LFS258 Kubernetes Fundamentals - QuickStart Intelligence PDF

1m ago
3 Views
0 Downloads
1,019.42 KB
132 Pages
Transcription

LFS258KubernetesFundamentalsVersion 2020-04-20Version 2020-04-20 Copyright the Linux Foundation 2020. All rights reserved.

ii Copyright the Linux Foundation 2020. All rights reserved.The training materials provided or developed by The Linux Foundation in connection with the training services are protectedby copyright and other intellectual property rights.Open source code incorporated herein may have other copyright holders and is used pursuant to the applicable open sourcelicense.The training materials are provided for individual use by participants in the form in which they are provided. They may not becopied, modified, distributed to non-participants or used to provide training to others without the prior written consent of TheLinux Foundation.No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without express priorwritten consent.Published by:the Linux Foundationhttps://www.linuxfoundation.orgNo representations or warranties are made with respect to the contents or use of this material, and any express or impliedwarranties of merchantability or fitness for any particular purpose or specifically disclaimed.Although third-party application software packages may be referenced herein, this is for demonstration purposes only andshall not constitute an endorsement of any of these software applications.Linux is a registered trademark of Linus Torvalds. Other trademarks within this course material are the property of theirrespective owners.If there are any questions about proper and fair use of the material herein, please contact:[email protected] 2020-04-20 Copyright the Linux Foundation 2020. All rights reserved.

Contents123456789Introduction11.11Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Basics of Kubernetes32.13Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Installation and Configuration53.15Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Kubernetes Architecture254.125Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .APIs and Access335.133Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .API Objects396.139Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Managing State With Deployments497.149Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Services578.157Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Volumes and Data639.163Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Ingress7910.179Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Scheduling11.185Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12 Logging and Troubleshooting12.193Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 Custom Resource Definition13.18593101Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10114 Helm105iii

ivCONTENTS14.1Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10515 Security15.1111Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11116 High Availability16.1119Labs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119V 2020-04-20 Copyright the Linux Foundation 2020. All rights reserved.

List of Figures3.1External Access via Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2210.1Accessing the API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8412.1External Access via Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9912.2External Access via Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10012.3External Access via Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10016.1Initial HAProxy Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12116.2Multiple HAProxy Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12416.3HAProxy Down Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126v

viV 2020-04-20LIST OF FIGURES Copyright the Linux Foundation 2020. All rights reserved.

Chapter 1Introduction1.1LabsExercise 1.1: Configuring the System for sudoIt is very dangerous to run a root shell unless absolutely necessary: a single typo or other mistake can cause serious (evenfatal) damage.Thus, the sensible procedure is to configure things such that single commands may be run with superuser privilege, by usingthe sudo mechanism. With sudo the user only needs to know their own password and never needs to know the root password.If you are using a distribution such as Ubuntu, you may not need to do this lab to get sudo configured properly for the course.However, you should still make sure you understand the procedure.To check if your system is already configured to let the user account you are using run sudo, just do a simple command like: sudo lsYou should be prompted for your user password and then the command should execute. If instead, you get an error messageyou need to execute the following procedure.Launch a root shell by typing su and then giving the root password, not your user password.On all recent Linux distributions you should navigate to the /etc/sudoers.d subdirectory and create a file, usually with thename of the user to whom root wishes to grant sudo access. However, this convention is not actually necessary as sudo willscan all files in this directory as needed. The file can simply contain:student ALL (ALL)ALLif the user is student.An older practice (which certainly still works) is to add such a line at the end of the file /etc/sudoers. It is best to do so usingthe visudo program, which is careful about making sure you use the right syntax in your edit.You probably also need to set proper permissions on the file by typing: sudo chmod 440 /etc/sudoers.d/student(Note some Linux distributions may require 400 instead of 440 for the permissions.)1

2CHAPTER 1. INTRODUCTIONAfter you have done these steps, exit the root shell by typing exit and then try to do sudo ls again.There are many other ways an administrator can configure sudo, including specifying only certain permissions for certainusers, limiting searched paths etc. The /etc/sudoers file is very well self-documented.However, there is one more setting we highly recommend you do, even if your system already has sudo configured. Mostdistributions establish a different path for finding executables for normal users as compared to root users. In particular thedirectories /sbin and /usr/sbin are not searched, since sudo inherits the PATH of the user, not the full root user.Thus, in this course we would have to be constantly reminding you of the full path to many system administration utilities;any enhancement to security is probably not worth the extra typing and figuring out which directories these programs are in.Consequently, we suggest you add the following line to the .bashrc file in your home directory:PATH PATH:/usr/sbin:/sbinIf you log out and then log in again (you don’t have to reboot) this will be fully effective.V 2020-04-20 Copyright the Linux Foundation 2020. All rights reserved.

Chapter 2Basics of Kubernetes2.1LabsExercise 2.1: View Online ResourcesVisit kubernetes.ioWith such a fast changing project, it is important to keep track of updates. The main place to find documentation of thecurrent version is https://kubernetes.io/.1. Open a browser and visit the https://kubernetes.io/ website.2. In the upper right hand corner, use the drop down to view the versions available. It will say something like v1.12.3. Select the top level link for Documentation. The links on the left of the page can be helpful in navigation.4. As time permits navigate around other sub-pages such as SETUP, CONCEPTS, and TASKS to become familiar with thelayout.Track Kubernetes IssuesThere are hundreds, perhaps thousands, working on Kubernetes every day. With that many people working in parallelthere are good resources to see if others are experiencing a similar outage. Both the source code as well as featureand issue tracking are currently on github.com.1. To view the main page use your browser to visit https://github.com/kubernetes/kubernetes/2. Click on various sub-directories and view the basic information available.3. Update your URL to point to https://github.com/kubernetes/kubernetes/issues. You should see a series ofissues, feature requests, and support communication.4. In the search box you probably see some existing text like isissue is:open: which allows you to filter on the kind ofinformation you would like to see. Append the search string to read: isissue is:open label:kind/bug: then press enter.3

4CHAPTER 2. BASICS OF KUBERNETES5. You should now see bugs in descending date order. Across the top of the issues a menu area allows you to view entriesby author, labels, projects, milestones, and assignee as well. Take a moment to view the various other selection criteria.6. Some times you may want to exclude a kind of output. Update the URL again, but precede the label with a minus sign,like: isissue is:open -label:kind/bug:. Now you see everything except bug reports.V 2020-04-20 Copyright the Linux Foundation 2020. All rights reserved.

Chapter 3Installation and Configuration3.1LabsExercise 3.1: Install KubernetesOverviewThere are several Kubernetes installation tools provided by various vendors. In this lab we will learn to use kubeadm. As acommunity-supported independent tool, it is planned to become the primary manner to build a Kubernetes cluster.Platforms: GCP, AWS, VirtualBox, etcThe labs were written using Ubuntu instances running on Google Cloud Platform (GCP). They have been written tobe vendor-agnostic so could run on AWS, local hardware, or inside of virtualization to give you the most flexibility andoptions. Each platform will have different access methods and considerations. As of v1.18.1 the minimum (as in barelyworks) size for VirtualBox is 3vCPU/4G memory/5G minimal OS for master and 1vCPU/2G memory/5G minimal OSfor worker node.If using your own equipment you will have to disable swap on every node. There may be other requirements which will beshown as warnings or errors when using the kubeadm command. While most commands are run as a regular user, there aresome which require root privilege. Please configure sudo access as shown in a previous lab. You If you are accessing thenodes remotely, such as with GCP or AWS, you will need to use an SSH client such as a local terminal or PuTTY if not usingLinux or a Mac. You can download PuTTY from www.putty.org. You would also require a .pem or .ppk file to access thenodes. Each cloud provider will have a process to download or create this file. If attending in-person instructor led training thefile will be made available during class.Very ImportantPlease disable any firewalls while learning Kubernetes. While there is a list of required ports for communication betweencomponents, the list may not be as complete as necessary. If using GCP you can add a rule to the project which allows5

6CHAPTER 3. INSTALLATION AND CONFIGURATIONall traffic to all ports. Should you be using VirtualBox be aware that inter-VM networking will need to be setto promiscuous mode.In the following exercise we will install Kubernetes on a single node then grow the cluster, adding more compute resources.Both nodes used are the same size, providing 2 vCPUs and 7.5G of memory. Smaller nodes could be used, but would runslower, and may have strange errors.YAML files and White SpaceVarious exercises will use YAML files, which are included in the text. You are encouraged to write the files whenpossible, as the syntax of YAML has white space indentation requirements that are important to learn. An importantnote, do not use tabs in your YAML files, white space only. Indentation matters.If using a PDF the use of copy and paste often does not paste the single quote correctly. It pastes as a back-quote instead.You will need to modify it by hand. The files have also been made available as a compressed tar file. You can view theresources by navigating to this To login use user: LFtraining and a password of: Penguin2014Once you find the name and link of the current file, which will change as the course updates, use wget to download the fileinto your node from the command line then expand it like this: wget 258 V2020-04-20 SOLUTIONS.tar.bz2 \--user LFtraining --password Penguin2014 tar -xvf LFS258 V2020-04-20 SOLUTIONS.tar.bz2(Note: depending on your PDF viewer, if you are cutting and pasting the above instructions, the underscores may disappearand be replaced by spaces, so you may have to edit the command line by hand!)BionicWhile Ubuntu 18 bionic has become the typical version to deploy, the Kubernetes repository does not yet havematching binaries at the time of this writing. The xenial binaries can be used until an update is provided.Install KubernetesLog into your nodes. If attending in-person instructor led training the node IP addresses will be provided by theinstructor. You will need to use a .pem or .ppk key for access, depending on if you are using ssh from a terminal orPuTTY. The instructor will provide this to you.1. Open a terminal session on your first node. For example, connect via PuTTY or SSH session to the first GCP node. Theuser name may be different than the one shown, student. The IP used in the example will be different than the one youwill use.[[email protected] ] ssh -i LFS458.pem [email protected] authenticity of hostECDSA key fingerprint isECDSA key fingerprint isAre you sure you want toV 2020-04-20'54.214.214.156 (35.226.100.87)' can't be established.SHA256:IPvznbkx93/Wc 2:d3:95:08:08:4a:74:1b:f

Basics of Kubernetes 2.1 Labs Exercise 2.1: View Online Resources Visit kubernetes.io With such a fast changing project, it is important to keep track of updates. The main place to find documentation of the current version is https://kubernetes.io/. 1.Open a browser and visit the https://kubernetes.io/ website.