Container Orchestrator Kubernetes

Main components

1. Kubernetes
2. kubectl
3. minikube
4. microk8s

Kubernetes: The orchestrator

kubectl: The orchestator cli

minikube: Allow to have a local cluster with a single node (used to test kubernetes locally)

microk8s: Allows to define a multicluster kubernetes node on linux ubuntu running on both bare metal, VM or on windows WSL2

First check

kubectl version
kubectl --help


minikube version
minikube --help

The basic commands to monitor your cluster -official-

# Get resources info
kubectl get deployments
kubectl get nodes
kubectl get services
kubectl get pods

kubectl get storageclass

# Delete resources
kubectl delete --all storageclass
kubectl delete --all services
kubectl delete --all pods
kubectl delete --all deployments
kubectl delete --all nodes

# Delete a resource
kubectl delete service <service-name> 

# Watch the service status
kubectl get service --watch

kubectl get service qrcode-backend-service --watch

How to create a namespace

kubectl create namespace genocs

How to run a deployment

kubectl apply -f azure-vote.yaml

How to run single image (will be removed)

kubectl run kuberneteters-boocamp --image=gcr.io/google-samples/kuberneters-bootcamp:v1 --port=8080
kubectl run genocs-qrcode --image=genocs/qrcode:latest --port=8083

Setup microk8s on ubuntu

The following procedure can be used both on bare metal VM or WSL2

The procedure has been validated on Ubuntu 20.04

Check snap

snap list
snap refresh microk8s -edge

kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:kubeconfig-sa
$TOKENNAME=`kubectl -n kube-system get serviceaccount/kubeconfig-sa -o jsonpath='{.secrets[0].name}'`
kubectl -n kube-system get secret $TOKENNAME -o jsonpath='{.data.token}'

How to get the token

token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
microk8s kubectl -n kube-system describe secret $token

How to check the list of services and forward the post to allow access to the dashboard from windows host

microk8s kubectl get services -A
microk8s kubectl -n kube-system port-forward --address 0.0.0.0 service/kubernetes-dashboard 5000:443
redis-server-7db4b86f-frmnl
kubectl port-forward genocs-solomon-frontend-68bd5f656c-7xxzr 5002:5002

How to run dashboard

1. Install the dashboard plugin
2. Get the daskboard login token
3. Run the daskboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
kubectl -n kube-system describe secret token
kubectl proxy

To run the dashboard

minikube dashboard (--url)

The dashboard URL

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/(. | #/login)

Wsl2 ip address from the windows host

wsl hostname -I

microk8s

microk8s status
microk8s kubectl get all --all-namespaces
microk8s kubectl apply -f qrcode.yaml

Check the list of services and forward the post to allow access to the dashboard from windows host

microk8s kubectl get services -A
microk8s kubectl -n kube-system port-forward --address 0.0.0.0 service/kubernetes-dashboard 5000:443
kubectl port-forward 'service name' 5002:5002

AKS Azure Kubernetes Services

AWS Kubernetes - Daskboard

Setup your subscription

This section show how to setup the infrastructure to secure the configuration with an Azure User Managed Identity.

Azure Key Vault and Pod Identity

This configuration allow you to secure the Azure Resource Accces usign the ADD. In this way it is possible to provide access to resources like

• Azure Key Vault
• Azure blob Storage

without sharing sensitive information and on the same time managing the access rights by AAD (Azure Active Directory)

Running following steps on your subscription only once

# Register the Pod identity Preview Feature
az feature register --name EnablePodIdentityPreview --namespace Microsoft.ContainerService

# Install the aks-preview extension
az extension add --name aks-preview

# Update the extension to be sure have the latest version installed
az extension update --name aks-preview

# Check whether the Managed Pod Identity is registered  
az feature show --name EnablePodIdentityPreview --namespace Microsoft.ContainerService -o table

# Register the Microsoft Pod Identity
az provider register --namespace Microsoft.ContainerService

Setup your cluster Step-ByStep

Follow the steps below to setup your cluster in an hand made fashion.

# Login to Azure
az login


# Login to the Azure Container registry 
az acr login --name "genoc-acr"


# Install the azure AKS CLI
# should be installed by default
az aks install-cli


# Create the resource-group
az group create --name "rg-genocs-aks" --location "West Europe"


# Create the Kubernates cluster with binding to ACR (Azure Container Registry)
az aks create -n "genocs-aks" -g "rg-genocs-aks" --location "West Europe" \
--node-count 1 --node-vm-size Standard_DS2_v2 --generate-ssh-keys \
--network-plugin azure \
--enable-managed-identity --enable-pod-identity \
--enable-addons monitoring \
--attach-acr "genoc-acr" 


# Get AKS credentials (needed to connect to AKS)
az aks get-credentials -n "genocs-aks" -g "rg-genocs-aks"


# List the resources
az acr list --resource-group "rg-genocs-aks" --query "[].{acrLoginServer:loginServer}" --output table


# Delete the AKS cluster (to save your money)
az aks delete -n "genocs-aks" -g "rg-genocs-aks" --yes

---

# Enable the Azure Pod Identity feature on your cluster
# not required if you have use the command shown above
az aks update -g "rg-genocs-aks-dev" -n "genocs-aks-dev" --enable-pod-identity

# Bind the Pod Identity to the cluster  
az aks pod-identity add --resource-group "rg-genocs-aks-dev" \
--cluster-name "genocs-aks-dev" --namespace default \
--name csi-to-key-vault \
--identity-resource-id /subscriptions/f20b0dac-53ce-44d4-a673-eb1fd36ee03b/resourceGroups/RG-Genocs/providers/Microsoft.ManagedIdentity/userAssignedIdentities/aad-aks-id

# Check the Binding  
kubectl get azureidentity