notes-on-cf-k8s-controllers.md

Notes on CF k8s controllers

a quick poke at the latest cf-k8s-controllers to see what they have to offer (2022-02-18)

Run a local Cloud Foundry on k8s, make some orgs/spaces and push some apps, check out the cf experience and take a look behind the scenes with kubectl.

My toolkit

what	version	decription
hardware	2.6 GHz 6-Core Intel Core i7	macbook pro
host os	macos 11.6.4	host operating system
direnv	v2.30.3	load environment variables based on directory
jq	jq-1.6	json wrangling tool
docker desktop	3.6.0	container runtime with 60Gb disk allocated, 8GB ram, 2GB swap
docker cli	20.10.8	docker command line interface
docker engine	20.10.8	docker engine
kubectl	v1.23.4	k8s cli
helm	v3.8.0	k8s package manager
kind	v0.11.1	k8s on docker
kui	11.2.5	hybrid cli/gui for k8s
cf-k8s-controllers	main	repo
cf cli v8	8.2.0+fd8fbca64.2022-02-09	latest cloud foundry CLI with k8s support
pack	0.24.0+git-79a40b7.build-3148	packeto buildpacks CLI

Resources

• https://kubernetes.io/docs/home/
• supported apis
• hierarchical namespace controller
• kpack
• cf-k8s-controllers

Notes

assumes you already have Docker installed and you have given it 8GB or more RAM

1. install some tools

brew install kubernetes-cli

brew install helm

brew install kustomize

brew install kubebuilder

brew install kind

brew install kui

brew install jq

brew install direnv

brew install cf-cli@8

brew install buildpacks/tap/pack

2. create a local k8s cluster with kind

kind create cluster --name cf

kubectl get-clusters

kubectl get namespaces

3. install cf-k8s-controllers the local k8s cluster

git clone https://github.com/cloudfoundry/cf-k8s-controllers

cd cf-k8s-controllers

direnv allow

chmod a+rx ./scripts/deploy-on-kind

./scripts/deploy-on-kind.sh cf --use-local-registry

and wait for it to spin up

4. check the k8s installation

docker ps

CONTAINER ID   IMAGE                  COMMAND                  CREATED       STATUS       PORTS                                                                                           NAMES
9fedba4308f1   kindest/node:v1.21.1   "/usr/local/bin/entr…"   3 hours ago   Up 3 hours   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:30050->30050/tcp, 127.0.0.1:51053->6443/tcp   kind-control-plane

kubectl version

kubectl config get-clusters

NAME
kind-kind
minikube

kubectl get namespaces

NAME                                   STATUS   AGE
cert-manager                           Active   152m
cf                                     Active   152m
cf-k8s-api-system                      Active   147m
cf-k8s-controllers-system              Active   148m
default                                Active   153m
eirini-controller                      Active   151m
hnc-system                             Active   152m
kpack                                  Active   152m
kube-node-lease                        Active   153m
kube-public                            Active   153m
kube-system                            Active   153m
local-path-storage                     Active   153m
projectcontour                         Active   152m

kubectl get nodes

NAME                 STATUS   ROLES                  AGE    VERSION
kind-control-plane   Ready    control-plane,master   155m   v1.21.1

kubectl get po -A

NAMESPACE                   NAME                                                     READY   STATUS    RESTARTS   AGE
cert-manager                cert-manager-848f547974-w95jw                            1/1     Running   0          155m
cert-manager                cert-manager-cainjector-54f4cc6b5-fv56q                  1/1     Running   0          155m
cert-manager                cert-manager-webhook-7c9588c76-qqxdl                     1/1     Running   0          155m
cf-k8s-api-system           cf-k8s-api-deployment-6c89574b4f-mhmhh                   1/1     Running   0          150m
cf-k8s-controllers-system   cf-k8s-controllers-controller-manager-5d87848774-cvdgc   2/2     Running   0          151m
default                     localregistry-docker-registry-7bfcd67f8f-52btq           1/1     Running   0          155m
eirini-controller           eirini-controller-7c8c4856d4-87pzt                       1/1     Running   0          154m
eirini-controller           eirini-controller-7c8c4856d4-c5drn                       1/1     Running   0          154m
hnc-system                  hnc-controller-manager-6c596857bd-sbknh                  1/1     Running   1          155m
kpack                       kpack-controller-5865df8c5f-kr589                        1/1     Running   0          155m
kpack                       kpack-webhook-65995b9f8f-m4dcf                           1/1     Running   0          155m
kube-system                 coredns-558bd4d5db-9bqrc                                 1/1     Running   0          155m
kube-system                 coredns-558bd4d5db-nhvmm                                 1/1     Running   0          155m
kube-system                 etcd-kind-control-plane                                  1/1     Running   0          156m
kube-system                 kindnet-rvphf                                            1/1     Running   0          155m
kube-system                 kube-apiserver-kind-control-plane                        1/1     Running   0          156m
kube-system                 kube-controller-manager-kind-control-plane               1/1     Running   0          156m
kube-system                 kube-proxy-g4lmj                                         1/1     Running   0          155m
kube-system                 kube-scheduler-kind-control-plane                        1/1     Running   0          156m
local-path-storage          local-path-provisioner-547f784dff-r9ddp                  1/1     Running   0          155m
projectcontour              contour-76bb4ff6cc-7lj8q                                 1/1     Running   0          155m
projectcontour              contour-76bb4ff6cc-hf6bz                                 1/1     Running   0          155m
projectcontour              envoy-86rn8                                              2/2     Running   0          155m

5. hop into the Docker back end

docker ps and grab the instance hash

CONTAINER ID   IMAGE                  COMMAND                  CREATED       STATUS       PORTS                                                                                           NAMES
9fedba4308f1   kindest/node:v1.21.1   "/usr/local/bin/entr…"   3 hours ago   Up 3 hours   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:30050->30050/tcp, 127.0.0.1:51053->6443/tcp   kind-control-plane```

docker exec -ti 9fedba4308f1 /bin/bash

top

apt-get update

apt-get -y install vim jq

kubectl get pods -A

6. check out the cf api

back on the host system (in this case a mac) take a look at the cf api endpoint

curl localhost | jq .

{
  "links": {
    "app_ssh": null,
    "bits_service": null,
    "cloud_controller_v2": null,
    "cloud_controller_v3": {
      "href": "http://localhost/v3",
      "meta": {
        "version": "3.111.0+cf-k8s"
      }
    },
    "credhub": null,
    "log_cache": {
      "href": "http://localhost",
      "meta": {
        "version": ""
      }
    },
    "log_stream": null,
    "logging": null,
    "login": null,
    "network_policy_v0": null,
    "network_policy_v1": null,
    "routing": null,
    "self": {
      "href": "http://localhost",
      "meta": {
        "version": ""
      }
    },
    "uaa": null
  },
  "cf_on_k8s": true
}

curl http://localhost/v3 | jq .

7. set up the CF CLI and log in

cf api http://localhost

cf api http://localhost
Setting API endpoint to http://localhost...
Warning: Insecure http API endpoint detected: secure https API endpoints are recommended
OK

API endpoint:   http://localhost
API version:    3.111.0+cf-k8s

Not logged in. Use 'cf login' or 'cf login --sso' to log in.

cf login

API endpoint: http://localhost
Warning: Insecure http API endpoint detected: secure https API endpoints are recommended

1. kubernetes-admin

Choose your Kubernetes authentication info (enter to skip): 1

Authenticating...
OK

API endpoint:   http://localhost
API version:    3.111.0+cf-k8s
user:           kubernetes-admin
No org or space targeted, use 'cf target -o ORG -s SPACE'

8. check buildpacks

cf buildpacks

Getting buildpacks as kubernetes-admin...

position   name                         stack                         enabled   locked   filename
1          paketo-buildpacks/java       io.buildpacks.stacks.bionic   true      false    paketo-buildpacks/[email protected]
2          paketo-buildpacks/go         io.buildpacks.stacks.bionic   true      false    paketo-buildpacks/[email protected]
3          paketo-buildpacks/nodejs     io.buildpacks.stacks.bionic   true      false    paketo-buildpacks/[email protected]
4          paketo-buildpacks/ruby       io.buildpacks.stacks.bionic   true      false    paketo-buildpacks/[email protected]
5          paketo-buildpacks/procfile   io.buildpacks.stacks.bionic   true      false    paketo-buildpacks/[email protected]

9. create an org and a space

on the host system

cf create-org demo-org

cf t -o demo-org

cf create-space pothole-service

cf t -s pothole-service

cf t

check out via kubectl

kubectl get namespaces

note that the newly created org has a uuid for a name

10. push an app via docker

cf push -- maybe nginx

11. push a static app using a buildpack

mkdir static_demo
cd static_demo
echo "<h1>hello world from cf on k8s on docker</h1>" > index.html

cf push - push using static buildpack equivalent

12. check app

cf apps

cf app static

cf logs static --recent

10. scale app up and down

cf scale -i 3 static

cf apps

13. install python demo app

14. install a GOV.UK prototype (nodejs)

15. provision a postgres 14 database

document using kui