The goal of this project is to simplify the life of the developers to manage a kubernetes cluster with the following default features:
-
Launch a container registry using the specified port
e.g. localhost:5000
, -
Set up an Ingress controller to route the external traffic to the cluster.
For that purpose, several bash scripts have been developed.
ℹ️
|
These scripts can also be used directly from the snowdrop/k8s-infra GitHub repository using Example:
|
To create or delete a container registry use the registry.sh
script.
The container registry is started as a container
, its network shared with the host and can be deployed using the mode:
-
Unsecure: plain HTTP without user authentication (default)
-
Secured: HTTP/TLS using htpasswd to authenticate the users
To be able to use the bash script, the following tools are required:
-
A container runtime (one of):
-
Podman: https://podman.io/
-
helm: https://helm.sh/
-
jq: https://stedolan.github.io/jq/download/
-
Used for validating the environment
-
-
openssl:
-
optional, unless a secure container registry is used
-
Open a terminal and at the root of this repository, execute the following command:
./kind/kind.sh command [parameters,...]
The available commands are:
Command | Description |
---|---|
|
Create a "kind" kubernetes cluster |
|
Remove the "kind" kubernetes cluster |
Other relevant parameters are the following.
Command | Description | ||
---|---|---|---|
string |
Ingress controller to be deployed. Choices:
|
||
string |
Name of the cluster. Default: kind |
||
string |
Comma separated list of extra ports mappings. See kind config. e.g.:
|
||
string |
Allows selecting the container runtime to be used. Choices:
|
This script allows creating both a kind cluster with associated ingress controller and a container registry in separate commands.
The first (optional) step is creating a container registry.
parameter | Description |
---|---|
string |
Name to be given to the registry. Default: kind-registry |
string |
Registry user password. Default: |
string |
Port to be assigned to the Container Registry. Default: 5000 |
string |
Registry user. Default: |
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/registry.sh" | bash -s install --registry-name kind-registry.local
Creating a kubernetes cluster is as simple as executing the following command.
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s install --cluster-name snowdrop --port-map "30000:30000,31000:31000" --registry-name kind-registry.local
parameter | Description |
---|---|
string |
Name of the registry to use. Default: kind-registry |
string |
Port to be assigned to the Container Registry. Default: 5000 |
Using Docker
Check the Test an insecure registry Docker document.
Instructions for Docker
Add the following contents to the /etc/docker/daemon.json
file.
{
"insecure-registries" : ["localhost:5000"]
}
Using Podman
Check the Podman installation document.
Instructions for Podman
Add the kind-registry.conf
file to the /etc/containers/registries.conf.d/
folder having the following contents.
[[registry]]
location = "localhost:5000"
insecure = true
To undeploying a previousy deployed kind cluster use the remove
action on the kind deploy script.
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s remove --cluster-name snowdrop
To deploy a local secured (using htpasswd) docker registry use the --secure-registry
parameter.
The security related parameters are the following.
Command | Description |
---|---|
|
Secure the docker registry. |
string |
Registry user. Default: |
string |
Registry user password. Default: |
When the cluster is created, add to your /etc/hosts
file a new entry
to map the localhost ip
address with the name of the registry
::1 127.0.0.1 kind-registry kind-registry
The certificate generated is available at ~/.registry/certs/<CLUSTER_NAME>-registry
You can log on to the registry using the user and password as defined previously.
docker login -u admin -p snowdrop kind-registry:5000
REMARK: If needed by the tools such as podman, crt, crictl, … move the
file of the certificate under by example
/etc/docker/certs.d/kind-registry:5000/client.cert
To verify if you can use the (secured) container registry, then execute the following commands:
docker pull gcr.io/google-samples/hello-app:1.0
docker tag gcr.io/google-samples/hello-app:1.0 kind-registry:5000/google-samples/hello-app:1.0
docker logout kind-registry:5000
docker login kind-registry:5000 -u admin -p snowdrop
docker push kind-registry:5000/google-samples/hello-app:1.0
kubectl delete secret regcred
kubectl create secret docker-registry regcred --docker-server=kind-registry:5000 --docker-username=admin --docker-password=snowdrop
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}'
kubectl delete deployment hello
kubectl create deployment hello --image=kind-registry:5000/google-samples/hello-app:1.0
kubectl get pod -lapp=hello
NAME READY STATUS RESTARTS AGE
hello-7689699f4b-mbrr2 1/1 Running 0 21s
To verify if the ingress route is working, use the following example
part of the
kind
documentation like
this
page too to tag/push a container image to the localhost:5000
registry
1: The kubernetes default version
depends on the version of the kind
tool installed (e.g. 1.20.2 corresponds to kind 0.10.0). See the release
note to find such information like the list of the
supported images. The
list of the kind - kubernetes
images and their version (1.14.x,
1.15.y,…) can be consulted
here
The kind bash script now supports deploying multiple cluster. Simply execute the script passing as para meter a new cluster name and
curl -s -L "https://raw.githubusercontent.com/snowdrop/k8s-infra/main/kind/kind.sh" | bash -s install-cluster --cluster-name snowdrop2 --registry-name kind-registry.local --ingress-ports '10080:10443'
|
Check the |
Check the list of clusters defined in the kube configuration file.
kubectl config get-clusters
As a result the different clusters will be shown.
NAME
snowdrop2
snowdrop