KUBERNETES@RUG#
Access#
Vraag een API aan via webhosting.cit@rug.nl voor toegang tot de kubernetes test omgeving.
cat > .kube/config <<EOF
apiVersion: v1
kind: Config
clusters:
- name: "example"
cluster:
server: "https://example.rug.nl:1234"
api-version: v1
users:
- name: "user-test"
user:
token: "user-example:asdkfljfiwejlakjkdlasdakljdiwqdjiqw&$"
contexts:
- name: "example"
context:
user: "user-example"
cluster: "example"
current-context: "example"
EOF
Ingress Controller (edit)#
Steps :
kubectl --namespace=<namespace> get ingress
kubectl --namespace=<namespace> get ingress | grep <name>
kubectl edit --namespace=<namespace> ingress <name>
Adjust some values :
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 10m
nginx.ingress.kubernetes.io/proxy-connect-timeout: "120"
nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
nginx.ingress.kubernetes.io/proxy-send-timeout: "120"
save/quit
Ingress WhiteList#
kubectl edit ingress ....
# add annotation
nginx.ingress.kubernetes.io/whitelist-source-range = "1.1.1.1/24"
Ingress Basic Auth#
htpasswd -c passfile foo
kubectl create secret generic basic-auth --from-file=passfile
check secret
kubectl get secret basic-auth -o yaml
edit ingress
kubectl edit ingress example
metadata:
name: ingress-with-auth
annotations:
# type of authentication
nginx.ingress.kubernetes.io/auth-type: basic
# name of the secret that contains the user/password definitions
nginx.ingress.kubernetes.io/auth-secret: basic-auth
# message to display with an appropriate context why the authentication is required
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
Edit Deployment#
Steps :
kubectl --namespace=<namespace> get deployments
kubectl --namespace=<namespace> get deployment | grep <name>
kubectl edit --namespace=<namespace> deployments <name>
Adjust some values :
hostAliases:
- hostnames:
- example.com
ip: 127.0.0.1
save/quit
Register SSL test environment ( only with public IP )#
Register SSL with letsencrypt-issuer
cat > nginx.yml <<EOF
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: example-rug-nl
namespace: default
spec:
secretName: letsencrypt-issuer-tls
issuerRef:
name: letsencrypt-issuer
dnsNames:
- example.rug.nl
acme:
config:
- http01:
ingress: nginx
domains:
- example.rug.nl
EOF
kubectl apply -f nginx.yml
Simple deployment#
cat > simple.yml <<EOF
metadata:
name: nginx-service-example-rug-nl
spec:
replicas: 1
selector:
k8s-app: nginx-service-example-rug-nl
template:
metadata:
labels:
k8s-app: nginx-service-example-rug-nl
spec:
terminationGracePeriodSeconds: 60
containers:
- name: nginx-service-example-rug-nl
image: nginx:latest
ports:
- containerPort: 80
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: host-based-ingress
spec:
rules:
- host: example.rug.nl
http:
paths:
- backend:
serviceName: nginx-service-example-rug-nl
servicePort: 80
EOF
kubectl -f simple.yml
PersistentVolume#
cat > pv.yml <<EOF
apiVersion: v1
kind: PersistentVolume
metadata:
name: user
labels:
name: nfs4
spec:
storageClassName: nfs-class
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
server: 1.2.3.4
path: /
EOF
kubectl apply -f pv.yml
PersistentVolumeClaim#
cat > pvc.yml <<EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: user
spec:
storageClassName: nfs-class
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
EOF
kubectl apply -f pvc.yaml
Service#
cat > service.yml <<EOF
apiVersion: v1
kind: Service
metadata:
name: service-name
labels:
app: service-name
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
selector:
app: service-name
EOF
kubectl apply -f service.yml
Deployment#
cat > deploy.yml <<EOF
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: example
labels:
app: example
spec:
replicas: 1
selector:
matchLabels:
app: example
minReadySeconds: 10
template:
metadata:
labels:
app: example
version: v0.2
spec:
terminationGracePeriodSeconds: 60
containers:
- name: example
image: nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
protocol: TCP
env:
- name: WEBSERVER
value: NGINX
readinessProbe:
failureThreshold: 3
httpGet:
path: /
port: 80
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 2
successThreshold: 2
timeoutSeconds: 2
tty: true
volumeMounts:
- mountPath: /var/www
name: user
dnsPolicy: ClusterFirst
hostAliases:
- hostnames:
- example.rug.nl
ip: 127.0.0.1
imagePullSecrets:
- name: registry
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 30
volumes:
- name: user
persistentVolumeClaim:
claimName: user
EOF
kubectl apply -f deploy.yml
HTTPS#
cat > https.yml <<EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
name: example
namespace: default
spec:
rules:
- host: example.rug.nl
http:
paths:
- backend:
serviceName: example
servicePort: 80
tls:
- secretName: letsencrypt-issuer-tls
hosts:
- example.rug.nl
EOF
kubectl -f apply https.yml
Ingress annotations#
redirect SSL#
nginx.ingress.kubernetes.io/server-snippet =
if ($http_x_ssl_enabled != "true") {
rewrite ^ https://$host$request_uri? permanent;
}
Ingress app root#
Set application root to /wp
nginx.ingress.kubernetes.io/app-root = /wp
Ingress app root force https#
Set application root to /wp
nginx.ingress.kubernetes.io/app-root = /wp
nginx.ingress.kubernetes.io/force-ssl-redirect = true
Cheat sheet#
### cluster
kubectl get services # List all services
kubectl get pods # List all pods
kubectl get nodes -w # Watch nodes continuously
kubectl version # Get version information
kubectl cluster-info # Get cluster information
kubectl config view # Get the configuration
kubectl describe node <node> # Output information about a node
### pod and container
kubectl get pods # List the current pods
kubectl describe pod <name> # Describe pod <name>
kubectl get rc # List the replication controllers
kubectl get rc --namespace="<namespace>" # List the replication controllers in <namespace>
kubectl describe rc <name> # Describe replication controller <name>
kubectl get svc # List the services
kubectl describe svc <name> # Describe service <name>
### interacting
kubectl run <name> --image=<image-name> # Launch a pod called <name>
# using image <image-name>
kubectl create -f <manifest.yaml> # Create a service described
# in <manifest.yaml>
kubectl scale --replicas=<count> rc <name> # Scale replication controller
# <name> to <count> instances
kubectl expose rc <name> --port=<external> --target-port=<internal> # Map port <external> to
# port <internal> on replication
# controller <name>
### stopping
kubectl delete pod <name> # Delete pod <name>
kubectl delete rc <name> # Delete replication controller <name>
kubectl delete svc <name> # Delete service <name>
kubectl drain <n> --delete-local-data --force --ignore-daemonsets # Stop all pods on <n>
kubectl delete node <name>
### administration
kubeadm init # Initialize your master node
kubeadm join --token <token> <master-ip>:<master-port> # Join a node to your Kubernetes cluster
kubectl create namespace <namespace> # Create namespace <name>
kubectl taint nodes --all node-role.kubernetes.io/master- # Allow Kubernetes master nodes to run pods
kubeadm reset # Reset current state
kubectl get secrets