- Install Docker for Mac
- https://store.docker.com/editions/community/docker-ce-desktop-mac
- once installed enable kubernetes from preferences and select kubernetes as the default orchestrator
- on the advanced section, increase your cpu and memory to about 2 CPU and 2gb of RAM, for now.
echo "source <(kubectl completion zsh)" >> ~/.zshrc
This will allow you to visit localhost, simply, and it will route based on services:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-0.32.0/deploy/static/provider/cloud/deploy.yaml
Verify this is working with kubectl get pods -n ingress-nginx
Locally, docker login is probabably sufficient. You can also create a secret via yaml:
cat <<EOF | kubectl apply -f -
---
apiVersion: v1
kind: Secret
metadata:
name: regcred
data:
.dockerconfigjson: $(echo "{\"auths\": {\"https://index.docker.io/v1/\": {\"auth\": \"$(echo "janedoe:xxxxxxxxxxx" | base64)\"}}}" | base64)
type: kubernetes.io/dockerconfigjson
EOF
Or manually via:
kubectl create secret docker-registry regcred \
--docker-server=https://index.docker.io/v1/ \
--docker-username=janedoe \
--docker-password=xxxxxxxxxxx \
[email protected]
Modify the deployment of the repository you're working on to allow live reloading of your code (volumeMounts), then apply the services you need access to.
Helpful commands:
docker help
docker images
docker ps
docker build -t <organization/repo:tag> .
docker run --rm <organization/repo:tag>
docker push <organization/repo:tag>
docker commit <container id> <organization/repo:tag>
kubectl help
kubectl get nodes
kubectl drain <node name>
kubectl delete node <node name>
kubectl get deployments
kubectl edit deploy <deployment name>
kubectl scale deploy <deployment name> --replicas=0
kubectl rollout restart StatefulSet/foo
kubectl rollout restart Deployment/bar
kubectl get pods
kubectl describe pod <pod name>
kubectl attach -it <pod name>
kubectl exec -it <pod name> -- /bin/bash
kubectl exec -it <pod name> -c <sub-name> -- printenv # good for if you want to get into a debug container
kubectl run <pod name>
kubectl logs -f <pod name>
kubectl delete pod <pod name>
kubectl get services
kubectl get ingress
kubectl get ds
kubectl get secrets
kubectl get configmaps
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: busybox-sleep
spec:
containers:
- name: busybox
image: busybox
args:
- sleep
- "1000000"
EOF
Once you've verified and viewed all your pods from the Dashboard, run some scripts for the various repos:
kubectl get pods | grep my_app
Take note of that pod name, something like my_app-6cd98d5778-ql9xf
kubectl exec <pod name> bundle exec rake db:reset
https://github.com/kubernetes/dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
kubectl create serviceaccount dashboard-admin-sa
kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa
kubectl get secrets
kubectl describe secret dashboard-admin-sa-token-#####
kubectl proxy
Visit the Dashboard, and authenticate with the token from above:
https://github.com/kubernetes-incubator/metrics-server
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
As of 2019-11, a local cluster needs a bit of a security hole. Follow along here
Add the following arguments to the metrics-server container via kubectl edit deploy -n kube-system metrics-server
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
https://docs.fluxcd.io/en/stable/tutorials/get-started-kustomize.html https://github.com/fluxcd/flux/blob/master/docs/references/fluxctl.md
Flux is a gitops solution to CD.
Modify the file below before copying and pasting:
brew install fluxctl
cat <<EOF | kubectl apply -f -
---
namespace: flux
bases:
- github.com/fluxcd/flux/deploy
patchesStrategicMerge:
- patch.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: flux
spec:
template:
spec:
containers:
- name: flux
args:
- --manifest-generation=true # USED FOR KUSTOMIZE
- --memcached-hostname=memcached.flux
- --memcached-service=
- --ssh-keygen-dir=/var/fluxd/keygen
- --git-branch=master
- --git-user=Flux automation
- [email protected]
- [email protected]:dudo/k8s_colors # YOUR CLUSTER
- --sync-garbage-collection=true
- --git-poll-interval=30s
- --registry-poll-interval=30s
EOF
export FLUX_FORWARD_NAMESPACE=flux
fluxctl identity
fluxctl sync
fluxctl list-workloads
fluxctl list-images
Manage workloads - https://docs.fluxcd.io/en/1.20.2/references/fluxctl/#workloads
https://linkerd.io/2/getting-started/
Linkerd is a service mesh. TLDR - The service mesh gives you features that are critical for running modern server-side software in a way that’s uniform across your stack and decoupled from application code.
brew install linkerd
linkerd check --pre
linkerd install | kubectl apply -f -
linkerd check
linkerd dashboard &
- https://docs.docker.com/docker-for-mac/
- https://kubernetes.io/docs/reference/kubectl/docker-cli-to-kubectl/
- https://kubernetes.io/docs/reference/kubectl/overview/
- https://kubernetes.io/docs/concepts/services-networking/ingress/
- https://kubernetes.github.io/ingress-nginx/deploy/
- https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status
- https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/