Skip to content

Latest commit

 

History

History
413 lines (286 loc) · 9.95 KB

README.adoc

File metadata and controls

413 lines (286 loc) · 9.95 KB

How to easily manage a Kubernetes cluster using kind

Introduction

The goal of this project is to simplify the life of the developers to manage a kubernetes cluster with the following default features:

  • Launch a container registry using the specified port e.g. localhost:5000,

  • Set up an Ingress controller to route the external traffic to the cluster.

For that purpose, several bash scripts have been developed.

ℹ️

These scripts can also be used directly from the snowdrop/k8s-infra GitHub repository using curl.

Example: curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s …​

kind.sh can be replaced by any of the other scripts included in this document.

Kind Cluster

To create or delete a cluster using the kind use the kind.sh script.

Container Registry

To create or delete a container registry use the registry.sh script.

The container registry is started as a container, its network shared with the host and can be deployed using the mode:

  • Unsecure: plain HTTP without user authentication (default)

  • Secured: HTTP/TLS using htpasswd to authenticate the users

Prerequisite

To be able to use the bash script, the following tools are required:

Usage

Open a terminal and at the root of this repository, execute the following command:

./kind/kind.sh command [parameters,...]

The available commands are:

Table 1. Script commands
Command Description

install

Create a "kind" kubernetes cluster

remove

Remove the "kind" kubernetes cluster

Relevant options

Other relevant parameters are the following.

Table 2. Script options
Command Description

--ingress

string

Ingress controller to be deployed.

Choices:

  • kourier

  • nginx` ⇐ Default

--cluster-name

string

Name of the cluster.

Default: kind

--port-map

string

Comma separated list of extra ports mappings. See kind config.

e.g.: ContainerPort1:HostPort1,…​

⚠️

The ports required to be accessed from outside the kind cluster must be mapped between the host and the kind container using this parameter.

--provider

string

Allows selecting the container runtime to be used.

Choices:

Install

This script allows creating both a kind cluster with associated ingress controller and a container registry in separate commands.

Container Registry

The first (optional) step is creating a container registry.

Table 3. Container Registry creation most relevant options
parameter Description

--registry-name

string

Name to be given to the registry.

Default: kind-registry

--registry-password

string

Registry user password.

Default: snowdrop

--registry-port

string

Port to be assigned to the Container Registry.

Default: 5000

--registry-user

string

Registry user.

Default: admin

Container registry creation statement
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/registry.sh" | bash -s install --registry-name kind-registry.local

Kind Cluster

Creating a kubernetes cluster is as simple as executing the following command.

kind deploy statement
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s install --cluster-name snowdrop --port-map "30000:30000,31000:31000" --registry-name kind-registry.local
Table 4. kind cluster creation most relevant options
parameter Description

--registry-name

string

Name of the registry to use.

Default: kind-registry

--registry-port

string

Port to be assigned to the Container Registry.

Default: 5000

Post deployment steps

Allow using an insecure container registry

Using Docker

Check the Test an insecure registry Docker document.

Instructions for Docker

Add the following contents to the /etc/docker/daemon.json file.

{
  "insecure-registries" : ["localhost:5000"]
}

Using Podman

Check the Podman installation document.

Instructions for Podman

Add the kind-registry.conf file to the /etc/containers/registries.conf.d/ folder having the following contents.

Allow using the newly created insecure registry
[[registry]]
location = "localhost:5000"
insecure = true

Remove

Kind Cluster

To undeploying a previousy deployed kind cluster use the remove action on the kind deploy script.

kind undeploy statement
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s remove --cluster-name snowdrop

Container Registry

container registry removal statement
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/registry.sh" | bash -s remove --registry-name kind-registry.local

Secured docker registry

To deploy a local secured (using htpasswd) docker registry use the --secure-registry parameter.

The security related parameters are the following.

Table 5. Security related parameters
Command Description

--secure-registry

Secure the docker registry.

--registry-user

string

Registry user.

Default: admin

--registry-password

string

Registry user password.

Default: snowdrop

When the cluster is created, add to your /etc/hosts file a new entry to map the localhost ip address with the name of the registry

::1
127.0.0.1 kind-registry kind-registry

The certificate generated is available at ~/.registry/certs/<CLUSTER_NAME>-registry

You can log on to the registry using the user and password as defined previously.

docker login -u admin -p snowdrop kind-registry:5000

REMARK: If needed by the tools such as podman, crt, crictl, … move the file of the certificate under by example /etc/docker/certs.d/kind-registry:5000/client.cert

How to check

Container registry

To verify if you can use the (secured) container registry, then execute the following commands:

docker pull gcr.io/google-samples/hello-app:1.0
docker tag gcr.io/google-samples/hello-app:1.0 kind-registry:5000/google-samples/hello-app:1.0

docker logout kind-registry:5000
docker login kind-registry:5000 -u admin -p snowdrop
docker push kind-registry:5000/google-samples/hello-app:1.0

kubectl delete secret regcred
kubectl create secret docker-registry regcred --docker-server=kind-registry:5000 --docker-username=admin --docker-password=snowdrop
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}'
kubectl delete deployment hello
kubectl create deployment hello --image=kind-registry:5000/google-samples/hello-app:1.0

kubectl get pod -lapp=hello
NAME                     READY   STATUS    RESTARTS   AGE
hello-7689699f4b-mbrr2   1/1     Running   0          21s

Ingress controller

To verify if the ingress route is working, use the following example part of the kind documentation like this page too to tag/push a container image to the localhost:5000 registry


1: The kubernetes default version depends on the version of the kind tool installed (e.g. 1.20.2 corresponds to kind 0.10.0). See the release note to find such information like the list of the supported images. The list of the kind - kubernetes images and their version (1.14.x, 1.15.y,…) can be consulted here

Multiple Clusters

The kind bash script now supports deploying multiple cluster. Simply execute the script passing as para meter a new cluster name and

Get list of clusters from kubeconfig
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s install-cluster --cluster-name snowdrop2 --registry-name kind-registry.local --ingress-ports '10080:10443'
⚠️

Check the --ingress-ports to make sure there are no conflicts with the ports of the different ingress controlers of each cluster. Each set of ports must be happed with the host ports.

Check the list of clusters defined in the kube configuration file.

Get list of clusters from kubeconfig
kubectl config get-clusters

As a result the different clusters will be shown.

Cluster list with multiple clusters
NAME
snowdrop2
snowdrop