Kubernetes
Table Of Contents
- Objective
- VMs Configuration
- Kubernetes Cluster with Kubeadm
- Deployment
- Kubernetes Dashboard Visualization
kubeadm init
kubeadm join 192.168.1.4:6443 --token vp8i2t.lzbba9edmkk6yb5t \
--discovery-token-ca-cert-hash sha256:10e669de8d4518be18a2efb641237f58c97e966d8843398d578048c277f5aeac
$ kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
covid Ready <none> 4d6h v1.22.2 192.168.1.6 <none> Ubuntu 20.04.3 LTS 5.4.0-86-generic docker://20.10.8
ice-tea Ready <none> 4d6h v1.22.2 192.168.1.5 <none> Ubuntu 20.04.3 LTS 5.4.0-86-generic docker://20.10.8
mitsuke Ready control-plane,master 4d6h v1.22.2 192.168.1.4 <none> Ubuntu 20.04.3 LTS 5.4.0-86-generic docker://20.10.8
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/calico-kube-controllers-69d59fc77d-hp67m 1/1 Running 4 (46m ago) 40h 172.16.187.66 ice-tea <none> <none>
pod/calico-node-jxtzk 1/1 Running 2 (15h ago) 40h 192.168.1.5 ice-tea <none> <none>
pod/calico-node-ngjtr 1/1 Running 2 (15h ago) 40h 192.168.1.6 covid <none> <none>
pod/calico-node-txrkf 1/1 Running 2 (15h ago) 40h 192.168.1.4 mitsuke <none> <none>
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
daemonset.apps/calico-node 3 3 3 3 3 kubernetes.io/os=linux 4d22h calico-node docker.io/calico/node:v3.20.1 k8s-app=calico-node
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/calico-kube-controllers 1/1 1 1 4d22h calico-kube-controllers docker.io/calico/kube-controllers:v3.20.1 k8s-app=calico-kube-controllers
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/calico-kube-controllers-69d59fc77d 1 1 1 40h calico-kube-controllers docker.io/calico/kube-controllers:v3.20.1 k8s-app=calico-kube-controllers,pod-template-hash=69d59fc77d
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.1.240-192.168.1.254
$ kubectl get all -n metallb-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/controller-6b78bff7d9-wlf44 1/1 Running 2 (15h ago) 40h 172.16.38.93 covid <none> <none>
pod/speaker-5k6f7 1/1 Running 11 (15h ago) 3d23h 192.168.1.6 covid <none> <none>
pod/speaker-95vdh 1/1 Running 13 (15h ago) 3d23h 192.168.1.4 mitsuke <none> <none>
pod/speaker-wz2fj 1/1 Running 12 (15h ago) 3d23h 192.168.1.5 ice-tea <none> <none>
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
daemonset.apps/speaker 3 3 3 3 3 kubernetes.io/os=linux 3d23h speaker quay.io/metallb/speaker:v0.10.2 app=metallb,component=speaker
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/controller 1/1 1 1 3d23h controller quay.io/metallb/controller:v0.10.2 app=metallb,component=controller
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/controller-6b78bff7d9 1 1 1 3d23h controller quay.io/metallb/controller:v0.10.2 app=metallb,component=controller,pod-template-hash=6b78bff7d9
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm show values ingress-nginx/ingress-nginx > /tmp/ingress-nginx.yml
vi /tmp/ingress-nginx.yml
- Host Network: true
# Required for use with CNI based kubernetes installations (such as ones set up by kubeadm),
# since CNI and hostport don't mix yet. Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920
# is merged
hostNetwork: false
- Host Port Enabled: true
## Use host ports 80 and 443
## Disabled by default
##
hostPort:
enabled: false
ports:
http: 80
https: 443
- Kind: DaemonSet
## DaemonSet or Deployment
##
kind: Deployment
- Install
kubectl create namespace ingress-nginx
helm install my-ingress ingress-nginx/ingress-nginx -n ingress-nginx --values /tmp/ingress-nginx.yml
$ kubectl get all -n ingress-nginx -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/my-ingress-ingress-nginx-controller-cdtld 1/1 Running 1 (16h ago) 16h 192.168.1.5 ice-tea <none> <none>
pod/my-ingress-ingress-nginx-controller-v5mzv 1/1 Running 1 (16h ago) 16h 192.168.1.6 covid <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/my-ingress-ingress-nginx-controller LoadBalancer 10.101.25.246 192.168.1.240 80:31749/TCP,443:30044/TCP 2d19h app.kubernetes.io/component=controller,app.kubernetes.io/instance=my-ingress,app.kubernetes.io/name=ingress-nginx
service/my-ingress-ingress-nginx-controller-admission ClusterIP 10.101.184.186 <none> 443/TCP 2d19h app.kubernetes.io/component=controller,app.kubernetes.io/instance=my-ingress,app.kubernetes.io/name=ingress-nginx
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE CONTAINERS IMAGES SELECTOR
daemonset.apps/my-ingress-ingress-nginx-controller 2 2 2 2 2 kubernetes.io/os=linux 2d19h controller k8s.gcr.io/ingress-nginx/controller:v1.0.1@sha256:26bbd57f32bac3b30f90373005ef669aae324a4de4c19588a13ddba399c6664e app.kubernetes.io/component=controller,app.kubernetes.io/instance=my-ingress,app.kubernetes.io/name=ingress-nginx
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
$ kubectl apply -f k8s/
service/apache-activemq created
deployment.apps/apache-activemq created
configmap/config created
namespace/k8s created
service/openzipkin-zipkin created
deployment.apps/openzipkin-zipkin created
service/publisher-service created
deployment.apps/publisher-service created
configmap/publisher-subscriber-config created
ingress.networking.k8s.io/publisher-subscriber-ingress created
secret/secret created
service/subscriber-service created
deployment.apps/subscriber-service created
$ kubectl get all -n k8s -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod/apache-activemq-7fcfdcc7f7-rkzmq 1/1 Running 0 2m39s 172.16.38.97 covid <none> <none>
pod/openzipkin-zipkin-75c5c4f5b4-9k9rk 1/1 Running 0 2m39s 172.16.187.126 ice-tea <none> <none>
pod/publisher-service-7dcd967b9d-6mdls 1/1 Running 0 2m39s 172.16.187.70 ice-tea <none> <none>
pod/publisher-service-7dcd967b9d-tb77x 1/1 Running 0 2m39s 172.16.38.96 covid <none> <none>
pod/publisher-service-7dcd967b9d-vh9wh 1/1 Running 0 2m39s 172.16.38.95 covid <none> <none>
pod/subscriber-service-556b6c7cf6-9tnc5 1/1 Running 0 2m39s 172.16.187.73 ice-tea <none> <none>
pod/subscriber-service-556b6c7cf6-d7lwg 1/1 Running 0 2m39s 172.16.187.71 ice-tea <none> <none>
pod/subscriber-service-556b6c7cf6-qltg4 1/1 Running 0 2m39s 172.16.38.94 covid <none> <none>
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service/apache-activemq ClusterIP 10.110.179.217 <none> 8161/TCP,61616/TCP 2m40s app=apache-activemq
service/openzipkin-zipkin ClusterIP 10.111.137.119 <none> 9411/TCP 2m39s app=openzipkin-zipkin
service/publisher-service ClusterIP 10.96.66.134 <none> 8080/TCP 2m39s app=publisher-service
service/subscriber-service ClusterIP 10.101.36.223 <none> 8080/TCP 2m39s app=subscriber-service
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
deployment.apps/apache-activemq 1/1 1 1 2m39s apache-activemq lsefiane/activemq:5.16.2-alpine app=apache-activemq
deployment.apps/openzipkin-zipkin 1/1 1 1 2m39s openzipkin-zipkin openzipkin/zipkin:latest app=openzipkin-zipkin
deployment.apps/publisher-service 3/3 3 3 2m39s publisher-service lsefiane/publisher-service:latest app=publisher-service
deployment.apps/subscriber-service 3/3 3 3 2m39s publisher-service lsefiane/subscriber-service:latest app=subscriber-service
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
replicaset.apps/apache-activemq-7fcfdcc7f7 1 1 1 2m39s apache-activemq lsefiane/activemq:5.16.2-alpine app=apache-activemq,pod-template-hash=7fcfdcc7f7
replicaset.apps/openzipkin-zipkin-75c5c4f5b4 1 1 1 2m39s openzipkin-zipkin openzipkin/zipkin:latest app=openzipkin-zipkin,pod-template-hash=75c5c4f5b4
replicaset.apps/publisher-service-7dcd967b9d 3 3 3 2m39s publisher-service lsefiane/publisher-service:latest app=publisher-service,pod-template-hash=7dcd967b9d
replicaset.apps/subscriber-service-556b6c7cf6 3 3 3 2m39s publisher-service lsefiane/subscriber-service:latest app=subscriber-service,pod-template-hash=556b6c7cf6
curl -X POST -H "Content-Type: application/json" \
-d '{"description": "description sample...."}' \
http://publisher-subscriber.com/publisher/publish/virtual-topic
{"id":"41c6e9ef-b82f-4646-b032-3b66c83f3050","timestamp":"26-09-2021 17:25:45","description":"description sample...."}
- Mitsuke connection
ssh -L 8001:127.0.0.1:8001 username@mitsuke
- Token generation for Kubernetes dashboard
kubectl create serviceaccount kubernetes-dashboard-admin-sa -n kube-system
kubectl create clusterrolebinding kubernetes-dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard-admin
$ kubectl get secrets -n kube-system
NAME TYPE DATA AGE
attachdetach-controller-token-zl6tx kubernetes.io/service-account-token 3 5d
bootstrap-signer-token-7vzhk kubernetes.io/service-account-token 3 5d
calico-kube-controllers-token-2xt9s kubernetes.io/service-account-token 3 5d
calico-node-token-bhqvt kubernetes.io/service-account-token 3 5d
calicoctl-token-9x797 kubernetes.io/service-account-token 3 2d1h
certificate-controller-token-d4dmr kubernetes.io/service-account-token 3 5d
clusterrole-aggregation-controller-token-h8g4v kubernetes.io/service-account-token 3 5d
coredns-token-2h7t2 kubernetes.io/service-account-token 3 5d
cronjob-controller-token-wj888 kubernetes.io/service-account-token 3 5d
daemon-set-controller-token-stk8c kubernetes.io/service-account-token 3 5d
default-token-tfqmd kubernetes.io/service-account-token 3 5d
deployment-controller-token-qjb5p kubernetes.io/service-account-token 3 5d
disruption-controller-token-2gm8q kubernetes.io/service-account-token 3 5d
endpoint-controller-token-wqgj2 kubernetes.io/service-account-token 3 5d
endpointslice-controller-token-4kg7d kubernetes.io/service-account-token 3 5d
endpointslicemirroring-controller-token-lkbmc kubernetes.io/service-account-token 3 5d
ephemeral-volume-controller-token-8c6gc kubernetes.io/service-account-token 3 5d
expand-controller-token-c5jls kubernetes.io/service-account-token 3 5d
generic-garbage-collector-token-jxj9x kubernetes.io/service-account-token 3 5d
horizontal-pod-autoscaler-token-zmq6b kubernetes.io/service-account-token 3 5d
job-controller-token-zwvw8 kubernetes.io/service-account-token 3 5d
kube-proxy-token-t2zz8 kubernetes.io/service-account-token 3 5d
kubernetes-dashboard-admin-sa-token-kbwq2 kubernetes.io/service-account-token 3 26h
metrics-server-token-8pfcn kubernetes.io/service-account-token 3 17h
namespace-controller-token-fbg4h kubernetes.io/service-account-token 3 5d
node-controller-token-9s8x5 kubernetes.io/service-account-token 3 5d
persistent-volume-binder-token-bgdzg kubernetes.io/service-account-token 3 5d
pod-garbage-collector-token-9ggpj kubernetes.io/service-account-token 3 5d
pv-protection-controller-token-25vbw kubernetes.io/service-account-token 3 5d
pvc-protection-controller-token-c2tns kubernetes.io/service-account-token 3 5d
replicaset-controller-token-79jqd kubernetes.io/service-account-token 3 5d
replication-controller-token-2pt2n kubernetes.io/service-account-token 3 5d
resourcequota-controller-token-p7jck kubernetes.io/service-account-token 3 5d
root-ca-cert-publisher-token-l5cxg kubernetes.io/service-account-token 3 5d
service-account-controller-token-lwsg8 kubernetes.io/service-account-token 3 5d
service-controller-token-w4vwx kubernetes.io/service-account-token 3 5d
statefulset-controller-token-5prhp kubernetes.io/service-account-token 3 5d
token-cleaner-token-tngx4 kubernetes.io/service-account-token 3 5d
ttl-after-finished-controller-token-z458q kubernetes.io/service-account-token 3 5d
ttl-controller-token-zpx75 kubernetes.io/service-account-token 3 5d
$ kubectl describe secret kubernetes-dashboard-admin-sa-token-kbwq2 -n kube-system
Name: kubernetes-dashboard-admin-sa-token-kbwq2
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard-admin-sa
kubernetes.io/service-account.uid: 94877068-f7ef-4a14-beed-3afdf54f1c13
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InRQTDRqcTlFNVlIa2xqa3M1STBFTHpFWTlYcXRKYlZtOWQzMW94dTFtQmMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi1zYS10b2tlbi1rYndxMiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi1zYSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6Ijk0ODc3MDY4LWY3ZWYtNGExNC1iZWVkLTNhZmRmNTRmMWMxMyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZC1hZG1pbi1zYSJ9.cPUKk70AArqGtoFQXnS12MYgk5k-HOUxK0tnkiBGan-c0txPi6OVSs1r2881SWhvbqXjpsiI2Ac1BuIe1ayKWOq9WbO72cHvgDFn0zyXeq7v-TrYEoZXXa1RJZWoq9iAaHeEwlQK3JAApT5BVYjXj909wv3oBUV-yw4dNp_7RuhjD-obNd7Rh16aY46w2fYs3BVcz7zVp2D8e7HwQK_hhTXefHNlCBcNrgwqjT7bRLGKz7Ij4IInMSL32q24Zl8nE7ZzZoDHkYLCo18xdh3Sle4acb3zgQ0xFyOPFViU-ETyIIby7ERq9DSNuBOICBrd5zM7GWHLvPIrp5JRKp7s_g
$ kubectl proxy --address 0.0.0.0
Starting to serve on [::]:8001
- Browser URL
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/workloads?namespace=_all
- Sign in
© 2024 | Lyes Sefiane 
All Rights Reserved | CC BY-NC-ND 4.0
