Kubernetes

Sissejuhatus

TODO

Mõisted

• Container Runtime - konteineri image käivitamise keskkond (nt cri-o, docker, containerd) - engine rollis võib olla 'Container engine' või kubernetes ise
• Conteiner Engine - midagi terviklikumat (nt standalone dockerhost), tavaliselt kuulub CE kooseisu muu hulgas CR - näitedeks on Docker, Podman dockerhost pidamisel
• OCI - Open Containers Initiative
• CNCF - Cloud Native Computing Foundation
• CNI - Container Network Interface
• CRI - Container Runtime Interface
• CSI - Container Storage Interface

Oskused

• Kubernetes and Cloud Native Associate
• CKAD - Certified Kubernetes Application Developer
• CKA - Certified Kubernetes Administator
• Certified Kubernetes Security

Tööpõhimõte

TODO

Paigaldamine

TODO

Paigaldamiseks on mitmeid võimalusi, aadressil https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/ kirjeldatakse muu hulgas Ubuntu 18.04 operatsioonisüsteemi juhtumit.

root@k8s-master:~# kubectl get pods --all-namespaces

root@k8s-master:~# kubectl get nodes
NAME         STATUS   ROLES    AGE     VERSION
k8s-master   Ready    master   7h36m   v1.18.2
k8s-node-1   Ready    <none>   7h18m   v1.18.2
k8s-node-2   Ready    <none>   7h17m   v1.18.2

root@k8s-master:~# kubectl get all -o wide

Kasutamine

TODO

root@k8s-master:~# kubectl create deployment hello-minikube --image=k8s.gcr.io/echoserver:1.4
root@k8s-master:~# kubectl create deployment --image httpd httpd-create
root@k8s-master:~# kubectl create deployment --image=busybox busy2 --dry-run -o yaml

Pod tekitamine

root@k8s-master:~# cat httpd-pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: httpd-hello
  namespace: default
spec:
  containers:
  - image: httpd
    name: httpd

root@k8s-master:~# kubectl create -f httpd-pod.yaml
root@k8s-master:~# kubectl exec -it httpd-hello -- /bin/bash
root@k8s-master:~# kubectl describe pods httpd-hello

root@k8s-master:~# kubectl get pods httpd-create-2-5c994cf8f5-sfs7s -o yaml

Nodeport abil välja näitamine

root@k8s-master:~# kubectl expose deployment httpd-create-2 --port 80
root@k8s-master:~# kubectl edit svc httpd-create-2

pod arvu muutmine

root@k8s-master:~# kubectl scale deployment --replicas=6 httpd-create-2
root@k8s-master:~# kubectl edit deployments.apps httpd-create-2 -> ja muuta spec -> replicas väärtust

NodePort kaudu eemalt ligipääs http://192.168.110.101:32001/ ja http://192.168.110.102:32001/

Tarkvara uuendamine

TODO

Süsteemi käivitamine ja seiskamine

TODO

ingress - nginx

Tööpõhimõte

TODO

Paigaldamine

nginx ingress paigaldamine toimub nt

# kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/baremetal/deploy.yaml

mille tulemusena

• TODO

Kasutamine - non-tls

# cat example-ingress.yaml 
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
  rules:
  - host: hello-world.info
    http:
      paths:
      - path: /nmt
        backend:
          serviceName: nmt
          servicePort: 80

      - path: /nginx
        backend:
          serviceName: httpd-create-2
          servicePort: 80

kus

• TODO

Kasutamine - tls

our-tls objekti moodustamiseks sobib öelda

# cat tls.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: our-tls
  namespace: default
type: kubernetes.io/tls
data:
  tls.crt: LS0tLS1CR ...
  tls.key: LS0tLS1CRUd ...

tls sertifikaatide objekti tekitamiseks sobib öelda

# kubectl create -f tls.yaml

# cat example-ingress-tls.yaml 
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example-ingress-tls
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  tls:
  - hosts:
    - www.moraal.ee
    secretName: our-tls
  rules:
  - host: www.moraal.ee
    http:
      paths:
      - path: /nmt
        backend:
          serviceName: nmt
          servicePort: 443

      - path: /nginx
        backend:
          serviceName: httpd-create-2
          servicePort: 80

ingress tekitamiseks sobib öelda

# kubectl apply -f example-ingress-tls.yaml

Haldamine

# kubectl get ingress
NAME                  CLASS    HOSTS              ADDRESS           PORTS     AGE
example-ingress       <none>   hello-world.info   192.168.110.102   80        9h
example-ingress-tls   <none>   www.moraal.ee      192.168.110.102   80, 443   8h

# kubectl describe ingress example-ingress
Name:             example-ingress
Namespace:        default
Address:          192.168.110.102
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
Rules:
  Host              Path  Backends
  ----              ----  --------
  hello-world.info  
                    /nmt     nmt:80 (10.217.1.42:80)
                    /nginx   httpd-create-2:80 (10.217.1.149:80,10.217.1.216:80)
Annotations:        nginx.ingress.kubernetes.io/rewrite-target: /$1
Events:             <none>

# kubectl delete -f example-ingress.yaml
# kubectl edit ingress example-ingress
# kubectl delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.34.1/deploy/static/provider/baremetal/deploy.yaml

Kasulikud lisamaterjalid

• https://kubernetes.github.io/ingress-nginx/
• https://matthewpalmer.net/kubernetes-app-developer/articles/kubernetes-ingress-guide-nginx-example.html
• https://kubernetes.github.io/ingress-nginx/deploy/baremetal/
• https://www.net7.be/blog/article/kubernetes_ingress_bare_metal_load_balancing.html
• https://medium.com/devityoself/ingress-tls-bare-metal-kubernetes-9b8fda1917aa

ingress - haproxy

Tööpõhimõte

TODO

Paigaldamine

# kubectl create -f https://haproxy-ingress.github.io/resources/haproxy-ingress.yaml
# kubectl label node k8s-node-1 role=ingress-controller

Kasutamine

'proxy protocol' kasutamine

# cat example-ingress-tls-haproxy.yaml 
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: example-ingress-tls-haproxy
  namespace: default
  annotations:
    ingress.kubernetes.io/backend-protocol: "HTTP"
    ingress.kubernetes.io/proxy-protocol: "v1"
spec:
  rules:
  - host: www.pak-lm.ee
    http:
      paths:
      - path: /nmt
        backend:
          serviceName: nmt
          servicePort: 80

      - path: /nginx
        backend:
          serviceName: httpd-create-2
          servicePort: 80
  tls:
  - hosts:
    - www.pak-lm.ee
    secretName: our-tls

Paigaldamine koos tcp-services kasutamise võimalusega

# wget https://haproxy-ingress.github.io/resources/haproxy-ingress.yaml

Lisaada DaemonSet alla üks args rida juurde, kokku saab

..
        args:
        - --configmap=ingress-controller/haproxy-ingress
        - --tcp-services-configmap=ingress-controller/haproxy-tcp
...

Tekitada haproxy-tcp configmap

# kubectl --namespace=ingress-controller create configmap haproxy-tcp --from-literal=8000="default/nmt:80::PROXY-V1"

ning muuta

# kubectl --namespace=ingress-controller edit cm haproxy-tcp

Tulemuseks on nt

# kubectl --namespace=ingress-controller get cm haproxy-tcp -o yaml
apiVersion: v1
data:
  "8000": default/nmt:80::PROXY-V1
kind: ConfigMap
...

Kasulikud lisamaterjalid

• https://github.com/jcmoraisjr/haproxy-ingress
• https://haproxy-ingress.github.io/docs/getting-started/
• https://github.com/haproxytech/haproxy-ingress
• https://github.com/jcmoraisjr/haproxy-ingress/issues/96

ingress - traefik

TODO

Tööpõhimõte

• CRD - Custom Resource Definition

Paigaldamine

# helm3 install -- set="ports.web.nodePort=32080,ports.websecure.nodePort=32443,service.type=NodePort,ports.traefik.expose=true,additionalArguments={--entrypoints.udpep.address=:9000/udp}" traefik traefik/traefik

kus

• TODO
• haldusliides http://192.168.110.101:30967/dashboard/ port vaadata '# kubectl get all --all-namespaces | grep traefi' väljundist

Kasutamine - kubernetes ingress

Automaatselt avastab tavalised kubernetes ingress resource'id

Kasutamine - kubernetes crd

# cat traefik-ingress-nmt4.yaml 
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: nmt4-ingress
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`nmt4.auul.pri.ee`)
    kind: Rule
    services:
    - name: nmt4
      port: 80

# kubectl apply -f traefik-ingress-nmt4.yaml

Kasulikud lisamaterjalid

• https://docs.traefik.io/getting-started/concepts/
• https://medium.com/kubernetes-tutorials/deploying-traefik-as-ingress-controller-for-your-kubernetes-cluster-b03a0672ae0c
• https://ralph.blog.imixs.com/2020/02/01/kubernetes-setup-traefik-2-1/
• https://medium.com/dev-genius/quickstart-with-traefik-v2-on-kubernetes-e6dff0d65216

Misc

# kubectl create deploy myapp --image=nginx --replicas=3 --dry-run=client -o yaml

Kasulikud lisamaterjalid

• https://www.youtube.com/watch?v=RiAU95bZT5I