K8s - Hetzner
Page content
Source
https://www.youtube.com/watch?v=dEAtD9PVr_Q
get Host
Build a VM on Hetzner, Ubuntu 22.04
Patch
Patch the Box
apt-get update
apt-get --fix-broken install
apt-get -y upgrade
apt-get install lynx uptimed
Kurl Small
give a try with kurl. the Open Source Kubernetes Installer ;)
time curl https://kurl.sh/ccedeec |bash |tee -a install.md
real 4m5.149s
user 1m26.425s
sys 0m22.249s
Kurl Full
same as small, but with most options enabled
curl https://kurl.sh/13609c3 | sudo bash
Ressource Warning
got a warning as i took a bit a small VM (CX21). Just ignore it.
[WARN] Number of CPUs: At least 4 CPU cores are recommended
[WARN] Amount of Memory: At least 8G of memory is recommended
Profile
add a nice alias and source the profile again
cat << EOF >> /etc/profile
# aliases
alias k='kubectl'
EOF
source /etc/profile
MetallLB 0.13.10
give a try to MetalLB
Apply Manifest
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml
Add IP Pool
cat << EOF > metallb.yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: first-pool
namespace: metallb-system
spec:
addresses:
- 172.16.16.240-172.16.16.250
EOF
Create Pool
k create -f metallb.yaml
show pods
k -n metallb-system get pod
root@k8s02:~/metallb# k -n metallb-system get pod
NAME READY STATUS RESTARTS AGE
pod/controller-595f88d88f-skgdw 1/1 Running 0 49s
pod/speaker-jj4ct 1/1 Running 0 48s
pod/speaker-zth2x 1/1 Running 0 48s
show status
k -n metallb-system get all
root@k8s02:~/metallb# k -n metallb-system get all
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/webhook-service ClusterIP 10.96.0.94 <none> 443/TCP 49s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/speaker 2 2 2 2 2 kubernetes.io/os=linux 49s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/controller 1/1 1 1 49s
NAME DESIRED CURRENT READY AGE
replicaset.apps/controller-595f88d88f 1 1 1 49s
Deploy Nginx
deploy a little App to the the Loadbalancer
k create deploy nginx --image nginx
root@k8s02:~/metallb# k create deploy nginx --image nginx
deployment.apps/nginx created
Expose Service
k expose deploy nginx --port 80 --type LoadBalancer
root@k8s02:~/metallb# k expose deploy nginx --port 80 --type LoadBalancer
service/nginx exposed
Confirm Service
k get svc
root@k8s02:~/metallb# k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 12m
nginx LoadBalancer 10.96.1.185 172.16.16.240 80:21136/TCP 9s
Get Pods
k get pods
root@k8s02:~/metallb# k get pods
NAME READY STATUS RESTARTS AGE
nginx-77b4fdf86c-5rld9 1/1 Running 0 55s
Connect with Lynx
lynx 172.16.16.240
-> ok
remove nginx
k delete svc nginx
k delete deploy nginx
Show Namespace
k get ns
root@k8s02:~/metallb# k get ns
NAME STATUS AGE
default Active 22m
kube-flannel Active 21m
kube-node-lease Active 22m
kube-public Active 22m
kube-system Active 22m
kurl Active 22m
metallb-system Active 11m
minio Active 21m
openebs Active 21m
Install Helm
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
add repo
helm repo add bitnami https://charts.bitnami.com/bitnami
helm search repo bitnami
root@k8s02:~/metallb# helm search repo bitnami
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /etc/kubernetes/admin.conf
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/airflow 14.2.5 2.6.1 Apache Airflow is a tool to express and execute...
bitnami/apache 9.6.3 2.4.57 Apache HTTP Server is an open-source HTTP serve...
bitnami/apisix 1.0.1 3.3.0 Apache APISIX is high-performance, real-time AP...
bitnami/appsmith 0.3.7 1.9.21 Appsmith is an open source platform for buildin...
bitnami/argo-cd 4.7.6 2.7.4 Argo CD is a continuous delivery tool for Kuber...
add helm repo
helm repo add traefik https://helm.traefik.io/traefik
helm repo update
helm repo list
search for traefik
helm search repo traefik
root@k8s02:~/metallb# helm search repo traefik
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /etc/kubernetes/admin.conf
NAME CHART VERSION APP VERSION DESCRIPTION
traefik/traefik 23.1.0 v2.10.1 A Traefik based Kubernetes ingress controller
traefik/traefik-mesh 4.1.1 v1.4.8 Traefik Mesh - Simpler Service Mesh
traefik/traefikee 1.13.0 v2.10.1 Traefik Enterprise is a unified cloud-native ne...
traefik/hub-agent 1.6.0 v1.4.2 Traefik Hub is an all-in-one global networking ...
traefik/maesh 2.1.2 v1.3.2 Maesh - Simpler Service Mesh
retreive full config
helm show values traefik/traefik > /tmp/traefik-values.yaml
Update Persistence
-> set to: True
vim /tmp/traefik-values.yaml
persistence:
# -- Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
# It can be used to store TLS certificates, see `storage` in certResolvers
enabled: true
Deploy Traefik
helm install traefik traefik/traefik --values /tmp/traefik-values.yaml -n traefik --create-namespace
root@k8s02:~/metallb# helm install traefik traefik/traefik --values /tmp/traefik-values.yaml -n traefik --create-namespace
NAME: traefik
LAST DEPLOYED: Sat Jun 10 15:43:55 2023
NAMESPACE: traefik
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Traefik Proxy v2.10.1 has been deployed successfully on traefik namespace !
🚨 When enabling persistence for certificates, permissions on acme.json can be
lost when Traefik restarts. You can ensure correct permissions with an
initContainer. See https://github.com/traefik/traefik-helm-chart/issues/396 for
more info. 🚨
list Traefik
helm list -n traefik
root@k8s02:~/metallb# helm list -n traefik
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
traefik traefik 1 2023-06-10 15:43:55.161061009 +0000 UTC deployed traefik-23.1.0 v2.10.1
get all on Namespace traefik
k -n traefik get all
root@k8s02:~/metallb# k -n traefik get all
NAME READY STATUS RESTARTS AGE
pod/traefik-795f46ffb5-nqzc8 1/1 Running 0 69s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/traefik LoadBalancer 10.96.2.139 172.16.16.240 80:50914/TCP,443:34670/TCP 70s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/traefik 1/1 1 1 69s
NAME DESIRED CURRENT READY AGE
replicaset.apps/traefik-795f46ffb5 1 1 1 69s
Forward Port on Localhost
k -n traefik port-forward traefik-795f46ffb5-nqzc8 9000:9000
root@k8s02:~/metallb# k -n traefik port-forward traefik-795f46ffb5-nqzc8 9000:9000
Forwarding from 127.0.0.1:9000 -> 9000
Forwarding from [::1]:9000 -> 9000
2nd Terminal
lynx 127.0.0.1:9000/dashboard/
-> ok
Forward Port on Public IP
k -n traefik port-forward --address 116.xxx.xxx.xx traefik-795f46ffb5-nqzc8 9000:9000
root@k8s02:~/metallb# k -n traefik port-forward --address 116.xxx.xxx.xx traefik-795f46ffb5-nqzc8 9000:9000
Forwarding from 116.xxx.xxx.33:9000 -> 9000
Access Traefik Dashboard
http://116.xxx.xxx.33:9000/dashboard/#/
-> ok
Cleanup
show all pod
kubectl get pods --all-namespaces
show all namespaces
kubectl get deployments -n <namespace-name>
delete a namespace
kubectl delete namespace <namespace-name>
delete all deployments
kubectl delete deployment --all
Any Comments ?
sha256: 9c35a7ed52c22a1336f10e081a9302564fe8d0cd3c66cd8e88d728c9909fd838