kops Introduction
What is kops?
kops can help create, destroy, upgrade and maintain production-grade, highly available, Kubernetes clusters from the command line. it support following cloud platform:
- AWS
- GCE
- VMware vSphere
There is a similar tool called kubeadm
We will introcude it based on AWS
How to install kops?
kops depend on kubectl, you should install kubectl first.
-
brew
$ brew install kubectl # if you have not installed $ sudo brew install kops
How to deploy kubernetes cluster on AWS using kops?
- First you need a IAM user to do the deployment, it requires following permissions
- AmazonEC2FullAccess
- AmazonRoute53FullAccess
- AmazonS3FullAccess
- IAMFullAccess
- AmazonVPCFullAccess
- Then you need a S3 bucket to store the cluster configuration
- And you need configure your DNS properly, there are four scenarios
- A Domain purchased/hosted via AWS
- A subdomain under a domain purchased/hosted via AWS
- Setting up Route53 for a domain purchased with another registrar
- Subdomain for clusters in route53, leaving the domain at another registrar
you can following this doc to configure your DNS
- Then you can use the follwing commands to deploy a cluster
-
Public cluster
The master and nodes in a public network and can be accessed by any ip
$ export KOPS_NAME="<cluster dns record>" $ export KOPS_STATE_STORE="s3://<bucket-name>" $ kops create cluster \ --name $KOPS_NAME \ --state $KOPS_STATE_STORE \ --zones ap-northeast-2a \ --yes
-
Private cluster
The master and nodes in a private network, there will be a bastion node. user can only access the nodes using bastion
$ export KOPS_NAME="<cluster dns record>" $ export KOPS_STATE_STORE="s3://<bucket-name>" $ kops create cluster \ --name $KOPS_NAME \ --state $KOPS_STATE_STORE \ --zones ap-northeast-2a \ --bastion \ --topology private \ --networking weave \ --yes
-
How to modify the cluster configuration?
The cluster configuration was stored in the specified S3 bucket, you can execute the following command to edit the configuration file
$ kops edit cluster --name <cluster name>
The configuration file looks like this
apiVersion: kops/v1alpha2
kind: Cluster
metadata:
creationTimestamp: 2018-01-12T06:21:40Z
name:
spec:
api:
dns: {}
authorization:
alwaysAllow: {}
channel: stable
cloudProvider: aws
configBase: s3://
etcdClusters:
- etcdMembers:
- instanceGroup: master-ap-northeast-2a
name: a
name: main
- etcdMembers:
- instanceGroup: master-ap-northeast-2a
name: a
name: events
iam:
allowContainerRegistry: true
legacy: false
kubernetesApiAccess:
- 0.0.0.0/0
kubernetesVersion: 1.8.4
masterInternalName:
masterPublicName:
networkCIDR: 172.20.0.0/16
networking:
kubenet: {}
nonMasqueradeCIDR: 100.64.0.0/10
sshAccess:
- 0.0.0.0/0
subnets:
- cidr: 172.20.32.0/19
name: ap-northeast-2a
type: Public
zone: ap-northeast-2a
topology:
dns:
type: Public
masters: public
nodes: public
You can also change the instance configuration of nodes, just execute following command
$ kops get instancegroups # get all instancegroups
$ kops edit instancegroups <instancegroups name>
The configuration looks like this
apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
creationTimestamp: 2018-01-12T06:21:42Z
labels:
kops.k8s.io/cluster:
name: master-ap-northeast-2a
spec:
image: kope.io/k8s-1.8-debian-jessie-amd64-hvm-ebs-2017-12-02
machineType: t2.micro
maxSize: 1
minSize: 1
nodeLabels:
kops.k8s.io/instancegroup: master-ap-northeast-2a
role: Master
subnets:
- ap-northeast-2a
After save the configuration changes, you can use the following command to deploy the changes
$ kops update cluster <cluster name>
How to delete a cluster?
$ kops delete cluster --name <cluster name> --yes
Play kubernetes
After you deploy the cluster using kops, kubectl already set the context, you can use it directly
How to install a dashboard?
We will install the kubernetes/dashboard
-
Install the dashboard
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
-
Create a service account to access the dashboard
-
create the service account
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kube-system
-
bind this account to admin role
apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kube-system
-
-
Fetch the access token
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') Name: admin-user-token-6gl6l Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name=admin-user kubernetes.io/service-account.uid=b16afba9-dfec-11e7-bbb9-901b0e532516 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTZnbDZsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMTZhZmJhOS1kZmVjLTExZTctYmJiOS05MDFiMGU1MzI1MTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.M70CU3lbu3PP4OjhFms8PVL5pQKj-jj4RNSLA4YmQfTXpPUuxqXjiTf094_Rzr0fgN_IVX6gC4fiNUL5ynx9KU-lkPfk0HnX8scxfJNzypL039mpGt0bbe1IXKSIRaq_9VW59Xz-yBUhycYcKPO9RM2Qa1Ax29nqN
-
Start the proxy
$ kubectl proxy
-
Access the dashboard
You can access the dashboard with http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
In the Login page, you should fill in the token got from the previous step
How to deploy job on kubernetes?
We will deploy a simple container, it will output the PI value in stdout. its deployments looks like this
apiVersion: batch/v1
kind: Job
metadata:
name: pi
spec:
template:
spec:
containers:
- name: pi
image: perl
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: Never
backoffLimit: 4
We can deploy it using this command
$ kubectl create -f <deployment file>
Then we can fetch the pod log
$ kubectl logs job/pi
3.1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679821480865132823066470938446095505822317253594081284811174502841027019385211055596446229489549303819644288109756659334461284756482337867831652712019091456485669234603486104543266482133936072602491412737245870066063155881748815209209628292540917153643678925903600113305305488204665213841469519415116094330572703657595919530921861173819326117931051185480744623799627495673518857527248912279381830119491298336733624406566430860213949463952247371907021798609437027705392171762931767523846748184676694051320005681271452635608277857713427577896091736371787214684409012249534301465495853710507922796892589235420199561121290219608640344181598136297747713099605187072113499999983729780499510597317328160963185950244594553469083026425223082533446850352619311881710100031378387528865875332083814206171776691473035982534904287554687311595628638823537875937519577818577805321712268066130019278766111959092164201989380952572010654858632788659361533818279682303019520353018529689957736225994138912497217752834791315155748572424541506959508295331168617278558890750983817546374649393192550604009277016711390098488240128583616035637076601047101819429555961989467678374494482553797747268471040475346462080466842590694912933136770289891521047521620569660240580381501935112533824300355876402474964732639141992726042699227967823547816360093417216412199245863150302861829745557067498385054945885869269956909272107975093029553211653449872027559602364806654991198818347977535663698074265425278625518184175746728909777727938000816470600161452491921732172147723501414419735685481613611573525521334757418494684385233239073941433345477624168625189835694855620992192221842725502542568876717904946016534668049886272327917860857843838279679766814541009538837863609506800642251252051173929848960841284886269456042419652850222106611863067442786220391949450471237137869609563643719172874677646575739624138908658326459958133904780275898
How to deploy application on kubernetes?
We will deploy a http proxy container, it will allow us to access a website through the http proxy. its deployments looks like this
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
run: http-proxy
name: http-proxy-deployment
spec:
replicas: 1
selector:
matchLabels:
run: http-proxy
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
run: http-proxy
spec:
containers:
- image: wernight/dante
imagePullPolicy: Always
name: http-proxy
ports:
- containerPort: 1080
protocol: TCP
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 30
We can deploy it using this command
$ kubectl create -f <deployment file>
Not like the previous demo, we want to access this container from outside, so we must expose this container to the world.
We need to create a service, its configuration looks like this
apiVersion: v1
kind: Service
metadata:
name: http-proxy-service
spec:
ports:
- port: 1080
protocol: TCP
targetPort: 1080
selector:
run: http-proxy
type: LoadBalancer
Then we can fetch the service information to get the exposed endpoint
$ kubectl describe service http-proxy-service
Name: http-proxy-service
Namespace: default
Labels: <none>
Annotations: <none>
Selector: run=http-proxy
Type: LoadBalancer
IP: 100.66.125.105
LoadBalancer Ingress: a994bbf86a11e7b85d02c3e17c5ff-156353552.ap-northeast-2.elb.amazonaws.com
Port: <unset> 1080/TCP
TargetPort: 1080/TCP
NodePort: <unset> 31590/TCP
Endpoints: 100.96.1.10:1080
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
Now we can try the http proxy, the endpoint is LoadBalancer Ingress, the port is Port
$ curl --proxy socks5://a994bbf86a11e7b85d02c3e17c5ff-156353552.ap-northeast-2.elb.amazonaws.com:1080 https://www.baidu.com
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=https://ss1.bdstatic.com/5eN1bjq8AAUYm2zgoY3K/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body link=#0000cc> <div id=wrapper> <div id=head> <div class=head_wrapper> <div class=s_form> <div class=s_form_wrapper> <div id=lg> <img hidefocus=true src=//www.baidu.com/img/bd_logo1.png width=270 height=129> </div> <form id=form name=f action=//www.baidu.com/s class=fm> <input type=hidden name=bdorz_come value=1> <input type=hidden name=ie value=utf-8> <input type=hidden name=f value=8> <input type=hidden name=rsv_bp value=1> <input type=hidden name=rsv_idx value=1> <input type=hidden name=tn value=baidu><span class="bg s_ipt_wr"><input id=kw name=wd class=s_ipt value maxlength=255 autocomplete=off autofocus=autofocus></span><span class="bg s_btn_wr"><input type=submit id=su value=百度一下 class="bg s_btn" autofocus></span> </form> </div> </div> <div id=u1> <a href=http://news.baidu.com name=tj_trnews class=mnav>新闻</a> <a href=https://www.hao123.com name=tj_trhao123 class=mnav>hao123</a> <a href=http://map.baidu.com name=tj_trmap class=mnav>地图</a> <a href=http://v.baidu.com name=tj_trvideo class=mnav>视频</a> <a href=http://tieba.baidu.com name=tj_trtieba class=mnav>贴吧</a> <noscript> <a href=http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2f%3fbdorz_come%3d1 name=tj_login class=lb>登录</a> </noscript> <script>document.write('<a href="http://www.baidu.com/bdorz/login.gif?login&tpl=mn&u='+ encodeURIComponent(window.location.href+ (window.location.search === "" ? "?" : "&")+ "bdorz_come=1")+ '" name="tj_login" class="lb">登录</a>');
</script> <a href=//www.baidu.com/more/ name=tj_briicon class=bri style="display: block;">更多产品</a> </div> </div> </div> <div id=ftCon> <div id=ftConw> <p用d=lh> <a href=http://home.baidu.com>关于百度</a> <a href=http://ir.baidu.com>About Baidu</a> </p> <p id=cp>©2017 Baidu <a href=http://www.baidu.com/duty/>使
百度前必读</a> <a href=http://jianyi.baidu.com/ class=cp-feedback>意见反馈</a> 京ICP证030173号 <img src=//www.baidu.com/img/gs.gif> </p> </div> </div> </div> </body> </html>
Done!!
Comments