[kubernetes] #k8s #kubernetes

cpaas-bootcamp.md

• Create multi node cluster

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker

kind create cluster --name cpaas --config kind-config.yaml

• kubectl get replicaset

istio.md

• https://istio.io/latest/docs/setup/install/istioctl/
• https://istio.io/latest/docs/examples/bookinfo/

If you disabled automatic sidecar injection during installation and rely on manual sidecar injection, use the istioctl kube-inject command to modify the bookinfo.yaml file before deploying your application.

$ kubectl apply -f <(istioctl kube-inject -f samples/bookinfo/platform/kube/bookinfo.yaml)

• Good Place to start https://istio.io/latest/docs/setup/getting-started/

k8s-homelab.md

• Need to schedule ingress container in digital ocean and rest all the pods in uva-rig
• using nodeSelector and taints were able to do it. https://kubernetes.io/docs/reference/labels-annotations-taints/

apiVersion: v1
kind: Pod
metadata:
  name: nginx-ingress
  labels:
    env: test
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
  tolerations:
  - key: "node-role.kubernetes.io/master"
    operator: "Exists"
    effect: "NoSchedule"
  nodeSelector:
    kubernetes.io/hostname: do-master-1.k8s.mfapi.in

kind-config.yaml

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 30010
    hostPort: 30010
    listenAddress: "127.0.0.1"
    protocol: TCP
- role: worker
- role: worker
- role: worker

kube-dev-setup.sh

#bin/bash
#echo "cleaning up all kind k8s clusters "
#kind delete clusters --all
set -x 
echo "##### Installing kubectl ####"
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
echo "$(<kubectl.sha256)  kubectl" | sha256sum --check
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl completion bash > /etc/bash_completion.d/kubectl
echo "##### Installing kind ####"
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64
chmod +x ./kind
sudo install -o root -g root -m 0755 kind /usr/local/bin/kind

echo "##### Installing docker ####"
sudo apt-get remove docker docker-engine docker.io containerd runc -y 
sudo apt-get update
sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io -y
echo "##### Installing kubens kubectx ####"
wget -O kubens.tar.gz https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubens_v0.9.4_linux_x86_64.tar.gz 
wget -O kubectx.tar.gz https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubectx_v0.9.4_linux_x86_64.tar.gz
tar -xvf kubens.tar.gz
tar -xvf kubectx.tar.gz
sudo mv kubens /usr/local/bin 
sudo mv kubectx /usr/local/bin

wget -O ~/.complete_alias https://raw.githubusercontent.com/cykerway/complete-alias/master/complete_alias

echo ". ~/.complete_alias" >> ~/.bash_completion

cat >>~/.bashrc <<EOF
alias k=kubectl
alias kns=kubens
alias kctx=kubectx
EOF

cat >>~/.complete_alias <<EOF
complete -F _complete_alias kns
complete -F _complete_alias kctx
complete -F _complete_alias k
EOF

# create registry container unless it already exists
reg_name='kind-registry'
reg_port='5000'
running="$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)"
if [ "${running}" != 'true' ]; then
  docker run \
    -d --restart=always -p "0.0.0.0:${reg_port}:5000" --name "${reg_name}" \
    registry:2
fi

# create a cluster with the local registry enabled in containerd
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: yuva
networking:
  # WARNING: It is _strongly_ recommended that you keep this the default
  # (127.0.0.1) for security reasons. However it is possible to change this.
  apiServerAddress: "127.0.0.1"
  # By default the API server listens on a random open port.
  # You may choose a specific port but probably don't need to in most cases.
  # Using a random port makes it easier to spin up multiple clusters.
  # apiServerPort: 6443
featureGates:
  # any feature gate can be enabled here with "Name": true
  # or disabled here with "Name": false
  # not all feature gates are tested, however
  "EphemeralContainers": true
nodes:
- role: control-plane
  extraPortMappings:
  - containerPort: 30100
    hostPort: 4222
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30101
    hostPort: 6222
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30102
    hostPort: 8222
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30103
    hostPort: 7777
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30104
    hostPort: 7422
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30105
    hostPort: 7522
    listenAddress: "0.0.0.0"
    protocol: TCP
  - containerPort: 30200
    hostPort: 5432
    listenAddress: "0.0.0.0"
    protocol: TCP
- role: worker
- role: worker
- role: worker
containerdConfigPatches:
- |-
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:${reg_port}"]
    endpoint = ["http://${reg_name}:5000"]
EOF

# connect the registry to the cluster network
# (the network may already be connected)
docker network connect "kind" "${reg_name}" || true

# Document the local registry
# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: local-registry-hosting
  namespace: kube-public
data:
  localRegistryHosting.v1: |
    host: "localhost:${reg_port}"
    help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
EOF

kube.md

Dev Cluster

• minikube - old guy works well no load balancer support
  • minikube service list to get the NodePort IP
• kind - works well used by k8s teams natively
• K3d
• kubens and kubectx to switch seamlessly -- enable alias and autocompletion for alias completion https://github.com/cykerway/complete-alias
• Setup kubenetes-dashboard - Faced permission issued followed this https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
• Using kind for local cluster
• to debug an container https://github.com/aylei/kubectl-debug#quick-start
• k debug --image aylei/debug-agent:latest echoserver-6944fb9c86-rvcst to attach a debugging container
• kubectl exec -ti echoserver-6944fb9c86-rvcst -c debugger-h92xm sh

kubeadm.md

tar Cxzvf /usr/local containerd-1.6.8-linux-amd64.tar.gz
wget -O /etc/systemd/system/containerd.service https://raw.githubusercontent.com/containerd/containerd/main/containerd.service
systemctl daemon-reload
systemctl enable --now containerd
systemctl status containerd.service
wget https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64
install -m 755 runc.amd64 /usr/local/sbin/runc
wget https://github.com/containernetworking/plugins/releases/download/v1.1.1/cni-plugins-linux-amd64-v1.1.1.tgz
systemctl status containerd.service
mkdir -p /opt/cni/bin
tar Cxzvf /opt/cni/bin cni-plugins-linux-amd64-v1.1.1.tgz
wget https://github.com/containerd/nerdctl/releases/download/v1.0.0/nerdctl-1.0.0-linux-amd64.tar.gz
tar -xvf nerdctl-1.0.0-linux-amd64.tar.gz
install -m 755 nerdctl /usr/local/bin/nerdctl
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter


cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sudo sysctl --system

kubeadm master

kubeadm init --control-plane-endpoint=k8s-cluster1.zipyoda.com --pod-network-cidr=172.16.0.0/16 --apiserver-advertise-address=192.168.0.124 --apiserver-cert-extra-sans=192.168.0.124 --node-name=k8s-node1.zipyoda.com

• CoreDNS did not come up
• install CNI
• kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.4/manifests/tigera-operator.yaml

By adding the flag --upload-certs to kubeadm init you can temporary upload the control-plane certificates to a Secret in the cluster. Please note that this Secret will expire automatically after 2 hours. The certificates are encrypted using a 32byte key that can be specified using --certificate-key. The same key can be used to download the certificates when additional control-plane nodes are joining, by passing --control-plane and --certificate-key to kubeadm join.