k8s

module
v0.0.0-...-8f49d09 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2016 License: MIT

README

Scalable Microservices with Kubernetes

  • Provision Kubernetes
  • Deploy and manage Docker containers using kubectl

Kubernetes Version: 1.4.6

dnf install -y jq

Course Description

Kubernetes is all about applications and in this course you will utilize the Kubernetes API to deploy, manage, and upgrade applications. You will use an example application called app to complete the labs.

App is an example 12 Factor application. During this course you will be working with the following Docker images:

nginx

kubectl run nginx --image=nginx:1.10.0
deployment "nginx" created

kubectl get pods
NAME                    READY     STATUS    RESTARTS   AGE
nginx-452959208-3iavq   1/1       Running   0          19s

kubectl expose deployment nginx --port 80 --type LoadBalancer
service "nginx" exposed

kubectl get services
NAME         CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
kubernetes   10.247.0.1       <none>        443/TCP   1d
nginx        10.247.118.175   <pending>     80/TCP    58s

kubectl delete service nginx
service "nginx" deleted

kubectl get deployments
NAME      DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
nginx     1         1         1            1           2m

kubectl delete deployment nginx
deployment "nginx" deleted

Cheat Sheet

http://kubernetes.io/docs/user-guide/kubectl-cheatsheet/

Creating Pods

Explore config file

cat pods/monolith.yaml

Create the monolith pod

kubectl create -f pods/monolith.yaml

Examine pods

kubectl get pods

It may take a few seconds before the monolith pod is up and running as the monolith container image needs to be pulled from the Docker Hub before we can run it.

Use the kubectl describe command to get more information about the monolith pod.

kubectl describe pods monolith

Interacting With Pods

SHELL 1

set up port-forwarding

kubectl port-forward monolith 5080:80

SHELL 2

Open new Cloud Shell session 2

curl http://127.0.0.1:5080

curl http://127.0.0.1:5080/secure

Cloud shell 2 - log in

TOKEN=$(curl --cacert ./ca.pem http://localhost:5080/login -u user | jq -r '.token')
Enter host password for user 'user':
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   222  100   222    0     0   2393      0 --:--:-- --:--:-- --:--:--  2439

echo $TOKEN
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE0ODA5MDg1MjUsImlhdCI6MTQ4MDY0OTMyNSwiaXNzIjoiYXV0aC5zZXJ2aWNlIiwic3ViIjoidXNlciJ9.JQIsbDRxxai1nxlYjGLfsW6V_Pe19kchJpE0PGP4Z-A

curl --cacert ./ca.pem -H "Authorization: Bearer $TOKEN" http://localhost:5080/secure
{"message":"Hello"}

curl --cacert ./ca.pem http://localhost:5080/secure
authorization failed

View logs

kubectl logs monolith
kubectl logs -f monolith

SHELL 3

In Cloud Shell 3

curl http://127.0.0.1:5080

SHELL 2

Exit log watching (Ctrl-C)

You can use the kubectl exec command to run an interactive shell inside the monolith Pod. This can come in handy when you want to troubleshoot from within a container:

kubectl exec monolith --stdin --tty -c monolith /bin/sh

For example, once we have a shell into the monolith container we can test external connectivity using the ping command.

ping -c 3 google.com

When you’re done with the interactive shell be sure to logout.

exit

store certs as secrets

ls tls

The cert.pem and key.pem files will be used to secure traffic on the monolith server and the ca.pem will be used by HTTP clients as the CA to trust. Since the certs being used by the monolith server where signed by the CA represented by ca.pem, HTTP clients that trust ca.pem will be able to validate the SSL connection to the monolith server.

Use kubectl to create the tls-certs secret from the TLS certificates stored under the tls directory:

kubectl create secret generic tls-certs --from-file=tls/

kubectl will create a key for each file in the tls directory under the tls-certs secret bucket. Use the kubectl describe command to verify that:

kubectl describe secrets tls-certs

Next we need to create a configmap entry for the proxy.conf nginx configuration file using the kubectl create configmap command:

kubectl create configmap nginx-proxy-conf --from-file=nginx/proxy.conf

Use the kubectl describe configmap command to get more details about the nginx-proxy-conf configmap entry:

kubectl describe configmap nginx-proxy-conf

Accessing A Secure HTTPS Endpoint

cat pods/secure-monolith.yaml

Create the secure-monolith Pod using kubectl.

kubectl create -f pods/secure-monolith.yaml
kubectl get pods secure-monolith

kubectl port-forward secure-monolith 5443:443

Note HTTPS not HTTP

curl --cacert tls/ca.pem https://127.0.0.1:5443

kubectl logs -c nginx secure-monolith

If a container dies, use -p flag to examine previous terminated container(s)

kubectl logs -p secure-monolith nginx

kubectl logs -p secure-monolith monolith

Deploy service

cat services/monolith.yaml

kubectl create -f services/monolith.yaml 

gcloud compute firewall-rules create allow-monolith-nodeport --allow=tcp:31000
gcloud compute instances list

kubectl get nodes
kubectl describe nodes
virsh net-dhcp-leases vagrant-libvirt

kubectl get pods -l "app=monolith"
kubectl get pods -l "app=monolith,secure=enabled"
kubectl describe pods secure-monolith |grep Labels
kubectl label pods secure-monolith "secure=enabled"
kubectl describe pods secure-monolith |grep secure

virsh net-dhcp-leases vagrant-libvirt

curl -k https://dhcp-lease:31000

Directories

Path Synopsis
app
auth
certgen
handlers
health
hello
monolith
user

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.