Templates
422The most important piece of the puzzle is the templates/ directory. This is where Helm finds the YAML definitions for your Services, Deployments and other Kubernetes objects.
423$ ls mychart/templates/
424deployment.yaml _helpers.tpl ingress.yaml NOTES.txt service.yaml tests
425
426--> View the basic Service definition
427$ cat mychart/templates/service.yaml
428apiVersion: v1
429kind: Service
430metadata:
431 name: {{ include "mychart.fullname" . }}
432 labels:
433{{ include "mychart.labels" . | indent 4 }}
434spec:
435 type: {{ .Values.service.type }}
436 ports:
437 - port: {{ .Values.service.port }}
438 targetPort: http
439 protocol: TCP
440 name: http
441 selector:
442 app.kubernetes.io/name: {{ include "mychart.name" . }}
443 app.kubernetes.io/instance: {{ .Release.Name }}
444
4451.2-Values
446
447The template in service.yaml makes use of the Helm-specific objects Chart.yaml and Values.yaml. The Chart provides metadata about the chart to your definitions such as the name, or version. The Values object is a key element of Helm charts, used to expose configuration that can be set at the time of deployment. The defaults for this object are defined in the values.yaml file. Try changing the default value for service.internalPort and execute another dry-run, you should find that the targetPort in the Service and the containerPort in the Deployment changes. The service.internalPort value is used here to ensure that the Service and Deployment objects work together correctly. The use of templating can greatly reduce boilerplate and simplify your definitions.
448
449If a user of your chart wanted to change the default configuration, they could provide overrides directly on the command-line:
450
451$ helm install --dry-run --debug ./mychart --set service.internalPort=8080
452[debug] Created tunnel using local port: '37730'
453
454[debug] SERVER: "127.0.0.1:37730"
455
456[debug] Original chart version: ""
457[debug] CHART PATH: /home/vagrant/mychart
458
459NAME: pilfering-goat
460REVISION: 1
461RELEASED: Mon May 20 01:01:15 2019
462CHART: mychart-0.1.0
463USER-SUPPLIED VALUES:
464service:
465 internalPort: 8080
466
467COMPUTED VALUES:
468affinity: {}
469fullnameOverride: ""
470image:
471 pullPolicy: IfNotPresent
472 repository: nginx
473 tag: stable
474imagePullSecrets: []
475ingress:
476 annotations: {}
477 enabled: false
478 hosts:
479 - host: chart-example.local
480 paths: []
481 tls: []
482nameOverride: ""
483nodeSelector: {}
484replicaCount: 1
485resources: {}
486service:
487 internalPort: 8080
488 port: 80
489 type: ClusterIP
490tolerations: []
491
492HOOKS:
493---
494# pilfering-goat-mychart-test-connection
495apiVersion: v1
496kind: Pod
497metadata:
498 name: "pilfering-goat-mychart-test-connection"
499 labels:
500 app.kubernetes.io/name: mychart
501 helm.sh/chart: mychart-0.1.0
502 app.kubernetes.io/instance: pilfering-goat
503 app.kubernetes.io/version: "1.0"
504 app.kubernetes.io/managed-by: Tiller
505 annotations:
506 "helm.sh/hook": test-success
507spec:
508 containers:
509 - name: wget
510 image: busybox
511 command: ['wget']
512 args: ['pilfering-goat-mychart:80']
513 restartPolicy: Never
514MANIFEST:
515
516---
517# Source: mychart/templates/service.yaml
518apiVersion: v1
519kind: Service
520metadata:
521 name: pilfering-goat-mychart
522 labels:
523 app.kubernetes.io/name: mychart
524 helm.sh/chart: mychart-0.1.0
525 app.kubernetes.io/instance: pilfering-goat
526 app.kubernetes.io/version: "1.0"
527 app.kubernetes.io/managed-by: Tiller
528spec:
529 type: ClusterIP
530 ports:
531 - port: 80
532 targetPort: http
533 protocol: TCP
534 name: http
535 selector:
536 app.kubernetes.io/name: mychart
537 app.kubernetes.io/instance: pilfering-goat
538---
539# Source: mychart/templates/deployment.yaml
540apiVersion: apps/v1
541kind: Deployment
542metadata:
543 name: pilfering-goat-mychart
544 labels:
545 app.kubernetes.io/name: mychart
546 helm.sh/chart: mychart-0.1.0
547 app.kubernetes.io/instance: pilfering-goat
548 app.kubernetes.io/version: "1.0"
549 app.kubernetes.io/managed-by: Tiller
550spec:
551 replicas: 1
552 selector:
553 matchLabels:
554 app.kubernetes.io/name: mychart
555 app.kubernetes.io/instance: pilfering-goat
556 template:
557 metadata:
558 labels:
559 app.kubernetes.io/name: mychart
560 app.kubernetes.io/instance: pilfering-goat
561 spec:
562 containers:
563 - name: mychart
564 image: "nginx:stable"
565 imagePullPolicy: IfNotPresent
566 ports:
567 - name: http
568 containerPort: 80
569 protocol: TCP
570 livenessProbe:
571 httpGet:
572 path: /
573 port: http
574 readinessProbe:
575 httpGet:
576 path: /
577 port: http
578 resources:
579 {}
580
581For more details check the Helm documentation
582https://github.com/kubernetes/helm/blob/master/docs/index.md
583
5842-Deploy Your First Chart
585
586The chart you generated in the previous step is setup to run an NGINX server exposed via a Kubernetes Service. By default, the chart will create a ClusterIP type Service, so NGINX will only be exposed internally in the cluster.
587
588$ helm install --name example ./mychart --set service.type=NodePort
589NAME: example
590LAST DEPLOYED: Mon May 20 01:06:59 2019
591NAMESPACE: default
592STATUS: DEPLOYED
593
594RESOURCES:
595==> v1/Deployment
596NAME READY UP-TO-DATE AVAILABLE AGE
597example-mychart 0/1 1 0 0s
598
599==> v1/Pod(related)
600NAME READY STATUS RESTARTS AGE
601example-mychart-75d6f7cc85-snhlm 0/1 ContainerCreating 0 0s
602
603==> v1/Service
604NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
605example-mychart NodePort 10.108.234.246 <none> 80:31400/TCP 0s
606
607
608NOTES:
6091. Get the application URL by running these commands:
610 export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services example-mychart)
611 export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
612 echo http://$NODE_IP:$NODE_PORT
613
614
615$ kubectl get service
616NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
617example-mychart NodePort 10.108.234.246 <none> 80:31400/TCP 3m21s
618kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d1h
619
620
6213-Packaging Your Chart To Share it
622
623 if you are looking to share your charts with your team or the community, your consumers will typically install the charts from a tar package. We can use helm package to create the tar package:
624$ helm package ./mychart
625Successfully packaged chart and saved it to: /home/vagrant/mychart-0.1.0.tgz
626$ ls
627get_helm.sh mychart nginx.yaml mychart-0.1.0.tgz
628
629Helm will create a mychart-0.1.0.tgz package in our working directory, using the name and version from the metadata defined in the Chart.yaml file.
630Now, we can install from this package instead of a local directory by passing the package as the parameter to helm install.
631$ helm del --purge example
632release "example" deleted
633
634$ helm del --purge example
635$ helm install --name mychart mychart-0.1.0.tgz --set service.type=NodePort
636
637NAME: mychart
638LAST DEPLOYED: Mon May 20 01:14:38 2019
639NAMESPACE: default
640STATUS: DEPLOYED
641
642RESOURCES:
643==> v1/Deployment
644NAME READY UP-TO-DATE AVAILABLE AGE
645mychart 0/1 1 0 0s
646
647==> v1/Pod(related)
648NAME READY STATUS RESTARTS AGE
649mychart-b9488ff5c-rz9s6 0/1 ContainerCreating 0 0s
650
651==> v1/Service
652NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
653mychart NodePort 10.107.160.101 <none> 80:31109/TCP 0s
654
655
656NOTES:
6571. Get the application URL by running these commands:
658 export NODE_PORT=$(kubectl get --namespace default -o jsonpath="{.spec.ports[0].nodePort}" services mychart)
659 export NODE_IP=$(kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}")
660 echo http://$NODE_IP:$NODE_PORT
661
662$ kubectl get service
663NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
664kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 4d1h
665mychart NodePort 10.107.160.101 <none> 80:31109/TCP 21s
666
667
668********************************************************************
669 Lab14 Kubernetes Dashboard
670********************************************************************
671Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.
672
673https://github.com/kubernetes/dashboard
674
6751-To deploy Dashboard, execute following command:
676
677$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
678secret/kubernetes-dashboard-certs created
679serviceaccount/kubernetes-dashboard created
680role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
681rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
682deployment.apps/kubernetes-dashboard created
683service/kubernetes-dashboard created
684
6852-To access Dashboard from your local workstation you must create a secure channel to your Kubernetes cluster. Run the following command:
686
687$ kubectl proxy
688Now access Dashboard at:
689
690http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
691
692
6933-Access to Dashoboard from outside
694
6953.1-Delete the old dashboard
696$ kubectl delete svc kubernetes-dashboard -n kube-system
697$ kubectl delete deployment kubernetes-dashboard -n kube-system
6983.2-Change the Dashboard service type (add type: LoadBalancer to the yaml file)
699
700$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
701$ cat kubernetes-dashboard.yaml
702# Copyright 2017 The Kubernetes Authors.
703#
704# Licensed under the Apache License, Version 2.0 (the "License");
705# you may not use this file except in compliance with the License.
706# You may obtain a copy of the License at
707#
708# http://www.apache.org/licenses/LICENSE-2.0
709#
710# Unless required by applicable law or agreed to in writing, software
711# distributed under the License is distributed on an "AS IS" BASIS,
712# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
713# See the License for the specific language governing permissions and
714# limitations under the License.
715
716# ------------------- Dashboard Secret ------------------- #
717
718apiVersion: v1
719kind: Secret
720metadata:
721 labels:
722 k8s-app: kubernetes-dashboard
723 name: kubernetes-dashboard-certs
724 namespace: kube-system
725type: Opaque
726
727---
728# ------------------- Dashboard Service Account ------------------- #
729
730apiVersion: v1
731kind: ServiceAccount
732metadata:
733 labels:
734 k8s-app: kubernetes-dashboard
735 name: kubernetes-dashboard
736 namespace: kube-system
737
738---
739# ------------------- Dashboard Role & Role Binding ------------------- #
740
741kind: Role
742apiVersion: rbac.authorization.k8s.io/v1
743metadata:
744 name: kubernetes-dashboard-minimal
745 namespace: kube-system
746rules:
747 # Allow Dashboard to create 'kubernetes-dashboard-key-holder' secret.
748- apiGroups: [""]
749 resources: ["secrets"]
750 verbs: ["create"]
751 # Allow Dashboard to create 'kubernetes-dashboard-settings' config map.
752- apiGroups: [""]
753 resources: ["configmaps"]
754 verbs: ["create"]
755 # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
756- apiGroups: [""]
757 resources: ["secrets"]
758 resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
759 verbs: ["get", "update", "delete"]
760 # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
761- apiGroups: [""]
762 resources: ["configmaps"]
763 resourceNames: ["kubernetes-dashboard-settings"]
764 verbs: ["get", "update"]
765 # Allow Dashboard to get metrics from heapster.
766- apiGroups: [""]
767 resources: ["services"]
768 resourceNames: ["heapster"]
769 verbs: ["proxy"]
770- apiGroups: [""]
771 resources: ["services/proxy"]
772 resourceNames: ["heapster", "http:heapster:", "https:heapster:"]
773 verbs: ["get"]
774
775---
776apiVersion: rbac.authorization.k8s.io/v1
777kind: RoleBinding
778metadata:
779 name: kubernetes-dashboard-minimal
780 namespace: kube-system
781roleRef:
782 apiGroup: rbac.authorization.k8s.io
783 kind: Role
784 name: kubernetes-dashboard-minimal
785subjects:
786- kind: ServiceAccount
787 name: kubernetes-dashboard
788 namespace: kube-system
789
790---
791# ------------------- Dashboard Deployment ------------------- #
792
793kind: Deployment
794apiVersion: apps/v1
795metadata:
796 labels:
797 k8s-app: kubernetes-dashboard
798 name: kubernetes-dashboard
799 namespace: kube-system
800spec:
801 replicas: 1
802 revisionHistoryLimit: 10
803 selector:
804 matchLabels:
805 k8s-app: kubernetes-dashboard
806 template:
807 metadata:
808 labels:
809 k8s-app: kubernetes-dashboard
810 spec:
811 containers:
812 - name: kubernetes-dashboard
813 image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
814 ports:
815 - containerPort: 8443
816 protocol: TCP
817 args:
818 - --auto-generate-certificates
819 # Uncomment the following line to manually specify Kubernetes API server Host
820 # If not specified, Dashboard will attempt to auto discover the API server and connect
821 # to it. Uncomment only if the default does not work.
822 # - --apiserver-host=http://my-address:port
823 volumeMounts:
824 - name: kubernetes-dashboard-certs
825 mountPath: /certs
826 # Create on-disk volume to store exec logs
827 - mountPath: /tmp
828 name: tmp-volume
829 livenessProbe:
830 httpGet:
831 scheme: HTTPS
832 path: /
833 port: 8443
834 initialDelaySeconds: 30
835 timeoutSeconds: 30
836 volumes:
837 - name: kubernetes-dashboard-certs
838 secret:
839 secretName: kubernetes-dashboard-certs
840 - name: tmp-volume
841 emptyDir: {}
842 serviceAccountName: kubernetes-dashboard
843 # Comment the following tolerations if Dashboard must not be deployed on master
844 tolerations:
845 - key: node-role.kubernetes.io/master
846 effect: NoSchedule
847---
848# ------------------- Dashboard Service ------------------- #
849
850kind: Service
851apiVersion: v1
852metadata:
853 labels:
854 k8s-app: kubernetes-dashboard
855 name: kubernetes-dashboard
856 namespace: kube-system
857spec:
858 ports:
859 - port: 443
860 targetPort: 8443
861 selector:
862 k8s-app: kubernetes-dashboard
863 type: LoadBalancer
864
8653.2-Create Dashboard
866$ kubectl apply -f kubernetes-dashboard.yaml
867$ kubectl get svc -n kube-system
868NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
869kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 3d22h
870kubernetes-dashboard LoadBalancer 10.98.67.200 <pending> 443:31415/TCP 14m
871tiller-deploy ClusterIP 10.105.190.217 <none> 44134/TCP 3h50m
872
8733.3-Create An Authentication Token (RBAC)
874
875To find out how to create sample user and log in follow Creating sample user guide:
876https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
877
878$ cat dashboard-adminuser.yaml
879apiVersion: v1
880kind: ServiceAccount
881metadata:
882 name: admin-user
883 namespace: kube-system
884---
885apiVersion: rbac.authorization.k8s.io/v1
886kind: ClusterRoleBinding
887metadata:
888 name: admin-user
889roleRef:
890 apiGroup: rbac.authorization.k8s.io
891 kind: ClusterRole
892 name: cluster-admin
893subjects:
894- kind: ServiceAccount
895 name: admin-user
896 namespace: kube-system
897
898$ kubectl apply -f dashboard-adminuser.yaml
899
900~$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
901Name: admin-user-token-qgpsb
902Namespace: kube-system
903Labels: <none>
904Annotations: kubernetes.io/service-account.name: admin-user
905 kubernetes.io/service-account.uid: 6989aff8-7aff-11e9-b1a4-5ca1ab1e0010
906
907Type: kubernetes.io/service-account-token
908
909Data
910====
911token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXFncHNiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2OTg5YWZmOC03YWZmLTExZTktYjFhNC01Y2ExYWIxZTAwMTAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.cAYSCah-Ll-RWWWOTcZY6RXc4GdkGk29JhoG_UA98X-HG08SaWxsnZz6Ey9HiEfSJ_9mqp99nmo_kRqerdIyQSfpUOTrQe5E1LAcGJC_mpNIBeJUps-4tegnIoyiTMvC8F6_-EU9IYri2eyHVNHyEj_I5aF9Zyu0itM7dgCnwIinIo74v0A_EGRl4nkZO0Tgc3l7EjXdRKTYayYQmYTzM7qROzXYTmNvzhgrorrOByO_KUEuhUUDuuXzxMFefJ2Yxe1sTdzVxtilbDHuTj9EfJKHIgp1zxGP2pVuUvPQo3y82_yAxIDFsg8I6qIAFpIeIVFUtFstPFGDv7ETh3XWzg
912ca.crt: 1025 bytes
913namespace: 11 bytes
914
9153.4- Copy and Paste token to Login Page
916-->Create Port forwarding in VirtualBox (Master VM) : 8084<->31415
917https://localhost:8084/
918Enjoy!